There is nothing more crucial to the success of enterprise risk management (ERM) efforts in an organization than an informed and supportive culture. Furthermore, culture is not merely an intangible concept—its elements can be defined and progress in moving toward a desired culture can be measured.
Information, technical skills, and processes are important, and some processes are necessary to assist in developing an appropriate culture. However, an organization could possess world-class technical capabilities and strong processes for collecting and reporting information, but still have a bankrupt culture so that no value was added through ERM efforts.
The definition of culture used for this chapter is based on a question: “What determines how decisions are made in an organization?” The key to culture, in the context of ERM, is the impact it has on business decisions. A strong culture is one in which decisions are made in a disciplined way, taking into account considerations of risk and reward on an informed basis. This decision-making culture extends throughout the organization, from the largest strategic decisions to the most routine day-to-day business decisions.
Note that “disciplined decision making” in an ERM context does not mean ...