As the leader, identifying the trigger for reviewing risk in your organization is a critical part of scaling responsibly. To illustrate my point, I’ll share a story from almost 40 years ago when I was working for a small, no-name rental car company. I was in college, and one of my jobs was driving around looking for our cars. Cars, we couldn’t get renters to return to the branch. Why was I doing this, I was scouting for our cars so somebody from the office could go and “grab” the car. Yep, back then, branches handled their own repossessions. When you found the car, you might let the air out of the tires and send a tow truck or sometimes you had an employee with you and the extra keys. This is an excellent example of how what works at a small size does not work at scale!

Here’s a structured outline you can use to determine when to review risk at your organization:

• Recognize Growth-Driven Triggers

  • Expansion of Scale: As your operations, assets, and employee base grow, so does your exposure to liability. What worked with 10 employees and a few assets becomes a risk at 1,000 employees and millions in assets.

    • Trigger: Moving from local to regional or national operations.

  • Change in Organizational Role or Identity: Your core competency evolves. What was once a necessary side-operation (like repossessing cars) becomes a distraction or liability.

    • Trigger: Drifting from your core business (i.e. rental company doing repo work).

• Monitor for Operational Red Flags

  •  Increased Incident Reports or Near-Misses: Heroism, boundary-pushing behavior, or improvisation in the field is often a sign that your operational policies are lagging behind.

    • Trigger: Employees bypassing process to “get the job done.”

  • Rising Insurance Claims or Legal Costs: These often follow growth in scale or employee count if policy isn’t updated.

    • Trigger: A spike in costs not tied to increased revenue.

• Evaluate External Signals

  • Regulatory Changes or Scrutiny: New laws, lawsuits in the industry, or government attention should prompt reassessment.

    • Trigger: Industry peer hit with lawsuit for same activity.

  • Third-party Risk Increases: Exposure through vendors, contractors, or even outsourced functions that grow in complexity or scale.

    • Trigger: Moving from single-use vendors to ongoing, strategic third-party relationships.

• Assess Cultural Drift

  • Increased Individual Risk-taking: When employees feel empowered to take shortcuts or “do whatever it takes,” it often reflects a gap in policy or training.

    • Trigger: Stories of “going above and beyond” that carry hidden risk.

• Strategic Planning Milestones

  • Annual Planning or Major Shifts: Each annual cycle should include a review of risk based on where the company is now, not where it was.

    • Trigger: New business line, merger, or major tech implementation.

The key takeaway, what works at a small size becomes a liability at scale. Risk reviews must evolve as:

• Your scale increases

• Your operations shift

• Your culture matures

• Your exposure broadens

The trigger is often found at the intersection of success and informality — when something is still being done “like the old days” in a much larger, more complex organization.

If this resonates with you, visit RKCMANAGEMENTCONSULTING.COM for ideas and methods to guide your organization away from growth related CHAOS and toward steady, reliable progress.