The Curious Case of Bias in Risk Assessments

While we as compliance specialists, attorneys and risk professionals typically try to end the year with a healthy dose of holiday cheer, this merriment is often short-lived and eclipsed by a much more important year-end task: the annual compliance and risk assessment.

For those not lucky enough to be in the know, this annual process entails a detailed re-examination of an organization’s risk universe as it relates to the organization’s overall strategy and policy – and more importantly, understanding and assessing those risks to provide clear and calculated advice to the organization – on fronts encompassing compliance, legal, risk and audit concerns, amongst others.

Regardless of the approach an organization employs to conduct this largely important task – and irrespective of the countless teams of compliance professionals, lawyers, accountants and others dedicated to assessing and mitigating these risks – there lurks a silent and surreptitious assassin within each response… that variable otherwise known as “bias.”

Not only is bias an inherently difficult concept to grasp, but it exists both within the professionals conducting the risk assessment and those participating in it and providing responses.

Therefore, it’s imperative for an organization’s compliance and legal teams first, to understand cognitive bias and second, to implement strategies and best practices to mitigate any effects that bias may have on the organization’s overall risk assessment. This article explores both recommendations in kind.

What is Cognitive Bias?

Cognitive bias, plainly speaking, is a systematic error in thought that impacts all decisions an individual makes. These biases form via a collection of one’s experiences, predispositions and perceptions and are often influenced by things such as incentives, wants and fears. The concept of “cognitive bias” was first introduced by Daniel Kahneman and Amos Tversky in a September 1974 article in Science.

Kahneman and Tversky’s detailed exploration of cognitive bias revealed that there are literally hundreds of different biases that can emerge at every stage of the risk assessment process, producing skewed and unreliable results that directly impact decision-making.  Accordingly, it is incumbent on the risk and compliance professional to not only understand and identify these biases, but to put proper techniques and strategies into practice to help mitigate or eliminate them.

How can risk, legal and compliance professionals mitigate inherent cognitive bias?

While it is nearly impossible to eliminate or dramatically reduce inherent cognitive bias, our collective years of practice have allowed us to analyze and implement certain methods that have proven effective in limiting and reducing the impact of those biases. These techniques include:

1. Balancing out the Sample Selection

When selecting a group to survey or interview, ensure that your sample selection contains individuals with balanced perspectives and varied incentives to avoid sample bias. For example, if you are surveying front-line leaders to understand risk concerns, you might seek to expand the survey to operations, finance and those other back-office functions that support these leaders so as to obtain a full and balanced view of the overall risk assessment.

Similarly, it is often helpful to obtain both internal and external perspectives (e.g., consultants, industry experts, equity analysts) when considering the full risk landscape. Having a broader group of opinions combined with both an internal and external risk assessment can better help you identify the incentives, goals and biases that might exist with each population and offset these biases through more focused sample selection.

2. Using Data to Combat Key Biases

Quantifying risks using objective, verifiable measures can also help minimize biases. Two biases that most often come to mind are “availability bias,” in which people tend to place more weight on things that come readily to mind than is actually the case, and “anchoring bias,” which entails relying too heavily on one trait or piece of data verses others. Understanding these objective biases from the start can help risk professionals better quantify the impact of such biases.

3. Reconciling Reactionary Thinking with Analytical Reasoning

Kahneman also introduced the concept of System 1 and System 2 thinking in his 2011 book, “Thinking, Fast and Slow.” System 1 thinking is essentially our “gut reaction” or fast, unconscious reaction to a situation – let’s say “reactionary thinking.” We ask a question, get a response and make our conclusion as a quick reaction to that response.

System 2 is a slower, more calculated way that we think and respond to stimuli – let’s call it “analytical reasoning.” As risk, legal and compliance professionals, we too are subject to bias and reactionary thinking, and therefore, allowing risk assessment data and conclusions to be analyzed by a larger group can sometimes help correct for any reactionary bias that might have been introduced by the professionals conducting the risk assessment. Sometimes more cooks in the kitchen may be appropriate to ensure results are properly analyzed.

4. Save the Senior Leaders for Last

Groupthink (aka bandwagon bias) is surely not a new concept – it occurs when the desire for consensus in a group discussion restricts the creativity, alternate perspectives or questioning of data and issues necessary to make an informed decision. This occurs frequently during risk calibration sessions and throughout the risk assessment process. We found reserving opinions and thoughts from the senior leaders in the room until the end of the meeting a strong weapon to combat the otherwise blind agreement that often permeates after the view of a senior leader is expressed. If you can get away with it, you may also consider excluding senior leaders from these sessions altogether, depending on the situation.

Clearly, the most important method to mitigate bias is first to recognize the fact that biases exist and then to implement established and proven strategies to neutralize them. Using these best practices will ensure a more objective compliance risk analysis and improve risk-informed decision-making across your organization.