Organisations contain people who must work together to achieve common objectives. Wherever there are people there is culture; a social mechanism that helps them to collaborate and coordinate their activities. An organisation’s culture, and by extension its risk culture, is both a source of strength and weakness when it comes to the management of operational risk. An appropriate risk culture will ensure that staff accept the importance of effective operational risk management and behave in a manner consistent with the organisation’s operational risk policies, procedures, and appetite. Inappropriate risk culture can be both a cause of operational risk events and a mechanism for intensifying their impact.
This guidance explains how risk culture may be identified, assessed, and controlled to help reduce the frequency and severity of operational risk events. It must be emphasized that there is no one optimal risk culture, nor are the universal characteristics of a ‘strong’ or ‘weak’ risk culture. In addition, we should recognise that while we tend to associate certain cultures with certain types of organisations, many – particularly large diverse firms – may have different cultures in different parts of the organisation. A bank’s investment banking operation, for example, may have a different culture from the same bank’s retail entity. However, it is possible to provide guidance on the effective management of risk culture, as part of a robust operational risk management framework.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.