Business Risks…They’re Not Business Risks Until We Say They‘re Business Risks! writes Michael D. Moberly of Knowledge Protection Strategies in St. Louis.
There’s a concern I have today about the way some companies are perceiving and assessing their risks, particularly over the past few months, ala the West Virginia coal mine, the Japanese automobile manufacturer, and the off-shore oil drilling platform operated by BP.
Today, a company’s vulnerability to certain risks, the probability a particular risk will actually materialize, and, if it does, its criticality, and what a company should do to mitigate the risk is coming to resemble a perspective that ‘a business risk does not really become a business risk unless or until the company’s management team and board says it’s a business risk’.
In deference though to management teams and boards, the ever expanding range, asymmetric nature, and rapidly cascading – compounding effects of many types of business risks, collectively add to the complexity, costs, and research necessary to design hopefully effective and readily executable (risk) mitigation plans.
Somewhat ironically, in much of the management (academic) literature and particularly pop culture portrayals, the attributes (qualifications, requisites) often associated with business management-leadership success, is being a risk taker. Little attention however, is paid to those business managers-leaders whose dismissive attitude toward risk or inattention to internal risk assessments drives bad – incorrect (business) decisions, i.e., bankruptcy, business failure or closure. I couldn’t begin to count the number of business seminars and presentations I have attended in which a guest speaker or panelists’ bio references the number of start-ups and/or companies he or she has founded or been associated, with no mention of those company’s current status. In court, such information goes to one’s credibility, not unlike what I would like to see in a business seminar.
In some circles, such adverse business experiences are portrayed as ‘character builders’ and/or a natural progression of ’bumps’ along the road to eventual business success. But, when a management team and/or board’s miscalculation about or dismissive attitude toward business risks manifests itself into a business failure or catastrophic event, for me, ‘character building’ are not the first words that come to mind.
It seems that some companies have succumbed to the view, when assessing management and leadership attributes, being a practical and balanced risk manager and overseer is subordinate to having a track record of risk taking that lead to profitability.
But, when a significant business risk materializes, we continue to hear, as we have recently, re-occurring themes woven into the affected company’s reactions and responses, e.g., this is unprecedented, it’s never happened before, there was no way of predicting this type of event on this scale, none of our models predicted multiple and simultaneous system failures, or, this system has functioned perfectly in all other locations, or, perhaps best of all, its a floor mat problem!
Again, in deference to the member of the c-suite who becomes the public face to the event or is called to testify before a Congressional Committee, those themes are often woven by legal counsel and/or public relations units whose charge is clear.
There are distinctions, I believe, between the types of highly individualistic risk taking that personify the entrepreneur and small business community where personal money and professional reputations are at stake vs. the dismissive attitudes and seeming de-prioritization of business risks that have been thrust in our face in recent months and weeks by multi-national corporations when their miscues laid the groundwork for catastrophic failures to occur. And equally frustrating, is risk mitigation and remediation and recovery techniques have not kept pace and certainly do not reflect the increasing complexity and criticality of the risks being undertaken.
I am not suggesting ’risk taking’ should be eliminated from our managerial lexicon. Nor, am I defining a ‘risk taker’ as one who throws caution to the wind and elects to plow ahead anyway and disregards known and foreseeable hazards and risks associated with a new project or business transaction with a ’I can beat the odds’ attitude that certain risks-threats will not materialize. Recent events have shed light on ‘beating the odds is seldom a sure bet’.
In today’s extraordinarily competitive and predatorial global business environment, with the ever increasing array of risks and hazards attached to most every transaction or project ‘risk prudence and objective risk assessment’ may become the new (business) watchwords along with a revival of the original (founding) principles of risk management.
But, the lingering question is, why will it be necessary, aside from the obvious political reasons, to impose additional layers of regulatory agency oversight, un-circumventable and un-delayable mandates and punitive measures on companies to ensure they revisit ‘risk management 101’?
For management team and boards, returning to the conventional principles of risk management may mean paying closer attention to risk assessment teams and resisting, or at least temporarily forgoing, certain projects or activities unless and until viable contingency, risk mitigation, and remediation strategies are in place relative to a range of risks, and sometimes regardless of whether risk occurrence probability is fixed at 10% or 90%!
Unfortunately though, an attitude of minimum risk mitigation has, in some companies, become institutionalized. Thus, getting business risks defined – accepted as such by a management team or board, may not be achieved by levying fines or more aggressive regulatory oversight. Realistically, getting business risks defined – accepted as such within certain companies is more likely to be uniquely dependant on one or all of the following, i.e.,
1. The ability of the risk advocate to identify an influential decision maker within the company to literally and doggedly champion the risk.
2. Making an overwhelmingly persuasive ‘business case’ why the company should devote resources to addressing-mitigating the risk.
3. Having a sufficient number of relevant examples for decision makers to consider when assessing the company‘s (a.) vulnerability to a particular risk, (b.) the probability (not guesstimate or mere prognostication) that a particular business risk will materialize, (c.) its criticality (losses, damages) to the company, particularly to intangible assets, i.e., reputation, image, goodwill, revenue, and shareholder value, supply chain, external relationships, etc., and (d.) what variables will influence the materialization of the risk.
In today‘s extraordinarily competitive, aggressive, predatorial, and winner-take-all global business environment, risk taking by management teams and boards, particularly that which has proven successful or profitable in the past (or, simply lucky, its hard sometimes to distinguish which) often adds a sense of bravado and ‘celebrity apprentice’ context that is fostered at it was reported to have occurred inside that former Houston-based energy company.
Should there be any question about where this is heading, one need only look the growing list of shareholder groups that are poised to bring legal action against management teams and boards when there’s evidence of calamitous misjudgments that prompted company de-valuation.
To be sure, risk taking success stories do occur, and for those risk takers who are fortunate enough to realize success, to them, I say good luck and I genuinely hope their run continues. I do ask though, that they be good stewards, managers, and overseers of their company’s risk!
