Risk management competencies can significantly improve decision making in any profession. The bad news is that these competencies do not come to us naturally. They have to be developed. Even if you do not operate in a high risk, uncertain environment one should consider the extensive research, into what is referred to by scientists as heuristics and biases, cognitive psychology and psychometric paradigm, collectively called risk perception.
The History of Risk Perception
The study of risk perception originated from the fact that experts and lay people often disagreed about the riskiness of various technologies and natural hazards.
The mid 1960s experienced the rapid rise of nuclear technologies and the promise for clean and safe energy. However, public perception shifted against this new technology. Fears of both longitudinal dangers to the environment and immediate disasters creating radioactive wastelands turned the public against this new technology. The scientific and governmental communities asked why public perception was against the use of nuclear energy in spite of the fact that all the scientific experts were declaring how safe it really was. The problem, as perceived by the experts, was a difference between scientific facts and an exaggerated public perception of the dangers (Douglas, 1985).
Researchers tried to understand how people process information and make decisions under uncertainty. Early findings indicated that people use cognitive heuristics in sorting and simplifying information which leads to biases in comprehension. Later findings identified numerous factors responsible for influencing individual perceptions of risk, which included dread, newness, stigma, and other factors (Tversky & Karneman, 1974).
Research also detected that risk perceptions are influenced by the emotional state of the perceiver (Bodenhausen, 1993). According to valence theory, positive emotions lead to optimistic risk perceptions whereas negative emotions incite a more pessimistic view of risk (Lerner, 2000).
The earliest psychometric research was performed by psychologists Daniel Kahneman (who later won a Nobel Prize in economics with Vernon Smith “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty”) (Kahneman, 2003) and Amos Tversky. They performed a series of gambling experiments to understand how people evaluated probabilities. Their major finding was that people use a number of heuristics to evaluate information.
These heuristics are usually useful shortcuts for thinking, but may lead to inaccurate judgments in complex business situations of high uncertainty – in which case they become cognitive biases.
Cognitive biases are just the beginning
Beside the cognitive biases inherent in how people think and behave under uncertainty, there are more pragmatic factors that influence the way we make decisions, including poor motivation and remuneration structures, conflict of interest, ethics, corruption, poor compliance regimes, lack of internal controls and so on. All of this makes any type of significant decision-making based on purely expert opinions and perceptions, highly subjective and unreliable.
Risk management can provide clarity and assurance to decision makers anywhere within the organization, not just the risk management team
Risk management provides a set of tools to help management see risks, understand their significance to each decision and determine the best course of action with these risks in mind. Risk management may seem simple enough in theory, yet many employees not part of the risk team still do not have the necessary skills and competencies to apply it successfully in practice.
The following are some practical ideas to bring risk management competencies to life, regardless of where you are in the organization (based on the free risk management book “Guide to effective risk management”):
Risk management competences should become an important attribute when hiring new personnel
HR teams should include risk management requirements in all relevant position descriptions when hiring new personnel for the organization. The level of detail will of course depend on the risks associated with each role. Any finance, accounting or investment individual should possess a basic understanding of risk.
Risk-based decision-making in induction training for new employees
New hires come from a variety of educational and experience backgrounds and most importantly, each new employee has their own perception of what is an acceptable risk. It is important for risk managers to cooperate with the HR team or any other business unit responsible for training, to jointly carry out training on the basics of risk-based decision-making for all new employees.
Risk awareness sessions for senior management and the Board
Executives and board members play a vital role in driving the risk management agenda. Nowadays many executives and board members have a basic understanding of risk management. Auditors, risk management professional associations and regulators have been quite influential in shaping the board’s perception of risk management. It is important that risk management training focuses less about risk assessments and more about risk-based decisions making, planning, budgeting and investment management. The paradox is that risk management training should not teach management how to manage risks, instead it should show them how to carry out their responsibilities with risks in mind.
Advanced training for “risk-champions”
Additional risk management training may be needed for the risk management team and business units responsible for internal control, audit, finance, strategy and others. In-depth risk management training should include: risk psychology and risk perception basics, integrating risk management into culture, basic knowledge of ISO 31000, risk management and decision making foundations, integration of risk management into core business processes and decisions.
Use passive learning techniques
Make risk management information available to employees, contractors and visitors. Place the Risk Management Policy on the intranet and the corporate website. Record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page. Invite guest speakers (risk managers from other companies) to speak to the Audit Committee or Risk Management Committee and give all employees the opportunity to participate. I have used this in the past and it worked very well.
Make risk management part of everyone’s responsibilities
It helps to include risk management roles and responsibilities into existing job descriptions, policies, procedures and committee charters. The common approach of capturing risk management information in a single risk management framework document does not work well.
Integrate risk management into day-to-day work
My experience shows that updating existing policies and procedures to include aspects of risk management works much better than creating separate risk procedures or methodology documents.
Risk management is a valuable tool to help employees make business decisions under uncertainty. It works equally well with strategic, investment, financial, project or operational decisions. However consistent application of risk management requires good knowledge of risk management standards, risk psychology and quantitative analysis.
A list of references is available from the editor and will be provided upon request.