Risk Culture – “Do As I Say, Not As I Do?”


By Robert Mbonu

Do you wonder why peoples’ behaviours differ depending on the environment they find themselves? Ever wondered why some passengers behave orderly at Heathrow airport in London, but jump the queues, and become rowdy once they arrive at the airport in Lagos? Could the reason lie in the fact that sanctions are firmly applied to unruly behaviour in the United Kingdom, and maybe not in Nigeria? It boils down to respect for laws and constituted authority, recognition of sanctions and rewards.

The way of life, especially the general customs, and beliefs of a particular group of people, which influence their behaviour at a particular time, is the meaning of culture.

As risk is about uncertainty in facing the future, it is logical that a desirable risk culture would position the organisation (including government ministries, departments and agencies) to be proactive and law abiding. An example of a desirable risk culture is one that maintains a healthy tension between the organisations entrepreneurial activities for creating enterprise value, and its activities for protecting enterprise value so that neither one is too disproportionately strong relative to the other.

“Risk culture” refines the concept of organisational culture to focus particularly on the collective ability to take managed risk and to minimise threats, but cease opportunities.

If we agree that environments influence behaviours, risk professionals as leaders must strive to entrench a culture that is conducive to effective risk management.

Each individual brings to work their own attitude, behaviour and culture towards managed risk taking and risk based decision making. Those are determined by a number of factors;

1. Individual propensity and personality
2. Past experience
3. Fear of being punished
4. Fear of failure
5. Expectation of success and associated reward
6. Understanding of the expectations of the organisation

Some of these, the organisation can affect, but individual propensity, personality and past experience cannot be changed. This is why the setting of boundaries is so important; this will affect in particular the fear of being punished, and expectation of success and associated reward. Setting out clear boundaries and a context for these boundaries, will help to change attitudes, behaviours and thereby change the culture of the organisation.

The culture of an organisation develops over time from the cumulative traits of the employees. This describes and governs the ways a company’s owners and employees think, feel and act. It refers to the shared values, attitudes, standards, and beliefs that characterize members of the organisation. Corporate culture is rooted in an organisation’s goals, strategies, structure, and approaches to employees, customers, investors and the greater community.

The culture in an organisation arises from the repeated behaviour of its members. These behaviours are shaped by the underlying values, beliefs and attitudes of individuals, which are partly inherent but are also themselves influenced by the prevailing culture in the organisation. Culture is more than a statement of values – it relates to how these translate into concrete actions.

The wider stakeholder requirements and the timing of threats and opportunities inform boundaries. Ethics can help in determining the longer-term impact of boundary setting and consideration of the wider stakeholder requirements. Governance and scrutiny provide the backdrop for ensuring that the risk culture is appropriate for the organisation.

When setting boundaries for managed risk taking and risk based decision making, there needs to be a common acceptance throughout the organisation of the importance of the continuous management of enterprise threats and opportunities, including clear accountability for and ownership of specific risks and risk areas. This allows transparent and timely information that flows up and down the organisation with bad news rapidly communicated without fear of blame. Risk event reporting and whistle blowing encourages learning from mistakes and near misses.
In avoiding blame cultures, appropriate risk taking behaviours should be rewarded and encouraged and inappropriate behaviours should be challenged and sanctioned. There should also be sufficient diversity of perspectives, values and beliefs to ensure that the status quo is consistently and rigorously challenged.
Risk appetite as part of a learning culture, and using risk events and near misses is one of the tools that can be used to break down and banish a blame culture.

The crucial link in all of this is that the organisation sets out its risk appetite and within that, should set out the boundaries within which each individual can take managed risks without fear of punishment. It goes without saying that this needs to be reinforced strongly through repeated behaviour throughout the organisation.

Some people become technical experts within their comfort zone but those who rise to be CEOs are the ones who are prepared to break eggs to make omelettes.

People’s fear of acting outside their comfort zone makes them look for someone to tell them what to do. We also call this not sticking their head out, or keeping their head below the parapet. It causes the organisation to stagnate, stall and even falter.

Conversely if there is clear and transparent encouragement for people to act on their own initiative and innovate by taking managed threats and opportunities then innovation can take place and people can be stretched to achieve more and more.

I remember with nostalgia and look forward to a reintroduction of “The War Against Indiscipline”. A period characterised by orderliness, rule of law, and respect for authority in Nigeria. Just as corporate culture plays a big role in determining the success of any business, a reorientation of our national psyche for the rule of law and order, will guarantee our success as a nation. We must practice the good that we preach.

• Mbonu, FERP, CIRM(UK), HCIB, MsRM (Stern), studied Engineering, is an experienced Banker and Enterprise Risk Management professional. Earned a post graduate degree in Risk Management from New York University Stern School of Business, and is a member of the Institute of Risk Management -UK. Can be reached on 09092092046 (SMS Only); email: rm4riskmgt@gmail.com