Your organization and risk environment are complicated enough so you don’t need to add more complexity with your risk assessment system. KISS – keep it stupid simple – helps you have a system that is fast, efficient and effective.

• Fast in order to deliver results when they’re needed.
• Efficient to make the best use of the available resources.
• Effective because it provides the data that decision-makers need.

KISS is a system and a mindset that you will achieve by:

• Standardizing your risk management system across the organization and following industry norms and standards.
• Learning to speak risk and increasing risk literacy so everyone can participate in these discussions
• Becoming objectives-led, rather than threat-focused, so you keep your focus on what the business is trying to achieve.
• Accepting uncertainty and avoiding over-specification to avoid getting bogged down and not completing your assessment

Simple is hard but simple is also effective: don’t be fooled into looking for a more complicated approach than is necessary.