Managing Risk: the Human Element combines descriptive and explanatory text with theoretical and mathematical analysis, offering important new concepts that can be used to improve the management of risk, trend analysis and prediction, and hence affect the accident rate in technological industries. It uses examples of major accidents to identify common causal factors, or echoes, and argues that the use of specific experience parameters for each particular industry is vital to achieving a minimum error rate as defined by mathematical prediction. New ideas for the perception, calculation and prediction of risk are introduced, and safety management is covered in depth, including for rare events and unknown outcomes

Managing Risk: the Human Element is an essential read for professional safety experts, human reliability experts and engineers in all technological industries, as well as risk analysts, corporate managers and statistical analysts. It is also of interest to professors, researchers and postgraduate students of reliability and safety engineering, and to experts in human performance.

congratulations on what appears to be, at a high level of review, a significant contribution to the literatureI have found much to be admired in (your) researchMr. Joseph Fragola Vice President of Valador Inc.

The book is not only technically informative, but also attractive to all concerned readers and easy to be comprehended at various level of educational background. It is truly an excellent book ever written for the safety risk managers and analysis professionals in the engineering community, especially in the high reliability organizationsDr Feng Hsu, Head of Risk Assessment and Management, NASA Goddard Space Flight Center

I admire your courage in confronting your theoretical ideas with such diverse, ecologically valid data, and your success in capturing a major trend in them.I should add that I find all this quite inspiring . The idea that you need to find the right measure of accumulated experience and not just routinely used calendar time makes so much sense that it comes as a shock to realize that this is a new idea,Professor Stellan Ohlsson, Professor of Psychology, University of Illinois at Chicago

Romney B. Duffey, Principal Scientist, Research and Product Development, Chalk River, Atomic Energy of Canada Ltd.
Romney B. Duffey is a leading expert in commercial nuclear reactors and is active in global environmental and energy studies and in advanced system design. He is currently Principal Scientist for AECL (Canada), having previously held a number of leadership roles within the US utility industry and in government laboratories and programs. He is a past chair of the American Society of Engineers' Nuclear Engineering Division, and the American Nuclear Society's Thermal Hydraulics Division. He has authored over 200 papers and articles.

John W. Saull, Executive Director, International Federation of Airworthiness, UK.
John W. Saull is an internationally renowned aeronautical engineer with over 45 years' experience in commercial aircraft certification, manufacturing, maintenance, personnel licensing and flight operations, and is a leading expert in safety management and human error. He is currently Executive Director of the International Federation of Airworthiness, having retired from his position as Chief Surveyor and Head of Operating Standards at the Civil Aviation Authority in 1996. He is currently a member of a number of international safety committees dealing with maintenance and human factors, and continues to be involved in organizing air safety conferences and chairing technical sessions.

About the Authors

Preface

Acknowledgements

Defi nitions of Risk and Risk Management

Introduction: The Art of Prediction and the Creation of Order

Risk and Risk Management

Defi ning Risk

Managing Risk: Our Purpose, Plan and Goals

Recent Tragic Outcomes

Power Blackouts, Space Shuttle Losses, Concorde Crashes,Chernobyl,Three Mile Island and More . . .

How Events and Disasters Evolve in a Phased Development: The Human Element

Our Values at Risk: The Probable Improvement

Probably or Improbably Not

How this Book is Organised

References

Technical Summary

Defi ning the Past Probability

Predicting Future Risk: Sampling from the Jar of Life

A Possible Future: Defi ning the Posterior Probability

The Engineers Have an Answer: Reliability

Drawing from the Jar of Life: The Hazard Function and Species Extinction

Experiencing Failure: Engineering and Human Risk and Reliability

Experience Space

Managing Safely: Creating Order out of Disorder Using Safety Management Systems

Describing the Indescribable: Top-Down and Bottom-Up

What an Observer will Observe and the Depth of our Experience

References

1 The Universal Learning Curve

Predicting Tragedies, Accidents and Failures: Using the Learning Hypothesis

The Learning Hypothesis: The Market Place of Life

Learning in HTSs: The Way a Human Learns

Evidence of Risk Reduction by Learning

Evidence of Learning from Experience: Case Studies

Evidence of Learning in Economics

Evidence of Learning in Engineering and Architecture: The Costs of Mistakes

Learning in Technology: the Economics of Reducing Costs

Evidence of Learning Skill and Risk Reduction in the Medical Profession: Practice Makes Almost Perfect

