Developing risk culture training that packs a punch: five key solutions

4 min read
Oct 13, 2022

When a strong risk culture is present throughout an organisation, employees make decisions in line with company strategy and within risk appetite: but how can we increase risk culture engagement from the business?


Download now [Case Study]: Introducing risk culture to the board: turning theory into practice

People manage risk constantly as they go about their everyday lives, whether they are crossing a road, considering travel insurance for a holiday, or wearing a seat belt in a vehicle. Often though, their ability to subconsciously assess risk stops when they walk into work.

Establishing a robust organisational risk culture will help employees to continue with this kind of risk-led thinking at work. This will, in turn, help organisations better navigate potential threats and take advantage of opportunities as they arise.

The key is to build a common understanding of risk and its purpose within an organisation and then embed that into everyday decision-making processes. However, this is easier said than done.

You need an effective risk culture framework that has the right leadership buy-in to achieve this risk-based decision-making at all levels. This will involve reviewing risk culture; mapping risk culture at the organisation to identify areas in need of improvement; applying standard risk tools; communicating culture effectively; and conducting effective risk culture training.

Here, we highlight five methods implemented by risk managers to deliver effective risk culture training:

1) Use face-to-face (in-person or online) training between the risk team and all employees

Lead the way and let the business know who you are. Some organisations delegate training to risk champions, but creating a solid link or even just a sense of familiarity between employees and the risk function directly can help to more firmly embed risk as an important issue throughout the organisation.

Tried-and-tested training sessions also link risk culture to the company’s values and other “known” pillars, all the while steering employees away from viewing culture as an impersonal, box-ticking exercise. It’s also important to frame risk in terms of impact, likelihood and velocity, so that employees think about risk as something that develops over a period of time.

To achieve this, there are three guiding elements that should underpin any training session on risk culture:

  1. Think differently
  2. Get the whole picture
  3. Every employee is a risk manager

2) Demonstrate how risk management can help support better decision-making

Helpful aids include real-life examples, such as evaluating the risk of crossing a street, and organisational structures already in place such as the company code of conduct. Every employee is a risk manager – your culture training sessions must demonstrate how their active participation in risk management propels the organisation towards reaching its objectives.

There are also major benefits to the risk team sending this message themselves during training sessions. For example, if the employees can get to know the risk team and understand the value of risk management from their perspective, they will likely be more proactive and communicative in the future when it comes to raising potential problems.

3) Localise risk culture training and information

Assessing risk maturity levels for each team or segment that is being trained will help to make the learnings relevant and therefore more engaging. Some risk managers use the results of online assessments to assign maturity levels to different areas of the business, and create a specific action plan for each level.

Risk managers also find it useful to start training at board level and then move on to each branch of the business, starting with the executives and then working towards the rest of the employees, getting further into the practicalities as they progress.

4) Embed risk into the fabric of the organisation for the long term

In addition to training, build risk requirements and skills into job descriptions and competency frameworks to ensure that each individual knows how and when they should consider risk management during their daily activities.

Linking risk culture to performance management can also help. For example, several risk leaders have shared how they use training programmes that link risk management to future progression, essentially training future CEOs to be highly aware of the company’s risk culture.

The aim of risk culture should be to develop a common, enterprise-wide understanding of how to evaluate risks and act when they are detected.

5) Remain close to the business to monitor effectiveness of training

It would be easy, once training has been delivered, to leave the organisation to its own devices and hope that the lessons given during training sessions have been learned. However, risk culture training does not have an end date and should be an ongoing activity, with monitoring and reviews performed across the business as conduct, strategy and culture evolve.

In order to keep tabs on how the business is managing risk, the risk function also needs to make itself available on an ongoing basis to answer the questions of employees and encourage them to apply risk thinking to their own roles. To help facilitate this, businesses can lean on risk champion networks to provide support and feed back to the risk team on any issues or worrying trends that might arise.


The insights featured in this article have been shared by risk practitioners during a series of member meetings held by Risk Leadership Network, while our full guide to risk culture training and engaging the business on risk culture is available to Members via our Intelligence platform.

Are you an in-house risk manager who could benefit from collaborating with a global network of risk leaders? Find out more about our approach here.

Get new posts by email