certisafety.com

C S H M

PREPARATION GUIDE

VOLUME 2

Area II Management Theory and Methods

Study Notes, Questions and Answer Key

[pic]

Prepared by

Steven J. Geigle, M.A., CSHM

Published by OSHA Training Network

Disclaimer

The information in this preparation guide has been compiled by the OSHA Training Network () from texts recommended by ISHM for study, and represents the best current information on the various subjects. No guarantee, warranty of other representation is made as to the absolute correctness or sufficiency of any information contained in this preparation guide. OSHA Training Network assumes no responsibility in connection therewith; nor can it be assumed that all acceptable safety measures are contained in the preparation guide or that other or additional measures may not be required under particular or exceptional circumstances.

OSHA Training Network (OTN) cannot warrant that the use of this preparation guide will result in certification from the Institute for Safety and Health Management (ISHM). While the content is representative of the knowledge required of a safety and health manager, the successful completion of the CSHM examination is depends on many factors including the applicant's academic background, safety management experience and individual study for the examination. This information is for educational purposes only and does not replace any regulations promulgated by state of federal government agencies.

As this preparation guide will continue to be updated and revised on a periodic basis, contributions and comments from readers are invited. Additional volumes to this preparation guide will be produced and made available in the future.

TABLE OF CONTENTS

Preface Introduction to the CSHM Preparation Guide

Part I Notes

Section A. Safety Management By Objectives/Total Quality Management 1

Section B. Systems Safety 17

Section C. Auditing 115

Section D. Data Analysis and Statistics 120

Section E. Safety in Design 152

Section F. Benchmarking 159

Section G. Behavioral Safety Processes 199

Section H. Root Cause Analysis 222

Section I. Safety Management Theory and Methods 311

Part II Questions and Key

Introduction 381

Section A. Safety Management By Objectives/Total Quality Management 383

Section B. Systems Safety 386

Section C. Auditing 393

Section D. Data Analysis and Statistics 398

Section E. Safety in Design 401

Section F. Benchmarking 407

Section G. Behavioral Safety Processes 410

Section H. Root Cause Analysis 414

Section I. Safety Management Theory and Methods 420

Answer Key 426

SECTION II A: SMBO/TQM PRINCIPLES

Total Quality Management Tools

Five Steps in the Safety By Objective (SBO) System

Source: Dan Petersen, Safety Management, pages 275-276.

1. Obtain management-supervision agreement

2. Give each supervisor an opportunity to perform

3. Give the supervisors feedback

4. Help, guide, and train

5. Reward according to progress

Nine Advantages of SBO

Source: Dan Petersen, Safety Management, page 280.

1. Utilizes modern safety management techniques

2. Taps the resources and energy of all employees, especially supervisors

3. Fosters involvement in the safety program

4. Increases goal-directed behavior

5. Provides current, immediate, relevant reinforcement

6. Facilitates safety planning

7. Fosters creativity

8. Incorporates responsive tools and decision-making information

9. A history that proves it works

What William E. Conway Might Say About Safety

Source: Steven Geigle, M.A., CSHM.

William E. Conway, former president and chairman of Nashua Corporation, and presently President of Conway Quality, Inc., might be considered somewhat a “clone” of W. Edwards Deming. According to Conway, quality is... “development, manufacture, administration, and distribution of consistent low cost products and services that customers want and/or need.” Following this train of thought, he might define safety as “development and maintenance of a workplace which meets the safety wants and needs of all employees.” He developed six tools for quality improvement which, when applied to safety, might result in the following:

Conway's Six Tools For Safety Improvement

1. Human relations skills - the responsibility of management to create at every level, among all employees, the motivation and training to make the necessary safety improvements in the organization.

2. Statistical surveys - the gathering of data from employees about the present corporate safety culture, to be used as a measure for future progress and to identify what needs to be done.

3. Simple statistical techniques - clear charts and diagrams that help identify safety problems, track safety education and training, gauge progress, and indicate safety engineering, administrative, work practice and management solutions.

4. Statistical process control - the statistical charting of safety related behaviors (work practices), to help identify and reduce variation.

5. Imagineering - a key concept in problem solving, involves the visualization of a process, procedure, or operation with all hazardous conditions and unsafe work practices eliminated. Job Hazard Analysis is the tool used in imagineering safety.

6. Safety engineering - common techniques of engineering, work practice, and administrative controls, and the use of personal protective equipment to achieve improvements in safety.

__________________________________________________________________________________________

Applying Deming’s 14 Points to safety

Source: Steven Geigle, M.A., CSHM.

Point 1. Create constancy of purpose for the improvement of product and service, with the aim to become competitive and to stay in business, and to provide jobs.

An employer is responsible to both its community and its own workforce to maintain a high level of excellence and value. The purpose of business is more than maximizing profits by minimizing costs. An employer must strive to maximize efficiency and effectiveness through constant improvement. “There are two problems (i) problems of today; (ii) problems of tomorrow, for the company that hopes to stay in business. The next quarterly dividend is not as important as existence of the company 10, 20, or 30 years from now.” (Deming, p. 24)

Point 2. Adopt a new philosophy.

Everyone can find ways to promote quality and efficiency, to improve all aspects of the safety management system, and to promote excellence and personal accountability. Pride of workmanship must be emphasized from recruitment to retirement. By their behavior, leaders set the standard for all workers. "We are in a new economic age. Western management must awaken to the challenge, must learn their responsibilities, and take on leadership for a change. We can no longer tolerate commonly accepted levels of mistakes, defects, material not suited for the job, people on the job that do not know what the job is and are afraid to ask, handling damage, antiquated methods of training on the job, inadequate and ineffective supervision, management not rooted in the company, job hopping in management..." (Deming, Out of the Crisis, p. 26)

Point 3. Cease dependence on mass inspection to achieve quality.

