You say either and I say either
You say neither and I say neither
Either, either, neither, neither
Let’s call the whole thing off
“Let’s call the whole thing off” George and Ira Gershwin
Before you start any discussion, it’s good to have an idea of what you are going to be talking about, but this is vitally important when you are talking about risk.
The word is used conversationally and technically in lots of different ways so we need to be clear that we are all speaking the same language to avoid confusion later on. (Once you start adding the complications of how we actually perceive risk, it’s going to become a lot more complicated.)
This can become a huge problem in a technical setting where we all think we are taking the same language. Unfortunately, this often isn’t the case and I saw this first hand on a large risk assessment project a few years back.
After several months of collecting information and building risk assessments for each component, we gathered to bring everything together. Half-way through the meeting, someone raised their hand to say that they had been using a different set of definitions and a slightly different risk assessment process. This was incompatible with everyone else’s work, so we had to go back and try to unpick all of his data and revise it before we could go on.
Worst of all, we could have avoided this whole issue if we hadn’t assumed that we were all talking the same language. We should have clarified terms at the outset.
There are five commonly used risk management references and dozens more regulations, guidelines, or company-specific processes. Many of these will have a different definition of risk and its various components. Worst of all, some of these differences will appear to quite subtle but make a big difference.
So the first thing you need to do is check you are using the same language. Ask ‘how are you defining risk?‘ or ‘help me understand what you mean by that?‘.
If you are using a standard (which is often a good way to start), simply refer to that but make sure everyone puts aside their own ‘pet preferences’ so that you are using the same definitions and processes. And don’t forget to orientate new project members or to explain the process to anyone you are reporting to because they might have their own preconceptions of what ‘risk’ is
Get everyone on the same page this as early as possible, make sure you are speaking the same language and you will save yourself a lot of time and effort in the long
Andrew Sheves Bio
Andrew Sheves is a risk, crisis, and security manager with over 25 years of experience managing risk in the commercial sector and in government. He has provided risk, security, and crisis management support worldwide to clients ranging from Fortune Five oil and gas firms, pharmaceutical majors and banks to NGOs, schools and high net worth individuals. This has allowed him to work at every stage of the risk management cycle from the field to the boardroom. During this time, Andrew has been involved in the response to a range of major incidents including offshore blowout, terrorism, civil unrest, pipeline spill, cyber attack, coup d’etat, and kidnapping.
Andrew has distilled these experiences down to first principles to develop the KISS Risk Management framework, a straightforward, effective and robust approach to risk management. This aims to make high-quality risk management tools, resources, and training accessible to as many people as possible, particularly those starting out in the field of risk. He has also developed the dcdr.io risk management software platform and several online assessment tools to complement the KISS framework.
Andrew has an MSc in Risk, Crisis and Disaster Management from Leicester Univerity and has written articles for several publications including the RUSI Journal, ASIS Security Manager Managzine and the International Association of Emergency Managers Bulletin.
Email – andrew@andrewsheves.com
Website – https://andrewsheves.com
Software – https://dcdr.io
Linkedin – https://www.linkedin.com/in/sheves/