Risk Management in Modern Organisations
As a comprehensive and thorough process, risk management forms an integral part of the operations of any modern organisation. It involves ensuring that the business accounts for possible causes of loss and damage, whatever form they may take. Taking steps to measure, reduce, transfer and retain risk give the business a greater understanding of their position in the wider business environment, along with the challenges posed internally and externally. Risk management has proved crucial in all aspects of life for many years and has provided a cornerstone for development and growth, in that “calculating risks is part of the master narrative of first modernity (Beck 2002)”. Therefore, one can infer that it would be extremely wise to invest a considerable amount of time, effort and resources into correctly managing the risk that would be linked to their business operations. However, in many cases, organisations undervalue the significance of risk management and conduct a flippant, brief process that fails to produce an in-depth examination of risk related to the company. It also serves to lull the business into a false sense of security in that, by not seeing major risks, they can (to a certain extent) pretend that they do not exist. This approach contributes to the phenomenon known as ‘risk creep’, which embodies the belief that, “As things go well, our perception of risk goes down. We start to feel safe and as a result we take one small step into territory that we previously labelled out of bounds (Richards 2015)”. As such, to ensure that risk management is accurate and beneficial to the company, one must remain vigilant and alert to the rapidly adapting business environment. Often, by taking a short-sighted approach and making risk management an inconsequential, ‘box-ticking’ exercise, the organisation sets itself up for potential failure in the long-term. To distill the message, organisations must strive to ensure that all operations and projects “are undertaken with eyes wide open and all due preparation (Houck 2010)”. In failing to do so, organisations often feel severe consequences, as evidenced by the large-scale vehicle recall undertaken by General Motors in our chosen example.
In 2014, General Motors began an initial recall of more than 2.6 million vehicles in the US over an extreme fault that prevented airbags from deploying and resulted in some serious consequences including fatalities. The company said that sensors, which were connected to the front airbags of many vehicles, failed to detect a crash depending on the movement of the vehicle pre-impact. As a result, the airbags would fail to deploy. Soon, the recall figure rose to over 30 million cars worldwide. This fault has been linked to over one hundred confirmed deaths thus far. General Motors eventually paid a sum of $900m to end a criminal investigation launched by the US Justice Department to examine the scandal. During this process, it was discovered that management at the company had known of the fault for over a decade but had chosen to deliberately hide evidence from the public (GM agrees $900m settlement for faulty ignition switches 2015).
A firm with a strong risk management process should have protection against any potential loss exposures it may have to face. However, General Motors who, at the time, were one of the largest auto manufacturers and retailers in the world failed miserably in their attempt to implement such a plan. General Motors’ weak approach towards their risk management process ended with the company suffering large-scale reputational damage and incurring severe financial cost.
Before news of the scandal broke, it appeared that General Motors was taking a proactive approach to risk management and attempting to rectify past errors. Previous poor management eventually led to the company filing for bankruptcy in 2009. In 2012, it had introduced a new Enterprise Risk Management (ERM) programme, which was lauded by then-CEO, Dan Akerson. He commended the apparently in-depth approach, commenting “the best risk management function…is one that you never hear about publicly…You are always trying to anticipate, trying to move before you have to, and if you do, try to look across the entire enterprise and get an integrated view of risk” (Slezak 2014). Despite this, the underlying failures were neither examined nor addressed. General Motors failed the two basic objectives of this risk management process; firstly they did not sufficiently prepare in the pre-loss phase as they had minimal preparation for the occurrence of such a loss. Secondly, they did not consider the post-loss events, as they were inefficient in dealing with the subsequent fallout and costs.
We can see from the General Motors scandal that risk wasn’t prioritised as it should have been, a move that lead to huge consequences. The risk manager should have acted earlier when deficiencies were found. General Motors first discovered concrete evidence of a problem during testing in 2009, but no recalls happened until 2014. The risk manager had the information about the potential damage that this could cause, both to the public and the organisation, but chose to ignore the issue instead of acting. In fact, solutions were proposed by relevant staff testing and developing the cars – solutions that were rejected by those more senior to the company’s engineers (Norris 2014). This fault should have been immediately communicated to the public and a plan to rectify the matter should have been swiftly implemented. Instead, GM decided to ignore the issue in the futile hope that the major fault would not be uncovered.
