The following principles are guiding the opinions behind this documentation.
Let’s defend against the ambiguity of risk language.
Too often we find ourselves speaking about completely different subjects when we discuss “Risk”.
We must protect ourselves from letting conversations about risk slip into wildly unaligned conversations comparable to unstructured debates about love, or art.
Risk has quantitative foundations we can agree on. We can pursue scientific goals while acknowledging that the “undesirable” aspect of risk may be wholly subjective.
The opinion of this documentation is that risk discussions should be structured around scenarios
Let’s make risk measurement accessible to those closest to the mitigation.
Measurement is quickly disposed if it is too cumbersome to wield. An engineer tasked with risk mitigation should be able to measure their work efficiently.
If the cost of measurement is too much for an individual, it likely won’t employed by engineers directly involved where risk is created.
The efforts involved with risk measurement should rarely exceed what can be easily learned with basic math.
Remove industry specific instructions from risk measurement.
Industry specific language leads to bias, prescription, and industry agendas.
Risk is a universal aspect of many disciplines and measurement should be commonly described.
Let’s celebrate the “post mortem” to support validated learning.
We must invest in infrastructure to observe and share failures to better inform us about risks.
Our goal is to measurably progress away from uncertainty and reduce our reliance on experts.
Assume that we’ll have failures of imagination.
Our models will be wrong. We will invest in incident response and retrospective processes.
We’ll have our umbrellas nearby whether we predict rain or not.
Let’s appreciate that risk is a single decision making factor.
Leadership still has to consider non-risk data in everyday decision making.
Risk measurement does not make decisions, people do.
Let’s assume that fully quantitative workplaces do not exist.
Some environments are just starting to measure risk under a variety of limitations.