In an increasing changing, challenging and connected world corporate culture is more important than ever. Against a backdrop of globalisation, digitilisation, the rise of social media and changing business models we must focus on creating cultures that support and encourage our people. Indeed, it’s noted that shortcomings in corporate culture such as silod thinking and risk aversion are among the main barriers to company success in the digital age. Regulatory changes such as the General Data Protection Requirements require organisation-wide shifts in culture, ensuring every employee understands their responsibilities. Senior management cannot wait for culture to change organically. They must develop better connected cultures that respond to changing customer needs and deliver profitability and sustainable value.
What is corporate culture?
The Financial reporting council define culture as a ‘combination of the values, attitudes, and behaviours manifested by a company in its operations and relations with its stakeholders’.
The culture of an organisation affects the behaviours, attitudes and decision-making ability of its people. Whilst behaviours can be guided and monitored by tangible processes and control structures, values and attitudes are more difficult to influence. However, processes cannot legislate for all scenarios. An effective culture supports an organisation’s people in understanding organisational controls and systems. It will enable individuals to appreciate how their actions can impact on the wider business and support them in responding appropriately to new and different scenarios.
Risk culture is corporate culture viewed through a risk lens. It bridges the risk appetite of the organisation with the management structures and systems. The risk culture will orient individuals to their own risk responsibilities and inform their risk-taking decisions.
It is no surprise that the recent update to the international risk management standard, ISO 31000 reinforces the importance of managing risk culture. ISO 31000 requires top management to demonstrate their commitment to risk management and its alignment with the organisation’s strategy and culture. Organisations must also evaluate the effectiveness of the risk management framework on the behaviours of its people. Risk managers therefore have a major role to play in managing corporate culture.
The Airmic and QBE Culture Toolkit
The culture toolkit was developed by Airmic and QBE in 2016 and provides a framework for understanding and developing corporate culture. This guide provides a standard language that risk managers can use to contribute to the culture discussion. The accompanying online tool, created and shared by QBE, allows organisations to assess their culture against a standard framework and gain insights from best practice.
The toolkit has been relaunched for 2018, to reflect the feedback and needs of Airmic members. The online tool, originally designed for the professional services industry, has been tailored to be more relevant to organisations of all sizes and across all industries. Users must be aware however, that this is a generic tool and they will need to consider the individual priorities and aims of their organisation when undertaking a culture assessment.