8 Possible Consequences of Not Being Proactive in Risk Management

You don’t need to be a rocket scientist or have a crystal ball to know how chaotic today’s world is. Whether due to rising costs, supply disruptions, or some other industry-specific issue, companies across-the-board and around the world are experiencing unprecedented challenges, where the response/reaction will determine their course for the next decade or more.

If there ever was a time for companies to be more proactive rather than reactive, it is now.

Without a sense of urgency, many companies lumber along reacting from one crisis to the next. Many do not develop strategic goals of any kind, and if they do, they fail to consider upstream dependencies and downstream consequences.

As I’ve grown in my career as both a practitioner and consultant, this reality has become even more apparent since the original version of this article.

Taking a reactive approach to risk management or otherwise pushing it to the back burner can result in a range of consequences outlined below.

But before getting into the bad stuff, let’s explore a fundamental concept using the common cold as an analogy.

When you are sick with a cold, you could experience a sore throat, mild fever, runny nose, coughing, fatigue, etc. The virus is the underlying root cause of the problem, while the sore throat, fever, and coughing are the symptoms.

Translating this to your company, the consequences we’ll discuss shortly are the symptoms while the following examples could be the root cause that leads to the symptoms or consequences. The following may seem mundane but leaving them unresolved  leads to  devastating results.

  • Poor communication from leadership – without clear and consistent communication between executives, managers, and employees, rumors will begin circulating, leading to even bigger headaches such as negative workplace culture. According to a survey, risk professionals consider tone at the top to be one of ERM’s biggest hurdles.
  • Constantly shifting priorities – without clear goal(s) that remain steady, the company will struggle to focus on execution and completion, leading to a lot of half-finished projects.
  • No clear roles and responsibilities – without knowing who is responsible for what, when, where, and how, the company will not be able to keep the right person(s) on track with goals with accountability (including executives) should a particular goal fall short.

You may notice these do not mention “risk,” certainly not in the way we conceive of the word.

Many companies will establish formal “risk” management programs at the prompting of regulators, and even though it takes an enterprise view, these programs are very “risk” list oriented focused on minimizing risks and preventing failure.

Proactive risk management, on the other hand, is not about checking a box but rather something you build into how you conduct business day-to-day…or as Norman Marks explains in his book Risk Management in Plain English: A Guide for Executives:

Risk management is just really good management.

This is important because the following consequences manifest themselves through shortcomings either in:

 

a formal risk management program established at the behest of regulators

 

 

general business management practices like those listed above

 

(Each of the following consequences include an icon to denote which circumstance applies.)

With that cleared up, below are eight (8) of the most common consequences (with examples) that companies experience when they are not proactive in managing both threats and opportunities.

 

  1. Fines and other regulatory or legal action

Earlier this year, the Office of the Comptroller of the Currency with the U.S. Treasury Department issued a $60 million fine (ouch!) against USAA Bank for not complying with the agency’s Bank Secrecy Act regulations. Failing to implement an adequate “risk” program in this context, USAA was unable to submit suspicious activity reports in a timely fashion. In addition to the fine, USAA was issued a cease-and-desist order requiring it to take dramatic corrective actions.

Without robust risk and business management practices, companies will fail to spot weaknesses beforehand and quickly take steps to address them and avoid drawing the negative attention of regulators.

  1. Elevated employee turnover

It’s expected that a certain number of employees will leave an organization each year for different personal or professional reasons, but if there’s a toxic culture with little to no communication and inadequate foundational business processes, it’s likely a company will experience a higher than average percentage of employees seeking opportunities elsewhere.

As I discuss in a previous article on the changing nature of work, more and more employees (especially Millennial and Gen Z workers) are growing skeptical of the traditional career itself. One jobs survey from Bankrate showed that 55% of respondents claim they plan to look for a new job in the next year while data from the U.S. Bureau of Labor Statistics shows a higher number of workers leaving their jobs voluntarily – pre-COVID, this number stood at around 2.1 million per month but now this number averages around 3 million per month.

Without managing risks around retention and culture, your company could experience an even higher number of voluntary quits or increased rate of employee turnover, therefore leading to additional consequences, including some listed below.

  1. Customer Dissatisfaction

Founder of Walmart Sam Walton is quoted as saying:

There is only one boss – the customer. And he can fire everybody in the company from the chairman on down, simply by spending his money somewhere else.

It should be obvious that customers (or donors in the case of a nonprofit) are the heartbeat of any organization. Therefore, if customers become dissatisfied for any reason, they may respond by moving their business elsewhere.

For example, if you have a call center and people have to wait on hold for 20 or 30 minutes (heck, even 5 minutes nowadays!) before speaking with a real person, some will certainly take the opportunity to complain – very loudly – about it. And with the supply chain disruptions of the last couple of years, many customers will not wait for things to come back but rather find another source or alternative to meet their needs.

The main takeaway is do not let issues like this fester or go unaddressed. If they do, your company could lead itself into bigger problems like…

  1. Negative or damaged reputation

While this may seem similar to customer dissatisfaction, a company’s reputation among customers, employees (both current and future), and the general public is much more significant.  A dissatisfied customer could come back, especially if the company does an excellent job of making up for their mistake.

But with the 24-hour news cycle and social media, a company can see both its reputation and market value crater in the blink of an eye. One knee-jerk reaction to a situation or some other issue could take years to overcome. Unfortunately, a company’s stellar reputation is often taken for granted.

