Regulators across the world are increasingly focused on risk culture within organizations. Many regulators are introducing changes that require boards to establish, shape, and monitor their risk cultures. The article "One measure of culture, please," published in the Summer 2015 issue of Milliman's Issues in Brief, focuses on an approach to this cultural challenge that is based upon a uniquely comprehensive framework for measuring risk culture, utilizing proven academic theory to assess risk culture across several dimensions.

These dimensions represent the natural way that risk management activities can be carried out--for example, whether the behavior and practices used to identify risks follow well-established processes, or whether the time spent identifying risks is focused appropriately on identifying those risks that could put the organization at greatest risk of failure. Furthermore, this framework raises the questions in a non-pejorative manner, such that the individual is asked to give an opinion on the behaviors and practices observed. This avoids unintended bias and manipulation.

It is important to note that there is no "right" or "wrong" risk culture. Instead, there is a need to determine the most "appropriate" risk culture that will make sure the behaviors and practices observed fit best with an organization's risk framework and appetite--its risk culture. Hence, a key first step is to determine the most appropriate risk culture across the risk management activities. This serves as an internal benchmark that can provide richer insight for a firm to assess its performance and the extent of any discrepancy between the risk culture that it espouses and the risk culture it currently has.

A case study is included in this article to help illustrate the principles involved. The challenges that exist for companies in measuring and diagnosing the risk culture within their organizations, together with the regulatory cultural push for boards to actively demonstrate that they have embedded the risk culture that works best for them, means that firms must select an approach that truly provides the means to get beneath the skin of an organization's risk culture.

This article was first published on LinkedIn.