Risk Culture: The Most Neglected Component of Enterprise Risk Management (ERM) Framework
Risk Management is defined as set of coordinated activities to direct and control an organization with regard to risk. In all the three components of ERM, Culture is given utmost importance
- Principles
- Framework
- Risk Management Process
Culture in many ways is “what staff in your organization do when you are not watching them”. Risk culture, is therefore values-based and ethically driven rather than based on processes or formal governance.
When the chips are down, experience has suggested that culture trumps process every time
Why is Risk Culture Important?
Sets the tone of the organization and defines how an organization views risks and converts them into opportunities
- Sets the tone of the organization and defines how an organization views risks and converts them into opportunities
- Resilient to external influences and better able to adapt
- Less unenforced errors
- Improve staff response to threats or situations that fall outside well prescribed operating guidelines
A Risk Culture Centered ERM Framework
- Assess: Review of existing ERM framework to ensure focus on Risk Culture
- Demonstrate: Establish value created and value protected to the employees
- Train: Enhancing the Risk Awareness in the organization through periodic Risk Trainings and Assessments
- Embed: Embedding Risk Culture in Decision making
- Align: Alignment between Key Performance Indicators and Key Risk Indicators