Can a risk assessment reliably predict if you will have an accident today?

Statistics is one of those areas which can look very impressive in mathematical circles.  In a nutshell,  given sufficient samples and assuming all the factors are considered,  past trends can be a reasonable indicator of future events.  However, as weather forecasters know all to well,  the field of statistics can only result in a probability.  It may be predicted that the chances of rain today are 80%.  But there is always a chance of 20% that it will not rain.  Reliance on probabilities to precisely forecast individual specific events is therefore  flawed because a probability is by definition based on an uncertain set of factors and the probability is only valid given sufficient samples.

In the natural world risk is a reality.  Throughout history, humans have endeavoured to mitigate against risks to their safety,  from avoiding sabre toothed lions to carefully depressurising a vessel before drilling into it for maintenance.  Those risks that cannot be adequately mitigated need to be avoided or simply accepted (i.e move far away from sabre toothed lions or don’t ever drill into a pressure vessel).

In hazardous industries , risk assessments are a fundamental part of the management of safety.  Risk assessments endeavour to identify those serious risks that demand attention.    A common approach used in industry to quantify risk is to consider the probability of an incident on a scale of 1 to 5,  and at the same time the consequences should the incident occur,  also on a scale of 1 to 5.  The product of the two numbers is the overall risk figure.  The risk can be plotted on a graph or so called “heat map” where the top right quadrant shows risks with a high probability and a serious consequence,  and the bottom left quadrant shows low probability and low consequence.

In general,  because with finite resources companies cannot concentrate on all risks they tend to look at the “top 10” or some other ranking.  These top 10 risks are typically found in the “hot” zone of the heat map (top right quadrant).

This approach is simple, practical and quite useful.  It is however flawed in three main respects:

(1) The probability of a risk occurring is based on judgement, is a statistical metric and is therefore imprecise in predicting specific future events.

(2) The risks with very low probabilities and very high consequences are sometimes not in the “Top 10”.  (For example a nuclear accident,  high consequences, low probability).

(3)  The risk can change over time for any number of reasons such as plant modifications, operational changes or new factors.  The time between the risk assessment and the actual work in hazardous environments can be the difference between an accident taking place or apparent “safe work”.

Leading indicators of safety are sometimes used to statistically predict the underlying probability of an incident.  Whether or not this is a reliable tool is a whole debate in its own right,  but companies often use these because they are practical and useful.  For example the number of accidents per manhour worked,  or the number of near misses etc are both leading indicators that can predict an increase in the underlying probability of an accident.  Furthermore, a near miss usually results in some actions taken to avoid the incident in future,  thereby over time reducing risk.  When these indicators increase, further action needs to be taken (so the theory says) to address those factors that are resulting in unsafe conditions.  Again this approach can be flawed if it not realised that leading indicators are also statistically derived and therefore imprecise.  Also, management are often totally unaware of what action is actually required to contain rising indicators,  especially if the causes are behavioural or cultural in nature.

Software systems that address safety holistically need to consider several factors.  They need to recognise the value of leading indicators and have a good incident and near miss management capability and handle behavioural based safety observations and measurements.  They need to recognise the importance of assessing safety related risks at multiple levels – in the engineering and design process (e.g. HAZOP outputs), as well as in the actual operations (e.g. permit to work).  They need to recognise the dynamic nature of operational environments and have good change management processes to measure the impact of modifications on operational risk.  Finally, they need to have the capability to relate patterns and links in the data to warn people of risks that are the combined result of multiple simultaneous factors.  For example,  maintenance work on equipment + recent modification to equipment + previous incidents related to equipment + standing work procedure in use = overall risk.   This overall risk is something for example that is not evident to people who inspect the work sites,  but is the result of advanced system analytics that can correlate data intelligently to derive new insights.   Few EHS systems achieve this level of vital insight  which is likely to be successfully developed only by those vendors who focus on operational safety systems.

