Getting to grips with the human factor
'Conventional' view of accidents
Conventional wisdom (above), dictates that in order for an accident to happen, defences of some kind will have been breached, usually by an unsafe act, carried out in a specific situation and in the presence of hazards of some kind.
What changed this long-established view, which as a basis for the new model is still correct, was some highly original research sponsored by one of the oil-majors and carried out at two major universities, one in the UK and one in the Netherlands. The research originally set out to establish the role of the human being in the accident equation but very quickly established an ‘alternative’ theory of accident causation. Because of the triangular shape of the basic model of the theory, it became known as the ‘Tripodian’ view of accident causation. Basically it uses the ‘conventional’ diagram shown opposite, but adds a third component general failure types (GFTs).
This ‘alternative’ model of accident causation is shown below:
The research accepts that, properly investigated, there is much in a reactive sense to be learnt from accidents. It also recognises, that unsafe acts or active failures can be reduced using tools aimed at modifying human behaviour. The research suggested that the problem with attempting to learn solely from active failures is that; (a) there are potentially millions of
them; (b) they will rarely be repeated in the same way, and; (c) the circumstances in which they occurred will never be exactly the same. More importantly the research established once and for all that the ‘sick camel’ could be made considerably healthier by managing what are called the general failure types (GFTs) of which there are just eleven. Using a medical
analogy, the GFTs could be considered as the vital organs of the ‘safety body’. If properly managed in terms of their inherent health or strength, these could actually help prevent large numbers of accidents from ever happening at all. Once again, in medical terms it’s a bit like having a healthy heart and preventing heart attacks, or being vaccinated against pneumonia
or ‘flu – all designed to prevent illness in the first place. Thus rather than acting in response to an incident we seek instead to act before an incident.
The research, delved deep into the causation theory in order to establish a concrete link between breached defences and controls, and active and latent failures, thus the Tripod causation model was born – see diagram below:
The interesting point about this model, is that it introduces two new elements into the causation chain. First it provides a linking mechanism, known as the precondition, though sometimes referred to as the ‘psychological precursor’, between the active and latent failures.
Secondly, it introduces the policy maker at the very start of the chain, thus illustrating the clear relationship between commitment by the policy makers at the beginning of the chain and the results at the end of the day.
By comparing the diagram of the Tripod causation model above and the simple accident diagram on page 2, it should become
obvious that the link between the two is established through failed defences (for the target) and failed controls (for the hazard), thus the combined accident model, known as the Tripod-BETA tree complete with all basic components looks like this:
Bearing in mind that any accident consists of a series of interlinking events, a completed accident tree can be exceedingly complex indeed.
Active failures
Both defences and controls are breached by ‘active failures’. Active failures are the failures close to the accident event that defeat the controls and defences on the hazard and target trajectories. In many cases, these are the actions of people, i.e. unsafe acts. Human errors are implicated in at least four out of five active failures, but human error as we have already
seen is a broad term that includes a number of different sources of error. Not all active failures are human actions. Physical failure of controls and defences also occur due to conditions such as over-stress, corrosion or metal fatigue. These are often referred to as ‘unsafe conditions’. Having said that, human actions are often implicated as contributory causes to this
form of active failure but they are not, in themselves, unsafe acts. For instance, a designer may have failed to identify the need to use a particular high-tensile material in a specific circumstance, thus sometime later causing component failure.
Latent failures
As already mentioned, latent failures are the ‘vital organs’ of the safety equation. Latent failures are deficiencies, or anomalies, that create the preconditions that result in the creation of active failures. Management (the so-called policy or decision makers) decisions often involve the resolution of conflicting objectives. Decisions taken using the best information available at that moment prove to be fallible with time. Also, the future potential for adverse effects of decisions may not be fully appreciated, or circumstances may change that alter their likelihood or
magnitude.
The accident-producing potential of latent failures may lay dormant for a long time, only becoming apparent when they combine with local triggering factors – active failures, technical faults, abnormal environmental conditions or abnormal system states; some of which even the best HSE management systems will have absolutely no control over whatsoever.
Rather than dealing with an infinite number of active failures, it is reassuring to note that there are just eleven latent failures on which to work to ensure absolute good health.
The eleven latent failures, which constitute the general failure types (GFTs) are:
- HARDWARE
- DESIGN
- MAINTENANCE MANAGEMENT
- PROCEDURES
- ERROR-ENFORCING CONDITIONS
 HOUSEKEEPING
- INCOMPATIBLE GOALS
- COMMUNICATIONS
- ORGANISATION
- TRAINING
- DEFENCES
|
|
Previous Page