Why do some businesses crumble under the weight of unexpected challenges while others emerge stronger? The answer often lies in fragility. A fragile risk process makes your business susceptible to severe consequences — including financial loss or even operational failure — from unexpected events or disruptions.
In a fragile risk environment, the potential upside is minimal at best, but the downside can be catastrophic. And the impacts accelerate as the stressor gets bigger, putting organizations in increasing danger. That’s why fragility is so dangerous.
Where to Look for Fragility
Where to Look for FragilityTo become less fragile, you need to know where to look. Here are seven things to watch out for that can put your organization at risk:
1. Overcontrol. While it’s crucial to have measures in place to mitigate risks and protect your operations, too many controls can lead to a false sense of security. No matter how many controls you have, you still must regularly review what you have, how effective they are, and if new controls are needed. Inattention introduces more risk. And that makes you fragile.
2. Atrophy. Risk plans can become outdated and useless if they don’t evolve with changing conditions. Take generative AI, for example. ChatGPT and other generative AI tools skyrocketed from nothing to a mainstay in record time. If your organization doesn’t have policies and controls around its use, you could be exposing yourself to a whole host of new risks that could have significant consequences.
3. Reliance on historical data. Historical data can be very useful. However, just because something happened – or didn’t happen – in the past does not mean the same will hold true in the future. Consider recent events in the banking industry. No bank had failed in so long that people stopped seeing that as a possibility. That is until March of 2023 when Silicon Valley Bank failed, followed by others in quick succession.
4. Incentive mismatch. Incentive mismatch. When financial incentives of decision-makers diverge from the well-being of the company, even the most well-meaning can make damaging decisions in a classic conflict of interest. For example, when executives are compensated based on short-term measures like quarterly profits, it can be hard to sacrifice that personal gain for a different decision that might be much better for the company in the long term.
5. Scale. The biggest companies might seem to have it the easiest because size conveys power. And it’s true that big companies often have the leverage to dictate favorable terms for things like supplier relationships, pricing, and shelf space. But that size comes at a cost. Scale reduces the options available when you need to act quickly. Scale multiplies the impacts of randomness and uncertainty across a gigantic domain. As the saying goes, “the bigger you are, the harder you fall.”
6. Compounding impacts. Certain risk events have the capacity to trigger rippling impacts. Anyone who has experienced a flight delay because the incoming plane was caught in bad weather in a completely different part of the country knows this phenomenon all too well. Likewise, hiring a toxic personality in a leadership role can ripple out into cultural decay, lack of productivity, employee attrition, and so on. Any time problems can cause more problems, you’re fragile.
7. Over-optimization. Over-optimization. Companies have spent years optimizing things like supply chains. Just-in-time inventory, for example, was widely regarded as a great opportunity to maximize a balance sheet because you are getting the inventory right when you need it. But any hiccup spells trouble. If you’ve consolidated to everything to one supplier and that supplier fails for whatever reason, you are fragile. Without backup, you don’t have the cushion needed to weather the storms of uncertainty.
“When you look at risk processes in the right light, you may start to realize that you are much more fragile than you realize.”
– Jason Medford, Risk@Work webinar, How Fragile Is Your Risk Process
Become Less Fragile
No one sets out to make their company fragile, but it’s easy to rationalize decisions to optimize the present at the potential expense of the future. At the time, many of these decisions can seem innocuous – a cut here, a trim there – until you step back and realize the organization has been essentially strip-mined.
That said, introducing some fragility is not necessarily a bad decision. But it must be done carefully, without making the business fragile to a ruinous shock from which it could not recover. The key is to know what threats, situations, and circumstances make you fragile, so you can deliberately decide what is acceptable and what is not. Knowing that will make your organization stronger, more resilient, and ready to thrive under any conditions.
For more on how to become less fragility, download our ebook, The Hunt for Hidden Risks, and check out Riskonnect’s Enterprise Risk Management software solution.
