The anatomy of risk assessment: beneath the flesh

If you can recall, the prelude to this post applauded Thom Langford’s inventive approach to risk assessment, focusing on its clever analogy to the human body. We thought it decidedly creative, a style that can and should be used in risk management strategies. This blog, keeping in line with the lexicon used, will thus move on from the exterior to the interior: beneath the flesh so to speak.

Mr Langford, senior manager at Global Security Office, Sapient, explored risk management using body parts as a hook from which to peg various ideas. From the outset, he looked upon the feet as being the foundation of risk assessment, which, any lover of Pablo Neruda’s poetry will know, support the body, and as such, heart and soul.

The feet, he explained during his presentation, are equivalent to purpose. Everything stems from this, questions like what is it you’re doing, why are you doing it, what methodology do you plan to use and what is hoped to be achieved?

From thereon in, he went straight to the brain, polar opposites geographically, but metaphorically linked. This is where ideas begin to take shape – the setting of foundations. Planning and preparation is important, mapping the assessment and beginning to flesh out the questions you generated early on help give weight to your endeavour. As Mr Langford noted during the talk, this is all common knowledge, but it is worth repeating.

You see, without proper planning, you run the risk of a protracted and inefficient process of labour. Take heed from Alan Lakein, the self-help businesses author: “Time equals life, therefore waste your time and waste your life, or master your time and master your life.” Without a brain, we are the walking dead.

The eye – a favourite of Mr Langford – is a tribute to empiricism: it’s all about observation, right from the get go. Like a newborn child soaking up the new landscape of the world, those carrying out a risk assessment need to be greedy for detail and scrutinize every feature going. This isn’t to be mistaken for excessive fastidiousness, but a genuine ‘eye for detail’. It all helps to inform the final conclusions and recommendations.

The ears for us, are a fantastic instrument in risk assessment. Ironically, one of the highlights of the talk was the concept of silence. For example, ‘force’ a silence between yourself and the client when you’re not satisfied with their engagement. How? Well, consider the idea that humans have a penchant for filling in ‘the quiet’. Let a hushed atmosphere descend: nine times out of ten people will say something. It’s fascinating stuff.

In contrast, the mouth is a vessel in which the opposite strategy is deployed. Ask, ask, ask, or as Mr Langford says, ask the ‘stupid questions’. Why? Well, there are no stupid questions, and more importantly, this kind of diminishes the notion that you are there to simply tick boxes: you are actually there to deliver change. This is another brilliant analysis that helps increase the chance of unintended outcomes. The data might be harder to analyse – it’s qualitative after all – but its overriding benefit is its richness.

As the classic saying does decree in all its earnestness, follow your nose. Again, obvious stuff, but worthwhile in how you go about conducting business. For example, if everything is fantastic from organisation, rapport, to the cup of tea you get from your client, the chances are they have good risk management policies. If everything is contrary to this, well, then roll up your sleeves, this is going to get dirty.

We can bypass his reference to lungs, it’s tenuous, but as for hands, these are the ‘bread and butter’ of the game: accessing documents, opening doors, and unlocking computers. Nothing is off limits. Let your hands have liberty of exploration, because, you have to go with your gut – clever link even if we say so ourselves – because you, as an expert, know what feels right and what doesn’t.

Put all of this together and you not only get a fairly comprehensive, albeit non-textbook tract on how to perform a human risk assessment, but an authoritative guide to conducting an audit that produces focused outcomes. As Mr Langford concludes his presentation he mentions that risk assessment shouldn’t be an inconvenience, it should be collaborative, open and constructive, a piece of work that ends with both parties feeling that they got something beneficial out of the exercise. That’s the kind of world we’re striving for.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy