Home > Risk > Risk and Culture

Risk and Culture

December 9, 2016 Leave a comment Go to comments

My good friend, Jay Taylor, recently had a piece published in the Private Directors Association newsletter. Culture: The One Element Most Critical For The Board’s Management Of Risk makes some interesting points.

After pointing out the need to ensure an appropriate culture by referencing some management gurus, he shares 6 questions for board members to ask of management.

  • Is the CEO active in creating the culture for the organization? Is he or she modeling the right behaviors?
  • Is there appropriate tone at the top, both during and outside of board meetings?
  • During strategy, product, and investment discussions, is there transparency around business assumptions, openness to respectful but challenging views, and identification of emerging risks to the business model beyond the immediate planning horizon?
  • Is there a willingness to bring forward bad news? Is there an understanding that failure may occur, but the business cannot grow and prosper without taking smart risks?
  • Has the board established clear expectations for timely identification and handling of risk, particularly those around business goals and objectives? Is there clear risk ownership?
  • Not everything should be filtered through the CEO. Are other executives and risk owners present at board meetings and allowed to take questions directly?

I would add a few of my own. These are questions the board should address to the CEO:

  • How would you describe the organization’s culture?
  • What do you see as an effective culture? Is it about ethics, risk, teamwork, or more?
  • Is it acceptable? How do you know? If not, what are you doing about it?
  • Are you getting objective feedback that tells you whether the culture is really the way you think it is?
  • How do you make sure it remains the way you need?

Jay also shares eight red flags that may indicate that when it comes to risk, the culture is not what you desire.

These are all good, and I am sure you could add a few more.

But let me ask you, as I have in other posts, isn’t there more to culture than how risk, ethics, and compliance are addressed? Isn’t culture the driver of optimal performance as well?

I welcome your views.


PS – my thanks for Jay for recommending my World Class Risk Management book.

  1. Jim DeLoach
    December 9, 2016 at 5:27 AM

    Jay is a great gut. He and I co-presented at the annual Compliance Week event in D.C. Both of you raise good questions. Your fourth question is key. Alignment of the tone at the top and tone in the middle is vital so the tine at the bottom is functioning as intended; together, they comprise what I call the “tone of the organization.”

  2. December 9, 2016 at 7:51 AM

    Culture isn’t perks. It’s not letting your dog come to work with you, or yoga classes, or free ice cream, or flexible hours.

    Culture is behavior. The aggregate of all the behavior in your firm is your culture.

    If you ask me, the right culture is probably something like, “Professional Performance.”

  3. December 9, 2016 at 12:41 PM

    Norman, picking up your point about optimal performance, I would expect a question like, ‘Does the culture include a desire to continually improve, by identifying those opportunities which outweigh the risks attached to them?’

  4. December 9, 2016 at 1:01 PM

    Thanks for bringing up the subject, Norman. The focal point of modern ERM, culture.
    I think we all agree that strategic risks are the organization’s killer risks. Companies go down the drain due to two main reasons: 1) setting a wrong strategy, or 2) creating a good strategy but failing to execute (i.e. board says turn left but the employees keeps marching straight ahead). Failure to follow up on execution seems stupid, but is all too common. They claim that the mgmt guru Peter Drucker said: “Culture eats strategy for breakfast”. Jeff Immelt of GE understood this and initiated a digital turnaround by shifting culture before putting a new digital strategy into place. Have you heard about a successful company with a bad culture? In my new world, culture is the cornerstone for success. If every employee feels being a part of customer satisfaction, you have to goof up seriously to fail. Walking the talk and creating vision and dedication is one of the most important objectives of the board and executive management. An Australian General said: “The standard you walk past is the standard you accept.” We’re at a cross-road. Culture and quality in decision making and optimizing the ever-lasting risk/reward-equation should be focal points of ERM. I’ve been inclined to use financial ratios KPI/KRIs, but rewards should also include non-financial measures such as increased trust/reputation – the company’s most important asset.

  5. Hans Læssøe
    December 13, 2016 at 2:49 AM

    Interestingly enough -. the first questiosn are pointing fingers. The board may as well ask themselves:
    – Do we, i.e. the BoD, ask about the risk taking of the company – or do we only discuss what Management asks/drives us to discuss
    – Do we challenge strategic assumptions from a risk perspective – or do we accept a nicely presented and apparently logical strategy as is
    – Do we use the diversity of the BoD to spot black swans before they emerge – or do we trust Management has identified (all) the risks there are
    – Do we allow mistakes and push for taking smart risks – or do we opt to fire the CEO if/when results do not meet expectations
    – Do we ask/require Managment to establish an independent Risk Management function to ensure risk information to the BoD is not laundered/censored by Management

    I fear many boards will see, that their own “tone at the top” is inadequate for deliberate and systematic risk taking, but address risks as something to mitigate and “get rid of”

  6. Andrew M Kamm
    December 14, 2016 at 9:03 AM

    Culture is initiated from the top and true board involvement seems to depend upon size of company. Nonetheless, the culture is one that has to be alive and gain buy in from senior managers to daily customer interfacers to those who even simply answer the phone or upload data. Culture needs to be outwardly focused but based upon ethical pillars derived from within. Positive engagement of all teammates towards the accomplishment of unparalleled customer service (customers are the lifeblood of any organization) enhances morale so much that goals are easily accomplished

  7. December 21, 2016 at 11:26 PM

    What I would add is the question: are individual incentives supporting the desired culture or is there a risk they work in the opposite direction?

    You can have great values, a code of conduct, compliance e-learnings, right tone at the top etc. At the lower levels people tend to do what they are rewarded for at the end of the year. So make sure these advocate the right behavior.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: