3 Expert Insights

The problem is not with risk or with compliance. Both are symptoms of a broader underlying issue - which becomes visible as aversion to risk. That issue is one of overcoming fragility in capability for corporate evolution.

Fragility, in its simplest terms, refers to a situation where, on average, more negatives than positives result from the emergence of random events. All companies face random events in complex marketplaces. Not all companies survive or thrive in the face of such random events - which are bound to happen given the evolutionary nature of complex systems such as markets.

Any change must be directed through this lens of reducing fragility - and increasing internal capability for corporate evolution.

This reminds me of Drucker's statement (which many erroneously attribute to Bennis): "Management is doing things right; leadership is doing the right things."

Controls are critical to ensure the proper functioning of an organization, and from you have said, you previously didn't have many in place until you hired a consultant.   Perhaps the consultant put too many in place, and people are bypassing / ignoring them which puts the organization at risk again, but the key issue isn't controls as much as it is an understanding of risk.

Controls are important, but they must be balanced with risk, common sense and operational need.  

If I were in your shoes (and I have been before), I would have conversations with your top managers so that they understand what is important and what isn't, the level of risk tolerance in the company, etc.   Then, you might consider another look at your controls to see what is needed and what is extraneous / not necessary.  

It comes down to leadership vs. management with a side serving of ethics and common sense thrown in.

I start my response with a few questions in my mind about your situation.

1. How big your definition of Risk that you want to avoid?

2. Are you just interested in avoiding accounting error risks or are you also interested in addressing other possible areas of organizational risks that can impact customer expectations and financial performance?  

I recently wrote the lead article for the QHSE magazine titled "Identifying Cascade Effect Risks in Organizations". My 12 page article uses gamification and a unique deck of cards I created to teach professionals how to identify organizational cascade effect risks potentially present in any organization.

All forms of risk are linked in organizations with 5 hierarchical waves of interactions that are described in my article, which was the result of 9 years of personal research on the topic of "Why do bad things happen in organizations?". My article is a primer in understanding risk linkages, negative outcomes and what to do about it. I hope it helps you look at risk from a different perspective and maybe give you some different ways to address your risk. I am also holding a 2 1/2 hour workshop on this topic at the upcoming American Society for Quality (ASQ) World Conference in May, 2014 in Dallas, Texas.