8 Possible Consequences of Not Being Proactive in Risk Management

Rather than discuss the benefits of risk management in this article, I want to take some time to explain what can possibly happen if you do not proactively identify, assess and manage risks in your organization.

As I explain elsewhere, risks in the ERM context is more than just potential hazards – it includes any threat OR OPPORTUNITY to achieving business objectives.

So let’s cut right to the chase – below are 8 possible consequences of putting risk management on the back burner. Each consequence is ranked from lowest impact to highest on the organization.

proactive risk management

 

It is important to note that many of these are not necessarily catastrophic when taken alone, but as you will see, they can cascade on one another and lead to disastrous consequences for an organization.

1.    Fines – Not having a formal risk management process in place puts your organization at risk of fines or sanctions from federal, state and even industry-specific regulatory bodies. One of the most significant regulations pertaining to risk management comes from the U.S. Securities and Exchange Commission (SEC) and its proxy disclosure enhancements. Adopted in 2013, this rule lowered the burden of proof on risk management inadequacy from fraud to simply negligence. In other words, boards and senior management of companies subject to SEC regulations can no longer claim they had no knowledge about a risk.

On an operational level, companies who do not evaluate risks associated with innovations or general operations will fail to spot hazards and take steps to avoid them. One huge example of this is the disastrous Deepwater Horizon oil spill in 2010. Not adequately understanding the risks associated with drilling in deep water led to BP setting up a $20 billion compensation fund following the oil spill that affected over 2,500 square miles of the Gulf of Mexico.

2.    Employee Turnover – It is completely normal for a certain number of employees to leave an organization. This can occur for several reasons, both personally and professionally.

However, when there is a high rate of employee turnover, there are likely other factors in play. Perhaps certain employees feel like their growth potential is limited or the culture of the enterprise doesn’t recognize their contributions. Regardless, individuals in this situation are more likely to seek new opportunities.

A recent survey of over 600,000 users of Glassdoor found that compensation was one of the least important factors in workplace satisfaction, but was instead outranked by culture, values, leadership, and growth opportunities. Additional research by LinkedIn shows that 65% of American workers would take a job without a fancy title in order to work with a CEO they believe in.

Not understanding these specific factors for your organization – not identifying the risks associated with talent retention and properly managing those risks – could lead to a higher rate of employee turnover, which of course hinders your ability to meet goals and creates more expense for recruiting new talent.

3.    Customer Dissatisfaction – Customers (…or donors or volunteers in the context of a non-profit) are what keeps the lights on at any organization. If there is dissatisfaction for any reason, they will pick up and move their business to a competitor, and they are likely to be vocal about the situation on social media. Rebuilding that trust can take a long time depending on the situation.

A company that does not consider risks that can affect their customers are setting themselves up for trouble. Take Target’s infamous credit card breach as an example…

Just before Christmas in 2013, the retailer announced that as many as 40 million credit and debit cards were compromised during this breach. According to company statements, hackers were able to obtain customer names, credit/debit card numbers, expiration dates, and even those three-digit security codes (CVV) found on the back of the card.

The result of this fiasco was not only irate customers venting their frustration on social media and other outlets, but also an $18.5 million multistate settlement, the largest of its kind.

Had Target been proactive with identifying, assessing and managing risks to its payment systems and third-party vendors, the huge settlement and extreme customer dissatisfaction could have been avoided.

4.   Missed Opportunities – Not identifying threats and opportunities to achieving business objectives can also lead to missed opportunities. While this may not seem like a big deal on the surface, missing opportunities can lead to a loss of market share and eventual irrelevance.

Nowhere is this truer than Blackberry, which in the early 2000s, was at the cutting-edge of innovative products that integrated email and other features aimed at business users into a cell phone.

However, the company missed several cues that technology was evolving into touchscreens and even more robust devices and practices that are commonplace in today’s world. In the company’s heyday, corporations would issue Blackberry phones to their employees; today, it is more common for employees to integrate their personal devices with their work needs. Slowly but surely, touchscreen devices such as Android and Apple smartphones have overtaken the Blackberry.

As of late 2016, the company is no longer manufacturing smartphones and instead focusing on software and security. The result of not foreseeing these technology advances and consumer demands: Blackberry’s share of the smartphone market is now effectively 0%. In just under a decade, Blackberry’s market share fell from 25% to 0% – talk about a fall from grace!!

5.    Negative or Damaged Reputation – This consequence of ignoring risk management is similar to customer dissatisfaction, but its impact is more significant since it usually involves nefarious activities within an organization instead of a mere mishap.

Recent scandals at Wells Fargo serve as a great example…

In short, over 5,300 employees at the large financial services company were creating false accounts in order to meet sales quotas. According to a consent order from the Consumer Financial Protection Bureau, accounts were fraudulently created and then funded “…through simulated funding, or transferring funds from consumers’ existing accounts without their knowledge or consent.”

