Creating a Healthy ERM Culture – Part 2

October 2012 Feature Article

By Diana Del Bel Belluz, M.A.Sc., P. Eng.

This is the second article in my series that defines twelve specific cultural traits that are necessary for effective Enterprise Risk Management (ERM) and provides tips on how to cultivate them in your people. The twelve cultural traits (shown in green font in Figure 1) support specific phases of the ERM Implementation and Organizational Learning cycle. (For details on the cycle, see the Advisory issues of April 2011, October 2011, December 2011, March 2012).

Figure 1 - 12 traits of healthy risk culture

Part 1 in the series focused on these ERM culture traits: Accountable and Proactive. In this article I describe how to encourage a Systematic and Open culture.

Healthy Risk Culture Trait #3:  Systematic

Leaders who resist a disciplined approach to ERM tend to believe “We manage risk intuitively. We don’t need the formality of ERM.” My response usually goes like this… If you operate in a stable business environment where your past experience is an excellent predictor of what will happen far into the future, you can get by nicely with an intuitive approach for managing enterprise risk.

However, if your business environment is characterized by uncertainty, change, and complexity, you need the discipline of ERM. Being systematic is the only hope for overcoming the common biases and cognitive errors we humans make when we rely solely on intuitive judgment in weighing risks in our strategies, decisions and actions. Why is intuition alone dangerous? In his book Thinking, Fast and Slow, Nobel prize winner Daniel Kahneman describes two modes of thinking we humans use all the time:

  • System 1 (fast thinking mode) “operates automatically and quickly, with little or no effort and no sense of voluntary control”. This mode of thinking is what is used in intuitive, snap judgments.
  • System 2 (slow thinking mode) “allocates attention to the effortful mental activities that demand it, including complex computations.” This mode of thinking is used in deliberate choices.

Kahneman explains that System 1 serves us well for routine decisions, i.e., familiar situations for which it has developed an accurate mental model through repeated experience. However, he also cautions that System 1 has distinct biases, is prone to error in certain circumstances, and has little understanding of logic and statistics. Knowing that, do you really want to leave System 1 in charge of ERM?

When executives and board members examine their past risk management failures, they usually sheepishly admit that important information was either missed or omitted due to a haphazard risk assessment or that the risk management response was poorly planned and organized.

Relying on intuition alone is the half-brained approach to ERM. Effective risk management combines the strengths of both System 1 and System 2.

System 1 enables you to ‘read’ the environment. It can instantly gauge the intangible values that stakeholders expect to be applied in balancing risks and rewards. It also recognizes patterns and detects changes in the environment as they are occurring – not just when it’s time to do the annual risk report.

System 2 enables you to analyze complex, uncertain and unfamiliar circumstances (i.e., the characteristics often associated with an organization’s principal risks) and to think through the longer-term implications of your decisions and actions.

How to cultivate it:

To be systematic about ERM requires three things:

  1. Awareness of when disciplined thinking is required, such as situations where there is high uncertainty, high complexity, or significant change in the business environment. This month’s Bonus Resource is a simple, practical method to broaden and sharpen your systematic thinking skills.
  2. Robust ERM processes and tools. For tips on this, see the July 2009 Feature Article  on Are Your Risk Models Flawed?
  3. Skills to apply the ERM discipline consistently. Building any skill requires a little training and a lot of practice. However, there is a secret weapon that can greatly accelerate skills development and help you to rapidly achieve mastery. It’s coaching. For example, one study documented an increase inproductivity from 22% for training alone to 88% when coaching is added. That’s why elite athletes have coaches!

As with any other skill, the right guidance can develop your ERM proficiency further and quicker than if you try to go it alone. At Risk Wise, we developed our Risk Management Personal Trainer coaching programs for executives who don’t have time for canned training courses and prefer one-to-one professional development sessions tailored to their specific risk management challenges and hectic schedule

Healthy Risk Culture Trait #4: Open

In today’s complex and rapidly changing world, you cannot get a complete picture of the threats and opportunities associated with your decisions without tapping into the diverse perspectives of the people who have intimate knowledge of the salient aspects of your business environment and risks.

Effective ERM requires candid truth telling. When you fail to cultivate an atmosphere of openness, you create blind spots to critical risk indicators. And those blind spots will come back to haunt you in the form of failed strategies, and underperformance. The main reason we aren’t open is we can’t handle the truth.

In the Risk Watch Journal, Melanie Herman of the Nonprofit Risk Management Center points out that “organizations must anticipate and cope with the all-too-human reluctance to face truth that occurs in cubicles, corner offices, and even boardrooms.”

Taken to the extreme, this reluctance to face the truth will cause openness to decay into silence. Chris Argyris, Professor Emeritus at Harvard Business School,describes how a culture of silence drives a vicious cycle: “We learn to communicate inconsistent messages, act as if they are not inconsistent, make the previous actions undiscussable, and make the undiscussability undiscussable.”

