Ask senior executives to assess the risk in a business matter and many will turn first to their lawyers for guidance. They’ll seek a legal opinion on topics ranging from employment decisions, to work practices, to product development, to financial transactions to manufacturing processes.
In our litigious society where legal costs and damages can be crippling, this makes sense. Skilled lawyers can quickly identify legal hazards and readily find cases where bad outcomes occurred or were prevented. They will also identify strategies for minimizing risk and lay out defenses which can be constructed to limit exposure.
But my advice to organizational leaders is to rely on their legal experts with caution and in the proper context. It’s dangerous to focus only on legal risk and potential limits on exposure alone, or to give them overarching precedence in looking at business issues.
As I pointed out in my recent post, Values Trump Laws for Risk Management, business risk is much broader than legal risk.
In today’s world, organizations that limit their risk analysis to legal exposure or, more likely, give it too much weight, may put their reputations and viability at greater risk in the process. Legal risk is one of many starting points, not the end point for risk management. This is true for people issues as well as manufacturing and other business practices.
Most recently, we’ve read that BP’s legal liability for the blowout on the Deepwater Horizon was limited to $ 75 million. My guess is that this figure, as a legal risk parameter, must have influenced the company’s decision makers far more than it should have in terms of how much they chose to spend on safety, back-up systems and plans to deal with spills should they arise. $75 million is a massive sum. Yet, if that dollar amount had been the true measure of risk, it would have been a minor hazard to the company in contrast with the hundreds of millions and perhaps billions it stood to reap if its well brought in a major strike.
BP recently pledged to set aside $20 billion to cover claims. With the well still spewing oil and the unfolding harm being done to individuals, the environment, businesses, and animal and plant life, these costs will continue to soar. BP’s reputation has been shattered. If the company survives, its name will be associated with this catastrophe for a generation. Think of WorldCom, Enron, and Madoff – in the public’s eye, BP will join, if not rise to the top of this infamous list.
To a lesser and far less catastrophic extent, the same type of decision making can be found in employment matters. In terms of preventing employment discrimination and harassment, many employers now try to fashion legal defenses relying on the famous Farragher and Kolstad cases.
They write policies, document training, and set up complaint systems. In fact, these are exactly the measures that compliance requirements are designed to address. If they are sued, they can often successfully argue that damages and claims can be mitigated or extinguished by their cataloguing the actions they have taken. But underneath the surface, they ‘ve failed to address daily conduct that can be toxic, corrosive and lead to disaster in terms of a willingness to raise issues, suggest areas of business risk or disagree with popular but risky decisions.
There’s a clear difference between organizations that focus on limiting liability if claims are filed and those organizations that are truly dedicated to addressing and preventing problems before they give rise to later cases.
Organizations that actually try to address and prevent problems must have senior-level commitment backed up by their own actions and communications. They must make genuine efforts to adapt their cultures to organizational values and a serious, unflinching commitment to listen to issues raised before they erupt into charges and lawsuits. All of this includes an ongoing routine embedded in daily events, rather than a series of steps that are tracked on a spreadsheet or documented for use as trial exhibits.
From what I have seen, organizations committing to addressing the underlying issues (rather than merely focused on successfully defending potential claims) recognize that their true risk is not an infrequent lawsuit but rather in the business harm that unaddressed discrimination and harassment can exact. Their preventive approach enables them to successfully defend claims, but more importantly, avoid having to defend them in the first place.
In this same week, I saw copies of the generic oil spill recovery plans prepared by BP and other major oil companies. These recovery plans included the same language and many had the same absurd provisions. Most notably, BP’s plans addressed measures to protect walruses that, as a commentator noted, have likely not been in the Gulf of Mexico for more than 3 million years.
My guess is that someone prepared this document to prove to someone else that a plan existed. We have something: Here’s Exhibit A. The problem is that some day it will be Exhibit A for plaintiffs or a government inquiry, not for BP. This is a symbol for legal risk analysis and rote compliance efforts gone awry.
It’s way past time for organizational leaders to ask themselves: Are we taking steps to address true risk? Are we addressing issues that signal the potential for real harm? Or are we taking minimal steps to satisfy what we see as a narrow defense standard that, ironically, will give us nothing other than a false sense of security and may actually help lead us into “blowout” catastrophes in our organizations and workplaces?