safety & risk solutions Tailoring Safer Systems Das Magazin von safety & risk solutions The magazine of safety & risk solutions

Asides

  • How our mental picture can endanger us

    How our mental picture can endanger us

    For nearly 20 years I have served as a volunteer firefighter. Over those two decades I have experienced a great deal of meaningful work in countless operations, but also recurring moments that weighed on me. In parallel with firefighting service, I built my entire professional career up to today. I worked intensively on topics like safety, human factors, organizational culture and structure, resilience, and so on, and turned these topics into my profession. Over the years my view of people and organizations has continuously changed and developed, including in connection with the institution of the fire service. I want to share part of those reflections in this article.

    It has struck me repeatedly that automatic alarms connected to fire detection systems (FDS) get labelled as “false alarms”. Firefighters amble casually into the fire station; it’s “just an FDS alarm”. While changing in the station, a colleague says “this is just a false alarm anyway”; the drive to the scene isn’t urgent because it’s “just an FDS alarm”. The examples are many.

    In this article I want to look at the topics of mental picture, situational awareness, and confirmation bias, using FDS alarms as the example. I will show the danger of a false mental picture and present some first approaches to addressing it.

    Some statistics to start with

    How large is the share of automatic alarms from fire detection systems? To answer this, I did a short analysis of the operations data publicly available on the website of the Dübendorf – Wangen-Brüttisellen fire service. All operations are recorded there and publicly accessible. I analyzed the years 2018-2020. Of 649 operations, 130 were FDS alarms – about 20%, with the annual percentages ranging between 16% and 23%. These figures did not match my own sense of it, so I also evaluated “my” alarms over the same period. Of 159 alarm calls I received, 57 were FDS alarms, which is 36%. Either way, the numbers show that FDS alarms make up a dominant part of firefighting work.

    It can also be said that these are usually operations where the all-clear can be given quickly. On the one hand, they are often technical malfunctions of the detection system; on the other hand, the systems fulfil their purpose and raise an alarm early, typically about small events – burnt toast in the staff room, an overheated water boiler, a small fire in an electrical distribution cabinet, and so on. However, we also keep encountering FDS alarms behind which events lie that can become genuinely dangerous for us firefighters.

    Our mental picture and our situational awareness

    But why all the fuss about a small thing? Because it is a dangerous small thing, the kind that can lead to accidents – in the worst case with fatal consequences. In countless accident investigation reports from all kinds of fields you can read that the cause lay in a missing or insufficient situational awareness (“lack of situational awareness”). That means indicators of the impending accident were essentially there, but the actors didn’t discover them or didn’t perceive them as such. Unfortunately, this is where most investigations end, without asking the really relevant question: why?

    How we approach an operation shapes our situational awareness during it. On the drive to the scene we “paint” our mental picture of the operation ahead. Once that mental picture is painted, we consciously and unconsciously look for cues that confirm it. So if we go into the operation with the mental picture “false alarm”, we unconsciously look for signs that confirm a false alarm. More importantly: we unconsciously filter out signs that don’t match our mental picture. This confirmation bias is something we can hardly escape. If thick black smoke is already coming out of a building, that’s less of a problem, because we perceive the obvious danger immediately. But in a fire operation, many dangers are not obvious. They hide behind doors, or they are gases that can’t be seen or smelled. If we unconsciously filter these signs out, we may put ourselves in mortal danger with a false situational awareness.

    The role of the organization

    The mental picture a person takes into a firefighting operation isn’t determined solely by that person. We are all shaped by the organization, or rather by the organizational culture – how we as a collective deal with such situations. This handling shows itself in existing processes, in the language used in communication (internal and external), in the leadership behaviour of supervisors, in the behaviour of colleagues, and so on. Does the organization commit itself to a strong safety culture and weight cultural aspects sufficiently?

    High Reliability Organizations (HRO) lead by example. These organizations are very aware of exactly these hidden dangers in their system and actively address them. High Reliability Organizations operate according to five principles:

    • Preoccupation with failure
    • Reluctance to simplify interpretations
    • Sensitivity to operations
    • Commitment to resilience
    • Deference to expertise

    Taking the “false alarm” example, this practice violates the second principle, the reluctance to simplify interpretations. The mental picture that arises from this simplification doesn’t necessarily match reality, and in the worst case can prove fatal.

    So how can a fire service organization reduce or minimize this risk? Initial, immediate measures could be:

    • Clearly defined and documented procedure for (FDS) alarms
    • Specific sensitisation of firefighters to the “false alarm” topic
    • Language guidelines for internal and external communication
    • Consistently pointing out the language guidelines and their background to firefighters who use the term “false alarm”

    These are of course only first, targeted measures. As mentioned above, organizational culture, which is not adequately changed by these measures alone, plays an important role. To improve safety sustainably, the topics of high-reliability organization and safety culture have to be tackled comprehensively.

    Conclusion

    The mental picture with which we go into an operation every day significantly influences our situational awareness and thus our actions in the operation. In the – fortunately rare – extreme case it can decide between life and death. But the mental picture is not solely a matter for each individual firefighter; it is shaped substantially by the surroundings and the organizational culture. Here the organization can and must take its directional role to sustainably improve the safety of its members. The High Reliability Organization model offers one possible approach.

