Why Ignoring Risks Can Blow Up in Your Face

by | Mar 2, 2025 | General

Welcome back! This is my second post, and today, we’re diving into the first and arguably most important step of risk management: Risk Identification.

In my previous post, I explained why you should care about risk management (link here: https://riskvision.org/2024/11/15/why-you-should-care-about-risk-management/) and introduced the four steps:

  1. Risk Identification (figuring out what could go wrong)
  2. Risk Response (deciding what to do about it)
  3. Risk Monitoring (keeping an eye on things)
  4. Risk Reporting (making sure everyone knows what’s up)

At its core, risk management is about making smart decisions—ones where the benefits outweigh the risks, so you don’t end up in disaster.

The First Step: Spotting the Disasters (a.k.a. Risk Identification)

We all make decisions daily—some minor, like choosing whether to drink questionable gas station coffee, and some major, like deciding on safety protocols for people working in mines. When it comes to high-stakes decisions, a disciplined risk management approach is essential. And it all starts with identifying risks.

So, what are some examples of risks? They range from financial losses (spending too much on crypto and regretting it), regulatory violations (getting fined because you forgot about that pesky law), technology failures (servers crashing during a Black Friday sale), data breaches (hackers stealing your customers info), and safety concerns (workplace accidents that could have been prevented).

Once you identify risks, you assess whether they’re a high or low risk. And if they’re a high risk? You move to the next step: Risk Response (which I’ll cover in my next post).

But first, let’s look at what happens when risks are ignored. Spoiler alert: it doesn’t end well.

Real-World Risk Management Disasters

The Fukushima Daiichi Nuclear Disaster (2011): When Nature Said ‘Surprise!’

In 2011, Japan was hit by a massive 9.0-magnitude earthquake, followed by a tsunami so big it could’ve been a movie. This led to the failure of the Fukushima Daiichi nuclear power plant’s cooling systems, causing a nuclear meltdown.

What went wrong?

  • They underestimated the tsunami height. The plant was built to handle a 5.7-meter wave. The actual wave? Over 14 meters. Oops.
  • They ignored historical warnings. Historical records showed massive tsunamis had hit before, greater than 5.7-meters, but safety plans didn’t fully account for them.

What made things worse?

  • Backup power systems were placed at ground level—a great place for a tsunami to flood them.
  • Battery backups lasted only a few hours—not long enough to prevent disaster.
  • Cooling the reactor cores became nearly impossible, and, well… meltdown.

The result? Nuclear safety protocols worldwide changed overnight, and some countries (like Germany) even started phasing out nuclear power entirely.

The 2008 Financial Crisis: When Banks Played With Fire (and Got Burned)

The 2008 financial crisis happened because banks and mortgage lenders got a little too greedy, reckless, and overconfident. Basically, they handed out home loans like candy, even to people who couldn’t afford them.

Here’s what went wrong:

  • Mortgage lenders ignored basic credit standards (like… making sure borrowers could actually repay loans), such as not verifying the borrower’s income to repay the loan, giving loans to people with lower credit ratings, and using Adjustable Rate Mortgages where interest rates shot up after some years, and not telling this to the home buyer who couldn’t pay those higher rates.
  • Mortgage lenders bundled up these riskier mortgages into ‘Collateralized Debt Obligations’ (CDOs) and sold them like hotcakes to banks.
  • Everyone assumed home prices would keep rising forever. Spoiler: they didn’t.

What were the missed risks?

  • Flawed Risk Models: Models used historical data to predict the future, but that historical data was based on the old credit conditions, not the conditions where credit standards were lowered (see above bullet points) – meaning higher rates of default were missed.  
  • Default Correlation: Banks assumed if one person defaulted, others wouldn’t. But since loans were given out under the same lower credit standard conditions, defaults skyrocketed together.
  • Moral Hazard: Mortgage lenders didn’t care whether borrowers could pay back loans because they just sold the ‘CDO’s to someone else who took on that risk. In other words, the mortgage lenders lowered their credit standard and knew this could result in higher defaults, but they didn’t tell the banks when they sold them the CDOs.

What happened next? Homeowners defaulted, banks panicked, lending froze, businesses collapsed, people lost jobs, Lehman Brothers went bankrupt, and governments had to bail out financial institutions to prevent total economic collapse.

Lessons Learned: How Not to End Up in a Disaster

Most catastrophic failures share common themes:

  • Ignoring Low-Probability, High-Impact Risks – Just because something is unlikely doesn’t mean it won’t happen. When it does, and it has a really high impact, it’s usually bad (see: nuclear meltdowns and financial collapses).
  • Overlooking Early Warnings – There were plenty of red flags in both Fukushima and the financial crisis, but people either ignored them or didn’t take them seriously.
  • Putting Profits Over Ethics – Cutting corners for short-term gains often leads to long-term disasters.
  • Weak or Nonexistent Risk Management – If no one’s checking for risks (or they’re not being taken seriously), it’s only a matter of time before something goes wrong.

So, the next time you’re making a big decision, take risk identification seriously—unless you enjoy unnecessary chaos.

In my next post, we’ll talk about Risk Response—because knowing about risks is useless if you don’t do anything about them.

Stay tuned!

