Accident Models - WordPress.com€¦ · level decision makers, line management, preconditions,...

innova&ve ● entrepreneurial ● global www.utm.my

Arshad Ahmad [email protected]

Accident Models 1


Accident Causation

§  Accidents are acts of God •  Earthquakes, hurricanes, flooding, lightning, etc

§  Accident Proneness Theory •  Accidents were caused by individuals who were more disposed than

others to being injured •  Accident proneness as associated with level of risk taking in

individuals

2


Classification of accident causes

§  Direct causes: •  Causes that lead immediately to accident effects. Also called

immediate causes or proximate causes, as they usually result from other, lower-level causes.

§  Root causes •  Most basic causes of an accident. The process used to identify and

evaluate root causes is called root cause analysis.

§  Risk-influencing factors •  Background factors that influence the causes and/or the

development of an accident.

3


Example: Automobile Accidents

Equipment Failure

Road design

Road maintenance

Weather conditions

Driver behavior

Brakes Tires

Steering and suspension

Visibility Surface

Traffic control devices

Behavioral control devices

Traffic flow

Surface condition (e.g.,

potholes) - Salting and

sanding Maintenance

activities Construction

activities

Snow/ice Rain Wind Fog

Speeding -Violation of

rules ..etc

4


Example of Direct Causes (Boeing airplane accident: 1992-2001)

Causes of Accidents Percentage

Flight crew error 66

Aircraft error (mechanical, electrical, electronic) 14

Weather 10

Air traffic control 5

Maintenance 3

Other (e.g., bombs, hijackings, shoot-downs) 3

5

Source: Statistical Summary of Commercial Jet Airplane Accidents Worldwide Operations 1959-2001, Boeing, Airplane Safety.


Application of Accident Model

§  Tool to predict impacts of accidents

§  Tool to predict occurrence of accidents

§  Tool to assess risks

§  Tool to identify components that are prone to incidents

§  Guidance for planning and implementation of safety initiatives

§  Tool to Investigate Root Cause of Accident

6


Accident Models

7

Al-shanini, A., Ahmad, A. Khan, F. (2014), Accident modelling and analysis in process industries, Loss Prevention in Process Industry, 32,pp 319-334.

Epidemiological Model

Reason’s SCM

Integrating Event-Chain

Domino FMEA ETA

Bow-Tie

FTA CCA

Sequential Model

Systematic Model

Theory Systems

Model

Cognitive Systems

Model

Rasmussen’s Model

Rasmussen’s AcciMapp Model

STAMPP Model

FRAM

CREAM

DREAM

Formal Model

WBA Probabilistic AM

Dynamic Sequential A.M.

DRA PHPAM

SHIPP Offshore O&G

PICAM

Model

FTA (Fault C), ETA (Event Tree Analysis), FMEA(Failure Mode & Effect Analysis), CCA(Critical Consequence Analysis), SCM (Swiss Cheese Model), STAMPP, FRAM, CREAM, DREAM,WBA,PHPAM, DRA(Dynamic Risk Assessment), SHIPP, PICAM (Process Industry Comprehensive Accident Model)


Sequential Accident Model (SAM)

§  All SAMs regard accidents as outcomes of a chain of discrete events that are taken place in a temporal order.

§  Domino theory •  Accident sequence as a chain of five discrete events or factors

(social environment, fault of person, unsafe acts or conditions, accident, injury) that if the first factor falls, the four other factors will fall in a domino fashion

§  FTA •  Deductive and graphical technique to quantify failure probability of

human and technical systems. It has the capability to represent multi-linear failure causes

§  ETA •  Inductive, logical and graphical technique that is used

as standard technique for consequence analysis.

8


Domino Theory - 1931- H.W. Heinrich

Injury, caused by an Accident, due to an Unsafe act and/or mechanical or physical hazard, due to the Fault of the Person, caused by their Ancestry and Social Environment.

Heinrich (1931) - ‘the axioms of industrial safety’. ‘the occurrence of an injury invariably results from a complicated sequence of factors, the last one of which being the accident itself.’ Heinrich HW, Peterson D & Roos N (1980), Industrial Accident Prevention, 5th Edition, Mcgraw Hill, New Yo


Domino Model & Eisenhower

10

President Eisenhower described the potential spread of communism in Asia in 1954

US Foreign policy tool in 1950’s


Loss Causation Model

11

Lost Causation Model (Introduced by Bird in 1970, Bird and Germain, 1986)

•  Very few accidents, particularly in large organisations and complex technologies are associated with a single cause.

