In the see-through economy, the impact that new technologies like social media can have on a company’s reputation has empowered customers to demand transparency and accountability from businesses and other organizations. A recent study showed 81% of consumers would switch brands for ethical, social, or environmental reasons. This shift means PR departments can no longer control an organization’s image.
It’s essential that everyone, not just risk managers, assimilate risk awareness into their job descriptions. That said, there are many factors that contribute to a healthy, risk-managing culture.
One of those factors is support from below; be it front-line employees or operational managers. I often stress that “front-line” employees (who are responsible for everyday activities) are a vital yet often overlooked resource for risk identification. A healthy company culture benefits from bottom-up involvement as well as top-down support.
A risk-based company culture builds value through its ability to achieve both top-down and bottom-up objectives. This eliminates any misalignments between leadership’s goals and the knowledge of front-line employees, which is the primary cause of wasted resources, missed opportunities, and compliance problems. Without a connected approach, information lacks operational context and is inevitably segmented and looked at in silos, rather than holistically.
For example, almost every department has some type of incident management capability, but most incidents are cross-functional in nature. This makes it difficult to resolve incidents where one department’s or group’s activities have upstream or downstream impacts, which are often unknown. This collateral damage is avoidable through enterprise risk management and is the way 100% of scandals waiting to happen are prevented.
Any effective risk-based company culture is set by the “tone from the top.” Support from leadership teams makes it easier to engage front-line managers by providing context on how risks connect to strategic goals, as information moves across the organization. When information is pushed back up the chain, new insights from individuals in governance and operational roles are included. Providing this context ensures information is actionable, useful and understandable to everyone, including senior management.
To develop a risk-based company culture, companies should implement connected information collection and reporting systems. If you do not have ways to initiate a task that can be reassigned to the right individuals through predetermined workflows, you’re not able to ensure it gets addressed in the appropriate manner, or measure your progress against. The goal is to make it easier for different levels and silos in an organization to also escalate information appropriately, which encourages collaboration with fewer meetings.
Efficiency is created when these tasks are “risk-rated;” meaning prioritized on a common scale across levels and silos to determine which risks should get attention and follow-up first.
These connections make it possible for leadership groups to pull the information they need directly from front-line employees, and avoid blame for mistakes, negligence, and missed opportunities call these types of results surprises, and in business, all surprises are bad. A company’s best bet is to ensure quality information is delivered to the right people, at the right time, and with the proper context.
A Risk-Based Approach Adds Value
Many CEOs and board members have expressed concern that placing so much emphasis on implementing and sustaining a risk-based culture may increase costs or existing staff burdens.
In reality, organizations with sustainable, risk-based cultures (and effective risk management programs) have been proven to experience a 25% increase in market value on average, when compared to businesses competitors without mature ERM programs.
A risk-based company culture shouldn’t stifle anything. Rather, risk-based concepts like regular risk assessments should enable innovation as they can better align a company’s goals to its risk management processes and overall culture. Regular risk assessments enable innovation because key risks are identified proactively, allowing them to be properly mitigated. This results in more streamlined processes and better use of resources.
There is a simple way to measure a company’s focus on its risk-based culture. Look up the customer complaints, budget variances, revenue goal achievement, stock price fluctuations, customer satisfaction reports, health and safety records, qualified audit reports, and regulatory inquiries. Customer satisfaction and investor returns are higher when a company performs well across these categories and emphasizes the measurement of its risk culture.