Testing contingency plans... too expensive!?

[doc_strange]

"If the risk or cost of testing failover is too high, the risk of actual failure is too high.”

That has become a catchphrase of mine. It made me wonder:

"If the risk or cost of testing a contingency plan is too high, the risk presented by actual disaster is too high.”

These may not be equivalent in value or accuracy. Discuss?

Comments

[docstrange.livejournal.com]

I agree. It could be evidence that the harm to which the risk points is hard to mitigate. One should then check the likelihood of the risk materializing over /n/ timeframe. Your approach seems akin to the Learned Hand rule in essence.

But if the cost testing of the contingency plan is high, and the risk is also likely within a given timeframe, then one should look to remediating/reducing not only the effect of the harm (as you say, the plan being better then none at all) but the risk of occurrence. That's where I come to the point that the "too expensive to test" contingency plan can be evidence of too high a risk: risk that perhaps could have been reduced in depth or likelihood. Such a plan can also be, I agree, for unlikely-but-high-cost risks, a cost that may be as much as it's worth given the low likelihood.

While the military makes plans for all kinds of extremely unlikely scenarios, I don't think business tends to - and for straight-up economic reasons; ergo if there is a plan it would be for a not-entirely-unlikely risk. That's why the comparison of my first quote (very business oriented) with the second (much broader) is interesting to me.

Good comments - thanks!