9 Common Risk Management Failures Every Business Should Know About
Risks are a part of every business, especially after enterprises have started focusing aggressively on digital transformation. These new goals for enterprises have opened up business risks. This calls for enterprises to take a deeper look into their risk management programs, also investing in newer technologies like online documents verification can help in managing risks.
Most risk management failures can be credited to reckless behavior, lack of predefined protocols, and bad judgment. Once enterprises conduct a deeper analysis, it becomes clear that risk management issues happen due to a lack of more proactive and ongoing enterprise risk management.
In this guide, we’ll break down the 9 most common risk management failures every enterprise should aim to avoid.
Common Risk Management Failures to Avoid
Understanding common challenges in risk management failures can help enterprises build stronger risk management programs. Let’s dive in.
1. Poor Governance
One of the prime examples of poor governance is Citibank, when they mistakenly wired a $900 million loan payoff to cosmetics company Revlon’s lenders in 2020. The case went to the courtroom, where a federal judge ruled that Citibank wasn’t entitled to refunds from 10 lenders that refused to return $500 million. An appeals court later overturned the ruling, and the bank eventually got all the money back.
Citibank had several policies and technologies set in place, such as dedicated terminals for wiring large amounts of money and multiple controls that were revised when most of the workforce was working from home during the COVID-19 pandemic.
Initially, the problem was suspected to be compromised banking controls. However, the problem was revealed to be because of a recently installed software that had UI issues and didn’t have ideal controls in place, which ultimately led to human error.
U.S regulators fined Citibank $400 million two months after the payment was made for “longstanding failure to establish effective risk management and data governance programs and internal controls.” Regulators also forced Citibank to overhaul its practices and take a deeper look into its controls.
2. Poor & Toxic Working Conditions
Toxic work culture can lead to risk management failures due to employees don’t have proper information on how to mitigate risks. Especially, Silicon Valley has now become a hub for toxic ‘bro culture’. Other forms of toxic work culture are created when companies fail to mitigate risks that can alienate employees and customers, often resulting in negative business consequences.
One example would be Facebook’s lukewarm response to the Cambridge Analytica data usage scandal in 2018, which hurt Facebook’s trustworthiness and market potential.
3. Efficiency vs. Resiliency
The auto industry figured out it could increase savings by building a supply chain of thousands of third-party suppliers across multiple tiers. However, when the pandemic hit, there were massive disruptions in the supply chains that laced resiliency. Eventually, there was a chip shortage, and the bottom line of automakers suffered when the chip suppliers took advantage of the resulting higher margins.
On the other hand, a fitness equipment maker moved their entire supply chain and manufacturing processes from Asia to Ohio to keep up with the heightened demand for exercise bikes during the pandemic.
This supply chain resiliency helped the company from disruptions, bottlenecks, and trade wars.
4. Meaningless ESG Statements
Until recently, companies would release ESG statements just to meet their ESG initiatives and did not deliver any measurable results. Since the UN issued a “Code Red for Humanity” on climate change in 2021, regulators, customers, and employees are now pushing for more meaningful ESG impacts.
Since the beginning of 2025, the EU has required about 50,000 companies to report annually on business risks and opportunities that are related to social and environmental issues and the impact of their business operations. Security regulators in the US are also considering new climate risk disclosure rules.
5. Reckless Risk-Taking
Reckless risk-taking can also lead to loss of business reputation, monetary loss, and even loss of life. One example is during 2021 Wildfires during unusually high summer temperatures approaching 122 degrees that destroyed the village of Lytton, British Columbia, which in less than 2 hours led to a class action lawsuit. The lawsuit claimed that the fire was triggered by heat or sparks emanating from a freight train operating nearby.
The suit alleged reckless behavior against the Canadian Pacific and Canadian National railways because they should have known about the unsafe conditions and shouldn’t have operated the train.
6. Lack of Transparency
Lack of transparency can also be a risk management failure. One of New York’s nursing homes during COVID was involved in a scandal that highlighted a systematic lack of transparency about the actual number of deaths related to COVID. There was also a discrepancy between the understood figures released to the public and the state attorney general’s ultimate findings.
When organizations withhold data or lack of data within organizations, it can create transparency issues, which can lead to consequences.
A transparent risk management approach needs a company-wide strategy that includes senior management and other business leaders. The risk management approach should clearly outline the role of risk management, encourage risk awareness, institute a common risk language, objectives, and critical risk concerns of all departments.
7. Immature ERM Programs
The business world is full of success stories that come out every day. Among the success stories, there are also less-publicized M&A, IPO, and product launch failures.
Most of these failures can be attributed to “immature risk programs.” Enterprises often don’t recognize that a complete risk assessment is a part of the ERM program to identify potential and inherent risks.
8. Supply Chain Oversights
Organizations need to assess security risks up and down the partner supply chain. Several organizations are also focusing on the risk associated with onboarding third-party vendors, particularly in relation to sensitive data breaches.
New contractual terms need to address cyber insurance requirements, data destruction practices, and destruction verification. Multiple organizations don’t regularly review existing agreements or consistently communicate new requirements across their business units. This leads to noncompliant contractual agreements and potential supply chain risk management problems.
9. Lagging Security Controls
Because of digital transformation goals, organizations have been accelerating deployments of new technologies to accommodate hybrid workforces. Unfortunately, the controls that are needed to set up security, availability, processing integrity, and privacy haven’t kept up.
As a result, several organizations are encountering control failures and compliance issues, which lead to security breaches. For example, as more workflows moved to remote setups, the requirements in SOC 2, the Sarbanes-Oxley Act, and ISO/IEC 27001 also changed. However, many companies still struggle to update their documentation to meet these security audit standards.
Conclusion
This wraps up our list of 9 common risk management failures that every business should know about. Knowing the common risks and preparing beforehand can make all the difference for a business.
