Cultivating a Risk Intelligent Culture A fresh perspective

Similar documents
CFOs: The catalyst for integrating strategy, risk and finance

A framework for a better future. Response to ASIC Consultation Paper 247 on Review and Remediation Programs

Managing your career Faster, higher, stronger

Audit quality Independent Audit

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Tasmanian Economic Update. David Rumbens Partner, Deloitte Access Economics 27 th May 2016

Global trends for community services in Western Australia

Western Australian Public Sector Reform The technology dimension of amalgamations

Digital finance The new superhero

The people dimension of amalgamations. Machinery of government The people dimension of amalgamations. Three part series

A shared horizon Reconciliation Action Plan

The road to an expert sustainability report Certified GRI training

Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

Private Equity Making more returns. Differentiated Due Diligence

Evaluating Many Rivers Microenterprise Development Program. 2nd Interim Outcomes Evaluation November 2014

Guide on AASB 16 Technology solutions AASB 16 Leases

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

Extracting business value through operational intelligence

A hive mentality Collaboration lessons for Australian oil and gas

Risk appetite: bitten off more than you can chew?

Generating value within the Risk Ecosystem Risk powers performance

The journey to successful business partnering

Human Capital Business led. People driven.

Corporate Governance Board Effectiveness Reviews

Board Evaluation Is your Board ready for SREP governance reviews? Deloitte Malta Risk Advisory - Banking

Auditing culture and risk culture in financial services firms. Making the intangible, tangible and auditable

Making culture count. Strengthening culture for better risk and compliance outcomes. February 2018

Non-Financial Risk Management Insights Series Issue # 2 Risk Appetite

Stakeholders. Shareholders. Societal licence Shareholders Corporate governance. Viability. Corporate governance reform

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

Kenya Human Capital Trends, 2015 Leading in the new world of work Deloitte Consulting 1

SREP Transformation The Deloitte approach. Deloitte Malta Risk Advisory - Banking

2015 Global Human Capital Trends Leading in the new world of work. January 2015

Board Effectiveness and Culture

Revenue matters Is Australia ready for AASB 15?

Risk Advisory Services Developing your organisation s governance for competitive advantage

Introduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance

EMEA TMC client conference Tax Operating Model defining your tax resourcing, governance and technology approach. The Crystal, London 9-10 June 2015

EMEA TMC client conference Developing a tax technology architecture. The Crystal, London 9-10 June 2015

Dutch Banking Supervision on Conduct and Culture Deloitte Dublin 26 June 2018

Reimagine everything Accelerate digital enterprise transformation

Business Succession Planning It s Never Too Soon. Kate Ahern Partner, Deloitte Private Wednesday 21 October 2015

Risk reduction? Value creation?

The New Lease Accounting Standard Made Easy With Deloitte and SAP The latest lease accounting standards require new insights and an extension of your

STANDARD ON INTERNAL AUDIT (SIA) 7 QUALITY ASSURANCE IN INTERNAL AUDIT *

Creating a Risk Intelligent Enterprise: Risk governance

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Building an Insight Driven Organisation March 2017

Talent Management in Growth Markets: China

FSI Governance Board effectiveness Insights & (emerging) best practices. EcoDa 25 October 2017

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Going beyond risk and compliance: Legal functions embracing digital

Non-Financial Risk Management Insights Series Issue # 1 Risk Taxonomy and Risk Identification

IT packages for Solvency II Deloitte 2014 market survey

November Culture: what does it look like and how does it impact risk management?

Returned & Services League of Australia (Queensland Branch) State Congress Governance Presentation

Open banking. Potential pricing implications

The compliance investment

Open banking. Potential pricing implications

Many Hats: Audit and Risk Committee Series

Model Risk Management A Southeast Asia Perspective

Deloitte Private CBC SME Survey Summary of key findings

Workplace Safety and Insurance Board (WSIB) Value for money audit Return To Work (RTW) Services and Nurse Consultant (NC) Program Draft for

The Deloitte CFO Transition TM Lab

Enterprise Risk Management in Health Care

The Fourth Industrial Revolution Is Here Are You Ready? Key findings

Predictive Project Analytics 2.0 Keep your project on target with Deloitte s data-driven insights. Risk Advisory