  • Measuring corporate culture in real time

    Measuring corporate culture in real time

    Corporate culture is rightly receiving ever-greater attention. It is described as the DNA of an organization, and there are as many corporate cultures as there are companies. But what makes a positive corporate culture? How can it actually be measured, and how can it be improved?

    In this article I introduce an innovative measurement method that is clearly superior to conventional employee surveys. It enables companies and business units, with minimal effort and low cost, to measure corporate culture practically in real time, to identify trends early, and to implement specific, targeted improvement measures.

    Corporate culture

    A culture is made up of shared values and convictions. In a corporate context, this can mean shared norms and values, a shared understanding of the company’s strategy, a particular way of communicating and interacting, and so on. Corporate culture is often described simply as “how we do things around here”.

    In a positive corporate culture, employees identify with the company’s strategy and values. They actively contribute to the company’s success. Good interaction among employees and supervisors enables them to contribute without fear of negative consequences, to express their opinions, to critically question processes and products, to bring in ideas, and to point out problems in the organization. For this they receive appreciation. They show a high level of loyalty and commitment to their employer and are willing to deliver peak performance. A positive corporate culture is visible not only inside the company but manifests outwards as well. Customers and potential employees notice it, and it constitutes a significant competitive advantage, not least in attracting talent.

    A positive corporate culture creates the foundation for the sharing of information, and thus for organizational learning and innovation. It enables a company to fully unfold the potential of its employees, and it means that the company’s know-how is not the sum of individual employee know-how, but a multiple of it.

    If corporate culture plays such an important role, we definitely want to know where our company stands. But how can we measure culture?

    Measuring corporate culture

    Many companies conduct annual or biennial employee surveys to measure employee satisfaction and corporate culture. This type of survey has several disadvantages:

    • Participating in the survey requires a significant time investment from employees.
    • The survey is a snapshot and is highly susceptible to external influences.
    • Evaluating the answers takes a long time and produces an overwhelming amount of information. The top-down transfer into the organizational units takes time, and any measures can only be taken long after the survey.
    • While survey results can be compared, the large interval between them makes it difficult to analyze the effectiveness of specific measures in isolation. The reasons for an improvement, an absence of change, or even a deterioration remain unclear.
    • Static surveys over several years no longer do justice to today’s dynamism in the corporate environment.
    Figure: Example question from a FRIDAY6 survey

    The collaboration platform LutherOne with its module FRIDAY6 [1] offers a solution. FRIDAY6 is an employee-survey instrument that works with weekly, intelligent mini-surveys of six questions [2] (statements to be rated on a Likert scale from 1 to 10). The questions come from a pool of 100-120 questions covering a wide range of topics and are assigned individually to each employee. The question sets therefore differ across employees, and employees receive different questions each week. Answering the questions takes 1-2 minutes and can be done conveniently on a computer or smartphone. Management thus receives a comprehensive weekly picture of the situation in the company and in the various business units. FRIDAY6 offers companies a number of advantages, some of which are outlined below:

    • FRIDAY6 can be tailored extensively to the specific needs of the company.
    • The results of the surveys appear weekly in a comprehensive management cockpit, with numerous dimensions relevant to corporate culture – company climate, leadership, trust, engagement, customer focus, strategy, and so on. The cockpit shows both the status quo and the corresponding trends.
    • The user-friendly presentation and handling, and the very low effort required to respond, ensure a high participation rate over time.
    • The close-meshed surveying and clearly structured dimensions allow specific development areas to be identified and targeted improvements to be made. The effectiveness of the improvement measures can be measured within a few weeks, and corrective action can be taken quickly.
    • The regular surveys lead by themselves to an improvement of corporate culture. Employee motivation rises because they can actively contribute. This effect is reinforced when they sense that they are being heard and that their feedback leads to improvements in the organization.
    • A reduced form of the management cockpit is accessible to all employees and creates transparency and trust.
    Figure: Management cockpit of the FRIDAY6 platform — sample dashboard (test platform)

    FRIDAY6 creates optimal conditions for measuring corporate culture and for initiating cultural change. Through its many dimensions, companies are able to take specific, smaller measures without getting lost in the complexity of cultural challenges. Especially in today’s environment, which is shaped by constant change, this is indispensable.

    Has this caught your interest? Get in touch – I’d be glad to discuss with you how you can measure the culture in your company in real time and continuously develop it.

    safety & risk solutions GmbH, Tel. +41 76 343 44 09 or email fabian.landherr@safetyrisksolutions.ch

    [1] The FRIDAY6 module is available stand-alone. There is no requirement to implement further modules of the LutherOne collaboration platform.

    [2] For smaller organizations, instead of FRIDAY6 with its weekly six questions, the monthly 16-question Monthly16 is available. This extends the evaluation cycle but delivers qualitatively better results.

  • Achieve outstanding performance with psychological safety!

    Achieve outstanding performance with psychological safety!

    Psychological safety of employees is one of the key factors for the sustainable success of companies. Employees who feel psychologically safe are willing to contribute their knowledge and ideas and enable a company to constantly learn and reinvent itself, thus gaining a decisive competitive advantage.

    The environment in which companies operate is subject to a constantly high level of dynamism. Not only in the area of (system) safety, but also in daily competition, companies are forced to reinvent themselves again and again. They must adapt to volatility, deal with uncertainty, successfully manage omnipresent complexity and make quick decisions in situations of ambiguity (VUCA) in order to successfully hold their own against their competitors.

