Keeping it Simple – Summary
Your organization and risk environment are complicated enough so you don’t need to add more complexity with your risk assessment system. KISS – keep it stupid simple – helps you have a system that is fast, efficient and effective.
- Fast in order to deliver results when they’re needed.
- Efficient to make the best use of the available resources.
- Effective because it provides the data that decision-makers need.
KISS is a system and a mindset that you will achieve by:
- Standardizing your risk management system across the organization and following industry norms and standards.
- Learning to speak risk and increasing risk literacy so everyone can participate in these discussions
- Becoming objectives-led, rather than threat-focused, so you keep your focus on what the business is trying to achieve.
- Accepting uncertainty and avoiding over-specification to avoid getting bogged down and not completing your assessment
Simple is hard but simple is also effective: don’t be fooled into looking for a more complicated approach than is necessary.