common_management_themes_in_improving_process_safety_2018.pdf |
Common management themes in improving Process Safety
Figure 1: Process Safety Framework
Introduction
We are all familiar with Health and Safety and its significant focus on personal safety, for example in avoiding slips and trips resulting in injury. Process Safety is less well known outside the Oil & Gas or chemical processing industries, so a definition seems a good starting point:
“Process safety is a blend of engineering and management skills focused on preventing catastrophic accidents and near misses, particularly structural collapse, explosions, fires and toxic releases associated with loss of containment of energy or dangerous substances such as chemicals and petroleum products. These engineering and management skills exceed those required for managing workplace safety” Energy Institute [1]
As a firm focusing on management and made up of non-engineers we see Process Safety as the steps that firms have to take to manage the risk of a significant catastrophe. Put simply- how do you stop things blowing up with the possible loss of life and the widespread economic and environmental impacts? So when people talk of “Major Accident Hazard” they are talking about catastrophic events like the Deepwater Horizon or Texas City incidents.
The Oil and Gas industry (where we have developed our experience) is a higher risk business, with its need to find and process hydrocarbons often under intense pressure and in challenging environments. On the plus side, significant Process Safety incidents are vanishingly rare; on the minus side if they do happen the outcome can be off the scale in terms of injuries and fatalities, damage to property, existential threat to the firm and widespread externalities to other stakeholders. However, the connection between a catastrophic outcome and the steps necessary to mitigate this risk isn’t always directly demonstrable.
To expand on this, we learned that the ways to avoid catastrophic explosions are not heroic efforts or significant one off investments but flawlessly performing and repeating thousands or even millions of often eye wateringly dull tasks. It’s down at the level of how well an operator monitors a single instrument, whether a valve has been maintained, whether something has been painted, whether a checklist has been followed. In other words, it is down to operational discipline; and that is a management rather than a technical issue.
We have been involved in multiple Process Safety engagements for global oil and gas companies. Our point in raising this is not to “credentialise” our firm but to highlight that our focus is on the management aspects of Process Safety. As the Energy Institute says, Process Safety is “a blend of engineering and management skills”; we do the second part of this. Why do we stress this? Because in our experience Process Safety can be a very technically led activity that is impenetrable to non-engineers and tends to turn off general management. It can appear like a Process Safety priesthood reciting incantations that are unintelligible to the laity whilst demanding generous offering under the threat of the wrath of God. This represents a management risk, not least because investment decisions tend not to be made by technical specialists.
The things that we have learned are thus biased towards the management and behavioural aspects of Process Safety. These should in no way be seen to denigrate the engineering and technical elements, nor can firms avoid the Capex and Opex investment required. We have identified some common repeating themes that we have seen in Process Safety and that might be useful for general management considering how to improve Process Safety or people tasked with developing a Process Safety improvement initiative.
[1] https://www.energyinst.org/technical/safety/process-safety
“Process safety is a blend of engineering and management skills focused on preventing catastrophic accidents and near misses, particularly structural collapse, explosions, fires and toxic releases associated with loss of containment of energy or dangerous substances such as chemicals and petroleum products. These engineering and management skills exceed those required for managing workplace safety” Energy Institute [1]
As a firm focusing on management and made up of non-engineers we see Process Safety as the steps that firms have to take to manage the risk of a significant catastrophe. Put simply- how do you stop things blowing up with the possible loss of life and the widespread economic and environmental impacts? So when people talk of “Major Accident Hazard” they are talking about catastrophic events like the Deepwater Horizon or Texas City incidents.
The Oil and Gas industry (where we have developed our experience) is a higher risk business, with its need to find and process hydrocarbons often under intense pressure and in challenging environments. On the plus side, significant Process Safety incidents are vanishingly rare; on the minus side if they do happen the outcome can be off the scale in terms of injuries and fatalities, damage to property, existential threat to the firm and widespread externalities to other stakeholders. However, the connection between a catastrophic outcome and the steps necessary to mitigate this risk isn’t always directly demonstrable.
To expand on this, we learned that the ways to avoid catastrophic explosions are not heroic efforts or significant one off investments but flawlessly performing and repeating thousands or even millions of often eye wateringly dull tasks. It’s down at the level of how well an operator monitors a single instrument, whether a valve has been maintained, whether something has been painted, whether a checklist has been followed. In other words, it is down to operational discipline; and that is a management rather than a technical issue.