    Employees at all levels are confronted with the same challenges when performing their tasks. In most cases, they are no longer just a cog in the system, exercising a specific, well-defined task at a predefined pace, but are confronted with dynamic situations and actively contribute to the continuous improvement of the system – be it in the area of innovation or safety/risk management. Employees are therefore no longer just resources performing a clearly defined task, but an important source of information within a company, which is the prerequisite for continuous learning and further development of the organization.

    In order to be able to make this contribution, the basis of a high level of psychological safety must be in place.

    The psychologically unsafe, toxic work environment

    In a toxic work environment, employees cannot express themselves openly for fear of negative consequences and withhold information. The work climate is characterized by mistrust. Whenever possible, they try to sweep mistakes under the carpet to avoid exposure. Knowledge is seen as power and not shared with colleagues. Managers no longer hear about what is going on in the company. The system falls silent and merely “functions”, although in retrospect there is no longer any question of functioning. There is a high risk that the company will slip unnoticed into a crisis. The lack of knowledge transfer nips the necessary further development of the company in the bud.

    The psychologically safe working environment

    A psychologically safe work environment is characterized by personal respect and appreciation. Employees feel safe and motivated to actively contribute and share information without fear of negative consequences, whether in the form of ideas or reports of problems and mistakes. There is positive collaboration and teams excel. The company has motivated and inspired employees who trust their colleagues and are actively involved in the further development of the organization. The innovation potential of the organization can be fully exploited. Conflicts within teams are used positively and seen as an enriching opportunity to learn from different perspectives and to move forward.

    A study conducted at Google identified five key factors for successful teams. These are (1) psychological safety, (2) clear roles and responsibilities within the team, (3) reliable colleagues, (4) personally meaningful work, and (5) the conviction to make an impact. Psychological safety emerged by far as the most important element, which formed the basis for the other four key factors.

    The benefits of high psychological safety

    The benefits of high psychological safety are many and can be felt at all levels within an organization. They include:

    • Fulfilment at work and, as a result, a high level of employee loyalty to the employer
    • Proven significantly better team performance
    • Constructive use of conflicts with the aim of improvement
    • Improved information flow within the company, which forms the basis for a learning organization
    • A positive and inspiring corporate culture, which enables a pronounced risk and safety culture
    • Improved resilience of the company
    • Increased innovation potential of the company

    If you look at the above list – which is still far from complete – no company can really afford not to put psychological safety high on its agenda. A toxic work environment creates immense damage in the form of daily inefficiency, high staff turnover, missed innovation, and even the demise of companies due to a crisis or loss of competitiveness. Improving psychological safety can make all the difference.

  • Measuring safety

    Measuring safety

    There is a lot of talk about measuring safety. That is something which is easier said than done. This article shares some reflections.

    Measuring what?

    Before starting to measure, one needs to know what one is measuring. How you define safety will determine what you measure and how you measure. Let us illustrate the problem with three quite common views on safety. As you will see, none of them covers the subject entirely and all have advantages and disadvantages.

    Safety as compliance

    A very basic way of thinking: safety is following the safety rules. Being compliant with these rules is being safe. This corresponds to the almost automatic reaction that many people have after an accident: if only they had followed the rules, this would not have happened. Many investigations therefore focus on breaches of protocol and deviations. Also, in ‘normal’ situations there is emphasis on compliance. Wear the mandatory safety gear. Hold the railing. Striving for compliance also appeals to the human tendency towards conformity. We are social creatures, after all.

    Safety rules are important. They are a basic form of how we teach safety: “Don’t touch the stove, it’s hot!” “Watch left, right, left before crossing the street.” These things we teach our kids, our workers, etc. Safety as compliance works reasonably well in rather simple, ordered and predictable systems. In these situations, you have a reasonable chance to foresee what can happen and conceive actions to deal with variations. If you are on known territory, you can deal with the things that happen by applying prescribed routines. Following ‘best practice’ means acting safely, while acting outside of these scripts is regarded as unsafe.

    Safety rules are not perfect, however. We live and work in a world with a lot of variability and we have a limited amount of foresight. This means that we cannot write rules for every eventuality. If we could, the rules would be impossible to handle because of their sheer volume. Besides, rules depend on context. In London it is smarter to look right, left, right before crossing, while this is not the best strategy for Zürich.

    Rules are compromises and may sometimes not be enough to keep you safe. Even if you follow all the traffic rules, you can have an accident. For example, when others do not follow the rules. In some situations, following rules is even the unsafe option. One (in)famous example is the Piper Alpha disaster where the people that followed the emergency procedures died while the ones who ignored the procedures and just jumped overboard survived.

    Safety as an absence of accidents

    Go out on the street and ask a hundred randomly chosen people, “What is safety?” Chances are that many will answer something in the line of “Not having any accidents”. Thinking this way makes intuitive sense to most people. It feels right because in our minds safety and accidents are very much linked. When we do not have any accidents, we have been safe. Or have we? Actually, not necessarily. That nothing has happened does not mean that things are safe. In many cases it only means that nothing has happened yet. Although it can very well be that nothing happens ever.

    A simple test is to reverse the definition and see whether it still works. Is “the absence of accidents is safety” true? Absence of accidents can be achieved by other ways. Randomness or luck are possible factors. Your definition of accident is another. Whether people choose to report accidents yet another. However, accidents do give an indication about safety, or rather unsafety. An accident can be regarded as a manifestation of risk, bringing us to the next definition.

