8 Possible Consequences of Not Being Proactive in Risk Management

You don’t need to be a rocket scientist or have a crystal ball to know how chaotic today’s world is. Whether due to rising costs, supply disruptions, or some other industry-specific issue, companies across-the-board and around the world are experiencing unprecedented challenges, where the response/reaction will determine their course for the next decade or more.

If there ever was a time for companies to be more proactive rather than reactive, it is now.

Without a sense of urgency, many companies lumber along reacting from one crisis to the next. Many do not develop strategic goals of any kind, and if they do, they fail to consider upstream dependencies and downstream consequences.

As I’ve grown in my career as both a practitioner and consultant, this reality has become even more apparent since the original version of this article.

Taking a reactive approach to risk management or otherwise pushing it to the back burner can result in a range of consequences outlined below.

But before getting into the bad stuff, let’s explore a fundamental concept using the common cold as an analogy.

When you are sick with a cold, you could experience a sore throat, mild fever, runny nose, coughing, fatigue, etc. The virus is the underlying root cause of the problem, while the sore throat, fever, and coughing are the symptoms.

Translating this to your company, the consequences we’ll discuss shortly are the symptoms while the following examples could be the root cause that leads to the symptoms or consequences. The following may seem mundane but leaving them unresolved  leads to  devastating results.

 

  • Poor communication from leadership – without clear and consistent communication between executives, managers, and employees, rumors will begin circulating, leading to even bigger headaches such as negative workplace culture. According to a survey, risk professionals consider tone at the top to be one of ERM’s biggest hurdles.

 

  • Constantly shifting priorities – without clear goal(s) that remain steady, the company will struggle to focus on execution and completion, leading to a lot of half-finished projects.

 

  • No clear roles and responsibilities – without knowing who is responsible for what, when, where, and how, the company will not be able to keep the right person(s) on track with goals with accountability (including executives) should a particular goal fall short.

You may notice these do not mention “risk,” certainly not in the way we conceive of the word.

Many companies will establish formal “risk” management programs at the prompting of regulators, and even though it takes an enterprise view, these programs are very “risk” list oriented focused on minimizing risks and preventing failure.

Proactive risk management, on the other hand, is not about checking a box but rather something you build into how you conduct business day-to-day…or as Norman Marks explains in his book Risk Management in Plain English: A Guide for Executives:

Risk management is just really good management.

This is important because the following consequences manifest themselves through shortcomings either in:

 

a formal risk management program established at the behest of regulators

 

 

general business management practices like those listed above

 

(Each of the following consequences include an icon to denote which circumstance applies.)

With that cleared up, below are eight (8) of the most common consequences (with examples) that companies experience when they are not proactive in managing both threats and opportunities.

 

  1. Fines and other regulatory or legal action

Earlier this year, the Office of the Comptroller of the Currency with the U.S. Treasury Department issued a $60 million fine (ouch!) against USAA Bank for not complying with the agency’s Bank Secrecy Act regulations. Failing to implement an adequate “risk” program in this context, USAA was unable to submit suspicious activity reports in a timely fashion. In addition to the fine, USAA was issued a cease-and-desist order requiring it to take dramatic corrective actions.

Without robust risk and business management practices, companies will fail to spot weaknesses beforehand and quickly take steps to address them and avoid drawing the negative attention of regulators.

  1. Elevated employee turnover

It’s expected that a certain number of employees will leave an organization each year for different personal or professional reasons, but if there’s a toxic culture with little to no communication and inadequate foundational business processes, it’s likely a company will experience a higher than average percentage of employees seeking opportunities elsewhere.

As I discuss in a previous article on the changing nature of work, more and more employees (especially Millennial and Gen Z workers) are growing skeptical of the traditional career itself. One jobs survey from Bankrate showed that 55% of respondents claim they plan to look for a new job in the next year while data from the U.S. Bureau of Labor Statistics shows a higher number of workers leaving their jobs voluntarily – pre-COVID, this number stood at around 2.1 million per month but now this number averages around 3 million per month.

Without managing risks around retention and culture, your company could experience an even higher number of voluntary quits or increased rate of employee turnover, therefore leading to additional consequences, including some listed below.

  1. Customer Dissatisfaction

Founder of Walmart Sam Walton is quoted as saying:

There is only one boss – the customer. And he can fire everybody in the company from the chairman on down, simply by spending his money somewhere else.

It should be obvious that customers (or donors in the case of a nonprofit) are the heartbeat of any organization. Therefore, if customers become dissatisfied for any reason, they may respond by moving their business elsewhere.

For example, if you have a call center and people have to wait on hold for 20 or 30 minutes (heck, even 5 minutes nowadays!) before speaking with a real person, some will certainly take the opportunity to complain – very loudly – about it. And with the supply chain disruptions of the last couple of years, many customers will not wait for things to come back but rather find another source or alternative to meet their needs.

