In an effective risk management system, it would be perfectly reasonable to expect professional officers to have identifed the possibility that the opposition might create an IED threat. The whole point of a hazard identification process is to capture as many hazards as possible however extreme. Sure, it would probably have been scored as high hazard, low probability but it would have been on the risk register where it could be managed.
I don't think the deployment of Snatch is a good example of poor risk mitigation. Deploying RMP patrols without radios is probably a better example.