Home: Our Expertise › Managing Risk › Health & Safety Management › Mischief, Mishap or Mayhem?

Mischief, Mishap or Mayhem?

Was a poor safety culture responsible for the Nerpa Russian Submarine Disaster?

* This article was prepared for 'Nuclear Futures' in November 2008

 

Over the past decade there have been numerous organisational disasters that have caught the attention of the public, no more so than the recent disaster involving the Russian Submarine Nerpa in which 20 people died as result of a Freon gas release. This raises the question: are such incidents the result of freak mishaps and individual mischief or does safety culture offer an explanation as to why these incidents occur. If so, can we prevent them in the future?

 

 

At this time the events surrounding the cause of Nerpa disaster are still unknown, but news reports state that a possible cause was due to an individual crew member activating a fire alarm that led to the release of Freon gas. The apportioning of blame to a specific individual echoes the way in which many such disasters were in the past labelled as the result of operator error or behaviour. Research from the Health and Safety Executive in the UK suggests that over 95 per cent of incidents involve human behaviour, so such claims may not be entirely incorrect. However, what has to be realised is that human risk taking behaviour does not occur in isolation of the working environment, but can often be the result of its influence. The environmental influence to which this alludes is better known as 'Organisational Safety Culture'.

 

 

The 'Organisational Safety Culture' is the underlying beliefs and values that underpin decision making and safe working practices within an organisation. Failings in Safety Culture have been identified in many major organisational disasters such as, Chernobyl. A safety culture can be likened to the 'safety personality type' of an organisation in that it has a major characteristic or 'mind set' that provides an overall impression about the organisation. There are numerous ways in which these typical 'mind sets' have been described, but one of the best known descriptions by Parker and Hudson in their safety culture maturity model. Safety culture to them is likened to the development stages of a child, in that an organisation matures its safety culture over time reaching a development stage or 'mind set' that makes the organisation more impervious to incidents. According to Parker and Hudson there are five such development stages, these being:

 

 

1. Pathological - which is where the organisation perceives safety as something which hinders performance and therefore is only given consideration when a regulator becomes involved
2. Reactive - safety is only important once something has happened
3. Calculative - safety is managed on the basis of risk with procedures and documented procedures to control risks and the use of incident statistics to measure the reduction of loss e.g. Lost Time Incident Frequency Rate
4. Proactive - safety is managed through the involvement of the workforce and makes use of proactive measures of safety, not just lagging indicators of safety performance i.e. incident data
5. Generative - safety is a value that has been internalised by everyone, the defining element of this type of culture is that despite there being next to zero incidents the organisation possesses a chronic unease about safety that drives continuous improvement

 

 

Typically, most organisations in the modern world will achieve a calculative level of Safety Culture that drives safety through the use of systems developed and backed by the use of risk assessment. Unfortunately, it is the reliance on these systems in the absence of proactive measures of safety and workforce involvement that leads to complacency - what is termed the 'Safety Culture Paradox'. This phenomenon exists when organisations feel that they have achieved control over safety and relax. This results in an unrealised erosion in safety until the organisation experiences a serious incident, a phenomenon called the 'Safety Wave'. This is when an organisation has a period of low incident levels, which results in the 'lessons learned' from previous incidents being forgotten and culminates in a serious incident(s) that shocks the organisation into action. This cycle occurs until the next serious incident happens again.

 

 

We might question whether the 'Safety Wave' was the reason for the Nerpa disaster. In 2000 the Russian submarine Kursk was lost when a torpedo exploded on board the vessel. Four years later another vessel had two ballistic missiles become stuck in their silos and a year after that a submarine became entangled in nets and cables leaving it stranded on the floor of the Pacific Ocean.

 

 

These incidents were a possible indicator of another disaster yet to come. However, we must not be too critical of the Russian Navy as there are similar examples from industry across the board which indicate that, by no means whatsoever, the 'Safety Wave' phenomenon is unique to one type of organisation. This therefore poses the question: what do we need to learn from such events? To understand this we need to look at how organisational accidents occur.

 

 

Often incidents are conceived as being the result of a series of toppling dominoes with one simple event leading to the next. Unfortunately, incidents are not that simple as they are often the result of both 'Latent Conditions' that can reside in an organisation for decades and 'Active Failures' that trigger the event in the present. It is this complex nature that often results in investigations focusing on the here and now, which prevent the true 'root causes' of the incident from being identified. Ultimately these failures increase the likelihood that the same incident will recur in the future in a different way, something that Toft and Reynolds call'isomorphic' incidents (the same incident, but different). The weaker an organisation's safety culture, i.e. the less mature the safety culture, the more likely it is that an organisation will fail to learn or predict the recurrence of incidents. The challenge that faces organisations with well developed safety management systems (calculative organisations) is that they will often feel that they have done all they can to control the risks and fall into organisational complacency (safety culture paradox) and therefore attribute incidents to the individuals failing to follow the procedures or instruction. In other words, organisations through complacency will often reject the idea that the incident was in some way systemically induced and instead blame the failure on an individual. This psychologically is known as the 'attribution bias'.

 

 

The attribution bias is something which influences all of us and is the tendency to place blame on individuals without taking the environment into account. This may result in the blame being biased towards the individual rather than the situation that may have driven the events of an incident. This brings us back to the Nerpa and reports of an individual crew member activating the Fire Alarm. Is it the case that the crew member recklessly activated the alarm or is this the assumption of the results of a biased investigation? The problem facing any such investigation is that once a theory has been created by an investigator, they will predominantly look for evidence to support their theory and often dismiss evidence that would contradict it. The result of which is that organisation fails to learn and is destined to have a repeat event in the future.

 

 

Could this mean that lessons learned from other incidents involving Russian Submarines may have prevented the Nerpa incident? The key to avoiding such biases is to be aware of how 'Latent Conditions' and 'Active Failures' occur and how to avoid them occurring again in the future, or run the risk of creating a blame culture which drives knee jerk responses that will often focus on the individual and fail to correct the underlying causes of the incident.

 

 

Failures in an organisation do not just happen they are created. The problem with the creation of 'Latent Conditions', which include senior decision making, line management deficiencies and precursors of unsafe acts (working patterns, performance targets, equipment etc), is that fundamentally they are based on decisions in the past that at the time were made for very legitimate reasons. For example, one of the key factors in the Space Shuttle Challenger Disaster was the design of the Solid Fuel Booster Rocket. In order to reduce costs, a decision was made to construct the booster rocket from two separate parts. This required the use of an 'O' ring in assembly and this played a key role in the disaster. The 'O' ring failed to seal during launch due toexcessively cold temperatures. The decision to construct the booster rocket in this way was done for logical reasons; however it was the decision to launch in cold conditions (despite appeals from their own engineering team) that led this latent condition to by-pass safety management systems, resulting in the loss of the Space Shuttle Challenger. The real question is why a decision to launch would be made in the face of evidence to suggest that it was unsafe to do so? The answer is painfully simple, it is not that they underestimated the risk, but simply that they never thought it would happen.

 

 

The reason for this is that often decisions are made before the options (risks) are fully considered. The problem here is that bias and decision-making traps can occur. There are many biases that can influence decision-making in the face of uncertainty, driven by the fact that we strive for certainty, but I will only focus on a few.

 

 

The first thing that can influence a decision is how the issue is framed - whether it is presented in terms of 'losses' or 'gains'. When decisions are framed in terms of gains we tend to be risk averse, but when framed in terms of avoiding losses then we tend to become risk seeking. This may well have been the case when the fateful decision to launch the Space Shuttle Challenger was taken i.e. that they were trying to avoid the loss of the mission.

 

 

Another significant issue is that once a decision has been made we become confident in that decision. This leads to a greater commitment to this decision ignoring contradictions that may prove the decision to be wrong. Similarly, group decision making can fall into the trap of 'groupthink' whereby one person makes the decision and others simply follow. This serves to increase confidence in the decision that has been made and in support of this the group will often reject information that suggests that decision is wrong. There may be striking parallels between the Challenger Disaster and the spate of Russian submarine incidents that followed the Kursk disaster. That is, did the Russian government fail to learn the errors of the Kursk disaster because they were so confident in their original decisions? We must accept that decision making is fallible and can result in situations that drive 'Active Failures' and the incidents that follow them.