We have been involved in multiple Process Safety engagements for global oil and gas companies. Our point in raising this is not to “credentialise” our firm but to highlight that our focus is on the management aspects of Process Safety. As the Energy Institute says, Process Safety is “a blend of engineering and management skills”; we do the second part of this. Why do we stress this? Because in our experience Process Safety can be a very technically led activity that is impenetrable to non-engineers and tends to turn off general management. It can appear like a Process Safety priesthood reciting incantations that are unintelligible to the laity whilst demanding generous offering under the threat of the wrath of God. This represents a management risk, not least because investment decisions tend not to be made by technical specialists.
The things that we have learned are thus biased towards the management and behavioural aspects of Process Safety. These should in no way be seen to denigrate the engineering and technical elements, nor can firms avoid the Capex and Opex investment required. We have identified some common repeating themes that we have seen in Process Safety and that might be useful for general management considering how to improve Process Safety or people tasked with developing a Process Safety improvement initiative.
[1] https://www.energyinst.org/technical/safety/process-safety
Common management themes in improving Process Safety
1. Maintaining management accountability
Clear management accountability for Process Safety is critical because the separation by time of actions from consequences can result in negligent or reckless management behaviour. There is also a paradox that active steps intended to improve performance can undermine accountability. Specifically, whether due to an incident or to remedy a drop in Process Safety performance, firms tend to establish Process Safety improvement programmes. The programme itself can then end up creating a series of management problems for by:
The first step to ensure accountability is maintained is making the decision whether the advantages of a centralised programme outweigh the disadvantages. If you elect for a programme, then accountability requires clear governance at the start, the involvement of key operational staff and clear exit criteria.
A second area we have encountered problems for accountability is in matrixed organisation design. In a traditional hierarchical organisation, all the staff and contractors at an asset report to one manager who is accountable for all aspects of the operation- including Process Safety. That asset manager (or “accountable executive”) then reports up a chain of command to the Board. There is thus a clear line of sight on accountability for decisions and performance.
In a matrixed organisation there are at least two dimensions of reporting lines, most commonly by line management and by functional management. For example, at the asset level, the supply chain manager who traditionally would report to the Asset Manager may now report directly to the Supply Chain manager at Head Office and will only report “dotted line” to the Asset Manager. Supply Chain in Head Office now has the advantage of being able to flex budget and focus wherever it is needed globally, however the Asset Manager has had her accountability hollowed out. Whilst notionally the “accountable executive” for all things, in reality all her top team may report to other people outside the asset. This is then even starker when functions are outsourced to other firms. In this case key roles may be performed by people pretty much outside the control or even influence of the asset manager.
This blurring of accountability may seem an acceptable trade off for the advantages a matrixed structure can bring, however it can allow decisions to be made that can prejudice Process Safety. So for example, deferring the maintenance budget might seem logical from your Houston office; it may looks a bit different sitting on a platform in the Gulf of Mexico.
To develop the accountability issue further, one of the peculiarities of Process Safety is that the outcome from a decision may not emerge until years or even decades after the decision is made. It is notoriously hard in that circumstance to identify the root cause of an incident and thus to be able to identify accountability and mitigation. It is usually easy to identify that an operator signed off maintenance without having done the job and pin him with the blame; it’s far harder to trace this back to the decision to cut a budget years before that resulted in this behaviour. This lack of accountability can result in significant risk taking by senior management; they may not even be conscious of the risk they are taking. This is not unique to the oil and gas industry as the 2008 banking crisis demonstrates.
1. Maintaining management accountability
Clear management accountability for Process Safety is critical because the separation by time of actions from consequences can result in negligent or reckless management behaviour. There is also a paradox that active steps intended to improve performance can undermine accountability. Specifically, whether due to an incident or to remedy a drop in Process Safety performance, firms tend to establish Process Safety improvement programmes. The programme itself can then end up creating a series of management problems for by:
- Removing resources from line management and centralising them in the programme
- Undermining local management accountability for Process Safety. For example, whilst the programme makes changes to systems and processes locally, who is responsible for ensuring coherence?
- Heroically improving performance but then handing back responsibility for maintaining this new standard without addressing the root cause of why standards fell in the first place. For example, one client put together a series of hit teams to reduce their backlogs in Safety Critical Maintenance and high and medium priority actions arising from HAZOP studies. The teams were very successful in driving these down to an acceptable level, but no work was carried out on why these backlogs had built up. As a result, once the teams disbanded, the backlogs re-emerged.
The first step to ensure accountability is maintained is making the decision whether the advantages of a centralised programme outweigh the disadvantages. If you elect for a programme, then accountability requires clear governance at the start, the involvement of key operational staff and clear exit criteria.
