How Leadership and Culture shape Risk Management

November 27, 2009 at 11:19 pm 9 comments

Management guru and noted author, Charles Handy in his review of the best business books on Leadership for 2009 for the Strategy & Business magazine says the financial crises “did not need to happen. There were warnings enough from observers about troubles ahead but those in power in organizations did not pay heed until it was too late.”

Wisdom gained out of hindsight indicates that many companies did not possess the robust culture and leadership conviction to stay true to their own long term goals. Leaders were swayed by the lure of short term profit taking in what ultimately proved to be an illusionary “pot of gold.”

The CFO of a company recently mentioned that organizational culture in his organization, is viewed as a “soft” issue, one that does not have an immediate tangible impact on his company’s performance.  This view is unfortunate. While quality of leadership and culture does not fit in a neat little box that an auditor or risk manager can check off, its impact on specific areas such as fraud prevention, corporate reputation  as well as the general long term health and success of an organization has been proven during this crises.

Leadership and culture of an organization have always had a profound impact on risk management by:

  • Shaping the behavior of people on a daily basis
  • Informing the decisions made by managers
  • Defining the kind of risks that an organization will accept and the opportunities that it will pursue
  • Determining  if a company is willing to swim against the tide, when everyone else in the industry is out there making outsized profits in what might potentially be an unsustainable  bubble.

Culture in turn is shaped by the attitudes,  experiences and mental models of the top leaders of an organization. Do leaders promote an open culture where information flows freely rather than being hoarded?  Are people in your organization afraid to share bad news in the fear that “the messenger will be shot?” These are essential questions that need to be addessed to determine the cultural health of an organization.

The last couple of years have been especially challenging for companies faced with the worst economic crisis in decades. Organizational culture comes under great pressure during times of intense change including downsizing, M&A, layoffs etc.  A manager  at a company going through severe turmoil and layoffs, recently likened the experience of going to work every day to going into a battlefield. He said “you do  not know whose turn it was to get fired, and everyday could well be your last at the company.” Not managing the crises’ “moments of truth” with sensitivity and honesty can expose organizations to risk of depleted employee morale and weakened corporate performance.

Leaders can shine and guide their organizations effectively even in these trying times, by articulating clearly, respectfully and transparently the need for the  changes and how  the organization plans to emerge stronger as a result. Ultimately the key to building a healthy organization culture rests with the leaders and the tone they set for the company. It is therefore essential for leaders to get personally involved in building an ethical, transparent organization where a free flow of ideas and focus on excellence is a way of life.

Entry filed under: Corporate Governance, Enterprise Risk Management, Internal Controls, Leadership and Culture.

IIA Gain Report on Top Ten Risk Management Imperatives for Internal Audit 7 questions to assess your customer management risks

9 Comments Add your own

  • 1. Krish  |  December 31, 2009 at 4:40 am

    I would only agree in part. The element of transparency is a bit tricky. You certainly can’t empty your thought bucket on all levels of organization in a given context since the levels of interpretation varies. It has to be one leak at a time and that means you are not entirely transparent. Your front end salesman or your dealer may not construe your messages in the same way your secretary gets behind it.

    My point – Every leader should have a fair grip on the organization’s stakeholders and their varied interests and communication will have to be customized to those different interest groups in ways that are rightly understood, without diluting the basic idea. It is important to recognize the plurality of organizational culture and cater to each of those if the long term vision is to be achieved.

    • 2. riskadvisor  |  December 31, 2009 at 4:17 pm


      Thanks for your comments. I agree that the message has to be tailored to the audience, but its essence should be the same, truthful and consistent.


  • 3. Dipak Thakker  |  December 31, 2009 at 5:56 am

    The observations are very pertinent.

    In a broader sense, effective risk management is a dynamic process involving the whole organization, and not confined to any specific function.

    If that be so, the role of leadership and organizational culture assumes great importance in not only setting the right tone at the top and sustaining a sound control environment but letting the organization respond effectively and quickly to unpredictable events.

    Any change in corporate attitude, open-mindness, encouraging and listening to alerts and bad news, and building the results of bad news into company forecasts, etc has to come from the top.

    • 4. riskadvisor  |  December 31, 2009 at 4:15 pm


      Thanks for your comments.

  • 5. Allan E. Dean  |  January 4, 2010 at 4:51 pm

    Thank you for sharing! Excellent observation: Culture + Leadership = Appetite for Risk (influences Risk Governance).

    • 6. riskadvisor  |  January 5, 2010 at 2:53 am

      Thanks Alan. Your equation is very apt.

  • 7. Warren Levy  |  January 5, 2010 at 2:47 am

    I think the point about how organizations behave during “moments of truth” is especially important. During crises, organizations often show their true character. Time compresses, stakes rise, and everyone is watching. It’s a great time to reinforce strong values, or a rotten time to demonstrate lack of character.

    I think transparency often is misunderstood. It isn’t about telling everything to everyone all the time. I like what Larry Bossidy once said, “Candor is a way of treating employees with dignity.” Most internal and external audiences recognize that limitations on what is revealed and when make perfect sense. That said, many organizations unnecessarily withhold information almost as a reflex. Many organizations simplify information to the point of meaninglessness, when it is more effective and valuable to provide more rather than less; it demonstrates respect and those who understand more will share and explain to others. For me, transparency involves candor and respect: how can we reveal as much of what is important as we properly can and make it as accessible as possible? When your culture believes in the values of candor and respect, it naturally tries to be usefully and appropriately transparent. More authoritarian cultures likely will view transparency as a burden, intrusion or threat.

    • 8. riskadvisor  |  January 5, 2010 at 3:04 am

      Thanks Warren for your excellent feedback.

      I completely agree that there has to be a fine balance struck between transparency and the need to know. I have seen in the current economic crisis, some especially poor examples of communication both overcommunicating and information hoarding leading to disastrous consequences.

      My overall point though is that information flow in the company is enhanced by an open and fair culture and the leadership sets the tone to create this culture. This is crucial to quickly identify events that pose potential risk at the frontline and communicate to the appropriate levels within the organization so that actions can be taken promptly to manage the risks. Unfortunately, that is an ability that few organizations have demonstrated in the recent past.

  • 9. Ken Simpson  |  January 7, 2010 at 11:47 am

    Great post, thank you. Also some very good discussion here.

    I particularly liked the equation that is posted above. You could perhaps substitute a couple of different labels into the “equals” part!

    One such label that I have been researching a lot recently would be the concept of “resilience” – could also be described as a function of “culture + leadership”.

    And similarly may researchers describe it as an “emergent” property of an organisation- one that can only really be determined in the aftermath of a serious impact. This is no doubt consistent with any of the softer attributes of organisations and management.

    Great point in the comment above about open flow of information and communication – the desire to “spin” the message and only ever report good news seems to have become a new management philosophy.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 26 other followers

%d bloggers like this: