How to Increase Risk Awareness and Create a Risk-Aware Culture
Colin Thompson
Managing Partner Cavendish/Author/International Speaker/Mentor/Partner
Risk management is a major aspect of compliance programs, so why not get the entire company in on it?
Creating a company-wide culture that is attuned to corporate risk awareness—especially the ones that an individual employee is likely to face on a regular basis—is a common theme in compliance discussions.
Programs need to be risk-based, but creating policies only goes so far if employees do not understand the key risks and why they need to be avoided. Also, to take it a step farther, employees need to factor in risk awareness as part of their job responsibilities.
As Chris Caron, Compliance Director at Kiewit, found, actively engaging employees in mitigating the risks they face every day not only cuts down on adverse risk effects, but also gives the organisation a better understanding of real-life risks and their likelihood.
Creating a Risk Conscious Culture
But how do you actually create that company-wide eye toward risk awareness? Chris moved in this direction by making project managers responsible for filling out a risk matrix for their own projects (after all, who would understand the risks and likelihood better than the project managers) and by adjusting the company-wide risk measurement scale to?better reflect the organisation’s risks.
If you feel like you’re starting from the beginning and need a more basic way to spread a risk-aware culture do not worry, we’ve laid out some clear steps for you to take.
Agree on a Vision
It may seem simple, but if you’re starting from scratch when ingraining risk throughout your organisation you need to make sure all the key players are on board before you begin spreading the message. Discuss what you’re trying to accomplish, what the key metrics are, how you’re going to go about instituting a cultural mind-shift—everything you’d do when making any other major business decision.
Here are a few common goals typically discussed and defined during this phase. Once identified, these should be communicated to the rest of the organisation.
Common purpose?— Individual employee values should align with organisational values and approach toward risk.
Consistency —?The entire organisation should share the same risk vocabulary so that risks are universally and consistently evaluated and understood.
Understanding —?Individuals are aware of critical risks facing the company, understand the macro benefits of risk management and are aware of how their behaviour impacts the organisation
Assess Your Risk Culture & Create a Roadmap
Now that you have the vision for your risk-aware culture defines, it’s time to see how it matches up with the current state of your company. Risk assessment is a two-part process
1.???Look for alignment.
The first step is to look at your current risk management process to determine what you are and aren’t doing already.
Do you have a documented risk appetite?
How is risk currently being logged, monitored and managed?
Do front-line managers play a role in risk monitoring and mitigation?
Does the company use a single risk measurement matrix with a common language?
2. Company-wide benchmark
领英推荐
Conduct a company-wide culture survey. If you have a large organisation it may be tempting to survey a representative sample of the company… resist this urge. You want to spread a risk-conscious culture to your entire organisation, not a sample of your organisation. Taking the pulse of the entire organization may be more difficult and time-consuming, but it will give you a much better understanding of your beginning benchmark in terms of company attitude toward risk.
Once you’ve assessed the current state of the company’s risk awareness you can cross reference that with you’re agreed upon vision and create a roadmap for tackling this project.
Tone at the Top
Once you have your roadmap planned out, the most logical place to start implementing this new company-wide attitude is at the top.?Tone at the top?is extremely important to any compliance program, so this has the added benefit of bringing your board of directors and the executive team more in line with federal expectations for compliance programs and oversight.
If your board is already compliance-focused, great! Still, go to the top and explain your project and make sure everyone from the chairman of the audit committee to the C-suite fully understands and embraces any new language and methods or approaches you’re taking so that they’re in line with what employees will be hearing.
Organisation culture is truly top down. Everyone needs to be on board if you want effective risk management and?strong culture. Making sure that top-level management is using the same messaging and approach that you’ll be promoting will help solidify the message and give weight to its importance.
If you’re still having trouble getting the top to buy into the message of risk-based compliance, keep working on it! But in the meantime, move down to your mid-level and front-line managers. Sometimes?tone at the middle?can have more impact and is easier to achieve.
Education & Training
When rolling this new aspect of your compliance program out to the entire company there are a few key things to keep in mind that will help increase buy-in and understanding.
1.??? Take the time to explain the idea behind this initiative
Compliance can often be seen a just a bunch of pointless policies and procedures and a team of police looking for wrongdoers. Taking the time to explain why a company-wide commitment to risk management is important and how not mitigating risks can negatively affect both the organisation?and?the individual employee will make people much more willing to follow the rules and do the extra work you’re asking of them.?
2.??Tailor training programs to each department????? Focus on the risks this particular set of employees is most likely to face and the processes and procedures they’re expected to follow. Buying canned training packages is easier, but less effective in this situation. The risks you’re talking about are specific to your organisation and will be different based on which department you’re talking to. Training is far more effective—and likely to be listened to—if you talk specifically about the things that will affect this employee in her or his daily job. ?? 3. Allow for questions, even after training
Ensure your compliance program has an easy way for employees to safely and confidently ask questions or seek clarification, and communicate this method during training. Whether it’s a feature in your compliance software or a regularly checked email inbox, making sure employees know that they can get help in a non-threatening (and timely) manner is key to encouraging continued buy-in and dedication from your workforce. This “ask a question” feature should not be the same as your compliance hotline, which can often come across as intimidating and denotes wrong-doing
4. Following these steps will help get you on your way to creating a company-wide risk-aware company culture, which in turn will go a long way to helping you accurately identify, monitor and manage the unique risks your organisation faces.
Now go and be successful.
`On the Right Track`
For Your Success
Sharing information for your success from many sources.