Home > Risk > Risk and Consequences

Risk and Consequences

January 11, 2020 Leave a comment Go to comments

I like to think that effective risk management helps the managers of an organization, at all levels, make the informed and intelligent decisions necessary for success – reliably achieving enterprise objectives considering all the things that might happen, both positive and negative.

It’s not about managing the possibility of harmful events or situations.

It’s about managing the likelihood and extent of success.

The likelihood and effect of harmful events and situations, including the consequences of decisions, have to be weighed against the positive outcomes that may arise, and the right risks taken for success.

Let’s consider the things that might flow from a decision.

Imagine we are thinking of raising the sales price of our flagship product. A number of things might happen:

  • Revenue is likely to increase in the short term, especially until customers are willing to change suppliers because our competitors have not increased their price.
  • The additional revenue could fund further investment in our product line, with positive longer-term revenue increases.
  • But, customers might also be unwilling to pay the higher price, impacting revenue. The change might be immediate but it could also be longer-term.
  • There might be an impact on our reputation, with both short and, especially, longer-term consequences. Perhaps we are no longer seen as a low-cost provider. Perhaps we are seen as a company that takes advantage of its customers. The likelihood is greater that this will harm our reputation than benefit it. Revenue could be impaired, particularly in the longer-term.
  • On the other hand, our competitors might increase their prices right away. Any negative effect would likely disappear, leaving only the positive revenue and cash flow impacts.
  • But, they might seek to take advantage, perhaps with an aggressive marketing campaign, seeking to steal customers and revenue.

Multiple things might happen if we increase our prices.

The effects are not all immediate, with some potential longer-term and even permanent impacts on our business.

We can change their effect if the price increase is lower, raise them if the increase is greater.

But we need to look further and deeper.

Each of the scenarios that can be envisaged leaves us in a changed situation. Before we can decide whether and by how much to change our prices, we need to consider whether those situations would be acceptable. If not, what can and should we do?

The options facing us to treat unacceptable situations flowing from our initial price decision will themselves have a range of effects, often a combination of potential and negative consequences. They will lead to another set of situations where we might have to make decisions and act.

For example, a price change now might change our perception in the marketplace as a low-cost supplier of quality products. If that will have a negative effect on revenue, what are we going to do about it? Can we modify our own marketing campaigns? Can we justify it based on quality or other factors like customer service or warranty periods? Can we take advantage of it to reach premium customers?

Let’s say we decide to increase our marketing budget to counter any reputation impact. That money has to come from somewhere. Perhaps our budget for marketing our other products and services will be impaired.

Where am I going with this?

A so-called risk assessment that only focuses on shorter-term effects (even if it includes both positive and negative effects) is limited in its value. Some effects occur later. We may need to act either to address those negative effects or take advantage of opportunities. All of that needs to be considered before an intelligent and fully informed business decision can be made.

There’s a domino sequence of situations that flow from any potential decision. Making a decision now without considering longer-term consequences can have disastrous results.

Consider the US invasion of Iraq. If we were to use all the benefits of hindsight to see what might happen, a series of situations and responses to them, we would probably question the initial decision.

A gives rise to B (after consideration of options), which gives rise to C (again, after considering options), which gives rise to D – and so on.

Are decision-makers thinking through the full range of potential consequences, including those over time and the responses and effects of the responses to them – and so on, for a long period of time?

Is the risk manager helping people make these considered decisions, not only with information and analyses but with quality decision-making processes?

If there is a lack of quality in decision-making, shouldn’t internal audit be drawing attention to it?

Which is the greater risk or threat to an organization, a data breach by outsiders or an inability to make quality decisions?

I welcome your thoughts.

  1. Michael Corcoran
    January 11, 2020 at 8:10 AM

    The IIA is mostly a testing profession. Risk function is mostly downside focused. Best hope as the CEO is the educate and equip the frontline with tools to help make decisions and course correct as results suggest. Inspecting it in by 2nd and 3rd line is a waste of money.

    • Norman Marks
      January 11, 2020 at 9:08 AM

      Michael, is that acceptable or is change required?

