"For Best View, Please Open this Website on Laptop / Desktop Or Mobile"

18 October 2023 / RQ SPEAK

Unmasking Biases in Risk Reporting: A Workshop's Impact

Application Controls Audit

Dive into the fascinating world of Risk Reporting and Biases. This blog unravels the impact of biases on risk assessments and uncovers powerful strategies to mitigate them. Know how a fantasy game can provide great insights and lessons in this journey to make effective risk reporting a game changer.


Unmasking Biases in Risk Reporting



We conducted an awareness workshop focusing on unmasking biases in risk reporting for risk managers working across India for a large Insurance Company. The objective of the workshop was to highlight how our own individual biases can impact the risk reporting and consequently the overall risk management of an organisation. 

In my journey preparing for this workshop, here is what I learnt about biases in risk reporting.


How ERM typically works in most organisations

Risk management is the equivalent of a “crystal ball gazing” activity but with the hope of seeing dark and morose things that the future could hold for you, instead of flying ponies and knights in shining armours—though I admit, there's a touch of exaggeration here.

It's been proven time and again that a pragmatic approach can save organisations not only from financial losses but also from a loss of reputation. An effective enterprise risk management program is just as vital as delivering the core products and/or services. Just as it's crucial for individuals in a household to have a steady income to keep the house running, it's equally important to have someone manage expenses wisely to prepare for future events and prevent unnecessary, unplanned expenses. In a corporate context, this parallel holds true.

ERM’s effectiveness is not dependent only on the core team that drives it.  It is a collective endeavour. A critical role is played by all departments, functions and key stakeholders contributing towards an effective ERM. This data is structured in the form of risk reports. Risk reports serve as the foundation for ERM teams to perform analysis, enabling: 

  • Informed decision making

  • Effective resource allocation

  • Crisis preparedness

  • Regulatory compliance, if applicable

  • Strategic planning

  • Support for the organisation in achieving its core objectives

It’s easy to assume that the ERM function receives robust support from contributing departments, the reality often diverges from this. It's important to note that this disconnect isn't intentional., Upon closer analysis and conversations with leading industry experts in risk management, it becomes evident that several underlying elements contribute to this gap. These elements are some of the most significant challenges faced by risk management professionals.



Risk perception is inherently subjective, influenced by factors such as upbringing, life experiences, and the information we consume. The subjectivity is reflected in how risks are reported. It's akin to viewing the world through tinted lenses (not necessarily rosy). They may not necessarily present a rosy picture, but rather our unique understanding of it. These lenses or ‘biases,' as we'll refer to them from this point forward, play a substantial role in shaping the way we perceive risks., Biases are a covert, albeit a natural reason for the misreporting (over or under) of risks.

Below are some key cognitive biases and their impacts on risk reporting : 

  • Confirmation bias -

Confirmation bias is a cognitive bias where individuals lean towards perceiving information that aligns with their preconceived beliefs, often filtering out or dismissing data that contradicts these convictions. 

In the context of risk reporting, this bias can prove particularly perilous, as it may lead to a selective emphasis on risks that harmonise with the reporter's existing beliefs and views. As a result, crucial and probably graver risks may remain unreported or understated. 

  • Overconfidence bias - 

This bias tends to make individuals overly confident in their own abilities, knowledge, or judgments. This may lead individuals to often underestimate risks while overestimating their capabilities. 

In the realm of risk reporting, this bias can lead to a baseless sense of indestructibility. This can result in a significant gap between perceived and actual risks, jeopardising the overall accuracy of risk assessments. 

  • Fear of consequences - 

The fear of consequences bias is a bias where individuals are reluctant to report certain risks or acknowledge them due to the potential repercussions. 

In risk reporting, this bias can result in a selective omission or downplaying of risks that might lead to adverse outcomes or consequences. Because the reporting individual is fearful of the consequences that they may have to face, they may choose the simpler route of turning a blind eye to a risk that is serious.

  • Pressure to conform - 

Pressure to confirm is a cognitive bias influenced by external or internal forces that lead individuals to conform to a prevailing opinion or consensus rather than expressing their independent viewpoints.

In risk reporting, the individuals may choose to align their assessments with the expectations of the group that they are part of resulting in skewed risk reporting.

  • Authority bias - 

Authority bias is a cognitive bias where individuals tend to attribute greater accuracy or validity to the opinions and decisions of authority figures. This may have a factor of fear as well as that of blind belief in the authority in question.

In the context of risk reporting, this bias can lead individuals to give undue weight to the assessments and directives of authoritative figures, even when those assessments may be flawed or incomplete. Authority bias can compromise the objectivity and thoroughness of risk assessments and hinder the development of effective risk management strategies

Although it is almost impossible to eliminate biases from risk reporting, there are some countermeasures that may be implemented. 

  • Diverse Risk Assessment Teams: Form risk assessment teams with diverse backgrounds, experiences, and perspectives. This diversity can help counteract biases like confirmation bias, authority bias, and groupthink by introducing a variety of viewpoints.

  • Data-Driven Risk Assessment: Emphasise the collection and analysis of empirical data when assessing risks. This approach can help counteract biases such as overconfidence and reliance on authority figures by grounding assessments in objective information.

  • Role of Devil's Advocates: Assign a "devil's advocate" or encourage critical evaluation of risk assessments. This approach can help counteract conformity and groupthink by promoting constructive scepticism and alternative viewpoints.

  • Job Rotation : Job rotation may bring out risks that were unreported or omitted earlier

  • Peer Review: Implement a peer review process where assessments are reviewed by colleagues or experts. Peer review can uncover biases and improve the quality of assessments

  • Training and Education: Provide training on cognitive biases and their impact on risk assessment. Educating risk assessors about common biases can make them more aware and vigilant when conducting assessments.


The workshop 

Although we cannot be cured of our biases, research shows that becoming aware of them definitely helps. This is exactly what we hoped to achieve when we designed and conducted a training workshop around “Biases at play when reporting risks”. Since the workshop had attendees from all relevant functions who did not necessarily have a risk management background, we started by making them acquainted and comfortable with basic risk management terminologies. This helped us set the context for the rest of the workshop.


The Fantasy Kingdom Game

Once the attendees were armed with the basics, we dived into the biases through a unique game that was set in a fantasy kingdom with mythical creatures turning up to threaten its very existence. It was fun.. We wanted the participants to understand the importance of reporting risks as correctly as possible. Whether the kingdom was destroyed or saved from creature attacks, depended on the  way the situation was communicated to the king.

Everyone jumped in and participated. Kings and queens wore crowns, wise men wore sashes & messengers  with wrist bands emoted their fears. Post the game, we tied the learnings of the game to the concept of biases. The attendees grasped the connection and were able to do somewhat of a self reflection in the given context.


The Outcome

By the end of the workshop people agreed that risks get reported incorrectly and biases are a significant reason for this. The workshop was an eyeopener for many, based on the feedback we received immediately after (from the participants as well as the training sponsor). 


Learnings for all of Risk Managers

It has given us (Risk Quotient) a solid reason to believe that in organisations that rely on risk management for various reasons, our workshop can aid in not only clarifying the purpose of the risk reporting activity to all involved, but also ensure that this is done with no intention of putting anyone in a spot or culprit shaming. not to forget the fun they would have in the process of self-discovery.

We recognize the significance of periodically revisiting exercises like these to reinforce the invaluable lessons learned. Such refreshers serve as essential reminders, ensuring that individuals continue to apply these insights in their daily work. 



Biases are not only our comfort zones but also ingrained survival mechanisms. By conducting regular workshops, we not only prevent the message from fading into the background but also nurture a culture of ongoing learning and improvement. Our biases run deep, making the pursuit of unbiased risk reporting a continuous journey—an investment in both personal and organisational growth.

If you want to conduct one for your organisation, reach out to us at sales@rqsolutions.com.