Lessons in Enterprise Risk Management Failure from Boeing
Boeing announced fresh delays to its 737 MAX jet deliveries in July 2025. They discovered improperly drilled holes in fuselage parts. These parts were supplied by Spirit AeroSystems. For many observers, it seemed like another technical setback. But for those who follow risk and governance closely, it was something deeper, another case of enterprise risk management failure. The repeated quality issues, supplier missteps, and delivery delays are signs of risk controls breaking down across the business.
What Is Enterprise Risk Management?
Enterprise Risk Management, or ERM, is the process of identifying risks. It involves assessing and preparing for risks that could disrupt a company’s ability to meet its goals. This includes risks related to finance, operations, strategy, legal obligations, technology, reputation, and more.
Unlike traditional risk management, which often sits in one department, ERM is meant to cut across the whole business. The goal is to help leadership see how a risk in one area can affect others. Leaders need to take action before the damage spreads.
Boeing’s misaligned rivets might seem like a small error. But they caused major delays, strained airline relationships, hurt investor confidence, and raised questions about Boeing’s long-term quality control. That is enterprise risk management failure in action.
Boeing’s Deeper Problem
This is not the first time Boeing has faced this type of issue. Since the original 737 MAX crisis in 2018, the company has dealt with repeated production delays. It has also faced safety reviews and supplier problems. Each time, the risks have looked similar: missed quality checks, poor coordination with partners, and slow responses to red flags.
These are not isolated events. They reflect a deeper weakness in how risks are identified, tracked, and managed across the company. A strong ERM program would have flagged Spirit AeroSystems as a key dependency and required tighter checks and data sharing. Instead, Boeing continues to react after the damage is done.
Risk Is Increasing Faster Than Companies Can Handle
Boeing is not alone. A 2024 report by AICPA and CIMA found that 66% of executives believe risks are becoming more complex. But only 32% said their ERM programs are well-developed. In other words, most companies know they are vulnerable, but few have the systems in place to deal with it.
Another 2025 survey by Baker Tilly showed that fewer than half of companies fully integrate ERM into their business strategy. Fewer than 10% use AI or automation to detect emerging risks. That leaves a lot of room for preventable enterprise risk management failure.
What Companies Can Learn
Boeing’s experience offers some important lessons for other organizations:
1. Treat supply chain risk as internal.
Problems with vendors are not outside problems. If your business relies on a supplier, you are responsible for their quality and performance. That means tracking their risks just as closely as your own.
2. Make risk everyone’s job.
ERM only works if people across departments know what to look for and feel responsible for raising concerns. Risk culture matters more than risk paperwork.
3. Use data to catch problems early.
Tools like AI and real-time dashboards can help spot quality issues, delivery delays, or unusual supplier behavior before they escalate. Risk is not static, and your monitoring should not be either.
4. Connect risk to reputation.
One technical problem might be forgivable. A series of them is not. Reputational damage builds over time. Companies need to be aware of how risk incidents affect public perception. They also need to consider partnerships and investor trust.
5. Embed risk into strategy.
ERM should not be a quarterly report. It should shape the decisions you make about hiring, expansion, investment, and technology. Companies that treat ERM as a core function are more resilient and better prepared for the unexpected.
Not Just a Manufacturing Problem
While Boeing’s story is based in manufacturing, the lessons apply across industries. A hospital may face a ransomware attack. A bank could miss fraud red flags. A retailer might have a controversial supply chain. All these scenarios involve similar kinds of enterprise risk.
The difference is how early they detect it and how effectively they respond. Companies that wait until the damage is visible have already lost valuable time and trust.
The Bottom Line
When fuselage holes are drilled wrong, planes don’t fly. That is obvious. What is less obvious, but just as dangerous, is the chain reaction that follows. This includes missed revenue, angry customers, bad headlines, and long-term damage to your reputation.
Enterprise risk management failure is not about avoiding all problems. That is impossible. It is about building systems that help you see risks early, respond quickly, and recover smarter. Boeing’s example is a reminder. The real cost of risk is not in the first mistake. It lies in what happens when it goes unchecked.
For companies that want to stay in control, ERM is not a checkbox. It is a mindset, and one they cannot afford to ignore.
