Corporate Culture & Risk Management

Organizational Change

In recent years we have seen the impact that poor risk management culture has had on more than a few big companies. Samsung, Takata Airbags, Volkswagen, and many others, have suffered repeated, and highly public issues, usually coming from a single, initial problem.
When a company repeatedly has such issues, business losses that would normally be manageable, can quickly grow exponentially and cause widespread damage to the company’s brand.

All product recalls will result in some financial impact, but an isolated negative event can be a well-managed, short-lived issue, with a reasonably quick recovery. Take the J&J Tylenol case of the early 80’s for example. The company responded swiftly and decisively, taking a fairly substantial financial loss, but earning deep respect from customers and the marketplace as a result.
Many customers may be willing to overlook a single problem as a temporary deviation, which has been identified and corrected—an understandable human mistake. On the other hand, if a second or third incident arises after addressing the initial issue(s), then the company’s overall quality assurance and corporate culture are suddenly brought into the spotlight. Customers may now begin to lose confidence in the brand as a whole. And if it later comes out that the company attempted to deceive the public or government agencies, things can get very much worse.

Developing and Sustaining Risk Culture

The overall company philosophy set by the Board of Directors and Leadership Team informs and drives the culture and behavior of all employees. This set of values travels through the enterprise in a number of ways, including management communications, onboarding and training programs, as well as the policies and procedures designed to guide employee decision-making.
The right kind of message will communicate a high standard of values, ethics and a culture of compliance, but needs to be balanced with the reality that managers need to take intelligent risks in the pursuit of short- and long-term rewards for the business.
Many companies today have defined and published a set of values that are then communicated in some way to employees. This is one of a few key steps in assisting employees to make the right risk management decisions.
Here are a few of the actions companies can take to proactively guide behavior towards a stronger risk culture:

  • Investor Relations – Are reasonable expectations being set with company shareholders regarding risk and reward?
  • Corporate Governance – Are the right questions being asked? And is the C suite willing to hear to the answers without judgment?
  • Performance Management & Compensation – Are corporate and employee objectives linked to desired risk management results?
  • Management Reporting – Is too much attention to certain performance metrics influencing decisions in the wrong direction?
  • Protected Disclosure (Whistle Blowing) – Is it possible to report possible issues without fear of reprisal? (This is the law in some countries.)


While leaders can help define and communicate the desired corporate culture, this alone will not guarantee good risk management decisions every day. All employees must be taught risk management techniques and relevant risk management skills should be built into the company’s overall competency model.
A risk culture that makes ALL employees an integral part of risk management will produce more successful and predictable business results.
CEOs and business leaders can take a more proactive stance, risk-management capabilities can become a competitive advantage—improving business decisions and increasing the value of the company.

This post is also available in: Japanese