The main takeaway is do not let issues like this fester or go unaddressed. If they do, your company could lead itself into bigger problems like…

  1. Negative or damaged reputation

While this may seem similar to customer dissatisfaction, a company’s reputation among customers, employees (both current and future), and the general public is much more significant.  A dissatisfied customer could come back, especially if the company does an excellent job of making up for their mistake.

But with the 24-hour news cycle and social media, a company can see both its reputation and market value crater in the blink of an eye. One knee-jerk reaction to a situation or some other issue could take years to overcome. Unfortunately, a company’s stellar reputation is often taken for granted.

A 2020 survey from Weber-Shandwick indicates that, on average, executives attribute 63% of a company’s value to its reputation. In the 1980s, the impact of ALL intangible assets accounted for less than one-third of a company’s value, so it is clear how important it is for a company to closely guard its reputation.

Just one scandal like Uber’s sexual harassment fiasco a few years ago or scathing social media posts from customers and employees can lead to drastic losses in both a company’s stock price and its customer-base. If severe enough and left unchecked, these issues could lead to the complete demise of the company.

  1. Missed Opportunities

If you’ve visited this blog for any length of time, you should know that ERM or “risk” management is not only about identifying and addressing risks in the negative sense. While this will always remain a core activity, proactive risk management is also about identifying, assessing, and pursuing opportunities to achieving strategic goals.

However, when risk management’s sole focus is on reacting from one crisis to the next, it is likely the company (i.e., its executives) will not know when opportunities will arise to meet goals faster or be an industry gamechanger.

One example involves car dealerships who seem to have much more new inventory than others. With the constant supply chain issues, dealerships have had to morph to stay alive. These manufacturers spotted opportunities to diversify their supply chain and rethink how they operate.

With the world changing at the pace it currently is, companies have to be diligent in identifying opportunities, or else they will pass them by. As Hans Læssøe explains in his book Prepare to Dare, proactive risk management is about “taking on huge, but managed risks to raise the bar” and “looking for opportunities to expand into new industries.”

  1. Product or project failure

Companies who go rushing headlong into a project or some sort of new product development without any sort of proactive risk identification and assessment often find these efforts end up in failure.

One example where this is especially common is with major systems upgrades or implementations.

Let’s say a company’s IT department is working on a new purchasing system, but they don’t consult with the users of this system. I know this sounds crazy, but it happens more than you think. Dozens if not hundreds of man hours will be poured into sourcing and deploying this system. Upon release though, the end users find that it is cumbersome to use. After much complaining, the new system is scrapped due to a lack of buy-in and its difficulty to use.

Another example can include the infamous Texas winter blackouts in 2021. The state’s grid operator had known about the many vulnerabilities in the event of a major snow and ice storm, but nothing was done proactively. So when the state experienced its coldest weather in decades, there was no choice but to take the reactive approach of implementing rolling blackouts. This “product failure” led to an estimated $18 billion in insured losses and a death toll of close to 100 people.

  1. Decreased market share, profit, and financial loss

Regardless of the source – fines from regulators, lost revenue from loss of customers, increased cost due to higher employee turnover, or lower stock values from a damaged reputation – each of these above consequences could technically result in some type of financial loss for the company. However, this consequence of poor, reactive risk management deserves its own section.

One area where this relationship between risk management approach and financial condition has become increasingly more evident in recent years is the area of credit ratings. Agencies like Moody’s, Standard & Poor’s,Demotech, and Kroll are increasingly looking at how robust a company’s risk processes are. If an agency determines the company doesn’t have adequate governance, risk, and business processes in place, they could respond by lowering the company’s credit rating and therefore make it harder and more expensive to acquire business or financing, among other consequences.

Also, supply chain disruptions of recent years can also be damaging to a company’s bottom line. By not being proactive in securing materials from diverse sources, the company is forced to either have customer goods on backorder or pay an exorbitant amount of money to obtain the goods it needs to serve its customers. A couple of additional examples from several years ago can be found here and here.

  1. Business failure

Saving the worst for last – a company without robust business processes and proactive risk management could end up failing altogether. You may have noticed how each of preceding consequences or symptoms built on each other.

A disgruntled customer is one thing, but if it’s not addressed, it can cascade into a damaged reputation, which then eventually cascades into financial loss. If this continues, the company could end up being displaced by a more agile competitor or otherwise forced to close its doors.

I could cite numerous examples, especially in the retail space – when’s the last time you been in a Sears or Borders bookstore?

For an example though, I want to turn to the industry I primarily work with – insurance companies. After multiple years of steep losses in the Florida property insurance market, three companies have gone insolvent this year alone. While outside parties or influences like subpar contractors or overzealous litigation attorneys have played a large role in the escalating claim volume and substantial net losses every quarter, the ultimate reason a number of companies continue to struggle (with some shutting down operations) is because of their failure to proactively manage these third-party interactions and the financial implications.