    Safety as acceptable risk

    Whatever you do, there is some risk involved. We cannot avoid this. We even want some risk, but not too much. We need to compromise between various goals (financial, safety, production, quality, etc.), between uncertainty and control. We have only limited resources (money, time, expertise, etc.). Therefore, we must make trade-offs and search for balance.

    This view of safety appeals to rational creatures. It suggests deliberation and decision based on ‘facts’. We will always face risks; we just have to make sure that they are acceptably low. The question is therefore what the right level of risk is. We should obviously try to put as much ‘distance’ as possible between ourselves and the hazard and the possible negative futures the hazard could lead to. But we do not want too much distance either. It has to be practicable and affordable. Besides, some hazards we actually do desire. Just think of drinking coffee. We want our coffee hot, but we do not want to burn ourselves. Therefore, we tend to sip our coffee carefully at first, or maybe blow a bit on it, instead of gulping it down at once.

    The view of safety-as-acceptable-risk is useful, but there are also some drawbacks. One is its reliance on knowledge, another is how it can lead to quantitative approaches to risk that look more objective than they are, that it may lead to a static view of safety, and the problem of monitoring the risk level. Then there is of course the problem of who decides what is ‘acceptable’ and based on what. Who determines what is included in the assessment and what factors weigh in (and how much)? Who is allowed to participate in the process and how can they participate in the process? What language is used during the process and in the communication of the results?

    One example of the latter is how consequences are selected and expressed. Certain risk assessments focus on fatalities, but those are often not the only bodily consequences. So, what to do with injuries? Should one choose a number of severe injuries that equals a fatality? Or should we, as one often sees, translate fatalities and injuries into monetary units? Is that really a good, and fair measure? Can you put a number on a human life? And if so, what number? Sure, you can estimate one person’s economic contribution to society and his/her family, but a person is so much more than his/her economic contribution.

    Challenges

    The above views of safety all bring their own ways of measuring safety. Regard safety as compliance and you may be tracking citations from the inspectorate, or observations of unsafe acts (e.g. not wearing protective equipment). If safety is seen as the absence of accidents, you will naturally follow up on accident and injury reports. Those who adopted a risk view of safety may have some kind of a risk register, present the most important risks in a risk matrix or heat map and follow up on actions to control the risks.

    How you define safety will influence your choice of things you measure – and vice versa. What you measure may very well become your definition of safety, consciously or not. If corporate policy, an ISO standard or the regulator requires you to record accidents and near misses as part of your monitoring, it will become very natural to talk about these metrics when someone asks about “How are we doing at safety?”

    Another challenge is that management dashboards and scorecards allow only limited space for the presentation of how things are going. Managers are busy people and they would very much like to get clear, concise, unambiguous and short answers. However, safety is a complex phenomenon. Therefore, we need a variety of measures to give a reasonable description. No one view captures everything. Every view shows some elements of safety, but never the full picture. A good answer thus needs rich information and nuances. Here is a tension between space and attention available and what is needed to give a high-quality answer.

    Dumbing it down into an easy measure, no matter how intuitive, will not do justice to the subject. A fatality/injury-based metric only captures a tiny part of a very complex phenomenon. It would be like describing a river exclusively by its temperature – which, by the way, rather depends on its surroundings, location and season than on ‘itself’, just as injury rates may correlate stronger with the context than with safety efforts initiated by the organisation. A trade-off between thoroughness and efficiency is inevitable and carefully addressing this in the management system is essential.

    This article is an adapted and abbreviated chapter from the book If You Can’t Measure It… Maybe You Shouldn’t. Reflections on Measuring Safety, Indicators, and Goals.

  • The Human-Centred Organisation

    The Human-Centred Organisation

    The world today is highly complex and fast-changing. New technologies become available and change the way we work, communicate and live our lives. The complex socio-economic and socio-political systems can make it difficult to anticipate the needs and requirements of tomorrow. This article discusses issues organisations have to deal with and the benefit of becoming more human-centred with the help of a model aiming to influence organisations on policy level.

    A changing world

    The introduction of new technologies, automation in particular, has shifted the nature of work and made certain tasks performed by personnel obsolete. This becomes more obvious when we look at how tasks have changed over time. Routine work of a cognitive and manual nature has decreased. However, non-routine work of both categories, but especially cognitive non-routine tasks, has increased greatly over the last 30 years, as illustrated in the following chart:

    Change in routine vs. non-routine, cognitive vs. manual tasks over time

    Being able to adapt and evolve in a sustainable way requires a workforce that is diverse and skilled and able to deal with complex problems. To accommodate this, frameworks are needed that could give guidance on how organisations can use their human resource in a better, more human-centred way.

    Management

    The aim of management is to maximise profits made by the company which in turn increases shareholder value. This is true today as it was back in the early 20th century when Scientific Management (Taylor 1911) was first introduced in manufacturing, particularly in the steel industry, to increase productivity and reduce costs.

    Industries have to adapt to changes in demand and the development of new technologies at an ever-increasing rate. This is creating complex problems that must be confronted each day anew (Scott Page, 2011).

    The constant demand on organisations to cope with complexity brings the need to develop better strategies and to become smarter. However, decision making, in many cases, depends on the knowledge and wisdom of few people with potentially limited understanding of the problem and no time to gather additional information. The knowledge and wisdom of experts is often not used or dispersed within the organisation, and difficult to access and unknown to decision makers.

