In the ever-changing landscape of risk management, honesty is a cornerstone principle that guides management in their pursuit to preserve and protect the value of their organisations. However, as we delve deeper into the complexities of risk management, we find that there exists a delicate balance between unabridged honesty and the pragmatic use of “limited honesty.” 

Consider a scenario where the risk manager of a service organisation uncovers a vulnerability in cybersecurity infrastructure. The vulnerability is significant and could potentially lead to a major data privacy breach. In this case, complete honesty would entail immediately disclosing the issue to stakeholders, including clients and shareholders. However, this level of honesty could lead to undue panic, damage the service organisation’s reputation, and may trigger a significant drop in stock prices. Limited honesty, on the other hand, would involve a more measured approach. The risk manager might choose to address the vulnerability internally first, working with the selected IT team to mitigate the uncovered risk, all the while carefully assessing the potential impact. They might then disclose the situation to a limited group of stakeholders in a controlled manner, minimising panic, and other negative consequences.  

Another example is in respect of compliance with rules and regulations. Imagine a manufacturing company that discovers it has been unintentionally violating environmental regulations for some time. The manufacturing company has been exceeding emission limits, but the violations have not been detected by regulatory authorities yet. With complete honesty, the risk manager could choose to immediately report the violations to the relevant environmental agencies, fully disclosing the extent of non-compliance and notifying the public, including customers and shareholders, about the violations, acknowledging the manufacturing company’s wrongdoing and the potential environmental harm caused. For limited honesty, the risk manager might first conduct a thorough internal investigation to determine the scope and severity of the violations. This could involve collaborating closely with experts in environmental law and compliance. Once they have a clear understanding of the situation, they may take immediate steps to rectify the violations, investing in sustainable technology or processes to reduce emissions. The risk manager might then approach the regulatory authorities privately, disclosing the violations but also presenting a detailed plan for rectification and prevention. When it comes to informing the public, the manufacturing company may choose to do so in a more controlled and managed manner, such as by issuing a carefully crafted statement that acknowledges the past non-compliance, highlighting the initiatives already taken to address the matter, and reassuring customers and shareholders of its commitment to environmental responsibility. 

If you were the risk manager in the above scenarios, what would you choose or do otherwise?  

A successful risk culture should be built upon a foundation of honesty while recognising the practical need for limited honesty in certain situations. Here are some considerations for balancing honesty and limited honesty:  

Transparent reporting 

First and foremost, encourage open and transparent reporting of risks within the organisation. Employees should feel safe by raising concerns without fear of retribution. This can help set the expectation that honest communication is the norm, especially when addressing issues.  

Risk assessment protocols 

Develop clear protocols for assessing the severity and potential impact of the risks identified. This will help in defining the thresholds or trigger points that indicate when limited honesty might be appropriate. For example, limited honesty is suitable for low to medium risks, while high risks demand full transparency, hence, in cases where actions and disclosures are legally and ethically required, complete honesty is non-negotiable.  

Communication strategy 

Establish a communication strategy that outlines how and when risks will be communicated to stakeholders. For example, by starting with the necessary limited information and progressively providing more as the situation is resolved to prevent panic or unwarranted damage. The strategy and plan should always be guided by ethical considerations and the potential consequences of communication.  

Training and learning 

Invest in continuing training and education for employees and risk managers to ensure they understand the nuances of honesty and limited honesty in risk management. Review past situations where limited honesty was employed and analyse the outcomes. Use those experiences to make improved and more informed decisions in future cases. Of course, the approach to balancing honesty and limited honesty in risk management should be customised to the organisation’s specific characteristics and objectives.  

Size and industry 

Smaller organisations may benefit from a more straightforward and honest approach to risk management, while larger, publicly listed companies might require a more nuanced approach to protect their stakeholders’ interests.  

Corporate culture 

The prevailing culture within an organisation can significantly influence its approach to risk management. An organisation with a culture of transparency may lean towards unabridged honesty, while others may prioritise limited honesty for strategic reasons. 

Regulatory environment 

Organisations operating in highly regulated industries, such as banks, may have little wiggle room but prioritize full disclosure to comply with legal and central bank requirements. 

Unabridged honesty is a fundamental principle, but the concept of limited honesty underscores the complexity of managing risks effectively. While limited honesty can serve as a valuable tool in protecting an organisation from unwarranted harm in certain situations, the risk of its misuse cannot be ignored. When employed as the default response to wrongdoings, shortcomings, or failures of an organisation, it may erode trust and undermine integrity. The key lies in the judicious application of limited honesty, always guided by the genuine commitment to learning and growth while preserving trust and integrity. Striking the right balance between unabridged honesty and limited honesty is an ongoing challenge, but it is essential for organisations committed to both their long-term success and preservation.  


As published in The Manila Times, dated 25 October 2023