Rather than discuss the benefits of risk management in this article, I want to take some time to explain what can possibly happen if you do not proactively identify, assess and manage risks in your organization.
As I explain elsewhere, risks in the ERM context is more than just potential hazards – it includes any threat OR OPPORTUNITY to achieving business objectives.
So let’s cut right to the chase – below are 8 possible consequences of putting risk management on the back burner. Each consequence is ranked from lowest impact to highest on the organization.
It is important to note that many of these are not necessarily catastrophic when taken alone, but as you will see, they can cascade on one another and lead to disastrous consequences for an organization.
1. Fines – Not having a formal risk management process in place puts your organization at risk of fines or sanctions from federal, state and even industry-specific regulatory bodies. One of the most significant regulations pertaining to risk management comes from the U.S. Securities and Exchange Commission (SEC) and its proxy disclosure enhancements. Adopted in 2013, this rule lowered the burden of proof on risk management inadequacy from fraud to simply negligence. In other words, boards and senior management of companies subject to SEC regulations can no longer claim they had no knowledge about a risk.
On an operational level, companies who do not evaluate risks associated with innovations or general operations will fail to spot hazards and take steps to avoid them. One huge example of this is the disastrous Deepwater Horizon oil spill in 2010. Not adequately understanding the risks associated with drilling in deep water led to BP setting up a $20 billion compensation fund following the oil spill that affected over 2,500 square miles of the Gulf of Mexico.
2. Employee Turnover – It is completely normal for a certain number of employees to leave an organization. This can occur for several reasons, both personally and professionally.
However, when there is a high rate of employee turnover, there are likely other factors in play. Perhaps certain employees feel like their growth potential is limited or the culture of the enterprise doesn’t recognize their contributions. Regardless, individuals in this situation are more likely to seek new opportunities.
A recent survey of over 600,000 users of Glassdoor found that compensation was one of the least important factors in workplace satisfaction, but was instead outranked by culture, values, leadership, and growth opportunities. Additional research by LinkedIn shows that 65% of American workers would take a job without a fancy title in order to work with a CEO they believe in.
Not understanding these specific factors for your organization – not identifying the risks associated with talent retention and properly managing those risks – could lead to a higher rate of employee turnover, which of course hinders your ability to meet goals and creates more expense for recruiting new talent.
3. Customer Dissatisfaction – Customers (…or donors or volunteers in the context of a non-profit) are what keeps the lights on at any organization. If there is dissatisfaction for any reason, they will pick up and move their business to a competitor, and they are likely to be vocal about the situation on social media. Rebuilding that trust can take a long time depending on the situation.
A company that does not consider risks that can affect their customers are setting themselves up for trouble. Take Target’s infamous credit card breach as an example…
Just before Christmas in 2013, the retailer announced that as many as 40 million credit and debit cards were compromised during this breach. According to company statements, hackers were able to obtain customer names, credit/debit card numbers, expiration dates, and even those three-digit security codes (CVV) found on the back of the card.
The result of this fiasco was not only irate customers venting their frustration on social media and other outlets, but also an $18.5 million multistate settlement, the largest of its kind.
Had Target been proactive with identifying, assessing and managing risks to its payment systems and third-party vendors, the huge settlement and extreme customer dissatisfaction could have been avoided.
4. Missed Opportunities – Not identifying threats and opportunities to achieving business objectives can also lead to missed opportunities. While this may not seem like a big deal on the surface, missing opportunities can lead to a loss of market share and eventual irrelevance.
Nowhere is this truer than Blackberry, which in the early 2000s, was at the cutting-edge of innovative products that integrated email and other features aimed at business users into a cell phone.
However, the company missed several cues that technology was evolving into touchscreens and even more robust devices and practices that are commonplace in today’s world. In the company’s heyday, corporations would issue Blackberry phones to their employees; today, it is more common for employees to integrate their personal devices with their work needs. Slowly but surely, touchscreen devices such as Android and Apple smartphones have overtaken the Blackberry.
As of late 2016, the company is no longer manufacturing smartphones and instead focusing on software and security. The result of not foreseeing these technology advances and consumer demands: Blackberry’s share of the smartphone market is now effectively 0%. In just under a decade, Blackberry’s market share fell from 25% to 0% – talk about a fall from grace!!
5. Negative or Damaged Reputation – This consequence of ignoring risk management is similar to customer dissatisfaction, but its impact is more significant since it usually involves nefarious activities within an organization instead of a mere mishap.
