Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Podcast title Image

Risk Management for Building Robust Organizations

Podcast host Sam Massey | Podcast guest Anthony O'Connell
May 22, 2020 | 32 min 11 sec

Listen on these platforms

Brief summary

As many leaders have discovered the hard way, having the right risk management strategies in place can be the difference between success and disaster. Anthony O'Connell, Principal Consultant at Thoughtworks, discusses how risk identification and mitigation allows organizations to build resilience into their business. If you are a digital leader, wanting to create more robust services for your customers, this is the podcast for you.


We need to take a risk-based approach to failures. There are some good tools that force you to think about or create these artificial failures. And then we ask engineers who are really good at problem-solving to think about the mechanisms by which these failures can happen? And then we can say, "How should we build more resilience along those pathways? What controls should be put in place? 

if you can educate or train people who make the decisions on the consequences of the decisions they make and therefore the risk management processes and procedures, then hopefully they will make better decisions.

I think risk and risk of and security can sometimes be treated as a compliance exercise and they don't really give much value back to the business.

A common mistake is simply reporting risks and doing nothing with them, not actively using them to make changes to the services or the way in which an organization does business so that we can reduce the chance of those things becoming failures and impacting people.

There's huge opportunity. I see this and it's not just let's build a bigger system because that's not the answer. It's not what we're trying to do. It's like saying, "Look, the car isn't fast, let's stick another engine in it." It's not like that. It’s thinking about it from a resilience point of view.

You could also take this approach to building rapidly connecting modules or rapidly connecting systems to build new services really fast. If you can design these systems with a risk-based approach and they can automatically scale, you can plug them end to end and just increase your capacity as required and produce a very resilient service in a very short space of time.

I think you'll find a lot of governments, progressive ones, will do a bit of a stocktake of what systems we have and what ones didn't hold up really well in this crisis and why. I'm hoping that's going to be one of the good outcomes of this. It's going to force us to think that way.

The point of risk management is not to eliminate risk because you can't. It's not possible to eliminate all risk. The point is to understand what risks you're introducing into a system by the decisions that you make such that you make the best decision you can at the time and you avoid those decisions that present an unacceptable risk that you can't back out later on.

It's important that we move the risk based approach as far up into the design phase so that when we're making early decisions, whether it be architectural decisions, whether they be accessibility decisions, whether they be user experience decisions, all those design decisions are the ones that are going to benefit most from a risk based approach.

More episodes
Episode name

Don't miss out on the latest episodes; subscribe today