Since the event happened, the organisation has attempted to make improvements in its risk management process. Following the emergence of the scandal, Mary Barra was appointed CEO and attempted to rectify some of the glaring issues that led to such an incredible failure. She was instrumental in creating a compensation fund for victims and their families, while she also dismissed fifteen employees and severely disciplined a further five for their role in the scandal (Sahadi 2018). GM also established a new senior position, Global Vehicle Safety Chief, to ensure that such an event is never repeated. Jeff Boyer, a General Motors employee with over forty years experience, was appointed to the role in 2014 (GM appoints Jeff Boyer as vehicle safety chief 2014). It is hoped that these strategic moves, along with a more defined focus on the value of proper risk management, will lead to a future free from similar scandals or failures.
As has been illustrated in the case of General Motors, one cannot define future objectives with any degree of certainty without effective risk management. If an organisation lays out objectives and targets without taking all risks into careful consideration, it is likely inevitable that they will end up being negatively impacted once these risks come to fruition (CareersinAudit 2015).
The risk management process ultimately aims to minimize the negative impact of potential risks for the business. Having a risk management plan fulfills this objective, ensuring that the organisation will save valuable resources including time and money if a risk were to come to pass. A risk management plan reduces legal liability and ensures the ongoing stability of operations in the business, along with correctly identifying the insurance needs of the business in order to minimise any unnecessary costs.
Without doubt, purchasing the appropriate insurance cover for your business is an important part of your risk management plan but, as shown in the case of General Motors, it’s not enough in isolation. An organisation must still implement policies and procedures to deal with risks. Without doing so, multiple facets of a firm could be negatively impacted including basic operations, reputation, financial security and assets (Risk management: Why is it important for your business? n.d.)
In conclusion, it is undeniable that General Motors’ risk management failure showcases why risk identification and management should be paramount in every organisation. It resulted in fatalities, a mass vehicle recall, financial costs and reputational damage. General Motors’ failure is a prime example of the important role that the risk manager plays in an organisation. One must assume that lessons will be learned from the failings of General Motors, and that organisations will continue to recognise the importance of risk management. It serves to ensure the stability of the business in the modern environment, creating a sustainable platform on which to build and grow.
1): Beck, U., (2002) ‘The Terrorist Threat: World Risk Society Revisited’, Theory, Culture and Society, 19(4), 39-55, available: https://doi.org/10.1177/0263276402019004003
(2): Richards, S. (2015) ‘In Assessing 2015 Goals, Be Wary of Risk Creep’, The New York Times, 7 Jan, available: https://www.nytimes.com/2015/01/08/business/in-assessing-2015-goals-be-wary-of-risk-creep.html
(3): Houck, O., (2010) ‘Worst Case and the Deepwater Horizon Blowout: There Ought to Be a Law’, Tulane Environmental Law Journal, 24(1), 1-18, available: https://heinonline.org/HOL/P?h=hein.journals/tulev24&i=3
(4): GM agrees $900m settlement for faulty ignition switches (2015) BBC, available: https://www.bbc.com/news/business-34276419 [accessed 13 Oct 2018]
(5): Slezak, S. (2014) GM’s risk management failures provide lessons for other firms, Global Risk Insights, available: https://globalriskinsights.com/2014/03/gms-risk-management-failures-provide-example-for-other-firms/ [accessed 11 Oct 2018]
(6): Norris, F. (2014) ‘History Gives Other Cases of G.M.’s Behaviour’, The New York Times, 27 Mar, available: https://www.nytimes.com/2014/03/28/business/history-offers-other-examples-of-gms-behavior.html
(7): Sahadi, J. (2018) What GM’s Mary Barra learned early on: Speak up and stop saying sorry, CNN, available: https://edition.cnn.com/2018/10/11/success/mary-barra-gm/index.html [accessed 12 Oct 2018]
(8): GM appoints Jeff Boyer as vehicle safety chief (2014) BBC, available: https://www.bbc.com/news/business-26620717 [accessed 10 Oct 2018]
(9): CareersinAudit.com (2015) The Importance of Risk Management In An Organisation, available: https://www.careersinaudit.com/article/the-importance-of-risk-management-in-an-organisation/ [accessed 10 Oct 2018]
(10): Risk management: Why is it important for your business? (n.d.) BrokerLink Insurance, available: https://www.brokerlink.ca/blog/risk-management [accessed 14 Oct 2018]