    One reason for this could be the process of employment, and that the criteria for the job are regularly narrowed to a set of specific requirements, ignoring the whole remit of a person’s skills and knowledge and how he or she could add value to the team under changing circumstances. On the other hand, personnel who proactively volunteer their expertise outside their defined job description are often seen as rebels or troublemakers and discouraged from contributing.

    Frederick Winslow Taylor, in the early 1900s, described the good worker as someone whose job was to “just do what he was told to do, and no back talk.”
    – James Surowiecki, The Wisdom of Crowds, 2004

    Employees

    The struggle of an organisation to change and adapt is often blamed on their employees, and most managers know the difficulty in convincing them of the necessity for the company to adapt.

    Employees may already be conditioned to simply perform the job they were hired to do, and in many cases, they are happy knowing exactly what is expected of them with no need for further development of their skills and education. Others see the issues which make work difficult, but their suggestions are not taken into consideration and they become frustrated.

    The view that a good worker is one that just does as he or she is told with no back talk is still present in today’s work environment, regardless of the nature of the job. If, however, employees are suddenly expected to embrace a new way of working, it is not surprising when they respond with scepticism and appear apathetic and unwilling to engage.

    In fact, this very issue was observed by Frederick Winslow Taylor during the introduction of scientific management (Taylor 1911) in the early 20th century, and that was a time when change was less rapid than it is today.

    In fast-changing environments, it becomes all the more difficult to precisely specify roles and responsibilities across a diverse set of jobs.
    – Royal & Agnew, The Enemy of Engagement, 2012

    ISO 27500 – Human-Centred Organisation

    As illustrated previously, the need to constantly adapt to a changing environment is of vital importance for organisations in ever more dynamic economic environments. Often how work is done needs to change, which can mean that new technology needs to be introduced. New technology may impose the need for employees to adapt, which can have a tremendous impact not only on employees but also on customers. Therefore, it is important to anticipate the impact of new technology on human behaviour and to consider a human-centred approach not only on design but also on the wider organisation.

    Many standards have been developed to address ergonomic and human factors requirements. These mainly address specific issues and focus on the technical side of human interaction with technology. However, the rapid pace of technological development makes it difficult to keep up to date with standards. This led to the development of Human-Centred Design standards which are not technology specific but focused on who the design was for and what their needs for the product and systems are (Tom Stewart, 2017). In 2016 a new ISO standard was introduced focusing on the human-centred organisation – general principles.

    ISO 27500 is a “Hearts and Minds” standard aimed at corporate boards and at influencing policies. It consists of seven top-level principles. Each one has been endorsed by successful companies. It lays the foundation for application of ergonomics and human factors which not only address risk in terms of safety but can also improve quality and efficiency, and wellbeing.

    ISO 27500 – Human-Centred Organisation provides principles that can help management with the process of becoming more human-centred. Below are some useful practical suggestions.

    Capitalise on individual differences as an organisational strength. Having a diverse workforce should not be seen as a “must do thing” imposed by legislation or stakeholders, but a chance to improve resilience and performance within the organisation. People with different backgrounds think differently and make an organisation smarter. This should be reflected within human resource policies.

    Adopt a total system approach. Understanding how the organisation works from a systems perspective helps in understanding its behaviour. This requires the organisation to take a closer look at feedback loops and make sure the flow of information is also going bottom-up. The application of system thinking can help to create better models of the dynamic processes relevant to the organisation. Try to understand the relationship between the different agents and components of the whole organisation. This can be achieved through applying methods which are able to model dynamic socio-technical systems.

    Make usability and accessibility strategic business objectives. Application of a human-centred design process helps to understand users’ needs and provides a framework for engineering to design more usable and accessible products. Having systems in place that are usable and support optimal human performance will not only increase reliability but also reduce frustration within the workforce. Special attention should be paid to the distribution of information and how this is presented. Written information may not be ideal for a significant portion of the workforce.

    Ensure health, safety, and wellbeing are business priorities. With more work being of cognitive non-routine nature, the focus should not only be on conventional safety but also on workload and mental health. Understanding the system and its constraints will help identify bottlenecks and be proactive in prevention of mental health issues.

    Value personnel and create meaningful work. Do not consider employees as just another replaceable piece in the process and acknowledge their contribution. Their feedback might be of critical importance to the organisation. Attempt to understand the capability of your workforce and conduct a “what is already there” analysis to understand the variety of skills and competencies which are already available in the organisation. Finding a way to allow creativity to thrive increases the organisation’s ability to innovate and be more resilient to change. Listen to “rebels” carefully; what they have to say can be of critical importance. Create an environment where thoughts and ideas can be shared, and critical voices are valued.

    Be open and trustworthy. Openly and transparently communicate difficult decisions and admit organisational shortfalls. Accept different views and critical feedback from employees. Make sure you have an effective way to collect opinions from stakeholders.

    Act in socially responsible ways. This principle links to ISO 26000 which provides guidance on social responsibility. Social responsibility may depend on the cultural context the organisation is working in. If an organisation changes its operation from a regional or national to an international stage, the requirements may change rapidly.

    Conclusion

    ISO 27500 is currently not a certifiable standard, but this does not mean it should be ignored. The principles mentioned can provide a framework for policies and lay the foundation for a more sustainable utilisation of the human resource.

