Risk management is poorly served by managers who create excessive controls, especially if they are ineffective. It reminds me of the rhino, which has a horn, supposedly to defend itself. In fact, the rhino's worst enemies are poachers who want the horn for its high value because of its imaginary medicinal properties. So, as a defense, it's worse than useless, like many risk control measures. Or like the cowboy who carried two rifles in case he missed six times and was still alive!
Controls that control nothing.
I have often encountered this kind of "thinking".
· Money bags. The transport of cash in a box or bag obviously does this for advertising for thieves, but remains a popular choice.
· Carpet under the climbing frames. The better the landing surface, the more daring the children, the more injuries will occur and the more likely it is that parents will blame the owners of the facility.
· IT controls. Many "controls" in IT services only serve to shift blame between teams, creating complacency and doing nothing to reduce errors.
· Superfluous audit checks. Sometimes the longest checks are the least effective (and even less profitable) because only honest people comply with them, while fraudsters can easily bypass them.
· Inspection systems. If they are not accompanied by quick repair responses, these can simply prove that you were aware of the fault and therefore responsible!
· To the top. There were a lot of regulations in place that were of no real use in the banking crisis and in the horsemeat scandal. Will they be replaced with something better? Or just more bureaucracy?
What are the causes of this bad attitude?
1. The natural and justifiable concern to prevent the undesirable consequences of our actions, sometimes taken to the extreme.
2. Lack of communication between managers, insurers and health and safety, which caused instinctive reactions rather than properly considered solutions.
3. The requirements of funding agencies and regulators, who often lack detailed knowledge and understanding of the activities they are trying to control.
4. The culture of certain organizations, where failure is more punished than success rewarded.
5. Fear of being sued due to the culture of claims, particularly in light of a few well-known high-cost cases, sometimes with unexpected results.
6. Fear of unfavorable publicity if the press were to take a one-sided view of an incident, regardless of the real blame.
So what should we do?
When reviewing your risks, ask how effective your control measures are and assess the cost of these measures. So be ruthless. Perhaps an independent vision, from inside or outside of your organization, will be necessary.
Or you could be in danger like a rhino.