![Attitude is everything when it comes
to managing risk effectively.
“If a company doesn’t have a positive
culture you can have as many rules as
you like, but in that moment of truth
when people are under pressure, they
will tend to do the wrong things,” says
John Shelley, Chief Risk Officer at RBS
Asia Pacific.
Creating the right mindset in a global
business is a difficult undertaking.
The emissions testing scandal in the
automotive industry and the discovery
of slave labour in the supply chain of
food companies reinforce why serious
attention has to be paid to risk.
Rules and regulations, combined with
integrity around remuneration and
bonuses, will provide a framework
for making good decisions, but senior
executive and non-executive directors
need to understand that governance
won’t be enough.
Lucy Dimes, Non-executive Director
at European textile service business
Berendsen and former COO of Equiniti
says that risk must be the responsibility
of everyone in the organisation but
the board needs to test that “there
is a strategy and direction in place,
monitoring and reporting against
key measures and indicators, and a
culture of awareness and ownership”.
There must be an operational framework
that is consistent with the organisation’s
values, according to Charlie Wagstaff,
Managing Director at Criticaleye.
“This needs to be wide-ranging and
sensitive to all situations encountered,”
he says.
“Transparency and openness are also key,
so that any outcome is readily apparent.
There should be no opportunity to hide
or conceal anything.”
Rafael Gomes, Senior Manager for Finance
& Risk Services at Accenture, comments:
“The data and insight to empower people
to make better decisions comes from
many different parts of the organisation.
“To effectively measure and manage
culture, the risk function must
increasingly work with the front office,
marketing, HR and stakeholders to
identify critical touch-points where
data is available.”
Criticaleye looks at the questions
boards should ask in order to assess
their company’s risk culture:
What do customers think
about our company?
Customers can give you an entirely
different perspective from those
within the business.
Jim Meredith, Chairman at hazardous
waste management company Augean,
says they can “tell you whether
management… understand and deal
with them appropriately”.
Realistically, not all non-executives will
have the time to interact with customers,
so Jim promotes the idea of having a
“mini customer conference” during
which NEDs and others can hear
their candid feedback.
Do we have a whistleblowing
system? Is it effective?
Employees must be able to raise
concerns without fear of losing their
job or damaging their career.
Andrew Heath, interim CEO and NED
at Imagination Technologies Group
and former CEO of Alent, comments:
“We look[ed] at the whistleblower
statistics at every board meeting at
Alent. I report[ed] on it because the
only way you can get the right culture
is by people telling you the truth,
otherwise you live in a bit of a bubble.”
It’s a case of the board asking
simple, direct questions. “Is there
a whistleblowing line?” asks Lucy.
“Is it anonymous? Does it allow
employees to flag concerns and risks
against a clearly communicated set
of values and tolerances? Is speaking
up valued or discouraged?”
Andrew agrees: “You’ve got to have
various channels, such as employee
helplines and whistleblower facilities
whereby people can independently
flag things without going through the
chain of command.
“People have a duty to flag concerns,
especially when it comes to reputational >
People have
a duty to
flag concerns,
especially
when it comes
to reputational
risks
Understanding Risk Culture 2www.criticaleye.com](https://image.slidesharecdn.com/21ceed25-b145-42a9-aab0-caf21c058d42-160621150812/85/insights-servfile-2-2-320.jpg)
insights-servfile (2)
- 1. Everyone within an organisation needs to take responsibility for risk. Dawn Murden examines what questions boards should be asking in order to ensure they are creating the right culture Understanding Risk Culture
- 2. Attitude is everything when it comes to managing risk effectively. “If a company doesn’t have a positive culture you can have as many rules as you like, but in that moment of truth when people are under pressure, they will tend to do the wrong things,” says John Shelley, Chief Risk Officer at RBS Asia Pacific. Creating the right mindset in a global business is a difficult undertaking. The emissions testing scandal in the automotive industry and the discovery of slave labour in the supply chain of food companies reinforce why serious attention has to be paid to risk. Rules and regulations, combined with integrity around remuneration and bonuses, will provide a framework for making good decisions, but senior executive and non-executive directors need to understand that governance won’t be enough. Lucy Dimes, Non-executive Director at European textile service business Berendsen and former COO of Equiniti says that risk must be the responsibility of everyone in the organisation but the board needs to test that “there is a strategy and direction in place, monitoring and reporting against key measures and indicators, and a culture of awareness and ownership”. There must be an operational framework that is consistent with the organisation’s values, according to Charlie Wagstaff, Managing Director at Criticaleye. “This needs to be wide-ranging and sensitive to all situations encountered,” he says. “Transparency