Rate your risk culture!

Risk culture self-assessment questions

Establishing a culture in which the right people do the right thing at the right time, regardless of the circumstances, is critical to an organisation's ability to seize the right opportunities. Where does your organisation stand in terms of how it manages risk?

1. The processes and controls we operate are appropriate to the risks we face.
2. How I perform on risk issues is an important part of how my job performance is assessed.
3. We have an effective system for reporting risk information from across the organisation.
4. Our managers get the information they need about risk before making important decisions.
5. We are either a relatively young company, or a complex company, or going through a lot of change.
6. Managers in my organisation encourage candid reporting of risks.
7. There is a high level of consensus across the organisation about the level of acceptable risk.
8. We reward our people appropriately for adherence to an ethical code of conduct as well as achieving business results.

Smart Player

The smart player is consciously competent. It's typically a company with good risk controls and good risk managers. But though its risk management skills are strong, they aren't yet 'second nature'. The people who work for it understand the kind of risks and amount of risk they can take, but risk management is something they still have to think about.

Instinctive Expert

The instinctive expert is unconsciously competent. It has defined the risks it's prepared to assume, built robust risk-information and monitoring systems, and communicated its attitude to risk to everyone in the organisation. Risk management is now so completely embedded in the business that it's automatic. Everyone knows what to do, and does it as a matter of course.

Anxious Operator

The anxious operator is consciously incompetent. It's a company that is well aware of the risks it faces, but it either hasn't got the right people, procedures or measures for managing risk or else it's still struggling to implement them. It's likely to be a new company or one that's going through massive changes, so management has other things on its mind. But the longer the company 'muddles through', the bigger the problems will become.

Inadvertent Amateur

The inadvertent amateur is unconsciously incompetent. Such a company doesn't even know what it doesn't know or can't do well. It doesn't understand the risks it faces (although it may believe that it does), and has no systems, processes or controls in place to manage risk effectively. Its exposure to risk is typically very high, and it's probably heading for a crisis.

Your Results:


Smart Player

You have IT systems that provide you with reliable, up-to-date information about the risks your business is facing, you regularly assess those risks and you’ve established robust processes for managing them. You've also ensured that your employees understand the kind of risks and amount of risk they can take. But risk management is something they still have to think about. It's not automatically engrained in everything they do.

Instinctive Expert

You've defined the risks you're prepared to assume, built reliable systems for capturing information about your risks and put processes in place for managing those risks consistently. You've also drafted a code of conduct, communicated your attitude to risk to everyone in your organisation and established a remuneration scheme that encourages adherence to the ethical standards you espouse. Risk management is now so completely embedded in the business that it’s instinctive. Everyone knows what to do, and does it as a matter of course.

Anxious Operator

Your organisation is in the midst of significant structural shifts, perhaps as a result of changes to your business model or a recent merger. Your senior management and risk management officers have a pretty good idea of the risks, but you lack consistent risk management systems and controls across all your operating units.

Inadvertent Amateur

Your company may be quite young and still struggling to establish itself. Or maybe senior management is simply preoccupied with surviving the current economic recession. But, in either case, you probably don’t spend much time thinking about risk. You don't have any systems, processes or controls in place to manage risk effectively, and you don’t have a clear sense of where the dangers lie.

  
 

Steps towards improving your position


Your business is in a stronger position than most, but you can’t afford to rest on your laurels. You should consider assessing your corporate culture to identify any factors that could be changed to embed risk management more effectively. Employee surveys and customer feedback are both valuable sources of information, but don’t ignore the tacit clues – the rituals, norms, informal networks and other such features that can undermine a company’s overt goals and prevent risk management from becoming ‘second nature’. You should also review the training, remuneration and incentive schemes you use to ensure that they reinforce the sort of behaviour you want.
Your organisation is the exception to the rule. You’ve done everything you can to safeguard your business and mitigate the risks it currently faces. You should continue to monitor your risks and keep an eye out for any new risks, including risks that emerge as a result of operational changes, geographic expansion, new laws or regulations and the like. You should also ensure that your systems for capturing information about risk remain up-to-date, but you are in a much stronger position than most of your peers.
The first step you can take to improve your position is to map and analyse your exposure to the key risks you face. You can then work out which corporate structures, systems and processes need to be changed to close the gaps. You may need to hire new people to assist you with this change. You will certainly need to undertake some training and adjust the way in which your people are measured and rewarded. Don't forget to set up a mechanism for assessing the improvements you make.
The first thing you should do is identify the key risks your business faces and rank them in order of importance. You should also look at how other companies tackle such risks, to see whether there's anything you can learn from best practice elsewhere. Then you should start developing systems and processes for managing your biggest risks. You may need to hire new people to help you establish suitable controls. You will certainly need to provide your existing employees with training and make sure that they know what's expected of them. You may also have to change the way in which you reward them, because people don't behave differently unless they have an incentive to do so. Lastly, you'll have to measure how well you're doing and take corrective steps, if necessary.
  

Start a Conversation

A PwC risk management expert can help you analyse your organisational culture, identify any weaknesses and rectify them.

If you would like to discuss your situation and how to create a risk-aware culture in more detail, please click here to share your diagnostic results with a local expert who will be in touch shortly.
A PwC risk management expert can help you identify and understand the implications of new rules and regulations with a bearing on your business, and develop suitable systems and processes for managing the resulting risks.

If you would like to discuss your situation and how to create a risk-aware culture in more detail, please click here to share your diagnostic results with a local expert who will be in touch shortly.
A PwC risk management expert can help you ensure that your employees understand the practical and ethical guidelines within which you expect them to operate.

If you would like to discuss your situation and how to create a risk-aware culture in more detail, please click here to share your diagnostic results with a local expert who will be in touch shortly.
A PwC risk management expert can help you analyse your main risks, establish a robust risk management infrastructure and ensure that your employees understand the practical and ethical guidelines within which you expect them to operate.

If you would like to discuss your situation and how to create a risk-aware business in more detail, please click here to share your diagnostic results with a local expert who will be in touch shortly.

Download the paper

Get up to speed on the 5 steps towards building a risk-aware culture for success.
Download (PDF, 587 kb)

Download your results

Please click here to download your assessment for personal use.
Please click here to download your assessment for personal use.
Please click here to download your assessment for personal use.
Please click here to download your assessment for personal use.

Start a Conversation

    Would you like to discuss your results in more detail? For an exploratory chat with one of our locally-based specialists about how to make your company more risk aware, simply forward your results to us. We will need some additional information, which will only be used to help us to connect. We'll be in touch shortly.

Note: Fields marked with an asterisk are required.

Your information
*Your name:
*Your email address:
Your telephone number:
*Your region:
 

Your company's information
*Company name:
Your role within the organization:
 
 

Contacting you
When is the best day to contact you?
When is your time zone?
When is the best time to contact you?
What is the best way to contact you?
 
By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about our contacting you, just send us an email message using the Contact Us page.