Skip to content
People walking through lobby
People walking through lobby

Why culture should become an integral part of your organisation's risk management strategy

Headlines in this article

Related news and insights

Publications: 21 March 2024

Europe, regulator of the world

Publications: 07 March 2024

Ten lessons in sustainability regulation

Publications: 07 March 2024

State support mechanisms: learning from the past to accelerate the future

Publications: 07 March 2024

Is more regulation the best route to deliver Net Zero?

Risk management for most organisations means business and financial risk, and increasingly non-financial risk such as operational and conduct risk. Relatively few have as yet focused on culture risk explicitly, and the need to proactively manage it in the same way as some of the more traditional risk stripes. Clive Garfield of A&O Consulting explains why understanding, identifying and mitigating culture risk is critically important to an organisation’s long-term success.

Organisational culture is under increasing pressure from a number of competing, and sometimes conflicting, factors:

  • post-pandemic shift to hybrid working and the emergence of siloed workforces
  • effect of social movements such as Black Lives Matter and #MeToo
  • transformational societal issues, including diversity, equity & inclusion (DE&I), decarbonisation and sustainability, and the broader social responsibility agenda
  • current political and economic challenges with rising inflation and living costs

These forces of change have brought about a profound shift in the way that organisations are judged and measured.

In addition to traditional metrics like share value, revenues and profitability, organisations have to contend with a broader set of criteria that include complex intangibles such as who they are, what they stand for and how they are perceived – in other words, their culture.

Having a poor culture can pose a real business risk and irretrievably damage an organisation’s reputation.

It takes investment of time and effort, and significant ongoing focus from senior leadership, to understand, embed and preserve a strong organisational culture. Conversely, it takes only a few seconds to destroy it.

Put simply, getting culture right has become a strategic imperative that cannot be ignored.

In Common Cultural Failings and How to Prevent Them, our analysis of a series of global case studies showed that while workplace culture has risen up the leadership agenda in recent years, the number of conduct-related incidents has not necessarily diminished, suggesting that there is still some way to go for many organisations.

Our research identified a variety of common issues across the industries and sectors that we studied.

A combination of the wrong tone from the top, poor policies and procedures, a lack of transparency and a failure to act to correct culture and conduct breaches can be seen across the board.

In many cases, management failed to understand or pay any attention to the behaviour of the workforce, leaving the organisation open to the risk of a potential ‘ticking time bomb’ of a culture left unattended. More often, it was a failure to mitigate or manage culture risk that eventually led to reputational damage.

Today, at a time of a significant shift in societal expectations and attitudes, business leaders and senior management need to be alert, agile and able to react to new cultural issues, challenges and threats as they emerge.

Crucially, they need to understand and be prepared to respond to the short- and long-term impact these developments may have on the way their organisation operates - i.e. culture risk management.

Culture risk management

Understanding what motivates employees (both individually and collectively) and what factors (both internal and external) influence their everyday behaviours is an essential first step to managing culture risk.

Inevitably, it takes time and commitment to achieve this level of insight. It also requires trust between senior leadership and employees, and importantly, it requires employee engagement. Employees must feel invested in building and maintaining a strong culture. They need to know that their opinion matters.

In addition, managing culture risk requires senior management to define and articulate what the organisation is ‘about’ – in other words, its cultural identity – and how they will meet customer, client and other stakeholder expectations.

During the Covid-19 lockdowns, senior leadership and their middle management teams generally focused on sustaining intra-team culture and employee morale at a relatively local level, through more regular team meetings and check-ins, virtual social gatherings and increased information flow.

For many, the perception that collaboration and connection was only possible in the office was disproved. It became evident that it was possible, productive and even beneficial for employees to work together remotely, eliminating issues associated with being in different locations or jurisdictions or operating at different seniority levels.

However, the lockdowns had an even more fundamental effect on organisational culture. Remote working eroded the traditional interactions, collaborations and linkages between and across departments and teams. Such engagements that were essential for the overall business to work effectively became less frequent, less natural and in some cases disappeared altogether.

In their place, organisational silos – and more tellingly, information silos – emerged, or became more visible and ingrained. Employees often had less opportunity to reach out beyond their teams to connect, share, engage and work together.

As a result, the psychological contract between the employer and employee has changed. The Covid lockdowns triggered a marked evolution in employees’ motivations. There is now a greater focus on quality of life and family responsibilities alongside careers and work, which, in turn, highlights the difficulty most face in trying to achieve a good balance between them.

Hybrid working, while generally welcome and accepted, is without doubt causing personal and work lives to bleed inextricably into one another, requiring an increased focus on employee wellbeing and mental health.

Moreover, hybrid working requires higher levels of employee trust, and more discipline around objective setting and overall performance management, based on outcomes rather than the number of hours worked.

Significantly, many more employees have begun looking beyond compensation and benefits packages when considering whether to join, stay or leave an organisation.

An employer’s stated position on flexible working arrangements, talent development, promotion and social mobility opportunities, DE&I, climate and broader social responsibility commitments are all indicative of its overall culture and play an important part in the way employees, and potential employees, view and judge that organisation.

In parallel, clients and customers are also increasingly placing greater emphasis on these issues when determining who they should do business with, and their expectations of the way an organisation interacts with them.

In light of this increasingly complex picture, the question of how business leaders and senior management should approach culture risk – and in particular where they should start and what they should prioritise – has become a critically important consideration.

There are several foundational steps that all organisations should consider:

  • Create a strong cultural identity – Be clear who you are as an organisation, and how you want to be perceived. This issue requires a clearly articulated purpose and set of values that feed into the way the organisation is run at every level, including the way business strategy is set, and the way everyone is judged and rewarded.
  • Understand what your culture looks like today – What are your core strengths? What areas need improvement? Answering these questions can help you to identify the groups and behaviours that need the most attention now.
  • Engage your workforce and build trust – Managing culture risk effectively depends as much on listening as it does on taking action. Being open to different perspectives is the minimum. You have to act on issues raised in order to create an inclusive working environment. Establish ‘engagement platforms’ for your employees to share their experience and perspective on the organisation’s culture. Consider holding discovery sessions and creating discussion groups in which clear objectives are defined and outcomes measured.
  • Gather feedback from multiple sources – Collect feedback from internal and external sources to help identify emerging themes and trends. Use existing data within the organisation as indicators of areas for exploration. Dig deeper with employee conversations to understand their ‘lived’ experience of the culture. Synthesise data from sources such as employee engagement surveys, customer/client complaints and feedback, as well as HR and incidents data to build a picture over time of current and emerging issues.
  • Commit to a robust, consistent and continuous internal communication programme – Any culture assessment needs to be an end-to-end process. Once you have feedback about your culture, communicate to the organisation what you have heard, and what you are going to do about it. ‘You said…, we did…’ is a simple but very effective message that encourages engagement and builds trust. Communication should be a two-way process. The right tone from the top around cultural standards can help to facilitate such communication, so long as it trickles down to all layers of the organisation.
  • Prioritise the most important actions and make sure they are delivered – When it comes to deciding what you are going to do, actions should be proportionate and pragmatic.

Culture requires never-ending commitment and focus

Efforts to maintain a strong culture and reduce culture risk are never ending. It’s a constantly evolving process that requires all levels of management to listen, plan, act, learn and repeat.

All leaders should make culture a strategic priority and commit the time and resources to get it right. A planned and sustained employee engagement programme is a decisive first step in understanding the cultural risk of the organisation and building cultural resilience.

At the top and at the middle, every leader and manager should be a role model of culture and values, exemplifying the expected behaviours and building cultural resilience in the organisation.

Recommended content