Accident Models - WordPress.com€¦ · level decision makers, line management, preconditions,...
Transcript of Accident Models - WordPress.com€¦ · level decision makers, line management, preconditions,...
innova&ve ● entrepreneurial ● global www.utm.my
Accident Causation
§ Accidents are acts of God • Earthquakes, hurricanes, flooding, lightning, etc
§ Accident Proneness Theory • Accidents were caused by individuals who were more disposed than
others to being injured • Accident proneness as associated with level of risk taking in
individuals
2
innova&ve ● entrepreneurial ● global www.utm.my
Classification of accident causes
§ Direct causes: • Causes that lead immediately to accident effects. Also called
immediate causes or proximate causes, as they usually result from other, lower-level causes.
§ Root causes • Most basic causes of an accident. The process used to identify and
evaluate root causes is called root cause analysis.
§ Risk-influencing factors • Background factors that influence the causes and/or the
development of an accident.
3
innova&ve ● entrepreneurial ● global www.utm.my
Example: Automobile Accidents
Equipment Failure
Road design
Road maintenance
Weather conditions
Driver behavior
Brakes Tires
Steering and suspension
Visibility Surface
Traffic control devices
Behavioral control devices
Traffic flow
Surface condition (e.g.,
potholes) - Salting and
sanding Maintenance
activities Construction
activities
Snow/ice Rain Wind Fog
Speeding -Violation of
rules ..etc
4
innova&ve ● entrepreneurial ● global www.utm.my
Example of Direct Causes (Boeing airplane accident: 1992-2001)
Causes of Accidents Percentage
Flight crew error 66
Aircraft error (mechanical, electrical, electronic) 14
Weather 10
Air traffic control 5
Maintenance 3
Other (e.g., bombs, hijackings, shoot-downs) 3
5
Source: Statistical Summary of Commercial Jet Airplane Accidents Worldwide Operations 1959-2001, Boeing, Airplane Safety.
innova&ve ● entrepreneurial ● global www.utm.my
Application of Accident Model
§ Tool to predict impacts of accidents
§ Tool to predict occurrence of accidents
§ Tool to assess risks
§ Tool to identify components that are prone to incidents
§ Guidance for planning and implementation of safety initiatives
§ Tool to Investigate Root Cause of Accident
6
innova&ve ● entrepreneurial ● global www.utm.my
Accident Models
7
Al-shanini, A., Ahmad, A. Khan, F. (2014), Accident modelling and analysis in process industries, Loss Prevention in Process Industry, 32,pp 319-334.
Epidemiological Model
Reason’s SCM
Integrating Event-Chain
Domino FMEA ETA
Bow-Tie
FTA CCA
Sequential Model
Systematic Model
Theory Systems
Model
Cognitive Systems
Model
Rasmussen’s Model
Rasmussen’s AcciMapp Model
STAMPP Model
FRAM
CREAM
DREAM
Formal Model
WBA Probabilistic AM
Dynamic Sequential A.M.
DRA PHPAM
SHIPP Offshore O&G
PICAM
Model
FTA (Fault C), ETA (Event Tree Analysis), FMEA(Failure Mode & Effect Analysis), CCA(Critical Consequence Analysis), SCM (Swiss Cheese Model), STAMPP, FRAM, CREAM, DREAM,WBA,PHPAM, DRA(Dynamic Risk Assessment), SHIPP, PICAM (Process Industry Comprehensive Accident Model)
innova&ve ● entrepreneurial ● global www.utm.my
Sequential Accident Model (SAM)
§ All SAMs regard accidents as outcomes of a chain of discrete events that are taken place in a temporal order.
§ Domino theory • Accident sequence as a chain of five discrete events or factors
(social environment, fault of person, unsafe acts or conditions, accident, injury) that if the first factor falls, the four other factors will fall in a domino fashion
§ FTA • Deductive and graphical technique to quantify failure probability of
human and technical systems. It has the capability to represent multi-linear failure causes
§ ETA • Inductive, logical and graphical technique that is used
as standard technique for consequence analysis.
8
innova&ve ● entrepreneurial ● global www.utm.my
Domino Theory - 1931- H.W. Heinrich
Injury, caused by an Accident, due to an Unsafe act and/or mechanical or physical hazard, due to the Fault of the Person, caused by their Ancestry and Social Environment.
Heinrich (1931) - ‘the axioms of industrial safety’. ‘the occurrence of an injury invariably results from a complicated sequence of factors, the last one of which being the accident itself.’ Heinrich HW, Peterson D & Roos N (1980), Industrial Accident Prevention, 5th Edition, Mcgraw Hill, New Yo
innova&ve ● entrepreneurial ● global www.utm.my
Domino Model & Eisenhower
10
President Eisenhower described the potential spread of communism in Asia in 1954
US Foreign policy tool in 1950’s
innova&ve ● entrepreneurial ● global www.utm.my
Loss Causation Model
11
Lost Causation Model (Introduced by Bird in 1970, Bird and Germain, 1986)
• Very few accidents, particularly in large organisations and complex technologies are associated with a single cause.