A second area we have encountered problems for accountability is in matrixed organisation design. In a traditional hierarchical organisation, all the staff and contractors at an asset report to one manager who is accountable for all aspects of the operation- including Process Safety. That asset manager (or “accountable executive”) then reports up a chain of command to the Board. There is thus a clear line of sight on accountability for decisions and performance.
In a matrixed organisation there are at least two dimensions of reporting lines, most commonly by line management and by functional management. For example, at the asset level, the supply chain manager who traditionally would report to the Asset Manager may now report directly to the Supply Chain manager at Head Office and will only report “dotted line” to the Asset Manager. Supply Chain in Head Office now has the advantage of being able to flex budget and focus wherever it is needed globally, however the Asset Manager has had her accountability hollowed out. Whilst notionally the “accountable executive” for all things, in reality all her top team may report to other people outside the asset. This is then even starker when functions are outsourced to other firms. In this case key roles may be performed by people pretty much outside the control or even influence of the asset manager.
This blurring of accountability may seem an acceptable trade off for the advantages a matrixed structure can bring, however it can allow decisions to be made that can prejudice Process Safety. So for example, deferring the maintenance budget might seem logical from your Houston office; it may looks a bit different sitting on a platform in the Gulf of Mexico.
To develop the accountability issue further, one of the peculiarities of Process Safety is that the outcome from a decision may not emerge until years or even decades after the decision is made. It is notoriously hard in that circumstance to identify the root cause of an incident and thus to be able to identify accountability and mitigation. It is usually easy to identify that an operator signed off maintenance without having done the job and pin him with the blame; it’s far harder to trace this back to the decision to cut a budget years before that resulted in this behaviour. This lack of accountability can result in significant risk taking by senior management; they may not even be conscious of the risk they are taking. This is not unique to the oil and gas industry as the 2008 banking crisis demonstrates.
2. Cost cutting initiatives
Figure 2: Major Process Safety Incidents Mapped Against the Price of Oil
Cost cutting is a routine activity in every industry; normally
triggered either by good management discipline or in reaction to changes in the
market. The Upstream end of the Oil and
Gas industry has traditionally been the most profitable part of the business- cost
control hasn’t been as endemic as in downstream or other low margin industries. Yet the continuing low price of oil and the resultant
industry re-structuring has led to a sustained search for costs to cut. Unfortunately, looking at the asset level,
many of the costs seem fixed or unavoidable.
The exception to this is the maintenance budget, with its reliance on expensive spare parts and contractors, which remains one of the few major discretionary costs for an asset manager. Cutting the maintenance budget often has no short term impact on production (it might even increase it) and the longer term impact on production and capex may take years to emerge, by which time the asset manager will probably have moved on elsewhere. From a Process Safety perspective it is hard to link directly the absence of maintenance and the incidence of Process Safety events, which anyway occur vanishingly infrequently. So as each year passes, everyone becomes more comfortable with the missing maintenance and less conscious of the increased risk.
This behaviour also extends into the Capex allocation process, where cost cutting can be very attractive and generate significant numbers quickly. For example we came across a situation where a decision was taken to reduce the operational life of an asset significantly, bringing forward its de-commissioning by decades. As a result of this decision significant capex costs were avoided as the asset was left to degrade towards its new de-commissioning date. The problem came when this decision to de-commission was overturned without a significant lift in capex investment and the result was that significant bits of this asset started to fall off due to rust. So a seemingly arcane foray into financial accountancy for depreciation had a fairly unpleasant impact on the ground.
One way of assuring maintenance would be to assess the condition of an asset regularly, at least on hand over to a new Asset Manager, and tying this into their long term performance package. When it comes to the right level of Opex and Capex funding for an asset, it is possible to calculate this reasonably objectively. It is also possible for a regulator and external parties (shareholders, insurers etc.) to identify when this level isn’t being delivered over time. So if the life of all the “stuff” on an asset is less than 20 years and the asset is assumed to have a 50 year life, then that must mean the asset is effectively completely renewed every 20 years. That should be pretty obvious all round.
The exception to this is the maintenance budget, with its reliance on expensive spare parts and contractors, which remains one of the few major discretionary costs for an asset manager. Cutting the maintenance budget often has no short term impact on production (it might even increase it) and the longer term impact on production and capex may take years to emerge, by which time the asset manager will probably have moved on elsewhere. From a Process Safety perspective it is hard to link directly the absence of maintenance and the incidence of Process Safety events, which anyway occur vanishingly infrequently. So as each year passes, everyone becomes more comfortable with the missing maintenance and less conscious of the increased risk.
