No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Cognitive Governance: The First Pillar of a Cognitive Risk Framework

An Alternative Approach to Cybersecurity and Enterprise Risk Management

by James Bone
July 30, 2019
in Featured, Risk
pillars in retro Instagram style

Cognitive governance is a radical departure from traditional risk management. James Bone explains the benefits and how the former complements the latter.

After the 2008 reckoning of the Great Recession and a 60 percent decline in market value, I became redundant and soon began to question the failings of risk management as a discipline and my own skills as a risk professional. If adversity is the mother of invention, my journey to “learn” risk management really began after almost 30 years of leadership positions in financial services.

What I have learned after more than 10 years of research suggests that risk management is on the verge of a deep renewal and advancement. I examined how physicists, engineers, actuaries, medical professionals, research scientists and Nobel laureates solve complex problems and found novel ways of thinking about risks and the tools needed to mitigate them. I also learned that there is no “silver bullet” or “one size fits all” solution that can be generically applied to manage risks. This was less of a surprise given economic and business failures that recur repeatedly, but the unanswered question remained: Is there a common thread leading to failure?

The most surprising and commonly cited failure by all risk disciplines is human behavior and error! Human behavior is cited as the greatest vulnerability in cybersecurity, but it is also the leading cause of fraud, operational and organizational failure. In contrast, traditional risk frameworks are designed to ensure the effectiveness of financial and operational controls in alignment with organizational strategy. The difference between the two is a focus on design around the human element. A cognitive risk framework does not compete with traditional risk frameworks; it complements the foundational work already in place.

Atul Gawande called these failures in performance ineptness, while psychologists Daniel Kahneman and Amos Tversky describe them as heuristics in concert with Herbert Simon, who captured the scope of the problem in bounded rationality.[1][2][3] Each of these observations provide insight into how to help mitigate our own limitations, yet there is resistance to adapt even as the costs of these failures grow larger. The fallacy of homo economicus applies to risk management in equal measure, but the question remained: What to do?[4]

“I can calculate the movement of stars, but not the madness of men.” ― Isaac Newton

The transition from 19th-century processes to digital transformation will require new frameworks, tools and – more importantly – new thinking about risk. Technology and data will drive better risk-taking, but an understanding of human error will create a multiplier effect. If technology and data are the levers to better performance, then reduction in human error is the multiplier. But the answers are harder than they appear!

Dr. Gawande said it best: “Better is possible. It does not take genius. It takes diligence. It takes moral clarity. It takes ingenuity. And above all, it takes a willingness to try.” 

A Cognitive Risk Framework was created to begin to explore the answers to these basic questions and provide a pathway for more complex risk methodologies.

What is Cognitive Governance?

Cognitive governance is a nonconventional approach to oversight by senior executives and risk professionals. Cognitive governance is comprised of five disciplines:

  • Risk Governance separates the duties of risk management and risk assessment (analysis)
  • Perceptions of Risk seeks to understand different views and perceptions of risk that hinder risk governance
  • Human Element Design addresses cognitive load, situational awareness and the human-machine interaction
  • Intelligence and Modeling focuses on business performance, efficiency, security and risks
  • Capital Structure concerns risk-adjusted returns on capital and capital exposures due to oblique legal and contractual obligations

Cognitive governance is designed to expose blind spots and inefficiencies that exist in all organizations that view risk management as separate and distinction from strategy. An over-simplified example of cognitive governance used by J.P. Morgan involved developing a machine learning algorithm, COIN (contract intelligence), to do in seconds what took 360,000 hours each year by lawyers and loan officers.[5]

On the other hand, most organizations lack resources to invest in artificial intelligence but can still benefit from a focus on cognitive governance through the process of simplification.[6][7] Simplification is a process of discovery to uncover the risks that lie hidden in complexity.

Instead of starting with an answer, like traditional risk frameworks, a cognitive risk framework is centered on asking better questions not yet answered. In order to fully explain cognitive governance, we need to break down the five principles of cognitive governance and demonstrate how the rest of the pillars are driven by and informed by its principles.

An upcoming installment will include the five principles of cognitive governance.


[1] https://en.m.wikipedia.org/wiki/Heuristic

[2] https://www.goodreads.com/author/quotes/3078.Atul_Gawande

[3] https://en.wikipedia.org/wiki/Bounded_rationality

[4] https://en.wikipedia.org/wiki/Homo_economicus

[5] https://www.bloomberg.com/news/articles/2017-02-28/jpmorgan-marshals-an-army-of-developers-to-automate-high-finance

[6] https://www.bcg.com/publications/2017/people-organization-operations-mastering-complexity-through-simplification.aspx

[7] http://www.managementsite.com/461/managing-business-complexiuty.aspx


Tags: Artificial Intelligence (AI)Enterprise Risk Management (ERM)Machine Learning
Previous Post

Cynet “Security for Management” Template Communicates Enterprise Security Readiness to Senior Management

Next Post

Sustainability Performance: A Differentiation Opportunity?

James Bone

James Bone

James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors.
James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective. James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.  

Related Posts

DALL·E 2023-02-16 13.18.43 - magritte style painting of robot looking into mirror

A Bot Isn’t Going to Take Your Place, But AI Will Make Your Job Harder

by Jennifer L. Gaskin
March 8, 2023

OpenAI’s splashy ChatGPT rollout has generated untold amounts of text, both directly and indirectly. While much of what’s been written...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

ai bias_f

Still Racist After All These Datasets: Once Bias Is Baked Into Your AI, It’s Hard to Root Out

by Nigel Cannings
November 9, 2022

Spending on artificial intelligence across all sectors is expected to more than double by 2025, but Nigel Cannings of Intelligent...

ai in hiring

Algorithms Behaving Badly: New NYC Law Tackles Bias in Hiring Technology

by Lofred Madzou
June 2, 2022

From recruitment to retention, technology has long been crucial to effective workforce management. And while companies may be flocking to...

Next Post
hand holding light bulb against nature on green leaf with icons energy sources for renewable, sustainable development

Sustainability Performance: A Differentiation Opportunity?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT