In common organisational parlance, we speak of ‘risk managers’ and ‘risk divisions.’ In reality, risk can only truly be managed through an organisation-wide effort. Executives and other workplace leaders must actively pursue cultural change in this area to ensure all members of their teams are aware of the steps they must take to effectively manage risk.
Executives are well versed in the language of risk. Whether economic, reputational or mechanical, poorly managed risks have the capacity to bring entire organisations to their knees. Naturally, any leader who is capable enough to be promoted to his or her position of authority has the wherewithal to effectively consider and respond to such phenomena.
We only have to look to the structures organisations have in place to realise the seriousness with which executives treat risk. Complaint mechanisms; business strategies; safety and wellbeing programs. The systems are endless. They act as a true testament to corporate Australia’s commitment to their organisations, team members and broader communities. Now more than ever, the general public expects businesses to consider a wider range of stakeholder interests; executives have not only met this expectation but surpassed it. Whatever else is to be said about the nature of organisational risk management, it is important that we recognise the sanctity with which executives approach such matters.
In spite of these undoubted achievements, many organisations are still falling short. The issue, plain and simple, is one of culture.
In most cases, risk is not something that can be managed by one individual or one division of an organisation. Risk is pervasive; its sprawling arms reach even the most remote areas of an organisation’s function, potentially wreaking havoc upon coming to fruition. One weak link can render an entire management strategy redundant. Therefore, the first and primary protection mechanism against risk is not an executive or team; rather, it is organisational culture.
These observations were at the core of the Royal Commission’s findings when it investigated the banking and financial services industry only a few years ago. Even where banks had authoritative structures in place to weed out unethical and fraudulent practices, the attitudes and norms prevalent within its workforce rendered these mechanisms obsolete. Alexis Krivkovich and Cindy Levy articulate the issue perfectly in their article published by McKinsey in 2015: “Processes and oversight structures, albeit essential, are only part of the story. Some organisations have found that crises can continue to emerge when they neglect to manage the frontline attitudes and behaviours that are their first line of defence against risk.”
So, what can executives do to introduce this culture of risk management? In the same article, Krivkovich and Levy identify particular traits of strong risk cultures.
Firstly, they affirm the importance of acknowledging risk. This requires internal discussion along with shareholder and regulator consultation. Acknowledgement – whether by leaders or other team members – means that policies and procedures created to manage risks become activated. If an organisation is not willing to point out risk when it is staring them in the face, its mechanisms will make little difference.
Secondly, transparency is central to facilitating a strong risk management culture. When employees feel as if they will not attract scorn for pointing the finger when a risk becomes apparent, the risk can be effectively dealt with. Openness and risk management go hand in hand. If employees are made to feel as if they are getting in the way of progress by identifying risks, organisations and other important stakeholders become vulnerable.
All of this, according to Krivkovich and Levy, ties in with an organisation-wide respect for risk. This means elevating these considerations so they are treated as on-par with potentially conflicting notions of productivity and innovation. Bypassing guidelines and controls for the sake of profit must be condemned for what it is: a violation of organisational policy and, sometimes, the law. It is this normative evolution that can herald a new age of risk management in Australia.
Australian organisations, executives and workplace leaders have made leap after bound when it comes to managing risk. They deserve credit for their commitment, especially given the relentless disruptions of the last decade or so. However, there is much work to do, especially in regards to cultural change.
Risk exists at all levels of our organisations. Naturally, we need risk managers across the board to match this pervasiveness. This begins and ends with organisational culture.