About Board and Fraud

Board and Fraud is a blog that aims to bring a practical approach to issues facing the board of directors and the audit committee specifically in the area of governance, risk management, compliance, and internal audit, with a strong focus on fraud, ethics, and internal controls.

Board Overconfidence: An Often Unrecognized Risk

Directors on corporate boards are – almost by definition – men and women who are accomplished and successful. So it is only natural that most board members also are highly self-assured and confident in their judgment and abilities. When that self-confidence is misplaced or overstated, however, the consequences can be costly. This is particularly true when overconfidence causes board members to underestimate or overlook the risks associated with fraud or management incompetence. Moreover, when board overconfidence is compounded by management overconfidence, the risks can multiply quickly. Once the dangers of overconfidence are understood and appreciated, board and management teams alike can begin taking proactive steps to mitigate the risks. Knowing the warning signs of board overconfidence is an essential first step.

By Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE and NACD Board Fellow


Directors on corporate boards are – almost by definition – men and women who are accomplished and successful. So it is only natural that most board members also are highly self-assured and confident in their judgment and abilities.

When that self-confidence is misplaced or overstated, however, the consequences can be costly. This is particularly true when overconfidence causes board members to underestimate or overlook the risks associated with fraud or management incompetence. Moreover, when board overconfidence is compounded by management overconfidence, the risks can multiply quickly.

Once the dangers of overconfidence are understood and appreciated, board and management teams alike can begin taking proactive steps to mitigate the risks. Knowing the warning signs of board overconfidence is an essential first step.


The Dunning Kruger Effect: Not Knowing What You Don’t Know

Throughout history, observers of human nature have recognized that people often are unaware of their weaknesses or incompetence – in essence they are not self-aware. It was Confucius who noted, “Real knowledge is to know the extent of one’s ignorance.” Centuries later, Mark Twain is said to have observed, “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.”

Researchers dispute whether it was Twain, Will Rogers, or someone else who said that. But regardless of its provenance, the comment’s underlying point is indisputable: We often don’t know what we don’t know, and we’re usually most confident in those areas where we are most ignorant.

Contemporary academic research verifies this. In fact, over the past 20 years, there has emerged an entire body of research into what is now known as the Dunning-Kruger effect, named after a 1998 study by Cornell University psychology professor David Dunning and graduate student Justin Kruger. They presented groups of students with several tests of general intellectual knowledge and social skills and then asked them to estimate how well they had done. The research revealed that those students who had scored best on the tests generally underestimated their performance, while those who did the worst generally overestimated their performance.[i]

In subsequent years, Dunning and Kruger expanded on their initial observation. They developed an extensive body of work that seeks to explore why people fail to recognize their incompetence – and what the effects of failure can be. In a 2003 paper published by the American Psychological Society, they and several other researchers summed up the issue this way: “(P)eople tend to be blissfully unaware of their incompetence. This lack of awareness arises because poor performers are doubly cursed: Their lack of skill deprives them not only of the ability to produce correct responses but also of the expertise necessary to surmise that they are not producing them.” [ii]

In a 2014 Pacific Standard article, Dunning put it this way: “What’s curious is that, in many cases, incompetence does not leave people disoriented, perplexed, or cautious. Instead, the incompetent are often blessed with an inappropriate confidence, buoyed by something that feels to them like knowledge.” [iii]

The combination of ignorance and overconfidence has become a staple of late-night talk show comedy routines in which the host quizzes passersby on the street and elicits highly confident – and ludicrously incorrect – answers on subjects ranging from sports and music to current events and history. Like the students in Dunning’s research, the less the interview subjects know about a particular topic, the more confident they seem to be in their answers.

There is no reason to assume business leaders are immune to this tendency. Their positions often can exacerbate it. Company directors are almost invariably successful, accomplished individuals. It is only natural for them to be confident of their knowledge in deal-making, decision-making, and leadership, and in their ability to recognize these same attributes in the officers and executives to whom they delegate authority.

Moreover, the Dunning-Kruger effect has a corollary in the field of ethics. Surveys show that 92 percent of Americans are satisfied with their moral character, and 75-80 percent of Americans think of themselves as being more ethical than their peers.[iv] This combination of overconfidence in their knowledge and abilities, and overestimation of their ethical behavior and strength of character, can blind boards and executive teams to their vulnerabilities and inadequacies. The results can be seen in poor decision-making and an inability to recognize their misplaced confidence.

Dunning-Kruger in Today’s Businesses: Board and Management Risk

The risks associated with board overconfidence are drawing growing attention in the risk management profession overall. A current high-profile example of this trend can be found in a newly published study by the Institute of Internal Auditors (IIA), which surveyed board members, executive management, and chief audit executives from a broad range of organizations, asking them to identify the risks that are top of mind for 2020 and beyond.

