tce HUMAN FACTORS

Measuring
reliability
Can human error be measured and managed?
Yes, says Paul Sirrett, arguing the case for
human reliability analysis

38 www.tcetoday.com September 2013


HE common theme within all
T organisations is people. They are the
vital components that hold together
complex systems. Safety critical operations
rely on their competence, understanding of
risk potential and ability to respond quickly
and appropriately in unfamiliar or emergency
situations. Yet humans are fallible: human
error has been a contributory factor in all the
major accidents that readily spring to mind,
as well as those near-misses which don't make
the headlines.
how likely are we to make
errors?
It is a plant owner's responsibility to ensure that
all risks are as low as reasonably practicable
(ALARP). This means taking a holistic approach
to all operations, including human behaviour.
Since human factors have been a key Health &.
Safety Executive (HSE) topic for several years,
any operator worth their salt will be aware that
human behaviour can be anticipated, identified
and managed. But what exactly is the likelihood
of an error occurring and how can it be avoided
or the consequences mitigated?
Human reliability analysis (HRA) is a
technique which can go some way to answering
this. It has been gaining increasing credence
within the chemical industries and in fact
the HSE and Energy Institute have published
guidelines on the subject.''^
why HRA techniques work
It's not always immediately obvious where the
human factors that contribute to major accident
hazards lie. HRA allows the likelihood of human
error to be analysed at all critical points in a
system's life cycle - concept, front end, design,
operations and decommissioning. The benefit
of specifically applying HRA as opposed to other
human factors techniques is that it is a robust
logical approach which focuses on reducing
human error and implementing action plans.
Its qualitative nature enables critical tasks to
be analysed and the vnder contextual factors
that inñuence an individual's performance can
be taken into account. It leads to real action
culminating in the desired ALARP position. HRA
is therefore an ideal technique for continuous
improvement in people, systems, procedures
and organisational practices.
how to HRA
The first step in performing an HRA is
identifying and prioritising all safety critical
tasks on site. This is the point at which many
HRAs fail due to lack of thoroughness or
understanding. COMAH companies should be
able to refer to their safety report for this stage.
Non-COMAH sites can undertake appropriate
risk assessment activities. Typical critical
procedures include start-up and shut down,
tanker deliveries and tankfilling,emergency
response and the maintenance of safety-critical
HUMAN FACTORS tce
could HRA have prevented the Buncefleld
disaster?
One of the overriding themes attributed to the Buncefield incident was poor
situationai awareness and in particular inadequate shift handover. Situations
where shift handovers are brief or incomplete are further complicated if
the preceding shift has not been routine, for example if the equipment has
undergone maintenance - all factors leading to potential disaster.
Following the Buncefield enquiry it was established that there was only a
short time allocated for shift handovers. Moreover the shift log did not record
events during the shift, only the end-of-shift status. It could also be argued that
appropriate significance was not afforded to the shift handover because, despite
being safety-critical it was not paid work. In addition, the cultural aspects of shift
working were not recognised at Buncefield.
Situationai awareness was also hindered by poor equipment design in the
control room. An HRA would have flagged up the reliability issues with the tank
gauging system. A key step in the HRA is a walkthrough/talkthrough in the place
where the task is carried out. This would have identified that the tank gauging
screens and alarm panel were in positions of low prominence, too far apart for an
operator to use both at the same time. Poor task design would also have been
highlighted since the filling rate was controlled by another site on the pipeline, not
by the operators at Buncefield.
Clearly suggestions from an HRA and process safety point of view would build
in sufficient time for a more detailed handover. Given the significance of this task
it would be sensible to include it within paid time. There should be procedures
for the proper use of log books and handover reports. These are an extremely
useful method of cataloguing what has occurred during a shift and identifying
any anomalies. They also speed up the handover process and make the entire
operation more efficient. To ensure that everyone involved in a process (including
the control room) has access to information it should be keyed in to a centralised
computer system. Anecdotal information can then be combined with hard
data from equipment readouts to facilitate the design of change management
programmes.
The HRA would have provided a tool to drive resolution of the known issues
with the gauging system. It would have also prompted discussion with other sites
on the pipeline to agree how filling rates should be controlled and communicated.
Changing the layout of the control room would have been low cost but would
have greatly improved reliability.
HRA allows tbe likelibood of buman error to be analysed at
all critical points in a system's life cycle - concept, front end,
design, operations and decommissioning.
September 2013 www.tcetoday.com 39
 tce HUMAN FACTORS
could HRA have
prevented the
Deepwater Horizon
disaster?
On the subject of high profile major
accidents, we also have to ask
ourselves whether the Deepwater
Horizon disaster could have
been averted. If an HRA had been
conducted it would have identified a
lack of understanding of the cement
integrity procedure; the need for
training and validation in the procedure;
the fact that the drill normally kicked
at high temperature; lack of training for
most staff in emergency response; and
a lack of process safety understanding
throughout the operating staff.
plant and equipment.
Those tasks identified as safety critical need
to be further broken down into individual
stages cataloguing: what should be done;
where and when it should be performed; who
should undertake it; and why it is important.
To ensure that all bases are covered it is a
good idea to involve multi-disciplined project
teams -fi-ommanagement to frondine
operators - for this procedure.
Once this has been completed the likely
human failures for each step need to be
recorded, together with their consequences.
In order to prevent the predicted incident
from occurring, safeguards should be
developed and put into place. These could
include procedural changes, training, plant
idendficadon or engineering modificadons.
Next, suggested measures to reduce the
consequences or improve recovery potential
in the event of a failure need to be recorded.
To cite an example, HPÎA identified where
errors had previously taken place in a
COMAH plant start-up, but no remedial
action had been implemented. For example:
• manual input of system parameters such as
'incorrect entry of methanol set point';
• a number of steps could also easily have
been omitted - for example not opening
valves at the required stage; and
• a number of task steps wbere the technician
40 www.tcetoday.com September 2013
could misread the value on tbe human
computer interface (HCI).
Understanding what could go wrong is just
one aspect of the assessment. We know that
human factors concern the job, the individual
and the organisation, but many organisations
don't fully understand how to take
performance infiuencing factors (PIFs) into
account. The HSE has produced a list of PIFs
which includes job factors such as: clarity of
signs, signals, instructions etc; appropriate
tools; working environment (eg noise, heat,
lighdng, vendladon, space); dme available/
required; difficulty/complexity of the task;
and communication issues.
Personal factors could include: physical
capability and condition; fadgue (temporary
or chronic); workload; stress/morale; and
competence to deal with circumstances
and motivation versus other priorides.
Organisational factors highlighted by the
HSE include work pressures (eg is producdon
deemed more important than process
safety?); level and nature of supervision
or leadership; manning levels; clarity of
roles and responsibilides; organisational
or safety culture (ie routine violations);
communicadon; peer pressure and so forth.
Optimising PIFs will reduce the likelihood
of all types of human failure. However, HSE's
list of performance infiuencing factors is just a
stardng point, not a comprehensive checklist,
so it is vital to have someone with human
factors knowledge on hand.
In our plant start-up example, the follovnng
performance infiuencing factors were found,
some positive and others negative:
positive
+ each page ofthe human computer
interface (HCI) is clearly set out
+ checks are documented in a written
procedure
+ technicians informally tick off each step
+ start-up is usually done by two technicians
with a degree of peer checking
+ low depth to menu structure
+ technicians are trained in the start-up
procedure and their competence has been
validated
negative
- potendal for distractions in the control
room at certain times of day
- possible to type too many or too few digits
The worst-case consequences of human error
at some task steps included the potential for
oxygen levels to reach explosive limits. Overall
at this particular plant, there were plenty
of engineered safeguards and midgadon
measures in place to prevent this. However,
the safeguards often took the form of a plant
trip and it could take an entire eight-hour
shift to get the plant ready to start up again.
In order to get the best out
of human reliahility analysis
you should work with hespoke
multi-disciplined teams and
suhject matter experts.
which would result in a large cost for the
business. There was also the possibility that
if the methanol content became too high it
would poison the catalyst, which again would
be expensive.
The HRA found a number of shortfalls
that could be addressed to enhance the
reliability ofthe processes undertaken.
Recommendations included: setting
maximum and minimum limits for cridcal
values keyed into the HCI, enhancing the
visual style of procedures to include photos
of key equipment and labelling; maintaining
an HCI issues log (this can later be turned
into requirements for software updates);
confirming SIL determinadon for plant trips;
splitting task steps down into sub-task steps;
and reviewing alarm handling against EEMUA
191. Taken together, these measures will
reduce the number of plant trips, resulting in
significant savings for the business.
making the most of HRA
In order to get the best out of human
reliability analysis you should work with
bespoke multi-disciplined teams and subject
matter experts. As with all risk prevention
strategies, the most cridcal tasks should be
addressed first. Tasks can be prioritised based
on hazard, complexity and vulnerability to
error, and a rolling programme of assessments
devised with a pace appropriate for the
organisadon to manage.
Management of change is cridcal if HRA
is to remain current and relevant. If the
procedure, process, equipment, personnel
or staff situadon (eg physical, mental, shift
pattern) relating to a task should change, then
the HRA outputs should be reviewed.
Htmian reliability analysis represents a
systemadc method to identify and manage
human failure. It is a powerful tool to ensure
that risks to people, the environment and
to tbe business are as low as reasonably
pracdcable. t c e
Paul Sirrett (psirrett@hflrisk.com) is a
human factors consultant at HFL Risk
Services
further reading
1. Reducing Error and Influencing Behaviour,
HSG48 2nd Edidon, HSE, 1999
2. Guidance on Quantified Human Reliability
Analysis (QHRA), Energy Insdtute, 2012
Copyright of TCE: The Chemical Engineer is the property of Institution of Chemical
Engineers and its content may not be copied or emailed to multiple sites or posted to a listserv
without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.