Boy, can we complicate things!


Hello everyone,

Man has landed on the moon!

But, not recently it was over 40 years ago man achieved this complicated feat!

So, why do I talk about this event?

Quite simply because when it comes to risk management we somehow seem to have complicated something that has been in existence since the dawn of man, yes since the dawn of man.  The day we stood up and first assessed our surroundings we were considering the risks.  The risks of being killed by that beast in the wilderness where our only form of mitigation was “fight or flight”.

Did we make risk management that complicated back then?  Imagine that same caveman not leaving the cave until he had completed his mandatory compliance training and read 30 pages on risk management processes!  Ok, now I am over simplifying a little but bear with me, I do have a point.

So, today when we start responding to feedback on our practices we always seem to start by generating a complex process document, a swag of policies, a set of sign offs that take months and then we implement an approach that is directive based and is not engaging to the audience.

For me, that is the real problem with risk management – we have lost the audience!  We have made everything so complicated that no longer can man even go to the moon.  If the lunar missions were happening now it would most likely take us 10 years longer because of the additional processes that would be placed on these missions!  Actually that is why it is taking us 20 years to get back to the moon!

So, what does this all mean?

To me it means keeping risk management simple.  So here are my principles for risk management for the caveman:

  • Think about the process end-to-end and assess your risks and your controls;
  • When something goes wrong, consider the who, what, when and why (use 5 Why’s) and then come up with a how;
  • Make sure that if it is more than just you (the single cave person) that you establish a simple process for making decisions, monitoring the decisions and events, and improving outcomes; and
  • Finally, make sure you speak “cave person” and that means adapt to the evolution of “cave person”.

If you want to know more just drop us a note.

Over time, I am specifically working on the final point and may share some of what I am doing.


Scott North has extensive experience in enterprise risk management, internal audit, operational risk and compliance, risk strategy, scenario planning, technology risk, technology business analysis, systems design, financial accounting, and management accounting. Scott is a Fellow of the Australian Institute of Chartered Accountants with a Masters Degree from the University of Melbourne in Business and Information Technology. Scott is also a Fellow of the University of Melbourne.