Michael D. Moberly December 21, 2011
A first, and a very important step toward developing a ’risk intelligent company culture’ is recognizing that risk is not solely an external phenomena, i.e., all risk does not emanate from outside a company.
A second, and equally important step in developing a risk intelligent company culture comes from recognizing that company value can be favorably affected by integrating certain aspects of risk management with human resource management. The rationale for doing this lie’s in the reality that a significant percentage of (company) risk evolves from – is embedded in various employee behaviors and actions, including management teams and boards.
In other words, according to Deloitte’s, The People Side Of Risk Intelligence: Aligning Talent And Risk Management, risk touches virtually every aspect of employee (HR) management, and employees touch virtually every aspect of risk management.
A risk intelligent company, Deloitte’s report points out, executes at the point in which there is convergence of…
1. Risk Governance – how a company treats (identifies, assesses) risk and assumes responsibility for risk oversight and strategic decision making in a dynamic and global risk environment.
2. Risk Infrastructure Management – how a company assumes responsibility for and understands how to design, implement, oversee, and sustain an effective risk management program.
3. Risk Ownership – how and when employees assume some degree of ownership (responsibility) for identifying, assessing, monitoring, reporting, and mitigating risk.
In light of the economic fact that U.S. businesses lose an estimated 7% of their annual revenue to various forms of occupational fraud, a risk intelligent workforce can be a valuable and useful intangible asset for any company. One does not have to look far to see the range of adverse (long term) consequences on companies when they rely on poorly designed or executed risk management policies, practices.
In a risk intelligent company (culture), management teams and boards assume a fiduciary obligation to…
- understand the adverse consequences of unattended risks
- how existing risk management policies are being interpreted and practiced internally by employees
A starting point for achieving a risk intelligent company culture is to critically assess unwritten (risk management) practices by posing the following questions:
- do all employees, including the management team and board, understand the companies risk management priorities, objectives, and the strategic reasons-rationales behind them?
- what (employee) behaviors are actually being rewarded with respect to identifying and mitigating risk
- are company (employee) incentives aligned with the company’s risk management priorities and objectives
Recognizing each question’s relevance insofar as how it can serve to influence and/or perpetuate a company environment of unmanaged risk taking is a necessary step to becoming more intelligent (and objective) about company risk. Too, it’s a prelude to creating a risk intelligent company culture wherein management teams, boards, and employees collectively assume responsibility for cultivating company-wide awareness about risks.
To do so fosters risk intelligent behaviors at all levels which begins by…
- adopting a common definition of risk that specifically reflects the nuances of company operations
- clearly defining the roles, responsibilities, and authority (for managing risk) coupled with relevant levels of (enterprise wide) transparency.
Lastly, and perhaps most importantly, it’s important to recognize two realities insofar as developing a ‘risk intelligent company culture’…
- any change in (company) culture generally precedes changes in employee behavior
- cultural and behavioral changes are less a product of formal risk policies, controls, and pronouncements, than they are the result of effective (employee) incentives and rewards.
(This post was inspired by a paper produced by Deloitte titled ‘The People Side Of Risk Intelligence: Aligning Talent And Risk Management and respectfully adapted by Michael D. Moberly)
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or email@example.com