| A company culture is a shared system of values and | | | | 3. Risk Ownership - employees knowing what their risk |
| practices that become blended with other norms and | | | | responsibilities are, i.e., they assume (some) |
| beliefs that send influential strategic messages to | | | | responsibility (ownership) for identifying, measuring, |
| employees and stakeholders about a company's | | | | monitoring, and reporting risk... |
| attitudes and behaviors, by defining what's important. It | | | | In light of the economic fact that U.S. businesses lose |
| (a company culture) will emerge as management | | | | an estimated 7% of their annual revenue to various |
| teams, boards, and employees come to recognize the | | | | forms of occupational fraud, a risk intelligent workforce |
| beneficial (economic, competitive advantage) | | | | (and, company culture) can be a very valuable |
| outcomes that can accrue as they engage and solve | | | | (intangible) asset for a company, because one does |
| problems through a 'company culture' platform. | | | | not have to look far to see the adverse strategic |
| (Adapted by Michael D. Moberly from the work of Dr. | | | | consequences - affects on companies when they rely |
| Edgar Shein) | | | | primarily on 'unwritten rules' for how things get done |
| A well oriented and nurtured company culture is an | | | | and how, or if, risk is managed. |
| effective tool for identifying and distinguishing the | | | | In a risk intelligent company (culture), management |
| various types of intangible assets that exist in a | | | | teams and boards assume an obligation to understand |
| company and the risks | | | | what those 'unwritten company rules' are and how |
| A company's (strategic) growth plans rely not just on | | | | they're being interpreted-executed by employees. A |
| the ability to scale up numbers, but on maintaining things | | | | good starting point is (a.) to critically assess a |
| like quality, responsiveness, and product-service quality. | | | | company's 'unwritten rules' by getting answers to the |
| If growth occurs by acquisition or if non-core | | | | following questions, and (b.) recognizing the questions' |
| opportunities are to be spun off, then all intangible | | | | relevance insofar as how they may serve to influence |
| asset areas require special attention-consideration by | | | | and perpetuate a company environment of |
| management teams, boards, and employees. | | | | unmanaged risk taking: |
| A first, and very important step toward developing a | | | | 1. What (employee) behaviors are actually being |
| 'risk intelligent company culture' is recognizing that risk is | | | | rewarded? |
| not solely an external phenomena, i.e., all risk emanates | | | | 2. Are company (employee) incentives (properly, |
| from outside the company. | | | | effectively) aligned with the company's risk |
| A second, and equally important step in developing a | | | | management priorities? |
| risk intelligent company culture comes from recognizing | | | | 3. Do all employees, including the management team |
| that company value can be favorably affected by | | | | and board, understand the companies risk |
| integrating - merging risk management and human | | | | management priorities, objectives, and the strategic |
| resource management. The rationale for doing this lies | | | | reasons-rationales behind them? |
| in the fact that a significant percentage of (company) | | | | Ultimately, becoming more intelligent (and objective) |
| risk actually evolves from - is inherently embedded in | | | | about company risk is an important and necessary |
| employee behavior and actions, which includes the | | | | prelude to creating a risk intelligent company culture |
| management team and board as well. | | | | wherein management teams and boards assume a |
| According to Deloitte's, The People Side Of Risk | | | | responsibility for elevating and cultivating a |
| Intelligence: Aligning Talent And Risk Management, risk | | | | company-wide awareness of risk that fosters risk |
| touches virtually every aspect of employee (HR) | | | | intelligent behaviors at all levels. It begins by: |
| management, and employees touch virtually every | | | | 1. Adopting a common definition of risk in accordance |
| aspect of risk management. Is there no better reason | | | | with national standards and best practices. |
| to develop a risk intelligent company culture? | | | | 2. Clearly defining roles, responsibilities, and authority |
| Effective risk management (and a risk intelligent | | | | (for managing risk) with appropriate levels of |
| company) Deloitte suggests, executes at the point at | | | | transparency. |
| which there's a convergence of the following: | | | | Lastly, it's important to recognize, insofar as developing |
| 1. Risk Governance - how a company treats risk and | | | | a 'risk intelligent company culture' that (a.) a change in |
| assumes responsibility for risk oversight and strategic | | | | (company) culture generally follows a (employee) |
| decision making... | | | | behavior change, and (b.) culture and behavior changes |
| 2. Risk Infrastructure Management - how a company | | | | are less a product of formal risk policies, controls, and |
| assumes responsibility for and understands how to | | | | pronouncements, than they are the result of effective |
| design, implement, oversee, and sustain a risk | | | | incentives and rewards. |
| management program... | | | | |