For too long, there has been an unspoken assumption in traditional
risk management and regulation that organisations are quasi-mechanical and that
decision making is essentially rational. The implication is that you if can devise the
right rules, risks will disappear because people will respond to them
logically.
In truth, all organisations consist of real people who
exhibit the range of normal human feelings, emotions and behaviours and have individual characters. These, and well-understood mental short-cuts and biases, are as important as strict logic in making
decisions in the real world. Real people
constantly react to real life in ways that, whilst predictable, are not
strictly rational. It is those who lack
these feelings and emotions who are unusual, not those who exhibit them.
You visit the baker to be faced with an aromatic array of fresh bread. Do you rigorously compare the nutritional content of each loaf, run quality tests and carry out a price and product comparison with other bakers in the vicinity (not forgetting transport and opportunity costs) that, if you are strictly rational, you ought to consider?
Of course you don’t. You follow your eyes, nose and feelings rapidly to choose what you feel is the best choice: today a bag of bagels; tomorrow scented spelt scones; and if you like sweet things you may scoff the scrummy sugared doughnut you know you should shun. If you stuck to strict logic, the baker’s shelves would be empty by the time you made your decision.
Feelings and emotions are an important element in normal
decision-making, and this is true of all normal people in all contexts –
including the most intelligent and respected business leaders in their work. Unfortunately the emphasis on ‘homo economicus’, economists’ rational,
benefit-maximising model of man leads
many leaders to assume this crude model represents reality, a double danger if they
do not realise the extent to which their own decision-making depends on
feelings and emotions.
Real people use what behavioural economists and psychologists call heuristics and biases in making decisions.
Heuristics are mental short cuts that we all use to simplify decision-making. There are dozens of them, working beneath our consciousness. For example there is evidence that where we recognize one of a number of choices but have no better information, we are likely to put a lower store on the option we do not recognize. That is the recognition heuristic.
Then there are biases. An important bias is the ‘optimistic bias’. As healthy humans we tend to delude ourselves that bad events are less likely to happen than good ones. And we tend to attribute positive events to our skill and adverse ones to ‘them’ or bad luck: the ‘self-serving bias’.
Many more heuristics and biases provide the numerous unrecognised assumptions and short-cuts that make the life of a normal person – well normal.
This matters. People
and the way they behave is what can make organisations great. But one of the insights to emerge from our
work on “Roads to Ruin” the 2011 Cass Business School report for Airmic (we
were two of the report’s four authors), is that people are almost always at the
root of why organisations are derailed.
They are implicated twice over: first because individual and collective human
behaviour, most of it perfectly normal and predictable, lies at the root cause
of most crises; and then because it regularly tips potentially manageable crises
in to unmanageable reputational calamities.
We have since established that seniority amplifies the consequences of behaviour
for good or ill, so that other things being equal, behavioural and
organisational risks related to leaders typically have far more serious
consequences than an analogous errors lower down the hierarchy.
Unfortunately this area of risk is not systematically
recognised by classical risk management.
Some areas of people risk are captured by looking at process safety, but
this leaves huge gaps. And a restricted
view of reputational risk has left large areas of risks to reputation doubly unprotected.
Leaders and risk professionals have a
structural blind spot that leaves the organisation – and its leaders –
predictably vulnerable.
We have solved the problem by rethinking reputation and
reputational risk – and so can you. The
Financial Times lexicon defines reputation as: “Observers’ collective judgments of a corporation based on assessments
of financial, social and environmental impacts attributed to the corporation
over time”; and there is much bickering over the nature of reputational
risk.
Whilst the FT definition is good in parts, it is too narrow.
We prefer the deceptively simple:
“Your reputation is
the sum total of how your stakeholders perceive you.”
Think
about it and you will find its hidden depths.
One is that you lose your reputation when stakeholders come to believe,
rightly or wrongly, that you are not as good as, or are worse than, they
previously believed you to be. That leads
to our definition of reputational risk:
“Reputational
risk is the risk of failure to fulfil the expectations
of
your stakeholders in terms of performance and behaviour”
Many
‘performance’ failures are caught by enterprise risk management; but few
risks from behaviour or organisation are captured. The
result is that risks that both cause crises and destroy reputations are not
captured, so they remain unmanaged. Worse, the research shows that behavioural and
organisational risks can take many years to emerge. In the meantime, leaders think all is well
when, helped by the self-serving bias, they have been fooled into complacency by
what is, in truth, a run of good luck; and they have lost the opportunity to
deal with potentially lethal unrecognised risks before they cause harm.
And
as Richard Feynman, the late lamented Nobel laureate who uncovered the people risks that caused NASA’s Challenger disaster, said: “The first principle is that you must not fool yourself; and you are the
easiest person to fool.”
Professor
Derek Atkins
Anthony
Fitzsimmons
“Rethinking
Reputational Risk: How to Manage the
Risks that can Ruin Your Business, Your Reputation and You” will be published
on 3 January. You can read reviews of the book at www.koganpage.com/reputational-risk For a limited time you can (pre-)order the book there at a 20% discount: use code ABLRRR20
This blog is based on an article first published in Management Today.