For far too long, managing risk has been seen as an esoteric business function — designed to control losses and adhere to compliance standards. But as more organizations fall prey to complex intangible risks, from unwanted disclosure due to rampant cyber threats to breaches of conduct driven by skewed incentive systems, the aperture of risk management is expanding from protecting the balance sheet to promoting ethical leadership and values-based decision making.
Consider Yahoo, with its record-breaking cyber breach estimated at more than 500 million records, or Wells Fargo, facing unwanted public excoriation after creating thousands of fake customer accounts, or the Volkswagen emissions scandal or the warning signs that could have prevented the Germanwings disaster. Many of these failures were either fueled by or lost in the byzantine maze that is the modern enterprise, which often breeds a combustible mix of indifference and short-termism. Complex systems fail in complex ways. But all start with human failings.
Senior business leaders and their boards must therefore change the way they think about risk and how they respond to it. Rather than countering complex risk with an even more complex risk-management system, which comes with its own blind spots and brittle places, leaders have to equip the individuals in their charge with common levels of risk awareness, codes of conduct, and value systems.
To do this, I’ve often relied on a handful of maxims. While it’s true that maxims can sometimes sound cliché – like a phrase on a motivational poster that employees walk past every day but never really look at — they can also be useful if leaders put real muscle into them. Here are a handful that I have found most useful in fostering a healthy sense of risk-awareness in organizations in which senior managers are themselves also demonstrating ethical leadership:
Values matter most when they are least convenient.