Safety Theatre: Where your accidents hide in the green

This article from Dekker discusses how accidents “hide in the green” within organisations.

He covers a lot of ground, and I can’t cover all of the key points, so you’ll find my paragraphs pretty disjointed and jarring; so check out the full paper.

Firstly, it’s stated that incidents involving fatalities seemed to have a consistency across different organisations, being that they occurred in the same place that had consistently produced success. And had one only been looking at counting injuries or incidents, “would have completely missed the fatality potential”.

He points to the limited evidence surrounding the relationships with fatalities and success. The closest example of a controlled study he suggests is from Sherratt and Dainty, who evaluated accident and fatality data in the UK over a 4 year period.

They found that working on projects aligned to a zero harm approach had a slightly higher likelihood of serious life-changing accidents or fatalities.

Dekker notes that “Whereas the embrace of ‘Zero Harm’ may evince a belief that safety (as measured by the absence of negative events) predicts more safety (no accidents or fatalities), having such a program was associated with less safety and more fatalities”.

He also points to the relationships between historical incident data and fatalities. Observing the divided evidence, it’s said that evidence can support either proposition – that is, that there is a relationship between more frequent and minor incidents and more severe events, and vice versa.

For instance, some work, like Bellamy and others, “offer qualified support for the idea: fatalities can be predicted by various shades (severities) of red”, whereas other research “show the opposite: fatalities hide in the green (i.e. in the absence of incidents of any severity)”.

Nevertheless, he points out that all of these studies cannot “escape statistical confounds nor the wide definitional variances for ‘incident’ and ‘severity’ that come from using diverse real-world data”.

He points to another study, drawing on a huge dataset. They found that while the specific ratios themselves weren’t supportive of a statistical relationship between minor and major events, the difference was small enough that “the occurrence of minor incidents is still a useful signal”.

Dekker ponders whether, truly, the “the absence of incidents a useful signal, and if so, in what way(s)? In other words, should you (increasingly) worry about your safety performance if nothing has happened for a while?”.

?

Safety Theatre

Dekker introduces the idea of a ‘safety theatre’, being the “performance of work when subject to some form of surveillance (inspection, management visit, supervisor looking on) in such a way as to demonstrate compliance”.

During safety theatres, informal ways of working become invisible from view, presenting a theatrical image of work-as-imagined; and where representations of work “only … revert to ‘work-as-done’ when left alone to get on with things”.

Safety theatre is said to highlight an inauthentic relationship between the design and execution of work.

Driving a divide between work-as-imagined vs work-as-done is said to be a “misreading” on what actually produces safety—not being rote following of procedures, nor mistaken beliefs about real work. Further, organisations may lack an appetite for bad news.

Here it’s argued that this unwillingness for bad news evinces an “unwillingness to accept evidence of non-conformances or incidents or even punishing workers who come with bad news”. This unwillingness may be reinforced by goals of zero harm, or misplaced incentive systems “organized around the reduction or absence of negative events”.

He further discusses the links between minor and major potential events. For one, process-safety accidents aren’t necessarily predicted by slips and trips and “nor prevented by their absence or underreporting”.

Nevertheless, perhaps there are more similarities than imagined, where the “mechanisms that cause the production and underreporting of incidents and process-safety accidents tell a common managerial or organizational-cultural story”.

That is, an all-encompassing focus on production over other goals, thereby affecting macro and micro-level sensemaking, an unwillingness to engage with local expertise or subject matter experts, and a “preoccupation with reducing individual data-points (incidents) over an ability to discern the kinds of connections and complex interactions that drive (process-safety) accidents”.

In any case, this type of explanation, accordingly, requires a type of “causal equivalence”. In contrast, other factors like decoy phenomena don’t depend on some causal equivalence with the events themselves.

?He provides the examples of Macondo and Texas City, where the company and industry were said to be “pretty much obsessed” with reducing countable injury indices and where “Safety had devolved into a bureaucratic accountability and an expectation of demonstrating ever-lower numbers of lost-time events up the hierarchy, all the way to the board and shareholders”.

