From Problem Solving to Solution Design: Second, set your goals and design solution options

In our previous blog post we shared the Identify process of solution design. This is the first of 5 steps from our I.D.E.A.S. Framework, fully detailed in our book From Problem Solving to Solution Design (Campos & Campos, 2018). There are multiple potential challenges in each step of the I.D.E.A.S framework. I’ll be focusing on just one challenge per article in this series.

After we Identify the problem, next we Design a solution by setting goals and assessing options. This process, when well thought out, increases the odds for having the essential problem addressed by sustainable solutions.

It’s not unusual to find yourself in a situation where the problems you identified are part of a dynamic environment, affected by constant changes that require you to revisit your goals and your options regularly. This is where technology and software can be very helpful in making sure everything is being tracked and recorded appropriately without any information getting lost.

While these changes are occurring, it’s important to have a process that allows you to be consistent with your approach, even in the most unstable scenarios, to help you to focus on the essential problem you need to address—the one you identified as the root cause of your headaches. In addition to technology, using risk management concepts can be a very effective way to help you keep consistency throughout the design process. You will be able to define criteria to prioritize the problems to solve, evaluate solution options, and avoid the trap of ending up in an eternal crisis management — what we call “fire drill” mode.

Key challenges in the Design step include:
  1. Defining the solution goals.
    TIP: Create objectives out of stakeholder concerns to create effective solutions.
  2. Assess your solution options and pick the best one.
    TIP: Numbers don’t lie.
  3. Make the right choices when it is time.
    TIP: Compare the final options, negotiate trade-offs and renegotiate stakeholder commitment to solving the problem.
  4. Risk management.
    TIP: Work with your stakeholders from the beginning, putting values to objectives, and stick to an objective approach of “option evaluation”.
We’re going to focus here on Challenge #4 – Risk Management.

Establishing some sort of a process will help you keep consistency through changes. We talked about the need to step back and revaluate assumptions and actions constantly, and this movement can create instability. Using basic risk management concepts will help build a process that will keep you on track during your Solution-Design journey.

There are several risk management methodologies available, with a variety of tools from
simple tables to sophisticated
mathematical risk assessment
models. We will present basic
concepts based on definitions
provided by the Committee of
Sponsoring Organizations of the
Treadway Commission (COSO).
COSO is a joint initiative of five
private sector organizations in
the financial, accounting, and
auditing fields, dedicated to providing leadership through the development of frameworks on enterprise risk management.

The general definition commonly found in dictionaries for “risk” is “potential exposure to danger or loss.” By definition, there is an expectation that something will be negatively impacted. You want to obtain enough information to plan actions that could avoid this “something” from happening, or to minimize the impact in case this “something” does happen. This is a very simple way to define risk management.

When you are tasked with designing a solution for a complex problem, in addition to breaking your problem into smaller ones, setting up your objectives, and assessing your options, you can gather and organize information around the smaller problems in a way that anticipates the likelihood of something negatively impacting your objectives. A straightforward way to visualize the prioritization of your actions is a chart assessing impact vs. likelihood.

The problem you need to prioritize is the one with the highest impact and highest likelihood of materialization. With the ones where only one of those factors is high, you may decide not to do anything about it right then but to keep an eye on them. And with the ones where both impact and likelihood are low, you might just accept the risk. This is based on risk management principles.

Here is a Case Study example demonstrating risk management concepts:

The Problem: David Lewis has a plan to revamp the overall supplier management practices for his company’s cybersecurity department. He has decided to design a solution to implement a more efficient way of prioritizing contract reviews.

The Issue: The existing review process for contracts was reviewing some suppliers in a large spend but low risk category yearly, while completely excluding suppliers that supported strategic and sensitive initiatives.

David started by creating a risk profile category he called “services,” defined by the primary line of services each supplier provided to his company. He had learned through his professional experience that suppliers providing outside legal counsel or travel services deserved stricter levels of contract management reviews than the local power company did. Then he listed additional risk profile categories: “financial risk,” “privacy and information security risk,” “regulatory risk,” “location risk,” and “exit strategy risk”.

Once David established the risk profile categories, he attributed criteria to each category.

Then David attributed weights to calculate each supplier’s inherent risk (IR), which is the risk associated to the engagement with the supplier before considering any controls in place—a contract, for example.

Finally, by ranking suppliers’ IR (applying the calculated IR to the criteria), David got what would be the contract review cycle for all of the suppliers in the company’s database.

In summary, David was able to use basic risk management principles to design a solution by building a framework that could demonstrate to his management team—and to his auditors—that there was a consistent contract review process in place.

In our next article we will look at “E – Engage” from our framework and review another challenge and case study.

Key Tips for the DESIGN Step:

  1. Define your objectives and get all your stakeholders on the same page.
  2. Assess your options—map them, assign weighting, and negotiate trade-offs.
  3. Use a verifiable approach to bet on the best solution.
  4. Use risk management concepts to support your prioritization assessment and keep an eye on additional options.

Click here to read the Introduction to this series.

Click here to read the previous post, Identify the problem.


  • Click here for more on From Problem Solving to Solution Design
  • Click here for a free chapter from the book.
  • Are you offering solutions that matter? Click here for a free Solution Design assessment
  • Click here for additional articles, interviews and podcasts



J. Eduardo Campos, EMPA CISSP CPP (He/Him)

Board Member | Author | Executive Coach | Advisor
Talks about #ciso, #cybersecurity, #executivecoaching, #leadershipdevelopment, and #artificialintelligence