System Improvement Should Be the Objective of Investigations

 by Ira J. Rimson and Ludwig Benner, Jr.

“All the successes of engineering as far back in history as the pyramids and as far into the future as the wildest conceptions of mile-high skyscrapers may be imagined to have begun with a wish to achieve something without failure, where ‘without failure’ to the engineer means not only to stand without falling down but also to endure with what might be called ‘structural soundness.’”2

In a 1996 paper3 , we urged system safety practitioners to view operational system mishaps and their subsequent investigations as opportunities to evaluate the validity of their predictive analyses. Since then, we have observed that the utility of many investigation reports for assessing predictive analyses is compromised by systems managers’ vagueness in specifying desired investigation outputs. By looking for “fault” and “blame” rather than for how to improve system performance, investigators mire themselves in myriad events that didn’t happen rather than the one set of events that did. Only the events that did happen can confirm your predictions or tell you what needs to be changed, both within the system and within your a priori analysis.

"By looking for 'fault' and 'blame' rather than for how to improve system performance, investigators mire themselves in myriad events that didn't happen..."

Predictive analyses are designed to estimate the probabilities of as many alternative scenarios as imagination can generate.4 Some of those scenarios will happen, some can but probably won’t, and some cannot happen at all. Predictive analyses predict what might happen. They don’t explain what did happen. Once a mishap occurs, the probability of those specific interactions and outcome happening is P=1.0. The probability of any other confluence of events producing that specific outcome is P=0. Statistically derived probabilities aggregated from prior occurrence data are meaningless once something happens. Furthermore, each false lead (P=0) of the probabilistic methodology must be explored to determine that it didn’t occur — which brings us to a major deficiency of most mishap investigations: The Dreaded “Did Not.”



1 “Problems cannot be solved by thinking within the framework in which the problems were created.” — Albert Einstein.
2 Henry Petroski, To Engineer is Human. New York, Vintage Books, p. 53, 1992.
3 Subsequently published in Hazard Prevention, vol. 33, No. 1, pp. 10-13, First Quarter 1997.
4 Rimson, I.J., “Why Accident Investigations Don’t Prevent Accidents.” Presented at the Texas A&M University Center for Process Safety, 2003.