technical risk management for high consequence events …...‘filter cleaning operations are...

Health and SafetyExecutive

© Crown Copyright, HSE 2016HSL: HSE’s Health and Safety Laboratory

Technical Risk Managementfor High ConsequenceEvents

Part 2

Matt Clay CEng CMIOSH

HSL: HSE’s Health and Safety Laboratory © Crown Copyright, HSE 2016© Crown Copyright, HSE 2016

Recap

• Technical risk management – challenge is:– Interactive complexity– Close coupling

• Both exist now and set to increase due to the Megatrend drivers wediscussed earlier

• We’ve looked at the problems – but research suggests that organisations arecapable of ‘playing with fire and yet not getting burnt’

• We (aspirationally) call these organisations – High Reliability Organisations(HROs) and their features have been studied

• HRO theory is often applied to safety – but it can also be applied to otherfields – e.g. logistics where small failures can lead to major businessdisruption.

• This session is about what we can take from HRO theory to apply toTechnical Risk Management.

HSL: HSE’s Health and Safety Laboratory © Crown Copyright, HSE 2016

The successes and challenges of implementing highreliability principles: A case study of a UK oil refineryChrysanthi Lekka, Health and Safety LaboratoryPublished in Process Safety and Environmental Protection89 (2011) 443–451

High reliability organisations: A review of the literatureChrysanthi Lekka, Health and Safety Laboratory - 2011RR899 Research Report – HSE

HSL research on HROs


Collective mindfulness

•How do HROs create on-going reliableand safe performance ?– Anticipation and containment– Five principles of mindful organising– HROs spend more time on these than

other organisations to get a clearcomprehension of emerging threats


Collective mindfulness

Anticipation focuses on prevention ofdisruptive unexpected events.Unexpected events can develop despite effortto spot weak signals, to preserve details, andmonitor operations.Attention shifts to containment i.e. resilienceand expertise when a disruptive event occurs.However, these are developed on an on-goingbasis.


Mindful organising principles

Anticipation1. Preoccupation with failure• Track all failures especially in conditions of missed

steps in a procedure, staff spread thin, changes insupervision.

• Expand on number of undesired consequencesenvisioned to broaden range of controls

• Seek out weak signals.• Near miss as evidence of failure rather than

success.• Make possible safe reporting of near miss. No

blame culture. Reward reporting.


Preoccupation with failure – a model

• Deviation – A potentially reversibledeparture from the design intent

• Loss event - An irreversible physicalevent that has the potential for loss andharm impacts

• Different Hazard evaluation techniquesstart at different points in the chain

Hazards (e.g.Reactive

Chemical)

InitiatingCause (e.g.

Isolation ValveSticks Open)

Deviation (e.g.High Flow

When NoneExpected)

Loss Event(e.g. Runaway

Reaction)

Impacts (e.g.Reactor

Explosion)

Containment and controlmeasures (e.g. pipeworkdesign codes)

Preventative safeguards (e.g.shutdown system with 2nd

independent block valve)

Mitigative safeguards (e.g.bursting disc on reactor)

InherentSafety (‘whatyou don’thave, can’tleak’)

Preventative safeguards (e.g.control system has valve limitswitches with isolation upstream)



Anticipation

2. Reluctance to simplify (Resist simplification)• Diagnostic value of weak signals are lost when

grouped/categorised• Make people notice more their initial impression rather

than labelling/categorising too quickly• Question assumptions. Listen to sceptics.• Use reviews, non typical experience in recruits, frequent

job rotation, retraining.• Organising is about simplifying & planning but do it

mindfully


Reluctance to simplify interpretations

• Sometimes there are strongsignals that something bad isabout to occur!

• Often – with Technical RiskManagement - there areinstead weak signals.

• The sum of the weak signalsmight add up to a strongsignal but only if someone‘joins the dots’.

• ‘Todays operability problemis tomorrow’s safetyproblem’

• Are product returns properlyscrutinised for weak signals?


Weak signals

‘We’d like bow doorindicators on the bridge

mimic – we’re worried aboutsailing with them open’

‘The Therac 20 has suffered a numberof demands on its electromechanicalinterlock system. This is causing a

nuisance for our users’

‘I’m worried about o-ringperformance during cold

shuttle launches’

‘Filter cleaning operations are performedwithout the slipblinding process. Leaking

valves could create serious exposureduring this process.’

‘Tank 912’s Automatic TankGauging is a pain – it’s fallen

over 14 times already’

‘A while back we avoided someovercrowding by two mounted officers

blocking access to the ground entrance’


Weak signals - investigations

• Which of these events do your management systems prioritise forinvestigation?

– Worker falls down well maintained, even, dry, well lit office steps andsustains a fractured arm (RIDDOR reportable)

– SCADA data shows an overpressure deviation event within anexothermic reaction but mitigated by momentary PRV lifting and reseat.

• Our experience:– Internal investigations don’t prioritise the right things for investigation

and/or to the right depth– Internal investigations don’t sufficiently determine root causation

because of:• Insufficient rigour/competence yields immediate causation only• Internal political pressure (overt or otherwise).• Unwillingness to accept/record uncertainty but deal with it –

remember that in science and engineering ‘I don’t know’ is aperfectly valid answer!



Anticipation

3. Sensitivity to operations• Ongoing attention to front line, workloads, deviations

and routines.• Avoid reliance on second hand information• Management is visible on site• Routines can become mindless. Rework them.• Develop integrated big picture of ongoing operations• Threat of the ‘objective’ engineering culture, have

continuous conversation to counter risks that designshave not anticipated.


Sensitivity to operations

• Always a gap between the perception of top management and the coal face.

• The smaller this gap can be closed the more resilient the organisation will become.

• Are your Directors’ Walkabouts just ‘Safety theatre’?

• Are people at all levels familiar with the risk profile of the operation?

• Does your approach provide front-line design, operations and maintenance personnelwith the tools to succeed?

https://www.youtube.com/watch?v=8KeOxeuiZjs



• Mechanical isolations in biogas - theory

< Reality!



• ‘Normalisation of deviance’

• Why do different sectors have different standards?

• Have you ever seen an airliner like that at the airport?



Containment

4. Commitment to resilience• Ability to bounce back from errors and coping

with surprises in the moment• Absorb strain under adverse conditions• System/people need to be well prepared to react

swiftly.• Training, competency, capability building,

proactive management practice



Containment

5. Deference to expertise• Prefer expertise over rank. Create fluid decision

structures• Expertise is relational as much as individual• Seek diverse views to inform expertise


Deference to expertise

• ‘Take off your engineering hat andput your management hat on’

• Good organisations need to deferto the possession of knowledge,not possession of power.

• However: they also need thatexpertise in the first place.

• Skills gap in engineering

• Knowledge transfer andsuccession planning.

• Education v training (should beinefficient).


Summary & discussion

• Five core features of High Reliability Organisations are a good way to sense-check your management practices for Technical Risk Management. They aresometimes at odds with conventional wisdom (e.g. ‘lean’ business) but havebeen proven to work:

– Preoccupation with failure – ‘chronic unease’– Reluctance to simplify interpretations – ‘weak signals matter’– Deference to expertise – ‘role not rank’– Commitment to resilience – ‘deliberately inefficient protection’– Sensitivity to operations – ‘keeping it real’

• Where do you see the improvement opportunities against the five featuresin your organisations?

technical risk management for high consequence events …...‘filter cleaning operations are...

Documents