A great deal of work goes into making operating procedures accurate, but a procedure that is accurately written may be implemented incorrectly.
Studies suggest that humans conducting simple, mundane tasks make an error roughly 1% of the time. Error rates for complex tasks are much higher. Some procedures are more error-prone than others. It is incumbent upon us to write procedures that are not only accurate, but that are likely to be implemented without error.
The airline industry has dramatically decreased the incidence of human error, in part by focusing on development of effective procedures and on instilling a culture in which the procedures are actually used. We can do the same in the oil industry.
SEMS mandate: Not only is this the right thing to do, in the GoM it is a regulatory requirement. The SEMS rule that made API RP 75 mandatory requires that “human factors associated with format, content and intended use shall be considered to minimize the likelihood of procedural error”.
Human error research suggests some ideas for how to do that. The majority of the ideas in this GATEKEEPER are derived from the classic book Human Error by James Reason 1.
We can consider a procedure to be a series of actions, each of which changes the plant status in some way (Figure 1). Errors of two types occur:
- Misunderstanding of plant status
- Incorrect action (skipped step or wrong action)
Flawed Situation Assessment
Effective situation assessment is key to effectively implementing a procedure and to dealing with surprises. Operators may have a flawed interpretation of the current plant status for a number of reasons including:
- If maintenance has been done, isolations may still be in place, power tagged out, equipment items bypassed, etc.
- If multiple people are involved, inadequate communication will yield a flawed situation assessment. In a typical plant startup one or more outside operators will take actions at the direction of the Control Room Operator (CRO). It is easy to get signals crossed.
- Ambiguous cues, or failure to check for cues, cause errors in situation assessment. Human error driven by ambiguous cues and confirmation bias has been the subject of a great deal of research. Suffice to say, we are biased to see what we expect to see or want to see.
The most common action error in procedure following is skipped steps. There are many reasons why steps are skipped. Operators do not always follow procedures step by step. If the operator is not actively referring to the written procedure, then he/she may simply forget some steps.
Steps that start with the word ‘confirm’ are perhaps the most likely to be skipped. And since these steps are included to verify plant status, this tendency contributes to situation assessment error.
Steps are most likely to be followed correctly if there are only a few steps, if each step is relatively simple, and if the steps follow in a logical order.
Special attention must be paid to steps that follow achievement of the main goal. For example, when one or more safety switches are over-ridden to startup a process, it is very easy to forget to put them back in service after the startup is completed.
A skipped step will be effectively self-correcting if the next step cannot be accomplished as a result of the skip. A dangerous situation may exist if the skipped step has no immediate effect, but could have detrimental effects later.
Task-based vs. Action-based Procedures
An operator who doesn’t clearly understand the goal and rationale of a procedure is more likely to make mistakes. We distinguish between task-based and action-based procedures. An action-based procedure is simply a list of actions to be performed. Human error involving absent-minded deviation is likely to occur if the operator is made to go through a series of mundane consecutive steps that doesn’t include a clear objective.
A task-based procedure provides the objectives and the reasons behind actions. The optimum is often a combination – a task-based description of the methods and objectives followed by a detailed action list.
Recommendations and Checklist
The list below suggests some ideas for making procedures less error prone.
Task-based versus Action-based Instructions:
- A procedure that is just a list of actions with no discussion of objectives is potentially difficult to follow.
Pre-conditions are likely to be incomplete or not done if/when:
- Following maintenance/repair. Status of equipment after maintenance may not be as expected, for instance slip blinds left in place, equipment not powered, safety systems bypassed, instruments on manual, etc.
- Checklist does not follow a logical progression, for instance valves in a line required to be in a given position should be listed in line order to facilitate checking.
- Required conditions are ambiguous.
Steps are likely to be skipped:
- If a step is not obviously cued by the previous step it is likely to be skipped.
- If there are too many steps, steps in the middle are likely to be skipped.
- If a single step is complicated and has sub-steps, slips and lapses are likely.
- A step which extends over long period of time without intervening action is prone to distraction.
- Steps which occur after the main goal is achieved are likely to be skipped.
- Interruptions from SIMOPs (simultaneous operations) can cause you to lose your place.
Latent Errors – Problems waiting to happen:
- If a step can be skipped without impacting further steps or causing immediate upset to the process, then it is likely that failure to perform the step will not be caught. The need to complete the step must be somehow reinforced.
- James Reason (1990), Human Error, Cambridge University Press
- Flin, O’Connor, Crichton, Safety at the Sharp End, Ashgate