The Y2K Effect
We all remember the Y2K scare. The Internet could stop; banks would not be able to process transactions; traffic lights would cease to work; the world as we know it would come to an end. Not much happened. Was it all an overblown scare campaign, or did we do such a good job that all the risks were addressed in time?
Here is a simple example of what might have happened had it not been addressed. The issue was that some systems only stored years as the last two digits. Imagine this. A bank account calculates interest annually. It calculates it at the end of 1999 by deducting the current date from the previous interest payment. 99 – 98 = 1 year, and multiply it by the amount in the account and the interest rate:
(99-98) x $500 x 5% = $25
Next year, it does the same calculation:
(00-99) x $500 x 5% = -$2475
Imagine that error crept into not only financial calculations, but also into calculations of dates and times. Into electrical control systems that work in real time to switch power generation off and on, to your electricity bill, to your traffic lights that get confused as to how long they stay red at midnight on 31 December 1999.
The reason there was so little disruption is that we did a good job. As someone who was consulting to several companies at the time, I know the problem was real. Fortunately, it was relatively easy to identify and fix. The only issues were minor and almost always related to not checking the code.
The purpose of discussing Y2K is not to say we were lucky to dodge a bullet. It is to illustrate that risk management is a thankless task. If you get it right, everyone says you exaggerated the problem. If you get it wrong, you are condemned because you didn’t do enough. Many call it “The Y2K Effect”.
How is this relevant to life today? Start with the constantly criticised bureaucracy. Lots of regulations stand in everyone’s way. Please get rid of them.
So why is it there? Some of it is to guide people undertaking certain activities. It may be what you can do when selling land, building a house, or even driving your car. Many other regulations are related to risk management.
Before you build a wharf, you may need to do a seabed survey. Although there is no indication of a problem, the only way to be sure is to survey the seabed and ensure that no habitats are disturbed or sediment is displaced. Suppose you want to operate a food processing plant. In that case, it needs to be inspected to ensure you are not canning salmonella-infected product. This inspection should also verify that you have a proper fire plan in the kitchen and that you have the correct type of extinguishers.
To do all this requires the government to employ inspectors and people to review the risk and decide if it warrants any action, or even stopping the activity. This costs money, so you have to weigh up the probability and impact of something going wrong against the cost of identifying and fixing the risk.
From an outside point of view, it might seem like a waste of time. All this money was spent on complying with government regulations, and in the end, there was no issue. Imagine if the government regulation was ignored, and the risk came to fruition. Who would we blame? The government for not stopping the activity, that’s who.
One incident most people in Australia are familiar with is the floods in Brisbane a few years ago. The government was blamed for not emptying the dam that held back the floodwaters sooner. The dam overflowed and Brisbane was flooded.
The water authorities had to do risk management. The two options were to empty the dam a week or two before the flood and risk a water shortage in the following months, or keep the dam full and hope there was no unseasonally heavy rain. What happened is they looked at the impact and probability, and decided how full they would keep the dam. When an unseasonal storm occurred, the dam could not empty fast enough to catch the rush of water coming downstream, and it flooded.
I am tempted to say damned if you do and damned if you don’t, but I will refrain.
Risk management is not an exact science, and most of the time, the water authorities get it right. This time, they failed. If it were evident how much effort went into gathering and analysing data in the years up to the overflow, there would probably have been an uproar about the waste of money. It was only when it went wrong that people appreciated the impact of not making a fully informed decision.
In the financial world, you can be risk-averse and invest in government bonds, or take on more risk and invest all your money in crypto. Most people are somewhere in between. When I hear criticism of bureaucracy, my response is to say we could certainly reduce red tape, but how much risk are you prepared to live with? Get rid of red tape, but if something goes wrong that would have been avoided by the red tape, don’t blame the government.
Take a mining company that objects to cultural heritage studies on a potential mining site. It takes too long, costs too much and will result in lost jobs and export earnings. Then there is Rio Tinto blowing up a sacred Aboriginal site. Sorrrry.
In 2023, two helicopters collided at SeaWorld on the Gold Coast. They didn’t need regulation because they had been doing it for ages. They had what they described as a “see and avoid” protocol. The investigation found inadequate regulation in the aviation tourist industry. Of course, before the crash, they would have objected vehemently to any new regulation. The pilot and three passengers died. Sorrrry.
In the same year, Optus suffered a massive outage that not only cut off users but also closed down emergency services. A Senate inquiry condemned Optus’ handling as “manifestly inadequate,” emphasising failures in communication protocols and crisis preparedness. Sorrrry.
The lack of risk management impacts everyone. I don’t know, but I hope the government has identified the possibility of another COVID-like incident and is planning for it. I hope they have spent the money on running simulations. I certainly will not complain about taxpayers’ funds being used. I want to know if we are ready to handle environmental disasters and terrorist attacks. Floods and famines. Epidemics and plane crashes. I doubt private organisations go far enough, so I want governments to force them, even if it means more regulation. I have little faith in industry codes of practice, which have no penalty.
Next time you object to bureaucracy, think about it. Maybe it is bureaucratic, and whatever regulation is overkill. On the other hand, ask yourself, “How much risk should the country be prepared to take?”