Close this search box.

Risk Culture Assessment

At the heart of successful risk taking is a strong risk culture that is shaped by the expectations of the Board, the conduct of Senior Management and beliefs and norms of people throughout the organisation and the extended enterprise.

What is risk culture?

Risk culture has been described as ‘the norms and traditions of behaviour of individuals and of groups within an organisation that determine the way in which they identify, understand, discuss, and act on the risks the organisation confronts and the risks it takes’.

Done well, risk culture is seen as the ‘glue’ that binds all elements of risk taking together (policies, practices, systems, people) because it reflects the shared values, goals, practices and reinforcement mechanisms that embed risk management into an organisation’s day-to-day decision making processes. 

A deficient risk culture is often characterised by performance complacency or the normalisation of unwelcome behaviour and incidents. To make things worse, a poor risk culture can persist for some time without detection, or immediate damage.

Today, risk culture is on the radar of many global regulators including the Australian Prudential Regulation Authority (APRA) who have released an information paper/guideline for the financial services sector.

A good and effective risk culture is one that enables and rewards individuals and groups for taking the right risks in an informed manner.

Our Risk Culture Diagnostic and Assessment helps to answer the following questions:

  • What is our desired risk culture?
  • What is the current risk culture?
  • How can we improve our risk culture?

Risk culture remains a developing area. Research carried out by IRM (Institute of Risk Management) indicates that little consensus has emerged amongst the risk profession on the best way to analyse risk culture.   Nevertheless, Boards and regulators expect organisations to undertake periodic risk culture assessments, analyse their results, monitor and report progress made.

"Culture eats strategy for breakfast"
- Peter Drucker

Our Roadmap to a Positive Culture

risk culture

Risk Culture Assessment Roadmap © InConsult

Our Risk Culture services include:

Risk Culture Diagnostic

We work with each client to determine their desired or target risk culture state.  We look at several elements:

  • Risk governance and leadership
  • Values and behaviours 
  • Decision making
  • Risk reward trade-offs
  • Communication and feedback
  • Accountability
  • Performance evaluation
  • Reward and recognitions

We then utilise a range of data collection methods to obtain Board, management and employee perspectives and attitudes – this includes surveys, focus groups and interviews.

Risk Culture Assessment

Once data is collected, we perform analysis of the data and compare the results to the desired risk culture. 

We look deeply into the results to identify trends and outliers.  

We corroborate information against other surrogate data measures available e.g. incidents, issues to paint a clear picture. 

Then, we assess the impact of results on the organisations future strategy and past performance.

Finally, we identify the changes required to change culture by identifying ‘cultural inhibitors’ and the desired behaviours and attitudes.

Implement Changes and Monitor

Culture change does not lead with words — it leads with action.

Our Risk Culture Assessment is likely to present further challenges to our clients and place more demands on Senior Management and employees.

InConsult is well positioned to help clients reset or refine risk culture targets and metrics and support them in the implementation of many of the changes required.   

Organisations are dynamic and so are their cultures.  Risk culture will require ongoing monitoring and continuous refinement and improvement.

Access Our Risk Culture and Conduct Risk Publications

Would you like to know more about our Risk Culture services and capabilities?