Risk Management

Page 1 of 2

Risk Culture: Cornerstone of Successful Risk Management As strange as this association of words may seem, ‘risk’ and ‘culture’ must be thought of together and used as the starting point for installing a real risk management system – an ERM. Together they form the basis and the very foundation of a risk management structure.

Risk Culture: Cornerstone of Successful Risk Management

by François Masquelier, Head of Corporate Finance and Treasury, RTL Group, and Honorary Chairman of the European Association of Corporate Treasurers

This article describes what should be understood by ‘risk culture’ and what this involves. Inculcating such a culture into a company is often a challenge. However, it is a challenge that is crucial for successful risk management (Enterprise Risk Management-ERM). Surprisingly, people manage risk and set up an ERM system without having either a risk culture or a precise definition of their risk heightens appetite or risk tolerance. The financial crisis, and the fragile state of the economy, only emphasise the need to embed this culture throughout the whole company.


No one can deny that there has been real progress over the last decade in the development of risk management tools, techniques and systems in multinational corporations. According to generally accepted practice, boards of directors and audit committees must relate all risks that face the company to its strategic objectives and align them. It is this alignment that often gives rise to problems. In general risks are managed as a whole without aligning them with the strategic risks approach. Everybody is in agreement on the need for a comprehensive, integrated, systematic, specialised and professional approach to corporate risk management (Enterprise Risk Management – ERM). To quote the UK Financial Reporting Council in 2011:

“The issues with which companies were grappling included understanding their exposure to risk and how this might change, identifying the information and assurance that the Board needed to carry out its role, embedding the right risk culture throughout the company and the increased velocity of risk, which had highlighted the importance of effective crisis management”.

Furthermore, if we refer to the international ISO 31000 standard on risk management, it repeatedly stresses the need to embed risk management in corporate culture and that the corporate culture needs to be well understood by everyone. Even the famous COSO II framework (COSO framework – www.coso.org) accepts the importance of the tone and culture of the organisation and how risks are perceived and tackled by employees, within an embedded approach internal to each company. This is one of the key foundations of the COSO II framework.

Next Page   2 

Save PDFs of your favorite articles, authors and companies. Bookmark this article, or add to a list of your favorites within mytmi.

Discover the benefits of myTMI

 Download this article for free