Category Archives: Risk Assessment

How Risk Assessment Fails—Again. This time at DuPont.

Posted by on September 27, 2011 Comments Off
Casualty Evacuated by EMS
This entry is part 7 of 7 in the series Risk Assessment

A recent report released by the US Chemical Safety Board (CSB) looks at a series of acci­dents that occurred over a 33-​​hour period on January 22 and 23, 2010 at the DuPont Corporation’s Belle, West Virginia, chem­i­cal man­u­fac­tur­ing plant.

A num­ber of sig­nif­i­cant fail­ures occurred, but I want to focus on one pas­sage from the press release that is telling, par­tic­u­larly con­sid­er­ing that DuPont is seen as a class leader when it comes to worker safety. I would encour­age you to read the entire release. You can also have a look at the inves­ti­ga­tion details on the CSB site. CSB also pro­duced a video dis­cussing the investigation.

From the press release:

Internal DuPont doc­u­ments released with the CSB report indi­cate that in the 1980’s, com­pany offi­cials con­sid­ered increas­ing the safety of the area of the plant where phos­gene is han­dled by enclos­ing the area and vent­ing the enclo­sure through  a scrub­ber sys­tem to destroy any toxic phos­gene gas before it entered the atmos­phere. The analy­sis con­cluded that an enclo­sure was the safest option for both work­ers and the pub­lic.  However, the doc­u­ments indi­cate the com­pany was con­cerned with con­tain­ing costs and decided not to make the safety improve­ments. A DuPont employee  wrote in 1988,  “It may be that in the present cir­cum­stances the busi­ness can afford $2 mil­lion for an enclo­sure; how­ever, in the long run can we afford to take such action which has such a small impact on safety and yet sets a prece­dent for all highly toxic mate­r­ial activities.[sic]”

The need for an enclo­sure was reit­er­ated in a 2004 process haz­ard analy­sis con­ducted by DuPont, but four exten­sions were granted by DuPont man­age­ment between 2004 and 2009, and at the time of the January 2010 release, no safety enclo­sure or scrub­ber sys­tem had been con­structed. CSB inves­ti­ga­tors con­cluded that an enclo­sure, scrub­ber sys­tem, and rou­tine require­ment for pro­tec­tive breath­ing equip­ment before per­son­nel entered the enclo­sure would have pre­vented any per­son­nel expo­sures or injuries.”

The high­lighted pas­sage above shows one of the key fail­ure modes in risk assess­ment: fail­ure to act on the results. So what’s the point of con­duct­ing risk assess­ments if they are going to be ignored? In a pre­sen­ta­tion in 2010, a col­league of mine made this statement:

The risk assess­ment process is intended to be used as a deci­sion mak­ing tool that will help to pro­tect work­ers.” — Tom Doyle, 2010

This is a fun­da­men­tal truth. The risk assess­ment paper­work can­not pro­tect a worker from a haz­ard, only action based on the report can do that.

When deci­sion mak­ers receive the results from a risk assess­ment process and choose to ignore it, or as the press release stated, “…exten­sions were granted by DuPont man­age­ment…”, man­age­ment is mak­ing a fun­da­men­tally flawed deci­sion. The risk assess­ment process inten­tion­ally exposes the haz­ards in the scope of the analy­sis, and explic­itly ana­lyzes the prob­a­ble sever­ity of injury and occur­rence. Once the analy­sis is com­plete, choos­ing to ignore the results, pre­sum­ing that there is no evi­dence that the results are incor­rect, amounts to neg­li­gence in my opinion.

Does this mean that we should not con­duct risk assess­ments? Absolutely not! In the Western world, we are oblig­ated to pro­tect the safety of work­ers, includ­ing our col­leagues and employ­ees, as well as any­one else that may inten­tion­ally or unin­ten­tion­ally be exposed to the haz­ards cre­ated by our activ­i­ties. We are morally and eth­i­cally, as well as legally, obligated.

