How Being Human Affects our Assessment, Evaluation, and Response to Risks
Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.
I have been reading with great interest a piece by Lloyd’s, Behavior: Bear, Bull or Lemming (shared by David Hancock).
It talks about how we are shaped, both as individuals and as members of groups, in our perception of risk — including how we respond and, therefore, make decisions.
I recommend downloading, or even better, printing and reading the entire document carefully. Don’t be put off by the way in which it seems to talk to underwriters: it works for and applies to us all. It has value for:
- Board members, who need to understand how the personalities and experience at both board and executive levels will shape strategy and risk decisions.
- Executive management in their understanding of their own and their team’s biases and other factors that may influence how they evaluate and treat risks.
- Risk practitioners in their shepherding of an effective risk management program.
- Internal audit and other assurance providers, who assess risk management — and who may need to change their approach in light of these findings (such as thinking carefully about how they phrase every question).
I have selected a few sections that I found insightful.
- “Behavioural theory tells us there are many unintended filters which distort the way we think about risk. [All] professionals will benefit by being aware of these biases, leading to clearer thinking and a better management of risk.”
- “The presentation of risk or “framing” leads to biases which are powerful, even amongst technical experts. Risk descriptions phrased in positive language lead to an underestimation of risk. Perception of risk is often not economically rational; and those managing risks should be aware of this.”
- “When managing risk, the culture within a firm is critical. Studies of disasters often indicate that the problem was not with the processes, but that they were ignored or over-ruled. Attitudes within an organisation such as risk ethics in meetings, internal communications and behavior of senior managers are critical to setting the tone.”
- “We tend to downplay risks if we can’t think of examples of them, and how risks that look the same superficially are often treated the same. We also tend to anchor our assumptions on last years’ value or on what our initial guess suggested — often in the face of new and compelling evidence.”
- “‘Normalisation’ processes typically lead people to accept higher levels of risk for an established and long-run process with which they have become familiar. On the other, ‘sensitivity’ processes tend to heighten perception of risk in relation to a new and rapidly developing activity or issue.”
- “There is considerable evidence that most people tend to perceive lower risk from activities that give them some benefit (reward, pleasure, privilege) irrespective of the availability of evidence on levels of risk.”
- “Experts are more likely to define risks as less significant than lay groups and likely to be more accurate in their perceptions of risks.”
Please share your thoughts on reading this. What resonates, and what do you disagree with?
Posted on Feb 15, 2012 by Norman Marks
Share This Article: