Enterprise risk management (ERM) is a corporate governance framework that facilitates holistic risk management.
Transitioning to an enterprise risk management strategy enables business leaders to protect business continuity and embrace a proactive risk-management methodology. They can proactively identify risk events, assess the company’s appetite for these dangers, and subsequently work to avoid, reduce, distribute, or embrace risk.
Businesses that win at ERM will achieve alignment between their organizational objectives and their risk management strategy. Ultimately, this will pave the way for sustainable growth and preserve the company’s brand image.
Conversely, organizations that fail at enterprise risk management can — and often do — incur serious financial losses and irreparable reputational damage.
By examining past instances of bad ERM, your organization can learn valuable lessons that it can apply to its own risk management strategy. With that in mind, let’s explore the risks associated with subpar ERM and examine three real-world examples of risk management failures.
Risks that Arise from Poor ERM
Organizations that practice poor enterprise risk management or neglect this responsibility altogether encounter risks such as:
Poor enterprise risk management processes lead to a lack of governance at the most basic level.
Organizations must implement robust governance processes that include redundancies if they want to promote continuity and avoid costly errors. Otherwise, what should be an easy-to-remedy issue can turn into a multi-million dollar mistake.
A Lack of Resiliency
For the last several decades, businesses have become obsessed with “efficiency.” While organizations across all industries should strive to improve efficiency, they shouldn’t do so at the expense of resiliency.
An enterprise risk management strategy balances a company’s objectives with its risk tolerance, creating synergy between resilience and efficiency.
On the other hand, a risk management strategy that places much of the burden on individual business units can lead to a lack of resiliency, as each department is focused on pleasing the C-suite by maximizing output.
Uncooperative Workplace Culture
While enterprise risk management is a top-down risk mitigation framework, it can’t be successful unless the organization at large embraces its objectives. An unclear or inconsistent ERM strategy will garner little buy-in amongst line-level team members and mid-level managers.
With that in mind, organizational leaders must create a clear, easy-to-adhere-to program that everyone can embrace.
One of the biggest dangers associated with a lacking ERM strategy is the tendency to cause self-inflicted wounds. This is particularly concerning for organizations that operate in heavily regulated sectors, such as food and beverage, finance, and healthcare.
Failing to adhere to regulatory requirements leads to significant fines and can expose businesses to civil litigation and judgments totaling millions.
Too Little Transparency
Consumers (and investors, for that matter) crave transparency.
Modern consumers want to know more about the products, services, and brands they support. Stakeholders want access to much of the same information, as they understand that this data will influence how consumers view the brand, ultimately impacting the bottom line.
An outdated ERM strategy will be plagued with siloed data and too little transparency, which can create friction among consumers and stakeholders alike.
3 Real-World Examples of ERM Failures
Over the years, several high-profile enterprise risk management failures have illustrated why organizations must reimagine their strategies and invest in the resources needed to facilitate holistic ERM. Here are three of the most notable and some important lessons you can glean from them.
- The Wells Fargo Scandal
In 2016, Wells Fargo was ordered to pay $185 million in penalties due to inappropriate sales practices spanning multiple years.
Behind the scenes, Wells Fargo employees set up millions of accounts without the knowledge or consent of consumers. The company fired more than 5,000 employees during the fallout and suffered lasting reputational damage.
Wells Fargo inadvertently created the perfect storm for this massive scandal by being negligent about risk management.
Specifically, the financial institution pushed for efficiency and set unrealistic employee sales quotas. For years, it failed to conduct internal audits of its quota-based incentive program, which led thousands of employees to exploit customers by opening unauthorized accounts.
The bottom line is this: your organization is responsible for the behavior of its staff. Therefore, audits must be an intrinsic component of your ERM strategy.
- The Boeing 737 Max Controversy
The Boeing 737 Max controversy came to light following a series of plane crashes, each of which claimed the lives of over 100 passengers. The incidents stemmed from safety oversights and intentional attempts to hide vessel information from the FAA.
Ultimately, this scandal led to a massive $2.5 billion settlement with the DOJ and a $237.5 million settlement with stockholders. During the proceedings, Boeing’s board received criticism for neglecting project safety and focusing only on revenue and production during meetings.
The Boeing case sets a precedent for executives. Specifically, directors and board members must engage in all mission-critical aspects of a company’s dealings, not merely discuss profits, productivity, and revenue.
- The Blue Bell Listeria Crisis
In 2020, a federal court ordered Blue Bell to pay a $19.35 million fine for distributing listeria-contaminated products in 2015.
When the listeria outbreak arose in 2015, Blue Bell promptly recalled all potentially affected products. However, the company’s directors allegedly ignored ongoing reports of unsanitary conditions and practices at various plants. Despite these reports spanning several years, they largely went unaddressed.
The Blue Bell suit reinforces the importance of oversight and audits.
An organization’s governing board must establish an oversight committee and create a regular process for delivering the committee’s findings to decision-makers. Businesses should also conduct regular external audits to verify that all oversight processes are being followed to the letter.
Applying These Lessons to Your Business
Regardless of your industry, your organization needs a comprehensive enterprise risk management strategy.
Implementing an ERM strategy will require your company to invest in robust entity management software. Such a solution will empower your business to optimize oversight across the entire organization and achieve alignment between its various departments.
If you’d like to demo a robust solution that can elevate your risk management capabilities and optimize transparency, connect with Athennian. Our powerful platform can be your single source of truth for entity data, compliance, and more.