Culture and its Importance in Risk Management - Research Paper Example

 Analyze the concept of "Culture" and its importance in risk management Introduction The purpose of anthropologists is not simply to collect and record information about different cultures from all around the world. Rather, like other scientists, anthropologists try to simplify the cultural trends into theories that are applicable to all communities. Culture has been defined from a number of perspectives, and even amongst anthropology, there is no single definition at which all anthropologists agree upon. One of the most widely accepted definitions of culture was put across by Edward Tylor more than a century ago. He defined culture as the “complex whole which includes knowledge, belief, art, morals, law, custom, and any other capabilities and habits acquired by man as a member of society” (Ferraro, 2007, p.20). Moreover, another concept associated with culture is that it is a learned attitude, rather than one acquired through genetic means. From the viewpoint of business, culture emerges in two important aspects: organizational and corporate. There are four main layers of culture, as proposed by Wagner (2009, p.2). Wagner (2009, p.2) is of the viewpoint that culture is present at every level of activity, be it national or within the industry. National culture forms the outermost layer, with business/industry culture being its subset. Company culture forms the third layer, and individual culture is the core of the layers of culture. This paper discusses the concept of culture in industries and businesses, and the role that it plays in risk management. The paper explores the importance of culture in risk management through examples of organizations who have been through situations which highlighted the need to have a healthy culture at the organization. The Role of Corporate Culture Corporate culture is integral to the development of healthy attitudes regarding the company. This can be established from the fact that corporate culture tends to dictate and influence the way the owners and employees of the organization believe, feel and act. It is not necessary for corporate culture to be articulated in the form of a mission statement; corporate culture, whether spoken or simply comprehended, is reflected in the mission statement of the company, or a corporate symbol unique to the company. According to Entrepreneur (2010), corporate culture has immense influence on the success of the business. Corporate culture can be used to foster and bring out the values and practices that owners want to see in the work and performance of their employees. Corporate culture has been termed as strategy in action by Dunphy, Griffiths and Benn (2003, p.292). Corporate culture arises out of the collective experience of the employees of an organization. It is needed by them to comprehend the stream of events occurring at the organization in order to make sense of their job and to bend themselves accordingly so that they can adjust better to the work environment of the organization. Since culture helps to articulate the action of the employees, it is the responsibility of the owners to integrate greater meaning to the work environment. This is vital for making the process of cultural redefinition stronger, aimed to make organizations more sustainable (Dunphy, Griffiths, & Benn, 2003, p.292). The Attributes of Business Culture On the international arena, businesses benefit greatly from culture. Culture influences the way strategic approaches are formulated and put into action. Moreover it also has a significant role to play in decision-making, management and negotiations. In fact, culture has an impact on all aspects of business, from accounting to production management. Since culture is unable to explain all the differences from one organization to other, one can deduce that culture is a human-created component of the environment (Paul, 2008, p.151). In order for an enterprise to generate a competitive advantage, a culture must have three main characteristics. Firstly, as described earlier, value and meaning should be ascribed to the culture; the culture must be meaningful enough to shape the strategies that are needed for better financial performance. Secondly, the culture must be unique to the organization; this means that the culture should not be one that is also present in other organizations in the same industry. The third attribute that cultures must possess in order to give the organization an edge in the competition is that it should not be perfectly imitable. This follows that organizations that do not have that culture cannot easily copy and reproduce it. It should be noted that there are other factors that also influence the values of culture, and it is essential to override them in order to benefit maximally from the development of the aforementioned culture (Basole, 2008, p.80). Risk Management Defined Culture also has a significant impact on risk management. Before considering this relationship, it is necessary to define risk management and understand its various features. Risk management refers to the process of controlling outcomes “to a known and predictable range of gains and losses” (Carew, 2010). Risk management entails steps taken to gain a deeper understanding and insight into the functioning of the business and the risks and exposures that need to be addressed in order to safeguard the value of the enterprise. The next stage is to analyze and evaluate the factors that can influence the norms and hence the normal functioning of the business and their degree of severity and impact. It also follows that procedures are devised in order to negate the negative impact of these risks and ways to prevent them from hampering the working of the business in the first place. When researching the character and nature of the risks, it is also important to decide upon which instruments need to be used to avert the risk, and if a natural hedge exists that can be used to eliminate the possibility of any damage (Carew, 2010). Once the risk management strategy has been devised and implemented, it is necessary to regularly review it in order to make it more effective. Integrating Risk Management into Culture The need to incorporate effective risk management strategies into the culture of the organization stems from the requirement to counter the challenges posed by operational risks. In order to formulate approaches to deal with such risks, it is incumbent for employees to follow a risk management culture which stresses on the management of risks on the level of the individual work practice of the employees. Management of risk thus becomes a component of the routine activities of the employees. The aim of introducing a risk management culture is that all the employees and managers are on the lookout for risks that can arise out of their routine activities. Moreover the risk management culture would also make the managers take into account all the risks that are associated with decision-making, thus leading to more effective decisions with a lower probability of going wrong. The importance of adopting a risk management culture is accepted by most service delivery organizations. However, most of them report that it is often cumbersome to follow the risk management protocol fully (Microsoft, 2010). At the start of the project, due importance is paid to the management of risks but as the project proceeds, it is seen that the process of risk management is not sustained. The reasons identified for the lack of sustainability of the risk management process are time constraints along with the notion that no step can be taken to deal with the identifiable risks, the belief of the employees that identifying risks would result in the wrong impression being relayed across to the higher authorities and may lead to retribution against them, and a concern that identifying risks will produce a negative impression on the shareholders and executives (Microsoft, 2010). The underlying cause for these reasons lies in the attitude of the higher authorities. The management fails to instill the importance of effective risk management as part of the culture of the organization. A cause for such failure of the management is that the management itself is not able to comprehend the significance of risk management culture. Consequently sufficient resources are not set aside for risk management (Microsoft, 2010). When resources are limited, the attention shifts to more pressing problems that can be dealt relatively easily with the available resources. Risk Management Standards- Application to Business Culture Various standards are in place for risk and crisis management; these include the COSO (Committee of Sponsoring Organizations of the Treadway Commission), PAS 56 Standard for Business Continuity and Business Continuity Institute and Disaster Recovery. An Accountability standard AA1000 also exists for the purpose of encouraging accountability and making organizations more sustainable. In the current century, accountability focuses both on the principles of quantitative and qualitative data collection to make the performance of the business better. The Accountability Standard is the first of its kind to cover all aspects of the organization’s performance. The Standard has three main core elements. Materiality is concerned with the judgment if the accountability report does not leave out any aspect of its performance. Completeness is a measure of whether the report is complete in all its aspects such that a clear image of the performance of the organization can be presented to the shareholders; it also deals with the accuracy of the information reported. Responsiveness covers the steps taken by the organization in response to the concerns of the stakeholders. Another standard being adopted by organizations that focuses specifically on the development of risk management culture is the ISO 26000 - Social Responsibility Guidance Standard. The Standard aims to chart out the conventions of social responsibility expected of the employees, as approved by the United Nations and the International Labor Organization. There are also a number of tools that are adopted to encourage transparency in the organization. The Global Reporting Initiative is one such tool that provides the Sustainability Report Guidelines to assist organizations in what subjects they should report on and what approach should be taken to report comprehensively and accurately (Global Reporting Initiative, 2010). Sustainability reports are important for averting risks that arise out of law suits filed by stakeholders. They help to curtail the possibility of damage being inflicted upon the company by consumers and other concerned parties who are not informed about the negative results of the performance when they are lawfully required to be. Therefore sustainability reports are a rich source of information. The best reports are those that strike a balance in the reporting of both the positive and negative results of the performance of the company (Global Reporting Initiative, 2010). Risk Management at the IAG The Insurance Australia Group Limited (IAG) is a good example of risk management in practice. Risk management at IAG has developed over the passage of years to reflect on the core values and practices of the company. The risk management process of the company places great stress on the measurement and pricing of risk (Sutherland & Hackman, 2005). Therefore the culture approach being adopted by the company focused on the measurement of risk not only through leadership communication, mission statements and policies and training sessions but also through the regular and precise recording of the risks so that they can be studied in greater detail by the management. As a result, the risk culture became central to the work stream of activities, rather than an extra add-on (Sutherland & Hackman, 2005). The company established the risk management and compliance and audit committees in 2001, with Tony Coleman being the chief risk officer. In the first couple of years since the formation of the committees, risk management was not an integral component of the IAG operations. However, with the introduction of new prudential regime, namely APRA, and a new consumer protection regime, namely the ASIC, the company was made to reevaluate its risk management culture (Sutherland & Hackman, 2005). These changes were associated with the introduction of the ASIC’s Financial Services Reform (FSR). The FSR led to many changes in the functioning of the business, and the company soon realized that the FSR was essentially a change management project. The changes that were introduced included that the managers learn to give bad news, the staff learns to provide help and efficient customer service without giving advice as it did in the past, and greater acceptance towards mistakes made by the staff and encouraging them to report their mistakes without fear of retribution. Therefore the company set up two more risk management committees and introduced risk culture ‘from the top’ (Sutherland & Hackman, 2005). The company also developed a risk management behavioral model, characterized by prevention and detection of the risks at the level of the activities of individual employees, and recovery and continuous improvement of the identified risks (Sutherland & Hackman, 2005). Such a model helped the employees realize what expectations were associated from them. Moreover, they were encouraged to undertake training in order to perform better at their jobs and avert risks, as well as be more comfortable in reporting risks. Currently, the risk management culture at the IAG is based on the strategy of being proactive. This entails that the employee has a number of responses to choose from, which can be used to identify and avert possible risks (Sutherland & Hackman, 2005). Lack of Effective Risk Management: 9/11 Disaster Over the passage of time, risk management has become yet more complex. The events of the 9/11 disaster are evidence of the fact that the traditional policies of risk management need to be revised. The reason why the 9/11 disaster was able to wreak such havoc can be traced back to the lack of appropriate attention being given to the management of risk. The policy of the US government did not deal adequately with the possibility of terrorism. More importantly, it was the lack of imagination of the leadership that opened up a huge risk and made the incident possible. Elaborating further, the emergence of Al-Qaeda generated challenges for the US government that it was not well-designed to meet. The threat posed by the terrorist group was not the center of debate among the public, or the media or the Congress (National Commission on Terrorist Attacks Upon the United States, n.d.). Also, there were flaws in the response offered by security agencies after the attack. One major weakness was the insufficiency of the FBI to correlate the collective information of the agents in the field to national priorities (National Commission on Terrorist Attacks Upon the United States, n.d.). The management also did not take concrete steps to avert the possibility of a terrorist attack. The missed opportunities to curb the potential risks are representative of the inability of the government to adapt to the new challenges presented by the changing times and to take all the potential risks into account (National Commission on Terrorist Attacks Upon the United States, n.d.). This shows that the government did not incorporate an effective risk management culture that covered all aspects of identifiable and potential risks. Conclusion Thus one can assimilate from the above discussion that culture is an integral part of the organization. Also, risks are an inherent part of the business cycle and it is essential to take concrete steps for their management. One way of doing this is to incorporate risk management into the culture of the organization. This means that the employees identify and take steps to thwart risks that arise during the process of their daily activities. Risk management is vital for the sustainability of the business. Various Standards are in place to make the functioning of the business more efficient by promoting transparency and accountability, thus averting the possibility of risks that can occur due to hiding the negative performance of the company. The risk management culture at the IAG demonstrates the benefits of incorporation of risk management at the level of the routine employee performance. Conversely, the 9/11 incident in the US shows how disastrous lack of adequate risk management can be. Therefore one can conclude that risk management culture helps to cover risks by “imagining the unimaginable” (Sharon, 2006). Reference List Basole, R. C. (2008). Enterprise Mobility: Applications, Technologies and Strategies. IOS Press. Carew, (2010). Risk management. Retrieved from http://www.anz.com/edna/dictionary.asp?action=content&content=risk_management Dunphy, D. C., Griffiths, A., & Benn, S. (2003). Organizational change for corporate sustainability: a guide for leaders and change agents of the future. Routledge. Entrepreneur. (2010). Corporate culture. Retrieved from http://www.entrepreneur.com/encyclopedia/term/82104.html Ferraro, G. P. (2007). The Cultural Dimension of International Business. Pearson Education India. Global Reporting Initiative. (2010). The GRI Guidelines| An Executive Summary. Retrieved from http://www.globalreporting.org/reportingframework/reportingframeworkdownloads/reportingframeworkdownloads.htm Microsoft. (2010). Creating a Risk Management Culture. Retrieved from http://technet.microsoft.com/en-us/library/cc539244.aspx National Commission on Terrorist Attacks Upon the United States (n.d.). THE 9/11 COMMISSION REPORT. N.p. Paul, J. (2008). International Business (4th ed.). PHI Learning Pvt. Ltd. Sharon, B. (2006). The elusive ‘risk culture’. Retrieved from http://www.continuitycentral.com/feature0306.htm Sutherland, P., & Hackman, K. (2005). Risk management in practice: risk culture at IAG. Retrieved from http://www.riskmanagementmagazine.com.au/articles/a9/0c030ca9.asp Wagner, T. (2009). Foreign Market Entry and Culture. GRIN Verlag. Read More