IRM ERM M1U5.2 People and Risk Culture

Question 1

IRM’s risk culture framework

Answer 1

The IRM’s risk culture framework illustrates personal predisposition (or risk preference) at the centre of the risk culture, and how this personal predisposition influences and interacts with personal ethics and behaviours and how organisational culture can affect risk culture,

Question 2

Personality profiling methodologies regarding risk

Answer 2

There are also personality profiling methodologies regarding risk, which assess an individual’s predisposition towards risk, measuring a person’s preparedness to take risk and their resilience in the face of risk

one such tool, the Risk Type CompassTM

Question 3

Personal predisposition to risk

Answer 3

Personality research identifies two specific traits that contribute
to this:

• The extent to which people are either
  spontaneous and challenge convention or
  organised, systematic and compliant;
• The extent to which people may be cautious,
  pessimistic and anxious, or optimistic, resilient
  and fearless.

Question 4

Risk objective and subjective reality

Answer 4

Risk comprises objective (e.g., weather forecasts) and subjective elements influenced by psychological and cultural factors.

Question 5

Different perceptions of risk might exist at different levels

Answer 5

Perception of risk varies across organizational levels; boards may overlook operational risks, while frontline staff may not grasp strategic risks.

Individual risk perceptions evolve over time and with experience.

Question 6

Risk perceptions challenges during risk identification & analysis

Answer 6

People might hide risks or present false risks for their own self-interest rather than for the benefit of the organisation’s risk management activities (risk identification).

People may deliberately understate or overstate risk severity for their own self-interest rather than for the benefit of the organisation’s risk management activities (risk analysis).

People have different views of levels of an acceptable level of risk to accept (risk evaluation).

Misperception of risk results in incorrect or inconsistent data being collected to fully assess and correctly treat risks.

Question 7

Two dangers of different risk perspective

Answer 7

There are two real dangers that may result:

Organisations are likely to manage the same risks very inconsistently, depending on the individual who must manage that risk, thus increasing the overall organisational uncertainty.

Risk managers could seek to achieve greater kudos amongst their stakeholders by focusing their efforts on helping to manage the stakeholders’ fears over what they perceive to be the most significant risks rather than what are the most significant risks.

Question 8

Common cognitive biases

Answer 8

Common cognitive biases include:

Confirmation bias – we believe what we want to believe because the information confirms our existing preconceptions of beliefs

Conformity bias (or group think) – choices of a group or the majority influence how we think, even if it is against our personal judgement

Authority bias – where we favour the ideas of an authority figure

Bandwagon bias – where we favour ideas already adopted by others

Anchoring bias – where we are influenced by information we already know, and have trouble moving outside that pre-existing knowledge

Question 9

Hillson and Murray-Webster (2007)cognitive biases/ ‘gut feel’ orheuristics influencing an individual’s riks attitude

Answer 9

availability;

representativeness;

anchoring and adjustment:
and the confirmation trap.

They go on to consider some of the common group heuristics:

groupthink;

the Moses factor;

cultural conformity;

and the risky and cautious shift.