Alex Sidorenko shares four valuable lessons about integrating risk management principles and methodologies into the day-to-day decision making. He shares some practical suggestions on how to overcome cognitive biases when managing risks and make risk-based thinking part of the overall corporate culture of the organisation.
If there is one thing I learned in my previous role as Head of Risk of a multibillion-dollar sovereign investment fund, risk management is not about managing risks. It’s about helping management make strategic, operational and investment decisions with the risks in mind.
It sounds simple enough, but it’s anything but. Here are some of the lessons I had to learn the hard way:
A. Thinking about risks is not natural
A common misconception in risk management community is that management thinks about risks anyway. Not true. Naturally, managers do consider some of the more obvious risks and there are exceptional cases where risk analysis is already integrated into the decision making. For the other 95% of the companies, existing processes and management tools barely account for the inflation and ignore or purposefully hide significant risks. If there is anything scientists have taught us is that humans behave very differently when making decisions under uncertainty. Daniel Kahneman and Vernon Smith won a Noble prize in Economic Sciences back in 2002 “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty”. Their and others scientist’s, like Amos Tversky, studies showed that most people when faced with a lot of uncertainty fall into what they called cognitive biases. A cognitive bias refers to the systematic pattern of deviation from norm or rationality in judgment, whereby inferences about other people and situations may be drawn in an illogical fashion.
Risk managers simply cannot afford to continue to ignore the effect cognitive biases have on the decision making and the quality of risk analysis. Here are some of the practical suggestions I implemented to overcome them:
- Create a number of different risk assessment methodologies designed for different types of decisions being made by the management. I, for example, had five different risk methodologies for different investment decisions and separate methodologies for strategic planning and budgeting. Then provide decision makers with tailored risk identification checklists for each type of decision to help managers overcome some of the cognitive biases.
- Provide training and awareness sessions dedicated to risk perception, risk psychology and cognitive biases.
- Always, always, always validate the information used in the risk analysis if it was received from management. This means validating the information either externally or with other independent internal experts (for example internal audit, finance or legal).
- Integrate risk analysis into existing business processes, so it is not perceived by management as a stand-alone activity. This is actually ridiculously hard and I have a whole article on integrating into strategic planning: https://riskacademy.wordpress.com/2017/03/16/4-steps-to-integrate-risk-management-into-strategic-planning/
- Use quantitative risk analysis tools to reduce the subjectivity and the need to rely on management opinions or input.
Read more in the free book: https://www.risk-academy.ru/en/download/risk-management-book/