Clearly the whole subject of risk in a safety context is vast and cannot be covered in a short article of this nature.  My only advice is to be extremely sceptical of inappropriate statistics and oversimplified risk management processes.  Be extremely thorough in approach and have multiple strategies to manage safety.  Finally seek systems that have a holistic view on safety and at the same time are practical and easy to use.  Once the system is in place, look to continuously improving the quality of risk information by adding modules such as incident management, permit to work, engineering change management and advanced analytics that generate new safety related insights.

What if your production meetings were productive?

 Daily throughout the world meetings are held quite often for the sake of meeting and nothing else. Agendas are often distributed ahead of time but few people prepare and even less participate, meaningfully during these sessions. Inevitably minutes are kept, actions are allocated but few are followed up and seldom are people held accountable.

With major changes in business especially around accountability e.g. King III, allocation of performance based indicators in all industries and departments from production to HR it is impossible for meetings to have all the required information to be meaningful and productive. A simple example would be the morning production meeting in a plant environment which covers production for the past 24 hours or week. An agenda should have been sent out before the time covering the following:-

 • Welcome

 • Outstanding issues from previous meeting

 • Production output

• Production logs

• Outstanding permits to work

 • Incidents

 • HR : attendance registers/leave/shifts etc

 • Close

Many of these would be printed in hard copy and taken into the meeting. Once circulated any changes would require a new copy and little input back from invitees can be included and re-distributed. On commencement of the meeting outstanding issues from previous meetings are discussed and steps taken usually all performed manually, production outputs are presented in a hardcopy form from whatever process control system that is available. Separate output KPI’s are then checked to see if and why there were variations and what the root cause of these was. Production logs are then examined to shed light on these variations usually from a log book with suspect hand writing and accuracy. Should there have been a negative variance and something similar had happened in the past which was resolved where would this information be? This would usually be an action for the plant manager or operator to follow up on. However if this information was online and available to the meeting a fix could immediately be implemented.

Being able to access all the different systems that support various parts of the organisation is virtually impossible and hard copies are made and distributed to all, or is it?

With modern technology, why can’t all the information from these system be readily available during the meeting?

This would ensure that all information is current and available, ensuring decisions can be taken using the correct information, as well as allocating various actions to individuals or teams with reminders being sent electronically which serves as a reminder after the meeting. The multitude of different systems e.g. permit to work, incident reporting, production etc. complicates running meetings effectively. Seldom if ever are outstanding issues prioritised and followed up. With an electronic meeting system these can be represented in the form of a dash board highlighting critical areas while none critical can be lower down the agenda. An incident raised on a particular system is often seen in isolation while the need for understanding the total process is critical for the organisation. E.g. an incident reported in the SHEQ department should have an impact on risk assessments, permits, process management etc. and this can be managed effectively using the electronic meeting system with the status of the progress shown within all these areas. 

 Much is discussed but little achieved, not because of lack of ability but due to information being resident in disparate systems and not available when required. Due to this shortfall, numerous issues cannot be resolved during the meetings and much is added onto the “to do” list or held over until the next meeting. This results in the next meeting spending time on unresolved issues from previous meetings and the cycle continues with little improvement.

In complex environments the need for an electronic meeting system cannot be underestimated in ensuring that production managers are in total control of the operations.

Delays in feedback on production and other related areas can no longer be tolerated as this affects the net worth of any organisation that is output driven and who strives for high levels of safety and staff satisfaction. Meetings need to be productive with priority issues dealt with first ensuring that the levels of production remain high and resources utilised effectively.

Another important aspect is that this concept is not limited to mining and production but can be extended to all industries who have complex environments and require meetings to manage daily operations eg. Hospitals, financial institutions, parastatals etc.

In short management are accountable and need to be effective in managing all the diverse areas of the organisation and should consider an electronic meeting system to help them meet this requirement by being productive .

The Cart before the Horse : Paper based Permit systems exposing Plant /Mine management to possible liability.

It has mystified me over the years the amount of money, effort and resources that are invested into getting  paper based permit to work systems working properly.  Yet many organisations still argue that they need to get their paper based systems working before they consider “upgrading” to a computer based permit system.  There is evidently a misunderstanding as to the benefits of such an electronic system over the paper system.  These can be summarised at a high level as follows:-

-          Accurate permits with minimal time to produce

-          Policies and procedures are built into the rules in the system and are improved according to experience on an on-going basis

-          Authority levels are always adhered to

-          Required PPE and isolations are accurately specified provided in accordance with the hazards

-         The flexibility to make audited and controlled changes “on the fly” should working conditions change

-          Constant training by the system reminds the permit issuer of what is required

-          Management of contractors including induction and competencies, thereby ensuring only accredited contractors can accept permits and hence perform the work.

