Root Cause Failure Analysis. Trinath Sahoo

Root Cause Failure Analysis - Trinath Sahoo


Скачать книгу
human error.

Accident, industry and date consequences Human contribution and other cause
Union Carbide Bhopal, 1984 (Chemical Unit) The plant released a cloud of toxic methyl isocyanate. Death toll was 2500 and over one quarter of the city's population was affected by the gas. The leak was caused by a discharge of water into a storage tank. This was the result of a combination of operator error, poor maintenance, failed safety systems, and poor safety management.
Space Shuttle Challenger 1986 (Aerospace) An explosion shortly after lift‐off killed all seven astronauts on board An O‐ring seal on one of the solid rocket boosters split after take‐off releasing a jet of ignited fuel. Inadequate response to internal warnings about the faulty seal design. Decision taken to go for launch in very cold temperature despite faulty seal. Decision‐making result of conflicting scheduling/safety goals, mindset, and effects of fatigue.
Piper Alpha 1988 (Offshore) 167 workers died in the North Sea after a major explosion and fire on an offshore platform Formal inquiry found a number of technical and organizational failures. Maintenance error that eventually led to the leak was the result of inexperience, poor maintenance procedures, and poor learning by the organization. There was a breakdown in communications and the permit‐to work system at shift changeover, and safety procedures were not practiced sufficiently
Texaco Refinery, 1994 (Petroleum Industry An explosion on the site was followed by a major hydrocarbon fire and a number of secondary fires. There was severe damage to process plant, buildings and storage tanks. 26 people sustained injuries, none serious. The incident was caused by inflammable hydrocarbon liquid being continuously pumped into a process vessel that had its outlet closed. This was the result of a combination of: an erroneous control system reading of a valve state, modifications which had not been fully assessed, failure to provide operators with the necessary process overviews and attempts to keep the unit running when it should have been shut down.

      Active failures‐ Active failures are the acts or conditions precipitating the incident situation. Active failures have an immediate consequence and are usually made by front‐line people such as drivers, control room staff or machine operators. In a situation where there is no room for error, these active failures have an immediate impact on failure.

      Latent failures‐ Though active failures are the acts or conditions precipitating the incident situation. Latent human error is made due to systems or routines that are formed in such a way that humans are disposed to making these errors.

      Active Failures

      There are 3 types of active human error:

       Slips and lapses – made inadvertently by experienced operators during routine tasks

       Mistakes – decisions subsequently found to be wrong, though the maker believed them to be correct at the time

       Violations – deliberate deviations from rules for safe operation of equipment

      Mistakes occur where a worker is doing too many or complex tasks at the same time or is under time pressure: for example, misjudging the time and space needed to complete an overtaking maneuvre.

      Violations, though deliberate, usually stem from a desire to perform work satisfactorily given particular constraints and expectations.

      Factors that are most closely tied to the failure and can be described as active failures or actions committed by the operator that result in human error. We have identified these active failures or actions as Errors and Violations.

      1 Errors: Errors are factors in a mishap when mental or physical activities of the operator fail to achieve their intended outcome as a result of skill‐based, perceptual, or judgment and decision‐making errors, leading to an unsafe situation. Errors are unintended. We classified Errors into two types:Skill‐based Errors: When people are performing familiar work under normal conditions, they know by heart what to do. They react almost automatically to the situation and do not really have to think about what to do next. For instance, when a skilled automobile driver is proceeding along a road, little conscious effort is required to stay in the lane and control the car. The driver is able to perform other tasks such as adjusting the radio or engaging in conversation without sacrificing control. Errors committed at this level of performance are called slips or lapses.System based: are a more complex type of human error where we do the wrong thing believing it to be right. The failure involves our mental processes which control how we plan, assess information, make intentions and judge consequences. These errors are judgment and decision‐making errors. Misperception of an object, threat or situation (such as visual, auditory, proprioceptive, or vestibular illusions, cognitive or attention failures).

      1 Violations: Violations are any deliberate deviations from rules, procedures, instructions, and regulations. The breaching or violating of rules or maintenance procedures is a significant cause of many failures. Removing the guard on dangerous machinery or driving too fast will clearly increase the risk. Our knowledge of why people break rules can help us to assess the potential risks from violations and to develop control strategies to manage these risks effectively.

Schematic illustration of contributing factors to human error.

      Figure 4.1 Contributing factors to human error.

      Latent Failures

      Latent failures are normally present in the system well before an failure occur and are most likely bred by decision‐makers, regulators, and other people far removed in time and space from the event. These are the managerial influences and social pressures that make up the culture (“the way we do things around here”), influence the design of equipment or system, and define supervisory inadequacies. They tend to be hidden until triggered by an event. Latent failures may occur when several latent conditions combine in an unforeseen way. Efforts should be directed at discovering and solving these latent failures rather than by localizing efforts to minimize active failures by the technician. Also, there are organizational influences such as communications, actions, omissions, or policies of upper‐level management directly or indirectly affect supervisory practices, conditions, or actions of the operator(s) and result in system failure or human error.

      A distinction between active failures and latent conditions rests on two differences. The first difference is the time taken to have an adverse impact. Active failures usually have immediate and relatively short‐lived effects. Latent conditions can lie dormant, doing no particular harm, until they interact with local circumstances to defeat the systems’ defenses. The second difference is the location within the organization of the human instigators. Active failures are committed by those at the human–system interface, the front‐line activities. Latent conditions, on the other hand, are spawned in the upper echelons of the organization and within related manufacturing, contracting, regulatory, and governmental agencies that are not directly interfacing with the system failures

      The consequences of these latent conditions permeate throughout the organization to local workplaces – control rooms, work areas, maintenance facilities etc. – These local workplace factors include undue time pressure, inadequate tools and equipment, poor human–machine interfaces, insufficient training,


Скачать книгу