Teaching the "Why" Behind the "What" of Risk is important in Building a Risk-Aware Culture
Dr.Aneish Kumar
Ex MD & Country Manager The Bank of New York - India | Non-Executive Director on Corporate Boards | Risk Evangelist I AI Enthusiast | Architect of Strategic Growth and Governance | C-suite mentor
A Story of Missed Risk Awareness?
Let’s start with this story from Mumbai: Ravi, a diligent operations manager at a logistics firm, received instructions to run thorough checks on vendor compliance documents before onboarding them. To Ravi, the task seemed tedious and bureaucratic. What he didn’t realise was that the checks weren’t just formalities—they were designed to prevent financial losses, reputational damage, and regulatory penalties A few months later, the firm onboarded a vendor without proper verification, leading to a data breach. The loss? Over ?50 lakh in penalties and irreparable customer trust issues.?
This story reflects what many organisations experience. Employees understand what tasks to perform but not always why they’re doing them. And when it comes to risk management, the “why” is critical. If employees don’t grasp the purpose behind processes, they’re less likely to perform them effectively, leaving the organisation exposed to preventable risks.?
Why does teaching the "why" matter?
In the realm of risk management, tasks often appear routine—filing reports, conducting audits, or following compliance procedures. But without an understanding of the purpose behind these tasks, they can feel like check-the-box activities. Teaching employees the “why” behind the “what ensures they understand the impact of risks on the organisation and empowers them to proactively manage risks.
Employees who are aware of the bigger picture will:?
·????? Recognise early warning signs of risks.
·????? Take ownership of mitigation efforts.
·????? Align actions with the organisation’s risk appetite and policies.?
Real-Life Examples: The Difference the "Why" Can Make?
Preventing Cybersecurity Incidents
IT teams are often instructed to run routine security updates and ensure employees follow password protocols. But when teams understand why—how a single breach can compromise sensitive data and attract financial penalties—they become proactive. An organisation once averted a phishing attack simply because employees recognised the risks involved and reported a suspicious email.
Operational Risk Management in Banking?
In one bank, employees responsible for loan approvals didn’t fully appreciate the importance of credit risk assessments. They saw it as a procedural step. However, once leadership explained how un-vetted loans could lead to high non-performing assets (NPAs), employees began following due diligence with greater care, reducing risky loans.
Logistics and Compliance Risks???
A logistics company found itself struggling with customs delays. After workshops explaining how accurate documentation prevents fines and ensures smooth clearance, employees began double-checking forms. This simple understanding of why accuracy mattered improved operational efficiency and saved the company from regulatory penalties.
How to Teach the "WHY" of Risk Effectively?
领英推荐
1. Communicate Risk in Simple Terms
Often, risk is explained in jargon-heavy language. Break down concepts so employees at all levels understand. For instance, instead of saying, “Failure to follow compliance protocols increases the organization’s risk exposure,” say, “Skipping these steps could cost us ?10 lakh in penalties and harm our reputation.”
2. Use Storytelling to Bring Risks to Life
Real-world stories resonate better than statistics. Share examples of past incidents—how neglecting risks impacted companies or how proactive actions saved the day. These stories stick with employees, helping them connect their tasks to potential outcomes.
3. Align Risk with Daily Roles
?Tailor risk education to each department’s function. For example, explain to procurement teams how delays in supplier payments could lead to supply chain disruptions, or help sales teams see how miscommunication with clients increases reputational risk.
4. Encourage Two-Way Communication
Employees should feel comfortable discussing risks with managers. Encourage them to ask questions about processes they don’t understand. This approach fosters a culture of curiosity and ensures employees are engaged with the organization’s risk strategy.
5. Recognise and Reward Risk Awareness
Celebrate employees who identify and mitigate risks proactively. When employees see their efforts acknowledged, it reinforces the importance of risk management and encourages others to follow suit.
The Ripple Effect of Teaching the "WHY" of Risk?
When employees understand the consequences of unmanaged risks, they are more likely to act with foresight and accountability. This change in behaviour builds a risk-aware culture—one where everyone, from frontline workers to senior executives, is aligned in their efforts to mitigate risks.?
Consider the case of a fintech company. Initially, compliance audits were seen as a burden. But after workshops on the importance of financial transparency and how it builds investor trust, employees embraced the audits as part of their commitment to organisational growth. This shift in mindset enhanced operational efficiency and improved relationships with regulators.
The Balance Between Risk and Innovation?
Risk management isn’t about stifling creativity. When employees understand the "why," they can balance risk with innovation. They are more likely to suggest improvements and challenge outdated processes while still staying within the organization’s risk framework. This approach nurtures an innovative and resilient organisation capable of adapting to change.?
For example, a bank encouraged its teams to explore new digital banking solutions while keeping cybersecurity risks in mind. As a result, they launched innovative services without compromising security, staying ahead of competitors.
Conclusion: Empower Your Employees with the "WHY."?
Teaching employees the "why" behind the "what" of risk is about more than just compliance—it’s about empowerment. When employees know how their actions impact the organization’s health and sustainability, they become risk champions. They anticipate challenges, take proactive measures, and align their efforts with the organisation’s goals.?
The next time you assign a task or roll out a new policy, take a moment to explain the why. You’ll be surprised at the engagement, ownership, and innovation it fosters.