Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

To strengthen your risk culture, start by asking these questions

August 28, 2012
Read Time: 0 min


Robert WagnerAs board members and management look to improve their organization’s Enterprise Risk Management (ERM) system, it’s important to start by asking several critical questions, financial consultant Roberta Wagner of Bugbee Wagner PLLC says. In this guest column, Wagner proposes several topics executive leaders should probe in order to strengthen the process.

Enterprise Risk Management: Organization or Culture Risk

 By Roberta Wagner

The hub of any strong Enterprise Risk Management (ERM) system is the organization’s risk climate or culture, i.e., the attitude and approach the organization takes toward identifying, monitoring, controlling, and mitigating risk.

Truly understanding the risk climate requires more than just completing checklists. It is at the very heart of how executive management and the board approach risk and it’s often not black or white. How are decisions made in the organization? Are opposing concerns minimized? Are executives encouraged to discuss concerns? How does the board or executive management discuss the things that keep them awake at night? How strong is the “bad-news network”? How is the quality of management and human resources practices incorporated into the ERM system?

Below are some questions that board members and CEOs might ask to begin this critical part of developing a sound ERM. We find in our work with organizations that assembling confidential board and management responses to these questions is often enlightening and can help to strengthen the risk culture.

1. Have the major perceived risks to the organization been:

a. Identified,

b. Ranked, and

c. Discussed with the board?

2. What risks do you see that are not either clearly identified or a part of management/board focus?

3. Has the board approved a risk appetite statement?

4. What are the incentives and penalties for officers who identify risk in the organization?

5. How are the “cons” of a major new initiative handled in executive management and board sessions? Does an atmosphere of “group think” prevail, or are alternative ideas encouraged?

6. What happens when a major risk is uncovered that was not identified by management?

7. How are concerns about executive performance handled?

8. Is the board conversant with the various risks?

9. Is there a split on the board?

10. Does the board add value to strategy development?

11. Can you clearly describe your institution’s strategy?

12. Does the entire executive management team have responsibility for ERM or has one lower level officer been assigned the responsibility?

13. Have both performance and leading indicators been identified for all major risks? (For example, on asset quality, a key performance indicator is the coverage ratio. Risk indicators for various concentrations in the portfolio might include industry performance ratios.)

14. How are risks monitored and reported? Do you have a risk model?

15. How strong are your controls on risk? (For example, audit or policy limits and reporting.)

Just answering these questions and having a candid, thorough discussion of what that means for ERM in your organization will take you a long way in developing a strong ERM system.

For more information on preparing for your next regulatory exam, download the whitepaper, 9 Ways to Prepare for Your Next Examination.

Roberta Wagner has more than 30 years of experience in the financial services industry in senior regulatory and consulting roles. She is a founding partner of Bugbee Wagner PLLC (, which is headquartered in Gig Harbor, WA and provides enterprise risk management, regulatory advisory, and other traditional management consulting services to financial institutions. 

About the Author


Raleigh, N.C.-based Sageworks, a leading provider of lending, credit risk, and portfolio risk software that enables banks and credit unions to efficiently grow and improve the borrower experience, was founded in 1998. Using its platform, Sageworks analyzed over 11.5 million loans, aggregated the corresponding loan data, and created the largest

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.