IRM Issues Guidance on Risk Culture
15 Oct, 2012
The Institute of Risk Management (IRM) today issued two guidance documents on the highly topical subject of risk culture.
From BP to Barclays and from G4S to Kodak, the root cause of corporate meltdown is increasingly identified as problems with risk culture. We have more regulations, standards, codes and governance than ever before, but, while important, these are clearly not sufficient to ensure that the actual behaviour of individuals and teams is fully aligned with the organisation’s desired approach to risk. We can all identify from our own experience the different cultures – values, beliefs and knowledge – that exist in different organisations. This work has been looking at whether these different aspects of culture make it harder or easier to manage risk and also, if you’re not happy with the culture you’ve got, what you can do to change it.
An international group of IRM members has been leading a 9 month project to produce:
- A short guidance document aimed at boards who want to understand the issues surrounding risk culture within their organisation, and
- A detailed resource document for risk practitioners setting out the background research and some practical models, tools and techniques that can usefully be applied.
Alex Hindson (pictured), IRM Director and leader of the risk culture project commented, “Risk culture is the missing link in the successful implementation of Enterprise Risk Management – as well as having the rules, processes and policies in place we need to understand and influence people’s behaviour. We have identified certain key aspects of risk culture that all organisations need to understand and address as part of their risk management approach. For example, how does your organisation deal with bad news? Do your employees leave their ethics at home? What are the effects of your incentive and performance management structures? Have any of your processes become too complex to understand the risks? Do you set out to recruit thrill seekers? This very practical piece of work is not the last word on the subject but hopefully will be useful to risk professionals and policymakers considering the need for cultural change.”
John Harvie, Director of consultancy Protiviti, which supported IRM in the publication of the documents, said “The term risk culture is increasingly being discussed and debated among regulators, politicians and the media. The common questions they are asking are: why does it appear so hard to get risk culture right and what does it look like when we do? Protiviti is delighted to support this new piece of thought leadership from the IRM and looks forward to bringing solutions to this topic to the front of the business agenda.”
Steve Fowler, IRM Chief Executive, added “With its mixture of practising risk professionals and academic experts from around the world the IRM is uniquely placed to produce practical guidance of this nature. We are delighted that a large number of professional organisations from the UK and also from the Middle East and South Africa are endorsing this work and making it available to their members.”