Instilling a risk culture in your business
People and behavior are often the biggest sources of business risk.
By implementing a risk culture and by focusing on good governance and compliance, you will go a long way in managing, controlling and mitigating the risks facing your business.
Capacity building for effective risk management starts with employee induction, employee buy-in and is further entrenched and reinforced with risk management training.
The main people risks facing a business are:
- your business culture
- skills and talent shortages
- people retention
- employee performance
- unethical behaviour
- employee conflict of interests
- high risk employees (indebtedness, addictions)
- low employee morale
- grievances and disputes
- excessive absenteeism
- labour turnover
- accidents
- employee wellness
- safety
- sabotage
- workplace violence
- non-compliance with industry and regulatory labour laws and requirements
Management and employee stress is going to continue to increase as a result of the uncertainty and disruption caused by macro risks such as technology changes, new competition, artificial intelligence and digitalisation.
As part of instilling a risk culture in a business it is imperative that this needs to start with your HR/people processes.
- HR risk management should be embedded as an integral part of organisational processes. This includes recruitment, vetting, performance, skills suitability and disciplinary processes.
- HR should support management in ensuring that the businesses culture and risk management policy are aligned.
- Capacity building for effective risk management starts with employee education and risk management training.
- There need to be clear roles and responsibilities for risk management.
- HR good governance and processes need to be structured and entrenched.
- You need to comply with ruling HR and labour legislation.
Vacancies in key positions, staff in positions they are not ready for, a lack of key skills, a lack of robust processes and controls and non-compliance with regulatory requirements all contribute to increasing the risk profile of an organisation or business.
The key elements for entrenching a risk culture are:
- The setting of the appetite and tolerance for risk in the business.
- Alignment of this with the board and owners.
- Establishing who is taking responsibility for risk management i.e. appointment of a risk champion.
- The need for a clear philosophy on risk management and risk objectives.
- Elimination of the obstacles, challenges and resistors to a change in risk culture.
- The need for the appropriate structures and processes to create a risk culture.
- The building of capacity in the organisation or business to entrench and embed a risk culture.
- The ability to balance positive and negative risks.
- The keeping of visible risk records.
- Open regular communication to stakeholders and employees on risk awareness.
- Need for a positive work climate.
- Continuous learning about risk, improvement in risk management and the building of risk management expertise in the business.
Whatever the type of risk facing a business from both unexpected occurrences or from those within the control of the business, the consequences can be disastrous if the business or organisation is not prepared for these. Instilling a risk culture sets the base from which risk management becomes the norm in mitigating risk.