You may have a culture of silence if your people say things like this about risk issues: “No news is good news”, “We can’t say that”, “Don’t invite Bill. He always finds problems.” Another symptom is heavy use of ‘the meeting after the meeting’ where a subset of the attendees discuss what they believe the sub-text of the meeting was.

How to cultivate it:

An effective strategy for encouraging openness is to cultivate humility in yourself. As leaders we want to appear confident about our judgments, decisions, and results. None of us has all the answers.

I was inspired by an excellent example of humility in action recently as I facilitated an ERM workshop at a large nonprofit. The CFO openly declared that he couldn’t do a proper risk assessment without his direct reports and their subject matter experts. It sent a strong message to everyone in the room that their views are important and valued.

Here are some practical questions to cultivate openness and ensure that you have gathered diverse opinion and considered all relevant aspects of the risk:

  • Who in the organization would disagree with our assessment of the situation?
  • What have we missed?
  • What factors are hard to describe or quantify?
  • Is there an elephant in the room?
  • What are the sacred cows?
  • Where might we be turning a blind eye and potentially establishing a pattern of negligence?

If you are noticing the symptoms of a ‘culture of silence’, acknowledge that you feel uncomfortable and notice what makes risk management issues undiscussable. Identifying the barriers to open communication can help you to find your voice. Transforming a culture of silence into one of openness requires skills in communication, team dynamics, and leadership.

I’ll address the remaining 8 ERM culture traits in future Advisory articles.

The Risk Wise bottom line…

Effective risk management combines the strengths of both intuition and the systematic discipline ERM. Coaching is the fastest way to develop your skills in the discipline of ERM and to avoid the common mistakes and stumbles of the novice. Cultivating open and candid discussions of risk with your people starts with being humble about what you don’t know.


My forte is coaching executives on how to integrate ERM into their organization’s unique business practices and culture. If you want simple, pragmatic strategies to strengthen the ERM discipline and engender a culture of openness in your organization, contact Diana Del Bel Belluz at Risk Wise: Diana.Belluz @ or by telephone at (416) 214.7598

Follow the links to:

  • Read this month's Bonus Resource - Six Thinking Hats for Enterprise Risk Management
  • Download a printable version of the entire October 2012 issue of the Risk Management Made Simple Advisory.
  • View the Article Index to access back issues of the Risk Management Made Simple Advisory.

Current Special Offers for Subscribers

The code to access the following special offer has been emailed to all Risk Management Made Simple Advisory subscribers:

  • SPECIAL INTRODUCTORY OFFER:  To entice you to 'take a bite', we are waiving the fee ($100 value) for your first Virtual Learning Bite.  (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.  The Learning Bite topics for June 2019 are:
    • Italian Flag is a technique that enables you to quickly conduct an evidence-based assessment of the likelihood that a risk event will occur.  The focus on evidence helps to minimize the bias that can creep in when using more subjective methods such as the risk matrix approach which relies heavily on judgement and opinion.
    • Range Assessment is a technique that enables you to enables you to estimate a range for a variable (e.g., impact or cost of a risk event) which more realistically represents and communicates the uncertainty in the estimate than a single number would.
    • Scenario Planning Primer - Scenario planning is a powerful methodology to get to grips with the future uncertainties of the broader business environment.  The primer provides an overview of the approach illustrated by examples of scenarios and also covers how scenario planning can support decision making.
  • SPECIAL OFFER: $500 off the full program fee for Risk Management Made Simple Advisory subscribers on the Masters Certificate in Risk Management and Business Performance . The next program module to be held on September 23-26, 2019 in Toronto, ON. (Subscribers have been sent the instructions on how to access this offer).  Not yet a subscriber?  Don't miss out, click here to sign-up for your complimentary Advisory subscription.  Note:  the only change from the current listing on this are the dates.

Not yet a subscriber, but want to access these special offers?

When you subscribe to the Advisory, we'll send you the code for all current special offers along with a link to your New Subscriber Bonus, a copy of Moving Beyond the Risk Map to Operational Vigilance.

FIND OUT FOR YOURSELF why risk management leaders subscribe, click to access the ARTICLE INDEX of all past issues of the Risk Management Made Simple Advisory.

"I save and study each issue of the Advisory. I appreciate how Diana gives very practical advice and links it to fundamental theories and best practices." 

Sherrie Hyde, Risk Manager, Lutherwood


Moving Beyond the Risk Map to Operational Vigilance

Read more about the Risk Management Made Simple Advisory.

"It is so refreshing to read a newsletter that offers real solutions for risk management challenges."
Cathy Taylor
Director, Risk
Kinross Gold Corporation

Jump Start your risk management program.

Receive personalized advice from Risk Wise

See Details

Diana's Pick

The Neuroscience of Enterprise Risk Management (written by Diana Del Bel Belluz of Risk Wise) expores findings from the field of neuroscience and shares practical tips on how to apply them to enhance individuals' risk management thinking and implement brain-friendly ERM practices in organizations.

The article was published by The Conference Board of Canada in the Autumn 2017 issue of the journal Risk Watch.