This behaviour also extends into the Capex allocation process, where cost cutting can be very attractive and generate significant numbers quickly. For example we came across a situation where a decision was taken to reduce the operational life of an asset significantly, bringing forward its de-commissioning by decades. As a result of this decision significant capex costs were avoided as the asset was left to degrade towards its new de-commissioning date. The problem came when this decision to de-commission was overturned without a significant lift in capex investment and the result was that significant bits of this asset started to fall off due to rust. So a seemingly arcane foray into financial accountancy for depreciation had a fairly unpleasant impact on the ground.
One way of assuring maintenance would be to assess the condition of an asset regularly, at least on hand over to a new Asset Manager, and tying this into their long term performance package. When it comes to the right level of Opex and Capex funding for an asset, it is possible to calculate this reasonably objectively. It is also possible for a regulator and external parties (shareholders, insurers etc.) to identify when this level isn’t being delivered over time. So if the life of all the “stuff” on an asset is less than 20 years and the asset is assumed to have a 50 year life, then that must mean the asset is effectively completely renewed every 20 years. That should be pretty obvious all round.
3. Measuring Process Safety performance
Figure 3: Simple "A to B" Change Model
Accurate management information and using this to track performance is key to Process Safety, yet often this is patchy or just delivers things that are easy to count. Even if this is robust, it may not be clear what changes a firm wishes to make when embarking on an improvement programme for Process Safety. We have been involved in a programme where the starting point was unclear (“no benchmarked as-is performance” in clunky consulting jargon) and the end state was equally unstated beyond an aspiration for it to be “better”. Instead we had a series of “to do” lists that lacked any measurable outcome beyond striking things off a list.
It is common practice in transformation or change management consultancy to identify the measurable outcome of what you will do at the start. It is tempting to just get on with work based on the assertion that clearing the “to do” list will improve things (which it may). It is more likely to lead to the initiative being killed off by competing initiatives (like cost cutting, which isn’t intellectually complex) that have developed a measurable outcome or to experience strategic drift.
As an example of strategic drift, one client had been running a programme to improve Process Safety for a number of years; many of their assets had seen significant improvements and most were now above the minimum (calculative) standard. The drift then emerged because focus was diverted to those that had achieved the standard and wished to improve further. This is seductive in that it reinforces success, but it allows the management to ignore and divert resources away from assets that were weak. Whilst a minor incremental improvement on an above average asset is nice to have, it bears no comparison to the impact of dealing with a series of “basket cases”. Without the focus on performance management, the cultural bias re-asserted itself to trumpet success and bury problems. This then adds to a common human trait of seeking the most expedient solution to getting rid of a problem quickly and cheaply.
There is an argument to be had that once a firm’s assets achieve an acceptable level of performance in Process Safety then there is little to be gained by marginal further improvements. However we have yet to come across a firm that consistently sustains this level of performance, so it remains a more hypothetical debate.
Aggregation of performance measurement data can also be an issue when individual outcomes are aggregated above the asset level of operation. Some data are useful when aggregated; others may significantly mislead and result in poor management decision-making. Particularly in a large organisation, the performance data has to be filtered and then interpreted at each level. Some of the weak signals of Process Safety may well be washed out in this process so we advocate the use of “deep dives” periodically to test what is being reported.
It is common practice in transformation or change management consultancy to identify the measurable outcome of what you will do at the start. It is tempting to just get on with work based on the assertion that clearing the “to do” list will improve things (which it may). It is more likely to lead to the initiative being killed off by competing initiatives (like cost cutting, which isn’t intellectually complex) that have developed a measurable outcome or to experience strategic drift.
As an example of strategic drift, one client had been running a programme to improve Process Safety for a number of years; many of their assets had seen significant improvements and most were now above the minimum (calculative) standard. The drift then emerged because focus was diverted to those that had achieved the standard and wished to improve further. This is seductive in that it reinforces success, but it allows the management to ignore and divert resources away from assets that were weak. Whilst a minor incremental improvement on an above average asset is nice to have, it bears no comparison to the impact of dealing with a series of “basket cases”. Without the focus on performance management, the cultural bias re-asserted itself to trumpet success and bury problems. This then adds to a common human trait of seeking the most expedient solution to getting rid of a problem quickly and cheaply.
There is an argument to be had that once a firm’s assets achieve an acceptable level of performance in Process Safety then there is little to be gained by marginal further improvements. However we have yet to come across a firm that consistently sustains this level of performance, so it remains a more hypothetical debate.
Aggregation of performance measurement data can also be an issue when individual outcomes are aggregated above the asset level of operation. Some data are useful when aggregated; others may significantly mislead and result in poor management decision-making. Particularly in a large organisation, the performance data has to be filtered and then interpreted at each level. Some of the weak signals of Process Safety may well be washed out in this process so we advocate the use of “deep dives” periodically to test what is being reported.
4. Complexity and organisational blind spots
Few would argue that Oil and Gas is a simple business however you look at it (scope and scale of operation, technical, environmental, commercial, political etc. challenges). Within this complexity, we have come across a number of examples of organisational blindness:
The paradox here is that normally every valve, pipe and instrument is subject to rigorous inspection and maintenance. In these cases no inspection and maintenance was done on these items, as the organisation was blind to them until something went wrong. In hindsight it’s blindingly obvious; yet despite decades of highly capable intelligent people working there, no one spotted it.
There are a couple of ways to avoid this problem:
- Huge fenders chained to offshore platforms going uninspected until the thick chains securing them have rusted through. This resulted in fenders weighing many tons either crashing into the sea or swinging off the platform risking impact with the drill string (not unlike a game of high-risk conkers). This has happened to more than one client so is an early question from our side.
- On another occasion a helicopter returning to an asset spotted a leak from a sub-surface pipe. On investigation, it was found that the terminal was responsible for the pipe until it entered the sea and the platform from when the pipe entered the platform. But no one was responsible for the pipe itself.
The paradox here is that normally every valve, pipe and instrument is subject to rigorous inspection and maintenance. In these cases no inspection and maintenance was done on these items, as the organisation was blind to them until something went wrong. In hindsight it’s blindingly obvious; yet despite decades of highly capable intelligent people working there, no one spotted it.
There are a couple of ways to avoid this problem:
- Encouraging an inquisitive culture- both in your own staff and by using contractors with a fresh pair of eyes who are unafraid of asking what might appear an obvious question. A management style that only relies on a highly detailed technical approach is more vulnerable to this kind of blindness.
- Designing your approach to Process Safety to deliver a defense in depth- so one failing will be picked up somewhere else rather than result in an incident. This is the principle behind the “bowtie” with multiple barriers to any hazard. A practical example is by having a first line of defense in the asset management, a second line of defense in the functional team (HSE or Process Safety) to check the management and a third line of defense in audit (internal or external) to ensure that the first two barriers are robust. Whilst this may offend in terms of duplication and cost, it pays off.
Figure 4: Bow Tie Model
5. Standards and documentation
Figure 5: Common hierarchy of standards and documentation
Every firm has some form of hierarchy of policies, standards, guides, work instruction, checklists etc., however most have some gaps that they may or may not be aware of. Efforts to plug these gaps are made more complex because of the tension between standardisation and customisation. Anything that is capable of being used everywhere is by its nature very generic. Anything capable of covering a topic at the lowest level of granularity will be very detailed and large parts irrelevant to many situations. Overlaid on this is the normal tension between head office’s desire for standardisation and local management’s desire for customisation.
Another issue firms have is in developing and maintaining a set of “As Built Construction Drawings” that show not just what the designer intended to build, but what was actually built. As time passes and waves of adaptation take place, making sure these are all recorded and not reliant upon the memory of a few key staff is critical. Unfortunately, these few key staff often understand that their long-term job security may depend on the value of the information in their heads. They may be less than motivated to help capturing this data.
We worked with one company that used to have a very well regimented process of recording and updating hard copy master documents held on site and in a central repository. Over time this was replaced by computer-based documents, however (perhaps due to cost cutting), the process of changing to this new technology wasn’t thought through. At the end of the build phase of an asset, the hard drives were just collected up and put on a shelf. The old paper based system was slowly degraded and what remained was a bunch of documents on myriad pieces of software and hardware, with no process of version control or structure. This was a problem that only really developed over the decades after the dawn of CAD and PCs.
There are technology solutions and standards that firms can adopt to ensure that drawings and key documents are managed well, however it is really time consuming and expensive if control was lost some time ago and people have moved on. A standard for documentation and management isn’t mindless bureaucracy but a key enabler to both Process Safety and efficient Production.
Another issue firms have is in developing and maintaining a set of “As Built Construction Drawings” that show not just what the designer intended to build, but what was actually built. As time passes and waves of adaptation take place, making sure these are all recorded and not reliant upon the memory of a few key staff is critical. Unfortunately, these few key staff often understand that their long-term job security may depend on the value of the information in their heads. They may be less than motivated to help capturing this data.