Used cor­rectly, risk assess­ment in any of its many forms pro­vides a pow­er­ful tool to pro­tect peo­ple. Like any other pow­er­ful tool, it also takes sig­nif­i­cant courage and skill to use cor­rectly. Defaulting to the cost argu­ment alone, as it appears that DuPont did in this case, results in the type of fatal fail­ures seen in this tragic series of events.

Special thanks to my col­league Bryan Hayward, the Safety Engineering Network Group on LinkedIn, and SafTEng​.net.

What is your expe­ri­ence with imple­ment­ing risk assess­ment? Have you expe­ri­enced this kind of result in your work? Share your expe­ri­ences by com­ment­ing on this post!

Copyright secured by Digiprove © 2011
Acknowledgements: US Chemical Safety Board for excerpts more…
Some Rights Reserved

What did TEPCO know about Fukushima before 11-​​Mar-​​11?

Posted by on September 22, 2011 2 comments
Fukushima Dai Ichi Nuclear plant before the meltdown
This entry is part 6 of 7 in the series Risk Assessment

I recently had a col­league point out an inter­est­ing paper pub­lished in the “Bulletin of the Atomic Scientists” about the level of knowl­edge that existed between the start of con­struc­tion of the Fukushima Daiichi nuclear plant and the dev­as­tat­ing tsunami of 11-​​Mar-​​11. If you are inter­ested in know­ing more, I highly rec­om­mend this paper. The full text is avail­able for free. There is a pretty good dis­cus­sion on this arti­cle on slash­dot as well if you are interested.

Fukushima: The myth of safety, the real­ity of geoscience

My first arti­cle in this series dealt with the dis­as­ter at Fukushima as a fail­ure of risk assess­ment, but clearly it is more than that. This is a pol­icy, reg­u­la­tory and polit­i­cal fail­ure, and risk assess­ment is only one part of the dis­cus­sion. Going back to my orig­i­nal premise, the arti­cle pub­lished in the Bulletin points out that there was sound sci­en­tific data avail­able to sup­port a risk assess­ment had it been used. The prob­lem of course was that the data, and repeated warn­ings from geo­sci­en­tists, were ignored in favour of the busi­ness goals that TEPCO and the Japanese gov­ern­ment had.

I am not anti-​​nuclear. I believe that nuclear power is nec­es­sary to allow us wean our­selves off of coal and petro­chem­i­cal fueled gen­er­a­tion and to pro­vide us with the time needed to get other renew­able sources of energy on-​​stream. I am also of the opin­ion that the fourth gen­er­a­tion reac­tor designs that are avail­able now should be built. These reac­tors are capa­ble of using the highly radioac­tive ‘waste’ from the third gen­er­a­tion reac­tors and reduc­ing it to a byprod­uct with a short half-​​life and rel­a­tively low radioac­tiv­ity. These designs pro­vide the capa­bil­ity to stretch our nuclear fuel sup­plies by as much as 1000 x accord­ing to some authors, and to elim­i­nate poten­tial stock­piles of weapons-​​grade mate­r­ial. These ben­e­fits alone should be enough to get them built.

Whether nuclear power will remain a part of our future past the end of my life­time I can­not pre­dict. I do know that energy will always be needed as long as humans walk this planet. Safe, renew­able sources must be devel­oped to allow us to build a sus­tain­able future.

Hockey Teams and Risk Reduction or What Makes Roberto Luongo = PPE

Posted by on June 21, 2011 5 comments
Canucks Hockey Flag
This entry is part 1 of 3 in the series Hierarchy of Controls

Special Co-​​Author, Tom Doyle  (tjdotdoyleatindus­tri­al­safe­ty­in­te­gra­tiondotcom)  

Last week we saw the Boston Bruins earn the Stanley Cup. I was root­ing for the green, blue and white, and the ruin of my voice on Thursday was ample evi­dence that no amount of cheer­ing helped. While I was watch­ing the game with friends and col­leagues, I real­ized that Roberto Luongo and Tim Thomas were their respec­tive team’s PPE*. Sound odd? Let me explain.

