Figure 2 - uploaded by Lisette Kanse
Content may be subject to copyright.
Source publication
The prevention of errors and other failures has always been a central theme in safety and reliability management. However, additional benefits could be gained from focusing on what can be done after a failure has occurred, before it leads to negative consequences. This article examines the processes followed to recover from failures. Incident and n...
Context in source publication
Context 1
... example cases where no corrective actions are taken, and the process stops after detection, or after detection and a localisation attempt, are not the most successful types, and are not expected to occur very often. Figure 2 provides an overview of the occurrence frequencies of the different recovery process types observed in the 50 cases. Observed recovery process types ...
Similar publications
As an addition to the more traditional methods focussing on error prevention, methods aiming at optimising the possibility of recovery after an initial failure has occurred, will provide promising new ways to improve system safety and reliability. In order to develop such methods, insight is needed in the mechanisms of recovery and the factors that...
Citations
... The conventional contribution plots and the proposed causal plots of the T 2 and Q statistics were calculated. Samples within one hour after the occurrence of the fault were analyzed for the diagnosis of the cause of the fault, following Kanse et al., who reported that it might take about one hour to manually identify causes of faults [31]. Fault diagnosis methods based on the Granger causality were not adopted in this study because there were three or more variables in the VAM process. ...
Fault diagnosis is crucial for realizing safe process operation when a fault occurs. Multivariate statistical process control (MSPC) has widely been adopted for fault detection in real processes, and contribution plots based on MSPC are a well-known fault diagnosis method, but it does not always correctly diagnose the causes of faults. This study proposes a new fault diagnosis method based on the causality between process variables and a monitored index for fault detection, which is referred to as a causal plot. The proposed causal plot utilizes a linear non-Gaussian acyclic model (LiNGAM), which is a data-driven causal inference algorithm. LiNGAM estimates a causal structure only from data. In the proposed causal plot, the causality of a monitored index of fault detection methods, in addition to process variables, is estimated with LiNGAM when a fault is detected with the monitored index. The process variables having significant causal relationships with the monitored indexes are identified as causes of faults. In this study, the proposed causal plot was applied to fault diagnosis problems of a vinyl acetate monomer (VAM) manufacturing process. The application results showed that the proposed causal plot diagnosed appropriate causes of faults even when conventional contribution plots could not do the same. In addition, we discuss the effects of the presence of a recycle flow on fault diagnosis results based on the analysis result of the VAM process. The proposed causal plot contributes to realizing safe and efficient process operations.
... The similarities are first, that a near miss outcome may include actors not necessarily directly related to the incident trajectory. The actors whose decisions relate to a recovery process and near miss may well be different from those actors whose decisions led to the incident process and adverse outcome (Kanse and van der Schaaf 2001). Second, a near miss outcome may result from decisions and actions which are planned, unplanned, or a mix (Kanse et al. 2005), with the potential for both structured and ad hoc strategies to be implemented. ...
The common cause hypothesis, as applied here, proposes that similar networks of influencing factors may contribute to both adverse outcomes and near misses. This hypothesis has not been evaluated using a systems-thinking perspective. The aims of this study are to evaluate whether networks of contributory and protective factors exist within aviation serious near miss reports and to determine if the common cause hypothesis is applicable in this context. Sixteen incident reports from French civil aviation crash investigation bureau were analysed using the AcciMap method. Contributory and protective factors, and relationships between both were identified via coding of the reports. The results indicate that considering protective factors support a richer picture of incidents and provide support for the common cause hypothesis as measured by similar mean factor volume and sociotechnical levels for both contributory and protective factors. However, the findings also show the direction of relationships among protective and contributory factors may be indicative of a difference among adverse outcomes, near misses, and normal work. Future research should consider how a network of relationships may impact on the common contributory and protective factors found in near misses.
... In addition, more recent research has viewed near misses as successful outcomes which did not result in an accident. It is therefore argued that near misses provide information on the systems' resilience by identifying the capacity of a system to recover from accident trajectories (Kessels-Habraken et al. 2010) and error recovery-factors (Kanse and van der Schaaf 2001;Kanse et al. 2005;Kanse et al. 2006). While error recovery has been identified as one of defining components of a near miss (van der Schaaf and Kanse 2004; Barach and Small 2000;Battles et al. 1998), it is unknown whether industry-wide reporting systems capture information on the factors that contribute to error recovery. ...