Why you should care about risk management

by | Nov 15, 2024 | General

Risk management in your life…

My goal is to educate (or convince) you all on why risk management matters and, even more boldly, how it can be interesting. The simplest way to explain risk management is to find the right balance between risk and reward. Risk management is weighing the changes of something bad happening against the benefits you could gain. On one end, you could perseverate over every decision and think that everything is a disaster waiting to happen. What if people hate the new product, what if aliens land and we have no strategy for interplanetary trade relations. On the other end, you could also take the YOLO (i.e., You Only Live Once) approach by wearing a Hawaiian shirt to the next Board meeting and stating that risk management is for the weak.

Take purchasing a car as an example for risk management. I’m really challenging myself to make car purchasing and risk management interesting. Let’s say you are at a dealership and you are about to purchase a car. You have the risk of purchasing a lemon (a car that breaks down shortly after purchasing). How do you mitigate against that? Bring a friend who knows about cars. Better yet, bring more than one friend so you can take a cross section of opinions, and if you do end up purchasing a lemon, then you can form a support group when you get stranded on the highway. Another risk is overpaying for the car because your sales person plays mind tricks. To mitigate this one, wear sunglasses and don’t make eye contact. Once you purchase the car (congratulations!) you want to monitor the health of the car by listening for strange new noises and googling what the suspicious dashboard lights mean. Transferring risk is another way to respond to a risk. You can purchase insurance for your car so that if your dashboard lights up like a Christmas tree, then you don’t have to be on the hook to pay for everything.

 

Breaking down risk management…

We are always making decisions in our lives balancing risk and reward. Some are more obvious, but the more complicated ones are not. The complicated ones start to become more straightforward and transparent when we take a more disciplined approach. In a company, risk management decisions often involve higher stakes. Instead of picking a car, they’re making moves that impact their entire business and the lives of others. I’m going to start explaining risk management from the perspective of a company, but these elements can apply to all of us as individuals, like when we are purchasing a car…and I really think we don’t apply it as much as we should in our own lives. For a company, the reward is the goal or objective defined in their strategy. In other words, what rewards or strategic goals a company wants, and the risk is what would derail the company from achieving those goals.

Let’s say for example, your company’s strategic goal is to sell the more widgets than any other company that sells those same widgets, or put it another way, have the largest market share of widgets. Now how do you achieve that goal? You want to make really good quality widgets, make sure you have all the parts to manufacture those widgets, and have enough skilled employees to sell those widgets. If any one of these goes wrong, then it could prevent you from becoming the largest seller of widgets. We have identified three risks that can prevent us from achieving our strategic objective:

  • Risk Identification – we identified 3 risks preventing us from selling the most widgets and having the largest market share:
    • Poor quality widgets
    • Not enough supplies to manufacture widgets
    • Not having enough skilled employees to sell those widgets

Now say we want to focus on one of those risks, and the one we want to focus on is not having enough skilled employees to sell our widgets. One way to prevent that risk from occurring is to hire really good talented people. You want to hire the best person to sell those widgets, or the person with the right knowledge, skillset, and experience. You also don’t want to run out of money by paying way too much to your employees, and then go out of business. There isn’t much strategy to think of when you’re out of business. To strike the right balance between risk and reward, there are some activities you could do to ‘respond’ to the risk of not having enough skilled employees to sell widgets. ‘Risk Response’ is the next step after you identify your risks:

  • Risk Response – while each risk needs a risk response plan, we took one as an example:  not having enough skilled employees to sell widgets, and we created a risk response plan:
    • Perform market research to better understand compensation
    • Post job opportunities in the right places
    • Write the job description in an exciting way to encourage people to apply

Once that person is hired, you want to ‘monitor’ things like their performance, competitor salary ranges, and/or others. Usually this is a metric, such as what is the average salary range for this position and how far away are we from that range. Every so often you revisit the metric to understand if you are outside the preferred range. Risk Monitoring is the next step:

  • Risk Monitoring – keep tabs on how the risk versus reward environment is changing:
    • Continue to perform market research to understand changes to pay so competitors don’t lure away your good employees with higher pay
    • Conduct performance evaluations for employees to understand whether they are selling enough widgets
    • Perform employee happiness surveys to ensure employees are happy and engaged. if they are not, then determine what adjustments need to happen in the workplace

Once you do all this great work, you want to tell senior management and decision makers on where you struck the balance of risk versus reward and where you may have gaps that management needs to invest resources.

  • Risk Reporting – tell people of the amazing work you did above!
    • Taking all this great work and summarizing to senior management and other decisions makers on how you are striking the balance between risk versus reward. The goal of risk reporting is to keep decision-makers informed so they can allocate resources toward solutions—perhaps increasing salaries, adjusting benefits, or improving training programs to retain talent. With clear, concise reporting, you’re helping management understand where the gaps are and make better, more risk informed decisions.

 Wrap up!

We just went through the risk management lifecycle: 1) risk identification, 2) risk response, 3) risk monitoring, and 4) risk reporting:

This post is just the beginning. Next time, I’ll dive deeper into each of these steps and talk about real world scenarios and real-life examples of when things went wrong when poor risk management practices were put into place, or not put into place at all. In the meantime, visit my educational website, riskvision.org, for additional insights on risk management!