Australian risk managers are getting a foot in the door with chief executives and other c-suites, but does that mean they are engaged in a risk-aware culture?
It’s often said that the culture of an organisation is shaped by the worst behaviour that its leader is willing to tolerate.
If that is true, then where should the risk function sit to best promote and embed a risk-aware culture?
EnergyAustralia risk manager and Rims Australia president Brad Tymmons said that a firm’s risk culture starts from the top and that the most senior riskinsurance person in a firm should be reporting in to someone within the c-suite.
“If not, you would definitely question whether the valuable risk management insights are being analysed to drive decision-making for the long-term sustainability of the company,” he said.
But according to the results of the Australian segment of the StrategicRISK Asia Risk Report Survey, only 16% of Australian firms’ most senior risk/ insurance professional report into the chief executive.
Scentre group risk director Eamonn Cunningham said this figure needed to improve “if that is what it takes to have a permanent seat at the table when the enterprise’s risk committee or board audit and risk committee meets”.
The vast majority of respondents – 30% – said the most senior risk professional reports into the chief financial officer (see table, below).
Seven West Media head of risk and audit Mark Wilson said a lot of senior risk professionals benefit from having a reporting line direct to the audit and risk committee.
“While it may not work for every organisation, there are some real benefits to be derived from being independent of the management team who are responsible for managing key business risks. For one, it certainly helps avoid the misconception that the risk team does it all!”
Two-thirds of respondents rated their board/senior management’s commitment to embedding a risk culture within their firm as ‘high’ or ‘very high’. That leaves one-third that are fighting an uphill battle to improve their plight.
But Wilson argued that it was not the sole responsibility of the boardroom to set a company’s culture.
“Certain expectations may be set, but it’s the chief executive and his or her executive team that define risk culture,” he said.
“Not enough can be said about the importance of tone at the top.”
Indeed, most respondents (42.86%) said it was the responsibility of the risk management function to set the risk culture.
This was closely followed by the executive board (40.82%) and the chief executive (34.69%).
This article was published in full in the Special Report: Rims Australia issue. To read the full report, including all of the survey results, click here.