What is authorization risk?
Authorization risk is a big problem for companies. It occurs when employees do something they’re not allowed to do, which can get the company in trouble.
See, companies have rules, and employees need to follow them. But sometimes, an employee doesn’t. They might sign a contract for the company without permission or promise the company will do something it shouldn’t do.
When this happens, it’s called “authorization risk.” The risk is that the company will have to do what the employee said, even if the bosses don’t want to, even if it costs the company a ton of money.
It’s a type of operational risk.
Authorization risk is one kind of “operational risk.” Operational risk means any risk that happens inside the company. It’s not about outside stuff like the economy or competitors. It’s about the company’s people messing up.
Other types of operational risk include fraud, cybersecurity problems, and employee lawsuits. Authorization risk is in the same family as those. They’re all problems that start inside the company.
Why authorization risk is a big deal
Authorization risk can hurt a company. It can cause the company to lose a lot of money. And the company might not have a choice. It’s stuck with what the employee did.
The company is on the hook legally.
When an employee makes an unauthorized deal, it’s usually legally binding. The company has to do what they say, even if the bosses don’t like it. The other side can sue if the company tries to back out.
The law says companies are responsible for their employees, especially when an employee seems to have authority. The company picked that person, so it’s liable.
It can cost companies millions.
Unauthorized deals can be costly for companies. Imagine an employee signing a huge contract to buy stuff the company doesn’t need or promising a client the company will do a project for way too cheap.
The costs can be in the millions or even billions for big companies. It all depends on how much the employee promised without permission. Every dollar the company loses is a dollar off its profits.
It makes the company look bad.
Authorization risk is also bad for a company’s reputation. It makes the company seem sloppy and out of control. Like the bosses don’t have a handle on things.
This can scare off investors and customers. They might not trust the company anymore, and they don’t want to get burned by an unauthorized deal.
The company comes off as really stupid and unprofessional. Even if it’s just one rogue employee, it makes everyone look bad, and other companies might not want to work with them anymore.
How companies try to prevent authorization risk
Companies really don’t want authorization risk, which keeps bosses up at night, so they try hard to prevent it.
Having clear policies and approval levels
The first thing companies do is make their rules crystal clear. They spell out exactly how much authority each employee has and what kind of deals they can and can’t make.
They set up exceptional approval levels. So, an entry-level employee can’t sign a million-dollar contract; it has to go up the chain to someone with more power.
The policies are written down so everyone can see them, and the company makes sure all employees read them so nobody has an excuse later.
Tracking and monitoring employee actions
Companies also watch what their employees are doing, especially employees who could cause a lot of damage, like the ones working with clients or vendors.
They keep an eye on significant transactions. They check that employees aren’t exceeding their limits or promising anything fishy.
This takes a lot of time and people, but companies think it’s worth it. They want to catch unauthorized deals before they happen.
Training employees on the risks
Innovative companies also train their employees well. They don’t just hand over a rulebook. They make sure people understand why unauthorized deals are bad.
They talk about how much these screw-ups could cost the company—not just money but reputation, too. They want employees to really understand what’s at stake.
Role-playing helps. For example, they might have employees practice saying no to a client who wants a special deal or quiz them on what contracts they can sign.
The idea is to drill it into employees’ heads. So they think twice before committing the company to something.
What to do if authorization risk happens
Even with all these protections, authorization risk still happens sometimes, and companies need to react quickly when it does.
Investigate how it happened.
The first step is to investigate what happened. The company needs to know exactly what deal the employee made and why they thought they could get away with it.
Did they not know the policies? Did they misunderstand their authority? Or did they go rogue on purpose?
The company has to dig in. They might need to do interviews and check emails. It’s like CSI: Corporate Edition.
Try to undo the damage.
Once the company understands what happened, it goes into damage control mode. Job one is to see if it can undo the unauthorized deal.
Can they talk the other side into canceling the contract? Or maybe change it to be less harmful?
Sometimes they can, sometimes they can’t. It depends on how ticked off the other side is. And how much the contract favors them.
If fixing the deal is a no-go, the company looks for other ways to offset the loss. Maybe they can make cuts elsewhere—anything to stop the bleeding.
Punish the employee and tighten policies.
The employee who made the unauthorized deal is usually in big trouble. Depending on how bad their screw-up was, they might get fired or even sued.
The company wants to send a message. It won’t tolerate employees going rogue and costing it money. The punishment is a warning to everyone else.
The company will also probably update its policies, tighten things up even more, and add extra layers of approvals or monitoring.
They want to ensure this specific thing can never happen again—at least not the same way.