“That’s been one of my mantras – focus and simplicity. Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.”
Steve Jobs
This quote sums up the paradox of simplicity – simple is hard.
Working out what the essentials are and how to do things efficiently isn’t just hard, it can seem like more work than just sticking with the complicated path in the first place.
That’s certainly the case with risk management where we are working with several areas of complexity and difficulty:
- Organizations are complex
- Risk management is complicated
- We are dealing with multiple unknowns
- Change is hard
This would seem to be the kind of thing that isn’t just hard to simplify, but something that actually requires complexity. How can something simple be effective in this case?
If you are at NASA or running high-frequency trading models then I agree, it’s going to get complicated. However, most people – and certainly most people reading this – just need a risk management system that’s fast, efficient and effective.
- Fast in order to deliver results when they’re needed but time is scarce.
- Efficient to make the best use of the (usually limited) resources available.
- Effective because it provides the data that decision-makers need to help the organization achieve its objectives.
Anything that is slow and complex will fail each of these tests. Even if you produce a thorough report, it’s often too late or too confusing to use.
We need to KISS – keep it stupid simple
We need a stripped-down system which delivers results with the speed, efficiency and effectiveness that most risk managers need. At the same time, the system still has to adhere to relevant standards and produce useable results for all but the most technical edge cases.
Even though that’s what I’ve tried to do from the start, the aim is to make what I’ve already written even more simple and straightforward.
A system and mindset
However, KISS risk management isn’t just a system. Just as importantly it’s a mindset. Using a KISS approach won’t work if you judge success on the number of words in the final report.
Taking a KISS approach requires you to accept uncertainty, embrace simplification (even if it feels like over-simplification) and understand that you might not be right first time.
This might come across as sloppy but it’s not. Instead, it’s about being realistic.
We don’t have unlimited time and resources and we certainly don’t have all the information we need. Moreover, even if we did, we are trying to peer into the future so we will still get some things wrong.
So KISS is also about being realistic about what risk management can achieve with limited time, limited resources and limited data while still giving decision-makers what they need.
The exact process and steps will differ depending on your organization, location and sector. But a simple, lean approach should be something that should benefit any risk manager.
So no matter what your speciality, industry or level of expertise, please take some time to think about what you can strip away, cut back and simplify. Start taking a KISS approach to your risk management system and you’ll quickly see the investment pay off.
6 thoughts on “KISS – easy to say, harder to achieve”