Five Priorities for Enhancing Risk Culture in a COVID-19 World 

by Donna Worthington, Michael Bragg

Published: July, 2020

As organisations start planning their post COVID-19 workforce arrangements, leaders need to consider how these new and amended work practices will help or hinder their efforts to strengthen their risk culture. While having a distributed workforce increases some challenges to improving risk culture, it also provides opportunities which need to be embraced.

It is becoming increasingly clear that the post COVID-19 workplace will be very different to what it was before the pandemic. There will be a significantly greater number of staff working away from the office (on a full time basis); there will be fewer face to face meetings, fewer informal corridor chats, or chats while walking in between meetings. At least in the short term, there will be fewer in-person team gatherings and staff town halls. These changes to our work practices will have an impact on an organisation's risk culture. Leaders need to be cognisant of how these new norms will support and challenge their plans to develop a mature and proactive risk culture.

The Australian Prudential Regulation Authority (APRA) 2019 review of industry self-assessments into governance, culture and accountability noted that the 'industry is grappling to manage non-financial risks, such as culture and accountability' and 'risk culture is not well understood'. While APRA's findings relate to financial services companies, they are important and applicable for all organisations.
It has often been said that culture is what people do when no one is watching. In this article, we look at some characteristics of a mature and proactive risk culture. We provide tips on how organisations can adapt their practices in order to strengthen their risk culture, and not allow the new ways of working - when there are less people physically watching - to weaken it.

1. Adopt new leadership communication channels and 'over communicate' on expectations

The 'tone from the top' is a key driver of an organisation's risk culture. Now more than ever, leaders need to ensure that their teams are receiving clear messages on what is expected of them in terms of risk management. However, it is at this time when staff will be seeing less of, and interacting less with, their leaders. Leaders need to consider new approaches to communicating with their teams. During COVID-19, leaders have been more likely to share videos or host virtual townhalls. These practices should continue as they are an effective mechanism to give a consistent message to all staff. However as we start to head back to our new-norm, there is a risk that these communication modes will drop off, and staff who work remotely will begin to see even less of their leaders and miss the key messages. Leaders will need to develop a hybrid approach – ie. continue with as many face to face communication approaches that are technology enabled so that those who work remotely do not miss out. Leaders should err on the side of 'over communication' rather than risk under communication.

2. Foster a safe environment for staff to speak up and raise issues virtually

In a mature and proactive risk culture, staff have no fear of raising issues or concerns. It takes a long time for an organisation to develop a culture where staff feel safe to speak up. Staff need to be able to trust their leaders if they are going to raise issues. However, for new starters in an organisation, it is difficult to build rapport and trust with their leaders if they have only ever met them via a computer screen, or have had very few in person interactions. During COVID-19, leaders (generally) have been focussed on managing the current crisis, and unfortunately some of the softer leadership activities which build rapport and trust have taken a back seat. For example, manager-once-removed conversations have become less frequent or have stopped all together, informal coffee catch ups with team members are not occurring, and there are no 'water cooler' conversations. Leaders need to ensure that they are having regular, informal interactions with their teams to ensure that they do not lose the rapport and trust that has been built up (or needs to be built up with new staff). The 'open door policy' that all inspiring leaders have does not function when there is no physical office. Leaders need to let their staff know how the 'open door policy' works virtually. For example, are there set hours in the week where the leader makes themselves available for informal slack or skype messages, or a live yammer event?

“Leaders need to let their staff know
how the 'open door policy' works virtually.”

In addition to fostering a safe environment, leaders need to ensure that they are not misreading the mood and culture of their teams and the organisation. In person interactions enabled leaders to sense the mood themselves, however when interacting with teams and staff behind computer screens, the ability to sense the mood and sentiment is significantly harder. As leaders move to more technology-enabled communication channels, they should leverage the opportunity for greater two way feedback, which will assist in assessing their risk culture. For example, organisations are utilising artificial intelligence to undertake sentiment analysis on their customer feedback; this technology could be utilised to determine staff sentiment within comments, feedback and collaboration tools.

