I remember PG saying something like "Every time a big company institutes a procedure to prevent something from ever happening again, they should consider the cost of that procedure to future development." I wish Google would take that to heart. I think that the executives do understand this, but many of the middle managers are too concerned with doing their job well to think about the negative impact that has on other people's jobs.
Actually, what I wish more companies did was have annual "feature killing" and "procedure killing" parties, where you reevaluate everything the company does, and if its cost is greater than its benefit, get rid of it. So "we'll institute a procedure so this never happens again" becomes "we'll try to institute a procedure so this doesn't happen again in the next year, see what its impact is on productivity, and if it saves more than it costs, we keep it."
I think this happens any time you separate the people who think about risk and the people who think about benefit. So long as there's a team with the job of managing risk, that's what they'll do. Balancing those two sides then becomes the job of someone up the stack who doesn't have the time to focus on all of the details.
Actually, what I wish more companies did was have annual "feature killing" and "procedure killing" parties, where you reevaluate everything the company does, and if its cost is greater than its benefit, get rid of it. So "we'll institute a procedure so this never happens again" becomes "we'll try to institute a procedure so this doesn't happen again in the next year, see what its impact is on productivity, and if it saves more than it costs, we keep it."