The need to get a paper based system into operation as a prerequisite to an electronic system introduces unnecessary risk.  Paper systems seldom can reliably manage the permit lifecycle process due to human error, lack of training and hence adherence to policies and procedures.  The time to implement paper systems, because of the inherent limitations takes considerable longer than implementing an electronic version.    The auditability of these paper systems is usually costly with the poor results. Maybe people are conservative and are comfortable with this process and are resisting change.  Reasons to do it in this way could include the following:-

-          We have always done it this way so why do it differently?

-          We need to first get our policies and procedures  in place,   and then once instilled we will consider an electronic version.

-          We don’t believe electronic signatures are valid, and having passwords will increase the administration of the IT department?

-          Who would own the system if it is electronic?

-          Wouldn’t an electronic system be too complex and we don’t have a computer literate work force?

-          Surely by going electronic ahead of a stable paper based system is putting the cart ahead of the horse?

The answer to many of these concerns is based on perceptions about IT systems in general, especially around complexity and the inflexibility attributed to them.   Historically the implementation of these systems (usually business systems) has far exceeded the planned implementation times and costs.  The resultant complexity and inflexibility of these IT based systems has resulted in only highly skilled individuals managing and running them.

Few companies have fully documented policies and procedures around permit to work operations and in many cases even less is understood or adhered to by employees who are constantly under work pressures to solve operational issues while the permit system is quite often viewed as an unnecessary evil, and are completed in the shortest time with little thought going into the process.  Considering errors on a permit can result in injury or even worse fatalities. Can companies afford this type of behaviour?

In modern day operations little if anything is cast in stone so changes to paper based systems can only occur once all involved have been trained on the new requirements, while with an electronic system this change immediately becomes effective once the system has been updated.

If a person can read then an electronic system should be practical.  Detailed “wizards” can drive the process and incorporate everything that needs to be considered when issuing a permit.  These include the following:-

-          Competencies of permit issuers and contractors

-          Selection of the type of permit eg. Cold work, hot work etc, without having to find the correct book or template

-          Identification of inherent risks and any others that may be present

-          Linking of associated permits and key Locks

-          Selection of appropriate PPE

-          Adherence to applicable isolations

-          Control of the process from permit preparation to completion of the work and the permit being handed back and accepted (This final step seldom if ever happens with a paper based system)

In any organisation external and internal factors drive change and any system should be flexible enough to adapt and evolve with these changes.  In my view not having everything ready up front should NOT be an excuse for trying to perfect a paper based system, on the contrary it should be the reason for implementing a flexible electronic permit system.

The acceptance of technological innovations have been accepted in numerous countries and across multiple industries eg banks , public sector etc.  Not long ago the UK HSE has acknowledged the value of computer based permit to work systems in their latest safe work guidelines.

Manual signatories on a permit can require a PhD in writing analysis to see who the person is or was after an incident!  Seldom, if ever can you identify who the original contractor was that accepted a permit.  What recourse would any organisation have should a fatality occur and you cannot identify the individual from the scrawl on the permit?  Who would be held responsible?

Unfortunately for management,  in many cases the plant manager (In South Africa the Section 16.1 or 16.2 responsible person) are responsible and would be liable should any incident occur on the plant or mine.  Few are aware of the implications of the shortfalls of a paper based system, thinking that the SHEQ department have this under control. To be blunt there is little if any control with a paper based permit system.  I am not in any way saying there is no merit to a paper based system because it is definitely a step in right direction considering not having one at all.  In today’s business it is however “Old School” and may even be challenged as not having done everything “reasonably practical” to ensure safe work.

To conclude:

Can you risk the lives of your workers and contractors and personal potential liability by trying to perfect a paper based system?

