accident causes- theoretical framework- maurino, reason, johnston, lee consequences are dire!
TRANSCRIPT
Accident Causes- Theoretical Framework-
Maurino, Reason, Johnston, Lee
Consequences are Dire!
Terminology
Organizational Accident Latent failure Local trigger Active Failure Proximal cause Principle cause Unsafe acts- errors and violations
Individual or Collective errors
The issue of whether accidents are individually caused or collectively caused revolves around three dimensions:
Moral Scientific Practical
Moral Issue- much to be gained
Easier to pin legal responsibility on individuals- more direct connection
Issue compounded by professionals willing to accept responsibility- (captain etc.)
Most people highly value personal autonomy- “they should have known better”
We assume big failures result from big mistakes rather than several small ones
Emotional satisfaction in blaming someone
The Scientific Dimension- do we stop with people directly involved or go on back? Why stop at organizational roots? Why not
go back to the beginning of creation? Answer should be practical- go back so far as
to be able to change organizational behavior Peculiar nature of accidents- initially appear
to be the convergence of many failures but we would see the same in any organization frozen in time- why then are failures rare?
What then about the practical?
Moral issue- favors individual approach Scientific issue- undecided Answer here depends on two factors:
can latent factors be identified and stopped prior to an accident?
The degree to which improvements can better equip the organization to deal with local failures
What have we learned from complex system failures? Human error in technology breakdown has
increased fourfold in 30 years Failures are not restricted to the sharp end How do we design a theoretical framework
for the origin of organizational accidents?
Step One- building blocks
What do all complex technological systems have in common?
An Organization: Fig./Table 1-1– Processes – Cultures (P. 7)- common starting point for failure
pathways– Local Conditions- Cockpit/ Tower- where
organizational decisions meet the road– Defenses/safeguards
Local Conditions- errors and violations Those related to the task and its
environment Those related to people’s mental and
physical states
– These can both be sub-divided into three groups: error factors, violation factors, and common (to both) factors
Defenses and safeguards
Checklists- redundant technology- human backups (copilot)
2 elements to defenses and safeguards in high tech equipment:– automation- increases efficiency by replacing
fallible humans– humans- restore order in the event of automation
foul up- must think on feet in less than ideal conditions which we’re not good at.
Defenses and Safeguards Ctn.
Classified along 2 dimensions
– Functions Served• creating awareness of hazards
• detect and warn of the presence of hazards
• protect people and environment
• Recover from off-normal conditions and restore system
• Enable victim escape
• Contain Hazmats
Ctn.
Modes of Application:– Engineered safety devices (FMS, GPWS)– Policies, Standards/Controls– Procedures, instructions, supervision– Training, debriefing, practice– Protective equipment- oxygen mask
Step two- Active and Latent Failures (Fig. 1.3 p. 13) Distinguished in two ways:
– length of time it takes failures to reveal adverse effects- active failures are immediate where latent failures can lie dormant for years
– Who creates• Active- line personnel- pilots, controllers, mechanics
• Latent- managerial/organizational- those separated in time and space from the immediate human-system interface.
Active Failures-
Committed by those on the sharp end- usually caught by system failures but may occur in conjunction with other failures or in less defended systems to cause an accident.
Active failures may create gaps in system- not having plane de-iced prior to take-off
Latent Failures
Due to loopholes in defenses which exist for sometime and may combine with active failures to produce a “trajectory of opportunity” for an accident.
Most are discovered after a defense has failed- not necessarily an accident
Usually revealed retrospectively- key is to do it prospectively
Active/Latent ctn.
Also differ in their necessary basis for their classification– Active failures- psychological origins– Latent failures- systemic terms
Active failures
Occur at three levels- skill based, rule based, and knowledge based which are distinguished along two dimensions:– conscious to automatic– routine to problematic (fig. 1.4)
– Combined gives us an “activity space”
Active Failures ctn.
Skill-based- highly practiced tasks, little thought, largely automatic
Rule based- We detect a need for behavior change- pre-packaged solution- emergency checklist
Knowledge based- When all else fails- very error prone especially in an emergency- United 232
Errors vs. violations
Errors- failure of planned actions to achieve their desired consequences– Plan is adequate but actions deviate (slip)-
failure of execution– Actions conform but plan is inappropriate-
failure of formulation
Violations
Deviations from safe operating practices/rules– deliberate– erroneous (speeding without being aware)
– deliberate violations are of most interest as the actions were intended but not necessarily the bad consequences.
Violations vs. errors
Errors are unintended Errors derive mainly from informational
problems (forgetting inattention, incomplete knowledge) violations are largely motivational problems (poor morale, failure to reward compliance and sanction non-compliance)
Ctn.
Errors deal with what occurs in the mind of an individual where violations occur in a social context
Errors can be improved by improving the quality of information- violations require motivational remedies
3 types of errors and violations
Skill based slips and lapses:– Attentional slips- failure to monitor progress of
routine actions at some critical point
– Memory lapses- forgetfulness, most common type of active failure
– Perceptual errors- misrecognize some object- we see what we expect to see
� Most slips and lapses have minimal consequences- saying “fine” to “hello”- but in the cockpit they can be dire
Rule based mistakes
Misapplication of good rules- braking to avoid a deer on an icy road- Humans tend to apply solutions to familiar problems on the basis of largely automatic pattern matching
application of bad rules- learning shortcuts and cutting corners- usually circumstances are forgiving and you “get by with it”
Knowledge-based mistakes
Due to– limited capacity of working memory– incomplete mental models of the problem– Thinking on one’s feet- confirmation bias
(bending the facts to fit a hasty conclusion), over-confidence, similarity bias,and frequency bias
Violations at the skill based level
Again- corner cutting promoted by a largely indifferent environment
Violations at the rule based level
More deliberate than skill based violations (p. 20 - 21)
Knowledge based violations
Novel circumstance- no specified procedure Trainers and procedure writers can only
address foreseeable situations Usually Involve the unexpected occurrence
of a rare but trained-for situation or an unlikely combination of individually familiar circumstances
Step #3- Accidental events
Event- complete or partial penetration of an accident trajectory through the system’s defensive layers
Active and Latent failure pathways come together to create complete or partial trajectories of accident opportunity– Local triggers also interact here
Gaps in defenses
Longstanding gaps due to dormant weaknesses Gaps created knowingly as during maintenance Gaps created by active failures An accident occurs when the holes in the defenses
line up (holes are dynamic)– What may cause an accident one day may not on
another day– Consequences range from a free lesson to a smoking
hole. In order to learn we must identify the “organizational pathogens”
Causal Pathways- step #4
Fig. 1.9- Accidents have varying characters.– Some involve all latent failures- challenger– Some involve all active failures- possibly Egypt
Air 990.– Most involve some combination of both
• Less defended organizations tend to have failures along the active pathway and visa versa (where a single active failure can serve as a trigger)
In closing:
Cicero stated- “To err is human” Accidents result from a failure of the risk
management system to absorb the consequences of unsafe acts and omissions
Human error is stubborn- sophisticated, discrete solutions to human error will likely lead to more sophisticated sources for error
Closing ctn:
We humans often judge people’s actions individually rather than as part of a system
This leads to backward reasoning (from the accident) which ultimately finds a stage where the chain could have been broken and thus “pilot (operator) error” becomes an easy out- we learn little
Summary
P. 28