4 Culprits of Complacency

By Lowers & Associates,

4 Culprits of Complacency

“Complacency is the last hurdle standing between any team and its potential greatness.”

Pat Riley, former NBA Coach and Player

You’ve done the important legwork to protect your business against undue risk. You’ve conducted a threat assessment, reviewed security measures, fortified your IT infrastructure, put controls into place, built a business continuity plan, and trained your people. So now what?

Though you’ve taken great measures to prevent and/or mitigate losses, if people fail to consistently follow through with the day-in day-out responsibilities required to keep risks in check, it is all in jeopardy.

Complacency – that sense of quiet pleasure or security, usually accompanied by a lack of awareness of potential dangers or deficiencies – is the enemy of excellence and can be the single largest threat to any business.

Complacency can lead to massive failure. Consider the now infamous example of the Deepwater Horizon explosion which killed 11 people, injured another 126, and caused an oil spill that took three months to get under control. The catastrophe was “the result of poor risk management, last-minute changes to plans, failure to observe and respond to critical indicators, inadequate well control response, and insufficient emergency bridge response training,” according to a federal report. In a nutshell, complacency.

Once complacency takes root in an organization, it’s hard to change course. In this blog, we’ll explore four common causes of complacency and show you how to steer clear of them.

1. Foregoing a “Moment of Insight”

Insights, or those “eureka moments,” abound in our personal lives, in society, and in the workplace. We experience a sudden understanding of something that was previously unknown or incomprehensible. The answer to a puzzle abruptly becomes obvious. A series of seemingly unrelated incidents suddenly reveals a clear pattern.

In the context of risk mitigation these “aha moments” happen all the time. Businesses connect the dots between the events happening around them (e.g., wide area disasters, data hacking incidents) and make the adjustments they need to make in their own operations to stay protected (e.g., creation of disaster recovery plans, beefed up cybersecurity).

So why, then, do some people fail to act despite a clear moment of insight? It often comes down to a lack of leadership or sense of urgency. Often, they are focused on what’s in front of them – the objectives, processes, and budgets before them – rather than presenting a compelling vision for the company. This is especially true during times of change, the thinking being, “The crisis isn’t imminent, and we already have so much on our plates.”

Brent Gleeson, the author of TakingPoint, says, “Most organizations that continue to succeed and innovate have a culture poised for positive change and taking a risk. They don’t wait for the ship to spring a leak. They proactively and constantly set aggressive goals. They sometimes even intentionally develop a sense of urgency.”

2. Maintaining a Sense of Overconfidence

Another reason why organizations stay in a state of complacency is due to an excessive sense of self-confidence, which can express itself in different ways.

Sometimes overconfidence stems from a false sense of security or well-being. “We’ve never had anything bad happen before, and the probability is so small that we can let our guards down.”

Whether it’s a statistical calculation, the illusion of preparedness, or outright arrogance, people operating with this mindset are inviting problems.

Someone leaves the door propped open while they run an errand, crisis communication plans become outdated, or passwords aren’t decommissioned when an employee leaves the company. Teams might even take their cue from management and begin letting practices and policies slide.

3. Having a False Sense of Reality

It’s human nature to be lulled into complacency, especially if you’ve lived the same basic existence in the same company for years on end. You come to believe you’ve lived pretty much every scenario and can reliably predict the outcome of most situations. When we believe we know the answers, our creativity and ability to proactively plan for potential threats become stagnant.

The key in these situations is key to have a learning mindset, to be curious, ask questions and think more deeply. Jeffrey Simmons, President and CEO of Elanco, says it’s helpful to “find people who make you feel uncomfortable, who help you learn a new skill or broaden your perspective.”

4. The Tendency to Make Excuses

Similar to having a false sense of reality, complacency thrives with people and in environments where excuses are made and accepted. Some of the common excuses that lead to inaction, for example are, the failure to conduct quarterly safety trainings, the absence of consistent background checks, or the failure to conduct due diligence with a new business partner.

  • The likelihood of a disruptive event (e.g., tornado, data breach, active shooter, embezzlement) happening is so low it’s not worth our time to protect against it.
  • We’ve done business with this company for a dozen years, so we don’t need to investigate them as a part of this merger.
  • We’ve been very successful so far, so we must be doing something right.
  • Our team has very little turnover, so even if something were to occur, most of us were trained at one time on what to do in the event of an emergency or major incident.
  • We’re already doing all we can to protect our business from risk, we don’t have the bandwidth to do more.

