Culture: The One Element Most Critical for the Board’s Management of Risk

Private Director’s Association – December 2016 Newsletter



Something More Fundamental

Previous articles in this forum on the topic of risk management focused on such things as the need for a risk register and improvement opportunities for board-level reporting. But today, I want to take directors back to something even more fundamental — something that explains both the “failure to thrive” in so many businesses — and the colossal failures in giants such as VW, Wells Fargo, and General Motors. It is also the key to enabling successful strategy execution. What is it? Culture.

Given everything a company must do, what makes culture so important? How does this link to business growth over time? What can board members do to impact the risk culture and enhance oversight? What indicators should we be looking for? These questions are being asked in board rooms and court rooms all over America today, and are discussed below.

Importance of Culture

Let’s begin with some reasons why board members and senior leaders should be concerned about culture.

Peter Drucker, a recognized leader in the development of management education, is often credited with saying that “culture eats strategy for breakfast”, meaning that great strategies can be enabled or resisted by strong enterprise cultures. A bad culture can also surround and destroy organizational creativity and initiative. Joe Tye, CEO of Values Coach, the leading authority on values-based leadership skills and strategies, said “when strategy and culture collide, culture will win. Culture provides a level of risk prevention that cannot be attained with strategy alone”.

At a recent leadership conference in Washington, D.C. for corporate directors, I heard a keynote speaker state that “risk is not knowing what is going on around you”. Earlier, when I was involved in helping to change the dynamics around risk taking at General Motors, our CEO talked about culture as a set of specific behaviors exhibited by leaders and modeled by the team – which could be either positive or negative. In other words, it was about the ways in which people acted when no one was looking. But how can a company model and reward the desired behaviors to fix or improve the culture? The answer starts at the top with the actions of the board and CEO.

Pamela Bilbrey and Brian Jones, in their book Ordinary Greatness: It’s Where You Least Expect It… Everywhere, said, “Every organization has a culture. Unfortunately, many, if not most cultures developed by happenstance…” As board members, we cannot afford to let this occur. Culture should be planned and fostered.

James S. Turley, former chair and CEO of Ernst & Young, chairs the audit committee at both Citigroup and Emerson Electric Co., and serves on the boards of Northrop Grumman Corp. and Intrexon Corp. His advice to directors: “You want to create a ‘culture of candor and credible challenge’ [that allows directors] to ask the uncomfortable questions of management.” When the culture in the organization does not support open communication with the board, big problems can occur. As directors, we need tools to help us understand the organization’s current environment to assess what improvement may be needed.

Pointing the Way

As a director, what are some of the questions we could ask, or indicators to look for, that might tell us about the health of the risk culture?

  • Is the CEO active in creating the culture for the organization? Is he or she modeling the right behaviors?
  • Is there appropriate tone at the top, both during and outside of board meetings?
  • During strategy, product, and investment discussions, is there transparency around business assumptions, openness to respectful but challenging views, and identification of emerging risks to the business model beyond the immediate planning horizon?
  • Is there a willingness to bring forward bad news? Is there an understanding that failure may occur, but the business cannot grow and prosper without taking smart risks?
  • Has the board established clear expectations for timely identification and handling of risk, particularly those around business goals and objectives? Is there clear risk ownership?
  • Not everything should be filtered through the CEO. Are other executives and risk owners present at board meetings and allowed to take questions directly?

Conversely, here are some of the indicators that the risk culture may not be effective:

  • Unclear objectives for the organization and each group or function
  • Lack of awareness at the staff level of the company’s long-term and short-term strategies and objectives
  • Allowing unethical practices or failing to address noncompliance with policies
  • Using extreme “stretch” goals to drive the business, or too much focus on short-term goals
  • Lack of attention to regulatory failures or issues raised by risk owners or auditors
  • Shooting the messenger – bad news is not well received by management
  • Failing to train leaders on the basics of managing their risks; inconsistent or nonexistent understanding of risk, leading to unwanted “surprises”
  • Absence of visible processes to measure performance, manage business change, or manage risk.

The Rewards

According to scholars at the Enterprise Risk Management Initiative in the Poole College of Management at North Carolina State University, fostering meaningful conversation is key to shaping the right risk culture. Importantly, the board and management need to exercise best practices in governance. Management and the board should encourage open discussion and foster trust in the organization to drive certain behaviors. A busy schedule should not interfere with the important conversations that need to take place to manage risk.

Culture should not be left to happenstance, but instead should be driven by thoughtful consideration by the board. We need to develop greater confidence in management’s ability to navigate risk to achieve company objectives more often. With that comes not only the ability to truly know what is going on around you, but fewer performance surprises. Organizations that are agile and can act quickly in the face of new or changing risks will be able to successfully pursue greater levels of risk and reward.

I will end with a quote from Lou Gerstner, former IBM CEO, who said, “When I came to IBM, I probably would’ve told you that culture is just one among several important elements in any organization’s makeup and success – along with vision, strategy, marketing, financials and the like… I came to see, in my time at IBM, the culture isn’t just one aspect of the game – it is the game”.


This Article is Classified as: BOARD OPERATIONS – Communication and Culture, in the PDA Body of Knowledge.  Published at


5 thoughts on “Culture: The One Element Most Critical for the Board’s Management of Risk

  1. Very interesting and informative article. How then do we drive the right culture to ensure that the employees are aiming for achievement of strategic objectives, especially in an organization where the culture is not aligned to strategic objectives?


    1. Paul, you hit the nail on the head. It starts with the board and CEO defining what they want the organization to be and how they intend to get there. These objectives have to be shared throughout the organization if there is any hope of aligning employees in support of the goals. Culture changes slowly, and the CEO has to want to do this or it won’t be successful. Sometimes companies are afraid to share their objectives for competitive reasons, but then I say “good luck” in reaching them!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s