How do you create a risk-conscious culture?
Risk management is a major aspect of compliance programs in companies. However, creating policies only goes so far if employees don’t understand the critical risks in their organisation and why they need to avoid them. Even then, you're only halfway to becoming a true risk-conscious business because some risks are worth taking. How else does a business innovate?
Risk management has shot to prominence since the global financial crisis and because of the nefarious activities of cybercriminals. Most major organisations now have dedicated risk departments, with the risk management function represented in the C-suite. For example, a Deloitte University Press survey into global risk management shows that more than 90 percent of financial firms have a CRO who reports to the board.
For a smaller business, it's not possible to have an entire department working on risk. This only makes it all the more vital to create a "risk-conscious culture", where all employees are involved in managing and mitigating risk, and in helping to decide where some risk is worthwhile.
To build such a culture, consider these three steps.
Why is it so important to be conscious of risk? Simply put, poor risk management can destroy your business. And that can mean being too risky OR being too conservative.
For any organisation, health and safety and regulatory compliance are two obvious areas that first come to mind. However, the Australian findings of a 2017 survey into global risk management reveal that risk is everywhere. Cybersecurity and data loss, staff and contractors, suppliers, natural disasters, contamination, forex and interest rate volatility, market shifts, new competition and operational errors are all examples of the kinds of issues that represent significant risk.
Start by identifying the specific risks facing your business, as well as their probability and likely severity. Some risks may be within your control – and even worth taking – and others beyond it. Consult a risk management guide for small and medium businesses, establish what your risks are and devise a strategy to deal with each one based on best practice.
How do your employees currently approach risk? Are they aware of what your company's key risks are? How do you currently monitor and manage risks? To determine this, consider conducting a company-wide survey, across all divisions. Also, ask staff what other risks they may perceive.
There's a big difference in being risk aware and risk averse. Too much risk aversion may hinder innovation and progress. You want employees to be confident about coming up with new ideas and helping grow your business. This means educating them about judicious risk, and how they can assess the risks involved in a new project, for example, to decide whether it is worth pursuing.
Risk management is not a one-off training session. Integrating risk awareness into your culture needs to be a continuous and holistic process. Risks may change over time. All employees need to understand your major risks and know how and why they should avoid or mitigate certain threats – without becoming paralysed by inaction. They need to embrace this mission as part of their job responsibilities. To do this, you may need to tailor training programs to different departments.
It's important to find the right channels to communicate with staff. Top-down communication is critical because culture is set from the top. Consistency throughout your organisation is also very important. Risks need to be universally understood.
Risk is a part of life for any business, large or small. Preparing a smart risk management strategy requires time and resources, but not doing so could jeopardise your entire organisation. To properly manage risk, employees need to embrace it as part of their job responsibilities, not be frightened into timidity. It must also become part of your culture.
You need to gauge how much risk you’re prepared to take on against how much control you want to put in place. The art of risk management is finding the balance between being risk-aware and risk-averse – not weighing your organisation down in a mire of conservatism and inertia.
How do you create a risk-conscious culture?
Form submitted successfully
Is Australia ready to embrace the Internet of Things (IoT) revolution? Download our white paper summarising key findings and opportunities in the food industry.