• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Losing sight of culture-related risks

November 22, 2022

The corporate culture narrative has significantly shifted over the last few years, from being very risk-centric, to starting to recognise the opportunities of getting culture right and being a source of competitive advantage.  Reporting on culture is now more often to be found alongside strategy, HR and environmental, social and governance (ESG) disclosures of the annual report, which is good news because it suggests greater integration.  While culture is still included in some risk registers, disclosure is largely standardised and reduced to risks associated with non-compliance, recruitment and diversity & inclusion (D&I).  With this change in emphasis and tick-box reporting, are we losing sight of less obvious culture-related risks?

The 2018 revision of the Corporate Governance Code (the Code) brought into focus corporate culture and purpose, as well as emphasised stakeholder engagement and matters set out in section 172 of the Companies Act 2006.  However, as the FRC’s 2019 and 2020 reviews of corporate governance reporting showed, many businesses were slow to respond to the new reporting requirements, putting into question whether those matters were given sufficient attention by some boards.

Progress in reporting was accelerated by the Covid-19 pandemic, which has brought social issues to the fore.  The ‘S’ of ESG now serves as a call to action for many boards.  Those businesses that had their strategy aligned with their culture, purpose and values (Principle B of the Code) were much better equipped to navigate the storm by having a clear direction of travel and ability to tap into their key resource – their workers more effectively and strong support from their other stakeholders.  While the pandemic may be over, at least for now, the ESG movement, despite being battered by the wave of criticism recently, is here to stay, and so is the emphasis on creating a positive culture.

This assertion appears to be in line with the FRC’s recently published 2022 Review of Corporate Governance Reporting.  However, despite more comprehensive disclosures in annual reports, the narrative is still often limited to policies and actions, making it difficult to assess whether chosen people strategy is the right one for the company.  For example, company A conducts a survey which shows general dissatisfaction by its workforce.  If the company then decides not to act on the survey’s findings, acts too late or chooses inappropriate remediation strategy, this can further dampen morale and disenfranchise workers, becoming a serious culture risk.  Boards, supported by their committees and various functions across the organisation, including Ethics & Compliance, HR, Internal Audit and Risk, must keep a finger on the pulse by regularly monitoring culture (Provision 2 of the Code).  Assessing outcomes and impacts of the management’s people strategy and actions, as well as related risks, is integral to this process.

While the most recent monitoring report doesn’t specifically discuss culture-related risks, the research has found that only a few companies addressed this area more widely.  Risks stemming from management’s inaction or choosing an inappropriate people strategy, as in the example above, or overlooking a ‘toxic culture’, were largely underreported.  Yet they can be as destructive as dripping water that hollows out the stone.  Just like benefits and opportunities are broadly discussed, so should be the risks.

Most would agree that installing positive corporate culture brings many benefits.  For example, when people feel appreciated, included and recognised, they are more likely to be loyal, productive and creative.  However, it’s equally important not to lose sight of risks stemming from culture going wrong.  Despite best efforts, not everything can be codified into compliance or behavioural models.  Culture is not static, it’s a journey – not a destination.  Boards need to stay vigilant and regularly monitor culture, through a combination of metrics and observations, and report on findings in a balanced manner.

 

Rafal Budzinski is a Senior Policy Associate at the Corporate Governance & Stewardship team at the Financial Reporting Council.  He has over ten years of experience in corporate governance and ESG, having worked in various roles, and currently leads on the FRC’s work on corporate culture of the FTSE premium listed companies, including the 2021 publication on Creating Positive Culture – Opportunities & Challenges.

Tags: Rafal Budzinski
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson