The total cost of not managing project risks

This can lead to resources being redirected away from the goals of a project in order to put out small risk-generated ‘fires’, such as minor compliance breaches through to catastrophic consequences, for example, data breaches and employee or members of the public suffering injury or death.

Like most things in life, when it comes to risk management, prevention is better than the cure. Although investing in risk assessment and analysis may not be the sexiest part of a new venture, the costs of not doing so can be high. From regulatory investigations and hiked-up insurance premiums, to losing key employees and project partners, skimping on managing risk can lead to project-busting outcomes.

Not having a risk management plan can lead to financial costs; however, there are also intangible consequences that are not always immediately apparent, including:

Reputational damage – risk-related events such as product recalls, data breaches, or ethical violations can harm your business’s reputation, especially in our digital age where one wrong move can see your organisation face trial by social media.

Brand devaluation – if you invest large amounts of money in your brand then not doing risk assessments and implementing management strategies is a bit bonkers. A risk-related event can tarnish your brand’s image and diminish its value in the marketplace.

Customer dissatisfaction – risks that negatively impact product quality, service delivery, or customer experience can lead to dissatisfied customers. Unhappy customers are often more than happy to repay you by spreading negative word-of-mouth and posting nasty online reviews, impacting future sales and business growth.

Employee morale and productivity – poor risk management can create uncertainty and stress among employees. Health and safety risks can lead to tragic consequences. HSE figures for 2021/22 show that over half a million workers (565,000) sustained an injury at work and 135 workers lost their lives on the job.

Legal and regulatory consequences – breaches of laws, regulations, or compliance requirements can result in criminal prosecution, civil claims, fines, warnings, and reputational damage. This can lead to increased scrutiny from regulators and difficulty in obtaining necessary licences or permits – hardly beneficial when trying to grow your business.

Stakeholder trust and relationships – this is an often overlooked consequence but can be the most damaging. Risk-related events can erode trust and strain relationships with stakeholders, including investors, partners, suppliers, or community members. Rebuilding trust may require significant effort and resources that could have been directed towards launching the project.

Loss of competitive advantage – disrupted operations, project delays, and/or compromised intellectual property can undermine your company’s competitive position. Like sharks drawn to fresh blood, competitors will immediately react and whisk away as much market share as possible whist you work to fix the negative consequences of the event.

Environmental and social impacts – events that harm the environment and communities can have long-term ecological and social consequences. These may include environmental damage, health issues, social unrest, and a complete collapse of your organisation’s reputation.

Over-insurance – although traditionally, the focus has always been on the cost of under-insurance, many businesses carry more insurance than they need. This is usually a result of not monitoring the risk management plan during the project and making sure any insurance that is no longer required or fit for purpose is renegotiated or cancelled.

The key to controlling the total cost of risk-related events is to have a comprehensive risk management strategy in place before a project begins and to keep monitoring it during the project to ensure the initial strategy is still performing.

Once you have identified the tangible and intangible risks associated with the project you can use the four Ts of risk management, namely:

Tolerate – accepting the risk without taking any action to mitigate it. This is typically chosen when the cost of prevention outweighs the potential damage, or when the risk is considered insignificant or inevitable.

Treat – involves taking steps to reduce the likelihood of the risk occurring or reduce its impact if it does occur, for example, establishing policies and procedures, applying security controls, or investing in training and safety equipment.

Transfer – the risk is passed on to another entity, usually an insurer, however a business partner, or supplier could also take over the risk.

Terminate – calling a halt to activities that are creating the risk. This route is typically chosen when the risk is too great to accept or there are alternatives that present less risk.

Creating, implementing, and monitoring an effective risk management strategy is not easy, especially if you do not have an in-house risk manager who has the training, experience, and skills necessary to undertake such a task. One way to ensure your project’s risks are well-managed is to outsource the risk management element. The investment you make in using a professional will be well worth it if they can avert a potential disaster.

“Risk comes from not knowing what you’re doing.”
Warren Buffett

To find out more about any matters discussed in this article, please email us at info@43legal.com or phone 0121 249 2400.

The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article, please contact 43Legal.