Risk Management should be an Integral part of Corporate Culture

RISK is a four letter word and been fancied these days. Everyone knows about risk and every firm is accompanied bloghas best process, best standards, best people till the time an incident or big impact is not been made.

The recent example of fine imposed by the US authorities on various Investment banks like BNP PARIBAS SA, BANK OF AMERICA, RBS, HSBC, STAN CHARTED, ING, J.P. MORGAN are some of the examples of the above. Corporate are heavily investing in the compliance and in the risk management department but they forget to invest on the employees.

Risk management has become a key function in almost every large company, but all too frequently it makes an organization so risk-averse that initiative and innovation become paralyzed. 

A central part of the problem is that risk managers, mainly reporting to the chief executive officer, tend to see their role as one that’s apart from other employees—as some sort of uberguardian of the organization. This is a mistake.

The role of risk manager should be to help build a culture that encourages all employees to take risks—prudent risks, of course. That builds resilience into a company without stifling progress. With shared responsibility for assessing what could put an organization at peril comes a sense of motivation, ownership, and self-reliance—as well as improved decision-making—throughout all levels of the company.


The risk manager needs to shift employees’ attitudes about risk from one of fear and silence toward one of collaboration and teamwork. This mind-set change can be summed up as moving from preventing people from doing things (“don’t do”) to giving them a road map that allows them to do things freely, but within a common set of guidelines (“this is how you navigate”).


As part of this transition, bring risk into the present tense and talk about it in real terms, rather than as a vague concept that employees can be reprimanded for overlooking. To deal with the external threats of hackers and lawsuits, for example, make them transparent for the employees. Communicate widely about risk. Have everyone weigh in and map out the areas they see as vulnerabilities. After all, the employees are in the best position to identify such vulnerable elements inside and outside the company.


Break down the walls by creating a companywide intranet for internal posts. Put out a question about risk, and meet to congratulate the person who comes up with the best answer or solution. This is the corporate equivalent of “If you see something, say something”–involving everyone in the organization means there will be eyes literally everywhere. As more employees take a personal interest in the company’s well-being, the risk manager, collecting intelligence iteratively, becomes much more likely to identify the weak links.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s