•  The causes of accidents are usually complex and interactive.


Rasmussen & Svedung’s model

12

Root Cause

Causal Chain

HazardousEvent

Event Chain

PersonsAssets

•  Root cause: hazard or a threat, or a combination of several hazards/threats. •  Causal sequences: loophole in preventive barriers, or the barriers must

have been too weak to withstand the loads from the hazards. •  Hazardous event: lead to harm to people, the environment, or other assets •  Event sequences: chain reaction due to failure of barriers •  Persons, assets: impact of accidents


Fault Tree and Event Tree

13

TOP EVENT

BASIC EVENTS

INTERMEDIATE EVENT

INTERMEDIATE EVENT

BASIC EVENTS

Initiating Event

Success

Failure

Success

Failure

Barrier 1 Barrier 2 Outcome

Success

Failure

OK

Partial Damage

System Destroyed

Partial Damage

FAULT TREE EVENT TREE

innova&ve ● entrepreneurial ● global www.utm.my innova&ve ● entrepreneurial ● global www.utm.my

Epidemiological Model

•  The events are propagation analogous as disease spreading.

•  Accidents are resulting from a combination of manifest and some latent factors that are taken place together in space and time.

•  Accident cause - which can be either immediate or proximal cause - is regarded as people fault either who is involved in the process or interacting with the processes technology

Reason, James (1990-04-12). "The Contribution of Latent Human Failures to the Breakdown of Complex System. Philosophical Transactions of the Royal Society of London. Series B, Biological Sciences 327 (1241): 475–484. doi:10.1098/rstb.


Swiss Cheese Model

•  SCM is a heuristic explanatory device

•  Single failure, human or technical, is sufficient to cause an accident.


SCM - Mark I

§  Sequence of five ‘planes’ lying one behind the other: top level decision makers, line management, preconditions, productive activities and defenses.

§  Failures can arise at anyone of these levels.

16

Revisiting the « Swiss Cheese » Model of Accidents EUROCONTROL

Project Safbuild - EEC Note No. 13/06 15

The The ““Reason ModelReason Model””: 1990 : 1990 Inadequatedefences

Unsafeacts

Psychologicalprecursors ofunsafe acts

Linemanagementdeficiencies

Senior Management

Fallibledecisions

Interactions withlocal events

LF

LF

LF

AF

AFLF

AF = active failuresLF = latent failures

Figure 8: SCM Mark I (pathological aspects)

7.3. NORMATIVE MODEL OF ORGANISATIONS

The conceptual ancestry of this version of the SCM is a normative model of what an organisation is. Organisations, whether they are a result of natural evolution or design, generally function in a hierarchical fashion. This means that actions, decisions and directives made at a higher level are passed on to a lower level, where they either are implemented directly, or interpreted in some way before they are passed on to the next level below, etc. The basic principle of organisational control is simply that higher levels control what happens at lower levels, although control more often is in terms of goals (objectives) and criteria than instructions that must be carried out to the letter.

The normative model of organisational functions is easily seen if instead of Figure 8 we use the benign version of the Mark I SCM (Figure 1). The result is then: Plant and corporate management decisions, line management, preconditions (for work), productive activities, and defences. It is, indeed, this normative model that is the very basis for the principle used to explain accidents as failures at anyone of these stages: management decisions propagate downwards and progressively turn into productive activity; Bad management decisions propagate downwards and progressively turn into unsafe activity, and possibly accidents.

Real life may, however, often differ from the norm and this is not least the case for organisations. On way in which this is recognised is the distinction between the formal and informal organisation. The normative model of an organisation can therefore not be taken as universally valid. The actual way in which something happens may differ from what is prescribed – and normally does – although the outcome may still be the intended one. Similarly, the “historical” account of a given event may also be more complex than the formal model, for instance because decisions at the higher levels may come about as a response to events at the sharp end, such as a revision of procedures after an accident.


SCM – Mark II

§  The Mark II model was developed in the early to mid-1990s. §  It reduced the four productive planes to three (organization,

workplace, person)

§  It extended the single defensive layer to three layers. §  The aim here was to allow more specificity with regard to

the influences at each level.

