Why ignoring risk is the riskiest move of all

Unthinkable. It happened at 11:48 p.m. in a private hospital in Kampala. The lights were still on, but the hospital’s heartbeat, the patchwork of digital and manual systems holding it together, flatlined.

The pharmacy system froze. The laboratory printer jammed mid-test. The mobile money integration for patient payments collapsed. Even the old desktop server that held patient histories blinked into darkness. Nurses in the ICU reached for files that weren’t there. The paper charts had long been replaced with a “digital records upgrade” that now lay hostage to a system crash.

In the theatre, a surgeon barked: “Get me the blood group!” But the lab technicians stood helpless; the results were trapped in the system. An intern sprinted down the corridor, searching for handwritten notes. A nurse fumbled through a drawer with loose papers, praying for a clue.

Relatives pressed against the glass windows, panicked, whispering, “What if someone dies?” One mother clutched her rosary, eyes fixed on the ICU where her child lay on a ventilator. The machines still beeped, but no one could pull up the latest dosage records.

What began as a “minor systems maintenance” had spiraled into a night of terror.

By morning, the CEO arrived, sweating, shaken, summoned by a flurry of midnight calls from doctors and the board chair. His first question was blunt: “How did this happen?”

The bitter truth is that it hadn’t “just happened.” For months, the IT officer had raised red flags. The hospital was running on outdated software, free antivirus, and a third-party backup service that had never been tested. Internal audit had flagged the risks, filing memos no one read. Leadership, eager to look modern with a “digital hospital” brand, had gambled that prevention was too costly.

They were wrong. By the time the systems limped back seven hours later, two scheduled surgeries had been postponed. One patient’s transfer to the ICU had been delayed because payment could not be confirmed. The pharmacy issued wrong doses due to a lack of updated stock records. Trust shattered. Word spread across WhatsApp groups: “Don’t go there, they nearly killed people last night.”

The financial cost ran into hundreds of millions. But the reputational damage was unquantifiable. In Uganda, where hospitals live or die by word of mouth, this was lethal. Families spoke of negligence. Journalists sniffed for a story. Regulators circled like vultures.

It wasn’t just a system crash but a mirror held up to leadership blindness, choosing optimism over action, brand over backbone. And in those seven hours, lives dangled on the edge because someone thought silence was cheaper than prevention.

The illusion of safety

Leaders often mistake silence for safety. Because no disaster is visible today, they assume tomorrow will be the same. But risk is like termites in timber. It eats silently, invisibly, until one day the entire roof caves in during a storm.

Think about it. How many Ugandan companies waited until fraud broke headlines before they strengthened controls? How many universities ignored student unrest until a protest burned down offices? How many hospitals shrugged off weak fire systems until lives were lost?

Ignoring risk is not risk avoidance. It is deferred suicide.

The psychology of ignoring risk

Why do smart executives act dumb when it comes to risk? Three reasons stand out:

1. Optimism bias – “We have never had a major fraud before, so why should it start now?” That is the reasoning of a chicken celebrating Christmas Eve because the farmer hasn’t slaughtered it yet.
2. Short-termism – Many executives are rewarded for quick wins, not for preventing invisible disasters. Why spend UGX 200 million on cybersecurity when you can buy new cars for management and show “progress”?
3. Fear of bad news – Some boards treat risk officers like prophets of doom. Raise too many alarms, and you’re branded “negative.” So auditors soften language, executives sugarcoat reports, and directors sleep through board packs. Until the wake-up call arrives at 2 am.

The hidden cost of ignored risk

The cost of ignoring risk is never obvious on day one. It accumulates quietly.

1. Banks that ignore credit concentration wake up to billions locked in real estate loans when the sector crashes.
2. NGOs that ignore whistleblower reports discover 30% of project funds siphoned off by “ghost beneficiaries.”
3. Manufacturers that ignore machinery maintenance see production halt when a single bearing breaks.
4. Government agencies that ignore data security pay ransom in Bitcoin to hackers hiding in Moscow or Nairobi.

Risk is a tax collector. It never forgets, never forgives, and always charges compound interest.