A 2020 survey from Weber-Shandwick indicates that, on average, executives attribute 63% of a company’s value to its reputation. In the 1980s, the impact of ALL intangible assets accounted for less than one-third of a company’s value, so it is clear how important it is for a company to closely guard its reputation.

Just one scandal like Uber’s sexual harassment fiasco a few years ago or scathing social media posts from customers and employees can lead to drastic losses in both a company’s stock price and its customer-base. If severe enough and left unchecked, these issues could lead to the complete demise of the company.

  1. Missed Opportunities

If you’ve visited this blog for any length of time, you should know that ERM or “risk” management is not only about identifying and addressing risks in the negative sense. While this will always remain a core activity, proactive risk management is also about identifying, assessing, and pursuing opportunities to achieving strategic goals.

However, when risk management’s sole focus is on reacting from one crisis to the next, it is likely the company (i.e., its executives) will not know when opportunities will arise to meet goals faster or be an industry gamechanger.

One example involves car dealerships who seem to have much more new inventory than others. With the constant supply chain issues, dealerships have had to morph to stay alive. These manufacturers spotted opportunities to diversify their supply chain and rethink how they operate.

With the world changing at the pace it currently is, companies have to be diligent in identifying opportunities, or else they will pass them by. As Hans Læssøe explains in his book Prepare to Dare, proactive risk management is about “taking on huge, but managed risks to raise the bar” and “looking for opportunities to expand into new industries.”

  1. Product or project failure

Companies who go rushing headlong into a project or some sort of new product development without any sort of proactive risk identification and assessment often find these efforts end up in failure.

One example where this is especially common is with major systems upgrades or implementations.

Let’s say a company’s IT department is working on a new purchasing system, but they don’t consult with the users of this system. I know this sounds crazy, but it happens more than you think. Dozens if not hundreds of man hours will be poured into sourcing and deploying this system. Upon release though, the end users find that it is cumbersome to use. After much complaining, the new system is scrapped due to a lack of buy-in and its difficulty to use.

Another example can include the infamous Texas winter blackouts in 2021. The state’s grid operator had known about the many vulnerabilities in the event of a major snow and ice storm, but nothing was done proactively. So when the state experienced its coldest weather in decades, there was no choice but to take the reactive approach of implementing rolling blackouts. This “product failure” led to an estimated $18 billion in insured losses and a death toll of close to 100 people.

  1. Decreased market share, profit, and financial loss

Regardless of the source – fines from regulators, lost revenue from loss of customers, increased cost due to higher employee turnover, or lower stock values from a damaged reputation – each of these above consequences could technically result in some type of financial loss for the company. However, this consequence of poor, reactive risk management deserves its own section.

One area where this relationship between risk management approach and financial condition has become increasingly more evident in recent years is the area of credit ratings. Agencies like Moody’s, Standard & Poor’s,Demotech, and Kroll are increasingly looking at how robust a company’s risk processes are. If an agency determines the company doesn’t have adequate governance, risk, and business processes in place, they could respond by lowering the company’s credit rating and therefore make it harder and more expensive to acquire business or financing, among other consequences.

Also, supply chain disruptions of recent years can also be damaging to a company’s bottom line. By not being proactive in securing materials from diverse sources, the company is forced to either have customer goods on backorder or pay an exorbitant amount of money to obtain the goods it needs to serve its customers. A couple of additional examples from several years ago can be found here and here.

  1. Business failure

Saving the worst for last – a company without robust business processes and proactive risk management could end up failing altogether. You may have noticed how each of preceding consequences or symptoms built on each other.

A disgruntled customer is one thing, but if it’s not addressed, it can cascade into a damaged reputation, which then eventually cascades into financial loss. If this continues, the company could end up being displaced by a more agile competitor or otherwise forced to close its doors.

I could cite numerous examples, especially in the retail space – when’s the last time you been in a Sears or Borders bookstore?

For an example though, I want to turn to the industry I primarily work with – insurance companies. After multiple years of steep losses in the Florida property insurance market, three companies have gone insolvent this year alone. While outside parties or influences like subpar contractors or overzealous litigation attorneys have played a large role in the escalating claim volume and substantial net losses every quarter, the ultimate reason a number of companies continue to struggle (with some shutting down operations) is because of their failure to proactively manage these third-party interactions and the financial implications.

In conclusion, the typical course of action for companies experiencing consequences – or symptoms – like these is to apply some sort of band-aid fix like a new software system or some fancy process. But as we explain above, by not addressing the underlying issues that causes these symptoms, they will just re-appear more severely in other areas.

Taking cold medicine can help your runny nose or headache, but until your body fights off the virus causing these symptoms, the underlying illness will remain and rear its ugly head again.

Has your company experienced consequences like these or others due to reactive decision-making and risk management?

I’m interested in hearing your thoughts on how your company has overcome any of these challenges, so please leave a comment below or join the conversation on LinkedIn.

If you prefer to relay your thoughts privately, you may email comments@strategicdecisionsolutions.com.

Last but not least, if your company is experiencing these type of symptoms but you don’t know how to fight the virus, please don’t hesitate to contact me or schedule a meeting today to discuss your specific situation.

Sign Up For Our Newsletter

Sign Up For Our Newsletter

SDS-Logo
about-sidebar-v2

Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More