Rapidly developing technologies, evolving customer needs and increasing competition have made businesses more vulnerable to risk than ever before. However, ‘Risk in review: Managing risk from the front line’ (2017) – a PricewaterhouseCoopers (PwC) survey of over 1500 C-level executives and Chief Risk Officers from across 30 industries and 80 countries – found that the maturity of a whopping 64% of their risk cultures fell in the ‘extremely low’ category, whereas only 9% could boast of very high maturity.
Change appears to be on the way, though, as an increasing number of companies are beginning to focus on critical aspects of risk management, such as defining risk appetite, integrating technology into their enterprise risk management (ERM) systems and linking these with their growth strategy.
However, these practices can only go so far if the leadership doesn’t foster a strong risk-focussed culture, which keeps employees abreast about what it stands for and the boundaries within which they can operate, while also facilitating clear and open communication about how risk factors into the company’s long-term goals. The India Risk Management Awards (IRMA) Survey 2017-18 studied over 125 organisations on the five key parameters of an effective ERM programme, and found that only 59% of them could boast of adequate risk-related communication by the senior management.
Such a lack of communication could lead to a static risk culture, which prioritises regulatory and internal framework over the company’s risk appetite and any changes to it. While there are upsides to following framework, fostering a culture that places value on choosing to do the right thing can further the development of both the individuals and the organisation. There’s no better proof of this than instances of a single rogue employee’s actions causing the downward spiral of the company they belong to. In June 2014, Fortune Magazine reported how one compliance violation by a single engineer at General Motors led to 13 deaths, 2.6 million cars being recalled, hefty penalties and lawsuits for the automotive brand. While there are certainly risk management measures that can be undertaken to mitigate the damages caused in such situations, the best way to prevent such an incident would be a company culture that rewards people who do the right thing.
This requires a thorough assessment of the organisation’s current standing and goals, which can be conducted through a variety of methods, right from surveys and workshops to simulations and engagement with key stakeholders. Based on the findings, a risk management program, which is led by experts and leaders, can be put in place.
Irrespective of each company’s goals, however, the 2015 Risk Culture and Conduct Benchmarking Report by PwC lists down the four pillars of a strong risk culture – leadership and strategy, risk management and infrastructure, accountability and reinforcement, and people and communication. Though the importance of leaders in shaping the risk management strategy and inspiring their colleagues cannot be overstated, it is nearly impossible for them to make a real difference without a strong framework and infrastructure to support them. With the CRO at the helm, companies also need to encourage open communication in both directions, using various methods, including – but not limited to – newsletters, town-halls and sensitisation programs. Additionally, traits like risk management expertise and similarities in value systems need to be given utmost importance when it comes to hiring and retaining employees. Lastly, the business must also encourage accountability and provide appropriate reinforcement for employees’ actions, both positive and negative.
While it may seem like a simple concept in theory, risk management is no piece of cake. Arguably the backbone of a successful organisation, a risk-aware culture can make or break the future of a company. This is why the importance of able leaders in the field cannot be overstated. ICICI Lombard and CNBC-TV18 proudly present the India Risk Management Awards (IRMA), which recognise some of the most innovative and path-breaking risk management initiatives in the Indian corporate world. In its 4th year, IRMA fetes individuals, organisations and teams that have made invaluable contributions to the theory and practice of risk management. Benefiting from the combined expertise of a panel of independent judges, the awards also serve as the ideal platform for brands and individuals to showcase some of their best products, projects and people. Both ICICI Lombard and CNBC-TV18 are committed to promoting excellence in risk management and building risk awareness, and hope to do just that through this novel initiative.
For more information on IRMA, please click here