If there’s a common thread to these factors in reducing risk, it is to shift responsibility and power from the individual to the corporate entity. If you’re a regulated, systemically-significant enterprise, then the last thing you or the public wants is for one person to wield too much power, either through knowledge of a system, or ability to alter that system in their own interests.
The corollary of this is that it is very hard for one person to make change by themselves. And, as we all know, if a task is given to multiple people to achieve together, then things get complicated and change slows up pretty fast as everyone must keep each other informed as to what everyone else is doing.
Once this principle of corporate responsibility is understood, then many other processes start to make sense. An example of one of these is sourcing (aka procurement: the process of buying software or other IT services).
I have always admired slow moving, don’t break things in production environment of Enterprises but the ability to keep one-self motivated and not get discouraged because your changes were rejected is something that I failed miserably in. His experience atleast allows him to change things but not everyone is lucky in that way. When I joined an enterprise, I was forced on a mandated 1 week leave for a year. The idea, as was explained to me is that the company should not become dependent on a single person so that if he leaves, the product grinds to a halt. Minimizing risk is what Enterprises go about.
Reading the entire post will give you an idea of how new technology stack are procured, why things are the way they are and so on.