Continually improving and strengthening risk management culture within an organization is always good business practice, regardless of your industry and any potential challenges on the horizon. A strong culture ensures that, whatever an organization's risk management framework looks like, the people within the framework have a set of shared values, goals and practices.

Risk management has always been top of mind for my employer, Wells Fargo; our goal is to do what's in the best interest of our company, customers and shareholders. We emphasize risk management as a core business competency, and our culture of accountability for risk management helps us execute on this. More specifically, our corporate vision and values define culture as "knowing what you need to do when you get up in the morning without having to be told what to do." When employees know their real risks and know what they need to do as part of their job every day to help manage risk and protect the company and its customers, that's a strong risk culture.

For example, within the financial services industry, we're adapting to the "new normal" and awaiting regulatory guidance on the new financial reform legislation, but that's no reason to wait to evaluate risk culture and work toward a "strong" rating in risk management and compliance from our regulators. Organizations can build the foundation for a deeper risk culture by assessing how they've moved the needle on risk management, by being more proactive in identifying risk and by measuring risk management effectiveness. Each of these steps can be taken at any time.

The needle for effective risk management can move forward if your firm adheres to the following principles:

1. Communicate broadly and often. In a strong risk culture, leaders cascade important messages about risk management down through the organization to help build trust and showcase success stories. Consider open forums in which employees can share ideas for everyday actions to help avoid and mitigate risk, as well as more formal communication channels like employee newsletters and all-hands meetings.

A customized training process can also be helpful. For example, within our Technology and Operations Group, business leaders sponsor and facilitate risk management workshops, taking their teams through risk assessments and case studies relevant to their daily jobs. To date, more than 2,000 employees have participated in these workshops. It's a great way to help our teams learn simple risk assessment and management behavior that can be incorporated into everyday duties.

2. Coach employees at all levels and in all roles to view themselves as risk managers. Employees are the first line of defense, so the need to know and understand the risks that cross their desks each day. It's equally important that they're comfortable bringing forward risks for resolution. That comfort level ties back to effective communication, which helps create an atmosphere in which employees aren't afraid to bring forward a risk. When employees understand that there are no penalties for coming forward - and that, in fact, management wants to help with resolutions - more risks will be identified.

Additionally, an informal, grassroots recognition program can help "catch people doing risk right" and highlight everyday risk management efforts, while also promoting a culture of accountability for risk management.

3. Effectively share information about risk management across business groups. Sharing what you know, as soon as you know it, helps others avoid similar pitfalls, while also building trust and fostering partnership. It's critical to move beyond an internally-focused thought process to discuss crossgroup impacts and to identify risk patterns and trends.

1 | 2 Next Page ►