Page 160 - Risk Report 2024
P. 160

IRMSA
           160     RISK REPORT 2024/25










           Building an effective risk culture starts with an accurate, robust risk culture maturity assessment to understand
           how well the existing culture supports the organisation’s risk philosophy and strategy. Different models exist, but
           can be summarised generically as per the table below:




                                                 Risk Culture Levels




                                                      Level 1: POOR
            People don’t care nor do the right things regardless of risk policies, procedures and controls. Generally man-
            aging risks in silos, they are always firefighting with no clear risk owners, no real communication and weak
            accountability.


                                                     Level 2: TYPICAL
            People care more and do the right things when risk policies, procedures and controls are in place. Risk own-
            ers are clearly defined, and roles and commitments are understood, but effective awareness and skills are
            still lacking.

                                                      Level 3: GOOD

            People care and do the right things even when risk policies, procedures and controls are not in place. Inte-
            grated risk management teams with standardised roles and clear accountabilities are in place, controlled by
            a central function coordinating risk activities.


                                                    Level 4 EFFECTIVE
            People care enough to think about risks associated with their jobs before making decisions. Strong
            cross-functional teams apply sound judgement about risks with support of a small central risk advisory team
            with unquestionable business acumen. The organisation is well prepared for crises built on an effective risk






           Risk culture assessments are usually conducted through a combination of surveys, questionnaires, interviews,
           focus groups, external stakeholder interviews, social media reviews, and operational process reviews. The results
           are often influenced by underlying human factors such as nationality, social culture, work ethics, trust, honesty,
           religion/spirituality, and unconscious biases. Digitally based assessment tools that measure and analyse human
           behaviour linked to risk perception in a consolidated manner, beyond mere compliance, are ideal. The outcomes
           of the assessment must drive targeted risk culture actions through a combination of training, communication,
           skills development, with continuous monitoring and improvement.
   155   156   157   158   159   160   161   162   163   164   165