“Culture eats strategy for breakfast.” The popular phrase attributed to celebrated management guru Peter Drucker holds true not just for organizational culture but for risk culture as well. Drucker was not dismissing the importance of strategy, but rather emphasizing the role of culture in executing strategy. Similarly, a strong risk-aware culture plays an equally crucial role in effective risk management.
An effective risk-aware culture—determined by the awareness, attitudes, and behaviors of individuals and groups inside an organization—supports an organization’s risk strategy and risk management approach. It works to strengthen the core of an organization’s operations. This includes compliance with regulatory and statutory requirements, financial performance, and reputation in the market. Furthermore, building a strong risk-aware culture equips organizations to drive strategy. Whether it is entering a new market, negotiating mergers and acquisitions or investing in organic growth, companies are empowered to make take the right decisions.
Organizations are now ranking risk culture as one of their top ERM priorities. As per Deloitte’s recent Global Risk Management Survey, more than half (55%) of financial institutions are actively building a risk culture across the enterprise. The ongoing pandemic, as discussed in our earlier blog, has further added a sense of urgency in establishing and embedding a strong risk-aware culture.
Faced with the complex challenges in today’s business risk environment, organizations across the globe have moved from a position of protective and reactive risk management to a proactive and strategic stance. They are increasingly acknowledging the risk accountability role played by the front line in developing an integrated and agile approach to risk management. They understand that risk management must be owned and led by the entire business—making it imperative for a strong risk awareness to be embedded in the front lines.
The nurse at the hospital, the teller at the bank, and the customer services executive at the telecom retail outlet all constitute frontline workers. They make up of individuals whose job roles involve engaging with external stakeholders, customers, and partners. Being the first to hold these interactions, they hold the unique position of being valuable sources of risk-related information for the company. However, unless there is a deeply embedded risk culture, they may not even be aware that they hold critical intelligence as they go about their daily operations. It is hence important to involve and empower your front line as they make key risk and compliance decisions every day protecting from or exposing your organization to various risks.
For example, a single suspicious transaction report (STR) filed by a frontline bank executive can actively stop the flow of illegal money and the associated financial crime. But very often, an unsupportive culture or even the lack of reporting tools can work as a stumbling block. Conversely, a strong risk-aware culture would empower this employee with the right awareness levels and tools to act proactively.
Today, with the pandemic causing en masse work from home, every employee is a frontline worker and by extension a risk manager. They will have to be equipped with the right training and reporting systems which will help them identify and report a malicious attack—making it even more important for organizations to actively embed a risk-aware culture.
Strengthening an organization’s risk culture is a continuous process. And when it comes to frontline workers, faster adoption of a risk-aware culture will depend on:
This is where leveraging the right tools and technologies can play a key role in equipping your front line—leading to the building of a strong risk culture across the organization.
MetricStream Observation Management, built on the MetricStream Platform, makes it simple for your frontline employees to capture and report business anomalies. Your employees can report observations discreetly and anonymously (in case they feel it is a sensitive issue). The AI-powered interactive tool which includes widgets for third-party applications, browser plugins, conversational interfaces, chatbots, and intuitive web forms makes it easy for your frontline workers to flag potential risks and report any anomalies and deviations. The AI/ML capabilities provide insights into similar issues or observations raised previously to avoid any duplication of data and efforts. Once an incident or anomaly is reported, the employee can track and view the status of the observation. Finally, as an organization seeking to build a risk-aware culture, you save on training time while gaining the benefit of simplified adoption of GRC across the front line.
Additionally, the MetricStream Integrated Risk Management solution can effectively unify and streamline risk management activities across all business functions—making it easier to instill a risk-aware culture. By cutting across organizational silos, standardizing risk and control taxonomies, and enabling stakeholders to effectively coordinate, the solution can improve risk reporting visibility and efficiency for the executive management and board.
Contact us to know more about how our Observation Management and Integrated Risk Management solutions can help you build a strong risk-aware culture.