I love building the tools and processes – the engines – that risk managers need
My name is Andrew Sheves and I have been working in risk and crisis management and corporate security since 2002. My bio and the corporate photo below show me in full corporate consultant mode but when I started back in 2002, I had limited knowledge, limited time and very limited budget.
I had a lot to learn a lot to do my job properly.
So most of what you will find here began with me asking ‘how would I explain this to the 2002 version of me?‘
Because the 2002 version of me was definitely in need of help.
Most of what I’m striving to do now is to keep things simple. Risk management can become complicated and there might be times when that’s appropriate but for most people, a simple set of tools and processes are all they need. That’s what I’m trying to provide here and I hope you find the material useful.
The corporate bio
Andrew Sheves is a risk, crisis and security manager with over 25 years of experience in the commercial sector and in government.
Previously, Sheves was a Director at Regester Larkin (now Register Larkin by Deloitte), a specialist crisis management consultancy. There he provided risk and crisis management support worldwide to clients from multiple sectors including oil and gas, pharmaceuticals and engineering services firms.
Between 2002 – 2011, Sheves worked at Control Risks and Drum Cussac delivering security and risk management support to organizations at both corporate and site levels, focussing on the Middle East and Africa. He began his career in the British Army where he served from 1991 – 2002.
Sheves is a risk-management consultant and is the creator of DCDR.io, a risk management software platform. He also publishes free tools, resources and training for those interested in risk management as he believes we all benefit from a better understanding of risk.
What I’m trying to do
Startup mission statements often end up like poetry written by teenagers: very earnest and passionate but a little hyperbolic, pretentious and exhausting for the reader. That said, there’s a great deal of value in writing your mission down and having a clear idea of why you are doing what you’re doing. Otherwise, you’re expecting everyone else to do the hard work of sifting through your work and picking out the common theme.
I wrote a grandiose, self-righteous mission statement when I first started out but was so embarrassed by my work that I immediately unpublished the page. However, my self-importance wasn’t the only reason I took this down: I also needed some time to work out what it was I was trying to do exactly.
First, some more backstory
Flashback to 2002. I had left the military and was working as a commercial risk and security manager. I had some experience in the practical aspects of things but limited formal education in risk management. I needed to learn more and wanted access to the tools I needed to do my job but kept hitting a blank wall. I had to make things up or learn on the fly as I went.
Over the intervening years, I kept looking for better tools but couldn’t find any: we’d end up building things to spec for each project.
I also wanted better educational materials but, again, these were hard to find. I completed an MSc in Risk, Crisis and Disaster Management which was great and taught me a lot but exposed a yawning gap between nothing and an MSc. There’s no equivalent of A-level or AP Risk.
I wanted better risk assessment software so built more and more complicated spreadsheets. I designed and prototyped an app way back in 2005 but couldn’t persuade my firm that this could be a revenue generator and this died off (except for the idea that lived in the back of my mind).
Sadly, not a lot changed between 2002 and when I started out on my own in late 2016 so I knew there were gaps that needed to be filled, I just wasn’t sure how to fill them. I started writing guides and designing templates and building tools to see what might help fill these gaps. This resulted in over 50 articles or posts, a free introductory training course, dozens of tools and templates, a piece of software and lot of lessons learned.
What I’ve learned and confirmed in 30 months
In the subsequent two and a half(-ish) years, I’ve been able to verify and validate some of my ideas and gotten rid of others. That’s helped me focus in on what it is I want to do (my mission) and get a better sense of how I will do that (what I can offer). I’ve learned that my original instinct was right: there’s a real need for simple, accessible risk management training.
Simple because whether people are just starting out or have been a risk manager for decades, they want simplicity. For too long, the complexity of risk management led to more and more complicated risk management systems. But this missed the point: just because the situations and solutions are complex doesn’t mean that you need a complicated system to understand these. That’s like trying to accurately measure something on a wobbly platform. This just makes things more difficult and time-consuming and the one thing none of us have enough of is time.
Accessible because there are too many barriers to accessing risk management knowledge. These could be financial barriers (high prices), organizational barriers (proprietary materials) or people who don’t want to admit new members to the club (gatekeepers). The upshot is that even basic knowledge is hard to access for many people.
Mission & guiding principles
My mission is to provide high-quality risk management resources to as many people as possible so they can manage risk more effectively and be more successful.
To do this properly, I also need to stay true to some guiding principles:
- The basic materials should always be free
- Materials should be aimed at the individual / small team
- Everything should be as simple as possible
Over time, the mission might get tweaked a bit and there may be some additional principles but I think that this is a good start. It’s what I want to do, what I think people need and, importantly, it’s something I’m excited about and committed to.
Ok, enough about me. Time to get back to work.