First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / Is asking about risk culture the right question?

By | 2 Minutes Read

Is asking about risk culture the right question?

risk cultureEverybody is talking about assessing and addressing risk culture.
They talk as if risk culture (the beliefs and so on that drive risk-taking behavior) is not only a major factor in whether risks are at desired levels, but is consistent across the organization.
But, while culture is a major driver of behavior (of all types, not just risk-taking), it is most certainly not consistent.
Consider the executive team.
Do they have an identical attitude towards taking risk? Aren’t some more careful and cautious than others? Isn’t there often a healthy debate when it comes to the timing of product launches or expansions into new markets?
If you don’t have a consistent attitude towards taking risk among the few members of the executive team, how can you expect to have a consistent attitude among the population of employees and decision-makers?
I am not saying that attention should not be paid to culture. If there are conditions (such as severe penalties and repercussions for making a mistake) that can drive behavior in the wrong direction, it is important to understand and address them.
What I am saying is that we should ask a different question.

How can we be reasonably sure that decision-makers will take the desired level of the desired risks, the level of risk that the board and top management want taken to achieve objectives?

Follow that with asking who (individuals and teams) is more likely to take a different level of risk?
Now that we have identified the potential sources of poor risk-taking (and decision-making, by the way), we can start to think about what we are going to do about it.
Options might include expanding or shrinking how we empower certain employees to make decisions and take risks without approval.
Let me close with this.

Are you paying too much attention to risk culture in general and not enough to people who you (or top management) are not confident will make intelligent and informed decisions and take the wrong level of risk (which may either be too little or too much)?

I welcome your comments.

Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Latest posts by Norman D. Marks, CPA, CRMA (see all)

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Footer

About us

Established in 1995, First Reference provides organizations with practical and authoritative resources to help ensure compliance with constantly changing Canadian legislation and best practice

Main Menu

Stay Connected