While there is no shortage of articles, white papers, books and model frameworks for enterprise risk management (ERM), the majority of them share a common omission in their discussion of key risk categories: cognitive bias. The very fact that ERM is driven by risk assessments created by the human mind means that bias is naturally embedded into estimates of risk impact and likelihood. At a deep level, inconsistency and fallacy are hardwired into our brains. This paper provides an overview of those cognitive biases most often responsible for flawed risk assessments and provides practical techniques to mitigate them. Through a combination of mathematical rigor, case study, metaphor, and logic, the author highlights systematic errors in our thinking about risk and provides ways to avoid them.