Reliance on routine 100 percent inspection to improve safety may be ineffective at best. Most accidents are directly caused by behaviors not conditions in the workplace. Effective informal and formal observation programs may be far more effective in protecting employees and profits.

As Deming points out, "Inspection (as the sole means) to improve quality is too late!" Lasting quality comes not from inspection, but from improvements in the system. For example, documenting deficiencies in safety record-keeping does not, by itself, generate ideas that would make the task of record-keeping less error-prone. A quality-driven approach might, instead, encourage development of clear and simple record-keeping forms that minimize or eliminate the likelihood of mistakes. Some corporate safety systems depend solely on regular walk-around inspections by the safety director, supervisors and safety committees.

Point 4. End the practice of awarding business on the basis of price tag.

The more suppliers you have, the greater the number of variables. World-class safety management systems think of their suppliers as "partners" in their operation. Successful partnerships require clear and specific performance standards and feedback on whether those standards are being met. Developing a long-term customer-supplier relationship with a quality safety supplier is critical in reducing the variables associated with purchasing tools, equipment, machinery, supplies and materials. When the supplier is intimately aware of your needs, he or she can better supply those needs while maintaining high levels of quality.

“We can no longer leave quality, service, and price to the forces of competition for price alone -- not in today’s requirements for uniformity and reliability.” (Deming, p. 31) Instead, minimize total cost. Move toward a single supplier for any one item, on a long-term relationship of loyalty and trust.

Point 5. Improve constantly and forever the system of production and service, to improve quality and productivity, and thus constantly decrease costs.

Safety can be integrated into all operations, whether production or service. This requires close cooperation between internal customers and suppliers. Safety staff and committees need to be almost obsessed with continually fine-tuning the safety management system. There's always room improvement should be their mantra.

“A theme that appears over and over in this book is that quality must be built in at the design stage. It may be too late, once plans are on their way.” (Deming, p. 49) Improving quality and safety is not a one-time effort with a narrow focus on a limited number of corporate functions.

Point 6. Institute training and retraining on the job.

On-the-job training ensures that every worker has a thorough understanding of: 1) the needs of workers; 2) how to meet those needs; and 3) how to improve the safety management system's ability to meet those needs. Incorporating continuous safety improvement into the fabric of each job can speed learning.

“Training must be totally reconstructed. Management needs training to learn about the company, all the way from incoming material to customer. A central problem is an appreciation for variation.” (Deming, p. 52)

Point 7. Adopt and institute leadership.

The job of management is leadership. Effective safety leaders are thoroughly knowledgeable about their responsibilities to the employer and their obligations to each employee. They walk the talk. Leaders take every opportunity to create an environment for workers to suggest improvements and act quickly to make needed changes in the safe-production process.

“The job of management is not supervision, but leadership. Management must work on sources of improvement, the intent of quality of product and service...” (Deming, p. 54) The aim of supervision should be to help people and machines do a better job, and to increase pride of workmanship.

Point 8. Drive out fear, so that everyone may work effectively for the company.

It's impossible to achieve world-class safety in an environment driven by fear. Deming states that an organization must actually start with this element if it is to be successful in achieving total quality. The Japanese have a saying: "Every defect is a treasure", meaning that all data is good data that can be used to help improve the safety management system. Errors or problems can help safety staff and committees identify more fundamental or systemic root causes and ways to improve the system.

“No one can put in his best performance unless he feels secure. A common denominator of fear in any form, anywhere, is loss from impaired performance and padded figures.” (Deming, p. 59)

Point 9. Break down barriers between staff areas.

If you keep people in the dark, they think the worst. Placing competitive or other barriers between organizations or between departments within one organization are obstacles to effective safety management. Friction or lack of cooperation result in unnecessary waste, more errors, greater delay, and duplication of effort. A lasting continuous safety improvement program requires teamwork that crosses traditional organizational lines. Cooperation, not competition, is essential.

“People in research, design, purchase of materials, sales, and receipt of incoming materials must learn about the problems encountered with various materials and specifications in production and assembly.” (Deming, p. 62) They must work as a team to foresee problems of production, product or service.

Point 10. Eliminate slogans, exhortations, and targets for the work force asking for zero defects and new levels of productivity.

The problem with such exhortations is that they put the burden for safe behavior on worker performance instead of poor safety management design. Continuous improvement in safety requires that the organization focus on improving safe behaviors. Rather than setting a goal zero accidents, focus on achieving 100 percent compliance with safety policies and rules: employees have control over their behavior. Employees can work all year without violating safety rules and still get hurt. Employees can work all year, violating safety rules each day, and with luck, not get hurt. Don't recognize for zero accidents, recognize for sustained safe behaviors. In so doing, the frequency of safe behaviors will increase: productivity and efficiency will rise, and waste will diminish.

“You can beat horses; they run faster for a while. Goals are like hay somebody ties in front of the horse’s snout. The horse is smart enough to discover that no matter whether he canters or gallops, trots or walks or stands still, he can’t catch up with the hay. Might as well stand still. Why argue about it? It will not happen except by change of the system. That’s management’s job, not the people’s.” Deming, 1985

Point 11. Eliminate numerical quotas for workers and people in management. Substitute leadership.

For Deming, work production standards and rates, tied to incentive pay, are inappropriate because they burn out the workforce in the long run. Punishing or rewarding employees based on accident rates is inappropriate. Behavioral, not results measures are the only measure that proactively influences performance in the workplace. A team effort should be emphasized to increase safety and quality to most effectively achieve increased profits/savings that can then be translated to, for example, higher salaries or better benefits. Improvement efforts should emphasize improving processes because outcomes are dependent on inputs and processes within the safety management system. Focus on behaviors: the outcome, as the dependent variable, will take care of itself.

