This week I came across two examples of risk. One avoidable, one happenstance.
My wife is a ceramic artist and she shares studio space in an old factory building. This week she received the news that the water main supplying the sprinkler system had burst and flooded her studio to a depth of thirteen inches. Partially submerging her potters wheel and her electric kiln. To compound her misfortune she'd left her laptop on the floor, only the third time she'd left it in the studio. As I write we are drying it out: more in hope than expectation. The rupture of the main and the damage to the laptop come under the heading of happenstance or sh*t happens.
The second incident was reported in the UK and it concerned the computer system failure of the Royal Bank of Scotland (RBS). This failure resulted in some of its customers being unable to gain access to their accounts for up to three weeks. This week the bank was fined $90M by the UK's financial regulator. This fine was in addition to the $112M it paid out in compensation to bank customers and $168M cost of staff overtime to fix the problems. All told the error cost the bank $1.2B!
The reported cause of the error was deemed to be the incompatibility of their old, as in ancient, computer code and their new mainframes, an issue that had apparently been highlighted in a previous audit report but not fully addressed. Now this organization has an annual IT budget of $1B. So money wasn’t necessarily the prime cause, but poor risk assessment surely was. This incident definitely comes under the heading of avoidable. The worrying thing is that there are an awful lot of corporations who are in the same boat, with old code and a lack of willingness to fix it. Tick Tock, Tick Tock, goes the time bomb.