Add to collection(s) Add to saved
  1. Business
  2. Management

Leadership Paper rev 1.2

advertisement 
ABSTRACT for the OECD Workshop of Sharing Experience in the
Training of Engineers in Risk Management:
SAFETY LEADERSHIP:
WHAT IT SHOULD MEAN TO ENGINEERS:
Author:
 Family/surname:
 First/given names:
 Country
 Affiliation

Address


E.mail
Phone
Dalzell
Graham Alexander
United Kingdom
Hazards Forum (representing the UK
engineering institutions)
(TBS)3 Limited, Major Hazard Consultants
Hill of Minnes, Udny, Ellon
Aberdeenshire
AB41 6RE
Scotland.
GDalzell@tbscubed.plus.com
(44)1651843600
Summary
Leadership and accountability are acknowledged as the first and most important
elements of any safety, health and environmental management system. In a well-run
company such as Dupont, it is demonstrated to an exemplary standard in the
workplace, for example, through joint factory HSE tours by both managers and the
workforce. They examine not only established routines and their adherence, but
question novel situations and seek ways to further improve the status quo. They focus
upon those activities and behaviours that could lead directly to harm. The reduction of
occupational risk through the introduction of this personal safety culture has been
dramatic and is envied by every other responsible employer. Should such a culture
also exist in the engineering community, where individual or group actions, through
design, maintenance or integrity management have a less immediate result, with
deficiencies possibly lying unrevealed for 20 years? If so, what form should this
engineering leadership take, and is there a need for a radical change in individual
engineering attitudes? Has engineering safety become a retrospective assurance
activity and divorced from the daily engineering process? The paper argues that every
engineer should have the following questioning attitude imprinted from day one
which asks; “What is dangerous, why is it dangerous, is there a safer way, what do I
have to do to make it safe and what knowledge do I have to pass on to the user for
safe operation?” Does the engineering profession possibly need an Hippocratic oath?
Acknowledgement
This paper draws upon an earlier paper, Safer Design – An Attitude, presented at
Hazards XV; an I. Chem E conference held in Manchester in 2000 (1). The author
gratefully acknowledges the permission of the I. Chem E to reproduce extracts from
that paper and the contribution of his co-author Peter Willing in its preparation.
INTRODUCTION
A few years ago, a poster appeared in oil company offices and offshore installations.
It said:
Safety is an Attitude
Safety is not something you can take or leave. Safety is not an activity in which a
person participates only when being watched or supervised.
Safety is not posters, slogans or rules; nor is it movies, meetings,
investigations or inspections.
Safety is an attitude, a frame of mind. It is the awareness of one’s actions and how
they relate to different surroundings and situations, all day, every day.
Safety is knowing what is going on; knowing what can cause injury or cause damage.
It is knowing how to prevent such injury and then acting accordingly. To do this does
not require genius or rank. All it requires is intelligence and understanding, coupled
with the ability to use one’s natural senses.
To ignore safety does not indicate bravery; only foolishness. To do things safely and
correctly is the mark of a wise man, not a timid one.
It was aimed at the people who can make an immediate difference; the plant
operators, supervisors and managers. The message is clear; safety is not just
compliance with rules but an underlying desire in everyone to identify hazards and to
make them safe. Is the creation of a similar attitude amongst engineers the key to
realising the full potential of inherent safety in design and ensuring that residual
hazards in operation are effectively managed?
LEADERSHIP AND EXPECTATIONS
Most major organisations have an HSE management system with between 10 and 16
elements each with specific expectations. In almost all cases, the first element is
leadership and accountability. We get what we ask for; from our staff, design
contractors and our suppliers. If senior managers take a direct interest in safety and it
is obviously considered in every one of their activities and decisions, then everyone
who works with them will follow by example. As DuPont has so clearly
demonstrated(2), it works, and it is good business. But what about engineering?
Leadership by project managers can be as effective in delivering safer designs as it is
in ensuring safe operations. A clear statement of expectations relating to design
safety, a continuous interest in the hazards, and a demonstrable commitment to
reducing risks, by allocating time and resources, will set an example which will
spread through the entire design and supply process. But how often is there real
leadership in engineering safety and, if it is addressed, is it related to preventing
accidents in the office rather than the safety of the product? On a well-run offshore
installation, new starts routinely meet the platform manager when they arrive in order
to hear the expectations for safe operation from the top. How often does that occur in
design offices? If the project manager asks about the hazards and seeks to find safer
solutions, then everyone else will too.
It should not just be the responsibility of design managers to engender this active
culture of risk reduction. As professional engineers, this should be part of our work
ethic and it should be instilled into us on the first day of our studies and continuously
reinforced throughout university and the remainder of our working lives. It should be
an absolute expectation for Institution Membership. Arguably this is in place with the
lecture series such as Safety in Design (3) produced by the Hazards Forum in the UK
and in the Guidelines on Risk Issues provided by the Engineering Council (4).
Unfortunately neither of these documents appears to be widely read or taught. There
is a danger that safety will still be a discrete activity; the risk module. We may learn
the processes such as Failure Modes and Effects Analysis (FMEA), Hazard and
Operability Studies (HAZOP) and Quantified Risk Assessment (QRA) but they do not
create the attitude. Again this comes down to leadership; in this case from the
professors, lecturers, tutors and particularly from industry.
It’s all very well asking for leadership but we also need to give a framework for those
discussions. What should these professors, lecturers and managers discuss? Here are a
few core topics. They are not intended to be “a lecture”, rather the basis for
discussions throughout the whole or our working lives from the day we enter college
to the day we retire. These will need to be augmented and refined but it’s a first
offering.
WHY DO ACCIDENTS HAPPEN?
Engineers are one step removed from the consequences of accidents. They are often
not directly implicated and the accident may occur 20 years after the plant was
designed. They may not be to blame but their actions might have prevented it; if only
they had designed it differently….
Students and young engineers should be confronted with the possible consequences of
their actions. If there is a major accident, life at the university or the office should
pause, initially to remember the dead, and then, as more information becomes
available, to ask why. Students should be taken to the memorials, such as that for the
167 lost on Piper Alpha. Survivors should be invited to talk to the university. This can
be deeply moving and can shape every engineer’s thinking for the rest of their lives.
At the very least, inquiry reports should be held in the libraries. Every lecturer should
have a good understanding of at least one accident relevant to their subject and be
able to talk about it without reference to any text. All courses should include the
detailed study of at least one major accident. This will put students in the mood to ask
why?
Classical accident investigation asks why, up to seven times. When it is first posed,
the answer comes back – because someone made a mistake. As we probe more
deeply, we get to the root causes of the accident. Hopkins, in his examination of the
Longford explosion in Australia (5), progressively goes higher up within an
organisation and further into society itself. At progressively higher levels the answers
to the question “why” become more complex, relating to resourcing, commitment,
regulatory expectations and finally to societal pressures. However, at every level there
is an underlying theme – ignorance of dangers, hazards and risks. Some of the most
common expressions in post accident interviews are; I didn’t know that was
important, I didn’t think that was dangerous or I didn’t think it would be like that.
If the majority of the engineers who were designing Piper Alpha (6) in 1975 were to
have been asked about the explosion effects of the condensate release in the
compression module, the severity of the smoke and external flaming from the
separator fire or the possibility of oil cascading down three levels to the gas pipelines,
there would have been blank stares or at best, a guess. This is not a particular
condemnation of that design team, rather that this lack of understanding was endemic
in the industry at that time. It was not perceived as a necessary input to the design
process. In the light of this and other disasters, the world is moving towards a hazard
and risk based culture. Surely it is now intolerable for any engineer to proceed with a
design or to supervise the operation of a plant in ignorance of the hazards. If they
cannot answer the questions what is dangerous and why is it dangerous, then they are
behaving irresponsibly and straying outside a reasonable code of conduct. So are the
managers who allow this culture of ignorance to flourish. The words “I didn’t think, I
didn’t know or I didn’t understand” uttered by any chartered engineer following a
major accident should now be sufficient to have them struck off for malpractice or
even prosecuted.
Once the understanding of the hazards is established, then the engineer’s
responsibilities become much more explicit.
In design, it is fourfold;
 to develop that understanding of the hazards to a level sufficient to allow them
to be managed effectively
 to search for a safer solution
 to put measures in place to deal with the causes and possibly the effects
 to pass on to the future users that hazard understanding and their obligations
for safe operation
In operation, it is fivefold:
 to communicate and maintain awareness of the hazards to all who may
operate, maintain or be affected by the plant for its working life
 to operate the plant to its design intent and within its design limits
 to maintain the plant, structural integrity, and the performance of the critical
systems to prevent and control the hazards
 to supervise and approve any activity which may endanger the plant or the
people working on it
 to re-examine the hazards if the plant is modified and to update any integrity
management requirements, operating procedures and safety system provisions
Once this culture of hazard understanding is established, then engineers can progress
from unthinking compliance with rules (prescriptive codes and standards), to hazard
management, and eventually to creating a fundamentally safer world. This evolution
can be expressed:
I do, therefore I comply
I understand, therefore we are safe
I think, therefore we are all safer
TALKING SAFETY
We talk about safety ad infinitum. We try to measure it to the nth degree. Industry
takes immense pride in the drops in lost time (LTI) figures to the extent that their
performance and that of other measurable safety indicators is paramount. It has almost
reached the stage where bad news cannot be tolerated. Society demands the answer
Yes to the increasingly asked question Is it safe? Again Hopkins in his study of
Longford (5), describes a “good news” culture in which problems were progressively
diluted as the messages rose up though the company until at the highest level, the
impression was given that everything was rosy.
As a parallel, there seems to be a fear of talking explicitly about hazards and dangers.
Risk assessments such as Process Hazard Analyses (PHAs) or HAZOPs deliver a set
of recommendations. Once addressed, there is “closure”. It is as though the hazards
and their associated risks have gone away – the plant is safe because the
recommendations in the risk assessment have been addressed. Nothing in life is
totally safe. If everything was, we would make and do nothing. We must inspire a
culture in which we openly acknowledge that plants are still hazardous despite our
best efforts to reduce risk. Thereafter, we are in a much better position to openly
discuss the risks and decide how to manage those risks and to put a complete and
appropriate set of measures in place to prevent or control the hazards. The open
acknowledgement of hazards leads to a widespread awareness of the dangers and this
is, in itself, one of the greatest risk reducers at our disposal.
I know why it is dangerous so now we make it safe
This does raise a serious problem; the vast majority of society has an irrational view
of risk and hazards, exacerbated by sensationalism of the media almost to the point of
paranoia. A company that rigorously documents and highlights its hazards and makes
them publicly available (as is often required by legislation) exposes itself to undue
public and regulatory pressure. In today’s litigious society there is also the fear that it
is the perfect prosecution evidence. However, the lack of this information greatly
increases the chance of an accident and litigation. Perhaps society still needs a
“demonstration of safety” as the public document and operators need a book of
hazards as an internal one. Engineers certainly need to help society to understand
and take a more balanced view of risk. Perhaps there is an opportunity, together with
the medical profession to open the debate amongst the wider academic and student
community within the universities? After all, this community should provide our
future intelligentsia.
PROACTIVITY
Implicit in this culture of demonstrating safety or “proving it’s safe” is reactivity.
Safety studies are often performed on a completed design when the opportunity to
design out the hazards has been lost. The words “review” and “assessment” infer the
need for retrospective approval rather than being a core input into design. The
underlying components of risk; cause, severity, consequence and the potential for
escalation need to be identified while the design is still fluid. They must become
essential design inputs. They should be used to help get the design right, rather than
highlight the flaws. Likelihood is a function of how well causes are understood and
managed. Consequences depend on the matching of control and mitigation measures
to the hazard effects. The numeric quantification of risk, if required, may only be
calculable on a completed design but there needs to be an early picture of the general
spread of risk and of the uncertainties so that sufficient effort can be focussed on the
key drivers during design. More details of a structured approach to proactively
reducing risk is given in a second paper for the OECD workshop (7).
SAFETY IS EVERY ENGINEER’S BUSINESS
It is too easy to pigeonhole safety into a discipline, a set of specific processes, project
deliverables or a series of lectures. One head of engineering in a large company
reacted angrily to the suggestion that they should have a safety engineering
department; quote: “Why? Every engineer should be a safety engineer.” There is a
place for specialist safety engineering skills; in helping to understand major hazards,
developing the picture of risks and assisting in the major decisions such as the
selection of the processing method. However, it is often the detail that causes the
accident, as was so clearly demonstrated in the study of the collapse of the walkway
onto the Ramsgate ferry (8). Every engineer has a part to play in reducing risks, from
the design of the detail around a stress concentration to the choice of technology for a
nuclear reactor. Often it is only a very small proportion of a design team that actively
participates in the “safety process” or worse still, it is a specialised activity
subcontracted to a discrete team working behind closed doors. If this is the case, there
is no hazard ownership and only a fraction of the potential for risk reduction is
realised. Imagine the thousands of subtle improvements that could be realised if the
entire project team, from draughtsmen up to the project manager ask the questions
outlined above; What is dangerous and is there a safer way? This will result in better
routing of piping, the optimum placement of instruments to avoid damage, straighter
escape routes, better access for maintenance, fewer hazardous interventions - the list
will be endless. Neither academia nor industry should fall into the specialist trap. The
regulator has a part to play here too. If they call for highly complex submissions and
enter into ethereal debates about risk statistics, they will necessitate specialised
departments and inadvertently cause the divorcing of safety from day to day
engineering.
TEAMWORK
Increasingly, engineers specialise at an early age. They seem to know more about
their particular subject and but less about broader engineering principles and other
disciplines than the old greybeards. They have become less aware of the impact of
their work on others and visa versa. Any process plant needs structural engineers to
hold it up, mechanical engineers to keep the fluids contained in piping and vessels,
chemical engineers to design the process and instrument engineers to control it. An
error from any one of them can result in a disaster, but effective hazard management
can only be assured if they work together as a team. They must be made to share their
knowledge of hazards, and the critical nature of aspects or their work, with their
colleagues.
Hazard identification, analysis and management should be a team activity in which
every engineer participates. This should start at university. It may be appropriate to
educate all of the engineering disciplines in the basic principles of safety as a common
topic and to reinforce the awareness of their interdependence through common hazard
identification and analysis exercises.
A VISION OF SAFETY AND A QUESTION OF BALANCE
Once engineers have been inspired to behave responsibly and are committed to reduce
risk, their enthusiasm must be given focus and direction; or rather they need to be
taught how to concentrate on what is really important. In another slightly tongue-incheek paper (9), this author suggested that many of the efforts to reduce risk were
misplaced, even to the point where the addition of some systems to control and
mitigate risk could actually increase it. Enthusiasm for safety is often reflected in the
provision of bigger and better systems to protect against the effects of the latest
disaster. Regulators can perpetuate this protection culture by requiring operators to
prove that they don’t need the latest technology from well meaning vendors. A safe
plant is one that is easier to operate, is fail safe and doesn’t collapse or leak, not one
that is so poorly designed and run that it needs a plethora of protection and evacuation
systems.
Similarly, risk analysis can over concentrate on particular aspects of selected hazards
simply because they are in the forefront of peoples minds following a disaster or
because research has made sophisticated analysis tools available. The current focus on
explosions in the North Sea is a case in point.
Engineers need to be taught to balance their efforts, between hazards of differing risk,
between the analysis of causes, and the consequences, between prevention and cure,
and between the dependence upon people or plant. They must learn to stand back and
look at the whole picture rather than immediately pursuing what they perceive to be
the predominant hazards and the most critical safety systems. Regulators should also
encourage a balanced approach by requiring holistic hazard management with clearly
defined preferences for prevention. BP has attempted to put together an integrated
process in its Inherently Safer Design Guidelines (10). At the time of writing, this
document was not in the public domain but it to be hoped that it will be openly
published as it will be of value to the whole engineering profession.
WHAT IS GOOD ENOUGH?
What makes an engineer ask the question: “Is it good enough?” For major decisions,
such as the choice of a concept or overall risk levels, the question may be asked
formally as part of a regulatory process or internal company requirements. However,
engineers make critical decisions most days in their working lives. It may be the
choice of material, type of pump or thickness of a vessel. This question is the final
step in the process of hazard management and must become an integral part of their
approach to safety.
For the strategic decisions, there are formal risk based decision making tools such as
the use of quantitative risk assessment (QRA) to determine reasonable practicability
(ALARP), or even more sophisticated methods such as the Risk Based Decision
Making Framework published by the United Kingdom Offshore Operators
Association (11). These are far too onerous for the multitude of everyday design
decisions. If engineers understand the constituents of risk; cause and consequence,
and can apply logic to the decision, then they should come up with the right answer
using their own judgement combined with a clear set of values. However, engineering
judgement in ignorance of these constituents of risk is called guesswork. Back to “I
didn’t know, I didn’t think and I didn’t understand.”
As part of their basic training all engineers need to formally stop and ask “Have I
done enough to understand the hazards and have I done sufficient to reduce their
risks.” This should go through their minds every time they make critical decisions,
even if they might not appear to be safety related. Everything is.
HOW DO WE ALL MAKE IT HAPPEN?
