This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Your firm's risk culture should be high on your management agenda

News
Share:
Your firm's risk culture should be high on your management agenda

By

By Louise Fleming, Executive Director, Kingsmead Square

While it is possible to measure business objectives and risk appetite, risk culture is often dismissed as the 'fluffy' side of a subject that never quite makes it onto the board or management agenda. The reason risk culture should be a priority in your business is simple and compelling: poor risk cultures lead to poor decisions, which lead to reputational or financial losses. This issue is not confined to regulatory breaches or financial services firms:
the focus on risk culture is market
and sector wide.

Risk culture must be integrated
in your governance and risk management framework - it is not a standalone concept. The role of the board includes providing independent oversight and setting organisational culture. Culture is the foundation stone of any governance framework.

You may think the management of your firm's risk culture could be delegated to your head of risk and/or HR director, but that would be missing the point. Risk culture sits at the heart of organisational culture. It is about values and behaviours and a voice for risk at the table - not the voice of the COLP or nominated risk manager. It is the voice of every business decision maker and individual in the firm.

The banking crisis can be attributed to a number of factors, but there is consensus that risk culture - or a lack
of it - was a significant contributor.
The danger facing professional firms
today is they spend so much time
trying to satisfy regulators, auditors
and other stakeholders that they miss
the substance of risk management.

Board and senior management agendas have become cluttered with detailed reports and spreadsheets in font size 8 that attempt to assist with the management of risk, but only succeed in turning off the very people that are supposed to be leading the charge
to embed risk in the firm's culture.

The renewed UK Corporate Governance Code may not apply directly to most professional service firms, but
its preface provides useful guidance:
"One of the key roles for the board includes establishing the culture, values and ethics of the company. It is important that the board sets the correct 'tone from the top'. The directors should lead by example and ensure that good standards of behaviour permeate throughout all levels of the organisation. This will help prevent misconduct, unethical practices and support the delivery of long-term success."

10-step plan

There are some practical steps that you can take to set and maintain a strong
risk culture at your firm.

  1. Set the tone from the top - the board should set and communicate risk culture as part of the firm's wider culture and values.

  2. Walk the talk - senior management need to be 'on message' about the importance of risk management and live and breathe it in the business.

  3. Encourage debate and challenge - the way the board and senior management meetings are chaired should encourage all members to ask 'awkward' questions in a constructive way.

  4. Embed risk in business decision making - it is a lens through which to look at all business decisions, not the final tick-box to be checked.

  5. Ensure risks are owned by business leaders - the identification, prioritisation, evaluation and response to risks should be owned by those leading and managing the business.

  6. Introduce a balanced scorecard - don't just recognise and reward individuals on financial results; ensure that client service, people development and risk management form part of the assessment.

  7. Recognise objectives and behaviours - be clear on the distinction between what you are asking individuals to achieve (objectives) and how you expect them to operate (behaviours), and reward both.

  8. Recruit and promote in line with firm values - ensure that assessment of an individual against firm values is part of the recruitment and promotion process.

  9. Align management information - risk management will only become part of the DNA of your business if it is recognised that risk and reward go hand in hand.

  10. Adopt zero tolerance of breaches - the consequences of breaching policies and procedures need to be clearly articulated and followed through.

Focus on integrity

Ultimately, your firm's risk culture will come down to the individuals within it, their personal decisions and how they interact with each other and clients. The Solicitors Regulation Authority's Principle 2 could not offer better advice in this regard: act with integrity and you will not go far wrong.

Louise Fleming has 20 years' experience in working with professional and financial services firms in business and risk management (www.kingsmeadsquare.com)