Cognitive risk culture and advanced roles of actors in risk governance: a case study

Abstract

PurposeThe purpose of this study is to explore the best practices for improving risk culture and defining the role of actors in risk governance.Design/methodology/approachThis paper presents an exemplar case of a British insurance company by using a qualitative case research approach.FindingsThe case study shows how the company was successful in changing from a compliance-based and defensive risk culture to a cognitive risk culture by using a systems thinking approach. Cognitive risk culture ensures that everybody understands risks and their own roles in risk governance. The change was accomplished by adding an operational layer between the first and second lines of defense and developing tools to better communicate risks throughout the organization.Practical implicationsPractitioners can potentially improve risk governance by using the company’s approach. The UK regulator’s initiative to improve risk culture can potentially be followed by other regulators.Originality/valueThis is among the few studies that describe actual examples of how a company can improve risk culture using the systems approach and how systems thinking simultaneously resolves several other issues such as poor risk reporting and lack of clarity in roles and responsibilities.