Risk management requires continuous improvement. Without a company culture strongly aligned with principles of continuous improvement, organisations will struggle to implement, let alone maintain, successful risk management programs. This can be challenging in practice, as cultivating a risk management attitude within a company involves aligning risk initiatives with existing company values, policies and, to put it simply, convincing everyone involved that risk management is worthwhile. However, improving risk culture is possible, and, like many things, it becomes a lot easier when you have a process for it.
Such a process can be separated into three stages:
- Cultural awareness
- Cultural change
- Cultural refinement
Phase one: Building and strengthening cultural awareness
The first stage is building cultural awareness; this will take the form of communications, training, and general education initiatives within the organisation. Here is where companies set risk management expectations and objectives, define roles and responsibilities, and communicate all of these things with their employees. You shouldn’t expect your employees to conform to your ideas about risk management without first taking the time to educate and inform them, whether through formal training or access to knowledge base material or similar.
Successfully building and strengthening cultural awareness about continuous improvement includes:
- Establishing a common risk management vocabulary
- Making sure communications are consistent with said vocabulary and that everyone in the organisation has clear access to all relevant documents
- Being clear about risk management responsibilities and accountabilities.
- Launching and maintaining training programs, providing training support and guidance where needed and as required by different roles and responsibilities within the organisation
- Making sure onboarding processes adequately cover risk management.
- Making sure recruitment processes adequately cover risk management.
Phase two: Changing the way the organisation operates
Once a firm foundation of cultural awareness regarding continuous improvement has been established, it’s time to start thinking about how to gradually change how the organisation operates to reflect these values. This phase begins by recognising and rewarding employees for paying attention to risk and responding to risk in a way that challenges the previously established (pre-continuous improvement) status quo. These motivational systems, rewarding and penalising behaviour according to the established ideals of continuous improvement outlined in the early planning stages, will result in the gradual but certain shift towards a proliferation of continuous improvement-conscious company culture. Another important element is recognising the talent that conforms with the desired vision of continuous improvement and capitalising on this alignment by placing them accordingly in relevant, optimised positions of responsibility or seniority. It’s getting people in the right place to drive the right results.
Some important considerations for this phase:
- Utilising challenge as a motivator for driving cultural change
- Gamifying and quantifying risk performance metrics and rewarding/penalising behaviour accordingly.
- Considering risk management and continuous improvement culture in talent management approaches.
Phase three: Optimising and refining the cultural ecosystem
The third and final stage of cultural adoption of continuous improvement occurs once the company culture has matured to the point of widespread adoption and desired values are already well-entrenched. At this point, the focus shifts to monitoring performance versus expectations and attempting to tweak and refine the system to further improve cultural adoption. The expectations can and will be influenced by a wide range of stakeholders, not just top management; employees, a board of directors, analysts, customers, investors – they all have a say in the definition of cultural expectations because these expectations should directly reflect the whole entity that is the organisation, made up of all its constituent stakeholder parts.
Steps taken during this phase might include:
- Iterating feedback and observations from risk management into training, education, resources, and communications.
- Making sure stakeholders are held responsible for their actions
- Make sure any risk performance metrics or quantifiers are adjusted to reflect risk strategy, goals, and objectives changes.
- The capacity to redeploy and reassign individuals within an organisation according to desired risk culture goals
- Continually reflecting on and refining risk culture by continually changing business goals, objectives, and strategies.
At CRI® Group, we are committed to spreading the knowledge about the risk, compliance management and negative impact of fraud, bribery, and corruption to global businesses and promote transparent business relations across the world. As part of this effort, we want to present you our in-depth risk management and compliance insights – articles, whitepapers, eBooks, and other publications to help organisations overcome fraud, compliance, bribery, and corruption management challenges and tackle risks more effectively.
Don’t miss the opportunity to step up towards transparency and better protection for your business and your career – CRI® Group’s risk management and compliance insights give you a chance to explore these topics in-depth. If you are interested in our solutions, please click below to a free quote or contact us today.