1.2 Risk Culture & Communication
What is Risk Culture
Risk culture is a term describing the values, beliefs, knowledge, attitudes and understanding about risk by an organization.
Risk culture is the attitude of senior management to either embrace risk or cautiously accept or avoid risk.
Relationship between Risk Culture & Risk Appetite
It is very important to understand the risk culture of the organization to determine a risk management methodology. Risk management methodology may be completely different for a risk prone organization as compared to a risk averse organization. Both will have different kinds of risk appetite. Risk appetite of the organization depends on the culture and tendency towards risk taking.
Symptoms of Problematic risk cultures
Clear difference between documented risk appetite and actual demonstrable behavior by employees of the organization.
In problematic risk culture, discussions focus on blaming each other for problems rather than identifying the root causes.
Such culture should be controlled, if collaboration is to be nurtured throughout the enterprise.
Benefits of Open communication on Risk
Main benefit of risk aware culture is timely and accurate escalation of suspicious activity. This helps in more informed risk decisions by senior management.
Open communication helps in greater awareness among all stakeholders.
Open communication provides transparency to external stakeholders regarding risk applicable to organization and risk management processes.
Consequences of poor communication on Risk
Acceptance of risk exceeding the organization’s risk appetite.
Risk management efforts are not directed towards the organization's objectives.
Incorrect and negative perceptions by third parties such as customers, investors and regulators.
Key aspects from CRISC exam perspective