The tragic shooting at Marjory Stoneman Douglas High School in Parkland, Florida, in February was somehow made worse by the revelation that it could have been prevented, as there were numerous red flags that presaged the event but were either ignored or mishandled. Similarly, it came to light a few months ago that thousands of names of dishonorably discharged military personnel banned from owning firearms had somehow escaped being reported. This gap led to a massacre at First Baptist Church in Sutherland Springs, Texas, in November.
These tragedies have made me wonder: Are risk assessments of critical systems being carried out and acted upon? How are these systems being audited?