| The Investigation Process Research Resource Site |
A Pro Bono site with hundreds of resources for Investigation Investigators
|Home Page||Site Guidance||FAQs||Old News||Site inputs||Forums|
to advance the
Search site for::
Launched Aug 26 1996.
GUIDELINES FOR INVESTIGATING CHEMICAL PROCESS INCIDENTS
This publication holds itself out to present "techniques for investigating incidents of a serious nature, whether they result in accidents or not, whether they have in plant or off-plant consequences, or whether they are characterized by actual or potential loss of life and/or property or damage to the environment. Guidance is also presented for the initial establishment of an investigation team and establishment and evaluation of a management system for incident investigation. Lastly an annotated bibliography is included for safety professionals who may wish to refer to the many books available on incident investigation.
The books says major components in the investigation of an incident are
The stated objective of the guidebook is to provide a technical foundation for systematic investigations in order to prevent recurrences of incidents. Investigations take place within the context of a Process Safety Management system, providing the "feedback loop" in that system. (p1)
The stated objective of incident investigation is to prevent a recurrence. This is to be accomplished by establishing a management system that identifies and evaluates causes (root causes and contributing causes), identifies and evaluates recommended preventive measures that act to reduce the probability and/or consequence, and ensure effective follow-up action to complete and/or review all recommendations. (p1)
The basic framework for a process safety incident investigation (PSII) is claimed to be represented by a well defined, basic incident terminology , a recognized incident theory , and an incident classification scheme . Chapters include an Introduction, Basic Investigation Techniques, Investigating Process Safety Incidents, Practical Investigation Considerations: Gathering Evidence, Multiple Cause Determination, Recommendations and Follow-through, Formal Reports and Communications Issues, and Development and Implementation. Appendices present examples.
These elements are often lacking in other investigation publications.
Each creates significant problems if the Guidelines are followed. They are important because while the guidelines may result in better investigations than at present, the potential value and effectiveness of investigations within organizations will not be achieved efficiently, consistently and verifiably by following this guidance.
The cliche highlighted on p 69 "process safety incidents are the result of management system failures" will not exactly make managers eager to jump through hoops to support the recommended investigation program, particularly with the other weaknesses described below. As investigators intensify their search for management system failures, managers would be well advised to scrutinize investigation system failures - as indicated by continuing incidents and accidents - equally thoroughly.
A summary of incident theories (page 17) confuses (a) theories about the nature of the accident or incident phenomenon with (b) theories of accident or incident causation. By glossing over these differences, the Guidelines bounce between developing descriptions of what happened and determining causes. This confuses the Guidance, as on page 165,where a diagram of what happened is presented as events and conditions that led to the major incident. Causes depend on how data from case are interpreted, which in turn depends on experiences among the team. Other examples of the resultant confusion are found throughout the Guidelines.
The Guidelines describe in summary detail the many investigation techniques considered, but there is no evidence that they were applied competitively to determine relative merits of each in the context of the systems theory of incidents. Without any evidence to show that the differences in the investigation work products and results achieved were tried, it is impossible to verify that the methodology selected, which just happens to be one used by one the members of the committee that was responsible for the Guidelines, is more meritorious than any of the others. The summaries of techniques developed are not related to the incident model, and in some cases misdescribe the techniques and their application in Table 2-1, and miscategorize the techniques in the text.
Unfortunately, in its discussion of incident theories or causation theories, the text does not describe
Most differences and controversies arise over the subjectively-determined root or prime or contributing or multiple or immediate or proximate or other causes and subjective judgments or opinions about problems and recommendations. The main deficiency of root cause concepts, for example, is cited on p 129 of the text, but the cure is subjective and dependent on defining and selecting still another type of cause - prime cause of the incident. Causation theory and cause-based thinking leads to such a tangled web of ambiguity, abstractions and opinions!!
Secondly, investigations cost money. If the objective is to prevent only similar accidents or a recurrence (p 127), you limit the potential for the broader risk reduction and performance improvement you should expect from your investment in any investigation. The Root cause analysis fad only feeds the silver bullet mind set. Maximizing the cost/benefit ratio by expanding the benefits and uses of investigation outputs is not well served by RCA. Descriptive rather than abstract outputs are needed to aid in improving longer term process design or operations, efficiencies, costs, training, personnel selection, and more (page 6) - plus a way to track these results. They should be demanded for any investigation program. These programs should pay their way in a demonstrable way. but unlike other aspects of a business, demonstrations of investigation payouts are rarely demanded or monitored.
Third, there seems to be no provision for investigating near miss disruptions or incidents to discover how and why they were successfully managed to prevent even greater losses. Such incidents can be viewed as successes, in that larger losses did not occur. The search for actions that aborted the accident processes successfully to prevent larger losses seems to be ignored in the Guidelines, yet these data can provide insights into timely process improvements by building on the successes observed.
Other terminology deficiencies include pejorative and abstract words which reflect the conceptual weaknesses. Human or operator error is an example of a commonly used but pejorative and abstract term. It is the term resulting from a subjective investigator conclusion - imputing blame and fault (as in the case study on page 19.) From the perspective of the person who is charged with erring in situations similar to the wind shear experiences encountered by pilots, this is not constructive. It results from what is called the investigator's retrospective fallacy so well described by Diane Vaughan in The Challenger Launch Decision. Similarly an ambiguously defined "failure" - without a clear description of what everything and everyone else involved actually did and was supposed to do - is pejorative to the person(s) who designed, used, made or maintained a failed device. An investigator can not determine whose or what behavior to change until you know the involved actors and the behaviors that produced the outcome.
The gravest risk is that use of these terms allows an investigator to mask a lack of understanding of what exactly happened and why it happened due to their inadequate investigation methods, knowledge or skills..
The detail in which a "failure" is ultimately described drives the remedial actions. Recommendations for future actions require someone to do something differently. The guidelines do not specifically speak to finding the specific behaviors to be changed, the rationale for describing them as problems, and the definition of what behavior should be substituted are not addressed in these terms. The guidelines also use the passive voice frequently in describing the sequence of events, as in the model application in Appendix F, for example..
Failure, human error and the passive voice are typically used by novice because they don't know any better, or arrogant and undisciplined investigators who should know better. When used by experienced investigators they typically hide uncertainties or incomplete or sloppy investigation practices. Advanced investigation programs do not tolerate these kinds of pejorative words, abstractions or ambiguities and their usages.
Another problem is that in a section on recommendation development (page 171) the Guidelines advocate identifying some failures as a cause, and addressing them with a recommended preventive action item or comment. This implies that only some failures will qualify as root causes. How can an investigator select and logically justify the "right" failures to promote as root causes?
One vital area of judgment calls during investigations that is completely overlooked in the Guidelines is the judgments made to select how investigators observations during investigations will be documented. The transformation of an observation into a data item for the investigation is ignored, yet it is an essential knowledge and skill need for investigators. This further compounds the lack of definitions of evidence and facts, and thus ignores the need for rigorously tested conclusions. A glimpse at the diverse nature of the contents of boxes in the illustrative charts discloses the inconsistencies in the data used, and the need to address this need in a good investigation program.
The format simply does not accommodate all the interactions that occur during an incident or accident, and compel investigators to apply a linear thinking process model. Additionally, even all-AND-gated trees pose difficulties in defining systems for problem and recommendation analyses. Properly disciplined flow charts describing who or what did what when are able to overcome these difficulties, but they are not detailed in the book.
A fault tree used to illustrate the handling of data shows OR logic gates to some of the blocks. OR gates point to incompleted investigation tasks and thus unsubstantiated hypotheses. Yet the Guidelines leap to conclusions about faulty management system breakdowns as root causes, without defining and verifying what actions broke down, and why they did so. This example shows clearly how techniques can be used inappropriately during investigations.
Time lines for recording events are illustrated but data used in the time lines are not disciplined for consistency of form or content in the examples. Timing relationships among parallel events are not accommodated. The events are presented in serial format which can not support rigorous sequential and necessary/sufficient logic testing to establish unambiguous, verifiable cause-effect relationships.
The lack of comprehensive discussion about the process by which investigators discover, define, evaluate and select problems to be addressed by recommendations is a significant omission. The Guidelines assume failures will point to root causes. Theoretically, all interactions required to produce the observed output in an incident or accident scenario must have occurred. The Guidelines propose looking for a recommendation for each "cause" or (underlying cause? Root cause?) which is a subjective and usually an ambiguous problem definition. What about a look at other interactions that were not selected to be called a failure or cause? No mention is made of the more efficient ways to define and rank the problems indicated by unwanted interactions in terms of the vulnerability or efficiency of future operations if they are not fixed, and to determine if they should be addressed with recommendations. The weighting, weighing and trade-off elements of this decision process are not addressed.
The difficulties resulting from the uncritical acceptance of subjective experience-based conclusions about evidence, facts, cause, and failures
Unfortunately, the deficiencies detract from the potential effectiveness of the Guidance when it is applied. If effective, efficient, consistent, verifiable and lasting organization-wide improvements are being sought from investigations, in my opinion they are not likely to be achieved by implementing the Guidelines without changes. At a minimum, make changes necessary to remedy the shortcomings described above. Other needs for refinement of the Guidelines will be observed as objective, logical and replicable investigation and work product quality assurance procedures are instituted.
The views represent those of the author only.