Cementing risk culture in the organization

Font Size

Taxwise Or Otherwise

Have you heard of anti-cheating headbands? In 2017, photos of students wearing anti-cheating headbands-made up of two folders to block the peripheral vision while taking the exam-went viral. The situation gives us an idea of the classroom culture as observed by the teacher. As a result, the anti-cheating headbands became the teacher’s tool to cultivate integrity and honesty as components of the desired classroom culture. In a way, this helps us visualize how PwC views culture: based on common assumptions and beliefs that can predict how people will behave.

More than 41% of survey respondents in the 2018 PwC Risk in Review study believe that their organizational culture prevents the development of a more effective risk management response to emerging risks like innovation. Consequently, an organization’s growth and innovation may be hampered by its risk culture and other risk management practices. Risk culture is part of the bigger concept of organizational culture-focusing on the formal and informal messages about the way its members are supposed to practice risk management beyond policies and procedures. Indeed, the success of any risk management initiative is highly dependent on people and risk culture for motivation, promotion, and support.

A strong risk culture pushes all members of the organization to proactively consider risk in decision making, especially in the organization’s pursuit of growth and innovation. This leads to the identification of factors affecting the business strategies, the implementation of actions to mitigate likelihood and impact of deviation to objectives, and the realization of holistic decisions to achieve its goals and meet stakeholders’ expectations.

The process of cultivating risk culture may be hampered by roadblocks such as the gap between the organization’s desired culture and its actual culture as seen in observed behaviors. To overcome this, consistency in words and actions must be exhibited at all levels of the organization, especially at the Board and senior management level. Organizations can CEMent their risk culture and achieve consistency through Communication, Environment, and Measurement across geographical areas, cross-functional departments, and at all levels of the organization.

Communication helps the organization embed their risk culture by conveying desired beliefs and behavior. As such, leaders are responsible for communicating the desired risk culture and must become examples by “walking the talk.” A way to do this is to ensure that everyone complies with existing risk management policies and procedures: no overrides.

Going beyond the tone at the top, risk culture should be reinforced by the environment through mechanisms that encourage employees to uphold the desired risk culture. Institutionalizing programs such as continuous training on the organization’s risk management policies and procedures and continuously engaging in risk dialogues to share and learn from near misses and issues at an individual and collective level shows that the organization values improvement and learning. Apart from these, upward and downward communication channels should also be present so as to promote honest conversations among all organization members-without the fear of retaliation. This can be done by formalizing channels to embed a risk mind-set in decision making and in the escalation process to respond to threats.

To manage the various programs in sustaining risk culture, organizations need to measure their progress in aligning their desired and actual risk culture. Not all exhibited behaviors in an organization can be observed and measured, so it is important to focus on key interactions and decision points where behaviors can make or break the outcome. This, coupled with clear performance expectations and reinforcement such as making risk management part of the performance appraisal, makes employees rethink their stance on risk management. New technology such as data and analytics can also serve as a platform to measure and monitor behavioral trends as seen in the performance appraisal results. Nowadays, organizations can even utilize simulation-based e-learning to gauge risk culture based on the respondents’ choices in given scenarios.

Risk management is beyond policies and procedures. Risk culture helps to foster a larger degree of cooperation and commitment so that organizations can effectively manage risks and opportunities before making key interactions or key decisions that have a disproportionate effect on outcomes. With this, have you cemented risk culture in your road map towards sustainable growth and innovation?


The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.

+63 (2) 845-2728