What is more dangerous, a lion you see charging at you, or a snake coiled silently under your chair?
Every boardroom I enter is filled with executives boasting about the lions they’ve slain. Fraud? They have auditors. Cybersecurity? Firewalls in place. Regulatory fines? Lawyers on retainer. They beam with confidence, armed with dashboards and policies thicker than the Bible.
But confidence is not control. The greatest threat is never the lion you see; it is the snake you ignore.
Picture this: A farmer in Hoima builds a sturdy granary to protect against thieves. He hires guards, installs padlocks, and even digs trenches. The village admires his foresight. But while he obsesses over burglars, he forgets the simplest risk: termites. They chew silently, invisibly, until one morning the granary collapses. Not from theft, but from neglect of the unseen.
Boards are that farmer. They invest in the visible. They ignore the invisible. And that is why companies collapse without warning.
Blind spots in risk thrive in three toxic soils:
- Familiarity bias. The people we know best blind us most. A CEO in Kampala once told me proudly, “My finance manager is family. I don’t even need to check his work.” Months later, the same man begged me to investigate how UGX 3.4 billion disappeared. It was the family member. Loyalty blinded oversight.
- Complexity bias. Risk managers love charts. The more complex the matrix, the more it looks like work is being done. Yet complexity is camouflage. At Summit Consulting, we once reviewed a bank’s 67-page risk register. Not one mention of staff collusion. Weeks later, collusion was exactly what triggered a UGX 9 billion fraud. Complexity killed clarity.
- Success bias. Nothing blinds like profit. In 2019, a Ugandan microfinance institution celebrated “record-breaking returns.” Management declared the risk “low.” Hidden inside the numbers was a ballooning loan book filled with ghost borrowers. Staff had been creating fake clients and splitting the cash. When we investigated, the institution was already insolvent. Success had been the mask of fraud.
Case file: The cooperative that trusted too much
In late 2023, Summit Consulting was called to western Uganda to investigate a cooperative society. On paper, they looked strong: audited books, signed receipts, clear policies. Their risk register listed drought, theft, and market volatility. Not bad for a village operation.
But something didn’t add up. Despite bumper harvests, the cooperative’s bank balance was shrinking. Members whispered. Rumors spread. The board finally called in “external eyes.”
Here’s what we found:
- The treasurer used his personal SIM card for all mobile money transactions. It was convenient. Everyone trusted him.
- Payments to suppliers were inflated. An invoice for UGX 2,300,000 was changed to UGX 2,750,000 over the phone. The difference landed quietly in his wallet.
- Collections were underreported. Farmers deposited UGX 500,000, but only UGX 350,000 was recorded. The rest vanished in airtime and cash-outs.
This wasn’t a one-off theft. It was death by a thousand cuts. Over five years, nearly UGX 600 million had been siphoned. The cooperative wasn’t killed by drought. It wasn’t killed by market shocks. It was dead by termites, the blind spot of blind trust.
Here’s the irony. The more confident leaders are about their “risk maturity,” the more likely they are blind. Real risk management isn’t about cataloguing the obvious. It’s about interrogating the unthinkable.
Every time I ask a board, “What is your greatest blind spot?” silence fills the room. They’re happy listing cyber threats, regulatory fines, and fraud. But blind spots? That requires humility.
In one session, I challenged a CEO:
“If tomorrow morning, your biggest scandal hit the front page, what would it be?”
He laughed nervously. Weeks later, it happened. Not cyber fraud. Not bribery. It was a toxic culture of sexual harassment swept under the carpet. The board had armored against lions but ignored the snake under its chair.
Red flags that expose blind spots
Every fraud we’ve investigated at Summit Consulting had red flags, ignored because they didn’t roar loudly enough.
- Unusual lifestyle changes. A junior officer driving a car better than the CEO. “He just has side hustles,” management said. Fraud later confirmed.
- Over-dependence on one person. “Only Jane knows that system.” Translation: Jane controls the keys to your vault.
- Silence in meetings. If no one challenges management, it’s not harmony, it’s fear. Silence is a red flag.
- Complex reports with no exceptions. When every report says “all good,” it means your auditors are asleep or compromised.
Blind spots are never truly invisible. They are ignored whispers.
Let’s be blunt. Too many Ugandan boards are ceremonial. They meet, eat, nod, and rubber-stamp. They consume what management feeds them, no questions asked. That culture breeds blind spots.
If your board pack is 300 pages long and directors skim it in two hours, you are not governing, you are gambling. If your risk committee meets only quarterly, yet fraud happens daily, you are playing catch-up.
If your audit function is underfunded, you are paying for silence, not protection.
- Invite dissent. If everyone in your boardroom agrees, you’re blind. Appoint directors who irritate you with questions. That irritation is eyesight.
- Stress-test assumptions. Ask: What if our best employee is our biggest fraudster? What if our top supplier is overcharging us? What if our profits are fake?
- Rotate roles. Fraud thrives where one person holds power too long. Change custodians, passwords, and signatories often.
- Listen to whispers. Staff gossip is free risk intelligence. Ignore it, and you’ll pay for it in losses.
The future belongs to boards and CEOs who cultivate paranoia, not paralysis, but disciplined imagination. Leaders who can scan for what isn’t in the report. Leaders who treat silence as evidence, not absence. Leaders who know termites destroy more granaries than thieves.
Because in business, as in life, it’s rarely the lion that kills you. It’s the snake under your chair.