Headline Verdana Bold Build your own board potential What it means to be a board April 2018

Business Plan

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

HR Metrics and Model for Modern Times

Deloitte Ireland Conduct Risk, Culture and Reg-tech Breakfast Briefing June 2018

Industry 4.0: Building the digital enterprise

kpmg.com/au/dynamicaudit

Time to take action IFRS 16 Leases

High-Impact Succession Management The Performance Model: Key Drivers and Talent Outcomes Andrea Derler, Ph.D., Research Manager, Leadership &

CFO Perspectives CFO Speaks

Developing an effective governance operating model A guide for financial services boards and management teams

The Australian Fitness Industry Report 2012

MANAGING RISK AT SUNCORP

CONTACT. Macquarie University NSW 2109 Australia CRICOS Provider 00002J

Beyond compliance. Gaining competitive advantage through risk data excellence

Talent Management in Growth Markets: India

Increasing the Intensity and Effectiveness of Supervision

Building an. Effective Board

EY Pay Perspective Executive and Board. Remuneration Report: Turbulent times in executive remuneration

Governance in a multidimensional environment

IT packages for Solvency II Deloitte 2014 market survey

Risk Management Implementation Plan

Bringing Solvency II alive in the boardroom are you doing enough?

Strategic Moves Managing a Global Workforce

Reimagine Collections and Disputes Proactively identify and manage issues with machine learning

Future Freight Scenarios Study, Presentation to Business NZ. Liesbet Spanjaard and Ros Warburton 10 August 2015

Talent Management and Leadership in the Mid-Market Charting a Course for Change

The 2016 Deloitte Millennial Survey. Australia - Country Report 17 January 2016

Heightened standards for compliance risk management. Lines of defense compliance s role

Management Capability Index India 2016 report Executive summary

Deloitte Shared Services Conference 2018 Lab: Analytics 101: A guide for beginners Natalie Williams, Christina Ablewhite and Stephanie Maru, Deloitte

Making Sense of Millions of Moving Pieces Transforming enterprise asset management to deliver information transparency and instant insights

Credit management Because a sale is a gift until it is paid. Financial resources

Transcription:

Cultivating a Risk Intelligent Culture A fresh perspective October 2012

Why culture? In managing risk effectively it is important to understand what drives behaviours towards risk As the Global Financial Crisis unfolded, it became evident that cultural misalignment played a large role in organisational failures. An organisation s culture determines how it manages risk when under stress. For some organisations, their risk culture is a liability, while for others it facilitates both stability and a competitive advantage. 2

Process follows culture Organisations wishing to better manage risk should consider establishing a Risk Intelligent Culture There is no one-size-fits-all solution to risk. How a business manages its risk should be aligned with and should support its strategy, business model, business practices, risk appetite and risk tolerance. This is especially true in the financial services industry, where significant risk-based decisions are being made by businesses every day. Essentially, a Risk Intelligent Culture exists within an organisation when its employees understanding, and their attitudes toward risk, lead them to consistently make appropriate risk-based decisions. Consequently, risk culture drives the behaviours that influence day-to-day business practices, and is a significant indicator of whether the organisation embodies the characteristics of a Risk Intelligent Enterprise. A robust and pervasive risk culture throughout the firm is essential. This risk culture should be embedded in the way the firm operates and should cover all areas and activities, with particular care not to limit risk to specific business areas or to have it operate only as an audit or control function. Cultivating a Risk Intelligent Culture A fresh perspective 3

