Building Risk Management Culture
Today’s topic is building a risk management culture in an organisation. But before I talk about how to build a risk management culture, I want to talk about what a risk culture is.
Now it’s something that’s talked about quite often, but I don’t think people have a real understanding of what that risk culture looks like. Now risk culture is an organisational culture where by everybody is prepared to discuss risk, risk management and what can go wrong- as opposed to some organisational cultures you may have been involved in where there is a blame culture and everybody tries to hide things, so that the senior executive don’t know about it because it’s felt that there will be retribution. This sort of culture where there is the blame and the hiding does not allow you to move forward as an organisation, and organisations like that are less likely to meet their objectives.
What we want to try and do within our organisation is move towards a risk culture. A risk friendly culture- and we can do this in a number of ways:
- Senior management support/communication- they need to be very visible, to make sure that everyone in the organisation understands that they believe that bad news does not get better with age- unlike red wine. They need to be encouraging people in the organisation to let them know when things have gone wrong or when things are potentially going to go wrong.
- The no blame culture- what we need to do here is make sure we learn from our mistakes as an organisation. What I believe to be true is that no failure or event within an organisation is a 1-step failure. Because everything in an organisation is a system of systems- and when somebody has done something at the end of the chain, it sets off a chain reaction- a system breakdown. Whatever the mistake was, lets learn from that and build it into our policies and organisational structure to make sure that it potentially doesn’t happen again.
- Train your staff- make sure your staff have the knowledge and skills to understand how they identify the things that can go wrong or the things that have gone wrong in the past and record those and move forward and stop them happening in the first place. Or if they do happen, make sure you are in a position to minimise the consequences. Let’s face it, within an organisation no matter how much planning or risk management you have done- things will still go wrong. What we need to do is prepare ourselves to minimise those consequences, which brings us to business continuity, a topic for another day.
With just these things alone, we can make sure we communicate from the top down and bottom u. If we understand that with no blame culture people will move forward and be prepared to have those discussions with their supervisors – minimising staff who avoid telling their managers about mistakes or diminishing the prospect for an arising issue- resulting in unknown-knowns, where by issues do not reach management.
These points provide the real crux for how we build a risk culture within an organisation- make sure you have a discussion and are open to risk, because at the end of the day what you need to understand is that every organisation is in a risk environment and we need to make sure that that risk doesn’t come back and bite us in the backside.