Learning from near misses is an important component of maintaining safe work systems. Within safety science it is widely accepted that a systems approach is the most appropriate for analysing incidents in sociotechnical systems. The aim of this article is to determine whether industry-level near miss reporting systems are consistent with systems thinking. Twenty systems were identified, from a range of work domains, and were evaluated against systems thinking-based criteria. While none of the reporting systems fulfilled the full set of criteria, all are able to identify actors and contributing factors proximal to events in sociotechnical systems and many capture information on how accidents were prevented. It is concluded that the explanatory power of near miss reporting systems is limited by the systems currently used to gather data. The article closes by outlining a research agenda designed to ensure that near miss reporting systems can fully align with the systems approach.
... Protective factors were defined as: decisions, actions, and/or conditions across the work system which prevent or mitigate damage, injury, or loss. This definition was developed to identify systemic factors of accident prevention based from the literature of conditioning factors from bow-tie analysis: 'barriers which mitigate or manage an accident pathway' (Markowski and Kotynia 2011), and failure compensation processes: 'error detection, explanation and correction' (Kontogiannis andMalakis 2009, Kanse andvan der Schaaf 2001). For example, when Air Traffic Control (ATC) assigned a specific procedure to a flight crew to manage an issue, this was coded as a Procedure Assigned and mapped to the management level of the framework as ATC provided a control to the staff level in this context. ...
Learning from successful safety outcomes, or what went right, is an important emerging component of maintaining safe systems. Accordingly, there are increasing calls to study normal performance in near misses as a part of safety management activities. Despite this, there is limited guidance on how to accomplish this in practice. This article presents a study in which using Rasmussen’s risk management framework to analyse 16 serious incidents from the aviation domain. The findings show that a network of protective factors prevents accidents with factors identified across the sociotechnical system. These protective networks share many properties with those identified in accidents. The article demonstrates that is possible to identify these networks of protective factors from incident investigation reports. The theoretical implications of these results and future research opportunities are discussed.
Practitioner Statement: The analysis of near misses is an important part of safety management activities. This article demonstrates that Rasmussen?s risk management framework can be used to identify networks of protective factors which prevent accidents. Safety practitioners can use the framework described to discover and support the system-wide networks of protective factors.
... (3) In the intervention stage, responses by humans and responses by protective systems are both considered with the same importance. The failure compensation process model (Kanse and Van der Schaaf, 2001) also includes both responses, but our model explicitly distinguishes the two responses with the use of terms that are easier to understand, and considers the interaction of both (the bi-directional arrow in Fig. 1). (4) It makes it easy to construct a sequence of events leading to an accident/incident or a near miss by using two possible feedback loops: one is from an unsafe situation to the occurrence of another adverse event (the left loop at the bottom in Fig. 1); the other is from interventions to another unsafe, and sometimes worse, situation (the right loop at the bottom in Fig. 1). ...
Although many models of accident causation have been developed and have contributed to improving our understanding of how accidents occur, relatively few published studies have evaluated such models with accident data. An accident causation model for the railway industry, proposed earlier by the authors, was reviewed, and 80 railway accident investigation reports from the UK were analyzed to evaluate the model's usefulness and examine the presence of any significant correlations between the components of the model. Overall, it was proved that our model is useful in explaining how a railway accident/incident or near miss occurs and that every component of the model is essential. Human failures, technical failures, and external intrusions were all observed in about one half of the accidents. Human responses were observed in most cases, and responses by protective systems were also reported in many cases. The frequencies of other components such as feedback loops were not negligible. The analysis also revealed several interesting relationships between the components, some of which have implications for preventing or reducing the number of railway accidents and incidents. The results from this study can be transferred to other safety-critical domains such as aviation, maritime, and medicine.
... But, operators can mitigate the consequences of errors by managing them. Researchers generally agree that error management consists of three components: (1) detection; (2) explanation; and (3) correction (Kontogiannis 1999(Kontogiannis , 2011Kanse and van der Schaaf 2001). ...