Can you afford to spend time and financial resources on a system that is sub-standard and will be replaced in the future?

If you believe that a paper based system or perfecting it has major limitations then why don’t you put the “Cart in front of the Horse”?

Major organisations have seen the merit of an electronic permit to work system and have implemented these quick and effectively and adapt to changes in working conditions immediately.  They are constantly changing the way permits are being issued as well as the process.  Can you afford not to be running an electronic permit to work system?

New IntelliPERMIT workflow rules

The set of rules supported by IntelliPERMIT continues to grow.   These rules allow the system to react more intelligently to permit scenarios and to guide users through the permit process.

 

• Rule #33 states that a permit acceptor may not suspend more than one permit at a time.  This rule is useful in scenarios where isolations are being removed for testing or commissioning of equipment that has been worked on.  The rule should be enabled in order to control this process and ensure that the responsible person deals only with a single commissioning activity at a time.  
• Rule #34 is designed to limit access to particular operations to the person who initiated/applied for the permit. For instance, this is a useful control to ensure that only the original applicant can edit a permit (even prior to it being issued.) 
• Rule #35 governs which permit types may not include isolations – by definition some permit types require work on equipment that is live.
• Rule #36 may be used to ensure that a permit includes a safety lock and key safe number prior to the permit being issued.  This rule only applies to those sites that make use of key safes.
• Rule #37 ensures that if other permits are cross referenced to a “master” permit, the master may not be edited unless the cross references from the “slave” permits are first removed, or they are signed off.
• Rule #38 simply alerts users when signing permits if their competencies are due to expire.  This is particularly useful in the cases where users may not have received emails warning them of the impending expiration of their competencies. 

 

These rules have been published for general release with version 5.  (Hotfixes for version 4.3 SP4 are available on demand for some of these new rules)

 

A more general enhancement also included in version 5 is the opening up of the permit editing process to allow for additional rules to be added without making changes to the core software.

 

Enhancements to IntelliPERMIT workflow and rules

Version 5.0 of IntelliPERMIT includes a number of subtle enhancements to the underlying workflow and rules engine of the system. These enhanced capabilities will not disrupt the functioning of existing systems, nor require any re-configuration unless the site specifically requires the new functionality. While the technical details of these changes may seem slightly obscure, the intention behind them is to allow the system to more efficiently guide users through the permit process and allow them to produce permits that more accurately reflect the requirements of a task. Here are four examples:

1. Precautions and Preparation questions may be configured to appear in the Permit Wizard even if not linked to a specific hazard. This is useful in a scenario where a question must be asked on all permits across site but is not necessarily associated with a hazard. Unless a hazard is linked to this question, no rule is applied to the given answer. However, the user is forced to supply an answer.

2. Authorisation questions may now be linked to specific hazards. If a question is linked to a hazard, then it only appears if the permit includes that associated hazard. A practical example of where this may be used is in gas testing where a question should only be displayed and the answer validated if a gas hazard is included on the permit.

3. The workflow actions may be optionally configured to only appear for specific permit types or if the permit includes specified hazards. If no hazard or permit type is specified in the configuration, then the action will be visible for all permit types and for all hazards. Again, this is useful to more closely tailor the workflow to the requirements of the specific permit and ensure that users are only presented with relevant actions to perform.

4. Question rules now support the “NOT” operator. This allows a rule to be set that allows any answer except a specific response. For example, a question may have 3 options in a dropdown: Yes, No and N/A; and a rule set to “NOT No”. This means that both “Yes” and “N/A” will be valid responses to this question.

Bringing it all together

For some time now we have been working hard to provide our customers with a more integrated and customisable view of all aspects of Operations Suite. Historically we assessed our customers needs and then developed a fairly unique set of reports or view of their data, and then provided a “Portal” page, from which they can access certain aspect of the Suite. These developments were mostly around IntelliPERMIT. Many of our customers will be familiar with the “Smart Portal” screen, which was the original concept.

The ApplyIT Development Labs have subsequently been very busy in enhancing the concept, which should be available in the next major release on Operations Suite.

