This chapter discusses the processes of identifying the needs of our users, which is the first step in the software life cycle. We begin with an overview of the structure of creating new projects. Next, we apply the “Brown Cow” model (Section 11.1) as a guide for how to go about understanding the user’s current situation and future needs.

In this chapter, we review the different methods available to a firm that wants to transfer risk. First, we consider the traditional route of insurance, or reinsurance. We describe the different types of insurance contracts, and analyse their advantages and disadvantages. We then consider captive insurance companies, which are insurance companies that are owned by the organization that is transferring risk. Next, we discuss securitization of risk, where risk is packaged into investments that are sold off in the capital markets. One of the most interesting examples of securitized insurance risk is the catastrophe bond, or cat bond. We also look at examples of securitization of demographic risk, through pandemic bonds and longevity derivatives.

In this short chapter, we discuss the final three steps in the software life cycle: (1) deployment (Section 16.1), (2) maintenance (Section 16.2), and (3) decommissioning (Section 16.3). These are complex topics in their own right.

In the case of the Boeing 737 MAX disaster, the manufacturer tried to address hardware problems with software fixes in order to avoid the costs of recertification of what would have been a new airplane (had the fixes been done in hardware). Overconfidence in the software and insufficient testing and pilot training led to two fatal crashes and 346 fatalities.

A taxonomy is a classification system. In this chapter, we present a risk taxonomy, by which we mean that we shall categorize and describe all the major risks that may be faced by a firm or institution. We will describe risks that arise from outside the organization (external risks) and those that come from within the organization (internal risks). External risks are further categorized into economic, political, and environmental categories, while internal risks include operational and strategic risks. Reputational risk may be internally or externally generated. We describe some examples of how risks have arisen in several high-profile cases, showing the intersectionality of the different risk categories – that is, how the different risk types can all be driven by a single risk event.

In this final chapter, we revisit some of the central tensions that run through the whole book and ask ourselves the question: what is the future of the EU? And what is the role of law and politics in its governance? We will start by examining the main routes by which reform of the EU order occurs, beginning with formal Treaty change before discussing 'integration through stealth' and 'dis-integration'. In the remainder of the chapter, will discuss four key choices facing the EU in the near future: substantive choices (over which policies to prioritise), political choices (over how to respond to populism and contestation), constitutional choices (about how autonomous the legal order should be) and global choices (regarding how Europe should define itself in the wider world). The concluding chapter is meant to guide an advanced discussion on what the EU can and should like in the medium-term future.

In this chapter, we discuss the ways that credit risk arises, and how it can be modelled and mitigated. First, we consider the various types of contractual forms for loans and other obligations. We then discuss credit derivatives, which are contracts with payoffs that are contingent on credit events. We consider credit risk models based on the three fundamental components: probability of default, proportionate loss given default, and exposure at default. We consider models of default for individual firms, including the role of credit rating agencies, structural models, which are based on the underlying processes causing default, and reduced form models which are more based on the empirical information, with less emphasis on the underlying story. This is followed by a description of portfolio credit risk models, where the joint credit risk of multiple entities is the modelling objective.

This chapter provides an overview of quality management systems (QMS). There is an increasing emphasis of regulators on the “organization” as opposed to the “product,” which places an even greater emphasis on the use of a QMS. We first introduce what a QMS is (Section 4.1) and provide some regulatory background, including a discussion of the recent FDA precertification program.

This chapter presents an introduction to risk management, a core regulatory requirement for all medical software. We begin with an overview of the regulatory background (Section 5.1) and then review both the international standard ISO 14971:2019 and a recent guidance document from the IMDRF. Next, we describe the process of risk analysis (Section 5.2), including issues related to the use of artificial intelligence/machine learning (AI/ML) techniques.