The Tactical Safety Network

Concepts in Safety Management and Accident Causation

Risk Management

Accidents and Safety Management

An accident is an unplanned event that causes harm to people or damage to property. Safety programs and safety managers exist for one primary reason; the prevention of accidents. The goal of any safety program is to provide tools and resources to reduce the risk of occupational injuries, illnesses, and property loss. To develop these programs and implement countermeasures that can prevent accidents, the cause of an accident must be determined.

Risk Management

Traditional industrial type operations are conducted in a stable and predictable operational environment. Because the operational environment is more predictable, accident causation analysis is more direct and controls can easily implemented through a compliance based model. In dynamic operations, there can be a significantly greater number of variables and complexities to consider. Traditional compliance based programs tend to be less effective across the full spectrum of operations. In many cases, relevant controls specific to an operation must be developed and implemented during the planning phase of the operation. To deal with this additional complexity many organizations have implemented policies that require the use of some form of operational risk management.

Risk management in its various incarnations has been around for a long time. Originally, risk management was primarily used by engineers and by insurance companies. Engineers traditionally use risk management as a decision making tool during the development and sustainment of engineered systems. Insurance companies have used risk management to calculate insurable risks. Their processes determine the cost to insure based on risk of an accident.

More recently, a variety of industries and institutions have looked to risk management as a method to prevent accidents. Arguably, the Service Components of the Department of Defense have implemented operational risk management as an accident prevention tool more than any other industry or institution. An examination of why they have so enthusiastically embraced risk management is in order.

Military organizations, like general industry, quickly adopted compliance based programs and institutionalized their programs based on the standard guidelines. These programs contributed to dramatic reductions in accidents from the late 1970s through the 1980s. This steady decline in accidents lasted until the beginning of the 1990s. By the time Desert Storm kicked off, military organizations had achieved all that could be milked from standard compliance based safety programs. Clearly, the military needed a plan to continue downward trends.

The Service Components aggressively began an analysis into the reasons for the loss of effectiveness of compliance based programs. They soon realized that many of their processes did conform to the operational paradigm that the individual compliance initiatives were originally designed upon. Most compliance requirements originated from industrial operations. These operations take place in a predictable and controlled environment where the “at risk” population is clearly identified. On the contrary, most military operations are not conducted in a controlled industrial environment. Military operations typically focus on situationally dynamic operations and tasks. In the mid to late 1990s they began to look at a process that was designed to adapt to the dynamics of any operational situation. The process came to be known as Composite Risk Management (also known in the US Army as Composite Risk Management).

Since that time, other agencies and institutions have adapted similar programs. These agencies and institutions all have one thing in common; they conduct less predictable operations in uncontrolled environments. Additionally, the “at risk” population may not be clearly established for many operations and tasks. Common to these types of organizations are dynamic tasks that vary regularly based on weather, political and ethnic demographics, availability of skilled personnel to complete the task, and availability of tools and resources to ideally control all aspects and outcomes. In addition to the military Service Components, agencies such as Homeland Security, FEMA, law enforcement, and fire fighters all conduct dynamic operations that benefit from operational risk management.

Operational risk management is now employed by all military service components and by many other agencies. The U.S. Army’s implementation of operational risk management is known as Composite Risk Management. Appendix B provides an overview of the Composite Risk Management process as defined in FM 5-19, Composite Risk Management.

Accidents in a Risk Managed Environment

An operation that has an excepted residual risk usually contains precursor elements that could result in some form of failure outcome if not properly managed. The National Academy of Engineering workshop defines Accident Precursors as any event or group of events that must occur for an accident to occur under a given scenario. A precursor is an event that precedes and indicates the approach of another. In the context of risk management, a precursor is an event or situation that, if it had included (or not included) some other small set of behaviors or conditions, some form of failure outcome such as an accident would have occurred. The “other set of behaviors or conditions” are known as exacerbating factors. The purpose of risk management is to attempt to manage these exacerbating factors and prevent them from resulting in an accident. In his report Root Cause Analysis of Precursors, Dr. William Cochran discusses root cause analysis that includes the consideration of precursors. In this report he states:

In a perfect world precursors would be identified and analyzed so corrective actions could be taken to prevent the downstream failure outcomes? In some cases this does not occur. Several high profile accidents occurred with clearly identified precursors. The space shuttle Challenger explosion clearly shows this to be the case. It was commonly known that every shuttle launch included O-ring blow-by. In fact, it can be said that every launch of the space shuttle was a precursor to the Challenger explosion, in that if the pre-launch ambient temperature had been sufficiently low the O-rings would have failed and the vehicle would have been lost.

There is also a near miss relationship to the accident or failure outcome. Initial studies showed for each disabling injury, there were 29 minor injuries and 300 close calls/no injury. Recent studies indicate for each serious result there are 59 minor and 600 near misses. A near miss is a special case precursor. There seems to be some agreement that near misses should be investigated commensurate to the potential loss. When the necessary exacerbating factors are highly likely the precursor is often called “a near miss”.

For example, running a red light in a busy intersection without a collision. The exacerbating factor would have been a crossing vehicle in the intersection. Similarly, one would expect a precursor to be called a near miss if the mitigating factors were unlikely or not robust enough to deal with potential exacerbating factors. For example a high energy power line break that resulted in no injuries because the workers happened to be at lunch when it happened.

What Causes A Precursor To Become An Accident?

Dr. Cochran went on to discuss several formulas that clearly define the relationship between precursors and accidents. When an accident does not occur in a risk managed operation, then an exacerbating factor was missing, a mitigating factor was effective, or both. Conversely, when an accident occurs in a risk managed operation then an exacerbating factor was missing, a mitigating factor was effective, or both. The following equations define this relationship:

Equation 1: Accident = Precursor + Exacerbating Factor(s)

Equation 1

Equation 2: Accident = Precursor – Mitigating Factor(s)

Equation 2

Equation 3: Accident = Precursor + Exacerbating Factor(s) – Mitigating Factor(s)

Equation 3

It is not uncommon for an accident investigation to overlook precursors and the factors that lead to the accident. If an accident is not effectively investigated with appropriate corrective action put in place, then the causes of it may continue to exist. If the causes continue to exist another similar event may occur.

Equation 4a: Accident(N+1) = Accident(N) + Nothing + Time

Equation 4a

Equation 4b: Worse Accident(N+1) = Accident(N) + Nothing + Time + Exacerbating Factor(s)

Equation 4b

In general, we think of a near miss as a precursor whose ingredients differ in only minor ways from those necessary for an accident to occur. The “near miss” concept suggests the following:

Equation 5: Accident = Near Miss ± Not Much

Equation 5

The importance of these formulas cannot be overstated. In a risk managed environment, precursors are the mix of DOTLMPF resources used to execute the mission. Exacerbating factors are unmitigated hazards and mitigating factors are controls. Ideally, the DOTLMPF resources are managed to find the right balance ensure success without taking unnecessary risks. Mitigating factors are put in place using risk management principles to protect against exacerbating factors. Usually this approach works. Unfortunately, when one of the conditions described above is in place an accident may occur.

For risk management to be effective and to make a positive impact on safety there needs to be a mechanism in place that provides feedback for improvement of the process. Feedback is used to help ensure the proper mix of DOTLMPF resources and use of proper mitigating factors. Without feedback, every time a mission is executed is like the first time. Knowledge gained from previous operations is not put to use.