Learning in HTSs: The Recent Data Still Agrees

The Equations That Describe the Learning Curve

Zero Defects and Reality

Predicting Failures: The Human Bathtub

Experience Space: The Statistics of Managing Safety and of Observing Accidents

Predicting the Future Based on Past Experience: The Prior Ignorance

Future Events: the Way Forward Using Learning Probabilities

The Wisdom of Experience and Inevitability

The Last, First or Rare Event

Conclusions and Observations: Predicting Accidents

References

2 The Four Echoes

Power Blackouts, Space Shuttle Losses, Concorde Crashes, and theChernobyl andThree Mile Island Accidents

The Combination of Events

The Problem Is the Human Element

The Four Echoes Share the Same Four Phases

The First Echo: Blackout of the Power Grid

Managements Role

The First Echo: Findings

ErrorState Elimination

The Second Echo: Columbia/Challenger

The Results of the Inquiry: Prior Knowledge

The Second Echo: The Four Phases

Managements Responsibility

ErrorState Elimination

The Third Echo: Concorde Tires and SUVs

Tire Failures: the Prior Knowledge

The Third Echo: The Four Phases

Managements Responsibility

ErrorState Elimination

The Fourth Echo:Chernobyl

TheChernobyl Accident: An Echo ofThree Mile Island

The Consequences

Echoes ofThree Mile Island

The Causes

ErrorState Elimination

The Fourth Echo: The Four Phases

Regulatory Environment and Practices

Case study: Regulation in Commercial Aviation

a) Regulations Development

b) Compliance Standards

c) Accident Investigation

Addressing Human Error

Management Responsibilities

Designing to Reduce Risk and the Role of Standards

Conclusion and Echoes: Predicting the Unpredictable

References

3 Predicting Rocket Risks and Refi nery Explosions: Near Misses, Shuttles, Safety and Anti-Missile Defence Systems Effectiveness

Learning from Near Misses and Prior Knowledge

Problems in Quantifying Risk: Predicting the Risk for the Next ShuttleMission

Estimating a PossibleRange ofLikelihoods

Learning from Experience: Maturity Models for Future SpaceMission Risk

Technology versus Technology

Missiles Risks overLondon: The German Doodlebug

Launching Missile Risk

The Number of Tests Required

Estimating the Risk of a Successful Attack and How Many Missiles We Must Fire

Uncertainty in the Risk of Failing to Intercept

What Risk Is There of a Missile Getting Through: Missing the Missile

Predicting the Risk of Industrial Accidents: TheTexas City Refinery Explosion

From Lagging to Leading: Safety Analysis and Safety Culture

Missing Near Misses

What these Risk Estimates Tell Us: The Common Sense Echo

References

4 The Probability of Human Error: Learning in Technological Systems

What We Must Predict

The Probability Linked to the Rate of Errors

The Defi nition of Risk Exposure and the Level of Attainable Perfection

Comparison to Conventional Social Science and Engineering Failure and Outcome Rate Formulations

The Learning Probabilities and the PDFs

The Initial Failure Rate and its Variation with Experience

The Best MERE Risk Values

Maximum and Minimum Likely Outcome Rates

Standard Engineering Reliability Models Compared to the MERE Result

Future Event Estimates: The Past Predicts the Future

Statistical Bayesian-Type Estimates: The Impact of Learning

Maximum and Minimum Likelihood

Comparison to Data: The Probability of Failure and Human Error

Comparison of the MERE Result to Human Reliability Analysis

Implications for Generalised Risk Prediction

Conclusions: The Probable Human Risk

References

5 Eliminating Mistakes: The Concept of Error States

A General Accident Theory:ErrorStates and Safety Management

The Physics of Errors

The Learning Hypothesis and the General Accident Theory

Observing Outcomes

A Homage to Boltzmann: Information from the Grave

The Concept of Depth of Experience and the Theory of Error States

The Fundamental Postulates ofErrorState Theory

The Information in Error States: Establishing the Risk Distribution

The Exponential Distribution of Outcomes, Risk andErrorStates

The Total Number of Outcomes

The Observed Rate and the Minimum Number of Outcomes

Accumulated Experience Measures and Learning Rates

The Average Rate

Analogy and Predictions: Statistical Error Theory and Learning Model Equivalence

The Infl uence of Safety Management and Regulations: Imposing Order on Disorder

The Risk of Losing a Ship

Distribution Functions

The Most Probable and Minimum Error Rate

Learning Rates and Experience Intervals: The Universal Learning Curve

Reducing the Risk of a Fatal Aircraft Accident: the Infl uence of Skill and Experience

Conclusions: A New Approach

References

6 Risk Assessment: Dynamic Events and Financial Risks

Future Loss Rate Prediction: Ships and Tsunamis

Predicted Insurance Rates for Shipping Losses: Historical Losses

The Premium Equations

Financial Risk: Dynamic Loss and Premium Investments

Numerical Example

Overall Estimates of Shipping Loss Fraction and Insurance Inspections

The Loss Ratio: Deriving the Industrial Damage Curves

Making Investment Decisions: Information Drawing from the Jar of Life

Information Entropy and Minimum Risk

Progress and Learning in Manufacturing

Innovation in Technology for the Least Product Price and Cost: Reductions During Technological Learning

Cost Reduction in Manufacturing and Production: Empirical Elasticity Power Laws and Learning Rates

A New General Formulation for Unit Cost Reduction in Competitive Markets: the Minimum Cost According to a Black-Scholes Formulation

Universal Learning Curve: Comparison to the Usual Economic Power Laws

The Learning Rateb-Value Elasticity Exponent Evaluated

Equivalent Average Total Costb-Value Elasticity

Profi t Optimisation to Exceed Development Cost

The Data Validate the Learning Theory

a) Aircraft Manufacturing Costs Estimate Case

b) Photovoltaic Case

c) Air Conditioners Case

d) Ethanol Prices Case

e) Windpower Case

f) Gas Turbine Power Case

g) The Progress Curve for Manufacturing

Non-Dimensional UPC and Market Share

Conclusions: Learning to Improve and Turning Risks into Profits

References

7 Safety and Risk Management Systems: the Fifth Echoes

Safety Management Systems: Creating Order Out of Disorder

Workplace Safety: The Four Rights, Four Wrongs and Four Musts

Acceptable Risk: Designing for Failure and Managing for Success

Managing and Risk Matrices

Organisational Factors and Learning

A Practical Safety Culture Example: The Fifth Echo

Safety Culture and Safety Surveys: The Learning Paradox

Never Happening Again: Perfect Learning

Half a World Apart: Copying the Same Factors

Using a Bucket: Errors in Mixing at the JCO Plant

Using a Bucket: Errors in Mixing at theKeanCanyon Explosives Plant

The Prediction and Management of Major Hazards: Learning from SMS Failures

Learning Environments and Safety Cultures: The Desiderata of Desires

Safety Performance Measures: Indicators and Balanced Scorecards

Safety and Performance Indicators: Measuring the Good

Human Error Rates Passing Red Lights, Runway Incursions and Near Misses

Risk Informed Regulation and Degrees of Goodness: How Green is Green?

Modelling and Predicting Event Rates and Learning Curves Using Accumulated Experience

Using the Past to Predict the Future: How Good is Good?

Reportable Events

Scrams and Unplanned Shutdowns

Common Cause Events and Latent Errors

Performance Improvement: Case-by-Case

Lack of Risk Reduction: Medical Adverse Events and Deaths

New Data: Sentinel Events, Deaths and Blood Work

Medication Errors in Health Care

Organisational Learning and Safety Culture: the H-Factor

Risk Indicator Data Analysis: A Case Study

Meeting the Need toMeasure Safety Culture: the Hard and the Soft Elements

Creating Order from Disorder

References

8 Risk Perception: Searching for the Truth Among all the Numbers

Perceptions and Predicting the Future: Risk Acceptance and Risk Avoidance

Fear of the Unknown: The Success Journey into What We Do or Do Not Accept

A Possible Explanation of Risk Perception: Comparisons of Road and Rail Transport

How Do We Judge the Risk?

Linking Complexity, Order, Information Entropy and Human Actions

Response Times, Learning Data and the Universal Laws of Practice

The Number and Distribution of Outcomes: Comparison to Data

Risk Perception: Railways

Risk Perception: Coal Mining

Risk Perception: Nuclear Power inJapan

Risk Perception: Rare Events and Risk Rankings

Predicting the Future Number of Outcomes

A Worked Example: Searching out and Analysing Data for Oil Spills

Typical Worksheet

Plotting the Data

Fitting a Learning Curve

Challenging Zero Defects

Comparison of Oil Spills to other Industries

Predicting the Future: the Probability and Number of Spills

Observations on this Oil Spill Case

Knowing What We Do Not Know: Fear and Managing the Risk of the Unknown

White and Black Paradoxes: Known Knowns and Unknown Unknowns

The Probability of the Unknowns: Learning from What We Know

The Existence of the Unknown: Failures in High Reliability Systems

The Power of Experience: Facing Down the Fear of the Unknown

Terrorism, Disasters and Pandemics: Real, Acceptable and Imaginary Risks

Estimating Personal Risk of Death: Pandemics and Infectious Diseases

Sabotage: Vulnerabilities, Critical Systems and the Reliability of Security Systems

What Is the Risk?

The Four Quadrants: Implications of Risk for Safety Management Systems

References

9 I Must Be Learning

Where We Have Come From

What We Have Learned

What We Have Shown

Legal, Professional and Corporate Implications for the Individual

Just Give Me the Facts

Where We Are Going

Reference

Nomenclature

Appendices:

Appendix A: The Human Bathtub: Predicting the Future Risk

The Differential Formulation for the Number of Outcomes

The Future Probability

Insuffi cient Learning

Appendix B: The Most Risk, or Maximum Likelihood, for the Outcome (Failure or Error) Rate while Learning

The Most or Least Likely Outcome Rate

The Maximum and Minimum Risk: The Two Solutions

Low Rates and Rare Events

The Limits of Maximum and Minimum Risk: The Two Solutions

Common Sense: The Most Risk at the Least Experience and the Least Risk as the First Outcome Decreases with Experience

Typical Trends in Our Most Likely Risk

The Distribution with Depth of Experience

References

Appendix C: Transcripts of the Four Echoes

Power Blackout, Columbia Space Shuttle loss, Concorde Crash and Chernobyl Accident

The Combination of Events

The Four Echoes Share the Same Four Phases

Appendix. Blackout Chronology and the Dialog from Midday 14 August 2003

The Second Echo: Columbia/Challenger

Appendix: Shuttle Dialog and Transcripts

The Third Echo: Concorde Tires and SUVs

Appendix: Dialog for the Concorde Crash

The Fourth Echo: TMI/Chernobyl

Appendix: Chronology and Transcripts of theChernobyl Reactor Unit 4 Accident

Conclusion and Echoes: Predicting the Unpredictable

Appendix D: The Four Phases: Fuel Leak Leading to Gliding a Jet in to Land without any Engine Power

The Bare Facts and the Sequence

The Four Phases

Flight Crew Actions

Initial Recognition of the Fuel Loss

Crew Reaction to the Fuel Imbalance Advisory (05:3305:45)

Crew Reaction to the Continued Fuel Loss (05:4506:10)

Crew Reaction to the (Two) Engine Failures

References

Appendix E: The Four Phases of a Midair Collision

The Bare Facts

The Four Phases

References

Appendix F: Risk From the Number of Outcomes We Observe: How Many Are There?

The Number of Outcomes: The Hypergeometric Distribution

Few Outcomes and many Non-Outcomes: The Binomial and Poisson Distributions

The Number of Outcomes: In the Limit

The Perfect Learning Limit: Learning from Non-Outcomes

The Relative Change in Risk When Operating Multiple Sites

References

Appendix G: Mixing in a Tank: The D.D. Williamson Vessel Explosion

Errors in Mixing in a Tank at the Caramel Factory: The Facts

The Prior Knowledge

Another Echo

References

Appendix H: Never Happening Again

The Risk of an Echo, or of a Repeat Event

The Matching Probability for an Echo

The Impact of Learning and Experience on Managing the Risk of Repeat Events

The Theory of Evidence: Belief and Risk Equivalence

References

Appendix I: A Heuristic Organisational Risk Stability Criterion

Order and Disorder in Physical and Management Systems

Stability Criterion

References

Appendix J: New Laws of Practice for Learning and Error Correction

Individual Learning and Practice

Comparison to Error Reduction Data

Comparison to Response Time Data and the Consistent Law of Practice

Reconciling the Laws

Conclusions

References

Appendix K: Predicting Rocket Launch Reliability Case Study

Summary

Theory of Rocket Reliability

a) Unknown Total Number of Launches and Failures

b) Known Total Number of Launches and Failures

Results

Measures of Experience

Comparsion to World Data

Predicting the Probability of Failure

Statistical Estimates of the Failure Probability for the Very next launch

Independent Validation of the MERE Launch Failure Curve

Observations

References

Illustrations

Pipeline Spill and Fire

Train Crash Due to SPAD

Space ShuttleColumbia

Chemical Explosion

Bayes, Laplace and Bernouli

KeanCanyon Explosion

Boltzmanns Grave

Quebec Overpass

Index