Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Business Strategy Best Practice > Human Risk: How Effective Strategic Risk Management Can Identify Rogues

Business Strategy Best Practice

Human Risk: How Effective Strategic Risk Management Can Identify Rogues

by Thomas McKaig

Executive Summary

  • Corporations and high-level risk management are built around the people in organizations—and people are fallible.

  • The need to evaluate human risk is clear: Stories abound of rogue employees in large and small organizations who have destroyed their entire firm.

  • At the extreme, rogue firms, such as Enron, can destroy shareholder value and employees’ lives.

  • Building a quality-based organization helps to drive out rogues, but that’s not the only way.

  • Control measures need to be in place.

  • Legal measures, the spotlight of publicity, and backing up corporate policies with firm action are all effective tools.


Best practices in strategic risk management are intended to prevent weaknesses within corporations causing damage or even pulling down the firm. However, effective strategic risk management tools and techniques became harder to implement as business operations grow, become more complex, and operate in multiple locations. The controls that might have once been deemed acceptable in keeping employees within corporations on the same page begin to be less effective in cases of corporate restructurings that split businesses into smaller business units, and where employees are prodded into making deeper contributions to the bottom line.

Technology has not necessarily been a savior in this type of situation. Although technology has provided a platform for enhancing competitive advantage for business, it has also been a tool used by smart, capable, yet ill-intentioned employees to steal and distort overall results.

In the age of managerial cutbacks and increased workloads, a lot of things can happen that go unnoticed by overburdened managers. Interview techniques intended to keep rogues out of the workplace are—in spite of all the high-end questionnaires and intensive interview techniques that may be used—oftentimes ineffective, as potential employees are extremely savvy about modern interview techniques. Players in the job market are often familiar with the drill. Job hunters pass through many revolving interview doors, allowing them to hone their skills on how to dupe the interview process. Some interviewers may be incompetent or show poor judgment. HR departments are not foolproof, and it is only realistic to accept the fact that rogues in the workplace are here to stay. HR people will sometimes catch potential wrongdoers at the gatepost through psychological tests and other forms of due diligence involving intuition and criminal checks. But don’t count on it.

Newspapers are full of stories about accountants who pad the books and give kickbacks to friends and family. Unhappy workers can damage product on the assembly line. A fired employee can show up at the workplace intent on payback for the injustice he or she feels they have suffered (in the United States this is called “going postal”). A multinational manager away from the watchful eyes of the home office can withhold information and deliver selective reports. Expense accounts can be padded. Goods can be pilfered from warehouses.

Given the current economic and political shocks, the last thing a company needs is to find itself in the news on account of the excessive creativity of one or more of its employees. Managers must face the fact that rogues will enter their organizations. So the question becomes: What can be done about it before the damage is done?

Keep in mind that human risk is about more than employees stealing from a firm; it can include individuals making unsound business decisions because nobody told them otherwise. Mistakes can be just as bad as deliberate fraud, as the following case shows.

Case Study

An Invitation to Rogue Employees

The example of a small Costa Rican bank serves to illustrate this point. At the height of the opening of Costa Rica’s financial markets to foreign financial institutions in 1995 there was a rush to change operations practice. In the pre-free market era, Costa Rican banks could do as they pleased and were immune to punishment even when there were banking scandals and losses that were large for Costa Rica’s fragile economy during the 1980s and 1990s. Old-style banks, accustomed to getting away with providing poor customer service and having lax internal controls, found that their business environment was changing with the pending legislative changes, set to open Costa Rica’s financial markets to the world.

With poor leadership at the helm, and a lack of almost any strategic management initiative, employees were forced to take on new and undefined roles in their bank. Most of these were ill-suited to employees who were given inadequate training and guidance for their new tasks.

As part of rising to the challenge of this expected competition from foreign banks, and in light of the assumed effectiveness of recently ordered ATM machines, the bank we are considering decided that a (ill-informed) lean and mean policy of rampant firing would be an acceptable cost-saving measure. Half of the bank’s staff lost their jobs, and those who remained quickly became demoralized. The newly installed bank machines did not function properly. Friday afternoon payday waits grew to two hours from the already unacceptable 15–30 minutes.

Internal communications broke down. In place of the usual courteous conversations, vitriolic emails flew from one cubicle to the next—seeding the environment for “surprise actions” from a growing league of unhappy, overworked, and demoralized employees. With no controls in place, an inexperienced bank teller authorized a loan of $US 1 million to a long-standing customer—based solely on the fact that the teller liked the man and felt that he could be trusted with the money. For a small bank with a net worth of $37 million, this inappropriate loan decision was the start of a string of poor management decisions that led to its implosion. Throughout this process the business culture undermined any attempts to implement benchmarking studies or best-practice management solutions. The “generous” employee was not fired and kept his duties with a severe reprimand. The future of the bank was sealed, and eventually it went down.

Back to Table of contents

Further reading


  • Crosby, Philip B. Completeness: Quality for the 21st Century. New York: Dutton, 1992.
  • Feigenbaum, Armand V. Total Quality Control. 4th ed. New York: McGraw-Hill, 2004.
  • Gryna, Frank, M. Quality Planning & Analysis: From Product Development Through Use. 4th ed. New York: McGraw-Hill, 2000.
  • Hill, Charles W. L., and Thomas McKaig. Global Business Today. 2nd Canadian ed. Whitby, ON: McGraw-Hill Ryerson, 2009.
  • Juran, J. M., and Frank M. Gryna (eds). Juran’s Quality Control Handbook. 4th ed. New York: McGraw-Hill, 1988.
  • Mintzberg, Henry. Managers Not MBAs: A Hard Look at the Soft Practice of Managing and Management Development. San Francisco, CA: Berrett-Koehler Publishers, 2004.



Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share