    Organisations do not need to find a good reason to follow a standard; they need a good reason not to follow it.

    References

  • The New View of Human Error

    The New View of Human Error

    In this article, I will focus on the Old View and the New View of human error. This is a first, short introduction, which lays the ground for further articles on this interesting topic.

    The term ‘New View’ is already 20 years old and basically not that new anymore. However, in many minds and subsequently in numerous organizations, the New View has not yet become established.

    Errors occur in every company. Fortunately, these mistakes usually have no consequences and often they are not even noticed. But unfortunately, sometimes there is financial impact or even personal injury.

    But why are these errors happening? Are these avoidable mistakes by individuals that should just have been more careful? Or are errors emergent properties of a complex socio-technical system and have little to do with the individual?

    The Old View

    One possible view is that human error and thus its negative consequence would be avoidable if everyone adhered to the rules. If an error occurs due to carelessness, it is sufficient to point this out to the person and, if necessary, to punish them, to solve the problem. In extreme cases, the punishment can go as far as to remove the culprit from the system. Criminal consequences are also conceivable. These are not necessarily initiated by the company, but in the case of ex officio offences by the prosecutor.

    The system itself is considered to be inherently safe. People in the system are seen as potential sources of error and system weakness. If all acting persons make an effort and adhere to the rules, nothing can actually happen. The safety level of the system can be measured by the number of incidents or accidents within a period.

    But how does this view help to make a system more secure?

    I am inclined to say: not at all. Companies are complex socio-technical systems. A characteristic of these systems is that not all effects of the interaction of different system components are known. Errors, but also system safety, are emergent system properties.

    But what is actually an error?

    We differentiate between different types of errors. There are the unintentional or unconscious errors that happen without knowing the effects on the system. And there are intended or deliberate mistakes. These are mostly deliberate deviations from existing procedures or rules. Such deviations occur, for example, in the event of conflicting goals, under high production pressure, or because no better alternatives are available. Thus, they are a result of inadequate systems. It is also often the case that these deviations have achieved better results for some time than official procedures.

    Whether an action was an error or not often has to do with the result itself. The term ‘error’ is therefore a backward-looking view of an action of which the result became known in the meantime. Especially in an environment with high complexity and incomplete information, it can happen that the same action leads to a positive result and another to a negative result. So whether someone made an error or not can be due to circumstances that were still unknown at that time.

    The New View

    The New View is distancing itself from the perspective of the human as a source of error and as the weakest link in the chain. Humans are seen much more as a system component that enables high system safety. The starting point is that people come to work to do a good job. If an error occurs, it cannot simply be reduced to the action of an individual. It is necessary to consider the error in the system context. Because the action that later turned out to be an error was considered by the acting person to be useful for achieving the goal at the time of execution.

    People make decisions under high pressure, with conflicting goals and in great uncertainty. In a complex system, decisions have to be made with incomplete information, or the amount of information is so large that it cannot be processed at all. This can lead to information being overlooked or deliberately not being included in decision making.

    Make the system safer

    In this context, I consider a system to be an organization or organizational unit with employees, technical systems and processes. If appropriate, the term system can also be extended to external components.

    Fortunately, as mentioned at the beginning, most errors remain without consequences. This is primarily due to people’s resilience and sometimes simply due to chance.

    Errors provide an opportunity to learn and make the system safer. If errors occur, it is not expedient to limit the analysis to the actions of the individual (the Old View). Removing the ‘culprit’ from the system does not improve it. It is crucial to take a system perspective in the analysis and to want to understand why the decision for this individual made sense in this specific situation (the New View). It must also be taken into account what information the person had available and what conflicting goals they were exposed to. This also raises the question of whether another – comparably competent – person might have made the same decision in a comparable situation or not. If this question is answered with ‘yes’, an adjustment in the system is required in order to achieve sustainable improvement.

  • Reaching optimal Human Performance through effective System Design

    Reaching optimal Human Performance through effective System Design

    Designing automation for complex socio-technical systems, to ensure optimal Human Performance of human operators, is a challenging endeavour. Especially in safety-critical environments, humans may need to adapt quickly to changing levels of demands, complexity and uncertainty, in order to maintain optimal performance, efficiency and safety of operations. Under these conditions, humans may benefit from automation. In most cases, automation is designed to take over low-value tasks, i.e. tasks that are simple and easy to automate. However, designing automation to support the human with cognitively demanding tasks such as problem solving and complex decision-making is more challenging for various reasons. First, it is required to build an understanding of all high-level tasks and underlying (human) cognitive functions, and to identify to what extent these tasks are currently supported by automation, and what humans need in terms of resources to execute them. Second, automating tasks requires re-thinking the new distribution of (cognitive) functions between humans and automation on a higher level, what organizational structures are required, and how cognition is shared amongst humans and automation (i.e. how humans are able to work effectively with automation). Third, it needs to be understood how automation should be designed so it can support humans optimally in managing complex tasks, in particular when decision-making or problem solving under rapidly changing demands, high levels of complexity, and uncertainty is required. Therefore, creating automation to support humans requires a deep understanding of what strategies humans adopt when engaging in complex problem solving and decision making. What strategies do they adopt and what do they need as automation support? This article provides an overview of how to tackle these challenges.

