Institute of Risk Management - presentations on Risk Culture and embedding risk management

Delivered last week at the Solvency II Special Interest Group were a couple of presentations regarding embedding risk management and "risk culture". I generally think that "culture" is something you find in a yoghurt pot, but to be fair there is some good stuff in the materials below;

IRM Chair's presentation - some nice elements in this, such as

• Risk culture being "at its simplest...how 'risk management' is factored into decision making" - I would go further and make this the most complex definition, rather than elaborate
• Nice transposed diagrams of how certain risk cultures need to implement ERM in certain ways

Survey on risk culture and embedding risk management - remember at 28 participants it is a small sample, but flags the following;

• Around half are lumping "risk culture" and "embedding risk management" into their (Risk?) Solvency II Workstream (i.e weren't planning for it otherwise)
• Quarter had no sponsor for risk culture work
• Around 30% cited "lack of access to management time" as a challenge
• No real favoured technique for assessing risk cultures or embedding risk management - number of options cited
• None of the 9 relevant participants had received a "poor" rating from S&P for their ERM structure
• Not many outliers on the questions regarding risk governance, risk resources, risk transparency and responding to bad news - most were 2/3 out of 4
• Few more outliers in questions on risk competence, making risk decisions and rewarding risk taking - suggests that, while companies are relatively competent at 'playing at doing risk', at the sharp end the relevant skills and attributes are by no means compulsory

Not exactly my cup of tea this subject, but this is still useful stuff.