Participative systems design has, in the past, been seen as a positive group process of thinking through needs and problems and arriving at solutions for making the situation better. This improved situation then continues until new technology or new solutions provide an opportunity for making the situation better still. So far this book has concentrated on how to make the best use of the positive factors assisting change, especially change that involves the introduction and use of technology. It has described the importance of getting a clear understanding of the change problem and its complexity, of developing effective strategies to address this complexity, and of the creation of structures, often organizational, to facilitate the subsequent use of the new system. This last requires always keeping in mind the need to meet the dual objectives of achieving operating efficiency and a good quality of working life. This is often described as job satisfaction. Most of all there has been a continual stress on the importance of participation. This involves sharing the design tasks with those who will be affected by them and taking account of their opinions in design decisions. This chapter addresses the reverse of this positive objective. It considers the negative factors in a change situation which are likely to cause problems and to threaten the success of the change programme and of the new system. There are very many of these kinds of problems and it is only possible to discuss a few here. The ones I have selected are criminal threats which affect the future viability of the company, technical problems which reduce efficiency, unpleasant and stressful work that threatens employee health, and problems of morale which affect the individual’s happiness in the workplace. A consideration of negative factors brings us into the challenging areas of uncertainty and risk. Uncertainty is when we do not know what is going to happen and often contains an element of surprise. This is especially true today when so many decisions depend on forecasts of the future. A contributing factor here can be an overemphasis on the present as a means of forecasting the future. Uncertainty is also often a result of the behaviour of others rather than of events. This is hard to predict. Experts tell us that today we are living in a risk society (Beck, 1992). Complex design problems can have a high degree of uncertainty and easily become risks. They often have a subjective element, for what one person considers a problem or a risk, another will see as an opportunity. Complex problems also require information for their solution and this may be difficult to find. It requires the ability to search for, analyse and synthesise, relevant intelligence and relate it to past, current and future events. Threats to important institutions from terrorists are of a different nature and scale to those that have been experienced before. Many will take us completely by surprise. Bernstein (1996) suggests that the essence of risk management lies in maximising the areas which we have some control over while minimising those areas where we have no control over the outcome and the linkage between cause and effect is hidden. When we take a risk we are making a bet that a particular outcome will result from the decision we have made although we have no certainty that this will happen. Risk management usually starts with risk analysis, which attempts to establish and rank the most serious risks to be avoided so far as these are known. Here many companies attempt to achieve a balance between the benefits of greater security and the costs involved. Too high a level of security, while providing good protection, can result in a system that is both difficult to use and expensive to operate (Mumford, 1999). Risk analysis next moves on to risk assessment. This is an analysis of the seriousness of different risks by determining the probability and potential damage of each one. For example, major risks can come from a large concentration of data in one place that is accessed by many different people, not all of whom are known. There can be relationships between risks. Clifford Stoll’s (1990) book The Cuckoo’s Egg shows how the ability of a German hacker to enter a university laboratory computer made it possible for him to later enter into the computers of United States military bases. Risk analysis identifies the risks; risk assessment tries to estimate how likely they are to happen and how serious the consequences will be. Risk priorisation recognises that all companies cannot be protected from all risks and choices must be made. Risk impact is the likely magnitude of the loss if a system break-in, fraud or other serious problem occurs. Risk control involves further actions to reduce the risk and to trigger further defensive actions if a very serious problem occurs. Risk control also covers the monitoring of risk on a regular basis to check that existing protection is still effective. This can lead to risk reassessment. Very serious risks such as those coming from terrorist attack or criminal activity require monitoring. This, together with the detailed documentation of any problems or illegal activities when they occur, is essential to avoid complacency. An effective system must both prevent problems and detect when they have occurred. All of these activities to design security into a system require human vigilance if they are to be effective. All employees should accept some responsibility for checking that the system they work with continues to maintain its integrity and security. This chapter will place its main focus on protective problem solving and design directed at avoiding or minimising very serious risks. Today, it is unwise for managers to neglect this. Because of its growth in recent years and its prevalence today criminal activity will be examined first in some detail. Particular attention will be paid to how the involvement of employees in problem solving can play a part in reducing or avoiding this.