How to Avoid Complacency

The military has a mantra that “complacency kills.” In fact, signs with this message are often posted at their bases and outposts. They know that complacency in combat may mean the difference between life and death.

In the business world, companies that fail to continuously evolve face obsolescence, at worst, and significant financial or reputational loss, at best.

Here are seven strategies recommended by American Express for warding off business complacency:

  1. Be clear on your long-term vision (no more than two years out) and your short-term goals needed to make that vision a reality.
  2. Have a specific plan for each day.
  3. Give yourself specific time each week—no more than one hour—to think strategically and evaluate where you are and if you are heading in the right direction.
  4. Challenge your team to think.
  5. Encourage and reward innovation.
  6. Create a formal process to learn from mistakes.
  7. Invest time and money to improve your skills and knowledge.

Lowers & Associates works with a wide range of industries, helping organizations with a full range of solutions, from assessments to loss mitigation to recovery. Contact us for a consultation to understand what unknown threats you might be facing and how to address them, so that you don’t become a victim of the four culprits of complacency.

4 Ways Healthcare Security is Changing with the Times

By Lowers & Associates,

No doubt, times are changing. The U.S. is in the midst of a historic presidential transition. Economic pressures and complexities continue to squeeze the purse strings of many businesses and workers. Technology evolves more quickly than we can adopt and adapt. Communication continues to speed up and diverge in myriad directions. Volatility and violence in our social fabric continues to create tension, leaving us on the edge of our seats curious about what is going to help.

One solution that is relevant across all aspects of our life today is security. Promoting ways to feel safe and secure helps everyone relax into whatever actions are needed to continue to move us in a productive direction. This applies to us as individuals, in our homes, in our businesses, cities, airports, and other dimensions of daily life. Security is an important element to promote productivity.
… Continue reading

  Category: Healthcare Security
  Comments: Comments Off on 4 Ways Healthcare Security is Changing with the Times

Human Capital Risk Series: The Employer’s Role in Negligent Hiring and Retention

By Lowers & Associates,

negligent hiring and retention

Demonstrated due diligence is your first line of defense against negligent hiring and retention lawsuits. Sometimes this is easier said than done, especially if you are trying to fill positions for which there is a lack of talent.

Be aware that dialing down the due diligence in making a hiring decision can backfire with exorbitant cost. In one case, a jury awarded $7 million to the family of a truck driver who was killed in an accident caused by a second truck driver. The second driver, who was hired without a background check, had been on the job only 19 days when the accident happened. The plaintiff was able to show that a background check would have revealed that the second driver had had his license revoked twice for driving infractions.

In another more recent case, a hospital in Denver was sued for negligent hiring in a class action suit because it had hired a surgical technician with a record of having been fired from four previous positions, and who also had a Navy court martial for the theft of the powerful synthetic opioid, fentanyl. After being caught again stealing a syringe of fentanyl, the defendant tested positive for a blood-borne disease, making him an infection risk to the 2,900 surgical patients the hospital had during his tenure. Plaintiffs counsel argued that the terminations and court martial were easily discovered with a background check. All 2,900 patients are part of the class action lawsuit.

… Continue reading

Top 10 Risk Management Articles from 2014

By Lowers & Associates,

risk management articles

We’re pleased to kick off the new year by sharing our most-read blog posts from the Risk Management Blog in 2014.

1. Protecting Against Ghost Employee Fraud

Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.

Read full post >

2. Key Components of a Fraud Risk Prevention Policy

In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.

Read full post > … Continue reading

Summarizing the OCC Risk Management Framework for Banks

By Mark Lowers,

The on-going regulatory response to the 2008 financial crisis includes the Office of the Comptroller of the Currency (OCC) Risk Management Guidance on third-party relationships, issued in October 2013. The bulletin states that the OCC expects a bank to practice effective risk management regardless of whether the bank performs the activity internally or through a third party.

“A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws.”

In a recent speech before the Risk Management Association, Thomas J. Curry, Comptroller of the Currency, emphasized the importance of managing the risks “associated with bank systems and processes” even above credit risk. He noted banks’ “increasing reliance on third parties” and the systemic risks they impose. … Continue reading