In my previous role as a Risk Officer at a local airline, I spent a fair amount of time developing and rolling out our Enterprise Risk Management (ERM) and Business Continuity Management (BCM) framework and policy. Getting the structure right is important. Clear governance, a defined risk appetite, escalation thresholds, and tested continuity plans all matter.
But over time, I’ve come to appreciate a simple and powerful truth: once the framework and policy are in place, what really makes the difference is tone from the top.
Especially in aviation, risk management cannot live only in documents or presentations. It has to show up in how decisions are made, how issues are escalated, and how leaders behave – especially when things don’t go according to plan. People don’t take their cues from policies; they take them from leaders.
Three Ways Leadership Tone Makes a Real Difference
1. It shows people what truly matters.
Across the organisation, people are very quick to pick up on leadership cues. When leaders consistently ask questions like, “What are the risks?”, “What assumptions are we making?”, or “What could go wrong?”, it sends a clear signal that risk considerations are part of everyday decision making.
I’ve seen this play out many times. When senior leaders – and particularly the CEO – show genuine interest in understanding risks and tradeoffs, it sets the expectation for the entire leadership team. That tone then cascades into management discussions, project reviews, and operational decisions. Over time, risk thinking becomes normal, not exceptional.
2. It determines whether people speak up early – or stay silent.
Most major issues don’t appear overnight. They are often preceded by early warning signs – nearmisses, small operational issues, or uncomfortable observations from people closest to the work. In my experience, whether those signals are raised early depends largely on how leaders respond.
When leaders listen, stay calm, and encourage openness—even when the news isn’t good—people are far more willing to speak up. When that openness is consistently reinforced at the top of the organisation, it creates psychological safety throughout the system. People feel reassured that raising concerns is the right thing to do, not something to be avoided or delayed.
3. It reinforces who truly owns risk.
ERM and BCM don’t belong to the risk team alone. They belong to the business. I’ve seen how powerful it is when leaders openly take ownership of risks within their areas – whether operational, safetyrelated, financial, or reputational. When that sense of ownership is modelled consistently by leadership, it becomes clear that managing risk is part of being a leader, not a separate process.
Two Reflections from Experience
First, a personal lesson from an early BCM exercise.
I remember an early crisis simulation we ran after the framework had been approved. On paper, everything looked solid – roles were defined, escalation paths were clear, and recovery strategies were documented. But once the exercise started, something became obvious very quickly. People were hesitant. Decisions were slower than expected. Some participants were unsure whether they had the authority to act.
What changed the dynamic wasn’t a better plan—it was leadership tone. As senior leaders leaned in, asked calm, focused questions, and made it clear that timely escalation and imperfect information were acceptable, the energy in the room shifted. Decisions became clearer. People spoke up more freely. The same plan suddenly worked far better, simply because the tone had changed. That experience stayed with me, because it reinforced that plans enable, but leadership tone activates.
Second, from strategic and investment discussions.
I’ve seen risk assessments genuinely influence outcomes when leaders treat them as tools to support decisions rather than as paperwork. In those discussions, tradeoffs are openly debated, downside scenarios are considered seriously, and resilience is built into decisions from the start.
When leadership attention to risk is inconsistent, however, assessments tend to be completed because they’re required – not because they’re valued. The difference is rarely the quality of the analysis; it’s the tone set in the room. When leaders – including the CEO – signal that risk insight matters, it changes how everyone else engages.
One Lesson That Stays with Me
Tone from the top is what turns frameworks into real capability.
Policies provide clarity. Frameworks provide structure. But tone from the top provides credibility. It’s how risk appetite becomes meaningful in practice, how BCM plans actually work when they’re needed, and how culture aligns with intent.
Day after day, leadership behaviour—starting at the top—shapes thousands of decisions that never appear in a risk register. Collectively, those decisions determine outcomes far more than any single policy or process ever could.
A Final Thought
Tone from the top isn’t set by a single message or townhall. It’s set every day—by the questions leaders ask, the behaviours they reward, and how they respond under pressure. In organisations, where our operating environment is complex and unforgiving, the right tone from leadership makes all the difference.
Captain Dato’ Badrul Hisham Yusoff was leading Group Enterprise Risk Management at Malaysia Aviation Group, overseeing the Group’s enterprise risk and business continuity programmes. He was tasked to establish MAG’s risk framework, policies, strategy and communications, strengthening governance and resilience across the Group. With over four decades in aviation, he has held senior leadership roles in corporate safety oversight and pilot training and has supported emergency operations during highstakes events. He holds Malaysian and Australian Airline Transport Pilot Licences and an IATA Diploma in Safety Management Systems. In Thrive, he shares why leadership tone makes frameworks work.
Captain Dato’ Badrul Hisham Yusoff
