Is Risk Management too risky?

[Jack Ring]

Is Risk Management too risky? How to quantify the risk of being naive about risk? Is there a better way to protect stakeholders from surprise? Risk Management tends to focus on threats external to a system whereas Integrity Management focuses on removing internal weaknesses. As system situations become more complex and dynamic should we graduate to the kind if thinking typified by Eli Goldratt’s Theory of Constraints or George Friedman’s Constraint Theory? How important is this? For example, autonomous aircraft must be certified for operation in the national airspace. Certification must convince the public as well as commercial pilots. Will compliance with FAA safety standards such as DO-178 B and C for flight critical software and DO-254 for hardware be sufficient?