CEO syndrome threatens effectiveness of ERM

Risk managers must be alive to the effects of cognitive bias on enterprise risk management (ERM) programmes and take steps to mitigate this problem, according to the latest webinar from Riskonnect.

ERM is “fertile ground” for cognitive bias because it relies upon the judgement of experts and decision makers, according to Rob Quail, consultant and former director of ERM at Canadian energy firm Hydro One. During the webinar, Quail identified several types of cognitive bias that can influence risk management.

For example, people naturally resort to unconscious or automatic thinking, simplifying complex questions rather than using a deliberate, conscious controlled mental process. There is also a tendency for ERM to be influenced by recent events or personal experiences, and therefore give certain risks greater weight than they may deserve. And people often make mental shortcuts and try to make scenarios fit a narrative, which is a problem in risk management where you want to explore situations that may be without precedent, Quail explained.

A key bias for risk managers to consider is an aversion to giving bad news, also known as CEO syndrome. Successful CEOs with large personalities will have confidence in their own judgement and will set the tone for a meeting, but in a risk assessment they need to forget they are the “smartest person in the room” and acknowledge that others can help by sharing their wisdom and insight.

“Even worse, we tend to dislike the person that delivers bad news… If you are a mid-level executive in an organisation, and you deliver bad news to the boss, it means they will like you less than they did before. This is especially a challenge, as in essence the core of what we try to do as risk managers is encourage conversation on ways we might fail… Courtesy bias and CEO syndrome are a big deal in terms of building an effective risk culture,” said Quail.

Meanwhile, status quo bias creates a preference for the current state of affairs. “Similar to confirmation bias, it reduces the provocative value of ERM, during risk assessments and especially during conversations about priority or adequacy of actions taken. People can fall into the trap of justifying past decisions. You as the risk manager will be adding zero value as there will be no change, and no learning,” said Quail.

Social bias will see people gravitate towards those that look, think and act like them. There are so many implications for ERM from this bias that it is impossible to list them all, according to Quail.

“The value of any organisation is ultimately defined by stakeholders. They may be investors, customers or employees, and if you can’t take their diverse perspectives into account when evaluating uncertainties and impacts on strategy, you can’t really make the best decisions. You’ll find it easier to reach a consensus, but your answers will much more likely be wrong… Healthy opposition needs to be part of the process of decision making,” he said.

Confirmation bias is another “huge threat” to ERM, warned Quail. The human brain is “hardwired” to a positive strategy, and will seek to prove a hypothesis correct. It looks for information that confirms our beliefs, ignoring contradictory information, while more readily remembering supporting facts, explained Quail.

“Early iterations of risk assessment with a new client will be like a virtual orgy of confirmation bias. Decision makers will automatically assume they understand the business, and what they are doing to manage it is the right thing. They will tend to look for ways to confirm they know the risks and they are already managing them OK. This means the subsequent conversation on how to improve operations is of no value,” he said.

To overcome bias in ERM, Quail recommends risk managers create a “safe space” in which people can speak up and discuss risk with senior management. Coaching the boss before sessions and repeated exposure to such workshops will help with this process. He also advises risk managers to “slowdown thinking”, introduce diverse groups and use complex tools for complex problems.

“Run workshops. If you are not running workshops then you are not doing ERM. You need to run workshops. That’s where you get all the stuff on the table, and where you can inject things like scenarios, and detailed criteria and facilitative processes, and slow down thinking into the decision-making processes of the organisation until it becomes muscle memory,” said Quail.

Risk workshops mean that the risk manager does not have to deliver “bad news” to the boss. The risk manager can become the “saviour” rather than the “messenger”, according to Quail. “You are just providing the process. These are not my risks, these are your risks. This is not my perspective on the risks, it is yours. And that’s way healthier – for a mid-level executive to have those kinds of conversations with their boss rather than a third party,” he said.

Back to top button