Do not be naive
21 June 2013 • Ype Wijnia and John de Croon
risk management, policy development, manage changes
Some people are a little naive. The title could also be 'do not be stupid'. Or 'do not be naive and stupid’. You probably think why? We'll explain after the next paragraph.
A few weeks ago, a terrible accident occurred in the Netherlands. At the Albert Heijn supermarket in Tilburg, a 77-year-old woman from the same city was badly injured on Sunday, June 2nd (ironically, the supermarket is located on the Jan Heijn street). At the loading and unloading area of the supermarket a heavy gate fell on her. The woman just walked past when that gate fell over. The woman was taken to hospital and she unfortunately deceased. The strange thing is that it was known that the gate was not functioning properly. On news sections on TV it was clearly visible that a note hung on the gate with the text ‘Take care when the opening and closing of the gate. If you open the gate too far, then the gate comes off the rails. Please be careful.’
Without knowing all the facts of the situation in Tilburg, it is clear that are at least two things went wrong. The first is of course that the gate fell down. If you'll look in detail here is probably in itself a combination of circumstances, such as the (too far) opening of the gate and technical defects. The technical defect in all probability is not isolated (design fault, wear, lack of maintenance and so on). There are several methods to visualize this, such as the tripod, fault tree, event tree or bowtie method. The modern vision of this type of analysis is that you should not stop at the direct cause of the accident. Also to the underlying causes, latent errors and ultimately the management decisions and the corporate culture that caused them has influence on the decision that it was apparently 'OK' to include certain risks.
The note on the gate in Tilburg shows one was aware of the technical defect. Now it depends a bit on the nature of the defect on what you should be doing. For serious defects you would immediately proceed to repair it, in which the asset is not used until it is repaired. But for smaller defects you can possibly take operational measures which delay the repair time. If this new operating regime is not too bothersome, you can even choose to apply it permanently. Then the asset is not performing according what was originally intended, but what remains is still sufficient. Thus, it is in fact a functional re-design of the asset. This is apparently what happened in Tilburg. Instead of a technical protection against falling of the gate has been chosen for an operational safety measure not to open the gate too far.
This brings us to the second thing that went wrong. There was namely a person at the place where the gate came down. Everyone who works at heights knows you should secure objects because if they fall, they become dangerous projectiles for the people on the ground. And if you can not, then you must ensure that no people have access to where such projectiles can come down. This applies also for cranes that move heavy loads, which may also fall and so you should not move over people. The entire chain is displayed in the diagram below (a bow tie-like diagram[1]).
From left to right it can be seen that causes of unwanted events are considered. In the case of the gate this can example be equal to a wearing component. The preventive maintenance activities can be a (re)design and operational measures.
When the preventive measures do not work, the unwanted event occurs. Right in the figure we see the consequences of the unwanted event. These consequences can be avoided by mitigation measures (reduction).
What in fact happened is that a functional redesign of the gate is made, but the original risk level is not restored. The spokeswoman for Albert Heijn suggested 'that of course nobody knew the situation was so dangerous’[2]. It is also the question of who she means with nobody. Is this about the employees of the supermarket who operate the gate, or was even the designer or supplier of the gate consulted? In other words, did a competent and capable person look at the new situation, or were it just layman?
This situation is exactly the reason why we in asset management always insist on a formalized process for managing changes. A builder or user of an asset is not always aware of all the controls built into an asset and can not always judge whether a change is acceptable. For this you will have to return to the program designer or even the risk manager.
Just to be clear: any asset in which energy is stored is a potential danger. Whether that energy now comes from the fluid (gas, gasoline, electricity, etc.), movement (rotating machines, conveyor belts, moving objects) or position (height), if the energy is large enough you can die. Modern safety insights require at least two barriers to brake before real danger occurs. Technical barriers are considered to be stronger than operational barriers. So if for some reason a technical barrier is removed, it can be solved operationally, but it requires a double operational safety. Please do not be so naive to think that a technical defect can be solved with just one additional procedure. Or better yet, consult a specialist who can really assess the risk.
[1] In the figure you can see why this is called a bow tie
John de Croon and Ype Wijnia are partner at AssetResolutions BV, a company they co-founded. Periodically they give their vision on an aspect of asset management in a column. The columns are published on the website of AssetResolutions, http://www.assetresolutions.nl/en/column
<< back to overview
|
