First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / Those lists of greatest risks all miss the BIG one

By | 2 Minutes Read

Those lists of greatest risks all miss the BIG one

risks

When something goes wrong, 99.999999% of the time it’s because somebody made a poor decision (at least in hindsight).

You ask the individual responsible, “What were you thinking?”

That is quickly followed by, “You weren’t thinking, were you!”

The BIG one, the root cause of failure and the greatest source of harm to any organization and its success, is the likelihood of a wrong decision that has major ramifications.

I discussed this in World Class Risk Management and extended the discussion in Making Business Sense of Technology Risk, where I made a distinction between strategic decisions (which include setting objectives and strategies) and tactical decisions.

We should be concerned if the likelihood of poor decisions, especially but not limited to important ones, is higher than we can tolerate.

What are the root causes of poor decisions?

There are many, including:

  • Poor framing of the decision
  • The wrong people making the decision
  • Relying on information that is not complete, accurate, or up-to-date
  • Not seeking all relevant information
  • Cognitive and other bias
  • Not including others that either have relevant information or who might be affected by the decision
  • Not considering all relevant options
  • Poor identification and assessment of what might happen, both good and bad, for each option
  • Failing to understand the ramifications of the decision when it comes to the achievement of enterprise objectives
  • Putting personal or team benefits ahead of those of the organization
  • Haste
  • Delay
  • Poor communications
  • Inadequate change management
  • Politics
  • Pressure
  • Incompetence
  • ….and so many more

As you look at your own decisions, those of your team, your peers, your partners, and elsewhere across the extended enterprise, do you have reliable assurance that informed and intelligent decisions will be made?

What can and should you and others do about it?

I think there are roles for both risk and audit practitioners.

I welcome your comments.

Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Latest posts by Norman D. Marks, CPA, CRMA (see all)

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Footer

About us

Established in 1995, First Reference provides organizations with practical and authoritative resources to help ensure compliance with constantly changing Canadian legislation and best practice

Main Menu

Stay Connected