Understanding risk culture Risk culture encompasses the general awareness, attitudes, and behaviours of employees towards risk and how risk is managed. Risk culture is a key indicator of how widely risk policies and practices have been adopted Having a Risk Intelligent Culture means that everyone understands the organisation s approach to risk, takes personal responsibility to manage risk in everything that they do, and encourages others to follow their example. Codes, systems, and behavioural norms should be aligned to encourage people to make the right risk-related decisions, and exhibit appropriate risk behaviours. The first step is to understand the existing risk culture and measure how well it supports the organisation s risk strategy and risk approach. Deloitte s Risk Culture Framework and corresponding Risk Culture Survey provide a structure and process to help clients in their efforts to achieve this measurement. Key characteristics of a Risk Intelligent Culture Commonality of purpose, values and ethics: Universal adoption and application: A learning organisation: Timely, transparent and honest communications: Understanding the value of effective risk : Responsibility individual and collective: Expectation of challenge: People s individual interests, values, and ethics are aligned with those of the organisation s risk strategy, appetite, tolerance, and approach. Risk is considered in all activities, from strategic planning to day-to-day operations, in every part of the organisation. The collective ability of the organisation to manage risk more effectively is continuously improving. People are comfortable talking openly and honestly about risk using a common risk vocabulary that promotes shared understanding. People understand, and enthusiastically articulate, the value that effective risk brings to the organisation. People take personal responsibility for the of risk and proactively seek to involve others when that is the better approach. People are comfortable challenging others, including authority figures without fear of retribution. Those who are challenged respond positively. 4

Measuring risk culture A focussed assessment is needed to fully understand an organisation s current risk culture and to track progress of cultural change Deloitte s Risk Culture Framework Deloitte has developed a broad approach to help clients assess and measure risk culture based on our Risk Culture Framework. The framework consists of sixteen Risk Culture Indicators aligned to the four Risk Culture Influencers. A Risk Culture Survey allows us to measure an organisation s risk culture against each indicator and then analyse and gain a thorough understanding of the current maturity level of the risk culture. Once we have done so, we can then use the Risk Culture Framework to identify and recommend specific target areas in order to help strengthen the risk culture throughout the organisation. Risk competence Learning Skills Knowledge Strategy & objectives Values and ethics Organisation Policies, processes and procedures Recruitment and induction Performance Risk Culture Risk governance Challenge Motivation Risk orientation Incentives Accountability Communication Leadership Management Relationships Risk Culture Influences Risk competence The collective risk competence of the organisation. Motivation The reasons why people manage risk the way that they do. Relationships How people in the organisation interact with others. Organisation How the organisational environment is structured and what is valued. Cultivating a Risk Intelligent Culture A fresh perspective 5

Strengthening risk culture Strengthening an organisation s risk culture requires both a focussed effort and the direction of leadership The initial focus should be on building cultural awareness, predominantly through communications and education. Cultural improvement will be likely to require meaningful changes to established ways of operating. Once the desired risk culture has been established, the organisation should continually refine it to reflect ongoing changes in business strategy. It is important to recognise that this road map focuses on the cultural aspects of risk. To achieve a strong, effective and intelligent risk culture, all the components of a formal risk structure should be implemented and adopted by the organisation. Risk culture influencers Road map for continuous cultural improvement Organisations Relationships Motivation Risk competence Build risk competence: Risk function Existing employees New employees Future employees. Align motivational systems: Incentive systems Reward systems Performance systems Individual and team accountabilities. Strengthen relationships: Leaders to manage Leaders/managers to employees Peer to peer Risk function to business. Promote organisational risk infrastructures: Governance and reporting protocols Procedural protocols Behavioural and ethical expectations Compliance expectations. Enablers Cultural awareness: Deliver communications from leadership using a common risk vocabulary Clarify risk responsibilities and accountabilities Roll out risk general education and customised training based on role Establish risk induction programs Refine recruitment methods to include risk capabilities. Cultural change: Create a culture of constructive challenge Embed risk performance metrics into motivational systems Establish risk considerations in talent processes Position individuals with the desired risk orientation in roles where effective risk is critical Reinforce behavioural, ethical and compliance standards. Cultural refinement: Integrate risk lessons-learned into communications, education and training Hold people accountable for their actions Refine risk performance metrics to reflect changes in business strategy, risk appetite and tolerance Reposition individuals to reflect changes to business strategy and priorities. Leadership commitment: Secure the buy-in and commitment of the leadership team including executives and the board Communications: Communicate program goals to all stakeholders, and proactively seek out feedback Measurement and reporting: Establish an objective measurement of the organisation s risk culture and report on it regularly Program : Manage as a program of change, including coordinating with other relevant change initiatives 6