“A quota is a fortress against improvement of quality and productivity. I have yet to see a quota that includes any trace of a system by which to help anyone do a better job.” (Deming, p. 71)

Point 12. Remove barriers that rob people of their pride of workmanship.

The workforce is the most important component of the safety management system. Effective safety cannot exist without workers who are provided with the tools that help them feel proud of their work and respected as individuals and professionals. Managers can help workers be successful by making sure that job responsibilities and performance standards are clearly understood; building strong relationships between management and the workforce; and providing workers with the best tools, instruments, supplies, and information possible. The responsibility of supervisors must be changed from sheer numbers to quality. Remove barriers that rob people of their right to pride of workmanship. Abolish the annual merit rating.

Point 13. Institute a vigorous program of education and self-improvement for everyone.

Workers can improve their knowledge, skills, and abilities through continual education and ever-broadening career and life opportunities. Safety staff and committees, as internal consultant groups tasked with problem solving to fix the system must be well-educated and skilled in their duties. Management, as well as members of the workforce, must continue to experience new learning and growth in all areas.

“What an organization needs is not just good people; it needs people that are improving with education.” ( Deming, p. 86)

Point 14. Take action to accomplish the transformation.

The essence of continual safety improvement is a focus on meeting the safety needs of all employees. To best do this, it may take a total transformation, not mere revision of the safety culture. Effective safety management programs go beyond emphasizing one or two efforts or areas to improve performance. Every safety activity, program, plan, process and job in the company can be improved to better protect employees from injury and illness. Everyone within the organization can be given an opportunity to understand the improvement program and their individual role within that effort. Safety improvement teams that include broad representation throughout the organization can help ensure success of safety efforts and create opportunities for cross-functional dialogue and communication.

“Management in authority will struggle over every one of the above 13 points...” (Deming, p. 86) Put everybody in the company to work to accomplish the transformation. The transformation is everyone’s job.

__________________________________________________________________________________________

Deming’s Deadly Diseases Applied to Safety

Source: Steven Geigle, M.A., CSHM.

1. The crippling disease: lack of constancy of purpose. Safety program of the month efforts do not produce long term improvement. Companies continually try to maintain interest in safety by implementing gimmicky program. Only a sustained effort reflected in a written mission (what we do) and vision (who we are) statement can produce long term success.

2. Emphasis on short-term profits. This is a killer in most company. It impacts safety through the reluctance of management to invest in safe machinery, safety training, and personal protective equipment. Management does not consider the long term impact safety and health, which may be as high as 30% - 50% of the total cost of manufacturing.

3. Evaluation of performance, merit rating, or annual review. As stated earlier, annual reviews do not fulfill the purpose for which they are used. They function to demotivate, devalue, and distance the employee from management.

4. Mobility of management. This deadly sin affects a company’s safety effort by increasing the difficulty in maintaining constancy of purpose. Supervisors, safety directors come and go. Each establish safety subcultures within their area of responsibility. With every move, cultures change, people must transition, variation increases, and the vision is lost.

5. Running a company on visible figures alone (counting the money). These companies reduce their safety effort once accident rates reach an acceptable level. Consequently, accident rates rise and the process to reduce accidents repeats. Long term savings from safety are not reflected in short-term figures. The unknown and unknowable impact of each and every accident is not factored into the success equation of companies who rely only on visible figures.

__________________________________________________________________________________________

Deming’s Obstacles to Quality Improvement Applied to Safety

Source: Steven Geigle, M.A., CSHM.

1. Hope for instant pudding. Safety programs focus on the “surface cause” of accidents. Consequently, quick fix tactics (fix the condition) are primarily used in response to accidents. Little thought or action is given to the underlying contributing factors that allowed the unsafe conditions to exist. The result: repeated accidents (defects).

2. The supposition that solving problems, automation, gadgets, and new machinery will transform industry. Most accidents are the result of unsafe work practices, not unsafe material or equipment. Workers may not value safety; they may be under stress to produce; or they may be ignorant of safe procedures. In any case, only by addressing these human factors can a company transform its safety program.

3. Thinking that our problems are different. Every company has virtually the same challenge in safety: the challenge is effective leadership and management, not the worker.

4. Obsolescence in schools. A manager with an MBA from Harvard is probably more ignorant about safety than the average employee on a safety committee. Enough said.

5. Poor teaching of statistical methods in industry. Safety professionals deal with very few statistics; typically incident and accident rates. As mentioned earlier, Dr. Veltri and others are working hard to produce useful statistical tools to aid safety professionals in demonstrating the savings resulting from improving the ES&H factors in manufacturing.

6. “Our quality control department takes care of all our problems of quality.” Our safety directory or the safety committee is responsible for safety. Safety is not my job, it’s the safety director’s job. These are common perceptions, not only by supervisors and managers, but by all employees in many companies.

7. “Our troubles lie entirely in the work force.” Blaming accidents on employees is very common and is totally destructive of all safety programs where it exists. Managers must take responsibility and accountability for the safety and health of their workers, and understand that they must first look at the quality of their own performance in safety supervision, training, and enforcement before placing blame on their employees.

8. False starts. Some companies will begin safety efforts without thoroughly thinking through the process or ensuring that players have proper education, training, and funds. They will not understand the purpose of the safety program

__________________________________________________________________________

What Joseph M. Juran Might Have Said About Safety

Source: Steven Geigle, M.A., CSHM.