• The causes of accidents are usually complex and interactive.
innova&ve ● entrepreneurial ● global www.utm.my
Rasmussen & Svedung’s model
12
Root Cause
Causal Chain
HazardousEvent
Event Chain
PersonsAssets
• Root cause: hazard or a threat, or a combination of several hazards/threats. • Causal sequences: loophole in preventive barriers, or the barriers must
have been too weak to withstand the loads from the hazards. • Hazardous event: lead to harm to people, the environment, or other assets • Event sequences: chain reaction due to failure of barriers • Persons, assets: impact of accidents
innova&ve ● entrepreneurial ● global www.utm.my
Fault Tree and Event Tree
13
TOP EVENT
BASIC EVENTS
INTERMEDIATE EVENT
INTERMEDIATE EVENT
BASIC EVENTS
Initiating Event
Success
Failure
Success
Failure
Barrier 1 Barrier 2 Outcome
Success
Failure
OK
Partial Damage
System Destroyed
Partial Damage
FAULT TREE EVENT TREE
innova&ve ● entrepreneurial ● global www.utm.my innova&ve ● entrepreneurial ● global www.utm.my
Epidemiological Model
• The events are propagation analogous as disease spreading.
• Accidents are resulting from a combination of manifest and some latent factors that are taken place together in space and time.
• Accident cause - which can be either immediate or proximal cause - is regarded as people fault either who is involved in the process or interacting with the processes technology
Reason, James (1990-04-12). "The Contribution of Latent Human Failures to the Breakdown of Complex System. Philosophical Transactions of the Royal Society of London. Series B, Biological Sciences 327 (1241): 475–484. doi:10.1098/rstb.
innova&ve ● entrepreneurial ● global www.utm.my
Swiss Cheese Model
• SCM is a heuristic explanatory device
• Single failure, human or technical, is sufficient to cause an accident.
innova&ve ● entrepreneurial ● global www.utm.my
SCM - Mark I
§ Sequence of five ‘planes’ lying one behind the other: top level decision makers, line management, preconditions, productive activities and defenses.
§ Failures can arise at anyone of these levels.
16
Revisiting the « Swiss Cheese » Model of Accidents EUROCONTROL
Project Safbuild - EEC Note No. 13/06 15
The The ““Reason ModelReason Model””: 1990 : 1990 Inadequatedefences
Unsafeacts
Psychologicalprecursors ofunsafe acts
Linemanagementdeficiencies
Senior Management
Fallibledecisions
Interactions withlocal events
LF
LF
LF
AF
AFLF
AF = active failuresLF = latent failures
Figure 8: SCM Mark I (pathological aspects)
7.3. NORMATIVE MODEL OF ORGANISATIONS
The conceptual ancestry of this version of the SCM is a normative model of what an organisation is. Organisations, whether they are a result of natural evolution or design, generally function in a hierarchical fashion. This means that actions, decisions and directives made at a higher level are passed on to a lower level, where they either are implemented directly, or interpreted in some way before they are passed on to the next level below, etc. The basic principle of organisational control is simply that higher levels control what happens at lower levels, although control more often is in terms of goals (objectives) and criteria than instructions that must be carried out to the letter.
The normative model of organisational functions is easily seen if instead of Figure 8 we use the benign version of the Mark I SCM (Figure 1). The result is then: Plant and corporate management decisions, line management, preconditions (for work), productive activities, and defences. It is, indeed, this normative model that is the very basis for the principle used to explain accidents as failures at anyone of these stages: management decisions propagate downwards and progressively turn into productive activity; Bad management decisions propagate downwards and progressively turn into unsafe activity, and possibly accidents.
Real life may, however, often differ from the norm and this is not least the case for organisations. On way in which this is recognised is the distinction between the formal and informal organisation. The normative model of an organisation can therefore not be taken as universally valid. The actual way in which something happens may differ from what is prescribed – and normally does – although the outcome may still be the intended one. Similarly, the “historical” account of a given event may also be more complex than the formal model, for instance because decisions at the higher levels may come about as a response to events at the sharp end, such as a revision of procedures after an accident.
innova&ve ● entrepreneurial ● global www.utm.my
SCM – Mark II
§ The Mark II model was developed in the early to mid-1990s. § It reduced the four productive planes to three (organization,
workplace, person)
§ It extended the single defensive layer to three layers. § The aim here was to allow more specificity with regard to
the influences at each level.
§ Distinguished errors and violations and their corresponding provocative factors
§ The organization box now included corporate culture and organizational processes as well as management decisions.