    Step 1: Understanding tasks and underlying (cognitive) functions of a system

    We have to consider that in most cases, we do not develop systems from scratch. Rather, we are building upon existing systems for improvements in terms of safety, efficiency, or other performance dimensions. This means we have to understand what tasks and underlying (cognitive) functions currently exist and what functions currently are supported by automation, in order to identify possibilities to further automate complete tasks or underlying (cognitive) functions or improve existing automated functions.

    In order to identify what automation optimally supports the human in complex tasks (ensuring human-centric decision-making), we first need to identify all tasks and corresponding (cognitive) functions. We also need to identify the current allocation of tasks (and underlying cognitive functions) between humans and automation. Some tasks may be allocated to humans, with various levels of automation support; some tasks may be allocated fully to automation. But it is also possible that tasks are dynamically allocated to humans or automation. It is necessary to understand how changing the allocation of tasks may impact the overall system in terms of interdependencies between humans and automation. A Cognitive Function Analysis (CFA) (Boy, 1998) is an important instrument for Human Factors Engineers and Designers (e.g. UX Engineers) to generate an understanding of all tasks and underlying functions of a system, and the implications of changing the allocation of functions between humans and automation. When doing a CFA, it is important that a wide range of techniques is used, including interviews, observations as well as documentation study. Interviews and observations are important as in most cases, humans may have evolved to use the system differently than intended, which often is not documented.

    Step 2: Understanding the impact of function allocation on system stability

    Changing allocation of functions between humans and automation may have an impact on system stability (Straussberger et al., 2008). When automating existing functions currently allocated to humans, it therefore needs to be assessed what impact redesigning human and machine cognitive functions through increasing automation will have on the overall stability of a complex socio-technical system. This will ultimately determine the resilience of the system to respond to all operational demands. Stability exists on various different layers. It is the result of organizational structures linked to procedures and technical systems and will reflect a system’s ability to recover after disturbance. The stability of socio-technical systems is defined through two processes (Straussberger et al. 2008):

    • Global socio-cognitive stability
    • Local socio-cognitive stability

    Global socio-cognitive stability is concerned with the appropriateness of functions allocated to humans or automation, the pace of information flows and related coordination, through designing appropriate structures linked to:

    • Authority
    • Responsibility
    • Controllability
    • Ability

    Issues may arise if these structures have not been adequately designed. For example, when humans have formal responsibility but do not have controllability or ability to execute certain tasks or high-level functions. Or, alternatively, functions become fully allocated to automation, yet humans maintain formal responsibility for these functions, whereas they have no control or ability to intervene in their execution. Issues may also arise when functions are dynamically allocated to humans or automation or delegated to the system by humans, and the conditions which must be met for delegation are not transparent to humans or are simply not defined.

    Local socio-cognitive stability refers to humans’ workload, situation awareness, ability to make appropriate decisions and take action. Local socio-cognitive stability will mainly rely on humans’ ability to understand automation and to gain a mental model of the system. Automated systems need to be designed such that humans are able to predict (anticipate) responses of automated systems on human input as well as receive adequate feedback, and regain authority if needed (Boy, 1998). Also, transparency of automated functions needs to be considered, so that humans can develop a valid mental model of the system, its functions, and its behaviour.

    Ensuring both global as well as local socio-cognitive stability will ensure a common frame of reference, supporting joint situation awareness between humans and automated systems.

    Step 3: Design automation to support expert decision-making

    Designing automation to support human macro cognitive functions starts with understanding how human operators respond to high levels of complexity and uncertainty. Humans may need to adapt to changing demands, which requires anticipating, extrapolating into the future, and creating an assessment based on experience. It may also be required to plan ahead and build capacity to be able to manage situations in the near future. They may also need to engage in strategies to deal with future demands and unexpected situations. Such strategies may be dedicated to either reduce or manage complexity and uncertainty. Examples of complexity and uncertainty management strategies include (Corver & Grote, 2016):

    • Anticipatory thinking (extrapolating the current situation into the future based on past experience on observed deviations)
    • Adaptive planning (i.e. creating back-up plans)
    • Weighing pros and cons of different options (comparing alternative solutions)
    • Forestalling (improving readiness, e.g. to manage resources for future demands)
    • Reducing uncertainty (e.g. increase accuracy and reliability of data through the integration and validation of information from different sources)

    The understanding of these strategies is important to start designing useful automation to support human operator decision-making and task execution in highly dynamic situations with high levels of complexity. The following questions should be asked: what information is required from which sources and what data accuracy is required? What cues are required for human operators to be adequately alerted about deviations in order to allow them to quickly respond adequately? What do humans consider when analyzing a situation and engaging in complex decision-making? Automated support tools can be designed to support humans’ ability to filter and cluster information where it is needed, to extrapolate into the future, and be alerted when the situation deviates, or to make complex decisions based on operational trade-offs (Corver & Grote, 2016). Finally, an understanding of the tasks and information needs can support the design of automation which supports humans with clustering, integrating and filtering different information from different sources for improved and quicker decision-making.

    In summary, the identification of human macro cognitive strategies allows us to understand how automation can support human needs and will allow us to increase overall performance of a system.

