3 Ways Over-Managing Risks Exposes your Company to Danger

Outside of a few exceptions, most meat eaters appreciate the fact that overcooked steak, hamburger, and even chicken makes the meat too dry and tough to eat.

Chefs confirm that over-doing or cooking a steak to well-done ruins the taste. In an interview at his signature restaurant in London, legendary British chef Gordon Ramsay had this to say about well-done steak:

Whatever quality of beef it is, it’s gone past any form of taste when you’ve cooked it well-done. I don’t eat steak well-done; that’s your prerogative as a customer. But unfortunately, you’re never going to identify the quality of a beef when the steak is well-cooked.

I completely agree…when it comes to steak especially, the thought of eating dried out, tasteless, over-done steak is not appealing in the least.

And just as overcooking a steak can ruin it, so too can over-managing risks ruin a company.

As we’ve discussed before, there are several consequences to taking a passive or reactive approach to risk management, up to and including bankruptcy or acquisition by a competitor. Well, the reverse – being “too proactive” and 150% focused on managing risks – is also true and can lead to the same outcome.

As this flagship article on potential risk response strategies illustrates, there technically is no such option as “managing” a risk. Instead, managing a risk really means to mitigate, avoid, transfer, and as the article explains, even pursue or take risks.

While there is an endless number of scenarios where this can happen, over-managing risks typically boils down to one of the following three reasons. These all stem from a mindset that risk management is solely about preventing failure, which ironically, is what can ultimately happen.

  1. Everyone is focused on getting every risk “green”.

Color-coding risk with red, yellow, green is a way many companies document risks. What happens in this type of situation is executives will say everything needs to be in the green, whether the green area of the heatmap or the green shading of the risk level indicator. Anything in the yellow and especially in the red is unacceptable.

It’s possible to get a large number of risks to green for a company, but a huge amount of resources in the form of money, people, time, equipment, software, and processes would have to be expended to do so.

Choices have to be made – does the company want to spend to reduce risk(s) to a green or help ensure goals are met? What is the best use of those finite resources?

This singular focus or borderline obsession with getting any and all risks to a green is why I strongly discourage companies from using the infamous RAG color-coding. I sometimes suggest alternative symbols to make things a little more interesting, but that is a topic for another day.

  1. Management and/or the Board is extremely risk averse

Over-managing risks can also mean being overly cautious. As we’ve discussed many times before, a company cannot expect to be successful without taking some risks.

Simply seeing risks as something to reduce or eliminate at all costs can be more devastating than doing nothing at all (which, by the way, is okay in some circumstances).

Companies falling into this bucket will often spend time putting process after process in place without considering whether they need it or not. Doing this doesn’t require the red/yellow/green system mentioned earlier, but having it can exacerbate or enable risk averse behavior.

Also, adding an endless array of processes can also lead to the company becoming overly bureaucratic, which in the long term, can lead to staff turnover and difficulty in recruiting once people start complaining about it (negative impact to the company’s reputation).

Besides processes, risk averse companies will opt to stay in their comfort zone. Avoiding risks in this sense means an unwillingness to expand into new markets, develop new products or services; basically, they don’t try anything new. This can lead to bankruptcy or acquisition, especially in our current environment of rapid change.

  1. Transferring too much risk to other companies

Insurance is a common method companies use to transfer the cost of risk off its books. There isn’t necessarily anything wrong with this, but when used to excess, it can whittle away at the company’s earnings and cash reserves.

For most companies, this can mean having low deductibles or retention on corporate insurance policies. If a covered peril or event occurs, the company will not have to pay very much out-of-pocket before the coverage takes over.

However, the lower the deductible per event, the higher the premiums will be. Many companies choose this route though to avoid the uncertainty around paying a high deductible.

But believe it or not, this issue can be prevalent with insurance companies (insurers, not agents).

Any insurer is going to have to purchase reinsurance, especially for catastrophes or to cap losses. While this is standard operating procedure, some insurers overdo it.

One example where this commonly happens is with a type of reinsurance called quota share.

In this arrangement, an insurer will transfer a (sometimes rather significant) portion of its book of business, which means both a percentage of the premiums and incurred losses are transferred to the reinsurance company(-ies). Many insurers get addicted to doing this because it reduces their losses, boosts their risk-based capital, and makes them look like a healthier company on paper. This set-up can be hard to stop or unwind once a company has gotten used to it.

However, the problem with transferring 50, 60, or even 70% of the book of business means the premiums the company is collecting from its policyholders go with it, regardless of whether the policies had no claims or a high volume of claims.

Compounding this problem are the fees reinsurance companies charge to provide the coverage. Over time, these fees dig into the capital reserves, especially as they increase over time based on loss history.

It’s certainly tempting to try and reduce a company’s risk exposures by as much as absolutely possible. But as I’ve seen dozens of times, doing so can end up creating hazards the company may never recover from.

Issues like these illustrate the importance of tools like risk appetite and tolerance. Without any sort of guideposts like this, it will be really easy to overmanage risks.

Just like ignoring risks altogether, being too focused on mitigating or otherwise reducing them is a classic case of the cure being worse than the disease. And as this article on the dangers of following ERM best practices describes, this approach clings to certainty, which in today’s world especially, can lead to calamity.

Has your company found itself “over-managing” risks? What impact is this having on the bottom line and long-term prospects?

This issue is something I’ve encountered many times, but my experience is by no means exhaustive. To share your perspective, leave a comment below.

And if your company is struggling because of over-managing risks and is looking for tools to better ensure you’re focusing on the right risks in the right amount, please don’t hesitate to reach out to me to discuss your current state and vision of where you would like see things to go.

Featured image courtesy of Rachel Claire via Pexels.com

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights