Embedding Risk Culture – Part 1

By Abhishek Paul

What’s the first thing that comes to your mind when you think about risk? Maybe something that might impact your physical, financial or emotional wellbeing. To some extent you might be right.

So what do you when faced with risk? Are you ready to handle it? Do you know what the most impactful risks that you face are? If these situations happen do you have a plan to come out of it without much harm?

These questions not only apply to organisations or institutions but you as an individual as well. Most of the commonly known and critical risks we may be aware of in our daily lives are those that are most sold to us as consumers and having an option to transfer the risk in some ways – such as insurance.

Think about life insurance, automobile insurance, home insurance and now even insurance on electronic devices; you purchase them online and probably never look at the fine print in as much detail maybe because you feel these are some critical risks that have an easy coverage which can easily be purchased. Do keep in mind though that these will only stand to compensate loss and not mitigate the risk of loss.

At an individual level generally, have you ever thought about risks like pollution, population, natural disasters, financial meltdowns or maybe more trivial things like road safety? When we go through our primary, secondary and even graduate level study we go through subjects like maths, science, moral and physical education as compulsory elements but never touch upon basic concepts of managing risks. For example we do get taught in school about pollution and its effects but not as much about how to not contribute to it in ways that can make the future of human lives better and only get to that when we are all grownups and that’s where the need to have a strong risk culture lies.

Imagine if you were never to have read maths as a subject but undertake all other subjects while in your school, do you think you would be able to do daily calculations, maybe yes if you learn vocationally but would you know things like the Pythagorean theorem, algebra, graphs or even probability? Then how can we expect that without having knowledge of risk management theories like black swan or the ostrich theory, risk management can be embedded in our risk culture.

If to be a manager you need to be an MBA and know about Fayol’s principles of management then to be a risk manager should we not have read Paul Hopkins?

“The Institute of Risk Management (London) has led the debate on risk culture for nearly 30 years. Drawing upon the wealth of practical experience and expert knowledge across the Institute, they have developed guidance for organisations wanting a greater understanding of their own risk culture and the practical tools which can drive change.

As the business press shows daily, embedding reliable risk management into an organisation is a difficult task. Boards must both consistently prioritise risk management and continually review their culture, people and processes.”

Maybe this is the case because we start risk management training too late in our professional lives and therefore fail to essentially embed risk culture in our day-to-day practice also the other theories and schools of thought gained through years of education and learning overpower the freshly gained knowledge of risk management.

If you were online shopping and bought an outdoor solar light for your home would you be more inclined to read reviews before your purchase? Looking at a more cost effective product to save on energy or think of buying it because it leverages the use of renewable energy?  I think that’s what embedding risk culture is all about, the essence of making decisions.

Risk culture is a term describing the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people with a common purpose. This applies to all organisations – including private companies, public bodies, governments and not-for-profits.

An effective risk culture is one that enables and rewards individuals and groups for taking the right risks in an informed manner.


This article was written by Abhishek Paul, IRM Cert, Associate VP: Risk and Conduct Assurance at Royal Bank of Scotland (India).

Abhishek is also one of the IRM’s newly appointed Indian Ambassadors.

Read IRM’s Risk Culture and Appetite for Practitioners Guidance.

Find out more about Risk Culture Training.

  • About Enterprise Risk Magazine

    Enterprise Risk Magazine is the leading quarterly title for risk managers and enterprise risk, with a print circulation of over 5,500.

    Enterprise Risk is published on behalf of the Institute of Risk Management (IRM). The majority of IRM members receive their copy of Enterprise Risk at their home address, meaning the title... Read more
  • Categories

  • Tags