We have taken the industry experience over the past few years and from all our integration projects, and looking at what our customers are doing with our operations, safety, health & environment solutions, and have come up with something that will allow us to finally consolidate all aspects of Operations Suite, as well as providing insight into third party systems to provide you with the most pertinent information to facilitate good operational decisions in real time.

Data from all current modules in Operations Suite will be consolidated and displayed in various graphical forms and indicators. These could include trends, KPI indexes, common tasks and alerts etc.  This will provide production managers with highly relevant information and an overall view of your plant at any given time.  Unlike many best of breed systems, Operations Suite is unique in its in depth and comprehensive coverage of SHEQ and operations information, resulting in a comprehensive set of operations, safety, health, environmental performance indicators.  The concept is not another real time process control dashboard, it goes to the heart of the key production metrics which include process control, human interactions, people task based processes and engineering information.

Past experience has also taught us that a universal one size fits all “Snap Shot” also does not really cut it, so end user customisation is being taken into consideration during the current design phase.

As development progresses, we will be keeping you up to date with this specific development, and you can look forward to some very interesting and informative additions to Operations Suite.

Feature Focus : FlexiLOG Trending

Continuing on from the previous post in the “Feature Focus” series, I’ve decided to highlight another great feature within FlexiLOG that is not always used but can provide insight into the current data that is captured within the logs.

Trending, the way it has been implemented within FlexiLOG, allows you to create a template with a section that deals with manual numeric data entry. The data being captured will create a visual indicator as to whether the current value is higher, lower or the same as the previous value captured. Below is an example of this is action.

 

 

But we do not stop there. Showing an indicator from the previous values captured is all good and well, but would it be more useful to have a trend over time of the data captured?!?

By clicking on the actual indicator (coloured arrow), a chart is generated which will show the previous ten values captured. Below is an example of this in action.

 

 

Having all this additional information at hand, would definitely provide any user with context to make better decisions on running his plant or any other situation that they might find themselves in.

It should be noted that the “FlexiLOG Trending” is part of Operations Suite 5.0, which is currently undergoing final development, and will be available during 2010.

Feature Focus : FlexiLOG Extended Validation

Our “Feature Focus” series of blog entries will try and highlight those features that can make a big difference in the way you would interact with Operations Suite on a day to day basis. We will look at all aspects of Operations Suite, the first being the “Extended Validation” feature in FlexiLOG.

This feature provides additional validation functionality when manually entering data. The benefit is that the system knows what range of values to expect.  This is normally within a specified range or ranges. In real live production environments however, frequently the data being captured is out of range.  To not inhibit productivity the extended validation feature can be configured to either warn you, or to explicitly discard the suspect data.

So that in a nutshell is “Extended Validation”. So the question now is, how and what is the end result. The following images will illustrate the how. To enlarge the image, simply click on it.

The first thing you would have to do when setting up validation checks is to edit an existing template or create a new one. It should also be noted that the extended validation currently only works with “Numeric” values. These are usually captured within a “Question & Answer” section. Once you have identified or created a “Question & Answer” section, we can add a new question. As illustrated below, ensure that the “Answer Type” is “Textbox – Numeric”. The extended validation is set in the “Expected Answer” field.

The options available to you are “>”,”<”,”<=”,”>=” and the actual value. To create a range for instance, you would start with the lowest value in the range and then comma (,) separate the subsequent range highest value in the range. If you want to have a specific value, you should just type in that value. By ticking the “Enforce Validation” checkbox, you are telling the extended validation to NOT save the value if it does not adhere to the validation rules.

Now that we have configure a single question with some extended validation, let’s see what it does. Well, if the values does satisfy the validation rules, the answer will be saved and you would never be any wiser. It is when the answer does not meet the validation, that the user is presented with the following notification.

As you can see the user is notified that validation has not been met, but also tells you what the validation rules are. This makes this feature invaluable when capturing information where tight controls have to be in please to ensure optimum efficiency within the affected areas. Checklists and questionnaires are also greatly enhanced by this feature, ensuring that there are no unexpected variances when providing statistical reports based on data captured.

It should be noted that the “Extended Validation” is part of Operations Suite 5.0, which is currently undergoing final development, and will be available during 2010.