SimpleRisk uses the csrf-magic library to include nonces in posts in order to prevent Cross Site Request Forgery attacks.  When this library is first initialized, it creates a csrf-secret.php file located under the /includes/csrf-magic directory.  You will likely see this error message if you are running multiple SimpleRisk instances behind a load balancer.  To fix it, just make sure that the $secret variable is the same in each copy of this file on each SimpleRisk instance.