The importance of organisational values and behaviours and their impact on risk culture
03/21/2025
Clare Munro and Annabel Philip in our Specialty Lines claims team look at the importance of Organisation Values and Behaviours and their impact on Risk Culture with our colleague, Matthew Hardwick, in Zurich Resilience Solutions.
In today's complex business environment, organisations face a myriad of risks, from regulatory challenges to cybersecurity threats all of which occur in a very turbulent geopolitical landscape. As a result, fostering a strong risk culture has become paramount for organisations looking to thrive and maintain a competitive edge.
In case you missed it, we covered trends and risks we anticipate going into 2025 drawing upon our experiences in 2024, and offered our thoughts which you can read here.
Defining Risk Culture
Risk Culture refers to the shared values, beliefs, attitudes and practices related to risk awareness, risk-taking and risk management within an organisation. It shapes how employees at all levels perceive and respond to risk, influencing decision-making and the strategies put in place to mitigate potential risks identified by an organisation within its risk appetite.
A strong risk culture promotes a proactive approach to risk management, encouraging employees at all levels to engage in discussions about potential risks and to take ownership of their roles in mitigating them.
A positive culture is lead from leaders within the organisation. They have a role of setting the tone, encouraging positive communication which is reinforced to staff via training and education to reinforce good practice. These elements are considered in more detail below.
Leadership and Role Modelling
Leadership plays a critical role in shaping an organisation's risk culture. Leaders set the tone for the organisation by demonstrating their commitment to risk management through their actions and decisions. When leaders prioritise risk awareness and model ethical behaviour, they create a culture where employees know the expectations for behaviour and feel supported in taking proactive measures to manage risks. This role modelling fosters trust, encourages open communication, and reinforces the importance of risk management throughout the organisation by removing the excuse for poor behaviour of ‘if they can do it, so can I’.
Open Communication and Whistle Blowing
An effective risk culture promotes open communication and transparency. An open-door policy encourages employees to voice concerns, ask questions, and report potential risks without fear of retaliation. Such an environment not only helps in the early detection of issues but also builds a culture of trust and collaboration where employees feel supported. Risk theory will always acknowledge that risk management within an organisation is everyone’s responsibility, staff need to feel trusted and valued to support this approach but also confident that they will be supported if things are not going quite right.
Whistle blowing mechanisms further enhance this culture by providing a formal avenue for employees to report unethical behaviour or risks. When organisations establish strong whistle blowing policies and protect whistle blowers from retaliation, they demonstrate their commitment to ethical conduct and accountability. This encourages employees to speak up and provides employees with a safe environment for open and honest conversations, contributing to a more robust risk management framework.
Induction and Training
The induction process is a critical opportunity to embed risk culture within an organization. By providing new employees with comprehensive training on risk management policies and procedures, clarity on the organisation’s values and behaviours and ensuring that authority levels are clearly demarcated, organisations can set clear expectations from the outset. Ongoing training and supervision are equally important, ensuring that employees are equipped with the skills and knowledge needed to identify and manage risks effectively, in particular, when new risks emerge.
Why is it important?
Decision making
A mature risk culture encourages decision-makers to consider all elements of a risk, both the opportunity and the threat. Within risk we are always striving and encouraging that risk-based decisions are made – this promotes a balanced approach which is essential for long-term success as organisations need to take risks to grow.
A strong culture also reinforces ethical decision-making. When risk considerations are integrated into daily operations with all staff, employees are more likely to act responsibly and with integrity. This mitigates the chances of claims and regulatory breaches and enhances corporate reputation.
Resilience and Adaptability
Organisational Resilience comes hand in hand with Risk Management. Those organisations who have demonstrated the ability to respond to shocks and are able to put into action an effective business continuity plan quickly are often the ones which demonstrate a robust risk culture. It enables early identification of warning signs which are acted upon and strategies amended and updated to support the organisation’s agility.
An open culture is also one which embraces learning opportunities and is one which can reflect on things that may not have gone so well, and adjust practices, further enhancing the ability to handle future crisis.
Building trust with Stakeholders
Clear communications are imperative. Having this transparency across the organisation ensures that new policies are communicated and understood amongst staff, building trust in senior leaders, who in turn are able to build trust with other Stakeholders such as investors, regulators, customers and scrutiny groups. This well managed approach demonstrates the value to all stakeholders that risk plays within decision making and demonstrates a commitment to both short- and long-term ambitions.
Document Management Systems
Organisations are often at the mercy of Document Management Systems. However, efficient document management systems are essential for maintaining accurate records of things such as risk assessments and compliance documents as well as documents which relate to the core purpose of the organisation. These systems ensure that risk management practices are consistent and that there is a clear audit trail for accountability. By centralising documentation, organisations can enhance their ability to manage risks and maintain regulatory compliance as well as ease the burden of document disclosure when things go wrong.
However, the value of human intelligence cannot be overstated. Other areas within this paper highlight the need for open and transparent communication, this remains vital, with the DMS supporting and recording these outputs.
The Importance of Organisation Values on Risk Culture
By prioritising risk awareness, organisations can make better-informed decisions, avoid costly mistakes, and minimize potential losses. A positive culture that encourages ethical behaviour and accountability underpins a strong risk culture which enhances the organisation’s reputation, builds stakeholder trust, and attracts customers, employees and investors.
In today’s uncertain world, organisations with a robust risk culture are more resilient in the face of challenges. They can adapt to changing market conditions, respond effectively to crises, and maintain operational continuity. This resilience ultimately translates into long-term sustainability and success.
Conclusion
A strong risk culture is not merely about compliance or mitigating negative outcomes. It is a strategic asset that is shaped by Organisation values and behaviours, influences decision-making, and ultimately impacts the organisation’s success. By embedding risk management into the very DNA of an organisation, leaders can foster an environment where innovation thrives, accountability is embraced, and sustainable growth is achieved.
As the business landscape continues to evolve, prioritizing risk culture is essential for organisations seeking to thrive in an increasingly uncertain world.
If you would like to discuss in more detail the contents of this piece, please contact our Specialty Claims Team or if you would like to hear how Zurich Resilience Solutions can support you, please contact the Business Resilience Team who would be delighted to hear from you.
