Om os Produkter Kontakt os
6 november 2019

Culture versus people

By Karin Gustafsson
Senior Financial Lines Underwriter and Market Manager
Read More

Well-defined and communicated corporate culture and values are the best defence against the unpredictability of people, according to Karin Gustafsson, Senior Financial Lines Underwriter and Market Manager at QBE.


Businesses today are operating in a world of rapidly changing values and social norms. Whether it is the conduct of senior executives, the outcome of elections, or emotive issues like climate change or #MeToo, the human element is one of the most important drivers for risk and uncertainty.

According to QBE’s Unpredictability Index, the world has become increasingly unpredictable in recent years. Almost all of the ‘least predictable years’ in the past three decades have occurred in the past 20 years, with the majority since the global financial crisis. The increase in unpredictability is largely driven by rising political and economic risk, although the interaction of societal, business and environmental factors is one of the most striking findings of the Index.

Despite mounting regulation and advances in technology, the ‘human element’ is almost always a factor in corporate failings; from industrial

disasters, to corporate scandals and data breaches. Regulations, processes and operational risk controls are not adequate alone to address the unpredictability of human behaviour. However, a strong corporate culture can promote the right behaviours and help people consistently make the right decisions, irrespective of the nature of the events they encounter.

Risk driver

An organisation’s culture and values matter. Almost two thirds (65%) of business leaders surveyed in a PWC study believe corporate culture is more important to performance than strategy or structure. A good culture can attract talent, boost sales and productivity, and generally make for a sustainable business. But a bad or weak culture can destroy value and trust, damage reputation, and even lead to financial ruin.

Recent years have seen countless examples of poor corporate governance and culture. Mis-conduct by banks, emissions cheating in the automotive industry, breaches of privacy by social media platforms, sexual misconduct and safeguarding issues in the charity and entertainment industries, the use of slave labour in electronics and food industry supply chains, and environmental catastrophes, such as the Brumadinho dam disaster in Brazil. The list goes on.

Risk culture

The causes of corporate failings are varied and complex, but common threads can be identified. Mis-aligned incentives, as well as excessive greed or competitive pressures, can lead to sharp practices, mis-selling and, in extreme cases, illegal actions. Many incidents have exposed other common human failings, such as short-termism, entrenchment and wilful blindness, which can see leadership and/or employees ignore obvious risks and resist change.

QBE research suggests companies are relatively confident about leadership’s role in driving corporate culture, as well as embedding core values and a positive risk culture in operational activities. However, the analysis found organisations struggle with three key drivers for corporate culture: aligning incentives with core values and desired behaviours, embedding risk culture in performance reviews, and continual learning.

High profile corporate failures also suggest companies do not learn from their (or others’) mistakes, or at least are too slow to react. Organisational culture and risk management learning is often

fragmented, either limited to parts of the business or in response to events or regulatory changes. If not captured and shared, experience and lessons learnt will leach away as memories fade, and people leave the business.

Strong corporate culture starts at the top. It’s about setting the tone at board level, and then driving the message down and throughout the organisation. Boundaries and appetite need to be clearly defined and communicated.

Setting the tone

Strong corporate culture starts at the top. It’s about setting the tone at board level, and then driving the message down and throughout the organisation. Boundaries and appetite need to be clearly defined and communicated. Many instances of corporate failings in recent years have shown expected behaviour and tolerances were not well defined or conveyed by the board and senior management. But ‘tone at the top’ counts for nothing if the same tone is not adopted by all layers of leadership down to first-tier management as it’s those behaviours that are seen every day.


businesses felt that they had a positive risk culture embedded 

Research has shown that leadership, good management practices and a positive work environment can reduce unpredictable behaviour. A study from the CIPD, for example, shows that culture and leadership influences unethical behaviour, while moral leadership and an ethical climate will enhance ethical behaviour. The study also says certain situations or jobs affect behaviour. For example, time pressure or isolated decision making can increase the likelihood of unethical behaviour, whereas accountability and checks and balances can reduce it.

Embedding a corporate culture, however, can be challenging. When QBE conducted its Risk Culture Survey in 2015, it found only three in 10 businesses felt that they had a positive risk culture embedded. This is especially true for large multinational organisations, where the distance between the leadership and those at the coal face can be large, and messages can become watered-down. The size and scope of an organisation and its wider supply chain make it challenging to establish a healthy corporate culture at a global scale.

Corporate governance

The importance of a strong corporate cultural is increasingly recognised in corporate governance as the lessons of corporate failures are fed back into rules and guidance.

For example, the most recent update of the UK’s Corporate Governance Code makes clear that boards must decide what type of behaviours and culture they wish to promote, and requires them to assess and monitor culture throughout the company. The Code also introduces the concept of corporate ‘purpose’ and ‘values’, which need to be aligned with corporate culture.

Culture, behaviour and conduct are also growing areas of focus for

regulators. This is particularly true for financial services, where conduct and mis-selling scandals have caused huge reputational damage in recent years and undermined consumer trust. In the privacy arena, regulators have also turned their attention to corporate culture, which has been found to play a role in a number of large data breaches and cyber security incidents.

The risk management community is also paying more attention to culture, seen by many as

the bedrock of good enterprise risk management. The recent update to the international risk management standard ISO 31000, for example, requires companies to align risk management with the organisation’s strategy and culture.

Interest in risk culture has been growing for many years. Whilst there are now numerous scholarly articles and guides on the subject, the ability to effectively evaluate risk culture and develop a proactive plan for improvement remains difficult. However, a good place to start is to review an organisation’s risk culture. To this end, QBE has developed a

Risk Culture Profiling Tool for its customers, an easy-to-use tool that can be used to assess risk culture and shape discussions around it.


In an increasingly unpredictable world, corporate culture is more important than ever. Drivers for uncertainty, such as the rise of populism, social media and automation, will require robust cultures that support and encourage people.

With countless cases of corporate failings, operational risk controls in isolation are inadequate to prevent the more complex claims we see in our increasingly globalised and connected world. A strong corporate culture - clearly defined and driven by leadership - can guide people on how to act in adverse situations. When processes run out of scope, people need to use their own judgement, pause and take stock, and share their concerns with others.

An organisation’s culture and values

can have a direct bearing on its ability to cope with unpredictability. A strong corporate culture should reduce the risks of unexpected events, such as a data breach or extensive product recall. But it can also help organisations adapt and pursue opportunities created in today’s fast changing world.

More like this

Sign-up to be notified about future articles from the Unpredictability Series, and other thoughts, reports or insights from QBE.

Subscribe now