§  Distinguished errors and violations and their corresponding provocative factors

§  The organization box now included corporate culture and organizational processes as well as management decisions.

§  A separate latent failure path leading from the organization box to the defenses.

17


Swiss Cheese Model -Mark II

18

Management Decisions

Organizational

Processes

Corporate Cultures, etc

Error

producing conditions

Violation

producing conditions

Error

Violations

Organization Workplace Person Defenses

Latent Failure Pathway

Accident is seen as the consequence of a series of deficiencies


SCM – Mark III

§  The Mark III version of the model appeared in Managing the Risks of Organizational Accidents (Reason, 1997)

§  It started with the premise that any model of accident causation must have three basic elements: hazards, defenses and losses

§  The ‘planes’ are now represented as undisguised Swiss cheese slices. They include all the many barriers, defenses, safeguards and controls that any given system might possess.

§  An important addition was an explanation of how the holes, gaps or weaknesses arise

19


SCM – Mark III

20

EUROCONTROL Revisiting the « Swiss Cheese » Model of Accidents

8 Project Safbuild - EEC Note No. 13/06

WHAT?

HOW?

WHY?Unsafe acts

Local workplace factors

Organisational factors

LossesHazards

Defences

Latentconditionpathways

Causes

Investigation

Figure 5: the Mark 3 version


SCM-Limitations

SCM has an indisputable value as a means of communication, as a heuristic explanatory device.

However, §  Accidents come in many sizes, shapes and forms. One

model cannot represent all.

§  SCM is best characterized as a weak predictive model §  SCM is clearly less ambitious than other prediction methods

§  SCM provides a robust model with low level resolution

21


Tripod-Delta

§  Basic risk factors (BFRs): "... those features of an operation that are wrong and have been so for a long time, but remain hidden because their influences do not surface without a local trigger" (Wagenaar et aI., 1990)

§  Tripod-Delte defines 11 BFR’s

22

Basic Risk Factor(BRF)

Hazards

Unsafe Acts

Accidents, incidents,

losses

Measure and control

Minimize

Train & Motivate Learn from

Identify and confirm BRF

Inspect & Improve


Basic Risk Factors of Tripod Delta BFR Definition

1 Hardware Poor quality, condition, suitability or availability of materials, tools, equipment, or components.

2 Design Ergonomically poor design of tools or equipment

3 Maintenance management

No or inadequate performance of maintenance tasks and repairs.

4 Housekeeping No or insufficient attention given to housekeeping

5 Error-enforcing conditions

Unsuitable physical performance of maintenance tasks and repairs.

6 Procedures Insufficient quality or availability of procedures

7 Incompatible goals Employees choose between rules and the pursuit of production, financial, political, social, or individual goals on the other.

8 Communication No or ineffective communication between the various parties

9 Organization Shortcomings in the organization’s structure, philosophy, processes, or management strategies

10 Training No or insufficient competence or experience among employees

11 Defenses No or insufficient protection of people, material, and environment

23


Systematic Accident Model

•  Rasmussens •  It is based on control theoretic concepts. This AM has

organizational, management, and operational frameworks that signify as the preconditions of accidents

•  AcciMap Rasmussen's model •  It is a modification of Rasmussen's model. This model

focuses on control of the hazardous process of the socio-technical system

•  STAMP •  CREAM, FRAM, DREAM


SHIPP Accident Model

!!!

RPB!

DPB!

Serious(Accident(

Accident(

Incident(

Mishap(

Near4Miss(

Safe((

IPB!

EPB!

DC&MPB!

Process(And/or(External(Deviation(

End States estimated using Event Tree Analysis

Failure Probability are estimated using Fault Tree Analysis

Estimation and Prediction Capability Provided by Bayesian Approach


PICAM

26

RPB

DPB

IPB

TPB

EPB

DC &

EMB

Human Prevention Barrier (HPB)

Human Prevention Barrier

Management & Organization Prevention Barrier

Management & Organization Prevention Barrier

International Manmade & Security Barrier

International Manmade & Security Barrier

Natural Events Prevention Barrier

Natural Events Prevention Barrier

Normal (Safe) Operation

Termination /Serious Accident


END

Accident Models - WordPress.com€¦ · level decision makers, line management, preconditions,...

Documents

Transcript of Accident Models - WordPress.com€¦ · level decision makers, line management, preconditions,...