Recent scandals at Wells Fargo serve as a great example…
In short, over 5,300 employees at the large financial services company were creating false accounts in order to meet sales quotas. According to a consent order from the Consumer Financial Protection Bureau, accounts were fraudulently created and then funded “…through simulated funding, or transferring funds from consumers’ existing accounts without their knowledge or consent.”
Many attribute this massive fraud to the company’s strict quotas and management’s aggressive tactics in pursuit of those goals. According to grievances filed by employees, the company would force them to work extra hours for no compensation or threaten termination if they didn’t meet the quota.
Recent news of another scandal involving the company’s auto loan practices is damaging Wells Fargo’s reputation even more.
By not investing time to build a risk aware culture, not having checks and balances, and not evaluating its goals, Wells Fargo is dealing with not only massive fines, employee turnover and customer dissatisfaction, but damage to their core reputation that will take years to undo.
6. Product or project failure – It’s a story as old as business itself. A new business opens its doors or a company unveils a new product to much fanfare just to see it flame out in short order.
The Amazon Fire Phone is a prime example (yes, pun intended!). Known for their innovative products like the Kindle reader and tablet, many thought a smartphone from Amazon would be a hit. However, after just a few short months, consumers grew frustrated with its lack of apps, music, and other features in relation to other smartphones.
In this case, Amazon failed to consider risks to the success of its Fire phone. Did they conduct enough analysis of their target market? The company had much success with their tablets by appealing to certain price points, but the Fire phone had the same level of components as flagship systems like the iPhone, and was therefore just as expensive according to this report.
Scenario planning (…or scenario analysis) is one method Amazon could have used to identify risks to its objectives and make adjustments.
7. Loss of profits, financial loss – Every one of the preceding 6 consequences leads to some sort of financial loss, be it in the form of fines, lost sales, or even lower share values.
We could draw any number of examples out of a hat, but I think the following two from our inaugural posts serve as good small scale ones:
- Recent Southwest and Delta Outages Expose Huge Technology Risks – In the summer of 2016, thousands of flights were canceled due to computer glitches that reverberated throughout the companies’ entire operations. In these cases, both Southwest and Delta failed to identify and address not only technology risks, but vendor risks too. Response plans were lackluster at best, leaving many passengers stranded at the airport. Both companies experienced stinging financial loss over these incidents. Read more…
- Risk Management Decisions Impact on People and Businesses in Hurricane Hermine Aftermath – Last September, my hometown of Tallahassee experienced a minor hurricane. Contrary to the Florida’s reputation about hurricanes, even a small Category One hurricane is a major weather event for our area where the panhandle joins the peninsula. While not a disaster in the true sense, Hermine did cause some pretty messy damage in our area. Big-box retailer Walmart learned this lesson the hard way since it did not have power generators to keep frozen and perishable foods cold. As you can see in the personal photo, the result was huge amounts lost inventory and revenues. Walmart wrongly assumed that since Tallahassee isn’t on the coast, it can’t get hit by a significant tropical event. Hopefully, they learned from this experience and will be better prepared for the next time. Read more…
8. Business Failure – You can say business failure is the culmination of all of the other 7 consequences. Damaged reputation, product failures, and financial loss can all cascade and force companies into the worst position – having to close its doors.
The iconic Eastman-Kodak is a great example. In the pre-digital world, Kodak was known around the globe for high-quality, affordable photography. Their disposable cameras were a staple of many vacations.
However, the advent of digital cameras and now smartphones that take crystal-clear pictures spelled eventual doom for Eastman-Kodak’s photography business. As part of its Chapter 11 bankruptcy reorganization, Kodak sold its photographic film operations in 2012. By not using enterprise risk management to identify threats and opportunities to business objectives, Kodak went from a pioneering company and household name dating back to the late 1800s into bankruptcy within a couple of decades.
These examples provide a high-level overview of how ignoring risk management can affect an organization. Most cases, even financial loss, are not catastrophic and can be salvaged, but as we’ve explained, effects can cascade into an avalanche that is hard to stop.
By taking prudent measures to identify, assess and manage risks to strategy and operations, a company can not only avoid calamities, but take advantage of new opportunities and enhance company value in the process.
Have you experienced negative impacts from putting risk management on the back burner? How did your organization address these issues?
I invite you to share your stories or questions in the comment field below; or join the conversation on LinkedIn.
And I want to encourage organizations of all sizes to not think risk management is something to put at the bottom of the stack until something bad happens. Not doing what you can to anticipate future events AND identify opportunities can hinder your organization’s potential.
Continue browsing or subscribe to my blog to learn more about my approach to ERM, download my risk identification eBook, or visit my consulting website (Strategic Decision Solutions) to learn more about how I help organizations overcome challenges and ensure long-term success.