A case in point

I’ll share three anonymized cases from my investigations with Summit Consulting Ltd:

1. Case of the vanishing payroll – In 2023, a government parastatal ignored audit flags about payroll irregularities. “We’ll deal with it next quarter,” said the HR director. By the time Summit was called in, over UGX 4.8 billion had been siphoned into mobile money wallets linked to ghost employees. The red flags were visible for two years. They were simply ignored.
2. Case of the locked warehouse – A local FMCG company ignored repeated risk reports about inventory mismatches. One weekend, staff arrived to find the warehouse padlocked, not by management, but by suppliers owed millions. Goods worth UGX 2.3 billion were trapped inside. That “minor reconciliation issue” turned into a company-wide crisis.
3. Case of the paralyzed hospital – A private hospital ignored cybersecurity warnings, assuming “hackers only target big banks.” In June 2024, ransomware locked patient records. Doctors could not access lab results or prescriptions for 48 hours. Two patients died. Losses? Beyond money, reputation, trust, and human lives.

Each case shows the same pattern: warnings existed, but leaders chose inaction.

Why ignoring risk is leadership failure

The board’s role is not to cheer quarterly profits but to protect long-term survival. Ignoring risk is leadership malpractice. It signals three weaknesses:

1. Poor governance – When boards don’t challenge management, blind spots become black holes.
2. Weak culture – Organizations that punish whistleblowers and auditors cultivate silence, not vigilance.
3. Complacency – Success breeds arrogance. Many leaders believe, “We’re too established to collapse.” Just ask Nakumatt or Crane Bank.

Risk is not a visitor. It is a tenant.

Many leaders treat risk like an occasional guest, only entertained during annual audits or board retreats. But risk is a permanent tenant. It pays no rent. It eats your food. And if you don’t monitor it daily, it will set the house on fire.

That’s why Summit Consulting preaches a simple gospel: build systems where risk is managed in real time, not as an afterthought. Cyber dashboards that show live threats. Fraud analytics that flag anomalies before they become losses. Risk appetite frameworks that set boundaries, executives cannot ignore.

Red flags that leaders ignore

Auditors and investigators see patterns. The same signals repeat:

1. Staff living lifestyles far beyond their pay grade.
2. Reconciliations are delayed “until next quarter.”
3. Projects completed, but no independent verification of impact.
4. Transactions just below approval thresholds.
5. IT systems with expired licenses and no patches.

Each of these is a silent siren. Ignore them, and you invite disaster.

How to stop ignoring risk

So, what must a winning leader do? Three steps are non-negotiable:

1. Create a culture of risk dialogue – Risk should not be a scary word. Encourage staff to report, question, and escalate without fear. Silence is costlier than bad news.
2. Invest in predictive tools – Fraud analytics, cybersecurity monitoring, risk dashboards. Don’t wait for the fire; install smoke detectors.
3. Hold leaders accountable – Tie executive bonuses not only to profits but also to risk management performance. A CEO who grows revenue by ignoring risk is a reckless gambler, not a leader.

The Summit Consulting approach

When Summit is called into a crisis, our first question is never “what happened?” but “what was ignored?” Because disasters are rarely surprises, they are usually the result of years of neglect.

We map money flows, trace transactions, and reconstruct digital footprints. We interrogate systems, challenge assumptions, and strip away optimism bias. And when we present findings, boards always realize: the disaster was predictable. The warnings were there. They just chose not to listen.

In the end, ignoring risk carries the heaviest price tag. Losses in Uganda range from hundreds of millions in fraud to billions in regulatory fines and reputational collapse. But the ultimate cost is credibility. Once trust is gone, customers flee, donors withdraw, regulators pounce, and investors retreat.

The hospital that suffered an outage overnight? They eventually admitted to losses in failed transactions and reputational damage they may never quantify. All because executives filed warnings instead of acting on them.

Ignorance is not a strategy

Ignoring risk is not a neutral choice. It is the most dangerous choice of all. It turns leaders into gamblers, boards into spectators, and organizations into ticking time bombs.

The riskiest move you can make is to believe that because nothing has gone wrong yet, nothing will. That is not a strategy. That is suicide.

The leaders who will survive the next decade are not the most aggressive or the most optimistic. They are the most risk-aware. The question is, are you one of them?

Copyright IFIS 2025. All rights reserved.