In this short chapter, we discuss the final three steps in the software life cycle: (1) deployment (Section 16.1), (2) maintenance (Section 16.2), and (3) decommissioning (Section 16.3). These are complex topics in their own right.

In the case of the Boeing 737 MAX disaster, the manufacturer tried to address hardware problems with software fixes in order to avoid the costs of recertification of what would have been a new airplane (had the fixes been done in hardware). Overconfidence in the software and insufficient testing and pilot training led to two fatal crashes and 346 fatalities.

A taxonomy is a classification system. In this chapter, we present a risk taxonomy, by which we mean that we shall categorize and describe all the major risks that may be faced by a firm or institution. We will describe risks that arise from outside the organization (external risks) and those that come from within the organization (internal risks). External risks are further categorized into economic, political, and environmental categories, while internal risks include operational and strategic risks. Reputational risk may be internally or externally generated. We describe some examples of how risks have arisen in several high-profile cases, showing the intersectionality of the different risk categories – that is, how the different risk types can all be driven by a single risk event.

In this final chapter, we revisit some of the central tensions that run through the whole book and ask ourselves the question: what is the future of the EU? And what is the role of law and politics in its governance? We will start by examining the main routes by which reform of the EU order occurs, beginning with formal Treaty change before discussing 'integration through stealth' and 'dis-integration'. In the remainder of the chapter, will discuss four key choices facing the EU in the near future: substantive choices (over which policies to prioritise), political choices (over how to respond to populism and contestation), constitutional choices (about how autonomous the legal order should be) and global choices (regarding how Europe should define itself in the wider world). The concluding chapter is meant to guide an advanced discussion on what the EU can and should like in the medium-term future.

In this chapter, we discuss the ways that credit risk arises, and how it can be modelled and mitigated. First, we consider the various types of contractual forms for loans and other obligations. We then discuss credit derivatives, which are contracts with payoffs that are contingent on credit events. We consider credit risk models based on the three fundamental components: probability of default, proportionate loss given default, and exposure at default. We consider models of default for individual firms, including the role of credit rating agencies, structural models, which are based on the underlying processes causing default, and reduced form models which are more based on the empirical information, with less emphasis on the underlying story. This is followed by a description of portfolio credit risk models, where the joint credit risk of multiple entities is the modelling objective.

This chapter provides an overview of quality management systems (QMS). There is an increasing emphasis of regulators on the “organization” as opposed to the “product,” which places an even greater emphasis on the use of a QMS. We first introduce what a QMS is (Section 4.1) and provide some regulatory background, including a discussion of the recent FDA precertification program.

This chapter presents an introduction to risk management, a core regulatory requirement for all medical software. We begin with an overview of the regulatory background (Section 5.1) and then review both the international standard ISO 14971:2019 and a recent guidance document from the IMDRF. Next, we describe the process of risk analysis (Section 5.2), including issues related to the use of artificial intelligence/machine learning (AI/ML) techniques.

This chapter provides some basic background on selected topics in software engineering. This should be useful for those readers whose background is primarily in basic science and engineering, who may have not been previously exposed to this type of material. This chapter is meant to complement the introduction to mathematical topics presented in Chapter 8.

In this chapter, we discuss some of the common psychological or behavioural factors that influence risk analysis and risk management. We give examples of cases where behavioural biases created a risk management failure, and some ways in which the negative impact of biases can be mitigated. Biases are categorized, loosely, as relating to (i) self-deception, (ii) information processing (both forms of cognitive bias), and (iii) social bias, relating to the pressures created by social norms and expectations. We give examples of a range of common behavioural biases in risk management, and we briefly describe some strategies for overcoming the distortions created by behavioural factors in decision-making. Next, we present the foundational concepts of Cumulative Prospect Theory, which provides a mathematical framework for decision making that reflects some universal cognitive biases.