There are of course some obvious superficial differences between HR and risk people, which could explain why a dialogue between the two functions has not so much broken down as never even got off the ground. "Risk people can talk Klingon," admits Alex Hindson, head of group risk at insurance firm Amlin. "And the thing about HR professionals is that they are often in the job because they like dealing with people, not filling in forms."

Ellen Hexter, senior advisor, ERM at The Conference Board, who worked with Young on the human capital risk research, adds that risk people "often don't want to engage with HR people. They still see HR as obstructions."

But if both HR and risk can get over that (and more on how later), a mutually beneficial relationship emerges, because both sides can gain much from the other, improving the business for everyone. First, what does risk have to gain from the conversation? At the risk culture seminar that HR magazine attended, it was obvious that what risk managers are beginning to become interested in is the culture of risk: how to make sure that people don't behave in an excessively risky fashion and how to embed the right values to encourage ethical behaviours. The problem is, from many of the discussions at the conference, they are not quite sure how to get there.

Enter HR, with its (hopefully) strong knowledge base about how to encourage positive behaviours, creating and embedding values and aiding cultural change. "Risk culture is clearly in the HR domain," says Tim Thompson, risk analytics partner at Deloitte. "HR has a responsibility for setting the vision and making sure it happens and is consistent through communications, training and hiring."

Harvey Francis, EVP HR at construction company Skanska, agrees that HR has a big role to play in ensuring the ethical health of an organisation. "If HR is serious about being a true business partner, it needs to stand up for what it believes in, do the right thing and hold a mirror up to the organisation," he says. At Skanska, Francis has been instrumental in setting up an ethics committee, on which he now sits. "We ensure the organisation has the relevant policies, training and processes in place to make sure we are as ethically good as we can be," he explains.

At Iron Mountain, an information management services company, security is so important it's one of the organisation's key values, with emphasis put on thoroughly training staff to understand the importance of looking after information. "We have an advantage as it's our core business, but in any company, when you think about your strategy, there will be an information element," says Anne Best, Iron Mountain's SVP HR. "It's an education process. We make sure staff learn the value and potential risk and exposure of having information go missing or get into the wrong hands."