An effective risk culture is the cornerstone of any resilient organization, enabling it to navigate uncertainties and achieve its strategic objectives. This Risk Culture Assessment Questionnaire is designed to help organizations evaluate their risk management practices and identify areas for improvement. It focuses on fostering transparency, accountability and alignment between governance and strategy. Addressing key aspects such as communication, oversight and decision-making processes, this tool empowers organizations to build a proactive and cohesive risk culture that balances value creation with robust control measures, ensuring long-term success.

This tool includes two samples. Sample 1 introduces enterprise risk management (ERM) as the essential foundation for strengthening risk culture. It highlights how ERM establishes the oversight, control and discipline needed to continuously improve risk management capabilities in a dynamic business environment. Sample 2 focuses on defining and communicating the organization’s risk appetite through clear objectives. It guides organizations in articulating what risk appetite means for their unique context, linking risk tolerance to strategic priorities, regulatory requirements and enterprisewide risk management frameworks. By clarifying the level of risk your organization is willing to accept in pursuit of its goals, this tool enables better alignment between risk taking and long-term success, while supporting compliance and informed decision making at every level.

Sample questions include:

• Is management periodically evaluating changes in the business environment to identify the risks inherent in the corporate strategy?
• Does management apprise the board in a timely manner of significant risks or significant changes in the organization’s risk profile?
• Are there patterns of behavior that provide an indication as to whether risk management and internal controls matter?