    References

    • Corver, S.C. & Grote, G. (2016). Uncertainty management in en route air traffic control: a field study exploring controller strategies and requirements for automation. Cognition, Technology & Work.
    • Boy, G. (1998). Cognitive Function Analysis. Westport, CT: Ablex, Greenwood Publishing Group.
    • Straussberger, S., et al. (2008). PAUSA for the future – A synthesis of Phase 1. June 2008. Final Report.
  • The characteristics of High Reliability Organizations

    The characteristics of High Reliability Organizations

    Today, companies are faced with ever-increasing complexity. On the one hand, companies themselves are complex, socio-technical systems, and on the other hand, they are embedded in a complex environment with numerous known and unknown factors. How can an organization successfully keep up with these constantly increasing demands?

    In this article, I will focus on High Reliability Organizations (HRO) and the related High Reliability Theory (HRT). The idea of High Reliability Organizations originally comes from organizations that successfully operate in high-risk industries. Examples include air traffic control, nuclear power plants, aircraft carriers, power grid operators, and similar fields of activity. However, I am personally convinced that the insights gained from HRO and the associated operational principles can be transferred to any organization and – like the classic HRO – will make them more successful.

    The emergence of the High Reliability Theory

    In 1984, sociologist Charles Perrow published his book “Normal Accidents: Living with High-Risk Technologies”, in which he introduces the Normal Accident Theory (NAT) using an analysis of the reactor accident in the nuclear power plant Three Mile Island in the USA in 1979. His reasoning was that complex and tightly coupled systems would have to lead to a catastrophic accident sooner or later. It therefore was irresponsible to operate such systems, for example nuclear power plants. This theory appears to be absolutely plausible; however, it holds a problem: it cannot be falsified. Because – and this several times was Perrow’s answer to criticism – even if there has never been an accident, it is just a matter of time before it happens. Who can refute a forward-looking statement?

    NAT has rightly received a lot of attention in safety sciences and Perrow has been cited thousands of times. But the question arose as to why there are still organizations that can successfully operate complex, tightly coupled systems with virtually no incidents. This question inspired the Berkeley scholars Gene I. Rochlin, Todd R. La Porte, and Karlene H. Roberts to study such organizations more closely and to publish an article on High Reliability Organizations in 1987 in response to Perrow’s NAT: the High Reliability Theory (HRT). Using a best-practice approach, the Berkeley scholars examined why operations on an aircraft carrier (in peacetime), where aircraft move at high speed and in tight space in the presence of dangerous goods such as fuel and weapons, do not (or did not yet) lead to a catastrophic accident.

    Like NAT, HRT received a lot of attention. As a result, it was followed by numerous publications, and there are still articles and books published today on this topic. Of course, Perrow’s answer to HRT did not wait. While the Berkeley scholars considered their work as complementary to NAT, Perrow didn’t agree with this assessment and contradicted directly. After 1987, numerous studies and surveys were conducted in different industries such as nuclear power plants, aircraft carriers (in peacetime), power grid operators, air traffic control, etc. These studies have contributed to the further development of the HRT. In 2001, Karl E. Weick and Kathleen M. Sutcliffe published the first edition of “Managing the Unexpected”, in which they broke down the findings to five HRO principles that I will explain further down. “Managing the Unexpected” was published in a second edition in 2007 and in a third edition in 2015.

    The five HRO principles

    The first three of the five HRO principles are primarily to be understood from a prevention perspective. The focus is on preventing serious incidents and accidents.

    Preoccupation with failure. To deal with possible failure means to think about what could go wrong and to look for weak signals in the system. These are activities that can be taken over by effective risk management but should also be firmly anchored in the everyday work routine of all employees. When analyzing risks, it is important to understand what could happen. However, it is even more important to get to the bottom of the question of why something could happen.

    Reluctance to simplify. We tend to look at something in a way that fits our personal worldview. This applies to both individuals and entire organizations. With the reluctance to simplify, the existing worldview is questioned, and situations are viewed from different perspectives.

    Sensitivity to operations. In an HRO, operational processes set the pace of the organization. The organization has a high awareness of details and identifies weak signals. The quality of relationships is strong. There is a culture of trust, which enables employees to speak openly about irregularities and concerns in connection with operational processes.

    But an HRO is also aware that, despite all efforts, mistakes cannot be completely avoided. The last two of the five HRO principles focus primarily on coping with errors so that they do not develop into a crisis.

    Commitment to resilience. Errors also occur in HROs. HRO do not try to be error-free, but on the one hand they have the ability to quickly recover from mistakes before a crisis arises, and on the other hand they have the ability – if a crisis does occur – to quickly get out of this crisis.

    Deference to expertise. If an HRO is in a critical situation or even in a crisis, the decisions to deal with this situation are made “at the front” by the relevant experts and not necessarily by the management. Figuratively speaking, the hierarchy pyramid turns upside down. Once the crisis has been overcome, the hierarchy pyramid will normalize again.

    Why become a High Reliability Organization?

    The five HRO principles support a company to become a mindful organization that is able to focus on operational processes, detect weak signals, learn from irregularities, and manage potentially dangerous situations before they turn into a full-blown crisis. The benefits that result from this are manifold. For example, losses in connection with a crisis – be it a production shutdown or a far-reaching scandal – can be avoided or limited, or a significant competitive advantage can be achieved by optimizing operational processes. If a company is perceived as an HRO from outside, this can have a positive impact on public perception and can also play a decisive role in the war for talent.

    In conclusion, it can be said that the concept of the High Reliability Organization not only supports companies in high-risk areas, but basically supports all companies in successfully sustaining themselves in their increasingly complex environment and in creating a competitive advantage.