You can’t write enough rules about risk.


A WAYPOINT about…risk management

By Bill Stuart

Eager newcomers to risk management tend to be rule writers.  Take an asset, assess the risk, write a rule against it.  On to the next asset.

But what rules would have prevented these epic fails of risk management?

The media tends to call them PR disasters, but that’s just the aftermath.  Before that, people drowned, coastlines and wildlife were befouled, phones started fires.  Then all three companies - Carnival, BP, and Samsung - saw their value plummet.  Those aren’t PR disasters but epic fails of risk management.

That is, the potential for each disaster was inherent in the people and processes that make up a company’s culture.  It just wasn’t anticipated and identified.  So, it wasn’t guarded against with the safeguards that truly prevent disasters involving employees and processes.  In all three cases, the right information wasn’t getting to the right people at the right time.

Just to scratch the surface:  The cruise ship captain never issued a mayday.  The oil company permitted unsafe deviations from its own standards.  Samsung put product design over quality and safety.  You have to think each of these companies had an active risk management program.

But risk management today isn’t an overlay to your business, it’s intrinsic.  It’s part and parcel of your culture.  Are you confident your culture will keep your company safe from pictures like these?

Bill Stuart is the CEO at Dallas-based Waypoint. He can be reached at