In addition to identifying specific types of risk (such as cybersecurity, data security, regulatory change, data ethics, and corporate culture), the IIA researchers also interviewed participants about the current state of risk management efforts in their organizations. This analysis produced seven key findings, beginning with this observation: “Boards are overconfident. Boards consistently view the organization’s capability to manage risks higher than executive management (does).” [v]

In a news release announcing the publication of the new report, the IIA noted, “There is a critical misalignment between how executive management views an organization’s capability to manage risks and what is communicated to boards, leading to board members believing risks are better managed than they are.” [vi] 

One of the underlying causes of such board overconfidence is confirmation bias – the widespread human tendency to interpret new information in a way that confirms our already existing beliefs or theories. We dismiss contrary information as exceptions and interpret ambiguous experiences in ways that align with our expectations. At the same time, our memories selectively recall those experiences that seem to confirm what we believe. In the end, we are left with a powerful sense of knowledge – but it often is false knowledge.

Corporate boards and management teams can be particularly susceptible to confirmation bias. After all, they want to believe their organizations are ethical and honest, so they more readily notice evidence that confirms their expectations. This tendency, in turn, further reinforces their self-confidence regarding their abilities to accurately evaluate and judge their subordinates’ performance and integrity.

Board members also may be considerably less competent than they think they are regarding the specific ethical issues that affect the corporation. Because of their seniority and position, they often receive less direct feedback regarding specific ethical questions, leading them to overestimate their knowledge regarding ethical measures the organization must meet, and what ethical systems and tools are available.

Executives and senior managers are also susceptible to these shortcomings, displaying a high degree of confidence regarding ethics questions where they are, in fact, less than competent. In many instances, management may institute ethics training and programs it believes are sufficient to address ethical issues throughout the firm, but which in fact, fail to address the laws and regulations to which they must adhere. In such cases, management often lacks the skills or competency to assess the effectiveness of the ethics and compliance program accurately, and as a result, fails to conduct root cause analysis to determine the underlying causes of ethical failures.

Of course, incompetence is only one reason why management might fail to communicate the existence of inadequate controls or instances of unethical behavior to the board. Management also could intentionally deceive the board by failing to present examples that conflict with their self-image and expectations.

Ignoring or failing to recognize the risks of board and management overconfidence can have devastating effects. In extreme cases, it could provide the foundation for a Caremark claim by shareholders, alleging that the directors failed to establish or oversee a monitoring system to verify the corporation’s compliance with the law.

Caremark claims (named after a 1996 civil case before the Delaware Court of Chancery) are one of the most challenging types of derivative cases for shareholders to prove, as plaintiffs who filed actions against major financial institutions in the wake of the Bernie Madoff scandal discovered. But several high-profile Caremark claims involving board oversight failures in pharmaceutical and food companies have been successful in recent years, providing visible examples of the drastic consequences that can occur when boards are overconfident in their capabilities and complacent in meeting their oversight responsibilities.

Even if a Caremark claim ultimately fails, the litigation costs and reputational damage it causes can be substantial – especially when they are compounded by the actual financial losses that are typically associated with such cases. In that sense, the combination of board overconfidence and lack of competence can generate a genuine crisis for any organization.

Moreover, when incompetence and overconfidence occur at both the board and management levels the result can be a “perfect storm” – an environment that is particularly conducive for a breakdown of corporate ethics, and a feedback loop that exacerbates the problem of overconfidence:

· First, management is overconfident in the ethical programs it has set out, yet it is incompetent at identifying what strong ethical programs would consist of.

· Second, the board also is incompetent in two ways: It is overly confident that it has selected a highly competent and ethical management team to which it delegates authority, while at the same time, it lacks the competence to identify any ethical issues that management overlooks.

Once this reinforcing feedback loop of incompetence and overconfidence is set in motion, the results can be disastrous.

Red Flags – Signs of Risk

Corporate culture and “tone from the top” are important positive components of an anti-fraud program. Yet, ironically they also can play a negative role in encouraging board and management overconfidence. The corporate culture establishes boundaries – both written and unwritten – that define what actions and behaviors are acceptable or unacceptable.

A senior fellow at the University of Pennsylvania, Dr. Annie McKee, has researched and written extensively about corporate culture and workplace management issues. In a 2019 Harvard Business Review article[vii] she suggests several recognizable warning signs that indicate a potentially toxic culture:

Pressure to “cover.” Most people hide or downplay certain aspects of their personalities or identities to fit in at work. If employees or managers feel pressured to downplay their values or beliefs regarding integrity and honesty to fit in with their coworkers, the corporate culture is potentially toxic. Boards and senior management teams should be particularly alert to such incidents.

