Article Summary

An organization’s “risk culture” is the way in which its management and personnel collectively perceive and respond to risk.  Any ERM efforts undertaken by a company are inevitably subject to that company’s risk culture; this means that a healthy, appropriate risk culture is essential to the overall success of an organization’s risk management process.  This May 2013 article from McKinsey & Company addresses this relationship between risk culture and the ERM process. 

Article authors Alexis Krivkovich and Cindy Levy discuss the traits exhibited by healthy risk cultures, and they also discuss two problems that organizations must face in developing and maintaining a beneficial risk culture.

Characteristics of a healthy risk culture

Krivkovich and Levy describe three common characteristics of sound risk cultures that they have observed in their professional experience.  Organizations with successful risk cultures do the following three things:

  • Recognize the reality that risks exist and be willing to do something about those risks
  • Seek out information about risk from all parts and levels of the enterprise and promote discussion about risk
  • Design appropriate risk management policies and processes and hold personnel accountable for adhering to those policies and processes

Challenges to developing an effective risk culture

The authors of this article acknowledge the inherent difficulty in shaping an organization’s culture.  It often takes several years to achieve a risk culture that complements the ERM processes in place.  Krivkovich and Levy believe the following two items present the greatest challenges to the development of an effective risk culture:

  • Reaching a common viewpoint on risk at the management level and translating that into infrastructure and procedure at all lower levels of the organization
  • Maintaining people’s focus and intensity with regard to risk management


Despite the challenges surrounding risk culture, Krivkovich and Levy demonstrate, through examples, that it is worthwhile for organizations to put effort into ensuring that risk culture complements risk management processes.  Management and personnel must understand and utilize the ERM process in place in order for it to yield valuable information to the organization. 

Link: McKinsey & Company

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2013-06-19