This week two non-IT news items on what happens when you don't manage risk well appeared. The first was on the National Transportation Safety Board (NTSB) report of the collapse of the ceiling panels in Boston's Big Dig Tunnels that killed a woman. It seems that the epoxy glue holding the bolts that held up the concrete panels was of the wrong type.
The second was a report commissioned by the US Army Corps of Engineers on the decision making that led up to the failure of the levees in New Orleans. It seems that because of budget constraints and opposition of local leaders and environmental groups, that a great many decisions were made over time that incrementally increased the risks of the levees collapsing in a hurricane.
In both cases, warning signs were ignored. In 1999, bolts slipped, but the reason why they slipped was not thoroughly investigated. The Corps also knew that the existing flood walls were inadequate years before Katrina, but it found hundreds of rationalizations as why not to act.
Both of these reports should serve to remind the IT community of the importance of paying attention to the details, and the potential consequences of not forthrightly dealing with the problems when they make themselves known. They should also remind members of the IEEE of their first responsibility under the IEEE Code of Ethics:
To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment.
We tend to forget about this until after the event.
