Cognitive Governance: The First Pillar of a Cognitive Risk Framework

After the 2008 reckoning of the Great Recession and a 60 percent decline in market value, I became redundant and soon began to question the failings of risk management as a discipline and my own skills as a risk professional. If adversity is the mother of invention, my journey to “learn” risk management really began after almost 30 years of leadership positions in financial services.

What I have learned after more than 10 years of research suggests that risk management is on the verge of a deep renewal and advancement. I examined how physicists, engineers, actuaries, medical professionals, research scientists and Nobel laureates solve complex problems and found novel ways of thinking about risks and the tools needed to mitigate them. I also learned that there is no “silver bullet” or “one size fits all” solution that can be generically applied to manage risks. This was less of a surprise given economic and business failures that recur repeatedly, but the unanswered question remained: Is there a common thread leading to failure?

The most surprising and commonly cited failure by all risk disciplines is human behavior and error! Human behavior is cited as the greatest vulnerability in cybersecurity, but it is also the leading cause of fraud, operational and organizational failure. In contrast, traditional risk frameworks are designed to ensure the effectiveness of financial and operational controls in alignment with organizational strategy. The difference between the two is a focus on design around the human element. A cognitive risk framework does not compete with traditional risk frameworks; it complements the foundational work already in place.

Atul Gawande called these failures in performance ineptness, while psychologists Daniel Kahneman and Amos Tversky describe them as heuristics in concert with Herbert Simon, who captured the scope of the problem in bounded rationality.[1][2][3] Each of these observations provide insight into how to help mitigate our own limitations, yet there is resistance to adapt even as the costs of these failures grow larger. The fallacy of homo economicus applies to risk management in equal measure, but the question remained: What to do?[4]

“I can calculate the movement of stars, but not the madness of men.” ― Isaac Newton

The transition from 19^th-century processes to digital transformation will require new frameworks, tools and – more importantly – new thinking about risk. Technology and data will drive better risk-taking, but an understanding of human error will create a multiplier effect. If technology and data are the levers to better performance, then reduction in human error is the multiplier. But the answers are harder than they appear!

Dr. Gawande said it best: “Better is possible. It does not take genius. It takes diligence. It takes moral clarity. It takes ingenuity. And above all, it takes a willingness to try.” 

A Cognitive Risk Framework was created to begin to explore the answers to these basic questions and provide a pathway for more complex risk methodologies.

What is Cognitive Governance?

Cognitive governance is a nonconventional approach to oversight by senior executives and risk professionals. Cognitive governance is comprised of five disciplines:

• Risk Governance separates the duties of risk management and risk assessment (analysis)
• Perceptions of Risk seeks to understand different views and perceptions of risk that hinder risk governance
• Human Element Design addresses cognitive load, situational awareness and the human-machine interaction
• Intelligence and Modeling focuses on business performance, efficiency, security and risks
• Capital Structure concerns risk-adjusted returns on capital and capital exposures due to oblique legal and contractual obligations

Cognitive governance is designed to expose blind spots and inefficiencies that exist in all organizations that view risk management as separate and distinction from strategy. An over-simplified example of cognitive governance used by J.P. Morgan involved developing a machine learning algorithm, COIN (contract intelligence), to do in seconds what took 360,000 hours each year by lawyers and loan officers.[5]

On the other hand, most organizations lack resources to invest in artificial intelligence but can still benefit from a focus on cognitive governance through the process of simplification.[6][7] Simplification is a process of discovery to uncover the risks that lie hidden in complexity.

Instead of starting with an answer, like traditional risk frameworks, a cognitive risk framework is centered on asking better questions not yet answered. In order to fully explain cognitive governance, we need to break down the five principles of cognitive governance and demonstrate how the rest of the pillars are driven by and informed by its principles.

An upcoming installment will include the five principles of cognitive governance.

[1] https://en.m.wikipedia.org/wiki/Heuristic

[2] https://www.goodreads.com/author/quotes/3078.Atul_Gawande

[3] https://en.wikipedia.org/wiki/Bounded_rationality

[4] https://en.wikipedia.org/wiki/Homo_economicus

[5] https://www.bloomberg.com/news/articles/2017-02-28/jpmorgan-marshals-an-army-of-developers-to-automate-high-finance

[6] https://www.bcg.com/publications/2017/people-organization-operations-mastering-complexity-through-simplification.aspx

[7] http://www.managementsite.com/461/managing-business-complexiuty.aspx