Why ‘Sensible’ Decisions Quietly Create Bigger Risks

The simple process we use to uncover hidden risks before they escalate

Mark Scales

Minimalist illustration of a small visible problem casting a large shadow, symbolising hidden risk.

We were sitting in a Board Risk Committee meeting talking about staff turnover.

A couple of key roles had recently left. Not unusual. But performance against budget wasn’t where it needed to be, so the Executive team was looking at options.

One of those options was simple: don’t replace the role.

On paper, it made sense.

You remove a $120K–$150K salary. You improve your budget position. You buy some breathing room.

No one in the room was being reckless. It was a sensible, commercially rational discussion.

But there was tension sitting underneath it.

Because at the same time, everyone knew this wasn’t just a financial decision. It was an operational one too. Less capacity. More pressure on the remaining team. Things potentially slipping.

So the conversation sat there, slightly unresolved. Financial risk on one side. Operational risk on the other.

After the meeting, I spent some time talking it through with the CEO.

That’s where it got interesting.

What started to come out

We stepped back and looked at it properly. Not just the decision, but the context around it.

Three questions:

  1. What actually caused the turnover?
  2. What controls did we think were in place, and were they really working?
  3. If we don’t replace the role, what new risks are we creating?

Pretty standard risk questions.

But the answers weren’t standard.

The CEO started talking about the Board.

Their view was that, over time, the Board had drifted into operational decision-making. Not in a dramatic way. Not intentionally. But enough that it was starting to affect how the business was being run.

That pressure, in their view, had contributed to the turnover.

Then they said something else.

They didn’t think the Board realised they were contributing to the problem.

And they hadn’t told them.

The part no one had said out loud

From the Board’s perspective, they were doing what Boards do. Asking questions. Getting closer to the detail. Trying to support.

From the CEO’s perspective, it felt different. It felt like interference. Like a lack of trust.

At the same time, they were worried about how they were being perceived.

Were the Directors starting to think the CEO was losing control?

Did they think the CEO didn’t know what they were doing?

So the proposed solution was:

  • Take on more.
  • Absorb more of the operational load.
  • Try to stay across everything.

Which brings us back to the original decision.

Don’t replace the role.

On a spreadsheet, that improves your budget.

In reality, it pushes more work onto a CEO who’s already stretched.

And that’s where the risk actually was.

The moment it clicked

We started with a staffing issue.

We ended up in a governance problem.

The risks we were discussing in the meeting turnover, budget pressure, resourcing weren’t the full picture anymore.

Because layered underneath it was something more important:

  • A breakdown in communication between Board and CEO
  • A shift in roles and boundaries
  • A CEO whose effectiveness was starting to erode

None of that was in the risk register.

But all of it mattered more than the original issue.

Most risk decisions aren’t wrong. They’re incomplete.

That’s the pattern I keep seeing.

Organisations look at:

  • The incident
  • The cost
  • The immediate response

And they make a decision that makes sense in isolation.

But they don’t follow what happens next.

In this case:

  • Save a salary → improve short-term financial position
  • Don’t replace the role → reduce operational capacity
  • CEO picks up the gap → less focus on strategic priorities
  • Effectiveness drops → Board confidence starts to shift
  • Board leans in further → reinforces the original problem

None of those steps are unreasonable on their own.

Together, they create a completely different risk.

Controls don’t fail all at once

Another thing that came out of that conversation, the controls everyone thought were in place weren’t as strong as they looked.

On paper, governance was working:

  • Clear Board and Executive roles
  • Regular reporting
  • Structured meetings

But in practice, those controls had drifted.

The Board had become more operational.

The CEO had become more reactive.

The feedback loop between them had weakened.

That’s how most control failures happen.

Not with a bang. With a slow shift that no one calls out.

The uncomfortable bit: say the thing

The most important part of this whole situation wasn’t the staffing decision.

It was the conversation that hadn’t happened.

The CEO hadn’t told the Board:

“You’re getting too operational, and it’s affecting how the business runs.”

And to be fair, that’s not an easy thing to say.

But governance doesn’t work without it.

It’s a two-way system:

  • Boards need to be open to hearing when they’re overreaching
  • CEOs need to be willing to say it when it happens

If that environment isn’t there, then your risk culture needs to change.

What to do differently

When something goes wrong turnover, a budget issue, an incident don’t stop at the obvious response.

Push it a bit further.

Ask:

  • What actually caused the risk to occur?
  • Were the controls as effective as we thought?
  • If we take this action, what pressure does it create elsewhere?
  • Who or what ends up carrying that pressure?
  • How does that impact effectiveness?

That last one matters more than most people realise.

Leadership capacity is a key risk variable. When it gets stretched, things can fail quickly.

What to do next

If you find yourself in a situation like this, don’t rush to fix the original problem.

That’s usually where things go wrong.

Instead, step back and work through it properly.

Start with the event itself, in this case, staff turnover. But don’t stop there. Ask what actually changed in the system to allow that to happen. Was it workload, leadership pressure, unclear roles, something coming from the Board?

Then look at your controls. Not what’s written down, what’s actually happening.

Are roles and responsibilities still being respected?

Is the Board staying at the right level?

Is the Executive team able to operate effectively?

If the answer is “mostly” or “it depends,” that’s your signal that something has drifted.

From there, pressure test the decision you’re about to make.

If we don’t replace this role:

  • Who picks up the work?
  • What do they stop doing as a result?
  • What decisions get delayed or made with less attention?
  • What does that do to leadership effectiveness over the next 3–6 months?

This is where most organisations stop too early. They validate the cost saving, but not the consequence.

And finally, have the conversation that’s sitting underneath it all.

If there’s tension between Board and CEO, it needs to be surfaced. Not in a confrontational way, but in a clear, direct one.

“I think we’ve drifted a bit into operations.”
“I’m finding it harder to stay focused on the bigger picture.”

Those conversations are uncomfortable. But they’re also where most governance risks get resolved.

A simple way to work through it

If you want a practical way to approach this, the process looks like this:

  1. Reconstruct what actually happened — event, cause, contributing factors
  2. Re-test your controls — what’s working vs what’s assumed to be working
  3. Map the second-order impacts — who carries the load if you act (or don’t)
  4. Identify the hidden risks — leadership capacity, governance tension, decision quality
  5. Address the underlying issue directly — not just the symptom

It’s not complicated. But it does require you to look beyond the obvious answer.

Where StartRisk fits

This is exactly where most risk tools fall down.

They capture the initial risk turnover, budget pressure, resourcing but they don’t help you see how that risk evolves once decisions start getting made.

StartRisk was built to do that. But the platform is only part of it.

When we work with organisations facing situations like this, we don’t just set up a risk register and walk away. We sit in those conversations. We help Boards and Executives work through the governance dynamics that sit underneath the obvious problem. We facilitate the discussions that need to happen the ones about roles, boundaries, and expectations in a way that’s direct but constructive.

That might look like:

  • A Board workshop to reset the operating rhythm between governance and management
  • Supporting the CEO to frame risk conversations in a way the Board can act on
  • Building a risk framework that captures these system-level risks, not just the line items

The platform makes the ongoing management simple. But the real value is in getting the thinking right first.

If you’re dealing with a situation like this, reach out.
A conversation is usually the best place to start.

Book now

More articles