Hyper-competitive environment. When employees are constantly challenged to prove their prowess and drive to win, or to put work above all else in life, the pressure to win at all costs increases. In addition to making workers miserable, such an environment dramatically increases the risk of unethical behavior.

Pressure to overwork. With today’s always-connected technology, the pressure to work at all hours and in all places is immense, even in companies where people and collaboration skills are valued. Not only does such an environment increase tolerance for misbehavior or unethical conduct, but it also can lead employees to focus inwardly, causing them to miss possible signs of unethical behavior.

A toxic culture dramatically increases the risk of unethical behavior. Such a culture, when combined with board and management incompetence and overconfidence, can lead to potentially devastating results. Directors and executives should be particularly watchful for signs of such cultural issues and – equally important – they should regularly reassess their confidence in their organization’s ethical standards, with as much honesty and objective self-reflection as they can muster.


Breaking the Cycle of Overconfidence and Incompetence

Knowing the warning signs of a potentially toxic culture is an essential early step, but breaking the dangerous feedback loop and the cycle of confirmation bias requires more direct action. At the highest level, these actions should be regarded as a two-pronged effort to 1) improve board and management competence, and 2) enable more accurate self-assessment of board and management capabilities.

These efforts must occur at both the board and management levels. For their part, boards should take active steps to become more competent regarding ethical and compliance issues their organizations face. This will help boards become more aware of instances when management itself is not fully competent in this area. It also will make the board more likely to address such issues before they get out of hand.

Moreover, as the board becomes more aware of its areas of incompetence, it may elect to retain new board members. The new board members should fill gaps and have a higher level of competence or form a dedicated ethics committee made up of such individuals. Additionally, board members who are more competent in this area will be encouraged to increase their active role in ethical issues. Above all, the board will be encouraged to challenge management on ethical questions and request additional information when appropriate.

For its part, management also should take active steps beginning with testing the executive team’s competence in areas of ethics through the use of measurable standards of performance. Also, training – at all levels of the organization – is an essential component of this effort.

Improving ethical competence should be a prominent feature of any training. This can be done by comparing and contrasting the existing ethical paradigms and systems of the corporation against those of better-performing peers. In many instances, the most effective ethics training draws on case studies of other companies’ ethical lapses and compares those examples to the organization’s existing system. Implementing a system designed to improve the corporation’s existing ethical culture could be another significant step.

Efforts such as these can help boards and executive teams overcome the mental pitfalls of overconfidence and incompetence without resorting to more drastic steps such as “cleaning house” or other punitive measures. Corporations that are genuinely committed to improving their ethical culture can do so most effectively by investing in their talent.

As noted earlier, a corporation’s ethical culture flows from the top. The board should be competent in recognizing ethical behavior, and in distinguishing between ethical competence and incompetence on the part of management.

But board members also must be self-aware, recognizing their own shortcomings and guarding against overconfidence – particularly unjustified overconfidence, as demonstrated by the Dunning-Kruger effect. When the board itself lacks competence regarding ethics, it must take steps to address the shortcoming either through self-improvement or the recruiting of more competent members.

Above all, if the board encounters misguidance by incompetent and overconfident management, it should recognize that any ethical shortcomings displayed by management can quickly spread if not addressed. Ultimately, directors must remember that an organization’s ethics are directly and inextricably tied to its long-term value.

During a Crisis

Although Directors may be confident in their judgment and abilities, they should always be curious, ask questions, and understand the risks, trends, and issues of the organization.

Typically, the Board of Directors’ role is to “control” and “advise”, and not to make management decisions. The rule of thumb is – “Eyes open, Nose in, but Fingers off”. 

However, in a crisis, the organization may need some Directors to be more involved and put their “fingers on” the details to mitigate risk – Remember overconfidence could be a professional hazard!


It appears to me the courts are making clear Boards must actively monitor compliance!

Some additional cases to explore –

AmSouth Bancorp

A few years back circa 2006, the state’s Court of Chancery dismissed a shareholder suit brought against 15 current and former directors of AmSouth Bancorp, including C. Dowd Ritter, the Birmingham, Ala., company’s chairman, chief executive, and president. The suit, Stone et al. v. Ritter et al., claimed the board breached its fiduciary duty by failing to institute sufficient internal controls to guard against violating the Bank Secrecy Act and anti-laundering regulations.

Later, AmSouth agreed to pay federal authorities $50 million of fines to settle charges that it had committed “systemic and serious” violations by failing to file SARs. The shareholder suit sought to force the board to repay AmSouth for the settlement’s costs.

