Strategy / Product / OpsLong (years)Detectability: Moderate
Risk matrices treated as evergreen artifacts
A safety program used a risk matrix that was rarely revisited; teams assumed it remained aligned with real exposure.
“Silence is not stability.”
Decision summary
- Year
- 2016
- Failure mode
- Artifact ossification: governance tools became static while the system moved.
- Silent failure window
- 1–2 years: drift accumulated gradually and was masked by compliance with the existing artifact.
The original logic
The matrix was industry-standard, audited, and had produced “reasonable” decisions historically. Updating it was politically and operationally difficult.
Key assumptions
- Likelihood and consequence bands remained representative as operations evolved.Confidence at decision: MediumExpected lifetime: 12 months
- New hazards would be captured via ad-hoc updates and local reviews.Confidence at decision: LowExpected lifetime: 6–12 months
What changed
Automation increased throughput and changed exposure patterns; small incidents became more frequent. The matrix still “approved” decisions that were reasonable years earlier but no longer aligned with current operational risk.
Outcome
A sequence of moderate incidents triggered regulatory attention and an overhaul; the organization discovered it had been “following the matrix” while departing from real risk.
Early warning signals (missed)
- Rising near-miss frequency in categories the matrix labeled “unlikely”
- Mismatch between leading indicators and matrix-based approvals
- Local workaround policies proliferating without governance
How AssureAI would have helped
- Treat the matrix as a decision with assumptions and expiry, not as an evergreen document.
- Link leading indicators and near-misses as signals tied to the underlying assumptions.
- Decision review cadences that surface drift before audits force change.
Non-obvious lessons
- Compliance can be a form of blindness when the artifact is stale.
- Risk tools must evolve with the system they describe.
- Governance that cannot change becomes governance that cannot see.