Organisational cultures that are highly sales and profit oriented tend to see risk management as friction than as an enabler. This results in risk management practitioners having to spend more efforts in shifting the mindset of the employees before they can start embedding risk management practices and driving risk maturity. This is the hardest part about being a Risk Manager that no one will teach you at school.
There is a lot of effort that goes into change management and helping the organisation see the value of risk management. Instead of re-inventing the wheel by changing the organisational culture, it is more beneficial to align the risk management culture to the organisational culture. In my experience, I have noticed that most friction occurs when the Risk Managers ‘force’ the organisation to see risk management their way instead of applying risk management the organisation’s way. Take it as someone trying to instruct you but speaking in a language that you don’t understand.
Similarly, it is more value adding to cascade the risk management programme the organisation’s way by basically ‘dancing to their tune.’ If you don’t do it their way, they just won’t listen and therefore fail to grasp the concept of risk management. This article looks at some of the ways to create a risk-fit organisational culture.
Tailor made risk solutions:
While the risk management theory is the same, practising risk management will vary across different organisations. Risk management programmes or solutions should be tailor-made for the specific organisation. This means as a Risk Manager, you need to understand the organisation very well, its beliefs and values and how they do things. The risk management culture must suit the organisational culture and needs. If the organisational demographics comprise mostly youth, it means they like fun things and are all about energy. This means as you structure your risk management rollout plan, it has to incite fun and not appear as boring. A good way could be to work closely with the marketing team to come up with very fun and creative ways to make risk management more relevant to the organisation.
On the other hand, for an organisational culture that is more formal, you cannot win by driving a risk in a fun way; you will need to be more formal in the approach if you want them pay attention. So it is very important to consider the work environment you operate in as you cascade the risk management programme. Tailor -risk management delivery also differs per department within the organisation. If you support different portfolios within the organisation, you may notice how your approach with one department differs from the others due to the different team dynamics that prevail. More often you will find that different departments are at different levels of risk maturity even though they all fall within the same organisation. It is therefore crucial to have a tailor-made risk management approach for each of the departments that you interact with.
Align risk objectives to corporate strategy:
For the risk management culture to be effectively embedded, it is important to consider whether the risk management approach is aligned to the strategic objectives of the organisation. All departments in the business conform to the organisational strategy. As such, if you want to drive the right risk management culture, the risk management objectives have to be in sync with the organisational strategic objectives. If the current organisational strategy is heavy on cost saving, the risk management strategy must also emphasise on cost reduction and managing operational losses. There is likely to be buy-in with this kind of approach. This means it might not be the right time to introduce controls that are capital intensive.
To win the business, risk management must be seen to be an enabler and not just a cost centre. If the organisation’s strategic focus is on automation, it is an opportunity to drive deployment of automated risk management controls which are often very costly. Since the organisation will be driving towards automated capabilities, you are likely to experience friction with budget approvals for technological risk-based solutions as this will be aligned to the overall organisational strategy.
Keep risk management simple:
When you cascade the risk management programme, simplicity is very key. I remember that when I made a presentation to senior management sometime this year where during one of the breakaway sessions, one of the participants said, “I’ve never had risk management presented in a very simplified manner that I can actually understand.” I was almost shocked as this is a person that I thought should know more than I did about risk management, given their title and experience. That was when I realised that we should not make assumptions about risk management culture in organisations. It is important to take everyone step by step on the risk management journey. If the risk maturity is still at an infancy stage, cascade it in a simple manner and introduce more complex components once there is full alignment.
In conclusion, it is worth noting that creating a risk fit organisational culture is more about aligning the risk culture to the organisational culture. This can be achieved by tailor-making the risk management programme for the organisation or the different departments within the organisation, as well as through aligning risk objectives to the corporate strategy. It can be also achieved by simplifying risk management concepts and not assuming that people understand it.
Finally, I’m excited to announce that I have a new risk management segment on GabzFM which airs on Thursdays fortnightly at 8pm called #MoriskiByNature. I also have the opportunity to present as an expert speaker at the upcoming 10th Annual Institute of Internal Auditors Botswana Conference. I hope to see you there.
For Risk Advisory and related offerings: moriskibynature@gmail.com