Risk Assessment and the Hierarchy of Controls

Equipment design­ers need to under­stand  OHS* risk. The only proven method for under­stand­ing risk is risk assess­ment. Once that is done, the next play in the game is the reduc­tion of risks by elim­i­nat­ing haz­ards wher­ever pos­si­ble and con­trol­ling those that remain.

Control comes in a cou­ple of flavours:

  • Hazard mod­i­fi­ca­tion to reduce the sever­ity of injury, or
  • prob­a­bil­ity mod­i­fi­ca­tion to reduce the prob­a­bil­ity of a worker com­ing together with the haz­ard.

These ideas have been for­mal­ized in the Hierarchy of Controls. Briefly, the Hierarchy starts with haz­ard elim­i­na­tion or sub­sti­tu­tion, and flows down through engi­neer­ing con­trols, infor­ma­tion for use, admin­is­tra­tive con­trols and finally PPE. As you move down through the Hierarchy, the effec­tive­ness and the reli­a­bil­ity of the mea­sures declines.

It’s impor­tant to rec­og­nize that we haven’t done a risk assess­ment in writ­ing this post. This step was skipped for the pur­pose of this example—to apply the hier­ar­chy cor­rectly, you MUST start with a risk assess­ment!

So how does this relate to Hockey?

Hockey and the Hierarchy of Controls

Hazard Identification and Exposure to Risk

If we con­sider the goal as the worker — the thing we don’t want “injured”, the puck is the haz­ard, and the act of scor­ing a goal as the act of injur­ing a per­son, then the rest quickly becomes clear.

Level 1: Hazard Elimination

By def­i­n­i­tion, if we elim­i­nate the puck, we no longer have a game. We just have a bunch of big guys skat­ing around in cool jer­seys with sticks, maybe hav­ing a fight or two, because they’re bored or just don’t know what else to do. Since we want to have a game, either to play or to watch, we have to allow the risk of injury to exist. We could call this the “intrin­sic risk”, as it is the risk that exists before we add any controls.

Level 2: Hazard Substitution

The Center and the Wingers (col­lec­tively the “Forwards” or the “Offensive Line”), act as haz­ard “sub­sti­tu­tion”. We’ve already estab­lished that elim­i­na­tion of the haz­ard results in the loss of the intended function—no puck, no game. The for­wards only let the other team have the puck on rare occa­sion, if they’re play­ing well. This is a great idea, but still a lit­tle too opti­mistic after all. Both teams are try­ing to get the puck in the oppos­ing net and both teams have qual­i­fied to play the final game. If they fail to keep the puck beyond the other team’s blue line, or at least beyond the cen­ter line, then the next layer of pro­tec­tion kicks in, with the Defensive Line.

Level 3: Engineering Controls

As the puck moves down the ice, the Defensive Line engages the approach­ing puck, attempt­ing to block access to the area closer to the goal. They act as a mov­able bar­rier between the net and the puck.  They will do what­ever is nec­es­sary to keep the haz­ard from com­ing in con­tact with the net. As engi­neer­ing con­trols, their coör­di­na­tion and posi­tion­ing are crit­i­cal in ensur­ing success.

The sys­tem will fail if the con­trols have poor:

  • posi­tion­ing,
  • choice of mate­ri­als (players),
  • tim­ing, etc.

These risk con­trols fail reg­u­larly, so are less desir­able than hav­ing the Forward Line han­dle Risk Control.

Level 4: Information for Use and Awareness Means

In a hockey game, the infor­ma­tion for use is the rule book. This infor­ma­tion tells play­ers, coaches, and offi­cials how the game is to be played, and what the intended use of the game should be. Activities like spear­ing, trip­ping, and blind-​​side checks are not permitted.

The aware­ness means are pro­vided by the roar of the fans. As the puck heads for the home-team’s goal, the home fans will roar, let­ting the team know, if they don’t know already, that the goal is at risk from the puck. Hopefully the defen­sive line can react in time and get between the puck and the net.