A contemporary of Deming, and a second great contributor to the success of Japan’s management revolution of the 40’s and 50’s, he viewed quality problems an 80% result of weaknesses in the management system; 20% attributable to workers, and would have, no doubt, had the same opinion about the causes of workplace injuries and illness. (Actually, safety gurus such as Dan Peterson and Jerald Geller claim that the percentages are closer to 95% systemic weaknesses to 5% worker unsafe acts).

Like Deming, he admonished managers to avoid campaigns and slogans to motivate the workforce to solve the company’s quality problems. This argument parallels Larry Hansen’s finding that truly “world-class safety cultures” do not rely on slogans and loud, gimmicky safety program campaigns. He favored the use of quality circles because they improved communications between management and labor, and would have surely improved of the idea of management-labor safety committees which have been established for the same purpose.

He argued that, “When it comes to quality, there is no such thing as improvement in general. Any improvement in quality is going to come about project by project and no other way.” This parallels Deming’s feeling that change must occur slowly, a little at a time to properly observe the results and take appropriate action (Plan - Do - Check - Act). To Juran there are two kinds of quality: “fitness for use” and “conformance to specifications.” Juran might have possibly considered safety in terms of “safe design of equipment and compliance with safety rules.”

________________________________________________________________________________________

Juran’s 10-Steps to Quality Improvement Applied to Safety

Source: Steven Geigle, M.A., CSHM.

1. Build awareness of the need and opportunity for improvement. Education and training by supervisors and managers is critical. But first, they must, themselves, believe in the importance of safety to the success of the company.

2. Set goals for improvement. Establish goals in safety activities such as safety meetings, recognition (for appropriate behavior), and education and training. Don’t set numerical goals reflecting results. Have faith that results will improve as a result of increased safety activities.

3. Organize to reach the goals (establish a quality council, identify problems, select projects, appoint teams, designate facilitators). The safety committee is really only a first step. Some companies have specialized safety committees that attempt to improve the safety in their particular work areas. Not much work has been done in this area.

4. Provide training. Preferably by first line supervisors or competent persons who understand correct safety principles and procedures.

5. Carry out projects to solve problems. A project is a problem scheduled for solution. Again, a properly trained safety committee or team can function successfully to solve safety problems. Effective training is the key here.

6. Report progress. Safety committees, or other groups working on safety, need to understand that they actually play the role of a consultant, and need to communicate regularly with their internal customers (workers and management). The safety committee should “brag,” so to speak, about the savings they have brought to the company through the identification and correction of hazards.

7. Give recognition. Always recognize all employees when they impress you. Let them know you appreciate it when they demonstrate appropriate behavior, consistently comply with safety standards, and when they report injuries and report hazards. The incentive (or promise is not as important as the act of being recognized. That's what really matters to the employee in the long term. A simple verbal recognition (more than just a “thanks”) is meaningful.

8. Communicate results. It’s critical that management have a clear understanding of the benefits the safety director or safety committee has brought to the company. Usually this means the bottom line.

9. Keep score. How are we doing this year, compared to last year, in safety activities. I’m not talking about an annual rating, but rather a comparison with the past to project activity into the future.

10. Maintain momentum by making annual improvement part of the regular systems and processes of the company. We have to part ways with Juran here: How about “continual safety improvement” instead of annual improvement.

_________________________________________________________________________________________

What Philip B. Crosby Might Say About Safety

Source: Steven Geigle, M.A., CSHM.

Philip B. Crosby, a quality expert, was responsible for quality for the Pershing missile project at Martin Corporation, was director of quality for ITT, and in 1979 formed Philip Crosby Associates. He defines quality as “Conformance to requirements, ...which can only be measured by the cost of non-conformance.” He might consider safety as the ”conformance to error free work practices, ... which can be measured only by average industry costs.” He developed 14 steps to quality improvement which might be appear as below when applied to safety.

Crosby’s 14 Steps Applied to Safety Improvement

1. Make it clear that management is committed to safety.

2. Form safety committee problem solving teams with representatives from each department.

3. Determine where current and potential safety problems lie.

4. Evaluate the cost of an injury free workplace and contrast it against the costs commonly realized for the industry, and explain its use as a management tool.

5. Raise the safety awareness and personal concern of all employees.

6. Take actions to correct safety problems identified through previous steps.

7. Establish a committee for an “injury and illness free workplace” program.

8. Train supervisors to actively carry out their part of the safety improvement program.

9. Hold an ‘injury and illness free day’ to symbolize the change that has taken place in corporate thinking and action about safety, and aid employees through their individual inner transition.

10. Encourage individuals to establish safety improvement goals for themselves and their groups.

11. Encourage employees to communicate to management the obstacles they face in attaining their safety improvement goals.

12. Recognize and appreciate those who demonstrate they value safety and participate in safety programs.

13. Establish safety councils to communicate on a regular basis.

14. Do it all over again to emphasize that the safety improvement program never ends.

__________________________________________________________________________________________

Strategic Map for Change and Continuous Improvement for Safety and Health

Source: OSHA

The following strategic map describes major processes and milestones that need to be implemented to successfully implement a change process for safety and health. This strategy is intended to help you focus on the process rather than on individual tasks. It is common for most sites to have a tendency to focus on the accomplishment of tasks, i.e., to train everyone on a particular concern or topic or implement a new procedure for incident investigations. Sites that maintain their focus on the larger process are far more successful. They can see the "forest" from the "trees" and thus can make mid-course adjustments as needed. They never lose sight of their intended goals, and tend not to get distracted or allow obstacles to interfere with their mission. The process itself will take care of the task implementation and ensure that the appropriate resources are provided and priorities are set.

