Cognitive bias and risk management
By Michele Wucker
Risk management starts with identifying and estimating the probability and impact of a given threat. We can then decide whether a risk falls within our tolerance limits and how to react to reduce the risk or at least our exposure to it. Time and again, however, individuals and organizations stumble during this process—for example, failing to respond to obvious but neglected high-impact “grey rhino” risks while scrambling to identify “black swan” events that, by definition, are not predictable.
New technologies and advances in data science have improved our ability to identify trends, assess risks and generate early warnings. But if business and policy decision-makers are to take full advantage of these new tools, we need a firmer handle on the reasons why people are more likely to react to some risks and ignore others. This behavioural element is crucial to managing risks effectively—to both recognizing the risks that confront us and then translating that knowledge into effective action.
Adjusting for bias in our risk assessments
Our brains play tricks that make some risks appear to be more or less likely than they are in reality. Being aware of the blinders that make it harder to recognize obvious risks allows leaders to counteract them, helping to prevent crises or at least mitigate the damage caused.
In deliberative situations such as a meeting of a corporate board or a legislative body, anchoring and confirmation biases can distort perceptions by assigning more weight to information and views presented early on. Leaders can offset these distortions by changing their processes to ensure that there are diverse voices around the table and by encouraging structured debate and constructive dissent. In other words, they can make it easier to consider a range of points of view that ultimately strengthens the choices they make.
One of the most pervasive cognitive blinders is the availability bias, which leads decision-makers to rely on examples and evidence that come immediately to mind. This draws people’s attention to emotionally salient events ahead of objectively more likely and impactful events.
Hyperbolic discounting leads some decision-makers to prioritize short-term goals that end up hurting long-term value. Examples include putting off crucial investments or kicking the can down the road on tough but necessary budget decisions in companies or governments. Structures such as short-term quarterly earnings cycles or relatively short political terms create perverse incentives that magnify the hyperbolic discounting bias.
When members of a decision-making group are too homogeneous it can hamper their ability to recognize and react appropriately to risk. Among other things, too little diversity can heighten confirmation bias and make it more difficult for individuals to speak out about risks for fear of disrupting consensus. Cultural factors can also play a role. One approach for any organization that needs more robust inputs is for leaders to solicit opinions ahead of meetings, or to anonymize key inputs required during meetings—for example, by asking people to put their ideas on slips of paper and then considering them all in a group.
From box-ticking to reflective action
Organizations often act decisively to counter risk only once a major breach, such as a safety catastrophe or hacking event, forces them to. Part of this is because humans discount the likelihood of worst-case scenarios happening, which can blind us to obvious dangers.
Too often boards and C-suites approach risk analysis as a standalone activity to be ticked off a list, but then fall short on mitigating the risks that their analysis has identified. Think of an employee derailing cybersecurity plans by inadvertently clicking on a phishing email because not enough was done to spread risk awareness from the C-suite to the wider organization. To prevent this kind of breach, risk management needs to come out of its silo and become as much an organic part of operations as budgeting and project management. Organizations must do better in educating teams on risk awareness. But they also need to make sure their cultures encourage employees to feel that they can speak out and be taken seriously enough for problems to be dealt with.
Global risks require action across multiple organizations, which means that often one of the risk-management challenges at this level is the absence of the same kind of levers and hierarchies that facilitate decision-making and implementation within single organizations. Steeper obstacles to collective action heighten the challenge of getting varied stakeholders and networks to coordinate in responding to global risks.
There are encouraging developments on this front. All kinds of actors are already thinking in new ways about who can do what to solve global problems. After the US federal government pulled out of the Paris Agreement on climate change, for example, more than 2,300 businesses, cities, states and other non-federal actors pledged to honour a commitment to cut emissions. Organizations such as the World Economic Forum bring together global public- and private-sector actors to share ideas and catalyse action. The creation in some countries of new types of corporations, which include social and environmental impact in their bottom-line calculations, is re-shaping the role of businesses in confronting global risks head-on.
From signals to action
Organizations across the private and public sectors need to take a fresh look at how and why individuals and groups assess and act on risks in the way they do. We cannot ignore the cognitive and behavioural factors in risk management if we are to avoid both black swans and grey rhinos. Individuals and organizations must work to overcome biases, make better decisions, create warning-signal systems and act cohesively when red flags are raised.
Increasingly rich data resources give us better tools to anticipate problems and to track our progress in dealing with them. But decision-makers need to work hard to help to ensure that all of this information leads to effective action. That means developing better listening strategies, like those of CEOs who actively canvass the views of millennials as important intelligence on market trends and the future policy environment that businesses will face. It also means developing ways of encouraging and rewarding decision-makers who take difficult, long-term decisions. Finally, it means better tracking of outcomes and metrics to hold businesses and governments accountable for their promises.
Michele Wucker is the author of The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore and a 2009 Young Global Leader of the World Economic Forum.