Life Risks | People Risk

The Role of Human Behaviour in Effective Risk Management

The ISO 31000 risk management standard and the NIST Cybersecurity frameworks among others, have adopted new guidance that suggest considerations into behavioral factors must be included and considered during risk assessments.

Human behavior is identified as the weakest link in risk management and security. Human factor risks will continue to increase in the fast-paced digital economy, digital transformations and the business impact of the Covid-19 pandemic. To that end, we suggest that when conducting risk assessments, the first major risk to examine is People and Culture Risk.

In a Harvard Business School article by Robert Kaplan, appropriately entitled, Risk Management- the Revealing Hand, the following is noted,

“Well-documented psychological and sociological biases within organizations lead them to overlook important risks and to systematically underestimate and under manage those they do identify.”

The above quote, I submit, equates to one of my maxims: if you can’t think it you don’t act on it. And this, in my respectful opinion, is what many of the leaders/decision makers suffer from with respect to risk management.

Regulators and auditors have also joined the fray in ensuring human behavior is factored into effective risk management principles. The United Kingdom regulator, the Financial Conduct Authority (FCA), has incorporated Conduct Risk into a structured regulatory framework as part of a strategy to better supervise wholesale banks. International institutions are hiring psychologists, anthropologists and behavioral scientists to oversee organizational culture and to comply with certain regulations. Additionally, major corporate entities like Walmart, Pepsi, Google and Amazon have created a new C-Suite role for a Chief Behavioral Officer.

Consideration of Behavioral risk must be factored in because of the following concepts/practices:

Risk perception
Adversarial thinking (as it applies to cybersecurity risk)
Lateral vision/thinking
Risk culture
Conduct risk
Cognitive biases
Heuristics
Ethnographic issues

The above is not an exhaustive list of considerations but it does demonstrate a major shift in risk practice requiring risk practitioners to become “risk solution designers” as opposed to managers of risk or as is found in many institutions “gatherers of risk” where they are primarily concerned with compiling information which they then call a risk register and where risk management is treated like a compliance issue.

Further, the misallocation of risk assets or the misidentification of risks distracts organizations from the key risks that threaten their organizational objectives. When risk resources are misallocated or reactively responding to events that aren’t necessarily risk events, the real threats that matter to the business goes unidentified and untreated.

Be advised: the uninspected/the unidentified usually deteriorates,

Life Risks | Operational Risks

What is Fatigue Risk?

ByKen Hackshaw October 29, 2020May 21, 2024

Fatigue plays a vast role in all industries in terms of performance, safety, and productivity. It ranks frequently among the top five human performance factors. The US National Safety Council estimates that fatigue costs more than $136 billion per year in lost productivity alone. 84% of this cost is due to reduced performance at work,…

Operational Risks | People Risk

The Paria diving Disaster: “Pre Motems” are much better that “Post Mortems”

ByKen Hackshaw March 24, 2022May 21, 2024

Condolences to the family, friends, and colleagues of those who lost their lives in this catastrophe. The best way for the leaders of these institutions to honor those lives lost is not by talking but by acting. There is a maxim that says: “the uninspected usually deteriorates”. There are risks and hazards (and they are not always the same) that may…

Case Study | People Risk

What is your “LOTUS OF CONTROL”?

ByKen Hackshaw May 21, 2024

Can your lotus of control affect or influence your business decision-making capability? Locus of control describes the degree to which individuals perceive that outcomes result from their own behaviors, or from forces that are external to themselves. This produces a continuum with external control at one end and internal control at the other As the environment…

Case Study | Life Risks

Risks in Your Mirror May Be Closer than You Think…

ByNM Lewis June 18, 2024June 18, 2024

You are familiar with the sign: “Objects in the mirror are closer than they appear,” which is the “warning sign” on your vehicle’s door mirrors. Applying this warning to the risk management space, one can identify Examples of risks that are much closer to your organization (and you) than they may appear to be: I would also like…

Cybersecurity | People Risk

Global Cyber Breach: The Need to Manage Vendor Risks, People Risks and More…

ByKen Hackshaw May 21, 2024

Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. Aside from US government agencies, “several hundred” companies and organizations in the US could be affected by the hacking spree, (according to a CNN report). Since late last month,…

Life Risks

Risk Management Life Skills Toolbox

ByKen Hackshaw October 7, 2020May 21, 2024

Whether it is personal finance, leaving the house, health risk (which hospital to go to, or NOT) you have to manage the uncertainties that “matter to you” and therefore you should know how to manage risk where the outcomes are to you your benefit or detriment. And because of COVID-19, you have been doing this…

Similar Posts

CONTACT US!

Socials