Developing a Sound Risk Culture
Sajiv Issuree, Manager: Risk and Actuarial
Renasa Insurance Company Limited
Insurance companies are currently gearing towards having a risk management system that supports the furtherance of the safe operation of their company and the protection of policyholders. Risk management departments are either busy implementing or updating strategies, policies and procedures, used to deal with risk to make sure all regulatory and compliance requirements are met. Currently much work is being undertaken to manage the compliance changes in regulation, but will all these requirements actually drive risk management change in the industry? How will companies foster this risk-aware culture across all levels of their organisations? How does one establish a common language and understanding of risk management in an organisation? The answer to these questions is one of the major challenges a company needs to focus on, together with how to create an appropriate Risk Culture.
Risk Culture may appear to be an abstract concept but it can be made tangible if the essential components of a sound risk culture are identified and managed. A risk culture is a shared and collective philosophy of values and behaviours for managing risk and uncertainty that is ingrained in an organisation. It is a mixture of formal and informal processes that can change, based on the environment, and can be subject to stresses and shocks. A risk culture makes risk management more than just a list of processes and procedures, but also a set of beliefs that actively promotes the management and monitoring of risks, taking the necessary steps should there be deviations from a targeted state.
In today’s environment insurance is seen as relatively traditional but is complicated by the growing burden of insurance regulations and relatively low profit margins. Consequently companies require a risk culture that supports innovation in order to remain competitive. Similar to the corporate strategy, an organisation’s corporate and risk cultures must be linked. A risk culture needs to support the objectives of the whole organisation, as opposed to supporting just the objective of those involved in Risk Management, and needs to become an integral part of the corporate culture. Companies with risk cultures that are not aligned to their overall strategy will unintentionally find themselves allowing activities that are in conflict with strategies and policies and consequently may disregard, condone or choose not to challenge such behaviour.
Risk Culture is not always about taking too much or too little risk. The risk culture of a company should never be at the extremes; i.e. exceptionally good at developing and implementing formal processes and frameworks that suffocate the risk taking necessary for successful innovation. Nor should Risk Culture be so entrepreneurial that it threatens the sustainability of the business. Risk Culture should be unique for each organization and be supported by long term goals and vision. The risk culture should influence individuals to balance riskand reward and make informed decisions within the context of the organisations stated risk policies.
Sound risk cultures use data analysis and make risk management strategies drive the decision making process. They should influence the behaviour to setup processes that have early warning indicators for failure and allow for intervention. A company’s management must create the right conditions for a sound risk culture by articulating what constitutes desired behaviour. Management must encourage all levels of the organisation to understand, believe in and live the risk culture. The risk culture must be compelling and can be supported by having effective risk-based incentives for staff.
The main factors that promote and support a sound risk culture are driven by desired conduct and leading by example, by the Board and senior management. Also making sure that the strategies, policies, risk appetite statements and company values are clear and clearly communicated to all staff. Finally, by fostering an environment in which people feel comfortable to communicate openly and challenge each other, including their superiors, so that a common understanding and awareness of risk is created.
A sound risk culture needs to be supported by a clear organisational structure which identifies who is responsible for making decisions and is driven by pressure on leadership to hold staff across the organisation accountable. Insufficient control and a lack of enforcing accountability are among the root causes of degrading a sound risk culture.
Taking the management of risk seriously is vital for a sound risk culture. Organizations need to be able to learn from their mistakes and communicate to staff about how things should be handled better in the future. Learning and development of staff is key in raising the awareness of the management of risk with the appropriate risk-taking behaviour. This creates an environment in which everyone embraces and understands the concept of Risk Culture in the organisation.
Developing a sound risk culture is never a “one-size fits all” solution and should form part of a holistic risk management framework to align all the individuals of the organisation to a common risk vision. The more one buys into the risk culture the less likely are staff to deviate from the overall goals of the business.
Renasa Insurance Company Limited
Breaking News »