Too much risk management kills innovation

Risk Management is good, so the more risk management, the better, right?


The key to effective risk management is to use it intelligently, with the understanding that risk is inherent in everything we do. There can be no opportunity without risk. We have all experienced how ridiculous and frustrating it can be when faced with too much risk management.

This example might sound familiar to some:

A not so long time ago, in a an organization not too far away, a manager needed to make a day trip from Victoria to Vancouver to meet with his client’s board of directors. The corporation was paying all travel costs – about $300 for the day. The manager, however, couldn’t schedule the meeting until the proper approval was obtained, so he dutifully drafted an email to his Director providing the required information and requesting the necessary authority.

  • The Director reviewed, approved, and forwarded it to the Executive Director.
  • The Executive Director reviewed, approved, and forwarded it to the Vice President.
  • The Vice President reviewed, approved, and, not a word of a lie, forwarded it to the CEO!
  • The CEO reviewed the request, approved it, and started the process again, this time in reverse.

The unidentified manager remembers thinking at the time, “Wow, surely the CEO has better things to do with his time than approve minor travel expense claims for little ol’ me…”

Apparently not.

What was the cost of this level of control, in an effort to reduce potential employee fraud? On the surface, just the time and effort required of multiple talented and hard-working managers and executives.

But that’s not the whole story. Morale suffered, as employees felt powerless. (How must that VP feel, denied the authority to approve a $300 minor travel expense?) Productivity suffered as people assumed meeting clients was more trouble than it was worth. Most importantly, innovation and motivation suffered. If no one in the organization can make a decision about going to a meeting without the CEO’s approval, how could they possibly make a recommendation about whether a client should make a multi-billion dollar development decision?

At Enlightened Business Risk Solutions, we realize that risk management, like most things, is good in moderation, and we have the experience and perspective to help you put appropriate, affordable risk controls in place to help you achieve your Mission, Goals and Objectives.

Want to know more? I’d love to hear from you. If you have questions, comments or want to geek out about risk management, contact me:
[email protected]

4 Replies to “Too much risk management kills innovation”

  1. This isn’t risk management killing innovation – this is a failure to identify a relevant risk appetite. It’s the controls put into place to manage the risk which are “over the top”. If we captured the cost of controls and weigh that against the benefit, then innovation might be encouraged, not killed.

    1. Hi Robyn. Thanks for your comment. I’ll begin by admitting the title of the blog post was purposefully overly-dramatic.
      I agree and disagree. First, I agree that it’s not “risk management” per se killing innovation here, but as you point out (and I explain in the post) it’s the excessive controls. Sometimes less is more, particularly when fewer controls communicates trust, encourages innovation, and models healthy risk culture from the top-down. However, I think the risk appetite in this example can be identified as unhealthily low or “risk averse”. The CEO clearly articulated his risk appetite when he set the policy, so that’s not the issue from my perspective. Thanks again for taking the time to contribute!


  2. I would say this is a classic case of micro-management. The top has to be involved in every action of the middle and bottom. This does not just stifle innovation and morale, it also stifles efficiency. I came from the military, where risk aversion is at an all time high. Leaders were afraid to let the “middle management” make the decisions, because they were afraid of failure, or worse yet being shown up, so they were involved in every piece of the process.

    1. Hi Jeremy,
      I can’t agree more about this being a classic case of micro-management. That the policy was put in place as a risk control for inappropriate spending does a disservice to our profession as risk managers. When the risks were pointed out to executive, the comments fell on deaf ears, so it’s not really an example of “Too much risk management”, as one of poor policy, that was killing innovation.

      I too have a military background, having spent 23 years as a Canadian Infantry Officer, so I can relate to some of your concern about risk aversion there. However, for every example of a micro-manager, I have one of an exceptional, trusting leader who motivated and led by example, with courage, loyalty and integrity flowing both ways.

      Thanks for your contribution, and for your service.


Leave a Reply

Your email address will not be published.