Creating a Healthy ERM Culture – Part 1

September 2012 Feature Article

By Diana Del Bel Belluz, M.A.Sc., P. Eng.

Do you know how to create a risk management culture? Many enterprise risk management (ERM) leaders operate under the misconception that a healthy risk culture will develop spontaneously as a result of implementing structured approaches to ERM.

Seasoned leaders will tell you that nothing could be further from the truth when it comes to cultivating the kind of collective risk-taking and risk management behavior by the humans that form your organization.

For example, Ed Clark, CEO of Toronto-Dominion Bank, in a recent interview with the Globe and Mail newspaper said this about what he has learned in over 25 years in the C-Suite: “If you let osmosis make [decisions], it won’t happen.”

The truth is you won’t get a healthy risk culture by osmosis either. You have to take the lead and deliberately cultivate in your people the character traits and habits that support the behaviours you want.

I have defined twelve specific cultural traits for effective ERM. The twelve cultural traits (shown in green font in Figure 1) support specific phases of the ERM Implementation and Organizational Learning cycle.

In this series of articles I provide strategies to cultivate the twelve traits in your people.

Figure 1 - 12 traits of healthy risk culture

Healthy Risk Culture Trait #1: Accountable

The first thought that springs to mind for most people when they hear the word accountability is identifying who is responsible for achieving an objective.

In his book More Perfect by Design, Angelo Baratta explains that true accountability is about the ability to account for our performance. That requires us to shift our mental focus from who is responsible to how and why a management decision, strategy or practice will contribute to the successful achievement of objectives.

To be accountable in the ERM context, we need to understand how our decisions and actions contribute to striking the appropriate balance between ‘value creation’ and ‘value protection’. Rather than having a box-ticking mindset, true accountability requires people to consciously understand the why and then embrace their roles and responsibilities for both risk-taking (to create corporate value) and risk management (to protect corporate value).

Not surprisingly, avoidance of accountability is one of the most common dysfunctions of a team. (For more on this, see this month’s Bonus Resource.)

How to cultivate it:

If you want people to be accountable for their behaviours around risk, you need to do two things. First, you need to define the goal posts for appropriate behaviour. This means articulating what, for your organization, constitutes healthy versus inappropriate behaviour for both risk-taking and risk management. Most organizations do this by clearly articulating their appetite and tolerance for risk. (For how-to tips, see the March 2008, April 2011, and December 2011 Advisory issues.)

Second, you need to consistently encourage and reward appropriate risk-taking and risk-response action and consistently discourage and penalize inappropriate risk-taking (overly aggressive or excessively risk averse) and risk-response action (over- or under-managing risks). A variety of incentives and disincentives can be used including: monetary, recognition/censure, and factoring risk behaviour into career progression/demotion decisions.

 Rewarding appropriate behaviour is a powerful motivator and feels good to both the leader and the manager who is being acknowledged for their stellar behaviour. Discouraging inappropriate behaviour is harder for most of us because we naturally avoid conflict. However this is dangerous, because what we permit we promote.

 Letting inappropriate behaviour continue unchallenged will quickly undermine a healthy risk culture. The book reviewed in this month’s Bonus Resource has great tips on how to overcome the fear of conflict.

 Healthy Risk Culture Trait #2: Proactive

To be proactive you need to adopt a forward–looking mindset. Rather than getting mired in yesterday’s problems, look towards the future to anticipate risks and address them and/or get ready for them before they become a reality or a crisis.

 The desired behaviour is captured in the simple discipline of asking:

  • Where do I want/need to be at the end of this period (year, quarter, month, week, today)?
  • How will I get there?
  • What could help or hinder me along the way?

 How to cultivate it:

The leadership role of is key. If the CEO actively seeks out risk intelligence and considers it a crucial input into his or her decisions, it sets an important example and precedent for every other leader in the organization. Board directors can also help by insisting that risk considerations be included in all items that that come to the board for decision.

I’ll address the remaining 10 culture traits in future Advisory articles.

The Risk Wise bottom line…

A healthy risk culture doesn’t happen spontaneously. You have to take the lead. This means defining and deliberately cultivating in your people the character traits and habits that support effective ERM behaviours in your organization.

*

My forte is coaching executives on how to integrate ERM into their organization’s unique business practices and culture. If you need help engendering a healthy risk management culture in your organization, contact Diana Del Bel Belluzat Risk Wise: Diana.Belluz @ riskwise.ca or by telephone at (416) 214.7598

Follow the links to:

  • Read this month's Bonus Resource - Five Team Dysfunctions That Will Undermine Your Risk Management Culture
  • Download a printable version of the entire September 2012 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

Current Special Offers for Subscribers

The codes to access the following special offers have been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL OFFER: $460 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Resilience 2017 to be held on April 24-26, 2017 in Edmonton, AB. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

  • SPECIAL OFFER: $150 off the full conference fee for Risk Management Made Simple Advisory subscribers on the Canadian Privacy Summit 2017 to be held on May 2-3, 2017 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood

FREE DOWNLOAD

Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Diana's Pick

Neuroscience and the Nonprofit Manager (written by Andy  Segedin and published in the NonProfit Times) shares some of the tips on how to counteract common biases and habits that impede effective decisions.

The article is based on a workshop that Diana Del Bel Belluz of Risk Wise presented at the 2015 Risk Summit organized by the Nonprofit Risk Management Center.