Lorin Hochstein often has interesting things to say about how systems fail. His latest post had a section that jumped out at me.
We often have implicit or explicit risk models about the software we’re working on / with and the organisation around it. This influences how we work.
What if those risk models have bugs in them? (Hint: because this is the real world, unfortunately they will have bugs in.)
When you read the research from Daniel Kahneman & Amos Tversky, the classic model of "Degree of Risk = Probability x Impact" is flawed. Another relevant piece of research to consider is “How Big Things Gets Done” (Flyvbjerg & Gardner). The data collected by Flyvbjerg & Gardner shows that only 48% are on budget, only 9% are on budget and time, and only 0.5% are on both budget time and benefits. If you estimate your project to be average, it will, at best, be on a budget but not time and not on outcomes.