Although most companies investigate accidents (and many investigate dangerous incidents in which no one was injured), these investigations are often superficial, and we fail to learn all the lessons for which we have paid the high price of an accident. The facts are usually recorded correctly, but often only superficial conclusions are drawn from them. Identifying the causes of an accident is like peeling an onion. The outer layers deal with the immediate technical causes and triggering events while the inner layers deal with ways of avoiding the hazard and with the underlying weaknesses in the management system (Kletz, Learning from Accidents, 2d ed., Butterworth-Heinemann, 1994).
Dealing with the immediate technical causes of a leak, for example, will prevent another leak for the same reason. If so little of the hazardous material can be used that leaks do not matter or a safer material can be used instead, as previously discussed, all significant leaks of this hazardous material can be prevented. If the management system can be improved, we may be able to prevent many more accidents of other sorts.
Other points to watch when drawing conclusions from the facts are:
1. Avoid the temptation to list causes we can do
little or nothing about. For example, a source of ignition should not be listed
as the primary cause of a fire or explosion, as leaks of flammable gases are
liable to ignite even though we remove known sources of ignition. The cause is
whatever led to the formation of a flammable mixture of gas or vapor and air.
(Removal of known sources of ignition should, however, be included in the
recommendations.) Similarly, human error should not be listed as a cause.
2. Do not produce a long list of recommendations
without any indication of the relative contributions they will make to the
reduction of risk or without any comparison of costs and benefits. Resources
are not unlimited and the more we spend on reducing one hazard, the less there
is left to spend on reducing others.
3. Avoid the temptation to overreact after an accident and install an excessive amount of protective equipment or complex procedures which are unlikely to be followed after a few years have elapsed. Sometimes an accident occurs because the protective equipment available was not used; nevertheless, the report recommends installation of more protective equipment; or an accident occurs because complex procedures were not followed and the report recommends extra procedures. It would be better to find out why the original equipment was not used or the original procedures were not followed.
4. Remember that few, if any, accidents have simple causes.
5. When reading an accident report, look for the things that are not said. For example, a gland leak on a liquefied flammable gas pump caught fire and caused considerable damage. The report drew attention to the congested layout, the amount of redundant equipment in the area, the fact that a gearbox casing had been made of aluminum, which melted, and several other unsatisfactory features. It did not stress that there had been a number of gland leaks on this pump over the years, that reliable glands are available for liquefied gases at ambient temperatures, and, therefore, there was no need to have tolerated a leaky pump on this duty.
As another example, a fire was said to have been caused by
lightning. The report admitted that the grounding was faulty but did not say
when it was last checked, if it was scheduled for regular inspection, if there
was a specification for the resistance to earth (ground), if employees
understood the need for good grounding, and so on.
6. At one time most accidents were said to be due to
human error, and in a sense they all are. If someone—designer, manager,
operator, or maintenance worker—had done something differently, the accident
would not have occurred. However, to see how managers and supervisors can
prevent them, we have to look more closely at what is meant by human error:
a.
Some errors are due to poor training or
instructions: someone did not know what to do. It is a management
responsibility to provide good training and instructions and avoid instructions
that are designed to protect the writer rather than help the reader. However
many instructions are written, problems will arise that are not covered, so
people—particularly operators—should be trained in flexibility—that is, the
ability to diagnose and handle unforeseen situations. If the instructions are
hard to follow, can the job be simplified?
b.
Some accidents occur because someone knows
what to do but makes a deliberate decision not to do it. If possible the job
should be simplified (if the correct method is difficult, an incorrect method
will be used); the reasons for the instructions should be explained; checks
should be carried out from time to time to see that instructions are being
followed; and if they are not, this fact should not be ignored.
c.
Some accidents occur because the job is
beyond the physical or mental ability of the person asked to do it—sometimes it
is beyond anyone’s ability. The plant design or the method of working should be
improved.
d.
The fourth category is the commonest: a
momentary slip or lapse of attention. They happen to everyone from time to time
and cannot be prevented by telling people to be more careful or telling them to
keep their minds on the job. All that can be done is to change the plant design
or method of working to remove opportunities for error (or minimize the
consequences or provide opportunities for recovery). Whenever possible,
user-friendly plants (see above) should be designed which can withstand errors
(and equipment failures) without serious effects on safety (and output and
efficiency).
No comments:
Post a Comment