Chief executives (CEOs) are trying to figure out the recipe for success in the increasingly unpredictable world, and having the right ‘culture’ seems to be the common answer across industry. This sentiment is well-mirrored in Ginni Rometty, IBM CEO's statement, “Culture is your company’s number one asset”.
A company’s culture is about its stated and unstated policies that depict its personality. Essentially, it’s the amalgamation of attitude and character of the organisation which manifests itself into self-sustaining behavioral patterns. These patterns are nothing but how the old adage goes, “the way we do things around here”.
A culture aligned to the organisation's mission and strategy, can be a huge productivity boost for the organisation – it enables, energises and enhances the employees and fosters high performance. On the other hand, a culture in contradiction to the stated mission and strategy can be a drag on productivity and employee engagement index, thereby impairing the attainment of long term objectives. A recent survey by PwC Strategy& highlights the leadership’s perspective on importance of managing and sustaining requisite culture.
Cultures are multi-dimensional and manifest in varying forms, one of the most critical being ‘risk culture’. Risk culture of an organisation affects how risk is identified, assessed, and responded to from the moment of deciding the strategy, through execution and performance.
Both internal and external factors are responsible for shaping an entity’s risk culture. Such internal factors may include the level of employee empowerment, power distance, reward systems and physical layout of the place. External factors often include regulatory requirements, customer expectations, competitive landscape and investor demands. The interplay of all these factors determine the positioning of organisation along the culture spectrum – ranging from risk averse to risk aggressive.
Impact of risk culture on decision making is often misunderstood and hence, management action is mostly restricted to some well-crafted communiques spread across important milestones. In reality, risk culture manifests itself in form of biases in decision making. Management decision making is often about judgements based on available information and past experience laced. Evidence of dominant personalities, over reliance on numbers, disregard for contrary information, and a tendency for risk avoidance or risk taking are not unusual to observe. Hence, the pertinent question for leaders is not ‘if’ but ‘how’ their risk culture is impacting their business performance.
As a first step, the board and management needs to understand latent risk culture and thereby, the inherent biases in the system. Most of the organisations are so large and complex that they harbor unique silos of culture. For example, sales unit of an organisation may be overly aggressive and optimistic in approach whereas the contracting unit is usually deemed to be conservative and pessimistic by nature. This dissociation may present an image of juxtaposition but, in essence, they are part of one single organisational culture complementing each other and aligned to a common set of goals and values. A better starting point would be take a realistic stock of the current status through an organisation wide risk culture benchmark/ diagnostics study.
A risk culture diagnostic provides insights on the strengths and weakness of current culture along the four dimensions of risk culture:
» Leadership & Strategy: Refers to the ability of leadership to communicate the organisation’s mission, objectives and strategy in a way that all employees are convinced of their criticality to business success
» Accountability and Reinforcement: A positive risk culture is supported by clearly defined roles and responsibilities, and reinforced with appropriate remuneration and performance structures
» People and Communication: It is imperative to attract and retain the right talent that can balance risk and business within the contours of the organisational risk appetite. Further, such behavior needs to reinforced through open communication and transparency.
» Risk Management and Infrastructure: A strong risk management framework and infrastructure within the organisation, which includes robust risk management framework driven by both Chief Risk Officer (CRO) and business, and enabled by robust risk and control framework, are vital for a strong risk culture.
Often, organisations fail to appreciate the importance of risk culture in the larger scheme of things, resulting in catastrophic value loss. Some of the recent examples of large scale banking frauds in India can be partially attributed to the poor risk culture. Their risk management infrastructure lacked the desired maturity and inadequate leadership focus on risk management. In one such case, well-established controls (such as mandatory desk change every six months and transfer once in every three years) were bypassed, showing blatant disregard for principles of risk management.
Similarities can be drawn with in sports, with the ‘ball tampering’ saga in a cricketing nation. While the entire nation, including the prime minister, felt ashamed for the conduct of the national team, the insiders knew that the caustic risk culture in place was bound to implode. Tell-tale signs were always there but ignored by leadership and management.
Unfortunately, there is no magic formula for finding the few right behaviors that will make a difference to your culture. It’s a long journey – a journey towards sustainable growth. It is not important where you are but it is critical that you understand where and who you are. Only then can you start your journey.
The author is a Partner - Risk Assurance Services at PwC India.