In Munteme village, there once stood a granary. Built with strong poles, plastered with mud, and roofed with banana leaves, the elders declared it unshakable. “This granary will protect our harvest,” they said with confidence.
But one night, rats quietly chewed through the mud. On another day, a nephew stole maize to sell at the trading center. The structure remained intact. The controls, the poles, the mud, and the roof were still in place. Yet the food was gone.
This is the story of many organizations today. We design robust systems, we craft policies, and we install firewalls, set up dual approvals, enforce segregation of duties, and document everything with audit trails.
Then we lean back, assured: “We are safe. We have controls. But are we really?
When Controls Become Illusions
- A bank might implement a maker-checker system. But if the maker and checker collude, the control collapses instantly.
- A company can advertise a whistleblowing hotline. But if staff fear retaliation, the phone will never ring.
- A hospital may establish strict procurement procedures. But if the culture rewards shortcuts, the documents only gather dust.
The uncomfortable truth is this: controls don’t prevent risk, but people do.
The Human Side of Risk
Every corporate collapse you can name, Enron, FTX, Wirecard, had manuals stacked with controls. What failed was not the design but the human factor: greed, fear, collusion, silence.
Risk is not mechanical.
- It lives in culture.
- It grows in incentives.
- It hides in silence.
That is why boards must stop asking, “What controls do we have?” and instead ask, “What behaviours are we rewarding?”
Because the moment people stop believing in your controls, those controls become nothing more than scaffolding on quicksand.
The Board’s Real Task
If resilience is the goal, then:
- Leadership must shape culture, not just sign off on manuals.
- Incentives must reward integrity, not shortcuts.
- Communication must invite courage, not fear.
The greatest firewall against fraud, cybercrime, or governance failure is not a piece of software or a policy document. It is a workforce and leadership team that believes in doing the right thing even when no one is watching.
So here’s the real question for every leader and director:
In your workplace, what control looks solid on paper but you know can be bypassed in minutes?
I remain, Mr. Strategy