Many attribute this massive fraud to the company’s strict quotas and management’s aggressive tactics in pursuit of those goals. According to grievances filed by employees, the company would force them to work extra hours for no compensation or threaten termination if they didn’t meet the quota.

Recent news of another scandal involving the company’s auto loan practices is damaging Wells Fargo’s reputation even more.

By not investing time to build a risk aware culture, not having checks and balances, and not evaluating its goals, Wells Fargo is dealing with not only massive fines, employee turnover and customer dissatisfaction, but damage to their core reputation that will take years to undo.

6.   Product or project failure – It’s a story as old as business itself. A new business opens its doors or a company unveils a new product to much fanfare just to see it flame out in short order.

The Amazon Fire Phone is a prime example (yes, pun intended!). Known for their innovative products like the Kindle reader and tablet, many thought a smartphone from Amazon would be a hit. However, after just a few short months, consumers grew frustrated with its lack of apps, music, and other features in relation to other smartphones.

In this case, Amazon failed to consider risks to the success of its Fire phone. Did they conduct enough analysis of their target market? The company had much success with their tablets by appealing to certain price points, but the Fire phone had the same level of components as flagship systems like the iPhone, and was therefore just as expensive according to this report.

Scenario planning (…or scenario analysis) is one method Amazon could have used to identify risks to its objectives and make adjustments.

7.   Loss of profits, financial loss – Every one of the preceding 6 consequences leads to some sort of financial loss, be it in the form of fines, lost sales, or even lower share values.

We could draw any number of examples out of a hat, but I think the following two from our inaugural posts serve as good small scale ones:

  • Recent Southwest and Delta Outages Expose Huge Technology Risks – In the summer of 2016, thousands of flights were canceled due to computer glitches that reverberated throughout the companies’ entire operations. In these cases, both Southwest and Delta failed to identify and address not only technology risks, but vendor risks too. Response plans were lackluster at best, leaving many passengers stranded at the airport. Both companies experienced stinging financial loss over these incidents. Read more…
  • Risk Management Decisions Impact on People and Businesses in Hurricane Hermine Aftermath – Last September, my hometown of Tallahassee experienced a minor hurricane. Contrary to the Florida’s reputation about hurricanes, even a small Category One hurricane is a major weather event for our area where the panhandle joins the peninsula. While not a disaster in the true sense, Hermine did cause some pretty messy damage in our area. Big-box retailer Walmart learned this lesson the hard way since it did not have power generators to keep frozen and perishable foods cold. As you can see in the personal photo, the result was huge amounts lost inventory and revenues. Walmart wrongly assumed that since Tallahassee isn’t on the coast, it can’t get hit by a significant tropical event. Hopefully, they learned from this experience and will be better prepared for the next time. Read more…

proactive in risk management

8.   Business Failure – You can say business failure is the culmination of all of the other 7 consequences. Damaged reputation, product failures, and financial loss can all cascade and force companies into the worst position – having to close its doors.

The iconic Eastman-Kodak is a great example. In the pre-digital world, Kodak was known around the globe for high-quality, affordable photography. Their disposable cameras were a staple of many vacations.

However, the advent of digital cameras and now smartphones that take crystal-clear pictures spelled eventual doom for Eastman-Kodak’s photography business. As part of its Chapter 11 bankruptcy reorganization, Kodak sold its photographic film operations in 2012. By not using enterprise risk management to identify threats and opportunities to business objectives, Kodak went from a pioneering company and household name dating back to the late 1800s into bankruptcy within a couple of decades.

These examples provide a high-level overview of how ignoring risk management can affect an organization. Most cases, even financial loss, are not catastrophic and can be salvaged, but as we’ve explained, effects can cascade into an avalanche that is hard to stop.

By taking prudent measures to identify, assess and manage risks to strategy and operations, a company can not only avoid calamities, but take advantage of new opportunities and enhance company value in the process.

Have you experienced negative impacts from putting risk management on the back burner? How did your organization address these issues?

I invite you to share your stories or questions in the comment field below; or join the conversation on LinkedIn.

And I want to encourage organizations of all sizes to not think risk management is something to put at the bottom of the stack until something bad happens. Not doing what you can to anticipate future events AND identify opportunities can hinder your organization’s potential.

Continue browsing or subscribe to my blog to learn more about my approach to ERM, download my risk identification eBook, or visit my consulting website (Strategic Decision Solutions) to learn more about how I help organizations overcome challenges and ensure long-term success.

Sign Up For Our Newsletter

Sign Up For Our Newsletter

SDS-Logo
about-sidebar-v2

Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More