Instilling a risk culture in your business

People and behavior are often the biggest sources of business risk.

By implementing a risk culture and by focusing on good governance and compliance, you will go a long way in managing, controlling and mitigating the risks facing your business.

Capacity building for effective risk management starts with employee induction, employee buy-in and is further entrenched and reinforced with risk management training.

The main people risks facing a business are:

  • your business culture
  • skills and talent shortages
  • people retention
  • employee performance
  • unethical behaviour
  • employee conflict of interests
  • high risk employees (indebtedness, addictions)
  • low employee morale
  • grievances and disputes
  • excessive absenteeism
  • labour turnover
  • accidents
  • employee wellness
  • safety
  • sabotage
  • workplace violence
  • non-compliance with industry and regulatory labour laws and requirements


Management and employee stress is going to continue to increase as a result of the uncertainty and disruption caused by macro risks such as technology changes, new competition, artificial intelligence and digitalisation.

As part of instilling a risk culture in a business it is imperative that this needs to start with your HR/people processes.

  • HR risk management should be embedded as an integral part of organisational processes. This includes recruitment, vetting, performance, skills suitability and disciplinary processes.
  • HR should support management in ensuring that the businesses culture and risk management policy are aligned.
  • Capacity building for effective risk management starts with employee education and risk management training.
  • There need to be clear roles and responsibilities for risk management.
  • HR good governance and processes need to be structured and entrenched.
  • You need to comply with ruling HR and labour legislation.


Vacancies in key positions, staff in positions they are not ready for, a lack of key skills, a lack of robust processes and controls and non-compliance with regulatory requirements all contribute to increasing the risk profile of an organisation or business.


The key elements for entrenching a risk culture are:

  1. The setting of the appetite and tolerance for risk in the business.
  2. Alignment of this with the board and owners.
  3. Establishing who is taking responsibility for risk management i.e. appointment of a risk champion.
  4. The need for a clear philosophy on risk management and risk objectives.
  5. Elimination of the obstacles, challenges and resistors to a change in risk culture.
  6. The need for the appropriate structures and processes to create a risk culture.
  7. The building of capacity in the organisation or business to entrench and embed a risk culture.
  8. The ability to balance positive and negative risks.
  9. The keeping of visible risk records.
  10. Open regular communication to stakeholders and employees on risk awareness.
  11. Need for a positive work climate.
  12. Continuous learning about risk, improvement in risk management and the building of risk management expertise in the business.


Whatever the type of risk facing a business from both unexpected occurrences or from those within the control of the business, the consequences can be disastrous if the business or organisation is not prepared for these. Instilling a risk culture sets the base from which risk management becomes the norm in mitigating risk.