Risk Culture Revisited: A Case In Point

As risk morphs, leaders must build a sound risk culture, and underwriters must consider the risk culture of accounts they write.

True, a great deal has been written about the importance of inculcating a positive risk culture if an organization is serious about managing its enterprise risk. Yet, when it comes to discussions about organizational culture, many executives’ eyes glaze over because the topic is too nebulous or because they have no idea how to influence or develop a particular type of culture. Underwriters, considering an application from a commercial customer, generally do not look too deeply into the company’s risk culture. Given that risk is growing in magnitude and variety and with increasing speed of onset, it behooves leaders to take concrete actions to establish a sound risk culture or to maintain one if it already exists. And underwriters should also be interested in the risk culture of accounts they write for the same reasons. Often, I am inspired to write about something because of some news I hear or read about. In this case, something on the law360 website caught my attention: A woman slipped and fell near a collapsed "wet floor" sign at a casino. This person, Ms. Sadowski, suffered serious injuries and was awarded $3 million by an Ohio jury. “The sign lay flat on the floor that day in September 2016, and a Jack Cincinnati Casino employee even walked around it but did not pick it up," Sadowski’s attorney, Matt Nakajima, said, according to the Cincinnati Enquirer. He said that, moments later, Sadowski tripped over it and broke one of her knee caps. There were no safety measures in place for floor inspections or fall prevention, he said, and the employee who walked around the collapsed sign was not reprimanded. So, despite the use of "wet floor" signs, other aspects of risk management were purportedly absent. It seems the jury believed Nakajima’s description. If the description is accurate, the part about an employee walking around a collapsed "wet floor" sign is very troubling, as is the fact that there were no consequences for the employee. These kinds of actions point to a lack of a risk aware culture at various levels. See also: Building a Risk Culture Is Simple–Really   So, how do leaders build a risk culture and how do underwriters probe to see what kind of risk culture exists in their prospective insureds’ organizations. Three Basic Steps to Build Risk Culture
  • Articulate the organization’s position on managing risk at key communication junctures and through different media with employees: 1) hiring interview, 2) orientation, 3) staff meetings, 4) webcasts, newsletters, bulletin boards.
  • Include a risk culture criterion in all performance reviews; e.g., does the employee perform duties safely and address or report hazards/risks when they are identified? Evaluate positively or negatively, as warranted. Celebrate exemplary cases of risk awareness or risk mitigation.
  • Ensure that policies, procedures and work instructions all describe what is expected in terms of safety, precaution and risk reporting
Three Basic Data Points for Underwriters to Ascertain
  • Does the organization have any losses in the loss history that show an egregious lack of risk awareness?
  • Does the organization practice ERM or, at least, have policies around required safety measures, risk/hazard reporting, training on avoiding cyber and other risks, etc.?
  • Does the organization discuss or evaluate risk awareness as part of normal performance management?
At a time when every insurer is streamlining the information it requests from potential insureds, adding more requests for data seems antithetical. However, in light of the thousands of ways that employees can create, increase or decrease risk in an organization, the culture they embrace is very important. For example, an HR staffer who delays inputting an employee termination to the appropriate systems can create huge data and physical security risks. Likewise, a factory worker who leaves equipment running while going on break, when it should be turned off, can create safety and property risk. Or, consider a finance employee who thinks a spoofed email is actually from the CEO and sends a payroll check to the hacker’s account because there was no secondary control or it was not adhered to. The questions above will help underwriters to get a glimpse of the risk culture at the company they are evaluating. See also: Thinking Differently: Building a Risk Culture   A risk aware culture plays a role regardless of the category of risk: financial, operational, legal, cyber, human resource, strategic, etc. Everyone from the top to the bottom of the organization needs to have an automatic and quickfire gut check regarding their actions – am I creating a risk by taking this action; have I recognized the risks in the situation that is leading me to action; do I need to vet a recognized risk with others? When an organization reaches the point where this type of thinking is natural, and almost universal, then it can be said that a positive risk culture has been embedded. Her latest book, "Enterprise Risk Management: Straight Talk for Nonprofits," can be found here.

Donna Galer

Profile picture for user DonnaGaler

Donna Galer

Donna Galer is a consultant, author and lecturer. 

She has written three books on ERM: Enterprise Risk Management – Straight To The Point, Enterprise Risk Management – Straight To The Value and Enterprise Risk Management – Straight Talk For Nonprofits, with co-author Al Decker. She is an active contributor to the Insurance Thought Leadership website and other industry publications. In addition, she has given presentations at RIMS, CPCU, PCI (now APCIA) and university events.

Currently, she is an independent consultant on ERM, ESG and strategic planning. She was recently a senior adviser at Hanover Stone Solutions. She served as the chairwoman of the Spencer Educational Foundation from 2006-2010. From 1989 to 2006, she was with Zurich Insurance Group, where she held many positions both in the U.S. and in Switzerland, including: EVP corporate development, global head of investor relations, EVP compliance and governance and regional manager for North America. Her last position at Zurich was executive vice president and chief administrative officer for Zurich’s world-wide general insurance business ($36 Billion GWP), with responsibility for strategic planning and other areas. She began her insurance career at Crum & Forster Insurance.  

She has served on numerous industry and academic boards. Among these are: NC State’s Poole School of Business’ Enterprise Risk Management’s Advisory Board, Illinois State University’s Katie School of Insurance, Spencer Educational Foundation. She won “The Editor’s Choice Award” from the Society of Financial Examiners in 2017 for her co-written articles on KRIs/KPIs and related subjects. She was named among the “Top 100 Insurance Women” by Business Insurance in 2000.

MORE FROM THIS AUTHOR

Read More