3. Keep the COVID-19 balance between accountability and collaboration

In the last four months, we have witnessed large organisations transform in weeks, in what would normally have taken months or even years to achieve. One of the contributing factors to this is that people have been empowered to collaborate less, and use their accountabilities more. Both the 2018 APRA inquiry into the Commonwealth Bank of Australia and the 2020 Culture, Governance and Accountability Reassessment Report highlighted that that the previous emphasis on collaboration over individual accountability was having a negative effect on their culture. One of the benefits of virtual meetings is that organisers have been limiting the number of participants in order to make the meetings more manageable. This has the effect of ensuring only those that have to be involved in discussions or decisions are involved, and there is less chance of unnecessary collaboration/socialisation. Our COVID-19 experience has demonstrated that organisations can react quickly when they have the right governance and accountability structures in place; these practices need to continue into 2021 and beyond. Organisations of all sizes should assess what has, and has not, worked in their COVID-19 transformation response, and ensure they adopt the right balance of accountability and collaboration as the new-norm.

When executing their leadership accountabilities, leaders should 'inspect what they expect', which often involves walking the floors of their premises and seeing the business in action. In a virtual environment, leaders may need to undertake more verification activities to gain comfort that the control environment is working. This extra level of scrutiny could have unintended consequences, such as eroding trust between teams and generating more change in a change-fatigued business. Leaders should consider their current approaches to verifying the information being provided to them, to assess if they are adequate in a distributed workforce. If changes are needed, leaders should clearly communicate why there has been a change in approach to their teams.

4. Reflect and learn from organisation-wide mistakes

An organisation that learns from mistakes and shares knowledge across its teams is more likely to have a mature risk culture. During times of crisis and significant change, it is likely that leaders are focussed on resolving issues and taking action, and less likely to spend time reflecting. Leaders should be prioritising time for reflection, individually and within their teams. As organisations manage their way through this pandemic, there are many valuable lessons to be learnt. We must understand what those lessons are, and share them across the business. The distributed workforce has seen the end to many regular, informal catch ups between people within (and outside) an organisation. It has also seen a reduction in the number of cross-business unit interactions. These pre-COVID work practices were powerful mechanisms that enabled the sharing of ideas and learning from mistakes and incidents. Asking a colleague for a coffee catch up comes as second nature, but asking for a virtual coffee catch up does not feel natural and has not generally been happening. Given these informal knowledge sharing activities have reduced when moving to a remote work force, leaders may need to establish formal mechanisms to ensure the continued flow of information across the organisation.

5. Invest in the capability uplift of the three lines of defence

Most organisations are on a journey in relation to embedding the three lines of defence model for risk management (which describes the responsibilities of different areas of an organisation in managing its risks). Very few organisations could claim that they have sufficient risk capability in all areas of their business, across all three lines of defence. Capability uplift is a key challenge organisations are facing, and having a distributed workforce makes this challenge that much harder. Many learning and development models refer to the 3Es – education, exposure and experience. As schools and universities have had to amend their teaching plans to enable 'home schooling', the risk and organisational development departments need to review their current risk education curriculum to ensure that the learning objectives are still being met with the use of new delivery models.

In a distributed workforce, the ability to provide exposure becomes significantly harder – staff are less likely to be invited to virtual meetings (as participant numbers are curtailed), and physically shadowing a colleague may not be possible. Organisations need to consider new and novel ways to provide exposure to their staff, that require less face to face interactions. Leaders should engage their younger staff, who are generally far more comfortable with communicating with technology, to provide ideas of how they can gain exposure in a more virtual world.

Most of our development comes from experiences, and this is where organisations should be focussing their efforts when lifting the risk capability of their staff, especially given education and exposure will be harder to successfully deliver. While more labour intensive, giving front line staff risk tasks to execute on (with appropriate supervision and guidance) will be more beneficial than having them sit through online learning sessions. For example, having product managers interact with customers (with appropriate supervision and guidance) to solve their complaints is a much more valuable learning experience than putting them through formalised conduct risk training.


Link to article


WSG Member: Please login to add your comment.