In conclusion, the typical course of action for companies experiencing consequences – or symptoms – like these is to apply some sort of band-aid fix like a new software system or some fancy process. But as we explain above, by not addressing the underlying issues that causes these symptoms, they will just re-appear more severely in other areas.

Taking cold medicine can help your runny nose or headache, but until your body fights off the virus causing these symptoms, the underlying illness will remain and rear its ugly head again.

Has your company experienced consequences like these or others due to reactive decision-making and risk management?

I’m interested in hearing your thoughts on how your company has overcome any of these challenges, so please leave a comment below or join the conversation on LinkedIn.

If you prefer to relay your thoughts privately, you may email comments@strategicdecisionsolutions.com.

Last but not least, if your company is experiencing these type of symptoms but you don’t know how to fight the virus, please don’t hesitate to contact me or schedule a meeting today to discuss your specific situation.

Posted in

10 Comments

  1. Hans Læssøe on November 20, 2017 at 10:52 am

    Many of these consequences can be ascribed to bad decision making … i.e. decision making with no attention to risks and opportunities as the mind-set may be “we will have someone take care of that subsequently”

    • Norman Marks on June 18, 2018 at 3:55 pm

      I agree, Hans. Since risk management should be about enabling informed and intelligent decision-making, then the consequences of not being proactive in risk management can include ill-informed decisions.

      Poor decisions lead to all kinds of poor performance, going well beyond the list above.

      • Carol Williams on June 18, 2018 at 3:58 pm

        Hans and Norman, I agree with both of you! Bad decision-making has a huge span of potential impacts. Sometimes, it helps people to see the types of bad consequences, which is the reason for this list.

        Thanks for commenting!

  2. Greg Suddards on June 10, 2018 at 6:41 am

    It is good to see someone recognise reputation damages for what it is – ie a consequence of a risk event and not a risk itself. I would argue, though that Customer Dissatisfaction is an element of Reputation Damage.
    Is Business Failure not an extreme form of Financial Loss? And perhaps it should be emphasised that Financial Loss includes the cost of repairing or replacing physical assets.
    Would it not be preferable to recategorise Employee Turnover as Cost of Replacing Employees?
    Finally, do you not think that Product or Project Failure is a risk rather than a consequence of a risk. (it falls within the Basel category of Customers, Products and Business Practices).

    • Carol Williams on June 18, 2018 at 4:10 pm

      Hi, Greg. Thanks for commenting. You asked some questions.

      Yes, damage to a reputation is its own consequence. When it comes to the other areas you ask about, it really comes down to the fact that the consequences build upon each other. It starts small at fines and then can gradually build up to missed opportunities, up to financial loss, and finally business failure. So yes, business failure is an extreme form of financial loss, but it is the culmination of more than one consequence. The cost of repairing or replacing physical assets is a standard part of doing business, so I would not categorize that as a component of a risk.

      Employee turnover is a consequence because of organizational culture. Then you have to see the downstream impacts of having high levels of employee turnover.

      Product or project failure can be a risk by itself, but it can also be a consequence of not handling the project or product correctly.

      Ultimately, it comes down to bad decision-making and the potential consequences because management decided to see if something bad would happen instead of trying to get in front of it. Thanks again!

  3. Greg Agbetoglo on January 13, 2020 at 4:22 pm

    Catastrophic Losses
    The failure to adequately evaluate, prevent and minimize damage from business risks can ruin your company entirely.

    You could lose market share because you failed to predict the risks of changing conditions.

    You could lose enormous investment dollars if you fail to anticipate the risks of expanding your company.

    You could suffer irreparable damage to your company’s reputation by failing to prepare to manage difficulties.

    Business risk management has serious financial implications. You can have much to gain from protecting your company… and potentially everything to lose by not.

    • Carol Williams on February 25, 2020 at 4:25 pm

      Absolutely Greg, thank you! To add to your comment about reputation – it’s becoming an increasingly significant component of a company’s overall value. But as I’ve learned since this article was written over 2 years ago through my own experience and thought leaders’ perspective, good risk management focuses on helping a company succeed, not just avoid failure. A company who only focuses on the negative is putting itself at risk of disruption. Perhaps this article needs an update 🙂

  4. […] second half of this quote provides a glimpse of the consequences of ignoring these risk recommendations, some of which […]

  5. Tshabalala Phofa on March 15, 2022 at 4:35 am

    Poor decision-making is often influenced by lack of relevant knowledge & skill; incapacity in terms of resources (some risk owners often refer to the influence of austerity measures on their decisions); deliberate poor decisions in order to achieve personal objectives. Failure to take correct risk management leads to poor planning to manage consequences.

  6. […] No-Risk Management […]

Leave a Comment