Opinion: Beware of the risk of risk blindness

The pandemic has exposed the failure of many boards to effectively understand and predict risk. A large number have been blind to the impact of risk on their organisation. As a result, numerous organisations have suffered losses or have had serious problems and are in danger of failing or have gone under.

Being aware of and properly planning for risk is a vital task for any business. Though bear in mind effective risk management is not only about avoiding losses but in enabling value creation through improved business planning, organisational efficiency and enhanced social licence. Importantly, effective risk planning can provide a new opportunity, a competitive advantage, to drive long-term business success.

It’s up to boards to be at the forefront of identifying, planning and reacting to risk. After all, they are charged to generate the best return from the capital of the company which demands forward thinking and the ability to anticipate 'the effect of uncertainty on outcomes'.

Why boards fail when planning for risk

Most boards understand the mathematical factors of risk – the impact and probability of adverse outcomes. Unfortunately, too many boards are poorly prepared and blind to risk due to human factors. Here are six of the factors that contribute to risk blindness.

1. Recency There’s a tendency for directors to put a greater weight on recent events than on the probability of risk. The classic example is where we may check airline reservations in the wake of an aircraft accident. Travelling on an aeroplane is statistically the safest way to travel, but it’s easy to overly focus on airline safety after a recent accident with this form of transportation
2. Visibility As humans we put disproportionately focus on visible risks. For example, we focus on physical health and safety regulations, but are blind to the less visible but potentially more harmful impact of psychological harm in our workplaces.
3. Assumptions Too many boards make assumptions about risk, for example, playing down the impact of a potential future pandemic on their business by assuming that the pandemic will be simply influenza, or it is most likely to be a mild Swine flu and not a more damaging SARS like illness.
4. Excess or lack of confidence Some boards have overconfidence, a culture of hubris, which can mean they ignore or don’t plan adequately for different risk factors. Conversely, some boards have under-confidence which can lead to overestimating the impact of certain risks.
5. Skills We don’t know what we don’t know and boards that don’t have the appropriate skills to understand the risks relevant to the operation of their business can be blissfully blind to those that their company is taking on.
6. Culture The culture, “what we do when no one is looking” can be a fundamental enabler or have a negative impact on a business. A culture of candour, where bad news comes to the board faster than good news and where there is a willingness to learn from risk failures and mistakes will better equip the board to avoid risk blindness. A poor culture, that does not encourage candour may mean a board fails to discuss the risks and be risk blind.  

How to effectively prepare for risk

It is timely to properly prepare for risk. After all, it’s good governance that’s critical to the long-term success of any business. Boards must therefore have the foresight to assess risk as part of their strategy and business planning. They need to have a culture of openness, one that enables them to challenge assumptions around risk. The board must expect the unexpected, and also be able to adapt speedily and move quickly in a fast-changing environment, because all risk is dynamic. Importantly, they should have a willingness to learn from their risk failures and mistakes.

When planning for risk, boards need to start by looking at the normal risks around the operation of their business: the cash flow, workspace, health and safety, contracts with staff and suppliers, for instance. One aspect of operational risk they often fail to consider is systemic risk – an event that could cause a major collapse in the broader economy. 

A good example is the shortage of shipping containers which caused huge delays to products being distributed around the world due to Chinese New Year coinciding with the outbreak of COVID in China in 2020. Then, more recently, the Evergreen container ship being stuck in the Suez Canal, which caused considerable disruption to the global supply chain. Then there’s simply the operational risk of a poor strategic business decision-making – something that can lead to the failure of many a business. A good example here is the airline Norwegian which was wrong to attempt to compete with the incumbent airlines on the transatlantic routes. Its strategy appealed to neither the bucket and spade brigade or business travellers, when it would have been better to focus on one or the other. Now it’s trying to stave off bankruptcy. 

For risk planning purposes, cybersecurity is a huge issue, one that’s growing more important by the day. For instance, state actors and criminals are using increasingly clever phishing emails to trick the recipient into opening them, which can then cause huge damage to an organisation. To be cybersecure boards need to know what are their ‘crown jewels’ that they need to protect from being stolen or damaged. In a software business this might be code, and in healthcare the patient records. Organisations need to ask how these are protected and when was the last time someone checked the protection was still valid as threats evolve. Also, is there awareness of the reporting obligation in light of a break in, and appropriate insurance cover?

The type of business model you have impacts on the risk to your business and whether you end up as a winner, loser or a dodo. It’s those who have undertaken a digital transformation of their business who have a much-improved risk profile, and therefore the potential to experience less impact from exposure to risk. Also, those that are flexible and can quickly pivot their business model when exposed to risk, for example a fine dining restaurant providing takeaways and meal kits customers can cook at home during the pandemic, have fared much better than those who haven’t.

The pandemic has highlighted that boards need to take risk seriously and not be blind to it. It’s by having the foresight to plan for risk objectively, having a culture of openness, challenging assumptions around risk and being able to adapt fast that will ensure boards are well positioned to spot and turn any future risk to their commercial advantage, and secure the long-term survival of their organisation.

Bio: John Harte, Managing Partner at Integrity Governance
John Harte leads a global team at Integrity Governance that is focused on making boards more effective. A boardroom expert working with multinationals, SMEs, trade associations and not-for-profits, he provides practical, impartial advice to directors, business owners, executives and CEOs, to help improve board performance. John and his team have advised the boards of organisations in the UK and around the world since he founded Integrity Governance over 16 years ago. He has 30 years of experience at director level in the corporate world, having worked at blue chip businesses including: Mars, Schroders and Goldman Sachs. He is an in-demand speaker and thought leader on board effectiveness, practical governance and business disruption.