People risk: How to mitigate the adverse effects of employee behaviour

The biggest risk to your business could be your organisational culture, but there are ways to change it.

Editor’s note: This is the final article in a three-part series on identifying, understanding, and mitigating people risk — a factor that can keep organisations from achieving their strategic aims and objectives. This article looks at employee behaviour risks. Part one looked at why it’s important that employees fully understand their role. Part two examined skills risk.

People risk is mitigated when employees know what they are supposed to do and have the skills to do it. Simple, you might be thinking — all I need to do is have clear job descriptions, recruit well, give employees high-quality training, and everything will be fine.

However, many organisations have invested tens of thousands of dollars in training, and employees have still opened them up to substantial reputational and financial risk. Think Société Générale, Enron, and Volkswagen — cases where the actions of intelligent, well-trained employees led to regulatory penalties, actual or near corporate collapse, and personal tragedies. This article looks at behavioural risk — the risk that employee behaviour will cause adverse impacts.

The link between behaviour and culture

Observable behaviours reflect the invisible culture in an organisation.

Culture has been defined as “the way we do things around here”. It is the sum of all the beliefs, values, and behaviours that determine how your employees act, both individually and corporately.

When it comes to culture, there is no “one size fits all” approach, and organisations need to determine the right culture for them based on their industry, purpose, and strategy. For example, a low-cost, no-frills supermarket will have a very different culture from a high-end retail store that prides itself on personal service to its wealthy customers.

If the culture of your organisation is linked to behavioural risk, what steps can you take to mitigate the risk?

Understand your culture

The first step to see whether your culture is exposing your organisation to risk is to try and understand it. What drives behaviour in the organisation? Why do people do what they do? Why are tasks not done on time and to the required quality standards? Your existing risk management framework should include mechanisms to capture where employee behaviour is a contributing risk factor. Using the CGMA Risk Management Tool can help you in this.

Several elements drive employee behaviour — the “tone at the top”, systems and processes, what is communicated to employees (and how frequently and consistently), the training they receive, the structure and hierarchy of the organisation, and how they are rewarded, financially or otherwise. In addition to these hard measures, culture can also just as powerfully be driven by softer measures — for example, unwritten “codes of behaviour”, such as “we are nice to each other” and “we don’t upset people”, leads to an avoidance of difficult conversations and problems being “swept under the carpet”.

To get an insight into your culture, you can use proprietary tools and surveys or perform a more bespoke cultural review. If doing the latter, you may want to get your internal audit team involved. Internal audits of culture are becoming more commonplace, though still relatively rare outside of regulated industries. Whatever you do, you must ensure you have a tight grasp of the review’s scope. By definition, culture is vast and amorphous. Narrow your reviews down to where the risk of a behavioural issue would cause the most damage. This may be around health and safety, customer service, or taking on new business — it will depend on your strategic objectives, industry, and regulatory environment.

When you have understood your industry and culture, you can pinpoint the areas that could cause you the most exposure and also have a discussion to determine whether the culture you have is the one that you actually want. The focus of many cultural reviews is to determine whether your culture exposes you to operational, regulatory, financial, or reputational risk. However, the wrong culture can be just as damaging if it’s preventing you from increasing your market share, improving efficiencies, or driving innovation.

Use your culture to its best advantage

Culture change takes many years, so on an ongoing basis you will need to incentivise your employees to behave in a less risky manner, using the key features of the culture you have.

Consider how you can change processes and procedures that suit the culture but also have the impact that you want on people’s behaviour. For example, you may want to keep a supportive culture but also change organisational structures and processes to obtain more of a culture where people are held accountable for their mistakes. If you have a competitive, performance-driven culture, then KPIs and balanced scorecards will work well, so ensure that behavioural measures are included. If your culture rewards efficiency, automate as much as possible and streamline processes.

Train staff and leverage role models

Include the importance of behaviours (the “why” and the “how” as well as the “what”) in training programmes — particularly for new hires and for those at higher levels of leadership. Examples or stories of the desired behaviours in action can work well here. Create champions in your organisation who exhibit the behaviours you want to see and have strong networks and use them to get your message across. These are not necessarily the most senior people or even your highest performers, but they embody the good parts of your culture and informally will have a lot of influence in the organisation.

In the longer term, there is more that you can do to ensure that all aspects of your business are aligned to encourage those behaviours you want to see more of and discourage those you would like to leave behind. Changes to organisational structure, recruitment processes, and systems would be appropriate here. Keep track of how your culture and behaviours change over time to see which measures are working and where you may need further work.

Remember, though, that culture is enormous — so think about which specific culture metrics would make the most sense for you to track. Examples may be key questions in employee surveys, observations of behaviours at key decision-making points, and the speed and diligence of how internal audit findings are addressed.

Moulding your business’s culture over time

Your culture influences your employees’ behaviours. Changing culture can take time, but once you understand the existing culture, you can create a plan with short-, medium-, and long-term actions. Piloting this with one team or division gives you a place to try things out and a group of people to share their experiences and advocate for change when you’re ready to launch across the whole business.

Your people are your biggest asset but can also be your greatest risk. By ensuring employees know what they should be doing, have the knowledge and tools to execute, and are motivated to do it in the right way through your culture, you can leverage this asset whilst reducing the risk.

Helen Tuddenham is an executive coach and leadership development consultant based in the UK. To comment on this article or to suggest an idea for another article, contact Oliver Rowe at


How Culture Affects Risks

Core values are foundational elements in culture. Learn the steps to build a healthy culture within your organisation and embed risk management into your organisation’s culture.


How to Build a High Performing Culture

Learn about a practical, actionable programme designed to give participants the tools to leverage their corporate culture as a distinct competitive advantage.



Online tool

CGMA Risk Management Tool