 

 

These 'Active Failures' are usually typified as individual risk taking behaviours and can be broken into two major groupings. The first are active failures that are driven from human error. These can be the result of training and competence leading to knowledgebased mistakes. They can occur through operators unknowingly applying routine solutions to non-routine problems, termed rule based mistakes, or simply through lapses of attention and slips of memory leading to critical parts of a process being skipped. Secondly, active failures can stem from violations or rule breaking.

 

 

In contrast to errors, violations are deliberate breaches of rules. On the face of it many people could be forgiven for thinking that violations should always be dealt with by disciplinary action and in some cases this may be true, but violations can occur with the best intent. For example in many cases 'optimising violations' can occur when a person takes a short cut because they think this will get the job done and help the company achieved its target, in the case of 'situational violations' a person cannot follow the procedure because it does not reflect the task or because in following the procedure it would put other at the risk of harm (correct violations vs mis-compliance). In addition, 'individual violations' can occur because the working environment reinforces them, e.g. taking a procedural short cut means hitting target and increasing bonuses. This leaves the 'reckless violation' or 'malicious violation' in which the individual does not care about the harm they may cause or intends the harm that they cause, and for which disciplinary action is without doubt a proper course of action.

 

 

These 'Active Failures' may seem unmanageable, but we must consider that, they have a cause that stems from latent conditions. If these 'Active Failures' have a cause and are understood, it is possible to predict and therefore control the risks, which means that we can reduce the likelihood of future incidents. The challenge that is faced in the present economic climate is that organisations will be tempted to frame decisions as loss avoidance, which increases risk taking. Perhaps these are the same pressures which influenced the risk based decisions of the Russian Navy. Such organisations may look to design on the basis of cost as opposed to usability, and therefore reduce training, which will impact negatively on skills and knowledge, increasing the likelihood of mistakes being made. Additionally, as rationalisation occurs to cope with economic pressures, safety can be affected through the loss of skills and by encouraging the remaining workforce to do more with less. As a result violations will tend to rise as individuals take short cuts to deliver on performance targets that seek to reduce costs, increase profit or meet payment milestones that in the wrong situation can lead events on par with the explosion that destroyed the oil platform, Piper Alpha.

 

 

So what can be done to maintain an organisations safety culture?

1. Be aware - it is important to assess your safety culture and identify how people perceive the state and values of safety in the business
2. Be accountable and responsible - accountability and responsibility is far more than legal issue, it is about visible management commitment or more simply getting the right leadership behaviours to reflect the values of the organisation
3. Be proactive - do not just rely on lagging indicators such as incident data, look to use leading indicators. Behaviour is often the symptom of systemic problems so look to use behavioural measures of performance and error profiling techniques.
4. Be engaged - one to the strongest factors linked to a positive safety culture is workforce engagement as this enhances commitment and reduces the need to enforce rules as people want to behave safely to protect themselves and other, not just because rule say they have to
5. Be willing to listen - safety communication is not just about poster and slogans it is a two way process that can help identify problems through 'soft signals'
6. Be objective - look at incidents, near misses, safety reports and analyse these objectively, remember to watch out for the attribution bias. Behavioural root cause analysis can be a useful tool
7. Be just - remember safety culture is based on trust which requires fair treatment, developing 'Just Culture' is not just about doing the right thing, it is also about being seen to do the right thing

 

 

In summary the events on the Russian Submarines Nerpa in 2008 and Kursk in 2000 may seem a million miles away from the Nuclear Industry, however it may be that the safety culture of the Russian Navy could be at the heart of these incidents and account for the spate of near misses that have attracted less media attention. The point is that these same features can occur in any organisation. Organisations have to be aware that the lack of a good safety culture can give rise to latent conditions and active failures (risk taking behaviours) that can result in the loss of life, reputation and trust. Organisations need to work on objectively looking at themselves, and be willing to learn so they can improve.

 

 

If not, then in this present economic climate it becomes possible that an organisation's safety culture could seriously deteriorate. If this starts to occur then in the near future will we, as we did at the time of Chernobyl, still be able to claim that events of Chernobyl would never occur in the UK because of a superior safety culture?