The Risk of Risk blindness

The pandemic has exposed the failure of many boards to effectively understand and predict risk. A large number have been blind to the impact of risk on their organisation. As a result, many organisations have suffered losses or have had serious problems and are in danger of failing, or have even gone under.

All businesses need to be aware of and properly plan for risk. However, they need to understand that effective risk management is not only about avoiding losses, but in enabling value creation through improved business planning, organisational efficiency and enhanced social licence. Effective risk planning can provide a new opportunity, a competitive advantage, to drive long term business success. It’s up to boards to be at the forefront of identifying, planning and reacting to risk. After all, they are charged to generate the best return from the capital of the company which demands forward thinking and the ability to anticipate “the effect of uncertainty on outcomes”.

Why boards fail when planning for risk

Most boards understand the mathematical factors of risk – the impact and probability of adverse outcomes. Unfortunately, too many are poorly prepared and blind to risk due to human factors.

There are six factors that contribute to risk blindness:

Recency

There’s a tendency for directors to put a greater weight on recent events than on the probability of risk. The classic example is in the aftermath of an aircraft accident we may check our airline reservation. Flying is statistically the safest way to travel, but it’s easy to overly focus on airline safety after news of an aircraft crash.

Visibility

As humans we disproportionately focus on visible risks. For example, we focus on physical health and safety regulations, but are blind to the less visible but potentially more harmful impact of psychological harm in our workplaces.

Assumptions

Too many boards make assumptions about risk. For example, play down the impact of a potential future pandemic on their business by assuming that the pandemic will be simply influenza, most likely a mild Swine flu, and not a more damaging SARS like illness.

Excess or lack of confidence

Some boards have overconfidence, a culture of hubris, which can mean they ignore or don’t plan adequately for different risk factors. Conversely, some boards have underconfidence which can lead to overestimating the impact of certain risks.

Skills

We don’t know what we don’t know and boards that don’t have the appropriate skills to understand the risks relevant to the operation of their business can be blissfully blind to those that their company is taking on.

Culture

The culture, “what we do when no one is looking” can be a fundamental enabler or have a negative impact on a business. A culture of candour, where bad news comes to the board faster than good news, and where there is a willingness to learn from risk failures and mistakes will better equip the board to avoid risk blindness. It’s poor culture that does not encourage candour, which can lead to the board failing to discuss the risks and be risk blind.  

Risk Management and how to effectively prepare for risk

It is timely to properly prepare for risk. After all, it’s good governance that’s critical to the long-term success of any business. Organisations must have a strong board with the foresight to assess risk as part of their strategy and business planning. They need to have a culture of openness, one that enables them to challenge assumptions around risk. Also, the board must expect the unexpected, and be able to adapt speedily and move quickly in a fast-changing environment, because all risk is dynamic. Crucially, they must have a willingness to learn from their risk failures and mistakes.

risk-management

When planning for risk boards need to start by looking at the normal risks around the operation of their business: the cash flow, workspace, health and safety, contracts with staff and suppliers, for instance. One aspect of operational risk they often fail to consider is systemic risk – an event that could cause a major collapse in the broader economy. A good example is the shortage of shipping containers which caused huge delays to products being distributed around the world due to the Chinese New Year coinciding with the outbreak of COVID in China in 2020. More recently it was the Evergreen container ship being stuck in the Suez Canal, which caused considerable disruption to the global supply chain. Then there’s simply the operational risk of a poor strategic business decision making – something that can lead to the failure of many a business. A good example here is the airline Norwegian which was wrong to attempt to compete with the incumbent airlines on the transatlantic routes. It’s strategy appealed to neither the bucket and spade brigade or business travellers, when it would have been better to focus on one or the other. Now it’s trying to stave off bankruptcy. 

For risk planning purposes cybersecurity is a huge issue, one that’s growing more important by the day. For instance, state actors and criminals are using increasingly clever phishing emails to trick the recipient into opening them, which can then cause huge damage to an organisation. To be cybersecure boards need to know what are their ‘crown jewels’ that they need to protect from being stolen or damaged. In a software business this might be code, in healthcare the patient records. Organisations need to ask how these are protected and when was the last time someone checked the protection was still valid as threats evolve. Also, is there awareness of the reporting obligation in light of a break in, and appropriate insurance cover?

The type of business model you have impacts on the risk to your business and whether you end up as a winner, loser or a dodo. It’s those who have undertaken a digital transformation of their business who have a much-improved risk profile, and therefore the potential to experience less impact from exposure to risk. Also, those that are flexible and can quickly pivot their business model when exposed to risk, for example a fine dining restaurant providing takeaways and meal kits customers can cook at home during the pandemic, have fared much better than those who haven’t.

The pandemic has highlighted that boards need to take risk seriously and not be blind to it. They must have the foresight to plan for risk objectively, have a culture of openness, challenge assumptions around risk and be able to adapt fast. This will ensure boards are well positioned to identify and turn any future risk to their commercial advantage, and secure the long-term survival of their organisation.

For help and advice on strategic planning and future proofing, including risk, please get in touch with us. Our professional and experienced team will be happy to have a confidential conversation on how we can help your business be fit for the future.

John is the Managing Partner of Integrity Governance. He specialises in working with businesses at a point of inflection, and boards and businesses under pressure due to change.

-Managing Partner of Integrity Governance

-Specialises in point of corporate inflection, and changes to corporate structure

-Previously: chief executive, chairman and director in numerous global companies

-International facilitator for the Australian Institute of Company Directors

Prior to establishing Integrity Governance over 17 years ago, John worked across a range of industries and held chief executive, chairman and director roles in a number of companies around the world. John’s extensive experience means he’s equipped to help you navigate growth, new markets, mergers, acquisitions and crises; and the pressures of new ownership, generational, economic or legislative forces .

John is a core international facilitator for the Australian Institute of Company Directors, and is an in-demand speaker and thought leader on board effectiveness, practical governance and business disruption. He’s a Fellow of the Australian Institute of Company Directors, the Institute of Directors (UK), Financial Services Institute of Australia, a Board Leadership Fellow of the National Association of Corporate Directors (USA) and a member of the Chartered Institute of Public Relations.