Main Menu
Home / Project Management / Risk Management / Establishing an Appropriate Risk Culture

Establishing an Appropriate Risk Culture

Let’s face it, being risk averse is not what a company really needs. Some risk is good. Appropriate risk taking and a risk-reward balance is something that businesses want and can measure. That is why Matthew Shinkman and Dan Herd, in an article for Risk Management Magazine, recommend discovering the preferences of the organization’s leaders and aligning them with employee expectations, so that every member of the company is thinking like a risk manager.  

Risk Alignment Report

Here are the four steps for presenting and collecting feedback from risk owners:

No. 1: Distribute a survey to senior leaders and risk committees regarding the ERM’s approach.

No. 2: Draft a risk appetite framework based on survey data.

No. 3: Data is collected and mined to inform senior leaders about risk perception.

No. 4: The data is compiled as a report comparing exhibited and articulated risk preferences.

Risk Gap Analysis

Another approach is to analyze discrepancies in risk perception between management and board members, with the end goal of creating risk-taking expectations for employees:

No. 1: Conduct an internal risk audit of board members and executives.

No. 2: Narrow responses to create a list of the top twenty company risks.

No. 3: Board and management are interviewed for their ratings of the top twenty risks.

No. 4: Perform gap analysis between management and the board.

This audit ensures that the most pertinent risks are given full attention, by gaining a rough sketch of management’s risk taking activities.

The Shift to Risk Culture

Training, outreach, and tool development may lead to a strong risk culture, but aligning perceptions about risk is the true driver of developing the appropriate risk-taking behavior. Shinkman and Herd deserve the final word here:

Building that consensus is important to help set expectations for a culture that is not just “risk-aware,” but also “risk-appropriate.” If done right, aligning risk perceptions can help everyone in the organization to think like a risk manager.

Read the full article at:

About Eric Anderson

Eric Anderson is a staff writer for CAI's Accelerating IT Success. He is an intern at Computer Aid Inc., pursuing his master's degree in communications at Penn State University.

Check Also

How to Plan Your Risk Management from End to End

Project risk management continues to hold the championship belt for the most important-yet-ignored aspect of …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time