Integrated Knowledge of Organisation Influence on Plant Safety. M. Abramovici, GRID, Ecole Normale Supérieure de Cachan, France
Introduction
The analysis of accidents such as TMI [1] or Challenger [2]
has shown that root causes can often be traced to the role of
organisation. However the organisation is not taken into account
as such in most Probabilistic Risk Assessments. One reason for
that situation can be found in the difficulty in defining
"organisation" clearly. There is no single model of the
organisation which can give a correct description of the reality
and in particular allow an exhaustive prediction of the
interactions between the technical system and the human and
organisational systems.
This problem is not particular to the study of organisational
reliability. The need for a better model is real in every attempt
to perform a priori assessment. To make up for gaps in knowledge,
Risk Analysis has developed complementary use of a posteriori and
a priori assessment [3]. Accident analysis, for instance, can
bring to light causal links between initiating events and the
malfunction observed. Such links are incorporable into a
Probabilistic Risk Analysis based on a systematic consideration
of possible sequences of events and their consequences. The
determinist nature of the relation examined allows the
integration of new information, learned from past experiences, in
PRA.
Such determinist relations cannot be observed when studying
organisation or human reliability. Hollnagel has shown that the
assumptions used in the "engineering solution" cannot
be applied to the field of human reliability analysis [4].
Shall we give up incorporating organisational factors into
risk analysis?
We will argue that there are alternatives for integrating
knowledge of organisational influence into Risk Analysis. We will
first analyze what model of organisation can support accident
assessment. Then we will review two methods of PRA which allow
incorporation of organisational knowledge from past experience.
I- ORGANISATION IN ACCIDENT ANALYSIS
We propose to call "organisational factors", every
factor taken into account in the accident analysis, that is
indirectly linked to the working of the technical system. This
definition allows us an easy distinction between human and
organisational factors.
The problem is then to understand why such factors are
incorporated into the incident's analysis whereas the mark of
malfunction is purely technical. Studying an example allows us to
build a model of organisation which supports a posteriori
assessment.
This model [ see figure ] links organisational and human
activity levels together. It precisely defines the role of
operators and their limits.
We call "means of intervention", the whole set of
possible human actions on the technical system. The set of
"means of intervention " is limited in theory, but can
be very great because each procedure is defined in relation to a
state of the technical system.
We call "principles of intervention", the whole set
of possible ways for the organisation to influence human actions.
These can be instructions given to the operators, but also
schedule constraints or inspection and maintenance procedures.
Such an analysis is consistent with the Taylorian model of
organisation, which separates conception and execution tasks
[5,6]. When the part taken by human activity in the system is
delimited by the organisation, a third level can exist. The
implicit postulate of our model is that there is an organisation
able to guarantee safe functioning. This creates the possibility
to understand why the second level (execution) fails by rising to
the organisational level. When studying an accident, the analyst
can understand a human error by pointing to the organisational
factors in failure. However, there is no determinism between the
second and the third level. The organisational factors can help
to understand the human error; they are not its direct cause. We
call such a link, "influence".
The question is then: How can such indirect influence be
integrated in a priori assessment?
II- ORGANISATION IN A PRIORI ASSESSMENT
We have chosen two models of PRA among others (see for
example [7,8,9]) which include human and organisational factors.
The model T.H.E.R.P
This model is known as the first Probabilistic method
allowing the incorporation of human factors assessment's. In
fact, T.H.E.R.P also present a model of organisation through the
"Performance Shaping Factors" (PSFs) which allow to
consider the factors affecting human performance [10]. Some of
these factors are internal and are linked to the human model
used. The external PSFs include the entire work environment
influence's, which we call "principles of
intervention". PSFs are incorporated in quantitative
analysis by varying the probabilities of human errors. When
studying the process of PSFs identification's, a model of
organisation emerges which is very close to our model. The
importance of the "administrative control" concept,
defined as "the degree to which the plant is run in
conformance to the guidelines by which it was designed to
run"[10] shows indeed the importance of prescription in the
logic used to quantify in T.H.E.R.P. The description of the PSFs
and their effects is based on knowledge from past experience,
i.e. studies when available or expert judgements.
Even if the method is not rigorous enough to allow good
results [4], it can be seen as based on complementary use of a
posteriori knowledge and a priori assessment.
The Model SAM
The Systems, Actions, and Management model (SAM) has been
proposed by Paté-Cornell (11, 12]. Starting from a PRA of the
physical system, it allows us to "identify systematically
the human decisions and actions that affect the PRA inputs, and
in turn, the organizational and management sources of these human
decisions and actions" [12]. Thus, three levels are
distinguished, which are similar to those we proposed above. This
bottom-up method makes integration of organisational influence
knowledge possible. In addition, the same model can be used to
understand causalities in the accident scenarios [13]. This model
improves the concept of influence and makes possible the
integration of such a link in QRA , through Bayesian results. It
also introduces techniques, such as influence diagrams, which
guarantee complementary between a posteriori and a priori
approaches. We will argue that this model is very attractive
despite the fact that it does not produce an exhaustive
description of organisation.
Conclusion
The theory of probability has been very fruitful in
supporting quantitative risk analysis. With the notion of
influence, it is possible to integrate knowledge of
organisational influence in QRA and enrich the notion of
causalities. However, systematic integration of organisational
factors in a posteriori assessment, and especially in incident
analysis will be required to further advance risk analysis in
complex system.
Bibliography