In granting the board’s request to dismiss the suit, Chancellor William B. Chandler 3d ruled that the plaintiffs failed to make a valid case that the board consciously ignored “red flags” before the fine.

It was insufficient for the shareholders to base their case solely on a report by the Financial Crimes Enforcement Network and the hefty fines AmSouth paid, Chancellor Chandler wrote in his ruling. “This case is not about a board’s failure to carefully consider a material corporate decision that was presented to the board. This is a case where information was not reaching the board because of ineffective internal controls.”

In most cases, Delaware law requires shareholders to take up any issues with the company directly before going to court. Seth Rigrodsky, a partner at Milberg Weiss, who filed the suit, had argued that such an effort would have been futile.

Clovis Oncology

Fiduciary Duty Claim

Circa 2019, The court found that there were enough facts pled that the Board, “ignored red flags that the Company was violating—perhaps consciously violating—the RECIST protocol and then misleading the market and regulators regarding Roci’s progress through the TIGER-X trial,” and as such, denied the motion to dismiss with respect to Count I.

Under the breach of fiduciary duty claim, the stockholders alleged that the Board failed to institute an oversight system for the TIGER-X trial, and/or (ii) the Board Defendants consciously disregarded a series of red flags related to the TIGER-X trial. The court looked at the standard set forth in In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959 (Del. Ch. 1996)

Under Caremark, the legal academy has observed that Delaware courts are more inclined to find Caremark oversight liability at the board level when the company operates in the midst of obligations imposed upon it by positive law yet fails to implement compliance systems, or fails to monitor existing compliance systems, such that a violation of the law, and resulting liability, occurs.”

The court used a two-prong test in Caremark. Under the first prong of Caremark requires Plaintiffs to well-plead that the Board “completely fail[ed] to implement any reporting or information system or controls[.]” Caremark’s second prong is implicated when it is alleged the company implemented an oversight system but the board failed to “monitor it. In this instance, given that the Board reviewed the TIGER-X trials at each meeting, as well as the fact that management was publicly reporting incorrect information, knowing that TIGER-X was not in compliance with RECIST, the court found that the Caremark standard was met. Vice-Chancellor Slights denied the motion to dismiss Count I.

I welcome your thoughts and comments.  Be well and stay safe!

If you are looking for a course on developing self-awareness click here.


Jonathan Pic

Jonathan T. Marks, CPA, CFF, CFE


Attribution and References

  [i] Justin Kruger and David Dunning, “Unskilled and Unaware of It: How Difficulties in Recognizing One’s Own Incompetence Lead to Inflated Self-Assessments,” Journal of Personality and Social Psychology, Vol. 77, No. 6, 1999, American Psychological Association, https://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=0610B4BB2B973873954E7945B4B7A83A?doi=

[ii] David Dunning, Kerri Johnson, Joyce Ehrlinger, and Justin Kruger, “Why People Fail to Recognize Their Own Incompetence,” Current Directions in Psychological Science, Vol. 12, No. 3, June 2003, American Psychological Society, https://www.sscnet.ucla.edu/comm/kjohnson/Lab/Publications_files/Dunning,%20Johnson,%20et%20al.%20%28200%230

[iii] David Dunning, “We Are All Confident Idiots,” Pacific Standard, October 27, 2014 (Updated June 14, 2017) https://psmag.com/social-justice/confident-idiots-92793#.ut5zfaa42

[iv] Robert Prentice, “Teaching Behavioral Ethics,” Journal of Legal Studies Education, Vol. 31, Issue 2, Summer 2014, p. 327, http://ethicsunwrapped.utexas.edu/wp-content/uploads/2014/09/Teaching-Behavioral-Ethics-by-Robert-A.-Prentice.pdf

[v] “OnRisk 2020: A Guide to Understanding, Aligning, and Optimizing Risk,” Institute of Internal Auditors, 2019, page 5, https://dl.theiia.org/AECPublic/OnRisk-2020-Report.pdf

[vi] “Corporate Boards May Be Blind to Risks: Unique Survey Finds Critical Gap Between What Boards Think Is Going On and What’s Really Happening,” Institute of Internal Auditors news release, October 15, 2019, https://global.theiia.org/news/Pages/Corporate-Boards-May-Be-Blind-to-Risks.aspx

[vii] Annie McKee, “Keep Your Company’s Toxic Culture from Infecting Your Team,” Harvard Business Review, April 29, 2019, https://hbr.org/2019/04/keep-your-companys-toxic-culture-from-infecting-your-team

Please follow and like us:

Articles You Might Like

Share This Article

Share on facebook
Share on twitter
Share on linkedin
Share on tumblr

More Stories

%d bloggers like this:
Skip to toolbar