Process Implementation Strategy:

1. Obtain Top Management "Buy-in" - This is the very first step that needs to be accomplished. Top managers must be on board. If they are not, safety and health will compete against core business issues such as production and profitability, a battle that will almost always be lost. Management needs to understand the need for change and be willing to support it. Showing the costs to the organization in terms of dollars (direct and indirect costs of accidents) that are being lost, and the organizational costs (fear, lack of trust, and feeling of being used, etc) can be compelling reasons for doing something different. Because losses due to accidents are bottom line costs to the organization, controlling these will more than pay for the needed changes. In addition, as you are successful you will eliminate organizational barriers such as fear and lack of trust – issues that typically get in the way of all of the organization's goals. A safety and health change process can very effectively drive change and bring an organization together due to the ability to get buy-in from all levels. This stems from the fact that most people place a high personal value on their own safety. They view the change efforts as things that are truly being done for them.

2. Continue Building "Buy-in" for the needed changes by building an alliance or partnership between management, your union (if one exists), and employees. A compelling reason for the change must be spelled out to everyone. People have to understand WHY they are being asked to change what they normally do and what it will look like when they are successful. This needs to be done upfront. If people get wind that something "is going down" and haven’t been formally told anything, they will tend to naturally resist and opt out. Identify key personnel to champion the change. These people must be visible and are the ones to articulate the reasons for the changes. The reasons need to be compelling and motivational. People frequently respond when they realize how many of their co-workers or subordinates are being injured and that they may be next. Management and supervisors also respond when they see the money being lost due to accidents and they realize that their actions toward safety truly influence and define the employee safety culture.

3. Build Trust - Trusting is a critical part of accepting change and management needs to know that this is the bigger picture, outside of all the details. Trust will occur as different levels within the organization work together and begin to see success.

4. Conduct Self Assessments/Bench Marking - In order to get where you want to go, it is essential to know where you are starting from. You can use a variety of self-audit mechanisms to compare your site processes with other recognized models of excellence such as Star VPP sites. Visiting other sites to gain first hand information is also invaluable. You can use perception surveys to measure the strengths and weaknesses of your site safety culture. These surveys can give you data from various viewpoints within the organization. For instance, you can measure differences in employees' and managers' perceptions on various issues. This is an excellent way to determine whether alignment issues exist and, if so, what they are. At this stage, it is important to look at issues that surface as symptoms of larger system failures. For example, ask what major system failed to detect the unguarded machine, or why the system failed to notice that incident investigations are not being performed on time, or if workers are being blamed for the failures. Your greatest level of success will come when these larger system failures are recognized and addressed.

5. Initial Training of management-supervisory staff, union leadership (if present), and safety and health committee members, and a representative number of hourly employees. This may include both safety and health training and any needed management, team building, hazard recognition, or communication training. This provides you with a core group of people to draw upon as resources and also gets key personnel on board with needed changes.

6. Establish a Steering Committee made up of management, employees, union (if present), and safety staff. This group's purpose is to facilitate, support, and direct the change processes. This will provide overall guidance and direction and avoid duplication of efforts. To be effective, the group must have the authority to get things done.

7. Develop Site Safety Vision, key policies, goals, measures, and strategic and operational plans. These policies provide guidance and serve as a check-in that can be used to ask yourself if the decision you’re about to make supports or detracts from your intended safety and health improvement process.

8. Align the Organization by establishing a shared vision of safety and health goals and objectives versus production. Upper management must be willing to support by providing resources (time) and holding managers and supervisors accountable for doing the same. The entire management and supervisory staff needs to set the example and lead the change. It's more about leadership than management.

9. Define Specific Roles and responsibilities for safety and health at all levels of the organization. Safety and health must be viewed as everyone's responsibility. Clearly spell out how the organization deals with competing pressures and priorities, i.e., production versus safety and health.

10. Develop a System of Accountability for all levels of the organization. Everyone must play by the same rules and be held accountable for their areas of responsibility. The sign of a strong culture is when the individuals hold themselves accountable.

11. Develop Measures and an ongoing measurement and feedback system. Drive the system with upstream activity measures that encourage positive change. Examples include: the number of hazards reported or corrected, numbers of inspections, number of equipment checks, Job Safety Analysis (JSA), prestart-up reviews conducted, etc. While it is always nice to know what the bottom line performance is, i.e., accident rates, overemphasis on rates and using them to drive the system typically only drives accident reporting under the table. It is all too easy to manipulate accident rates, which will only result in risk issues remaining unresolved and a probability for future, more serious events to occur.

12. Develop Policies for Recognition, rewards, incentives, and ceremonies. Reward employees for doing the right things and encourage participation in the upstream activities. Continually re-evaluate these policies to ensure their effectiveness and to ensure that they do not become entitlement programs.

13. Awareness Training and Kick-off for all employees. It's not enough for a part of the organization to be involved and know about the change effort. The entire site needs to know and be involved in some manner. A kick-off celebration can be used to announce "It’s a new day," and seek buy-in for any new procedures and programs.

14. Implement Process Changes via involvement of management, union (if one is present) and employees. Use a "Plan-Do-Study-Act" process such as Total Quality Management (TQM).

15. Continually Measure performance, Communicate Results and Celebrate Successes. Publicizing results is very important to sustaining efforts and keeping everyone motivated. Everyone needs to be updated throughout the process. Progress reports during normal shift meetings (allowing time for comments back to the steering committee) opens communications, but also allows for input. Everyone needs to have a voice, otherwise, they will be reluctant to buy-in. A system can be as simple as using current meetings, a bulletin board, or a comment box.

16. On-going Support - Reinforcement, feedback, reassessment, mid-course corrections, and on-going training is vital to sustaining continuous improvement.