Reporting risk culture Risk culture metrics should be included in regular risk reporting to the board and. These quantitative cultural metrics should also be linked to other traditional risk metrics that comprise both leading and lagging organisational cultural indicators Sample Risk Culture Report XYZ Corporation Risk Management Metrics XYZ Corporation Risk Culture Metrics We are continuing to experience the gradual strengthening of our risk culture across the organisation as a whole. This follows the significant decline that we experienced in 2009 resulting from the insurance business acquisition in Europe that completed in late 2008. Related to this, we remain significantly below leadership s cultural expectations in our European Insurance business. We still have a number of leadership and integration related challenges remaining (notably in France, Spain and Italy). Addressing these is one of our top priorities. In terms of cultural leading practices, Asia Pacific continues to serve as a model and we are in the process of codifying a selection of risk practices from our Australian business and will pilot them in other geographies in late 2012. Organisational risk culture (0 100) 66 64 62 60 58 56 54 Cultural influencers (0 25) 25 20 15 10 5 0 60.6 64.3 62.6 Acquisition of the European Insurance Business 55.2 56.1 56.4 59.2 2008 2009 2010 2011 2008 2009 2010 2011 60.7 Divisions (0 100) 70 60 50 40 30 2008 2009 Regions(0 100) 70 60 50 40 30 2010 2011 2008 2009 2010 2011 Insurance Corporate bank Retail bank LATAM APAC EMEA Compliance with mandatory training requirements (0 100) 100 95 90 85 80 2008 Divisional managers with risk weighted performance metrics (0 100) 80 60 40 20 2009 2010 2011 0 2008 2009 2010 2011 Limit breaches* 30 25 20 15 10 5 0 2008 2009 2010 2011 Risk competence The collective risk competence of the organisation. Motivation The reasons why people manage risk the way that they do. Relationships How people in the organisation interact with others. Organisation How the organisational environment is structured and what is valued. Strongest risk culures Country 1 (79%) Country 2 (72%) Country 3 (71%) Weakest risk culures Country 4 (42%) Country 5 (41%) Country 6 (40%) Real-time cultural metric Leading cultural indicator * Lagging cultural indicator Source: Deloitte Consulting LLP Cultivating a Risk Intelligent Culture A fresh perspective 7

Delivering risk culture solutions We have helped many financial institutions across the globe to measure and strengthen their risk cultures, including in Australia, Canada, the U.S. and the U.K. Embedding risk ways of working A global insurance company needed an ongoing way to measure how effectively its risk framework was embedded in its employees behaviours primarily to show compliance with certain Solvency II and Pillar II requirements. In collaboration with the client, Deloitte designed an objective assessment process with the supporting tools, surveys, and qualitative interview questions based upon Deloitte s Risk Culture Framework. This framework and assessment identified several business units that had been more successful than others at embedding risk into their employees behaviours. As a result, Deloitte helped the client identify those effective practices that could be leveraged and replicated in other areas to improve the client s overall risk culture. By actively involving the client s risk team in conducting the initial assessment and analysis, Deloitte imparted the knowledge and skills the client needed to conduct this assessment in the future. Improving risk compliance A review of this financial services organisation s compliance with regulations uncovered that it needed to improve how its employees understood, respected, and followed its risk policies and procedures. Through an overall risk culture assessment, Deloitte provided leadership with an objective measure of its risk culture in its Credit Risk and Market Risk units. With this information, Deloitte helped the client in its efforts to develop specific action plans for Credit Risk to improve its communications and training efforts, and to review its governance model against its trading volume. Within its Market Risk division, recommendations focused on employing technology to better and more quickly share risk information at both the granular and aggregate levels. Enabling a risk transformation program A financial services organisation was in the midst of a risk transformation program addressing its risk governance, compliance processes, and controls. During this program, leadership identified the need for the organisation to improve its employees risk attitudes and behaviours. Deloitte helped the client to determine the organisation s risk culture score and engaged key leadership, including the Chief Risk Officer, in developing an action plan to improve areas of concern (notably, incentives and rewards, communications, and risk awareness and competence). By assessing its risk culture every six months, the organisation now maintains a current and objective measurement of its risk culture, and it can insightfully gauge the effectiveness of its cultural improvement efforts. 8

