orm_icon

 

Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→
isms-icon

 

Information
security risks

Ensures the confidentiality, integrity and availability of your information assets →
compliance_icon-16

 

Normative
compliance


Keep track of all regulations and regulations that your organization must comply with →
aml-17

 

Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→
icono_auditoria

 

Audit

Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →
Piraní Academy

What does risk culture mean?

written by Juan Pablo Calle, On December 11, 2019

What does risk culture mean?

A strong risk culture is the key to aligning all fronts of a company according to its strategic objectives.

In the business world, changes occur at a dizzying rate. These dynamic and unpredictable movements produce sudden and unexpected consequences. Indeed, a risk can appear in one of those moments and cause different levels of impact, combining itself with others and generating greater threats.

When a bank's customer data is filtered, for example, there is not only a privacy risk, but also a reputational risk. Depending on the course of events, new legal or financial risks could even be triggered in a short time.

Thus, it is important to have a risk culture that allows us to report, escalate and take action on possible damages or take advantage of opportunities. Of course, a risk is not just about danger. It can also provide an opportunity to optimize vulnerable areas and improve company fronts or initiatives.

In this case, you have to take into account not only the operative part of the company, but also those behind the processes, i.e. people.

In fact, the behavior exhibited by the members of an organization when facing risk, their discipline, functions, change management, training and all aspects related to the human resources of a company, are essential to establish and maintain adequate risk management.

But what is risk culture?

The definition of risk culture includes the values, beliefs, attitudes and knowledge regarding risk held within a company, both public and private, for profit or not.

The sinking of the Titanic serves as an example to define what a good risk culture should be and how the lack thereof could lead to the fall of an entire organization.

Although at first glance an iceberg seemed to have been responsible for the sinking of the Titanic, a series of previous events reveal how the lack of a risk culture within the ship caused the disaster.

First, there was the belief that the Titanic was indestructible. This reduced the thoroughness of security and inspection measures. Therefore, the boat set sail with structural problems and at a speed that was unsafe for navigating the high seas. On top of that, the ship's captain had ignored the iceberg alerts on the way.

If a proper risk culture had been in place, the crew members would have had a clear position on which risks were considered acceptable or unacceptable, i.e. a level of risk appetite would have been defined. Based on that, they would have taken the necessary steps to avoid the collision with the iceberg. 

This, in turn, would have required a channel for reporting incidents that would reveal any gap between the level of risk appetite and the decisions made by the ship's crew.

However, since there was no risk culture in place at all levels of the organization and the information was not flowing from top to the bottom, the captain's decision-making methods were not questioned and relevant alerts were not issued in time.

In this regard, if the Titanic had had rules, collective attitudes towards risk and an organizational awareness that would allow it to be handled properly, the impact of events would have been reduced.

What does risk culture mean?

How to create a risk culture in my organization

To be effective, it must begin with an appropriate internal control environment. In this regard, it is necessary to establish a management philosophy, determine the level of risk appetite, specify the ethical values that guide your operations, have a clear organizational structure and good practices for contracting and training human resources.

After that, the meaning of the risk culture within the organization must be defined, taking into account the corporate purpose, mission and values. This will allow the explicit definition of the scope of the risk culture. This will make it easier to disseminate and communicate the risk culture at all levels of the company. 

In short, all these plans should be aimed at creating a good environment of governance, competition and decision making.

Money Laundering and Terrorism Financing Prevention Manual

Leave us your comments