Organisational cultures can either enable or inhibit effective risk management through either constructive or defensive behavioural norms respectively.
When there is constructive organisational culture, people want to, rather than have to, manage risks and do good risk management. And when there is a defensive organisational culture, people avoid doing good risk management and only do risk management when they have to or are being forced, either by management or regulators, merely as a tick-the-box compliance exercise. Continue reading