Academicians often discuss the underlying theory of risk management, especially those related to the concept of Enterprise Risk Management (ERM). One of the underlying theories is the ‘decision-making theory,’ which was first introduced by Herbert A. Simon, the Nobel Prize winner for Economics in 1978. He is best known for his work on corporate decision-making, also called behaviorism. Decision-making theory is a theory of how rational individuals should behave under risk and uncertainty. The theory suggests that decision-making means the adoption and application of rational choice for the management of a private, business, or governmental organization in an efficient manner. The theorist argued that making a decision is choosing between alternative courses of action. It can even mean choosing between action and non-action.
The Herbert Simon’s decision-making theory first appeared in his renowned book, Administrative Behavior (1947). He suggested that decisions were critical because if they weren’t taken on time, it will negatively impact an organization’s objective. The concept can be divided into two parts: the decision that someone arrives at and the process or actions taken. In other words, implementing a decision is as important as making that decision. From this perspective, ERM will help the organization conduct their risk-based decision-making, which implicitly considers the process of actions taken upon such a decision at its earliest.
The Decision-Making Theory by Simon also considers psychological aspects that classical economists overlooked or ignored. Internal factors such as stress and motivations, among others, limit an individual’s capacity to solve complex problems. In short, decisions are based on bounded rationality—humans behave differently when there are risks and uncertainties involved. At the core of the theory lies ‘satisficing’, which is a combination of satisfying and sufficing. It suggests that one should pursue objectives or make decisions that involve minimum risks and complications instead of focusing on maximizing profits. In contrast to classical theorists, Simon suggests that there is never one best course of action or decision. It’s because one can’t have complete information about something, therefore, there will always be a better course of action or decision.
How does such theory interlink with the concept of Enterprise Risk Management (ERM)? Risk by definition is “the effect of uncertainty on objectives” (ISO 31000,) and risk management is ‘coordinated activities to direct and control an organization concerning risk’ (ISO 31000). Such activities start with decision-making, followed by series of actions. Every day in our life, we make decisions and actions, and so does corporate life. The higher our role in an organization, the more we engage in decision-making to achieve certain objectives either toward the very near future or toward a longer-term period. Thus, we must deal with uncertainties as there is a time lag between when the decision-making is made and when the outcome or the objective of such a decision will be realized. In this case, there could be some risks that may hinder us from accomplishing the objective.
Managing enterprise risks is about making a decision that starts at a strategic level down to the operationalizations. As such, ERM is linked to the three stages of the decision-making process as described below:
- Intelligence activity stage. At this stage, we identify the issues and challenges faced by an organization. Board and senior management analyze strategic issues and challenges leading to strategic risks, while middle managers are on operational issues and challenges leading to operational risks, and the assurance function is to identify issues and challenges leading to compliance risks against all prevailing rules and regulations. If we refer to ISO 31000, this stage is linked to the step of establishing the context, which consists of external and internal context, as well as to the establishment of risk criteria. Further, it is also linked to the step of risk assessment, which consists of three sub-steps: risk identification, risk analysis, and risk evaluation.
- Design activity stage: At this stage, we identify and analyze possible solutions to the issues and challenges and its respective risk category. Board and senior management look for suitable strategies, possible series of actions, and feasible approaches. They analyze the merits and demerits to select a particular strategic course of action. Meanwhile, the middle management to assure that workable design has opted and in place to keep the organization’s operational risk exposure within the appetite and tolerance whilst adhered to all the requirements of prevailing laws and regulations. If we refer to ISO 31000, this stage is linked to the risk assessment, especially at the sub-step of risk analysis, figuring out the magnitude of the risk impact and likelihood. Further, it is also linked to the other steps of ISO 31000 as all options are taken should be well communicated to concerned stakeholders and reviewed and monitored by the organization regularly.
- Choice activity stage: After making a list of alternatives, the choice activity stage begins that critically examines and evaluates the various consequences of all alternatives, selecting the most suitable course of action. This stage requires creativity, judgment, and quantitative analysis skills. If we refer to ISO 31000, this stage is linked to the risk assessment, especially at the sub-step of risk evaluation, figuring out the magnitude of the risk impact and likelihood, which is compared to the threshold to decide whether risk mitigation needs to be taken or not. If risk mitigation should be taken, then what option could be chosen upon cost-benefit analysis toward assessing particular risk prior to. In choosing the option, the decision theory suggests that when we make a choice, we must have a certain level of confidence that such choice is doable and having probability to be done.
Artikel juga ditayangkan di https://crmsindonesia.org/publications/risk-management-and-decision-making-theory/