__________________________________________________________________________________________

Total Quality Management Tools

Source: System Engineering "Toolbox" for Design-Oriented Engineers, Sec 7. - NASA/RP-1358

Delphi Technique

Description The Delphi technique is an iterative process that results in a consensus by a group of experts. The subject is presented to the experts. Without discussing the subject among themselves, the experts send their comments to a facilitator. The facilitator reviews the comments and eliminates those not applicable to the subject. Then, the comments are redistributed to the experts for further review. This iteration is repeated until a consensus is reached.

Application This technique is a useful tool for finding a solution when personality differences exist between members of involved technical areas. A group of experts can examine the problem and, through consensus, the effects of the differences can be minimized. Another application for this technique is to allow all parties to have equal input when one personality may otherwise overpower another in a discussion.

Procedures The Delphi technique is applied in the following manner:

1. Define the subject upon which the experts are to comment.

2. Assemble a monitor group to determine task objectives, develop questionnaires, etc.

3. Choose the experts, making sure they have no vested interest in the outcome.

4. Distribute the objectives, questionnaires, etc. to the experts for their initial set of opinions.

5. The monitor team consolidates the opinions and redistributes the comments to the experts, making sure that the comments remain anonymous.

6. Repeat steps 4 and 5 until a group consensus is reached.

Advantages

1. This technique can be useful in eliminating personality clashes.

2. This technique can be useful when powerful personalities are likely to dominate the discussion.

3. Inputs from experts unavailable for a single meeting are included.

Limitations

1. Arriving at a group consensus is time-consuming.

2. Assembling the group participants is difficult/time-consuming.

Nominal Group Technique

Description The NGT is another tool used to reach a group consensus. When priorities or rankings must be established, this decision-making process can be used. NGT is similar to brainstorming and the Delphi technique, but it is a structured approach that is oriented toward more specialized problems. The group should be small (i.e., only 10 to 15 people), and every member of the group is required to participate. This technique is often categorized as a silent brainstorming session with a decision analysis process.

Application The nominal group technique is an effective tool for producing many ideas and/or solutions in a short time. The technique can be used for many of the same applications as brainstorming and the Delphi technique. Company internal technical problems can be solved, personality clashes can be overcome, and NGT can be used to develop new ideas to satisfy a particular problem.

Procedures The NGT is applied in the following manner:

1. Generate the idea for discussion-a facilitator presents the problem and instructions to the team.

2. The team quietly generates ideas for 5 to 15 minutes. No discussion is allowed and no one leaves until everyone is finished.

3. The facilitator gathers the ideas round-robin and posts them in no particular order on a flip chart.

4. The ideas are then discussed by the group; no arguments, just clarifications. Duplications are eliminated.

5. Each member of the group silently sets priorities on the ideas.

6. The group votes to establish the priority or rank of each idea.

7. The votes are tabulated and an action plan is developed.

Advantages NGT is very effective in producing many new ideas/solutions in a short time.

Limitations

1. Assembling the group participants is difficult/time-consuming.

2. Limiting discussion often limits full understanding of others ideas, with consequent divergence of weighting factors as a likely result.

Force Field Analysis

Description The force field analysis is a technique that counts both the number and magnitude of positive and negative forces that affect the results of a proposed solution or change in process. The analysis of these positive and negative forces generally occurs after performing a brainstorming session or a cause and effect diagramming session.

This technique categorizes the identified forces as either positive or negative, and assigns a value (weight) to each force. All positives and negatives are added and the more positive the total, the more likely the proposed solution is the correct one. The more negative the total, the more likely the proposed solution is not correct. A strategy is then developed to lessen the negative forces and enhance the positive forces.

Application This analysis is often applied in determining which proposed solution, among many, will meet the least resistance. The number of forces should not be too high (i.e., less than 20) or other more sophisticated approaches should be considered. Application of the force field analysis requires a proposed solution and inputs to the process. These inputs might come from using group consensus techniques like those discussed in earlier sections. Also, assigning the value (weight) to each force might also require group consensus techniques.

Procedures The force field analysis is performed in the following manner:

1. Identify the proposed solution or change in process.

2. Determine the forces, positive and negative, that might effect the implementation of this proposed solution.

3. Separate the forces into positive and negative lists and assign a value (weight) to each force. Arriving at these values may be achieved by use of a group consensus technique like the Delphi technique.

4. Establish a strategy to lessen the negative forces and enhance the positive forces.

Advantages The force field analysis is useful in determining which proposed solution, among many, will meet the least resistance.

Limitations This technique is time-consuming in arriving at a consensus on the values (weights) of the forces, and is highly subjective.

Statistical Process Control

Description SPC is a method of using statistics applied to the results of a process to control the process. Historical data of the performance of the process (or operation of hardware) are statistically analyzed to predict future performance or to determine if a process is "in control." A process is defined as "in control" if there are only random sources of variation present in the process and the associated data. In these cases, the data can correctly be investigated with the standard methods of statistical analysis. If the data are not "in control," there is some special cause of variation present in the process, and this is reflected in the data from that process.

In these cases, this section on SPC assumes that the data variability is still reasonably distributed around the mean, and these procedures are applicable. If these procedures lead to a result of special cause variation at nearly every data point, these procedures cannot be correctly applied.

Application This technique is used to determine if special causes of variation are present in a process, or if all variation is random. In other words, SPC is used to ensure that a product is being produced consistently, or is about to become inconsistent. Thus, SPC can be used to isolate problems in a process before defective hardware is delivered. This technique can be used for measurement type data (real numbers) or attribute data. There are two types of attribute data - binomial data and poisson data.

• Binomial data have a given number of outcomes, e.g., three of four parts on an assembly can be defective.

• Poisson data have an unlimited number of possible outcomes, e.g., a yard of material may have 1, 10, or 100 flaws.