This is not about teaching engineers how to carry out a safety study. It is inspiring
them to care for everyone who may be at risk from their work, about giving them the
questioning mind which seeks to identify and understand the hazards. It is about
making them care enough to challenge designs or shut down process plants. This does
not need a lecture course, it needs leadership from every single person who teaches
them at university and supervises them at work. In turn, they must provide that
leadership to their successors and everyone who works for them directly or indirectly
through service or supply. Specifically, it needs the following:
 Real leadership needs to be shown by every senior engineer, whether in
academia, industry or government by openly discussing an engineer’s
responsibility for safety and by being able to demonstrate knowledge and
commitment through a personal understanding of risk and hazard.
 There must be openness in discussing hazards and risks. The whole
engineering profession must lead a change in social attitudes away from
insisting on absolute safety towards recognising that risks are an integral part
of life. It is the acknowledgement and understanding of hazards that keeps
everyone safe. The regulators have a key role in this process through guiding
and implementing the wishes of society
 There should be a moral imperative upon engineers to take all reasonable steps
to identify and understand the hazards associated with their work, and to use
that knowledge to minimise risks and manage hazards effectively
 The engineering profession should consider the need for the equivalent of an
Hippocratic Oath or a common international code of ethics for engineers
which commits them to the principles described above. This should be much
more explicit than some of the vague words and non mandatory guidelines
currently in use. The profession should be prepared to act against any engineer
who contravenes these principles where this results in an accident which could
harm people or the environment.
Returning to that poster; here is an equivalent offering for engineers.
Engineering Safety is an Attitude
Engineering Safety is not something you can take or leave. It is not a separate
specialised task, nor is it restricted to the checking or reviewing of activities or
designs.
Engineering Safety is not only codes and standards, compliance, studies or formal
risk assessment.
Engineering Safety is not someone else’s responsibility.
Engineering Safety is an attitude, a frame of mind. It is the awareness of one’s
decisions and how they relate to different surroundings and situations on the plant for
every day of its life.
Engineering Safety is knowing what could go on; knowing what could cause injury or
damage. It is knowing why accidents happen and changing the designs or operating
plants accordingly. To do this does not require genius or rank. All it requires is
intelligence and understanding, coupled with the ability to use ones common sense.
To ignore safety in engineering is to pass by on the other side. Finding a safer way is
a mark of a creative and caring person, not a selfish one.
REFERENCES
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
Safer Design – An Attitude; Dalzell G.A., Willing P.R., Hazards XV, I.
Chem E ; April 2000; Manchester
Du Pont Safety Management System and STOP programmes
Safety in Design, an Engineers Responsibility for Safety published by the
Hazards Forum
Guidelines on Risk Issues; The Engineering Council, February 1993.
Lessons from Longford; Andrew Hopkins; Australian National University,
published by CCH Australia Limited
The Public Inquiry into the Piper Alpha Disaster; Cullen W.D.; Ford G.M.;
Lees F.; Appleton B.; HMSO Publications; November 1990.
Risk Assessment or Hazard Management; Dalzell G.A.; OECD Workshop
on the Training of Engineers in Risk; October 2003
Port Ramsgate Walkway Collapse Disaster; Crossland B.; Joel S.; Norton,
G; Underwood J.; 71st Thomas Lowe Gray Memorial Lecture, Institution
of Mechanical Engineers; January 1999
Nothing is Safety Critical; Dalzell G.A.; Chesterman A.; Hazards XIII; I.
Chem. E; Manchester; April 1997.
Inherently Safer Design Guidelines; BP internal document
Risk Based Decision Making Framework published by UKOOA, 3 Hans
Crescent London
Related documents
Defining and classifying hazards.
Defining and classifying hazards.
Special (or Unique) Flood
Special (or Unique) Flood
Site-specific hazard assessment and control (template)
Site-specific hazard assessment and control (template)
SUPERVISOR`S RESPONSIBILITIES
SUPERVISOR`S RESPONSIBILITIES
Enterprise Part 2 - Harris Academy Purley
Enterprise Part 2 - Harris Academy Purley
Identify Potential Hazards in the Neighborhood and Community
Identify Potential Hazards in the Neighborhood and Community
form for documenting hazards, risks and risk control measures
form for documenting hazards, risks and risk control measures
Risk Assessment & Management
Risk Assessment & Management
How do I do an event risk assessment
How do I do an event risk assessment
Download
advertisement