Also happening in Singapore: 25 – 26 June 2020
Cement Risk Culture in Road Map Towards Growth and Innovation
Volatile business and geopolitical environment, rise of technology and cyber-related threats have evolved the risk landscape today. Robust risk management frameworks and stricter controls will no longer cut it. A strong risk culture is necessary to push employees to proactively consider the risks in decision-making.
However, despite increasing focus on risk culture, many organisations are still struggling to understand how their cultures support the effectiveness of risk management, compliance and control frameworks. A coordinated user-centric approach is necessary for senior management to formulate holistic, targeted and impactful actions that influence critical aspects of culture, while giving employees confidence that their perspectives and concerns will be addressed.
How do you demonstrate tone at the top?
What are the key metrics to measuring risk culture?
How do you effectively embed risk awareness among staff at all levels?
Can you influence mindsets and behaviours to build a positive risk culture?
Cultivate a Sustainable Risk-Intelligent Culture Across Organisation
Join this 2-day immersive workshop to acquire strategies and techniques to strengthen risk, compliance and conduct-related outcomes through a focus on culture. Understand contemporary risk culture definitions and frameworks. Clarify culture-related responsibilities of different Governance Forums. Evaluate the usefulness, limitations and blind spots of some of the most commonly used risk culture approaches. Explore strategies to collaboratively build on existing organisational capabilities across risk, internal audit and human resources divisions. Assess the strengths and limitations of different techniques to measure risk culture and identify drivers of behaviours. Find out how to improve risk culture using tone, accountability, capability, reinforcement and enablement.
Interactive & Practical Hands-On Exercises
- Case study analysis to:
- Identify culture-related drivers
- Evaluate leader-led programmes
- Monitor impact of culture change initiatives
- Build an activity matrix on culture decisions for Board Committee and Governance Forum
- Simulation of basic techniques used for understanding risk culture:
- Dashboard design and interpretation
- Survey design, participation sampling, administration and interpretation
- Focus group design and facilitation
- Formal Systems evaluation
- Simulation of advanced techniques used for understanding risk culture:
- Defining hypothesis, leading hypothesis-based interviews and reporting
- Structured content analysis derived from interviews and focus groups
- Overview of targeted data analytics
- Driver analysis techniques and root cause
- Case study analysis to:
Benefits of Attending
- Assess practical evidence-based framework for defining risk culture
- Explore varying types of culture-related information to mitigate risk incidents
- Build accountability framework on how organisations define, understand and influence risk culture
- Design organisational listening strategies to make it easy for employees to provide feedback
- Source insights through induction, training, performance management, leader development and more
- Refine management awareness ratings and modify IA methodologies to focus on drivers of control failure
- Demonstrate tone at the top: Values, strategy and appetite, objectives, leadership
- Instill accountability through governance, interactions, collaboration, transparency
- Uncover basic techniques to identify areas of potential concern and underlying drivers
- Pickup advanced techniques on root cause of culture concerns or regulatory enforcement orders
- Report and communicate findings to get buy-in for behaviour change
- Adopt reinforcement strategies: Performance, rewards, consequences, talent programmes
- Examine indicators for enablement: Capacity, policies, processes, technology, quality
- Define roles and responsibilities across departments to monitor and change risk culture
Grant is an internationally recognised risk culture specialist, having previously led a global centre of expertise for Deloitte serving clients across Asia Pacific, Europe, and the Americas.
For the past decade he has worked with some of the world’s largest and most respected companies to design and implement risk culture assessment methodologies, deliver comprehensive assessment programmes, and design/implement programmes to strengthen organisational resilience.
His work centres on the identification and redress of culture-related vulnerabilities (or organisational ‘design flaws’) that may result in reputational damage, unsustainable risk exposure, risk-aversion or other undesirable outcomes.
He has worked across a number of industry sectors including the government, airlines, transportation, media, utilities/resources, venture capital and the financial services (retail banking, global markets, institutional, investment banking, wealth, insurance).
– Global Banking and Securities Organisations (Europe, North America, Asia Pacific)
– Wealth Management (UK, Australia)
– Global Insurers (Europe, Americas, Asia Pacific)
– Real Estate and Construction (Australia)
– Venture Capital (Europe, Middle East, South America)
– Manufacturing (Japan)
– Central Government (Australia)
Who Should Attend
Senior level executives responsible for Risk Management, Internal Audit, Compliance, Governance, professionals charged with providing information from across the three lines of defence, users of culture-related information at Board, Board Committee Chair and Executive levels
Registration: 8.30am • Workshop: 9.00am – 5.00pm
Morning, afternoon refreshments & lunch will be served at appropriate intervals.
Session 1: The Criticality of Culture as it Relates to Risk, Compliance and Conduct Outcomes
This session introduces the practical definitions and a simple evidence-based framework that help to define ‘risk culture’.
- Explore case studies from across different industries to understand the importance of culture as it relates to risk and compliance
- Understand the types of culture-related information needed by organisations to help mitigate risk-related incidents or reputationally-damaging events
- Compare information provided by common risk culture approaches with information that is needed, identifying limitations and potential blind spots
- Introduce a practical evidence-based framework for defining and understanding risk culture
Exercise: Case study analysis to identify culture-related drivers, and how these may be proactively surfaced by existing organisational risk culture activities
Session 2: Clarifying Culture-Related Roles and Responsibilities: Strategies to Adopt a Holistic and Coordinated Approach
A common challenge for organisations that have started risk culture activities is embedding approaches and demonstrating impact. An often overlooked aspect is tone at the top. In this session, we look at how culture-related information supports the unique responsibilities of different Board Committees and Governance Forums, and how this can help clarify the risk culture roles that need to be played by human resource, risk/compliance, internal audit, and leaders in the first line.
- Explore the unique culture-related responsibilities of different Board Committees (culture/remuneration, risk/compliance, audit)
- Consider how each Committee evidences that their responsibilities have been appropriately discharged and/or minuted (note, review, challenge, accept, or otherwise)
- Understand how Board Committee culture-related responsibilities can help clearly frame the types of information each organisational function that faces into each Committee provides
- Introduce a simplified accountability framework for how organisations define, understand and influence risk culture – in a coordinated, efficient and impactful way
Exercise: Build an activity matrix that describes the types of culture-related decisions that need to be considered by each Board Committee and Governance Forum, and consider how this may shape the responsibilities of key C-Suite roles accountable for providing the required information
Session 3: Strategies to Build on Existing Organisational Capabilities to Improve (Risk) Culture Insights and Impact – Implementation Approaches and Considerations
Some organisations have established dedicated teams to focus on risk culture, however, this level of organisational investment is not always available. In this session, we look at existing organisational activities that can be coordinated, leveraged, or refined to improve culture-related insights across HR, risk/compliance and internal audit.
- Organisational listening strategies: Making it easy for employees to provide feedback (once) on specific aspects of culture – while accelerating feedback loops and actions
- HR-led talent management processes: Sourcing risk culture insights through induction, training, performance management, leader development, and other programmes
- Internal audit-led culture drivers: Refinement of management awareness ratings and modifying IA methodologies to include a focus on the culture-related drivers of control failure or identified areas of concern
- Risk/compliance-led assessments: Extending existing Line 2-led activities to include a focus on organisational climate and culture
- Line 1-led self-assessments: Activities leaders can employ to understand how their team cultures may impact risk-related outcomes
- Standardising actions development and monitoring approaches so that initiatives are holistic, monitored and, where appropriate, evidenced
Session 4: Simple Assessment Techniques
In this session, we will demonstrate basic techniques used for understanding risk culture typically employed by internal audit and risk teams so that delegates can experience first-hand some of the strengths and limitations of different approaches and consider ways to address some of these limitations.
- Understanding the difference between measurement and assessment
- Understanding biases
- Overview of the simple techniques and strengths/limitations
- Dashboards (design and interpretation)
- Surveys (design, participation sampling, administration and interpretation)
- Focus groups (design, facilitation)
- Formal Systems evaluation
- Reporting and communicating findings to get buy-in for change
Session 5: Deep Dive Assessment Techniques
In this session, we will demonstrate some of the more advanced techniques used for understanding risk culture so that delegates can experience first-hand some of the strengths and limitations of different approaches and consider ways to address some of these limitations.
- Utilising different assessment techniques based on nature of organisation activities, distribution of employees, risk profile, compliance obligation and culture characteristics
- Overview of the advanced techniques that can identify the drivers of behaviour and technique strengths/limitations
- Hypothesis-based interviews (defining hypothesis, leading interviews and reporting)
- Content analysis (structured analysis of qualitative information from interviews and focus groups)
- Targeted data analytics (overview only)
- Driver analysis techniques (drivers & root cause)
- Thematic reporting and communicating findings to get buy-in for change
Session 6: Strengthening Culture to Improve Risk Management, Conduct and Compliance
In this session, we will focus on a couple of example programmes that can be used to strengthen risk culture.
- Building a sound risk culture and the importance of acting on culture concerns
- Adopting a standardised Actions process with clear accountabilities and monitoring
- Introducing a practical framework and suggested initiatives that can improve risk culture:
- Tone: Purpose/values, strategy and appetite, objectives, leadership
- Accountability: Roles and responsibilities, governance, interactions, collaboration, transparency
- Capability: Training, development, knowledge management
- Case study: Leader-led awareness programmes and change
- This case study explores the importance of leaders setting and reinforcing the importance of risk management, conduct and compliance for their teams. We will explore two examples of leader-led programmes; using case study and scenario-based programmes that focus on decision-making (and the consideration of risks, including reputation, through the decision-making process) and awareness programmes that allow leaders to role model the importance of understanding and evidencing regulatory requirements (in this case, anti-money laundering).
- Reinforcement: Performance, rewards, consequences, culture and talent programmes
- Enablement: Capacity, policies, processes and procedures, technology, quality
- Case study: Unintended consequences of culture change initiatives
- In this case study, we will explore how organisations responded to regulatory change to address a concern that staff were experiencing undue sales pressure in retail banking environments and potentially selling products to customers that were not suitable. The changes included new balanced scorecards that focused on customer needs instead of sales and removal of individual sales-based remuneration incentives. Yet, more than a year after the implementation of these changes, staff continued to experience sales pressure – but from where?
- Monitoring and measuring the impact of culture change initiatives