The importance of culture in enterprise risk management has gained increased focus since the GFC. It has been further reinforced by recent scandals such as the rigging of the Libor rate by Barclays bank among others. What these events underline is that all of our risk models, plans, processes and frameworks, and even regulatory regimes, are only as good as the culture in which they are embedded. That said, whilst many CEOs and CFOs talk passionately about the risk management culture of their businesses, it means different things to different people and is notoriously hard to measure and manage.
Management of risk is a critical component in an organisation's ability to execute its strategy and drive value creation. It covers a broad spectrum, from the risk of a failed acquisition or strategic project, a poorly executed business plan through to fraud and operational risks. Reliably understanding how people in an organisation are likely to approach and respond to risk provides business management with three key advantages:
it provides the best indicator of the way in which the organisation is likely to react in the face of uncertainty, irrespective of whether that uncertainty presents an opportunity or a threat; it gives management guidance on how to improve the levels of stakeholder engagement around the amount of risk it is prepared to take in the execution of its strategy; and it provides management and potentially regulators as well, insight into where the culture itself presents vulnerabilities and distinct risks by identifying how different professional groups approach uncertainty in different ways. The need to adopt such a cultural perspective on risk is reinforced in many new governance principles which emphasise the need to promote ethical and responsible decision-making. The focus of these principles is not only on the behaviors of people but more importantly on the mindsets or worldviews which form the drivers of the culture.
Unfortunately many of the risk management tools available today are limited to a compliance focus. They help the organization quickly establish whether it has a framework and whether people know it exists, but the worldviews of stakeholders and key risk takers in the business remain a mystery. General organisational culture assessment tools have a place in highlighting points of alignment or incompatibility between individuals, however they are generic in nature and don't provide the detailed understanding of the worldviews driving risk behaviours. As a consequence, CEO's and their executive teams (including CFOs and CRO's) are often left with imprecise guesses and a lack of relevant data from which they can meaningfully design an intervention or program to address 'deficiencies' in their risk management cultures.
To better understand this problem and its implications we recently undertook research to identify the drivers of enterprise risk culture. The study involved a cross section of enterprise risk managers including strategic managers, actuaries, auditors, operational risk managers, line managers, entrepreneurs and those working in structured finance related roles.
From the analysis six distinctly different risk worldviews - 'theories' of how best to act in the face of uncertainty - were identified. These were strongly influenced by the individuals' risk appetite as well as their role, and therefore the range and type of uncertainty which formed the focus of their advice or decision making.
Hyper-rational:
. a methodical approach;
. need for evidence;
. desire to remove sources of uncertainty;
. a concern for completeness of knowledge;
. use of the past as a predictor;
. a focus on rational analysis;
. professional (disciplinary) knowledge;
. a need to know detail;
.need to follow rules; and
. stay within the boundaries of authority.
Designed Automaticity:
. anticipatory;
. scenario based;
. plan for contingency;
. balance of probabilities;
. reinforce routines;
. follow practiced routines;
. build response capability; and
. collective interests
Abstracted:
. a long term view;
. gain alternative perspectives;
. a disinterest in detail;
. a concern for the influence of organizational and team culture;
. stronger faith in existing relationships.
Responsive:
. thinking strategically;
. thinking on ones feet;
. using direct experience as a source of insight;
. building a sense of agency in others;
. keeping options open;
. a sense of optimism with no need for a safety net.
Absolute Values:
. do what is right irrespective of circumstances;
. strong consciousness of responsibility;,
. a focus on independence;
. a tendency towards pessimism;
Opportunist:
. a lack of trust of others;
. a win at all costs attitude;
. a short term perspective; and
. gamble
Each of these worldviews has both strengths and limitations. If well integrated into organizational processes and decision making, together they could contribute to the organizations capacity to deal with a wide range of risk. However, the research demonstrated that the necessary integration often had not been achieved. Indeed the evidence was that managers who hold one worldview actively reject one or more of the alternatives - regarding it as invalid. If this situation is operating in your organization then you are probably vulnerable or at least, not as resilient as you might think.
In short this research suggests that few organizations are as well prepared for uncertain business conditions as they think. The problem is a cultural one more than one of preparedness, resourcing, or skill availability. The evidence is that it is cultures which limit the organizations ability to harness the diversity of different ways of understanding and responding to risk. It is therefore imperative that organizations understand the nature of their risk culture and how it is likely to affect their ability to deal with the range and types of hazards they may encounter.
----------------------------------------------------
Dr Chris Goldspink is the Chief Scientist and an Executive Director of the Sydney Based research and consulting firm Incept Labs http://www.inceptlabs.com.au Incept Labs helps SMEs, large corporates and Government deal with uncertainty in current and future environments by providing targeted research and supporting innovation, risk management, change and quality governance.
EasyPublish this article: http://submityourarticle.com/articles/easypublish.php?art_id=283469
No comments:
Post a Comment