Enterprises are facing unprecedented challenges due to the COVID-19 pandemic, disruptions in supply chains, and new environmental mandates. These factors have forced businesses to make significant changes to their business models and strategies at an accelerated pace. However, these changes have also introduced new risks that companies must address through effective risk management programs.
One common risk management failure is poor governance. Citibank, for example, mistakenly wired a $900 million loan payoff to Revlon’s lenders in 2020, resulting in a loss of funds. The problem was traced back to a software package with UI issues and inadequate controls, highlighting the importance of addressing systemic problems. Citibank was later fined $400 million by regulators for its failure to establish effective risk management programs and controls.
Toxic work culture is another risk management failure that can have negative consequences for businesses. Silicon Valley has been criticized for its toxic “bro culture” that alienates employees and customers. Facebook’s poor response to the Cambridge Analytica data scandal eroded trust in the company, while Wells Fargo’s executives turning a blind eye to predatory lending practices led to a $2 billion settlement and a federal fine. Fixing culture is a challenging task, but it is crucial for managing risks effectively.
An overemphasis on efficiency at the expense of resiliency is another risk management failure. While efficiency can lead to greater profits, it can also leave businesses vulnerable to disruptions in the supply chain. The auto industry’s reliance on a complex network of suppliers resulted in a chip shortage during the pandemic, impacting automakers’ bottom lines. On the other hand, Peloton’s decision to move its supply chain and manufacturing process to Ohio helped it meet increased demand and avoid major disruptions.
ESG (environmental, social, and governance) initiatives have gained importance in recent years, and companies are now expected to deliver meaningful impact reports tied to measurable results. The EU and US regulators are implementing stricter reporting requirements for companies on social and environmental issues. ExxonMobil lost a proxy battle for three board seats due to demands for greater ESG accountability. Failing to prioritize ESG can result in penalties and missed opportunities.
Reckless risk-taking can also lead to significant failures. A wildfire in British Columbia was attributed to reckless behavior on the part of railway companies, but this often stems from a lack of risk data, process definition, and governance. Lack of transparency is another risk management failure that can have severe consequences. During the pandemic, underreporting and misreporting of COVID-19 deaths in several states highlighted the need for transparency in reporting and data management.
Immature ERM (enterprise risk management) programs are a common failure in risk management. Many mergers and acquisitions, IPOs, and product launches fail due to inadequate risk assessment and preparation. Effective risk programs are crucial for identifying potential risks and mitigating them before embarking on major business activities. Supply chain oversights also pose significant risks, especially in the face of cyber incidents. Organizations must assess security risks throughout their partner supply chains and develop robust contractual terms to address cyber insurance requirements.
In conclusion, enterprises must prioritize risk management in the face of unprecedented challenges. Poor governance, toxic work culture, an overemphasis on efficiency, meaningless ESG statements, reckless risk-taking, lack of transparency, immature ERM programs, and supply chain oversights are common failures that can have severe consequences for businesses. By implementing proactive and ongoing enterprise risk management programs, companies can mitigate these risks and safeguard their operations in an increasingly volatile business environment.