In a recent article, my good friend Jim Deloach asks a very interesting question:
How many senior executives and directors can name a chief risk officer who has advised them that the organization is too risk averse?
XX
The title of the article is an odd one, which I will discuss before venturing into the body of his thinking. It is Is Your Risk Culture Aligned With the Realities of the Digital Age?
“Risk culture” is a term that has crept into use over the last few years, but it is unclear to me what its purpose and value is.
Jim doesn’t (wisely) define it in this article, but others have:
- “The norms of behavior for individuals and groups within an organization that. determine the collective ability to identify and understand, openly discuss and act on the. organization’s current and future risks” (McKinsey)
- ‘Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees.” (North Carolina State’s ERM Initiative)
- “The values, beliefs, knowledge and understanding about risk, shared by a group of people with a common purpose” (Institute of Risk Management).
Dr. David Hillson (a.k.a., the Risk Doctor) has in interesting discussion of risk culture on the PMI website: The A-B-C of risk culture: how to be risk-mature.
I have…