From global health crises to geopolitical tensions and cybersecurity threats, organisations today are surrounded by unpredictable risks that shape daily operations and future planning alike. As per the ICICI Lombard IRM India Risk Report 2024, nearly 79% of executives said they plan to strengthen their company’s risk culture, underscoring the urgency of staying agile and informed in a world where risks are both evolving and interconnected.
Given this context, let us look at some practical steps to foster a risk-aware culture that engages every employee in risk management, creating a proactive environment that supports organisational growth and resilience.
1. Align Risk Appetite with Strategy
Building a risk-aware culture begins with a clear understanding of risk appetite, which means how much risk the organisation is prepared to accept to achieve its objectives. This alignment should be firmly rooted in the company’s values and mission, creating a framework that governs daily operations and long-term plans. For instance, a chemicals manufacturing company should prioritise employee safety as a non-negotiable area where risks are completely avoided or kept to the bare minimum. The same company may find it acceptable to accept higher risks in other areas such as finance, innovation, etc.
Actionable Steps
● Communicate Clearly and Regularly: Employees at all levels need clarity on risk tolerance levels. Establish guidelines on acceptable risk and share these through training sessions and regular communications to ensure understanding across the organisation.
● Monitor and Adjust: As the business environment changes, so should your risk appetite. Regular assessments help ensure your risk strategy is aligned with market realities and business goals.
2. Empower and Engage Employees
A risk-aware culture thrives when the organisation empowers its employees to actively identify and manage risks. Frontline workers, managers, and executives all have their part in spotting potential issues and contributing to solutions. When employees have the tools and encouragement they need to engage with risk management, the entire organisation benefits.
Consider a technology company that equips its employees with real-time risk dashboards to track issues as they arise. With ongoing training in risk identification and management, employees can flag potential risks like cybersecurity threats before they escalate. Similarly, in a healthcare setting, providing staff with regular risk workshops enables them to respond promptly to compliance changes or patient safety concerns, building a collective vigilance across departments.
Implementation Measures
● Provide Tools and Training: Equip employees with the necessary tools, resources, and training to manage risks effectively. This might include risk management workshops, access to digital reporting tools, and industry-specific guidelines.
● Encourage Open Dialogue: Open communication about risks fosters a sense of responsibility and accountability. An ACCA, Airmic, PRMIA global survey this year noted that only 60% of respondents felt risk was discussed at all organisational levels, signalling room for improvement in making risk a shared concern.
3. Embed Risk Management into Daily Processes
Effective risk management should not be a separate process or a one-time activity; it should be woven into the core functions of planning, budgeting, and decision-making. Organisations can build a sustainable approach to risk by embedding risk awareness into daily routines.
Steps to Integrate
● Define Roles and Responsibilities: Assign specific roles for risk management, clearly delineating who is responsible for each area of risk. When roles are well-defined, accountability improves and risks are more likely to be identified and mitigated before they escalate.
● Use Technology for Real-Time Tracking: Integrating technology such as AI and data analytics helps identify potential risks in real time ensuring an agile response. Centralised data repositories make it easy for managers to assess overall risk exposure and collaborate effectively across departments.
4. Enhance Risk Awareness and Communication
A culture of risk awareness requires consistent education and open channels for communication. When employees are well-informed and comfortable discussing risks, they are more likely to address issues before they escalate. Over time, this fosters an environment where lessons from successes and setbacks are openly shared, reinforcing proactive risk behaviour across the company.
Approaches to Foster Awareness
● Promote Transparent Risk Reporting: Having straightforward, accessible channels for reporting risks is crucial. Employees should feel comfortable flagging issues without fear of repercussions. Such a framework must not be for namesake only and whistleblowers should actually be able to report risks without being penalised for it in informal ways.
● Foster a Learning Environment: Encourage learning from both successes and failures. When employees understand the broader impact of their actions on risk, they are more likely to adopt risk-aware behaviours in the future.
5. Evaluate and Improve Risk Culture
A strong risk-aware culture requires ongoing evaluation to ensure it remains relevant and effective. Regular feedback helps organisations gauge their progress and adjust their approach as needed. For instance, 43% of respondents in the ACCA, Airmic, PRIMIA global survey indicated that regular risk assessments had improved overall risk awareness, underscoring the importance of frequent evaluations.
Evaluation and Enhancement Methods
● Regular Assessments: Conduct surveys and feedback sessions to gauge the organisation’s risk culture. For example, a financial services firm might conduct biannual surveys to measure employees' confidence in the company’s risk protocols. This data helps the firm adjust its approach and improve areas where employees feel less secure.
● Performance Metrics and Incentives: Risk scorecards that track Key Performance Indicators (KPIs) related to risk management help maintain visibility. Recognise employees who demonstrate risk-aware behaviours, whether through rewards or performance bonuses, to reinforce positive contributions to risk management.
6. Involve the Frontline in Risk Management
Frontline employees interact directly with external stakeholders and are often the first to identify emerging risks. Involving them in risk management can improve both responsiveness and overall risk awareness.
Empowering Frontline Actions
● Equip with Reporting Tools: Use technology to streamline reporting processes, allowing frontline employees to log risks easily and discreetly. AI-powered tools can simplify capturing business anomalies and provide insights into previously reported issues to reduce duplication. A hospitality chain, for example, can give its staff a mobile app to report safety or maintenance concerns. By providing frontline employees with an easy way to log issues discreetly, the company can ensure that risks, such as potential hazards or compliance issues, are promptly addressed.
● Create a Culture of Ownership: Reinforce that every employee is a “risk manager.” Involving all team members in risk-related conversations helps organisations foster an environment where risks are openly discussed and addressed at every level.
7. Build Leadership Buy-In and Accountability
A risk-aware culture must begin with leadership. When senior executives model risk-conscious behaviour, it sets a tone that resonates throughout the organisation. As per the IRM Risk Report 2024, over 44% of organisations assign risk management to the Chief Risk Officer (CRO) or the risk department even though the most effective results occur when the board also takes an active role.
Leadership Initiatives
● Lead by Example: Leaders should demonstrate a commitment to ethical and risk-aware decision-making, especially in high-pressure situations. Employees are more likely to follow suit when they see senior management making principled decisions.
● Allocate Responsibility: Ensure there is a clear chain of accountability for risk management.
By creating a culture where risk management is everyone’s job, from interns to executives, companies can transform their approach from reactive to resilient. In an era where swift adaptability can define a business's success or failure, a risk-aware culture is not just an asset, it is a critical advantage. When organisations empower employees to recognise, report, and address risks confidently, they are preparing themselves not just for survival but for sustained success.
About the Author
Tushar Bhaskar is Chief Business Officer at Rubix. He is responsible for growing the company’s revenues across multiple channels. Tushar has 17 years of experience in the Information Services, Risk Assessment and Analytics verticals. His previous roles have been with firms including Ernst & Young (EY), Equifax India and Dun & Bradstreet India where he headed sales for the Credit, Compliance & Supply Chain business verticals. Tushar’s objective is to build a solution-oriented sales organization at Rubix with a sharp focus on rapidly evolving customer needs. Based in Delhi, Tushar is a Post Graduate in Business Economics from the University of Delhi. He is an avid reader with diverse interests including Human Psychology, Technology, Financial Markets and Geopolitics.