and openness are also key, so that any outcome is readily apparent. There should be no opportunity to hide or conceal anything.” Rafael Gomes, Senior Manager for Finance & Risk Services at Accenture, comments: “The data and insight to empower people to make better decisions comes from many different parts of the organisation. “To effectively measure and manage culture, the risk function must increasingly work with the front office, marketing, HR and stakeholders to identify critical touch-points where data is available.” Criticaleye looks at the questions boards should ask in order to assess their company’s risk culture: What do customers think about our company? Customers can give you an entirely different perspective from those within the business. Jim Meredith, Chairman at hazardous waste management company Augean, says they can “tell you whether management… understand and deal with them appropriately”. Realistically, not all non-executives will have the time to interact with customers, so Jim promotes the idea of having a “mini customer conference” during which NEDs and others can hear their candid feedback. Do we have a whistleblowing system? Is it effective? Employees must be able to raise concerns without fear of losing their job or damaging their career. Andrew Heath, interim CEO and NED at Imagination Technologies Group and former CEO of Alent, comments: “We look[ed] at the whistleblower statistics at every board meeting at Alent. I report[ed] on it because the only way you can get the right culture is by people telling you the truth, otherwise you live in a bit of a bubble.” It’s a case of the board asking simple, direct questions. “Is there a whistleblowing line?” asks Lucy. “Is it anonymous? Does it allow employees to flag concerns and risks against a clearly communicated set of values and tolerances? Is speaking up valued or discouraged?” Andrew agrees: “You’ve got to have various channels, such as employee helplines and whistleblower facilities whereby people can independently flag things without going through the chain of command. “People have a duty to flag concerns, especially when it comes to reputational > People have a duty to flag concerns, especially when it comes to reputational risks Understanding Risk Culture 2www.criticaleye.com
- 3. ©Criticaleye2016 risks such as things to do with ethics, bribery, corruption and bullying.” Where have we had near misses? Consider those close shaves and what they say about your organisation. John from RBS comments: “We have a system of notifying senior management about things that nearly went wrong. Think about the airlines reporting near misses and then put that into the context of your company… Getting information about them is more valuable than going on a witch hunt to see who almost messed up. “We want to know if our process, or something we did or didn’t do, almost resulted in an error. When these things happen we need them to be reported so we can learn from them.” For David Gooding, Group IT Director at waste management company Biffa, health and safety is critical. “The waste industry, after agriculture, is the most dangerous industry to work in. So, this has been a primary focus for us,” he explains. This kind of reporting has been an important part of Biffa’s process for a while but is something they have recently pushed further. “In the last four years we’ve had a double digit decrease in our incident frequency – we’ve done that by really pushing the reporting of potential hazards and near misses,” he adds. What tone does the board set? Respect for risk management has to start in the boardroom. Andrew Allner, Chairman at the Go-Ahead Group, says: “That is where the tone and culture are set. If the board takes risk seriously then the organisation will naturally follow that lead.” Samantha Barber, Non-executive Director at Spanish utility company Iberdrola, agrees: “A strong risk culture also requires trust, transparency and challenge within the boardroom between executive and non-executive directors. “Effectively managing risk is far more about culture and leadership, than it is about filling in a matrix.” According to Deepika Bal, Managing Director and Head of Risk Architecture for Asia Pacific at Citibank: “The foundational elements of a strong risk culture include, among others, a common purpose and mission, clear goal-setting, fair and transparent rewards mechanisms, ethics policies and whistleblower protection. “Most importantly, there has to be a culture of learning and self-improvement. Most large companies do have many of these elements in place. However, boards should focus on the efficacy of these measures in embedding a strong risk culture. Beyond these policies and controls, boards are in a unique position to set the tone at the top.” Andrew Allner Chairman Go-Ahead Group Rafael Gomes Senior Manager Finance & Risk Services Accenture Featuring Commentary From: Contact the contributors through: www.criticaleye.com Deepika Bal Managing Director & Head of Risk Architecture Asia Pacific, Citibank David Gooding Group IT Director Biffa Lucy Dimes NED Berendsen Jim Meredith Chairman Augean John Shelley Chief Risk Officer RBS Asia Pacific Charlie Wagstaff Managing Director Criticaleye Samantha Barber NED Iberdrola Andrew Heath Interim CEO & NED Imagination Technologies Group We want to know if our process, or something we did or didn’t do, almost resulted in an error. Share TweetEmail Understanding Risk Culture 3www.criticaleye.com