Assessing the impact of enhancements to risk capabilities A financial institution had recently increased its risk capabilities by introducing new risk leadership roles and processes. The board s risk committee wanted to understand if these initiatives were having the desired beneficial impact on the business risk culture. Through an overall assessment of the risk culture, which included interviews with the executive team and a company-wide Risk Culture Survey, Deloitte helped the client in its efforts to develop an internal benchmark to be used to assess current and future changes to risk culture. Also, with the use of data analytic techniques, Deloitte was able to identify particular opportunities to enhance overall success by identifying specific ways that the business could better manage its risks. Developing a risk culture assessment capability The Board Audit Committee of a bank required a definitive statement on its risk culture in order to take specific action to strengthen identified weaknesses. Deloitte helped the internal audit department develop a repeatable approach to measuring its risk culture to include in its regular audit process. Leveraging the Risk Culture Framework allowed Deloitte to help create a broad, objective, and intuitive two-tier assessment methodology for the internal audit department to first identify areas of possible risk culture weakness within business units, and then to conduct a more in-depth analysis of these areas of concern. The assessment process used employee surveys, behavioural enquiry, deep structured interviews and data analytics to provide tangible evidence to support its statement on risk culture. After success of the initial pilot, the internal audit department expanded the risk culture audit process to be included in programmed and ad hoc audits across the entire organisation globally. Cultivating a Risk Intelligent Culture A fresh perspective 9

The Risk Intelligent Enterprise A strong risk culture is a pervasive theme of the nine fundamental principles of a Risk Intelligent Enterprise 2 In a Risk Intelligent Enterprise: 1. A common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organisation 2. A common risk framework supported by appropriate standards is used throughout the organisation to manage risks 3. Key roles, responsibilities, and authority relating to risk are clearly defined and delineated within the organisation 4. A common risk infrastructure is used to support the business units and functions in the performance of their risk responsibilities 5. Governing bodies (e.g. boards, audit committees, etc.) have appropriate transparency and visibility into the organisation s risk practices to discharge their responsibilities 6. Executive is charged with primary responsibility for designing, implementing, and maintaining an effective risk program 7. Business units (departments, agencies, etc.) are responsible for the performance of their business and the of risks they take within the risk framework established by executive 8. Certain functions (e.g. Finance, Legal, Tax, IT, HR, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organisation s risk program 9. Certain functions (e.g., internal audit, risk, compliance, etc.) provide objective assurance, as well as monitoring and reporting on the effectiveness of an organisation s risk program to governing bodies and executive. 2 Putting risk in the comfort zone: Nine principles for building the Risk Intelligent Enterprise, Deloitte Development LLP. Available online at http://www.deloitte.com/view/en_us/us/article/6b929c9096ffd110vgnvcm100000ba42f00arcrd.htm 10

Contact us For more information, please contact: Nicky Wakefield National Leader, Human Capital Tel: +61 2 9322 5799 nwakefield@deloitte.com.au Peter Matruglio National Leader, Enterprise Risk Tel: +61 2 9322 5756 pmatruglio@deloitte.com.au Sydney Heidi Dunbar Jonson Director Tel: +61 2 9322 5951 hdunbarjonson@deloitte.com.au Grant MacKinnon Director Tel: +61 404 804 744 gmackinnon@deloitte.com.au Andy Abeya Director Tel: +61 2 9322 5691 aabeya@deloitte.com.au Michael Williams Director Tel: +61 404 828 751 micwilliams@deloitte.com.au Brisbane Natalie Smith Director Tel: +61 7 3308 7216 natasmith@deloitte.com.au Lisa Morgan Director Tel: +61 7 3308 7274 lisaamorgan@deloitte.com.au Melbourne David Boyd Partner Tel: +61 3 9671 7077 davidjboyd@deloitte.com.au

Contact us Deloitte 225 George Street Sydney, New South Wales Australia Tel: +61 2 9322 7000 Fax: +61 2 9322 7001 www.deloitte.com.au This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/ about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s approximately 195,000 professionals are committed to becoming the standard of excellence. About Deloitte Australia In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia s leading professional services firms, Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 6,000 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. For more information, please visit Deloitte s web site at www.deloitte.com.au. Liability limited by a scheme approved under Professional Standards Legislation. Member of Deloitte Touche Tohmatsu Limited 2012 Deloitte Touche Tohmatsu. MCBD_Mel_09/12_047855

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback