The 5 Stages of Risk Culture: Building Resilience in an Era of Non-Financial Risks
Risks in today’s business environment are not just about financial performance. Non-Financial Risks (NFRs) are critical factors - such as operational, reputational, regulatory, and Environmental, Social, and Governance (ESG) risks, all of which directly aect a company’s long-term value.
In a recent survey by PwC, 79 per cent of investors claimed they considered ESG factors when making decisions, with firms accused of greenwashing having come under increasing regulatory scrutiny.
A well-developed and adaptable risk culture helps organisations manage these challenges, promoting resilience and trust. These five themes often lead to a robust risk culture, especially when managing NFRs.
Embrace risk for innovation: Recognise that embracing risk can make provide the foundation for organisations to be more creative, innovative and competitive.
Establish strong leadership: Establishing clear leadership with accountability and authority at its core is essential (especially with the Financial Accountability Regime (FAR) just over the horizon).
Build a shared vision: Foster a shared vision of safety and risk across the organisation.
Encourage a culture of respect: for people, training and support.
Foster a balanced attitude toward risk – recognising both the negative and positive aspects.
Stage 1: Define Target Risk Culture
Defining the risk culture that an organisation wants is the first step. This means identifying the behaviours, values and actions you want to see across the organisation. For businesses facing ESG and reputational risks, this is increasingly important.
For example, in the context of greenwashing, the company's culture should clearly be set around transparency, authenticity, and integrity when dealing with consumers. Setting clear expectations facilitates embedding risk management into daily work processes, such that when decisions are made, it is done with a constant eye on the risk landscape.
Stage 2: Assess Current Risk Culture & Identify Gaps
Once the needed risk culture has been defined, the next step is to measure against it. This may require conducting interviews with employees, managers and other stakeholders to assess the current approach to risk.
This may also involve conducting surveys or conversations to assess employee awareness of risk (including ESG matters), and whether the organisation is well-prepared to deal with operational or reputational risks. Past events, such as regulatory breaches or reputational crises, can also be reviewed to identify vulnerabilities.
Stage 3: Create a Strategy & Roadmap
When gaps are identified, the next step is to create a plan that infuses risk management into the organisation. A coherent plan links risk management with broader business goals and integrates them into everyone's responsibility.
For firms under the ESG spotlight, the playbook should involve embedding both risk and ESG considerations throughout operations, for example, by factoring in risk assessments for all material business decisions and instilling concern for the effects of each facet of the business on people, environment and regulatory standards.
Leadership is also key: senior executives must do all that they can to walk the talk. For instance, when senior management visibly makes it clear that managing financial as well as non-financial risks is of paramount importance, this can have a positive impact on behaviour at all levels of the organisation.
Stage 4: Execution & Change Management
Getting the risk culture right takes a strong hand for change management. It calls for employees to catch on and be fully engaged – and many companies fall down here.
This can be avoided only by ensuring that the communication is clear, consistent, relevant and targeted appropriately across the business. Policies and controls will not cut it here: people must understand why NFR management is important to them and their jobs.
The risk of greenwashing is an example. If employees are not fully apprised of the severe penalties for making misrepresentations, then they could put the company at risk. Regular training, open communications, and making sure that risk management is relevant to line managers’ daily tasks, all help to prevent this from happening.
Risk management must be sold to employees as something that is in the company’s and customers’ best interest, not an imposition. Demonstrating that proactive management of risks and ESG issues will enhance the company’s reputation can help to galvanise employees into taking risk culture seriously.
Stage 5: Measure & Sustain the Culture
Ongoing focus on a robust risk culture is essential for success over the long term. Formally and informally, organisations should track how the risk culture is being internalised. This can include tracking engagement with risk surveys, for example, or tracking how well risk management and ESG policies are implemented in practice.
Being able to verify ESG claims is a crucial step for any company exposed to greenwashing risks, whether to protect against reputational and regulatory damage or to make sure that their brand identity resonates with customers. Risk management assessments must be embedded into the fabric of the organisation, to detect where more attention is needed, from the leadership all the way down to individual employees.
A risk culture needs to be nimble to be sustainable, as it should be reviewed when new risks emerge (think climate change or the next technological disruption) and external demands change. Organisations that can proactively and consistently manage risk will be better equipped for the unexpected.
Strengthening Risk Culture for Long-Term Success
Cultivating a strong risk culture incorporating NFRs can help firms manage these challenges more effectively. If organisations work through these five stages, they will be better equipped to deal with financial and non-financial risks, safeguard their brands, and lead the way in ethical business practices.
If you'd like help defining or refining your risk culture, please reach out via LinkedIn or Submit an Online Enquiry.