We worked with one company that used to have a very well regimented process of recording and updating hard copy master documents held on site and in a central repository. Over time this was replaced by computer-based documents, however (perhaps due to cost cutting), the process of changing to this new technology wasn’t thought through. At the end of the build phase of an asset, the hard drives were just collected up and put on a shelf. The old paper based system was slowly degraded and what remained was a bunch of documents on myriad pieces of software and hardware, with no process of version control or structure. This was a problem that only really developed over the decades after the dawn of CAD and PCs.
There are technology solutions and standards that firms can adopt to ensure that drawings and key documents are managed well, however it is really time consuming and expensive if control was lost some time ago and people have moved on. A standard for documentation and management isn’t mindless bureaucracy but a key enabler to both Process Safety and efficient Production.
6. Consequence management for Process Safety
Figure 6: Performance management spectrum
Firms have both formal and informal mechanisms to motivate and control their staff. Target setting, the annual performance review and bonus are perhaps the most obvious mechanisms. Operational management is held to account for performance, usually across a wide range of targets specific to their area. Their performance in delivering the numbers then has a significant impact on their future career with the firm.
In Process Safety we have found the approach to motivation and control to be sub-optimal in a number of ways. Firstly, whilst there is normally some form of Balance Score Card, good Production numbers usually wash out poor performance in other areas. Secondly, there is a consistent focus on positive motivation that means occasionally the more coercive aspects are ignored or are absent. Whilst we would agree that 80-90% of motivation and control should be by positive strokes, there are occasions where negative consequences are necessary.
Developing this point further, we regularly come across firms that are very steely-eyed with regard to personal safety infractions by contractors. Get caught breaking one of the life saving rules as a contractor (like no high visibility kit, smoking in the toilets, speeding in the car park) and you will probably be marched off the site never to return. Yet this steely determination often falters for more complex infractions by senior staff.
When it comes to Process Safety the risk is consequence management is applied to people based on the outcome of the Process Safety incident rather than their degree of culpability. To put this in context, the individual may have broken the rule thousands of times and with management knowledge, however in the event of a major incident that may be a one in a million chance, the consequences can be brutal. This is hardly equitable or an approach that aims to change behaviours and thus avoid an incident.
In many firms the process of Learning from Incidents (or after-action reviews) is biased towards other firm’s bad incidents and your own outstanding performance. Most often we learn more from when things go awry than from when they go well. Yet reviews following failure rarely happen- the normal corporate response is to keep as far away from the problem as you can and pretend it never happened. If firms are forced to learn from incidents, then they tend to look for the most superficial causes at the lowest level of the firm and keep it there. Yet most Process Safety incidents (indeed most accidents) are not caused by one single act but by a chain of events that may stretch back years and involve many people.
We return to the idea that avoiding Process Safety incidents is the rigorous application of operational discipline. Firms need well-established processes of consequence management that apply to all staff. This should be relatively transparent (to encourage better behaviour rather than just punish the individual) and consistent with the principles of natural justice. One example is to separate out the initial fact finding inquiry from any subsequent disciplinary body, removing conflict between fact-finding and consequence management.
In Process Safety we have found the approach to motivation and control to be sub-optimal in a number of ways. Firstly, whilst there is normally some form of Balance Score Card, good Production numbers usually wash out poor performance in other areas. Secondly, there is a consistent focus on positive motivation that means occasionally the more coercive aspects are ignored or are absent. Whilst we would agree that 80-90% of motivation and control should be by positive strokes, there are occasions where negative consequences are necessary.
Developing this point further, we regularly come across firms that are very steely-eyed with regard to personal safety infractions by contractors. Get caught breaking one of the life saving rules as a contractor (like no high visibility kit, smoking in the toilets, speeding in the car park) and you will probably be marched off the site never to return. Yet this steely determination often falters for more complex infractions by senior staff.
When it comes to Process Safety the risk is consequence management is applied to people based on the outcome of the Process Safety incident rather than their degree of culpability. To put this in context, the individual may have broken the rule thousands of times and with management knowledge, however in the event of a major incident that may be a one in a million chance, the consequences can be brutal. This is hardly equitable or an approach that aims to change behaviours and thus avoid an incident.
