Inertia, the universal force that perpetuates the status quo, has implications far beyond the realms of physics. It profoundly influences human behavior, often steering us towards routine, familiarity, and perceived safety. These patterns of behavior permeate our daily lives, from the route we take to work to the coffee shop we patronize, to the news sources we prefer.

The problem with inertia is that it limits our opportunities. Consider:

1. You take the same route to work every day. Have you thought about alternate routes that might be faster or more efficient?
2. You order your coffee from the same shop every day. Could there be another café offering a better experience?
3. You read the same news sites daily. Are you limiting your exposure to diverse ideas and perspectives?

While such behaviors may seem harmless or even beneficial in our daily lives, when they infiltrate the strategic decision-making process in a business context, particularly concerning risk management, they can have significant implications. Especially in today's volatile and unpredictable environment, inertia can be a costly and risky affair.

These choices carry implicit costs — costs borne out of missed opportunities and restricted possibilities. Let’s use the example of a financial institution. 

3 Consequences of Not Questioning the Status Quo 

In the past, managing a financial institution was relatively straightforward. The primary concerns were interest rate risk, credit risk, and the physical security of the building. (Recent news suggests that interest rate risk isn’t nearly as straightforward as previously thought, but I digress.) That changed with the advent of the internet, cloud technology, and a surge in regulations which have exponentially increased the risks financial institutions face.

Despite these changes, many banks and credit unions continue to manage risk as they always have, using an ad-hoc approach to handle issues as they arise. They often lack a unified process from the top to identify, manage, and mitigate risks at an enterprise level, resulting in potential unforeseen risks:

1. Underestimating Risk: Many institutions are likely taking on far more risk than they realize. Without a systematic, objective risk assessment process, it's easy to underestimate the true extent of risk exposure. It's akin to running a business without a management team: without centralized oversight, there's no way to ensure everyone is working towards the same goals, inevitably leading to inefficiencies and potential crises.
2. Regulatory Violations: Many institutions have faced severe penalties for violations of anti-money laundering regulations and failing to enforce sanctions against a frequently changing list of foreign entities. In most cases, these violations weren't the result of a deliberate decision to flout the rules, but rather a failure to fully understand the magnitude of the risk and develop an effective risk management strategy.
3. Misallocation of Resources: Without a systematic approach to evaluating risk, institutions often misallocate resources. They may be expending significant resources on managing minor risks, while major risks go inadequately addressed. 

Moving Beyond Inertia 

The commonly held perception is that action equates to risk, while inertia is safe. However, this mindset needs to change. Businesses should not just ask what would happen if they changed their risk management procedures, but also what would happen if they didn’t.

Instead of assuming that a longtime business practice is the best way to move forward, they should take a step back to assess the effectiveness of the procedure as well as potential alternative. They need to think creatively about the potential risks of business as usual and decide if there are ways mitigate those risks and improve the business. 

Rather than sticking to the comfort of an “existing” model, businesses should objectively evaluate “proposed” models. 

Too many businesses wait for a problem to emerge before they do anything about it. They use an ad-hoc model that addresses risks as they emerge instead of enterprise risk management (ERM), a top-down approach that measures, monitors, and mitigates risk across the entire enterprise. As a result, they are missing an opportunity to identify and mitigate risks before they become a problem. They are also missing out on potential competitive advantages by not looking for ways to evolve their business, including by embracing ERM software to help automate the process.

Inertia is a potent force, but its comfort and familiarity often cloak hidden risks. It's time to question why your business makes its risk management decisions the way it does. If the answer is “we’ve always done it that way,” it might be time to reassess. The status quo, despite its allure, may indeed be riskier than you think.

Michael Berman is the founder and CEO of Ncontracts and the author of The Upside of Risk: Turning Complex Burdens into Strategic Advantages for Financial Institutions.

By Adam Torkildson

Keywords: Business Strategy