Culture is capital to combat risk

There is strong evidence to suggest that competitive, heavily regulated sectors tend to be better at risk management. Pharmaceutical companies, for instance, tend to have highly evolved risk practices which seem to have been brought about by tough regulation of the sector coupled with intense competition between firms.

Companies in this sector have gone beyond compliance regulation.  This is largely because they understand that good risk management is crucial to their survival in a highly competitive industry.

However, there are numerous other sectors where this is also the case and these lessons can be applied to myriad business areas. Melvin Glapion, managing director at Kroll Advisory Solutions, says the oil and gas, mining and wider medical device sectors are also examples of best practice. “These sectors have been hardest hit by various regulatory and operational incidents. This has propelled these industries to become particularly risk aware,” he says.

As an example of good corporate strategy around risk, Gillian Lees, head of corporate governance and risk at the Chartered Institute of Management Accountants, says the aviation industry has an approach which other sectors should learn from.

Managing contract information is a key factor in the battle to manage risk

She explains: “In the aviation industry there is collaboration between companies to help improve their risk management practices. This is not replicated in financial services in the same way and perhaps it should be. That change starts at the very top. The chief executive must set the vision, but the chief financial officer has a key role in setting the framework in which innovation may thrive.”

However, making risk management part of everyone’s objectives needs to be balanced against other objectives or else companies face a separate risk of stifling their business.

Ensuring staff awareness of risk from the top down is therefore vital, but Simon Evans of RSM Tenon warns that risk management must be built into the objectives of all employees to ensure it is effectively managed at each level.

“If you take the average company strategic risk profile and build explicit supporting behaviour to mitigate these risks into individual performance objectives, we would see a quantum leap forward in truly embedding risk into the culture of the business,” he says.

Managing contract information is another key factor in the battle to manage risk, especially for international businesses. A recent study by IBM found that 52.2 per cent of businesses did not have the infrastructure in place to react to the exposure to risk contained within active contracts in the event of a significant change in market conditions.

Nick Hood, head of external affairs at Company Watch, says: “The trouble with most business risk management cultures is that they tend to be reactive, rather than proactive; relying on dealing with adverse events in crisis-control mode. This usually stems from a triumph of unrestrained entrepreneurial zeal, underpinned by an understandable unwillingness to consider the possibility of disaster.”

The litmus test of risk management for investors in large firms is the corporate report and this is one area long earmarked for improvement. A 2012 survey by the Association of Chartered Certified Accountants found that 71 per cent of investors think companies should be reporting more on potential risks that could affect their performance.

Meanwhile, 70 per cent said that a company’s key risks and how they intended to manage or mitigate them was the most pressing issue for them following the economic crisis.

Clearly risk management is creeping up the agenda for big businesses, but the evidence suggests there is still a long way to go.



1. Have a wide-ranging, analytical view of risk and supplier compliance
2. Store and manage all contract information centrally
3. Ensure compliance with corporate citizenship policies
4. Encourage supplier innovation and development
5. Ensure all departments are aligned on the business’s key objectives

Source: IBM