      • Mike Corcoran
        January 11, 2020 at 6:34 PM

        Need a new professional organization that operates differently and fills the void.

  2. Gary Lim
    January 11, 2020 at 9:51 AM

    The above scenario on price increase in my view is a Strategic risk where top management will be responsible to implement. The so called positive aspects is a wishful thinking that other competitors would also increase the price so additional income on the long term. In a competitive market, a company survival is based on their strategy which is the responsible of the CEO. In the internal context, there is strategy of cost reduction which the CEO would be pushing however there should be sufficient resources to support efforts to reduce the cost of manufacturing. My conclusion is that at EACH level in an organization, there are risk and consequences but at the top level there are factors beyond one’s control hence lots of things can be written on it as it was written. While within the organization usually these factors are known and within one’s control here is where the most benefits can be obtained.

  3. January 11, 2020 at 12:39 PM

    ‘If there is a lack of quality in decision-making, shouldn’t internal audit be drawing attention to it?’
    Most definitely and one place to start is the formal approval process, since it this point that decisions become cash flow. The document detailing the project should state the objective, benefits, possible scenarios (as you have outlined above) with an indication of likely outcomes and their effect on the benefits.

    • Mike Corcoran
      January 11, 2020 at 4:59 PM

      I seriously doubt any internal audit function has ever audited the strategic decision making process on anything. What they are good at is making sure the right signatures where obtained for capital appropriations that also need BOD approval. If examples out there otherwise, please share.

      • January 13, 2020 at 2:12 AM

        My department audited the board approval process. It’s many years ago now and I don’t remember all the recommendations. They included the need for the financial case to be independently checked, financial modelling to be used, the possible scenarios to be documented, with actions to be taken to cover any adverse effects resulting from the project.
        The future of any organisation depends on its decision making. The quality of its decision making depends on the quality of information available. IA should at least be checking this. In the example above, I would expect that sales data from previous price rises would be available, together with an attempt to graph total profitability vs retail price.

      • January 13, 2020 at 11:10 AM

        There has been an ‘audit’ of the decision to invade Iraq https://www.gov.uk/government/publications/the-report-of-the-iraq-inquiry.

  4. Richard Fowler
    January 12, 2020 at 11:20 AM

    “Consider the US invasion of Iraq. If we were to use all the benefits of hindsight to see what might happen, a series of situations and responses to them, we would probably question the initial decision.” Actually, we had the data at the time to question the initial decision. A recent Freakonimics podcast (“Speak Softly and Carry Big Data,” Episode 395) noted that both economic sanctions and military intervention have very low success rates for major cultural or political changes, not just from the US standpoint but from a global one. Yet those decisions continue to be made by many nations in spite of the evidence to the contrary. Boards of Directors and senior executives are no less likely to make decisions based on inherent biases rather than data, and chalk the results up to risk.

  5. January 13, 2020 at 1:40 AM

    Let us get the roles and responsibilities right on this one. In the case of price increases, the appropriate management team (need not be the Executive Committee) is responsible for making the decision and to ensure they have a prudent base on which to make this. This would involve some market survey/analysis providing data on price elasticity (i.e. customers inclination to change behaviour if the price increases). Furthermore, a good strategic risk management function will be asked to support on short- and long term consequences and scenarios. The management will then take this into due consideration, and make their informed/intelligent decision – taking risks, yes, but knowing what they are doing.

    Internal audit – I agree with Mike Cocoran – I have yet to even hear about any internal audit function auditing decision processes, especially those that are not standardized operational decisions (like those in a S&OP process).

    Strategic decision making is, in most cases, a result of a political process and very hard to influence by those who do not participate (which will include internal auditors and risk manageres). However, once a decision is made – someone will often be asked to make a decision support document on HOW the decision is to be implemented (eg. how big a price increase is to be taken). Risk managers can (and should) involve themselves in the preparation of this decision document and do their bit in ensuring the actions taken are based on intelligent risk taking.

  1. January 12, 2020 at 5:18 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: