Understanding Risk Culture

Attitude is everything when it comes to managing risk effectively. “If a company doesn’t have a positive culture you can have as many rules as you like, but in that moment of truth when people are under pressure, they will tend to do the wrong things,” says John Shelley, Chief Risk Officer at RBS Asia Pacific.

Creating the right mindset in a global business is a difficult undertaking. The emissions testing scandal in the automotive industry and the discovery of slave labour in the supply chain of food companies reinforce why serious attention has to be paid to risk.

Rules and regulations, combined with integrity around remuneration and bonuses, will provide a framework for making good decisions, but senior executive and non-executive directors need to understand that governance won’t be enough.

“Risk needs to be a responsibility of everyone in the organisation and the board needs to test that there is a strategy and direction in place, monitoring and reporting against key measures and indicators, and a culture of awareness and ownership,” says Lucy Dimes, Non-executive Director at European textile service business Berendsen and former COO of Equiniti.

Charlie Wagstaff, Managing Director at Criticaleye, says: “To manage risk across a global organisation there must be an operational framework that is consistent with the organisation’s values. This needs to be wide-ranging and sensitive to all situations encountered.

“Transparency and openness are also key, so that any outcome is readily apparent. There should be no opportunity to hide or conceal anything.”

Criticaleye looks at the questions boards should ask in order to assess their company’s risk culture:

What do customers think about our company? 

Customers can give you an entirely different perspective from those within the business. Jim Meredith, Chairman at hazardous waste management company Augean, says they can “tell you whether management… understand and deal with them appropriately”.

Realistically, not all non-executives will have the time to interact with customers, so Jim promotes the idea of having a “mini customer conference” during which NEDs and others can hear their candid feedback.

Do we have a whistleblowing system? Is it effective? 

Employees must be able to raise concerns without fear of losing their job or damaging their career.

Andrew Heath, CEO of Alent a global supplier of surface treatment plating chemicals and electronics assembly materials and Independent Non-executive Director at Imagination Technologies Group, comments: “We look at the whistleblower statistics at every board meeting at Alent. I report on it because the only way you can get the right culture is by people telling you the truth, otherwise you live in a bit of a bubble.”

It’s a case of the board asking simple, direct questions. “Is there a whistleblowing line?” asks Lucy. “Is it anonymous? Does it allow employees to flag concerns and risks against a clearly communicated set of values and tolerances? Is speaking up valued or discouraged?”

Andrew agrees: “You’ve got to have various channels, such as employee helplines and whistleblower facilities whereby people can independently flag things without going through the chain of command.

“People have a duty to flag concerns, especially when it comes to reputational risks such as things to do with ethics, bribery, corruption and bullying.”

Where have we had near misses? 

Consider those close shaves and what they say about your organisation.

John from RBS comments: “We have a system of notifying senior management about things that nearly went wrong. Think about the airlines reporting near misses and then put that into the context of your company… Getting information about them is more valuable than going on a witch hunt to see who almost messed up.

“We want to know if our process, or something we did or didn’t do, almost resulted in an error. When these things happen we need them to be reported so we can learn from them.”

For David Gooding, Group IT Director at waste management company Biffa, health and safety is critical. “The waste industry, after agriculture, is the most dangerous industry to work in. So, this has been a primary focus for us,” he explains.

This kind of reporting has been an important part of Biffa’s process for a while but is something they have recently pushed further. “In the last four years we’ve had a double digit decrease in our incident frequency – we’ve done that by really pushing the reporting of potential hazards and near misses,” he adds.

What tone does the board set?

Respect for risk management has to start in the boardroom. Andrew Allner, Chairman at the Go-Ahead Group, says: “That is where the tone and culture are set. If the board takes risk seriously then the organisation will naturally follow that lead.”

Samantha Barber, Non-executive Director at Spanish utility company Iberdrola, agrees: “A strong risk culture also requires trust, transparency and challenge within the boardroom between executive and non-executive directors.

“Effectively managing risk is far more about culture and leadership, than it is about filling in a matrix.”

According to Deepika Bal, Managing Director and Head of Risk Architecture for Asia Pacific at Citibank: “The foundational elements of a strong risk culture include, among others, a common purpose and mission, clear goal-setting, fair and transparent rewards mechanisms, ethics policies and whistleblower protection.

“Most importantly, there has to be a culture of learning and self-improvement. Most large companies do have many of these elements in place. However, boards should focus on the efficacy of these measures in embedding a strong risk culture. Beyond these policies and controls, boards are in a unique position to set the tone at the top.”

 

By Dawn Murden, Editor, Advisory

Do you agree with the questions posed above? Would you ask something different? If you have an opinion you’d like to share, please email Dawn at: dawn@criticaleye.com

Find out more about how to embed a positive risk culture across an organisation at our Hong Kong-based Discussion Group, with John Shelley, Chief Risk Officer at RBS Asia Pacific. 

https://twitter.com/criticaleyeuk

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s