Procedures The basic steps for conducting SPC are:

1. Decide how to group the data. Subgroups should be chosen to show the performance of the part or process of interest. For example, if a machine is producing several parts at a time, the parts produced at one time will be a logical subgroup.

2. Construct a control chart and range chart.

3. Determine and apply control limits to the data.

4. Determine if any control limits are violated. If any control limits are violated, a special cause is indicated. In addition to the specific control limits, the analyst must examine the data plot for other visual indications of special causes in the data. Any particular pattern, for example, would indicate a special cause is present. The use of engineering judgment is critical to extracting the maximum amount of data from the SPC plots.

5. Determine the special cause. This may require Pareto analysis or engineering judgment using past experience.

6. Implement a fix for the special cause of variation.

7. Plot the data to ensure that the fix has been effective.

Flowchart Analysis

Description A flowchart is a pictorial representation of the steps in a process where each step is represented by a block. The review of a flowchart allows the elimination of nonvalue added steps. When prepared by a group, the chart represents a consensus. The flowchart analysis is a useful tool for determining how a process works. By studying how process steps relate to each other, potential sources of problems can often be identified.

Many different types of flowcharts are useful in the continuous improvement process. Flowcharts often used are the top-down flowchart, the detailed flowchart, and the work flow diagram. The top-down flowchart presents only the major and most fundamental steps in a process. This chart makes it easy to visualize the process in a single, simple flow diagram. Key actions associated with each major activity are listed below their respective flow diagram steps. A top-down flowchart can be constructed fairly quickly and easily. This type of flowchart is generally developed before attempting to produce the detailed flowcharts for a process. By limiting the top-down flowchart to key actions, the probability of becoming bogged down in the detail is reduced.

Application This chart is used to provide a picture of the process prior to writing a procedure. Flowcharts should be created, then procedures written to follow the flowchart. The chart should be included as an appendix in the procedure. Flowcharts can be applied to anything from material flow to the steps it takes to service or sell a product.

Procedures A flowchart is prepared in the following manner:

1. A development team creates a diagram that defines the scope of the task to be undertaken. Also identified are the major inputs and outputs.

2. Create a data flow diagram. Start with executive level data that are involved in the process, followed by department data and finally branch data.

3. Using the data, create an initial model. The team should walk through the process and look for any details that need to be clarified, added, or deleted.

4. Make a data dictionary. This ensures that everyone involved in the project has a consistent understanding of the terms and steps used.

5. Add the process symbols.

6. Revise, as necessary.

Advantages

1. Flowcharts allow examination and understanding of relationships in a process.

2. Flowcharts provide a step-by-step picture that creates a common understanding about how the elements of a process fit together.

3. Comparing a flowchart to actual process activities highlights areas where policies are unclear or are being violated.

Limitations The flowchart development process can be time-consuming.

Work Flow Analysis

Description A WFA examines the work process for possible improvements in performance and quality of work life. This technique is really a special case of flowcharting. The goal is to overcome the excuses for not changing work habits on the part of the employee as well as management. Such excuses are, "It has always been done this way," and "It's not my responsibility."

Application The analysis is performed in an employee/management partnership, where the goal for each party is to improve productivity as well as the quality of work life. The technique will work if executed by a partnership of management and employees.

Procedures A WFA is performed in the following manner:

1. Collect data concerning the operation being analyzed. This can be done by observing the operation or asking questions, but not by reading an operations plan that would tell how the operation is supposed to be done.

2. Flowchart the process.

3. Research and collect ideas on how to improve the operation from any sources available.

4. Define the desired performance versus the actual performance.

5. Identify the gaps in performance and propose changes to eliminate these gaps.

6. Analyze these changes by using a multifunctional team.

7. Once the changes are agreed upon, prototype them on a small basis in a certain area or shift.

8. Once the bugs are ironed out and the changes are operating smoothly, implement them on a large-scale basis.

9. Flowchart the new operation and revise the operating procedure documentation to reflect the changes.

Advantages The technique may increase productivity and improve working conditions.

Limitations

1. The technique requires cooperation between employees and management to be most successful.

2. The observed operation may not be fully representative of a "typical" process that would occur without scrutiny.

Cause and Effect Diagrams (Also Known as Fishbone Diagrams or Ishikawa Diagrams)

Description The cause and effect diagram graphically represents the relationships between a problem (effect) and its possible causes. The development process is started in a group session led by a trained facilitator. The problem is stated in terms acceptable to the group. Possible causes are listed. The group then assigns priorities to the causes and action plans are developed.

When a cause and effect diagram is constructed, thinking is stimulated, thoughts are organized, and discussions are begun. These discussions bring out many possible viewpoints on the subject. Once all participants reach a similar level of understanding about an issue, an expansion of ideas can then be examined.

Cause and effect diagrams are developed in a form, commonly referred to as "fish," where the effect is found in a box to the right which is the head of the fish. The bones of the fish show the organized causes. The effects and causes can be expressed in words or data.

Application Cause and effect diagrams are used to examine many different topics which include the following:

1. The relationships between a known problem and the factors that might affect it.

2. A desired future outcome and its related factors.

3. Any event past, present, or future and its causal factors.

The cause and effect diagram is useful in examining processes such as SPC, and SPC problems. The technique is also useful in planning activities and brainstorming. The diagram is basically a controlled way of gathering and using suggestions through group consensus.

Procedures A cause and effect diagram is developed in the following manner:

1. Define the effect as clearly as is possible and place it at the head of the fish. This effect represents the "problem" that is being investigated. As data are collected, the effect can be redefined, if necessary.

