Lecture 11 - Incident or Accident Causation Flashcards
Define failure
- Something going wrong, not going/working as planned such as:
human (i.e. errors),
organisational,
technical (faults)
Define accident
Event where a failure or combination of several failures eventually leads to at least some undesired negative consequences
Define near miss
Event where an accident could have occurred, but all undesired negative consequences have been avoided
Define incident
Term covers both accidents and near misses
Frequent alternative use: for severity levels in between near misses and accidents
Define casual factors
- Those contributing factors (technical faults/human errors/organisational failures) that, if eliminated, would have either prevented the incident or reduced its severity
- Also referred to as immediate or direct causes, not to be confused with (underlying) root causes
- Incidents are usually the result of a combination of several causal factors
- A causal factor may have several root causes
Define root causes
- Deeper underlying causes, explaining why the immediate causal factors could happen
- Contribute to causal factors directly or via intermediate causes
- Identified by repeatedly asking what led to a higher level cause, i.e. asking ‘why could this happen?’ or ‘is this a symptom of an underlying problem?’
- Investigation stopping rule: remain within organisation’s control
- Recommendations should target root causes, not higher level causal factors
Define active/failure errors
- Occur at sharp end of operations with immediate effects (Note similarities with definition of causal factors)
- Mainly technical faults and human error
Define latent failures
- Their effects lie dormant for a long time and only become evident when combined with other factors
- Mainly human factors issues and organisational failures, e.g. less than adequate design, planning, policies, procedures, processes, …
What is Heinrichs domino theory
REFER TO SLIDES
What is Reason’s Swiss cheese model
REFER TO SLIDES
Single vs extended root cause model
Multi-cause joint effects models
REFER TO SLIDES
What is a complex non-linear model
- An increasing number of modern day organisations are often complex, dynamic socio-technical systems with tightly coupled non-linear processes
- Incidents in such systems can not accurately be described with linear accident causation models
- # Two recent attempts to overcome this problem are:
- Systems Theoretic Accident Model and Process (STAMP) see: Leveson, N. G. (2012). Engineering a Safer World. Cambridge: MIT press.
- Functional Resonance Analysis Method (FRAM) see: Hollnagel, E. (2012). FRAM: The Functional Resonance Analysis Method. Farnham: Ashgate.
What is STAMP?
- Systems are interrelated components that are kept in a state of dynamic equilibrium by feedback loops of information and control
- Safety management systems are required to continuously control tasks and impose constraints to ensure system safety
- Accident investigation focuses on why the controls that were in place failed to detect or prevent changes that ultimately lead to an accident
What is FRAM?
The purpose of a FRAM analysis is
- To identify how the system should have functioned for everything to succeed (i.e., “everyday” performance),
- To understand the variability of functions which alone or in combination prevented that from happening
What are the take home messages or incident investigators?
- Choose an incident causation model that suits the system you are investigating to guide your analysis
- Not all organisations/operations are dynamic, complex, tightly coupled!
- Avoid tendency to stop at symptom / immediate cause level and blame people involved, instead be prepared to dig for deeper underlying, often multiple causes
- Address the functioning (or failure) of any built-in safety defences/barriers
- Can be useful to look at normal system functioning as well as functioning during the incident
