Reflections after five years of KISS risk management 

I started the KISS risk management project five years ago with the idea that risk management was being made too complicated and there were too many gatekeepers in the way. That makes it hard to get started in the profession, which robs businesses of a broad range of perspectives and viewpoints (a risk in itself). But this lack of general risk intelligence also makes us all worse off: we need people to make risk-based decisions in all kinds of situations.

Along the way, I realized that most of the material available seemed to assume you already understood risk and risk management. Everything seemed to be written at a college or grad school level – there were no middle-school or high-school risk management courses. 

With these two ideas in mind – open access and making things as simple as possible – I started the KISS risk management project back in February 2017.

So after five years, I thought it was worth taking stock and seeing what I’ve learned along the way. I’ve summarized five big things I’ve learned below – all of which are, hopefully, takeaways that will benefit you too.

There’s still a need

Tens of thousands of people have read the posts on my blog, and thousands more see my stuff on Quora, Medium, and elsewhere. Almost 4,000 have taken my free Risk Management Basics Course, hundreds have bought the books and downloaded the guides*. And these are just the people I see – there are many more out there looking for this kind of information, and the interest doesn’t seem to be slowing down.

What’s the takeaway?

  • For me, it means that my initial hunch was correct, and I should keep doing this.
  • For you, it means that there are people out there who will benefit from your knowledge of risk, so please share it.

(*These numbers were pleasantly surprising, TBH.)

Simplification is hard

There’s a quote in my head (but sadly out of reach of my memory and Google):

“If you want a thousand words, I can get it to you this afternoon but, if you want a hundred, give me a week.”

(Let’s just say it was Mark Twain who seems to be responsible for all internet quotes.)

Whatever the exact origin, the point is that taking any complex idea and explaining it simply, clearly, and succinctly is hard. You need to know your subject matter inside and out and, as I’ve discovered, be willing to attack your ideas quite forcibly yourself before anyone else gets there.

If you’ve read father back in the blog, you’ll have seen this as I’ve returned to some of the core themes over time. The original versions of some pieces were 3,000 – 4,000 words long but, by the time I came to write Beyond The Spreadsheet, some had shrunk by 90%. And in addition to some welcome brevity, I think the ideas got stronger as I revised them. The second or third version is always a cleaner, tighter idea that’s easier to understand and stands up to scrutiny.

What’s the takeaway?

  • For me, it means that I need to keep doing grinding through the first draft of ideas, knowing that the final, short, focused version is much more valuable and useful. (Plus, I need to remember to appreciate your patience as I thrash around in my confusion.)
  • For you, you can use the same approach with just about any idea you need to share by writing it down and sitting with it for a bit. By the time you’ve let it sit for a while, and beaten the ideas up a bit, what you end up with is a better, more straightforward, more robust idea or argument.

Things are more similar than they are different

Of everyone who has taken my training, some of the biggest ‘repeat offenders’ organization-wise are from a financial regulator, the DoD, and a packaging firm. On one level, these have nothing in common. But, these folks all needed a basic introduction to risk management, and the same basic concepts, processes, and ideas worked for them, people from three very different organizations. 

And it’s the same when you start managing risks and issues. The specific details may differ, but many of the risks organizations face originate from some common threat vectors. And the way they behave is startlingly similar, no matter how much they tell you ‘but we’re different”.

That’s why even though what I’m sharing isn’t one-size-fits-all, it’s undoubtedly one-size-fits-many.

What’s the takeaway?

  • For me and you, focus on the simple, common, shared attributes of things instead of over-indexing for what’s different.

Simple works

Apart from some highly technical industries (such as financial services), simple risk management techniques work pretty well. In fact, even financial services firms still have a lot of risks that can be identified, assessed, and addressed using simple techniques – you don’t need a quantum computer to work out that your toxic work environment is a disaster waiting to happen.

Simple works more often than not: the simplest explanation is often correct, the simplest solution is the most effective, and the simplest process the most durable.

What’s the takeaway?

  • For me and you, it’s to stick to the original idea – keep it stupid simple.

There’s more I’ve picked up over five years as you’d imagine (such as not having three websites!?!?!?!), but these five points seemed to be most salient and, I hope, beneficial to you too.

Photo by ANIRUDH on Unsplash

What do you think? Leave a Reply