Posts

If you’ve ever read anything about software start-ups, you will have heard the term MVP (minimum viable product). The idea is that you create something that does the bare minimum necessary to allow you to test your idea. This lean, minimalist approach lets you produce something quickly, test your assumptions and then use this feedback to go on to develop something more detailed or comprehensive. This is in contrast to building a fully functioning piece of software up front which might mean that you invest a significant amount of time and effort only to find out that you’ve missed the mark. ...

‘risk – the effect of uncertainty on objectives’ ISO 73, Risk Management Definitions A risk is something that will have an effect on your objectives, good or bad. So you might have something that threatens your success (a downside risk) or an opportunity that could help you on your way (an upside risk). There are lots of ways to break a risk into components but most include a combination of a thing that can happen (a threat or opportunity), how likely that thing is (the likelihood) and what its effect might be (the impact). ...

“That’s been one of my mantras – focus and simplicity. Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it’s worth it in the end because once you get there, you can move mountains.” Steve Jobs This quote sums up the paradox of simplicity – simple is hard. Working out what the essentials are and how to do things efficiently isn’t just hard, it can seem like more work than just sticking with the complicated path in the first place. ...

You say either and I say either You say neither and I say neither Either, either, neither, neither Let’s call the whole thing off “Let’s call the whole thing off” George and Ira Gershwin It’s good to have an idea of what you are going to be talking about before you start any discussion, but this is vitally important when you are talking about risk. The word is used conversationally and technically in lots of different ways so we need to be clear that we are all speaking the same language to avoid confusion later on. ...

After the core elements of the risk and incident modules themselves, adding risk mitigation this was the most requested feature people asked for. We rolled this out as a beta feature in December and I’m pleased to say that testing, tweaking and tinkering is over so this feature is ready to go for all TEAM and PRO users. You can now add mitigation for individual risks, allocate an owner and add a due date, all within the app. Any active ‘to-dos’ you have will show up in the ‘My Open Actions’ panel in your dashboard. ...

As a risk manager, you will often be asked to explain the RoI (return on investment) of you, your team, even the whole risk management program. Effective risk management can help an organization grasp an opportunity and realizing an upside risk should generate a positive RoI. However, when you are focussed on shoring up a weak system, plugging gaps and minimizing risks, showing an RoI can be hard. Even so, an inability to show a positive RoI in a cost-conscious environment can threaten investment in your team. It can even make people question the value of the program as a whole. ...

‘Lean’ is a buzzword in software development describing an approach where you conduct lots of short, fast experiments and iterate depending on the outcome. ‘Lean’ also conjure up images of a racehorse or athlete. Fit, powerful and ready for peak performance. ‘Lean’ can also means stripped of anything superfluous and free of frills. Your risk assessment process needs to include elements of all of these. Your need a lean risk assessment process. ...

There are lots of reasons you might be looking for risk management software but there’s one thing that everyone wants. More time. DCDR doesn’t have a time-travel module but the app does help you get back time. A lot of time, in fact. Time that you’d otherwise spend entering data, formatting reports and creating graphs and charts. **However, we also noticed that people often don’t even have the time to get set up on the system in the first place. ** ...

Your biggest risks aren’t usually the ones staring you in the face The big ticket items – the ones that are at the top of everyone’s list, the first thing the CEO wants to talk about – aren’t usually the biggest risk you’re facing. These might be the biggest threats. These might reflect everyone’s biggest fear. But because these are so well known. Because these get so much attention, you’re probably spending a lot of time and effort on these risks. The result is thatthese are closely monitored, well mitigated and heavily managed so the resultant risk is relatively benign. ...

It was the highpoint of a recent meeting with a large firm’s corporate security team. While we were showing them around DCDR, the CSO leaned over to a colleague and said “I love the simplicity“. Cue smiles from our side…. Our intent was always to make the best piece of risk management software possible and a key part of that was to keep things simple. However, as time goes on, it’s easy to lose sight of the original concept, to add ‘just one more feature’ and eventually end up with a Frankenstein’s monster which looks nothing like your original idea (and that everybody hates). ...