An article in today’s Scientific American (here) discusses some recent research on how willing people are to take risks when they feel secure. The article is largely about external factors that give us a sense of security, but I find it interesting because in every test case where the researchers made participants feel more secure (and take more risks, usually around finannces) they never made participants feel secure by providing them with more information – instead they appealed to the same kind of basic securities that you can find at the bottom of Maslow’s Hierarchy of Needs.
By itself, I think the most surprising thing about this study is that they were able to see these results with financial risks – an area where I would normally say risk-taking and risk management behaviors are most mature. When taken in the context of risk management more broadly, I think it’s even more interesting, as it seems to me to be exactly how we tend to deal with risk management in the larger scheme of things: projects we “feel good about” are often the projects we tend to ignore. But the criteria upon which we “feel good” are no better than the shoulder-patting confidence the study participants got – we tend to allow ourselves to feel very comfortable and confident in a project without any true evidence that the project is going well (for example, estimates vs. actuals, or requirements stability measurements, etc.). This is exactly why project failure rates are so high for IT. We have to be proactive in identifying and measuring risk, rather than feeling good and eventually being reactive in trying to address catastrophies.