top of page

You don't even know you're doing it!

There are many different biases

In my previous blog posts we've spoken about the origins of risk management, some of the confusing terminology, why it's important for organisations to manage risk and most recently, the 7 steps in the risk management process.

In today's post, I wanted to talk about something that has more general application across many fields but is especially important to be aware of in all phases of the risk management process.

And that is cognitive biases. According to Wikipedia(1), a cognitive bias refers to the systematic pattern of deviation from norm or rationality in judgment, whereby inferences about other people and situations may be drawn in an illogical fashion. Individuals create their own "subjective social reality" from their perception of the input.

So how does this behaviour manifest itself in our thinking? states 'When we are making judgments and decisions about the world around us, we like to think that we are objective, logical, and capable of taking in and evaluating all the information that is available to us. The reality is, however, that our judgments and decisions are often riddled with errors and influenced by a wide variety of biases. The human brain is both remarkable and powerful, but certainly subject to limitations. Cognitive biases are just one type of fundamental limitation on human thinking.'

As we have discovered in our journey through the various stages of the risk management process, determining the threats and opportunities that make up the risks to the organisation is part science and part art. In other words, there are quantitative elements and qualitative components.

The diagram below, developed by John Manoogian III, shows 180 different biases grouped into four categories - What Should We Remember, Too Much Information, Not Enough Meaning and Need To Act Fast.

Cognitive Bias Codex

By Jm3 (Own work) [CC BY-SA 4.0 (], via Wikimedia Commons(3)

Whilst it is beyond the scope of this blog to examine all of the biases, there are six that we will look at that may be particularly relevant to the risk management process:

Confirmation bias - this type of cognitive bias involves favouring information that confirms previously existing beliefs or biases. If the CEO for instance forms a view that an acquisition will be good for the company before doing the analysis, they will tend to look for evidence that supports their view and disregard people and information that counter it.

Optimism bias - this bias is about overestimating a positive and pleasing outcome to situations. For instance, when launching a new product the marketing manager may confidently predict that his product will be better accepted by consumers than a competitors similar product and that the chances of any problems with the product will be much lower.

Availability heuristic - is relying on things that immediately come to mind as a kind of mental shortcut. As an example, when participating in a risk identification workshop you might be asked for potential threats to the organisation. If there have been several building fires reported in the press recently, your mind will readily recall 'fires' as a potential threat and put higher weight on its likelihood.

Normalcy bias - this bias is simply the refusal to plan for, or react to, a risk that has never happened before. If you have always run projects a certain way and never had a major failure, the chances are that you will not be open to any suggestions of possible risks that haven't occurred previously (sometimes known as the 'ostrich effect').

Anchoring effect - is a bias in which people tend to use the first piece of information they receive on a subject and overlook subsequent data. When a manager is pressed for information from his supervisor on how much financial impact a risk will have, whatever number he says becomes the 'anchor' in the supervisors mind and anything more will disappoint even if new data comes to light that supports a higher number.

Neglect of probability - is the tendency to completely disregard probability when making a decision under uncertainty. The challenge of this bias is that when people have to estimate the probability of an event occurring they tend to rely on 'gut feel' or emotions and will typically disregard the statistics or records of actual occurrences over time.

These are just some biases at play in risk management - it would be wise to explore these further and think about how they may be playing a factor in your risk decision making.

If you are looking for further explanation on these and other biases in risk management, Alex Sidorenko of the Risk Academy has a series of short YouTube videos - the 1st is at:

Biases colour all our opinions when making decisions. The key for us is to be aware of these biases and try to take measures to mitigate them. Techniques can include involving several people in key decisions and making sure all opinions are heard. Also, writing down the reasons for the decision you have reached and looking back at it to see if there are any assumptions rather than facts and if so, how you arrived at those assumptions.

When it comes to risk management, which is not an exact science, we always have to be cognisant of these 'beliefs' and the 'illogical fashion' in which we can interpret situations.

As always, should you wish to discuss your risk management challenges, please feel free to contact me at or via my website




23 views0 comments
bottom of page