Ensuring an effective risk culture

There has seldom been more focus on how organisations and their employees manage risk. This means that defining, reinforcing and measuring your organisation’s risk culture is a strategic priority for senior leaders and their Boards.

Much of the current global focus is on financial services, but all sectors and functions face the same challenges: safeguarding customer, patient or citizens’ data; managing the reputational risks posed by social media; ensuring the financial reports are error-free; maintaining high integrity among employees. No organisation is immune, and all need a robust and proactive approach in place.


”Risk culture” can be a muddled topic, but it doesn’t have to be.

Let’s establish some basic facts:

  • Risk culture is not separate to organisational culture. The latter drivers the organisation’s approach to the former.
  • Culture is an output. It’s the environment and behaviours you create as a result of the practices, policies and behaviours you define and reinforce. Think about it; if you hire criminals and incentivise conflict then you will create a culture of violence.
  • Culture can be measured. There are a large number of qualitative and yes, hard quantitative measures that can be used to do this.
  • Risk is good. Nothing is achieved without taking risks. We don’t want to prevent all risks, we want employees to understand and manage them.

Risk culture model

How we work with clients 

We take a unique approach to risk culture. Our Principal, Murray Priestman, was Global Head of Talent at Macquarie Group, where he was responsible for organisational culture and capability. He worked closely with business leaders, Risk, HR and regulators globally on risk culture, and this experience shapes our approach.

Our approach is characterised by six principles:

  • Customer-led: We ensure that the customer voice and experience is at the heart of your risk culture strategy. This is vital.
  • Aligned to your cultures: Different teams and roles have different cultures and require different risk appetites. One size does not fit all.
  • Aligned to your current activity: We tailor our activity  to align to existing channels, initiatives and activity.
  • Culture-first: Most consultants have a risk or internal audit background. We are culture specialists with deep people expertise and this is our focus.
  • Holistic: We don’t just rely on a survey or interviews. We look at the end to end employee experience and ensure all activity is aligned and consistent.
  • Decision-agnostic: You can’t own the solution if we give it to you. We work with you to develop and implement the best approach, but we won’t tell you what to do.

Click here to read and download a summary of our approach.

Risk culture paper pic.png