In many firms the process of Learning from Incidents (or after-action reviews) is biased towards other firm’s bad incidents and your own outstanding performance. Most often we learn more from when things go awry than from when they go well. Yet reviews following failure rarely happen- the normal corporate response is to keep as far away from the problem as you can and pretend it never happened. If firms are forced to learn from incidents, then they tend to look for the most superficial causes at the lowest level of the firm and keep it there. Yet most Process Safety incidents (indeed most accidents) are not caused by one single act but by a chain of events that may stretch back years and involve many people.
We return to the idea that avoiding Process Safety incidents is the rigorous application of operational discipline. Firms need well-established processes of consequence management that apply to all staff. This should be relatively transparent (to encourage better behaviour rather than just punish the individual) and consistent with the principles of natural justice. One example is to separate out the initial fact finding inquiry from any subsequent disciplinary body, removing conflict between fact-finding and consequence management.
7. Application of Management of Change to general management
“Management of Change, or MOC, is a best practice used to ensure that safety, health and environmental risks are controlled when a company makes changes in their facilities, documentation, personnel, or operations”.[2]
It is a routine management practice in the Oil and Gas industry, yet is rarely adopted for systemic management changes. So for example we have come across root and branch restructuring, the implementation of a new organisation design and the cancellation of a barge campaign; all undertaken without a Management of Change process.
To be clear, what we are proposing here is not that a process more designed for engineering changes should be laboriously and bureaucratically followed, but that the principles that sit behind MOC should be observed. One of the challenges we have observed in the industry is scaling existing processes to suit a particular situation. For example, applying the same full suite of programme management processes for a $multi Bn new asset to a $20k business project would be absurd. Firms find that cutting down what you have is laborious, so the tendency is to see if you can do without it. The absence of any overt MOC process for systemic management changes is likely to represent a significant risk. In the case of the barge campaign cancellation, when the impact on backlog maintenance and process safety became obvious, it was opaque who had made the decision or how this risk was mitigated. But the cost saved was obvious.
[2] Washington State Department of Labour and Industries paper “Best Practices: Management of Change” http://www.lni.wa.gov/safety/grantspartnerships/partnerships/vpp/pdfs/vppmocbestpractices.pdf
It is a routine management practice in the Oil and Gas industry, yet is rarely adopted for systemic management changes. So for example we have come across root and branch restructuring, the implementation of a new organisation design and the cancellation of a barge campaign; all undertaken without a Management of Change process.
To be clear, what we are proposing here is not that a process more designed for engineering changes should be laboriously and bureaucratically followed, but that the principles that sit behind MOC should be observed. One of the challenges we have observed in the industry is scaling existing processes to suit a particular situation. For example, applying the same full suite of programme management processes for a $multi Bn new asset to a $20k business project would be absurd. Firms find that cutting down what you have is laborious, so the tendency is to see if you can do without it. The absence of any overt MOC process for systemic management changes is likely to represent a significant risk. In the case of the barge campaign cancellation, when the impact on backlog maintenance and process safety became obvious, it was opaque who had made the decision or how this risk was mitigated. But the cost saved was obvious.
[2] Washington State Department of Labour and Industries paper “Best Practices: Management of Change” http://www.lni.wa.gov/safety/grantspartnerships/partnerships/vpp/pdfs/vppmocbestpractices.pdf
8. Demographic challenges
The Oil and Gas industry is heavily reliant upon the knowledge in the heads of their staff. As a mature & profitable industry, there has been a greater degree of employee stability historically. Having seen in other sectors the rapid rotation of staff between different firms and the challenges this presents, it is refreshing to come across firms where people had been with the company for decades and built up their knowledge and competence over a significant period of time.
What has changed recently is the cost cutting triggered by the low price of oil, resulting in a series of redundancy rounds, reorganisations and staff moves. We’d argue this compounds the greater risk of longer-term impacts from staff demographics, relative wealth and poor embedding of knowledge in the firm. We see firms heavily reliant upon older workers, many of whom are planning to retire soon and are wealthy enough to be able to do this. Also because of workforce stability, firms have not needed to invest in embedding knowledge, by repeatable processes, training, systems, knowledge bases etc.
Some firms are addressing this challenge and we then find firms with a split between old hands and recent graduate trainees. Specific to Process Safety, much of the knowledge has not been codified to allow someone to start from zero and become proficient within a short period of time. It may be that the technical aspects of Process Safety will be reliant upon an army of semi-retired individual consultants, however this is at best a short-term option. Equally, the idea that it must take 20 years of experience to become proficient can’t be allowed to stand either.
