A title from Seth Godin's blog.
The essence of risk management is: decide the adequate measure at the time when the risk is exposed, not when it eventually happens. This is easy if it is expected that a risk has a structure in a certain sense.
As I have written in VaR of the Jungle such a measure can be: building a fence in a way that inside the conditions are quite clear and only a few days when you stay out of the fence the dangers are greater and the conditions less known.
However if you live in the false comfort that you know the conditions it is even more dangerous when the leopards and snakes materialize inside the fence ....
At the other hand organizations that are constantly looking for new emergencies, do not know what to do when there are no problems.
If we looked into a long period of history many scaring events have happened .... not only leopards, but saber toothed cats and other giant creatures. And those "memories" might drive an evolution of anxiety paralyzing our actions?
However good risk mangers know: there is optimal risk and good risk management is the result of explorative learning and cool analytics.
I increasingly observe that financial institutions complain that IT costs are too high and eat significant portions of their returns. That was no-problem in boom times.
How to change your highly integrated, if not monolithic, IT infrastructure? Take the core functions of the business and build a new one around them, evolutionary. There are real options ...