Skip to main content

APRA Risk Culture - Survey Questions

This page contains the survey questions rolled out by APRA to 18 authorised deposit-taking institutions on their organisation’s risk management practices, between October and December 2021.

The content below is part of the APRA Insight article No room for complacency on bank risk culture.


APRA Risk Culture Dimensions

Survey Questions


My direct manager 'walks the talk' on risk management.

There are clear messages from leaders regarding how our people should manage risks.

Leaders in my part of the business appropriately challenge decisions to ensure good risk management.

Risk Appetite and Strategy

I know the level of risk I can take in my role.

In my part of the business, risk tolerances are aligned with our strategy.

I have a clear understanding of the emerging risks in my part of the business.

Decision Making and Challenge

Risk management is regularly considered and reflected as a core part of decision-making.

People I work with are open to two-way feedback, even when messages are difficult.

In this organisation, constructive challenge of decisions is encouraged.

Risk management decisions seek to reflect diverse viewpoints.

Communication and Escalation

In this organisation, we are encouraged to escalate risk issues promptly.

It is safe to speak up in my part of the business.

In this organisation, risk management expectations are frequently communicated.

Risk Capabilities

This organisation demonstrates a commitment to the wellbeing of employees.

I have been equipped with the right training to identify and manage key risks in my role.

My part of the business has reliable systems that help us manage risks effectively.

Risk Governance and Controls


This organisation has effective processes for controlling risks.

This organisation's processes for overseeing risks are effective.

Risk frameworks and policies strike the right balance between risk management and business outcomes.

Responsibility and Accountability

My risk management responsibilities are clearly communicated to me.

Individuals in my part of the business are clear on their risk management accountabilities.

The risk management roles and responsibilities shared between the business, the risk function and internal audit are well understood (i.e. Three Lines of Defence model).

People in this organisation admit when they have made mistakes.

Performance Management and Incentives


Risk management responsibilities / accountabilities are included in my performance objectives.

When risk management processes are not followed, there will be appropriate consequences even if there is a positive business / customer outcome.

There is recognition and reward for people who identify and manage risk effectively.

Alignment with Purpose and Values

I can clearly connect my role to the organisation's purpose.

People in my part of the business behave in a way that is consistent with our stated values.

In this organisation, our values promote good risk-based decision making.

Risk Culture Assessment and Board Oversight


I understand the desired risk culture that has been set for this organisation.

I am aware of regular monitoring of our risk culture.

In my part of the business, there is a clear understanding of what we need to do to improve our risk management practices.

*In addition to the core survey questions above, APRA also asked an ‘attention check’ question and a number of questions relating to a thematic area (e.g. risk transformation).