What has changed recently is the cost cutting triggered by the low price of oil, resulting in a series of redundancy rounds, reorganisations and staff moves. We’d argue this compounds the greater risk of longer-term impacts from staff demographics, relative wealth and poor embedding of knowledge in the firm. We see firms heavily reliant upon older workers, many of whom are planning to retire soon and are wealthy enough to be able to do this. Also because of workforce stability, firms have not needed to invest in embedding knowledge, by repeatable processes, training, systems, knowledge bases etc.
Some firms are addressing this challenge and we then find firms with a split between old hands and recent graduate trainees. Specific to Process Safety, much of the knowledge has not been codified to allow someone to start from zero and become proficient within a short period of time. It may be that the technical aspects of Process Safety will be reliant upon an army of semi-retired individual consultants, however this is at best a short-term option. Equally, the idea that it must take 20 years of experience to become proficient can’t be allowed to stand either.
9. Risk Management and Process Safety
Process Safety is a type of risk that is hard to manage using common risk management processes used in other areas of business because:
Risk management as a management process has been applied now for years in all sectors and indeed forms part of governance (c.f. the UK Corporate Governance Code). The management of risk does range between the purely subjective/ directional and the objective/methodology/data driven.
Process Safety risk management tends to pursue a quantitative methodological approach, the sophistication of which is significantly beyond the approach taken by other functions. Significant time and effort is then taken to align these risks up and down the organisation and across different functions. This leads to increasing awareness of flaws in the process. For example, the calculation and maths behind Process Safety risks compared to the marketing department’s post-it notes identifying risks as “High, Medium or Low”. There is unlikely to be a meeting of the minds on this.
Resolving the internal conflicts in risk management is well beyond the scope of this paper and may be akin to the challenge of the Unifying Theory of Everything in Physics. As a pragmatic approach we recognise that clients use risk management differently- but it’s still an estimate of what may happen in the future. Despite all the good detail, it’s still a forecast. So it’s useful for directional alignment, prioritisation and resource allocation, but it’s not flawless. Aligning across functions tends to end with a complex mapping of outcomes for money, people, environment, and regulators, along with some fairly grotesque assessments based on numbers of fatalities.
- The risk can’t be reduced to zero (the aim is normally As Low As Reasonably Practicable or ALARP).
- The outcome is so extreme and the probability of occurrence so small, that a probability x outcome calculation may focus investment and management attention to other risks.
- Looking at the same large-scale asset day in and day out, it’s hard to imagine an incident happening. So there is a temptation that as nothing bad has happened in the past and there is a low probability of something happening in the future, some corners or costs can be cut without consequence.
- The connection between a catastrophic outcome and the steps taken to mitigate this risk isn’t always directly demonstrable.
Risk management as a management process has been applied now for years in all sectors and indeed forms part of governance (c.f. the UK Corporate Governance Code). The management of risk does range between the purely subjective/ directional and the objective/methodology/data driven.
Process Safety risk management tends to pursue a quantitative methodological approach, the sophistication of which is significantly beyond the approach taken by other functions. Significant time and effort is then taken to align these risks up and down the organisation and across different functions. This leads to increasing awareness of flaws in the process. For example, the calculation and maths behind Process Safety risks compared to the marketing department’s post-it notes identifying risks as “High, Medium or Low”. There is unlikely to be a meeting of the minds on this.
Resolving the internal conflicts in risk management is well beyond the scope of this paper and may be akin to the challenge of the Unifying Theory of Everything in Physics. As a pragmatic approach we recognise that clients use risk management differently- but it’s still an estimate of what may happen in the future. Despite all the good detail, it’s still a forecast. So it’s useful for directional alignment, prioritisation and resource allocation, but it’s not flawless. Aligning across functions tends to end with a complex mapping of outcomes for money, people, environment, and regulators, along with some fairly grotesque assessments based on numbers of fatalities.
Conclusions
We find the work we do in Process Safety some of the most satisfying yet frustrating that we have ever done. Satisfying because you are working on something that is obviously important and can have a significant impact on the firm as well as stakeholders outside the firm (Process Safety incidents have no respect for property boundaries). Contrast this with a cost cutting initiative to put another penny on the dividend and you get a sense of the enthusiasm that we have for this. It can also be frustrating as commitment to Process Safety improvements can be entirely contingent upon profitability or just managers being good corporate citizens going through the motions. In our experience of client staff working on Process Safety this is however rare- most people share our passion and drive to enhance Process Safety.
Charles Peak-Smylie
The Corum Consultancy
© The Corum Consultancy Ltd 2018
Charles Peak-Smylie
The Corum Consultancy
© The Corum Consultancy Ltd 2018
common_management_themes_in_improving_process_safety_2018.pdf |