... Explanation is the process of identifying the nature of the error as well as understanding the underlying cause of the error (Kontogiannis 1999). Correction involves modifying the existing plan or developing a new plan as a countermeasure against the potential adverse events of the error (Kanse and van der Schaaf 2001). During the correction stage, operators may have different goals, influenced by the nature of the error, ensuing consequences and time pressure (Kontogiannis 1999). ...
... Particularly in time-restricted situations, operators may take action to correct the error without thoroughly understanding its cause. For instance, Kanse and van der Schaaf (2001) analysed the sequence in which operators moved through the various error-management stages. They discovered that in many cases detection was followed immediately by corrective action, with the explanation occurring later. ...
Automation has the potential to aid humans with a diverse set of tasks and support overall system performance. Automated systems are not always reliable, and when automation errs, humans must engage in error management, which is the process of detecting, understanding and correcting errors. However, this process of error management in the context of human–automation interaction is not well understood. Therefore, we conducted a systematic review of the variables that contribute to error management. We examined relevant research in human–automation interaction and human error to identify critical automation, person, task and emergent variables. We propose a framework for management of automation errors to incorporate and build upon previous models. Further, our analysis highlights variables that may be addressed through design and training to positively influence error management. Additional efforts to understand the error-management process will contribute to automation designed and implemented to support safe and effective system performance.
... For example, studies in the maritime domain emphasize the need for the employment of knowledge-based strategies by the crewmembers for efficient error recovery and decision-making skills in novel and unfamiliar sit- uations [27]. Similarly, a study in the chemical process industry has shown that error recovery and contingent decision-making responses at skill-based and knowledge-based levels play important roles in mitigating the adverse effects of any error [28]. However, very little is known currently about the nature of error recovery in medicine which has led us to pursue this problem using a range of approaches. ...
The notion that human error should not be tolerated is prevalent in both the public and personal perception of the performance of clinicians. However, researchers in other safety-critical domains have long since abandoned the quest for zero defects as an impractical goal, choosing to focus instead on the development of strategies to enhance the ability to recover from error. This paper presents a cognitive framework for the study of error recovery, and the results of our empirical research into error detection and recovery in the critical care domain, using both laboratory-based and naturalistic approaches. Both attending physicians and residents were prone to commit, detect and recover from errors, but the nature of these errors was different. Experts corrected the errors as soon as they detected them and were better able to detect errors requiring integration of multiple elements in the case. Residents were more cautious in making decisions showing a slower error recovery pattern, and the detected errors were more procedural in nature with specific patient outcomes. Error detection and correction are shown to be dependent on expertise, and on the nature of the everyday tasks of the clinicians concerned. Understanding the limits and failures of human decision-making is important if we are to build robust decision-support systems to manage the boundaries of risk of error in decision-making. Detection and correction of potential error is an integral part of cognitive work in the complex, critical care workplace.
... During the last two decades, several researchers have focused on the error handing process. Relevant research has covered a variety of domains, including humancomputer interaction (e.g., Bagnara et al. 1988, Frese 1995, Rizzo et al. 1995, aviation (e.g., Wioland & Amalberti 1998, Helmreich et al. 1999, Sarter & Alexander 2000Nikolic & Sarter, 2007), air traffic control (e.g., Bove andAndersen 2001, Kontogiannis &Malakis, 2009), process industry (e.g., Kanse & van der Schaaf 2001, Kanse 2004, and health care (e.g., Edmondson, 1996;Kanse et al., 2006). ...
... Most studies in error management (Rizzo et al., 1995;Kontogiannis, 1999;Kanse & van der Schaaf, 2001) have tended to distinguish three processes in error handling or error management , namely: (a) error detection -realising that an error is about to occur or suspecting that an error has occurred, (b) error explanation -identifying the nature of error and explaining why it occurred, and (c) error correction or recovery -modifying an existing plan or developing a new one to compensate. Error handling or error management will be used interchangeably, in this article, to refer to user behaviours comprising the three cognitive processes. ...
... Data from incident analysis in the chemical process, however, have suggested the user's progression through the error recovery activities is not necessarily a linear process. Kanse & van der Schaaf (2001) identified several patterns of explanation and recovery behaviors after detecting a problem. For instance, immediate actions are often implemented prior to the occurrence of the more elaborate explanation and recovery processes. ...
Research in human error has provided useful tools for designing procedures, training, and intelligent interfaces that trap errors at an early stage. However, this "error prevention" policy may not be entirely successful because human errors will inevitably occur. This requires that the error management process (e.g., detection, diagnosis and correction) must also be supported. Research has focused almost exclusively on error detection; little is known about error recovery, especially in the context of safety critical systems. The aim of this paper is to develop a research framework that integrates error recovery strategies employed by experienced practitioners in handling their own errors.
A control theoretic model of human performance was used to integrate error recovery strategies assembled from reviews of the literature, analyses of near misses from aviation and command & control domains, and observations of abnormal situations training at air traffic control facilities. The method of system dynamics has been used to analyze and compare error recovery strategies in terms of patterns of interaction, system affordances, and types of recovery plans. System dynamics offer a promising basis for studying the nature of error recovery management in the context of team interactions and system characteristics.
The proposed taxonomy of error recovery strategies can help human factors and safety experts to develop resilient system designs and training solutions for managing human errors in unforeseen situations; it may also help incident investigators to explore why people's actions and assessments were not corrected at the time.
... L'étude des procédures de récupération (e.g. Kanse, & Van Der Schaaf, 2001a ;Bove, 2002 Plusieurs modes de récupération ont été mis en évidence (Kanse, & Van der Schaaf, 2001b ;Kanse, 2004, Kanse, & al., 2006. On distingue d'une part la récupération planifiée et d'autre part, la non planifiée. ...
... La récupération a, quant à elle, été beaucoup moins étudiée par rapport aux mécanismes de détection. Cependant, les études précédentes ont pu mettre en évidence 2 modes de récupération : les réponses planifiées et non planifiées (Kanse & al., 2001b ;Kanse, 2004, Kanse, & al., 2006. Nos résultats permettent principalement de souligner l'utilisation des protocoles de gestion dans la récupération. ...
The aim pursued in this thesis is to understand how the anesthetist get the situation under control. Three studies will be presented. The first ones permits to highlight both the mechanisms of failures detection and recovery. The aim of the second study is to understand both faulty elements in anticipation of incidents and recovery mechanisms used by anesthetists. The latest study clarifies the differences according to the anesthetists' involvement in the process, the impact of the cases preventability and the risk frequency. The results show that (1) there is a situation awareness and risk management shared between team members. (2) Time management appears to be an essential element in controlling the situation both in terms of synchronizing the activity, anticipation and its implementation. Indeed, the anesthetist often work on a proactive way to prevent future failures, but he can not anticipate everything. The planning is done on a short-term laps and many adjustments are necessary to enable the anesthetist to maintain control. (3) The study of failures recovery shows that anesthetists use protocols and guidelines recommended by the specialty but there is also some "allostasis risk" related to decisions to not act directly on the situation. (4) The impact of anticipation on risk management is controversial because it may allow both better management but also conduct anesthetists to error when they believe that the anticipation had normally permitted to avoid the problem. Finally, (5) observed differences in the involvement of the anesthesiologist in the process show that anesthetists manage the process by preventing or by real-time management. These results are discussed in light of the interest to study failures from the norm, the complementary methods used and the importance of positive management by insisting on the mechanisms of maintenance of security established by human operator.
... L'étude des procédures de récupération (e.g. Kanse, & Van Der Schaaf, 2001a ;Bove, 2002 Plusieurs modes de récupération ont été mis en évidence (Kanse, & Van der Schaaf, 2001b ;Kanse, 2004, Kanse, & al., 2006. On distingue d'une part la récupération planifiée et d'autre part, la non planifiée. ...
... La récupération a, quant à elle, été beaucoup moins étudiée par rapport aux mécanismes de détection. Cependant, les études précédentes ont pu mettre en évidence 2 modes de récupération : les réponses planifiées et non planifiées (Kanse & al., 2001b ;Kanse, 2004, Kanse, & al., 2006. Nos résultats permettent principalement de souligner l'utilisation des protocoles de gestion dans la récupération. ...
