This blog is dedicated to the study of People Risk Management (PRM), a topic that cuts across multiple disciplines: Risk Management, Human Resources, Corporate Governance, Behavioral Psychology, White Collar Criminality and Health & Safety.
Here, People Risk is defined as the risk of loss due to the decisions and non-decisions of people, inside and outside of the organization. This is a pretty broad definition that is in turn based upon the definition of Operational Risk by the Basel Committee on Banking Standards.
- Note that in this definition, ‘loss’ is not just financial but also includes: loss of human capacity (e.g. death and injury); loss of corporate reputation; and loss of organizational capacity (e.g. inadequate decision-making leading to sub-optimal shareholder returns or loss of key personnel).
- Note too, the emphasis is on the risk of loss due to decisions AND non-decisions. For example, a risk that a person makes a decision that causes a fraud to be perpetrated is a People Risk, as is the risk that a firm will be fined for discrimination that was not reported by staff – a non-decision!
Losses due to People Risk are ‘caused’ by people making ‘bad’ decisions.
Some decisions, such as taking part in fraud, are ‘bad’ because they are illegal. Other decisions are ‘bad’ not because the outcome turns out to be bad, since even ‘good’ decisions can go wrong due to changes in the environment, but were bad to begin with. For example, a decision (or non-decision) that is driven by the interests of the decision-maker rather than his/her employer is ‘bad’, as is a decision that is taken with insufficient information or because a decision-maker is overconfident in his/her abilities. Likewise a decision that is the outcome of a group consensus that is arrived at without due process or bullying is also ‘bad’. There are a thousand ways that a decision can be ‘bad’, which makes management of such risks extremely difficult.
The articles in the blog will consider the ‘uncomfortable truth’ that among the countless decisions made within a large organization each year, a number of them will be ‘bad’, that is they will be made without due consideration of all of the facts, or the result of invisible biases and inappropriate personality traits. A proportion of those bad decisions will be disastrous, seriously damaging or even destroying a firm. In other words, we are looking here at ‘man-made’ disasters, such a corporate bankruptcies, not natural ones, such as losses due to earthquakes, although People Risk comes into play when the losses are exacerbated by bad forward planning by management.
People Risk occurs in all industries: Banking, Energy, Medicine, Airlines, Manufacturing, Retail and so on. And there is People Risk at all levels of a firm: from the Boardroom, such as the disastrous decision by the Board of the Royal Bank of Scotland to acquire ABN-AMRO bank, to the front-line, such as the misselling of products by poorly-trained or badly-incentivised sales staff, and everywhere in between.
The detection and management of the risk that people will make bad, even disastrous, decisions is hard because it involves a number of disciplines that have traditionally only considered decisions that were illegal or dangerous to health. Human Resources, of course, deal with people so they are aware of the risks that might occur, but aside from hiring they tend to be involved in People Risk after something has gone wrong. Boards and senior management are involved in both maximizing the opportunities provided by ‘good’ employees but also minimizing the damage that can be caused by ‘bad’ employees; rarely do they consider that their own decisions may be their firm’s greatest source of risk. Corporate Governance and Compliance therefore has a role in managing People Risks. Since the corporate (often called Enterprise) Risk Management function has a role in detecting all risks within a firm, they must recognize People Risks but traditionally they have concentrated on Process and External risks. To properly manage People Risks then, these disciplines (and others such as Legal) have to begin to talk to one another.
Over the past 25 years psychologists, such as Daniel Kahneman and Dan Ariely have, through innovative experiments on individuals and groups, discovered that people are not good at making decisions, because they bring with them a plethora of personal ‘behavioral biases’, which are often invisible to the individuals themselves. People make bad decisions for a host of reasons but mainly because they are human. As behavioral psychologists have discovered and confirmed again and again, emotions get in the way of our ability to think rationally and objectively.
To manage People Risk then, Human Resources, Risk Management and those responsible for Corporate Governance must come to terms with this ’quiet revolution’ in our understanding of how people make decisions, they must understand the theories of Behavioral Psychology and more importantly, incorporate the theories into their thinking and planning.