A body called COSO was established in 1985 to prevent fraud. It’s a private sector initiative with a remit to guide executive management and government entities in relevant aspects of organizational governance, business ethics, internal control, business risk management, fraud and financial reports. COSO is sponsored and funded by the professional organisations for Accountants, Financial Executives and Internal Auditors.
Doesn’t sound like it’s got much to do with HR, Learning & Development, Comms and OD but try to suspend your judgement for a second…
COSO created a framework for Enterprise Risk Management. Take a look at the kind of language used in one of their intro documents:
Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of the updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures and enhance strategies and decision-making.
Someone like me really frowns when trying to understand this kind of terminology. But after a bit of interpretation, underneath all the highbrow ‘blurb’, is a rigorous communications process that demands the alignment of its participants to achieve their goals.
What I especially like about this isn’t just that it’s about effective communications between managers and the people in their teams. COSO actually identifies specific biases that are seen to pose key risks to the success of Enterprise Management, as below.
- Description Availability bias: People tend to think events are more likely to occur if they have recently heard of them happening. Thus, people overestimate the risk of death from tornadoes, cancer or accidents and underestimate the risk from asthma or diabetes when they get a lot of media coverage.
- Confirmation bias: People tend to emphasize data that confirms their established beliefs or ideas and to discount information that conflicts with their beliefs. People also fall for the “false-consensus effect,” assuming that others share their world view. For example, if they believe in global warming, they expect that most people agree. Yet those who question its existence also believe they hold the mainstream opinion.
- Groupthink bias: Groups can make faulty decisions because group pressures sometimes lead to a deterioration of mental efficiency, reality testing and moral judgment. A group is especially vulnerable to groupthink when its members are similar in background, insulated from outside opinions and there are no clear rules for decision-making.
- Illusion of control: People find comfort believing they can control the world around them, even when they cannot. For example, an organization may believe it is mitigating climate-related risk by accounting for and reducing GHG emissions and energy use.
- Overconfidence effect: People, especially specialists and experts, overestimate how much they know. Compounding the overconfidence effect is the tendency to underestimate the time and costs of projects.
- Status quo bias: In choosing among alternatives, individuals display a bias toward the status quo.
To me, these biases look like they would pose a risk to the pursuit of most organizational objectives in most organizational contexts. And they’re an indication that the world of Enterprise Risk Management is open-minded, accommodating social and psychological factors into their processes. By spelling out these biases in a framework like this, those biases become more identifiable, measurable, and addressable.
It’s as if the world of Enterprise Risk Management has been quietly taking huge leaps forward with an approach to alignment, while the rest of us are still busy persuading leaders that alignment is worthy of attention. The admirable thing about the COSO framework is that it assigns Board level responsibility for addressing all these risks and uses Board level language to communicate those. And it’s working.
Ultimately, we’re all after the same thing: ensuring people are aligned to the strategy and between each other to deliver better together, both cognitively and behaviourally. And this illuminates a big opportunity for interdisciplinary learning, with a starter question: What can us ‘people-centred’ practitioners take from the COSO approach?
More about comprehensive alignment for teams and organizations is at www.mirrormirrorhub.com.