Level 5: Administrative Controls

Information for use from the pre­vi­ous step is the basis for all the fol­low­ing con­trols. The team’s coaches, or “super­vi­sors”, use this infor­ma­tion to give train­ing in the form of hockey prac­tice. The Forward Line and Defensive Line could be con­sid­ered the Suppliers and Users. They all need to know what to do to avoid haz­ardous sit­u­a­tions, and what to do when one arises, to reduce the num­ber of poten­tial failures.

A “Permit to Work” is given to the play­ers by the coach when they form the lines. The coach ensures that the right peo­ple are on the ice for each set of cir­cum­stances, decid­ing when line changes hap­pen as the game pro­gresses, adapt­ing the peo­ple per­mit­ted to work to the spe­cific con­di­tions on the ice.

Level 6: Personal Protective Equipment (PPE)

All of this brings me to Roberto Luongo and Tim Thomas. So how is a Goalie like PPE?

Goalies are the “last-​​ditch” pro­tec­tion. It’s clear that the first 5 lev­els of the hier­ar­chy don’t always work, since every type of con­trol, even haz­ard elim­i­na­tion, has fail­ure modes. To give a bit of backup, we should make sure that we add extra pro­tec­tion in the form of PPE.

The puck wasn’t elim­i­nated, since hav­ing a hockey game is the point, after all. The puck wasn’t kept dis­tant by the Forward Line. The Defensive Line failed to main­tain safe dis­tance between the goal and the puck, and now all that is left is the goalie (or your pro­tec­tive eye­wear, boots, hard­hat, or what­ever). In the 2011 Stanley Cup Final game, Luongo equaled long pants and long sleeves, while Thomas equaled a suit of armour. The Bruin’s “PPE” afforded supe­rior pro­tec­tion in this case.

As any­one who has used pro­tec­tive eye­wear knows, par­ti­cles can get by your eye­wear. There are lots of fac­tors, includ­ing how well they fit, if you’re wear­ing them (prop­erly or at all!), etc. If the gear is fit­ted and used prop­erly by a per­son who under­stands WHY and HOW to use the equip­ment, then the PPE is more like Tim Thomas, and you may be able to “shut out” injury. Most of the time. Remember that even Tim Thomas misses stop­ping some shots on goal and the other guys can still score.

When your PPE doesn’t fit prop­erly, isn’t selected prop­erly, is worn out (or psy­ched out as the case may be), or isn’t used prop­erly, then it’s more like Roberto Luongo. Sometimes it works per­fectly, and life is good. Sometimes it fails com­pletely and you end up injured or worse.

Goalies are also like PPE because they are RIGHT THERE. Right before injury will occur. PPE is RIGHT THERE, pro­tect­ing you—5 mm from the sur­face of your eye, or in your ear, 2 mm from your ear drum. By this point the harm­ful energy is RIGHT THERE, ready to hurt you, and injury is immi­nent. A sim­ple mis­place­ment or bad fit con­di­tion and you’re blinded or deaf or… well you get the idea!

On Wednesday night, 15-​​Jun-​​2011, every­thing failed for the Vancouver Canucks. The team’s spirit was down, and they went into the game think­ing “We just don’t want to lose!” instead of Boston’s “We’re tak­ing that Cup home!”. Even the touted Home Ice Advantage wasn’t enough to psych out the Bruins, and in the end I think it turned on the Canucks as the fans real­ized that the game was lost. The warn­ings failed, the guards failed, and the PPE failed. Somebody got hurt, and unfor­tu­nately for Canadian fans, it was the Canucks. Luckily it wasn’t a fatal­ity! Even being #2 in the NHL is a long stretch bet­ter than fill­ing a cooler drawer in the morgue.

So the next time you’re set­ting up a job, an assem­bly line, a new machine, or a new work­place, check out your team and make sure that you’ve got the right play­ers on the ice. You only get one chance to get it right. Sure, you can change the lines and upgrade when you need to, but once some­one scores a goal, you have an injured per­son and big­ger prob­lems to deal with.

Special thanks to Tom Doyle for his con­tri­bu­tions to this post!

*Personal Protective EquipmentOccupational Health and Safety

All original content on these pages is fingerprinted and certified by Digiprove
Performance Optimization WordPress Plugins by W3 EDGE