Swiss cheese, revisited

I am reminded of the Swiss cheese model for managing risk.  See https://infogovnuggets.com/2014/10/02/swiss-cheese/.

The awful shooting at the church outside San Antonio.  How many controls to manage the risk of a lunatic buying a gun failed?  Certainly, the Air Force failed by not recording the circumstances of his dishonorable discharge and related matters. (Was this systemic?  What about other branches?  Were there incentives/disincentives?)  And the fact that he had been in a mental institution wasn’t in the data base either. Who else failed?

And what about the self-certification, where a gun buyer needs to certify that he/she hasn’t done a bunch of bad things, which in turn is confirmed by the background check?  Do self-certifications work?  How much do you rely on having your employees sign an annual certification that they’ve read and understood (and don’t know of any violations of) your Code of Conduct?  Does that provide any protection?  Or does it just give you false comfort and a metric to measure?

 

Advertisements

Leave a comment

Filed under Compliance Verification, Risk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s