Saturday, January 16, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

The Curious Case of Bias in Risk Assessments

Tips & Techniques to Mitigate Cognitive Bias

by Christopher Magno, Terrance McCue and Michael G. Gordon
December 3, 2019
in Featured, Risk
"bias" on green post-it note on pink background

Christopher Magno, Terrance McCue and Michael Gordon discuss the pervasive yet elusive concept of bias, offering guidance on how to spot common biases and useful tips on mitigating their effects on your risk assessments.

While we as compliance specialists, attorneys and risk professionals typically try to end the year with a healthy dose of holiday cheer, this merriment is often short-lived and eclipsed by a much more important year-end task: the annual compliance and risk assessment.

For those not lucky enough to be in the know, this annual process entails a detailed re-examination of an organization’s risk universe as it relates to the organization’s overall strategy and policy – and more importantly, understanding and assessing those risks to provide clear and calculated advice to the organization – on fronts encompassing compliance, legal, risk and audit concerns, amongst others.

Regardless of the approach an organization employs to conduct this largely important task – and irrespective of the countless teams of compliance professionals, lawyers, accountants and others dedicated to assessing and mitigating these risks – there lurks a silent and surreptitious assassin within each response… that variable otherwise known as “bias.”

Not only is bias an inherently difficult concept to grasp, but it exists both within the professionals conducting the risk assessment and those participating in it and providing responses.

Therefore, it’s imperative for an organization’s compliance and legal teams first, to understand cognitive bias and second, to implement strategies and best practices to mitigate any effects that bias may have on the organization’s overall risk assessment. This article explores both recommendations in kind.

What is Cognitive Bias?

Cognitive bias, plainly speaking, is a systematic error in thought that impacts all decisions an individual makes. These biases form via a collection of one’s experiences, predispositions and perceptions and are often influenced by things such as incentives, wants and fears. The concept of “cognitive bias” was first introduced by Daniel Kahneman and Amos Tversky in a September 1974 article in Science.

Kahneman and Tversky’s detailed exploration of cognitive bias revealed that there are literally hundreds of different biases that can emerge at every stage of the risk assessment process, producing skewed and unreliable results that directly impact decision-making.  Accordingly, it is incumbent on the risk and compliance professional to not only understand and identify these biases, but to put proper techniques and strategies into practice to help mitigate or eliminate them.

How can risk, legal and compliance professionals mitigate inherent cognitive bias?

While it is nearly impossible to eliminate or dramatically reduce inherent cognitive bias, our collective years of practice have allowed us to analyze and implement certain methods that have proven effective in limiting and reducing the impact of those biases. These techniques include:

1. Balancing out the Sample Selection

When selecting a group to survey or interview, ensure that your sample selection contains individuals with balanced perspectives and varied incentives to avoid sample bias. For example, if you are surveying front-line leaders to understand risk concerns, you might seek to expand the survey to operations, finance and those other back-office functions that support these leaders so as to obtain a full and balanced view of the overall risk assessment.

Similarly, it is often helpful to obtain both internal and external perspectives (e.g., consultants, industry experts, equity analysts) when considering the full risk landscape. Having a broader group of opinions combined with both an internal and external risk assessment can better help you identify the incentives, goals and biases that might exist with each population and offset these biases through more focused sample selection.

2. Using Data to Combat Key Biases

Quantifying risks using objective, verifiable measures can also help minimize biases. Two biases that most often come to mind are “availability bias,” in which people tend to place more weight on things that come readily to mind than is actually the case, and “anchoring bias,” which entails relying too heavily on one trait or piece of data verses others. Understanding these objective biases from the start can help risk professionals better quantify the impact of such biases.

3. Reconciling Reactionary Thinking with Analytical Reasoning

Kahneman also introduced the concept of System 1 and System 2 thinking in his 2011 book, “Thinking, Fast and Slow.” System 1 thinking is essentially our “gut reaction” or fast, unconscious reaction to a situation – let’s say “reactionary thinking.” We ask a question, get a response and make our conclusion as a quick reaction to that response.

System 2 is a slower, more calculated way that we think and respond to stimuli – let’s call it “analytical reasoning.” As risk, legal and compliance professionals, we too are subject to bias and reactionary thinking, and therefore, allowing risk assessment data and conclusions to be analyzed by a larger group can sometimes help correct for any reactionary bias that might have been introduced by the professionals conducting the risk assessment. Sometimes more cooks in the kitchen may be appropriate to ensure results are properly analyzed.

4. Save the Senior Leaders for Last

Groupthink (aka bandwagon bias) is surely not a new concept – it occurs when the desire for consensus in a group discussion restricts the creativity, alternate perspectives or questioning of data and issues necessary to make an informed decision. This occurs frequently during risk calibration sessions and throughout the risk assessment process. We found reserving opinions and thoughts from the senior leaders in the room until the end of the meeting a strong weapon to combat the otherwise blind agreement that often permeates after the view of a senior leader is expressed. If you can get away with it, you may also consider excluding senior leaders from these sessions altogether, depending on the situation.

 

Clearly, the most important method to mitigate bias is first to recognize the fact that biases exist and then to implement established and proven strategies to neutralize them. Using these best practices will ensure a more objective compliance risk analysis and improve risk-informed decision-making across your organization.


Tags: cognitive hacksdecision-makingrisk assessment
Previous Post

The Truth About Whistleblowing

Next Post

The Evolution of Compliance

Christopher Magno, Terrance McCue and Michael G. Gordon

Christopher Magno, CPA, CISA is a Lecturer at Columbia University’s Enterprise Risk Management Program. He has developed coursework in Enterprise Risk and Cognitive Bias and Risk. Chris has over 25 years of experience leading global audit and enterprise risk teams at Fortune 500 companies in the technology, consumer products and financial services industries. He is a graduate of Cornell University’s Johnson School of Management and is a licensed CPA in the State of New Jersey.
Terrance McCue is a CPA in the state of New Jersey with over 10 years of experience in various risk/audit/controlling roles for Fortune 500 organizations. He is an alumnus of St. Peter’s University and holds a BS in Accountancy and an MBA. Terrance is also an active educator holding the position of Associate Professor at Columbia University’s School Enterprise Risk Management Program.
Michael G. Gordon, Esq. is an in-house attorney practicing at a New Jersey company specializing in financial services, regulatory and governance issues. He is also an Adjunct Professor of Business and Legal Studies at Seton Hall University and serves as a State Bar Examiner for the New Jersey State Board of Bar Examiners.

Related Posts

illustration of ransomware and hand paying ransom

Ransomware: It’s Time to Stop Negotiating

January 15, 2021
wrench with 100 dollar bills

DOJ Launches 2 Criminal Prosecutions of Illegal No-Poach and Wage-Fixing Agreements

January 14, 2021
mobile health care app

Prioritizing Compliance Along Health Care’s Digital Transformation Journey

January 14, 2021
illustration of executive standing center stage with team in silhouette behind him

COVID-19: Navigating the “CEO Moment”

January 13, 2021
Next Post
woman's hand touching beam of light on digital blue screen

The Evolution of Compliance

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights