“He did WHAT? Are you kidding me? How did this happen? How can we stop it from ever happening again? Change the policy immediately. Shut down access to the system. Suspend everyone on the team right now! This is a disaster.”
In Compliance, our job is to put controls and processes in place that reduce the likelihood of misconduct, then investigate when things go wrong, then change the systems and controls when we find that one is lacking. However, when something goes wrong, too often we stampede to respond with ill-thought-through plans, panicking instead of looking critically at what went wrong in an individual case. It can be difficult to stop to consider whether the situation was caused by a rogue employee or whether there truly was a deficiency that needs to be addressed.
Why we overreact
According to behavioral economist Andy Reed, overreaction is a natural human instinct. Reed states that humans are instinctively risk-averse and frequently are overly influenced by what has just happened instead of looking at long-term patterns. We may fear that…
Why you need to think like a criminal and a clueless person when it comes to your controls