|
Assessing Risk
We human beings are bad at assessing risk. Consequently we are bad at mitigating risk, not having a clear idea of the risks in the first place.
Recently, I was having a chat with someone regarding loss-of-limb insurance. It's a nasty thing to have to happen to you to be sure, and getting some kind of recompense if it happens sounds great. But consider the risk you're insuring against. From the internet, I discovered that half of all 200,000 amputations in the US each year are due to diabetes. So, providing you don't have diabetes, you have roughly a 1 in 3000 chance of having to have an amputation for health reasons.
If you look after yourself, what are the chances of losing a limb due to some kind of trauma? The latest figures I found from 1996 showed a rate of 0.6 per 10,000 people. To put that into perspective, in 2005 42,636 people died in car accidents in the US, which is roughly 1.4 deaths per 10,000 population. You are over twice as likely to die in a car accident than lose a limb through trauma (such as from a car accident). Which is why I put my money into life insurance instead.
In software development, risks are everywhere. We mitigate the most obvious ones through source control, offsite backups, unit and functional tests, keeping our stakeholder informed at all times, short iterations, the whole panoply of Agile development. But what about other risks? Your lead developer walks and no one else knows how he implemented the communication layer. Your only customer is affected by the recession and cancels all development work until sales pick up. And so on.
So what risks do you consider? What mitigations have you prepared for them? What risks do you ignore because the probability of them happening is so remote? How did you assess that probability? Julian M Bucknall, CTO Comment on Julian's message |
|