He draws on Barry Turner’s concept of decoy phenomena, which had the effect of drawing managerial and board attention to more minor or less pertinent matters, away from the more pertinent safety matters, while “simultaneously lulling them into the belief that safety was under control”.

It’s further said that according to Turner’s Man-made disaster theory, “accidents piggyback opportunistically on systems of efficient production”.

Therefore, if you’re really cheap and efficient at producing something, then, accordingly, it probably follows that “accidents follow the same pathway as the one along which you consolidated and refined your operational success”.

He points to how this relationship scales at all levels across industry. He points to how, for instance, the drive for cheap clothing in the West, coupled with weak governance and oversight, coupled with murky supply chains and cheap labour are also “the ingredients of massive accidents in that industry”.

He draws on other examples, which I’ve mostly skipped. However, he says that “Success, in other words, breeds failure”. He said the proposition that accidents hide in success is likely no more than a universal and trivial fact. This is because organisations, operating under cost and efficiency pressures in a competitive environment, “presents as a seductive feedback mechanism”.

That is, continual operational success means more operational success, which is visible. And this visibility masks the “more marginal erosion and thus an escalating flirtation with accident potential (which is invisible)”.

So, accident potential grows in the absence of safety-related data. Declines in safety are also said to typically lag behind the gradual erosion of safety margins in organisations, masked by operational success. However, this invisible growth of accident potential, and the eroding margins, is “eventually … exposed by challenges and changes that take the organization outside its known (and designed-for) boundaries”.

More cynically, he argues that the apparently reliable performance of an organisation may be attributable, at least in part, because of the “sheer low probability of failure or extinction events”.

Escaping from ‘risk secrecy’

Dekker provides some suggestions for organisations to reveal the state of safety and accident potential – that is, risk secrecy is challenged by the interrogation of success.

He argues that “If you don’t understand what is responsible for your operational success (including an absence of safety-related signals), you probably don’t know what sacrifices are being made on a daily basis to ensure your continued success”.

While celebrations of apparent absences of reportable incidents is fine – also ensure that one critically asks how this apparent performance “can be so”.

An organisation may have apparently ‘good’ safety performance because the incident potentials are not being adequately communicated and shared, because of downward efficiency and production pressures; or because we aren’t looking at the right areas, or asking the right questions.

He provides an example from Rasmussen, who suggested that we should enable decision makers visibility over the “cost of safety”, so they can get a sense of what is being traded off when pursuing greater efficiency.

Other steps include engaging with workers and subject matter experts from across the business. He says in part this is driven by giving up the quest for perfection and instead focusing on fostering integrity, openness and honesty.

Something which may or may not be entirely compatible with zero harm.

This also involves a commitment to seeking out and hearing bad news—being as much a moral and empathetic activity. This involves learning about real work and appreciating “the dynamic safety sacrifices and tradeoffs that get made there all the time (Rasmussen, 1997), the ability to put oneself in the perspective of those who carry out the work is critical”.

Encouraging diverse, divergent and dissenting voices is also critical for picking up on safety signals that would otherwise escape notice. This is said to be even more important due to the effects of drift into failure and so forth. This can be aided by people who “look at things differently”.

?He next provides some thoughts about how to improve engagement and avoid normative judgements on how work is performed, like:

·???????? Perhaps avoiding all mentions of safety, which “Research shows that this will come up anyway if keen interest is shown in work (Havinga et al., 2018)”

·???????? “I notice that… Help me understand why it makes (more) sense to work this way”

·???????? “What are the obstacles we’re putting in your way to getting things done?”

·???????? “What is the stupidest thing we’re asking you to comply with to work here?”

It’s said these sorts of open, inquisitive questions invite dialogue, instead of assessments or judgements, and may help “begin breaking through your organization’s risk secrecy and learning disabilities”.

Finally, Dekker reiterates that while celebrating operational successes is fine, it must also be critically examined. Because “An incident-free record may not guarantee safety but could signal hidden vulnerabilities”.

Leaders should embrace a philosophy of proactive inquiry, which involves celebrating success, including absences of incidents, but “questioning how they are achieved and what sacrifices might have been made along the way”.

Link in comments.