§ A separate latent failure path leading from the organization box to the defenses.
17
innova&ve ● entrepreneurial ● global www.utm.my
Swiss Cheese Model -Mark II
18
Management Decisions
Organizational
Processes
Corporate Cultures, etc
Error
producing conditions
Violation
producing conditions
Error
Violations
Organization Workplace Person Defenses
Latent Failure Pathway
Accident is seen as the consequence of a series of deficiencies
innova&ve ● entrepreneurial ● global www.utm.my
SCM – Mark III
§ The Mark III version of the model appeared in Managing the Risks of Organizational Accidents (Reason, 1997)
§ It started with the premise that any model of accident causation must have three basic elements: hazards, defenses and losses
§ The ‘planes’ are now represented as undisguised Swiss cheese slices. They include all the many barriers, defenses, safeguards and controls that any given system might possess.
§ An important addition was an explanation of how the holes, gaps or weaknesses arise
19
innova&ve ● entrepreneurial ● global www.utm.my
SCM – Mark III
20
EUROCONTROL Revisiting the « Swiss Cheese » Model of Accidents
8 Project Safbuild - EEC Note No. 13/06
WHAT?
HOW?
WHY?Unsafe acts
Local workplace factors
Organisational factors
LossesHazards
Defences
Latentconditionpathways
Causes
Investigation
Figure 5: the Mark 3 version
innova&ve ● entrepreneurial ● global www.utm.my
SCM-Limitations
SCM has an indisputable value as a means of communication, as a heuristic explanatory device.
However, § Accidents come in many sizes, shapes and forms. One
model cannot represent all.
§ SCM is best characterized as a weak predictive model § SCM is clearly less ambitious than other prediction methods
§ SCM provides a robust model with low level resolution
21
innova&ve ● entrepreneurial ● global www.utm.my
Tripod-Delta
§ Basic risk factors (BFRs): "... those features of an operation that are wrong and have been so for a long time, but remain hidden because their influences do not surface without a local trigger" (Wagenaar et aI., 1990)
§ Tripod-Delte defines 11 BFR’s
22
Basic Risk Factor(BRF)
Hazards
Unsafe Acts
Accidents, incidents,
losses
Measure and control
Minimize
Train & Motivate Learn from
Identify and confirm BRF
Inspect & Improve
innova&ve ● entrepreneurial ● global www.utm.my
Basic Risk Factors of Tripod Delta BFR Definition
1 Hardware Poor quality, condition, suitability or availability of materials, tools, equipment, or components.
2 Design Ergonomically poor design of tools or equipment
3 Maintenance management
No or inadequate performance of maintenance tasks and repairs.
4 Housekeeping No or insufficient attention given to housekeeping
5 Error-enforcing conditions
Unsuitable physical performance of maintenance tasks and repairs.
6 Procedures Insufficient quality or availability of procedures
7 Incompatible goals Employees choose between rules and the pursuit of production, financial, political, social, or individual goals on the other.
8 Communication No or ineffective communication between the various parties
9 Organization Shortcomings in the organization’s structure, philosophy, processes, or management strategies
10 Training No or insufficient competence or experience among employees
11 Defenses No or insufficient protection of people, material, and environment
23
innova&ve ● entrepreneurial ● global www.utm.my innova&ve ● entrepreneurial ● global www.utm.my
Systematic Accident Model
• Rasmussens • It is based on control theoretic concepts. This AM has
organizational, management, and operational frameworks that signify as the preconditions of accidents
• AcciMap Rasmussen's model • It is a modification of Rasmussen's model. This model
focuses on control of the hazardous process of the socio-technical system
• STAMP • CREAM, FRAM, DREAM
innova&ve ● entrepreneurial ● global www.utm.my
SHIPP Accident Model
!!!
RPB!
DPB!
Serious(Accident(
Accident(
Incident(
Mishap(
Near4Miss(
Safe((
IPB!
EPB!
DC&MPB!
Process(And/or(External(Deviation(
End States estimated using Event Tree Analysis
Failure Probability are estimated using Fault Tree Analysis
Estimation and Prediction Capability Provided by Bayesian Approach
innova&ve ● entrepreneurial ● global www.utm.my
PICAM
26
RPB
DPB
IPB
TPB
EPB
DC &
EMB
Human Prevention Barrier (HPB)
Human Prevention Barrier
Management & Organization Prevention Barrier
Management & Organization Prevention Barrier
International Manmade & Security Barrier
International Manmade & Security Barrier
Natural Events Prevention Barrier
Natural Events Prevention Barrier
Normal (Safe) Operation
Termination /Serious Accident
innova&ve ● entrepreneurial ● global www.utm.my innova&ve ● entrepreneurial ● global www.utm.my
END