The Importance of Establishing a Collaborative Risk Culture

Share on facebook
Share on linkedin
Share on twitter

Companies are exposed to risks, both operational ones and natural disasters. Some risks in economic and financial crises, political issues, market trends and operational management can be avoided, but to do so requires a risk culture to be implemented throughout the organization.

This means a risk culture involves the both the Director or the CEO and the Operations Manager, as well as each of the employees to assimilate it as a routine activity that is a part of the company’s DNA.

An existing risk management culture helps the company to identify threats, tackle obstacles that may arise, increase the chances of achieving goals, lower employee turnover, engage employees, foster proactivity, and improve the company’s adjustment to the social and economic environment.

However, it isn’t enough to merely desire to establish a culture of risk management, it’s necessary to set out a policy and drive to get all workers involved. This starts with appointing a Risk Director or Chief Risk Officer (CRO), who will be the person in charge of creating this culture and transmitting it to the rest of the organization.

According to Price Waterhouse Coopers, there are three lines of defence: the first is made up of senior management and business units, the second of risk and compliance functions (including the CRO) and committees, and the third entails internal audit.

Although the Risk Director is the second line, he is obligated to interact with the first and third lines of defence.

One way to rapid dissemination and implementation of the risk culture is to set the parameters from the first line in collaboration with the Risk Director and then roll the strategy out to other areas, so as to create a pyramid that encompasses each one of the collaborators. This way an organization with greater resilience and risk culture is created.

In other words, the first line makes decisions in keeping with the strategy, while the second line shapes the measures to be taken, based on queries, consultations, and collaboration. The third line focuses on protecting the organization and creating value.

However, according to PWC data, only 13% of companies worldwide involve the front-liners or senior management in risk management.

Risk management in cybersecurity

With technological progress, more and more companies are looking to support their risk management models with technology for better decision-making, for greater control, and to allow them to act in advance of a problem.

Cyberattacks have become a threat that worries companies; an issue that has been escalated by massive attacks like WannaCry that affected over 200,000 computers in 150 countries in 2017.

A risk culture also implicates cybernetics, here it is necessary to define specific lines of action in three areas: the first is using a methodology aligned with the operation strategy, the second is flexible plans, and the third consists of having a line of communication with the groups.

Each of the risk management lines must be aligned with the company’s values, goals and objectives. This way it becomes easier for employees to be ready for any possible problem the organization faces.

Risk map

Although it is hard to predict risks 100%, there are tools that help the organization to create strategies enabling it to overcome threats:

  • Identify the risks, weaknesses and consequences that may arise in the company
  • Assess the hazards by the level of impact or incidence
  • Conduct an analysis of possible risks and establish how to mitigate them, to find out the company’s real exposure
  • Design preventive and corrective measures.

How to achieve a risk management culture

  • Establish a solid organizational environment focused on the risk culture and on the administrative boards to starts right from the management board and the CEO and take hold throughout the organization
  • Align risk management with the strategy at decision-making time, so that the first line anticipates business risks when setting tactical priorities
  • Balance the program over the three lines of defence so decision-making takes place throughout the organization
  • Develop risk reports that allow management and the board of directors to execute supervision.
Share on facebook
Share on linkedin
Share on twitter
Share on facebook
Share on linkedin
Share on twitter


Experto Cegid

Related Posts

Jefes que lideran el trabajo híbrido requieren creatividad y compasión
Share this post!
February 24, 2022
It is a reality that the hybrid work model will grow this year because employees are seeking to hold on to the ‘positive’ effect of the pandemic, in terms of balancing home and work…
Lo que debes tener en cuenta para tu estrategia de Talento Humano en el 2022
Share this post!
February 17, 2022
What are the industry opportunities and challenges you need to be aware of? How can you generate more value for the organization?
Los 5 pilares del nuevo contexto laboral
Share this post!
January 27, 2022
The Covid-19 pandemic has caused a paradigm shift in all areas, especially in the HR function, which has had to transform many of its working procedures and tools to adapt to the new uncertainty of work and to maintain business continuity.