Most recent efforts to create guidance for modern risk management practices emphasize the importance of connecting risk management policy and practice with an organization’s culture and values. However, identifying or establishing that connection is not widely discussed or understood. What does it mean to state that risk management is an expression of an organization ’ s values?
This article discusses the basis for identifying the connection between organizational values through the lens of the Ethical Organizational Culture and attempts to draw out linkages with current risk management thinking on the subject. The establishment of a basis of identifying organizational values and their link to risk management policy and practice is illustrated through a case analysis of the Veritas Institute’s Self-Assessment and Improvement methodology.