The review found no single point of failure.
Thinking formed in practice, published as part of the Bearing & Course Points of View library.
Post-incident reviews share a recurring conclusion. The system failed. Processes were not followed consistently. Multiple contributing factors aligned in an unfortunate sequence. Recommendations are made. A working group is formed. The report is filed. Eighteen months later, a version of the same thing happens again.
The language of these reviews is revealing. No single point of failure means, in practice, that accountability has been distributed across enough people, processes and structures that no individual decision, no individual person and no individual moment can be held responsible for what went wrong. It sounds like a sophisticated finding. It is often the opposite. It is the natural output of an accountability architecture designed, whether deliberately or not, to ensure that when things go wrong, nobody is wrong.
Distributed accountability is not the same as shared accountability.
Shared accountability means everyone owns the outcome. Distributed accountability means the responsibility has been parcelled out across roles, committees, sign-off processes and governance structures in a way that leaves no single person holding enough of it to be answerable for the whole. Everyone is involved. Nobody owns the finish line. When the review happens, everyone can point somewhere else.
I have sat in enough post-incident rooms to recognise the pattern. The review is conducted seriously. The people in the room are competent and well-intentioned. The findings are genuinely analytical. And yet the conclusion, almost invariably, is that the system failed. What the review does not say, because the architecture of accountability makes it impossible to say, is that a specific person made a specific decision that produced a specific outcome, and that person should have known better or been better supported to know better.
If the system failed, the response is to improve the system: better processes, more checkpoints, additional governance layers. If a person or a decision failed, the response is to clarify what should have happened, who should have been responsible, and what changes are needed to prevent recurrence. The first response adds complexity. The second adds clarity.
Every layer of governance added after an incident without clarifying accountability is complexity disguised as improvement.
The family whose benefit payment was delayed for six months while the programme was being governed does not experience a system failure. They experience a specific failure to pay them correctly and on time. The worker whose safety incident was not escalated appropriately because three separate teams each assumed one of the others was responsible does not experience a governance gap. They experience a specific failure of the people and structures that were supposed to keep them safe.
There is a test worth applying to any governance structure before an incident rather than after it. Take the most consequential thing that could go wrong. Ask who, specifically, would be accountable for preventing it. If the answer involves a committee, a process, a framework or a set of shared responsibilities, the architecture has not answered the question. A committee cannot be accountable. A process cannot be accountable. Accountability requires a person.
Clear accountability is not comfortable. It requires organisations to name people, define the scope of their authority with precision, and accept that when things go wrong in that scope, the person named is answerable. That feels exposing. It also creates the conditions under which people take their responsibilities seriously, seek the information they need, escalate when they are uncertain, and ask for support when the scope exceeds their capacity.
The organisations that recover well from incidents, and more importantly the ones that prevent them, are not the ones with the most sophisticated governance frameworks. They are the ones where every person with a material role knows what they are accountable for, has the authority to act within that scope, and understands that when something goes wrong in their area, they will be expected to explain what happened and what they did about it.
The review that finds no single point of failure has usually found the most important thing about the organisation. It has found how the accountability was designed.