The curious case of risk culture

“Take risks: if you win, you will be happy; if you lose, you will be wise.” Anonymous

We’ve seen in previous chapters of our whitepaper, how the Risk-Intelligent Leader is taking a dynamic and proactive approach to risk for better decision making, increased competitiveness, smarter innovation and future shaping.

But how do these leaders inspire their whole organisation to take a fresh look at risk? To embrace the opportunities as well as the threats? To disseminate their vision and create a risk curious culture throughout their business?

The reality is that cultural barriers still remain. “There’s a natural reluctance to talk about risk and be transparent – in our case construction is still a conservative industry,” observes Alvaro Medina, at OHL. So, how do you create a culture that understands, accepts and even supports risk-taking?

Our experts identified 7 key cornerstones of a risk-positive culture

You can only build on strong foundations

This is critical: risk curiosity cannot co-exist with a blame culture. There are numerous instances in the market of employees being held back by the fear of making a mistake. This embeds a grinding adherence to low risk, focusing on process and systems rather than land-grabbing strides towards innovation.

So what’s the answer? Start with baby steps – it takes time to create a culture shift, advises Emma Bradley. She recommends starting with a positive mindset evolution, as they did at GSK Consumer Healthcare. “Aim first for a foundation of trust and accountability – no more people saying ‘that’s not my job.”

She adds, “Ask ‘what’ didn’t work NOT ‘who’ made the mistake?” This simple shift can make all the difference. Allowing for failure is essential.

Create open communication channels (it’s a two-way street)

Risk-Intelligent Leaders need to set an example here, creating a top-down transparency in communication. No cover-ups or glossing over the facts.

“Risk reports need to go down to the people making decisions day-to-day decisions, not just up to boards. Top down communication sets the tone for the whole business when it comes to risk,” says Roger Baker.

It’s also important that Risk-Intelligent Leaders at all levels in the organisation feel comfortable and empowered to share threats and opportunities that they see associated with risk.

Trust is everything

Once you’ve established a no-blame culture, trust is a key component to build. Again, this shifts away from fear-based decisions and stalemates.

“When we embrace risk, people feel more secure. They understand that we can help them to share risk with their bosses. People feel safer when someone is hearing them.” says Medina at OHL.

Andrew Pyke believes there’s a need to get the ground rules clear: “What happens when someone fails? Will you as a leader take the heat for a decision that goes wrong, taken in VUCA, by a team member? Really?”

Be in it together

Where risk is siloed and cut off from the rest of the business, organisations can become sluggish and slow. They stick to checklist-focused, reactive risk in its most limited form.

Instead, there’s a strong argument that everyone needs to be responsible for risk, rather than ringfencing it as a discrete management function. This allows more opportunities for risk-based decision making.

As Horst Simon says, “CROs aren’t superhuman – they can’t be responsible for all risk. Every employee is a risk manager.” And he cites the same example that L3’s Roger Baker uses in talking bout two-way communication: “Risk reports only go up through organisations – they also need to go down to the people making everyday decisions.”

Pete Madsen agrees, “Risk isn’t the domain of a dedicated area, but a culture that needs to be understood and embedded across a business.”

For the Risk-Intelligent leader, this means driving an openness and responsibility for risk, with senior leadership teams who can, in turn, pass this down through their teams. OHL has found that the education of decision-makers within the organisation about risk is often led by leaders coming up through the ranks.

Medina says curious leaders can help educate the other leaders and show them the techniques and calculations that might improve their work. “Essentially, those who understand risk need to be passionate advocates and convert the nonbelievers.”

Sell with stories (and watch your language!)

Much of risk-related talk today is about processes,systems, checklists. So far, so dry.

To drive a risk curious culture that fuels innovation and progress, we need to find new ways to communicate with our stakeholder communities. Emma Bradley champions storytelling. She believes that using stories to exchange failures is a compelling way to get people to do things they don’t necessarily want to, or fear doing.

“People love to hear horror stories,” she says, “So you need to balance these with positive stories of the opportunity associated with risk. It’s reinforcing the positives that can drive a cultural shift and change the muscle memory.”

Organisations are often good at selling to customers, but not internally, she says. Leaders need to speak to their teams’ desires and needs, to respond to the ‘what’s in it for me’ impulse and show the upsides of risk-taking.

It’s in this way that stories of positive risk-taking empower employees to take a risk. “Your people transition to a ‘they tried it, so can we’ mentality, obviously with the right checks and balances in place and a governance model,” Bradley concludes. Medina firmly agrees, “Sharing mistakes and lessons learnt is important to positively impact risk culture.”

Tim Fenemore argues we can go further and look at the language risk management is wrapped up in. “The term risk is in itself ambiguous. Is it a risk to the project schedule? Cost? Safety? We need to qualify it as it’s not always clear what we’re talking about. Think about the impact. Some language doesn’t translate to certain environments.” Tim calls for risk language to become more coherent and mainstream instead of technical and full of jargon.

Fail fast and learn from mistakes

Organisations are slowly becoming more mature when it comes to failure. In risk, it’s as essential to know when you’ve failed, to accept your project’s limitations or kill it quickly and move on. Even more importantly, it’s critical to meet after the event to understand what happened and the lessons that can be learnt. Often, the learnings can be greater than the original aim.

Get the board on board

“Your board of directors are the owners of all risk and must be fully engaged. An understanding of risk has gone way beyond a ‘nice to have’. If boards don’t get it, they aren’t fit for purpose! We shouldn’t have to motivate them or beg them to understand it,” argues Horst Simon. Still, a lack of buy-in at this level can be the single biggest barrier to a robust risk strategy and culture.

Key to fostering support and commitment is to show the board how it’s relevant to them. It’s critical to make it relevant and interesting, so it’s not pushed down to middle management. This means getting beyond the negativity and drawing out the value, the return on investment, the opportunity.

“Look to the future more than the past – look through the windscreen not just at the dashboard. Emerging risk is more important than last month’s risk report,” Horst Simon adds.

Bringing a broad perspective to this key stakeholder audience can help, as Pete Madsen comments, “Sometimes the challenge is that one person’s risk is another one’s opportunity.”

“Don’t give them a 30-page report with just information – provide analysis,” recommends Emma Bradley. “Boards have to be more open to risk because it’s where they are going to be able to find opportunities to increase profits and grow. The alternative is often only minor improvements to what’s out there already.”

*If you enjoyed this post, please heart it and share it through the links at the bottom of the page.