2. The group brainstorms the causes and lists them in no particular order. These causes are then studied and the causes that affect these causes are identified. This will continue until no new causes are thought of by the group.

3. Once all causes are identified, list all categories, then display the categories on the diagram.

4. The group then prioritizes the causes by multivoting. Each member of the group lists the causes in order of significance. Votes are counted and a final list is written.

5. The highest prioritized causes are listed on the diagram as the big bones. The next highest prioritized causes will be listed on the diagram as the medium bones. Finally, the least prioritized causes will be listed on the diagram as the small bones.

6. As categories and causes are included on the diagram, thinking may be stimulated and new causes may be identified.

7. Teams are then formed to research and report on preventive (i.e., proactive) measures.

Advantages

1. The cause and effect diagram enables quality analysis groups to thoroughly examine all possible causes or categories.

2. The cause and effect diagram is useful in analyzing SPC problems. SPC detects a problem but can pose no solution.

Limitations The development of the cause and effect diagram can be time-consuming in order to arrive at a group consensus.

Brainstorming

Description Brainstorming is a group process wherein individuals quickly generate ideas on a particular problem, free from criticism. The emphasis is on the quantity of ideas, not the quality. In the end, the goal is to arrive at a proposed solution by group consensus. All members of the group are equals and each is free to express ideas openly. The technique is an excellent way of bringing out the creative thinking from a group.

Application Brainstorming is often used in business for such things as arriving at compromises during union negotiations, coming up with advertising slogans, identifying root causes of a problem, and finding solutions to a customer service problem.

If done properly, bashful yet creative people can be coaxed to propose good ideas. For some important brainstorming sessions, a facilitator is necessary. The facilitator should be knowledgeable in the brainstorming process and help as much as possible in the generation of ideas but should have no stake in the outcome of the brainstorming session.

There are three phases of brainstorming, as adapted from reference 7.3:

1. Generation phase-group members generate a list of ideas.

2. Clarification phase-the group reviews the list of ideas to make sure all members understand each one, discussions occur.

3. Evaluation phase-the group eliminates duplication, irrelevancies, or issues that are off-limits.

Procedures Conduct a brainstorming session as follows:

1. Clearly state the purpose of the brainstorming session.

2. Group members can take turns expressing ideas, or a spontaneous discussion can occur.

3. Discuss one topic at a time.

4. Do not criticize ideas.

5. Expand on ideas from others.

6. Make the entire list of ideas available for all group members to review.

7. After discussions and eliminations, arrive at a final proposed solution by group consensus.

Advantages The technique takes advantage of the ideas of a group to arrive at a quick consensus.

Limitations

1. Brainstorming only proposes a solution but does not determine one.

2. The technique is limited by the ability of the group to achieve consensus.

Checklists

Description A checklist provides a list of checkoff items that enable data to be collected quickly and easily in a simplified manner. The data are entered on a clear, orderly form. Proper use of the checklist helps to minimize errors and confusion.

Application Checklists should be laid out in advance or data may be omitted. If done right, the checklist will be easy to complete and will allow for quick entry of data. One common method of data entry on a checklist is hash marking. Checklists are often used to collect data on such things as numbers of defective items, defect locations, and defect causes.

Procedures A checklist is created in the following manner:

1. A group should decide ahead of time what data should be collected.

2. Make a draft of the checklist and ask the individuals who will fill out the form for input-revise as necessary.

3. Implement the checklist.

4. As data are collected, review the results and, again, revise the checklist, as necessary, to optimize use of the form.

AREA II B: SYSTEMS SAFETY

MIL-STD-882D DEPARTMENT OF DEFENSE

STANDARD PRACTICE SYSTEM SAFETY

FOREWORD

1. This standard is approved for use by all Departments and Agencies of the Department of Defense (DoD).

2. The DoD is committed to protecting personnel from accidental death, injury, or occupational illness; weapon systems, equipment, material, and facilities from accidental destruction or damage; and the public from death, injury, illness, or property damage as a result of executing its mission of national defense. While meeting mission requirements, the DoD will also ensure to the maximum extent practicable that the quality of the environment is protected. The DoD has implemented environmental, safety, and health efforts to meet these objectives. Integral to these efforts is the use of a system safety approach to manage the risk of mishaps associated with DoD operations. A key objective of the DoD system safety approach is to ensure that mishap risk identification and mitigation, consistent with mission requirements, are included in technology development and designed into systems, subsystems, equipment, facilities, and their interfaces and operation. The DoD goal is zero mishaps.

3. This standard addresses an approach (a standard practice normally identified as system safety) useful in the management of environmental, safety, and health mishap risks encountered in the development, test, production, use, and disposal of systems, subsystems, equipment, and facilities. The approach described herein conforms to the acquisition procedures in DoD Regulation 5000.2-R and provides a consistent means of evaluating identified mishap risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the appropriate authority, and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be reported to and accepted by appropriate authority.   When MIL-STD-882 is required in a solicitation or contract and no specific references are included, then only those requirements presented in paragraph 4 are applicable.

4. This current revision represents application of the tenets of acquisition reform to the use of system safety in Government procurement. A joint Government and industry integrated process team was formed to oversee the revision. Industry was represented on the integrated process team by the Government Electronic and Information Technology Association (GEIA), G-48 committee on system safety. The system safety tasks associated with previous versions of this standard have been placed in the Defense Acquisition Deskbook (see 6.8). This standard is no longer the source for any safety-related data item descriptions (DIDs).

5. Beneficial comments (recommendations, additions, deletions) and any pertinent information that may be of use in improving this document should be addressed to: HQ Air Force Materiel Command (SES), 4375 Chidlaw Road, Wright-Patterson AFB, OH 45433-5006, by using the Standardization Document Improvement Proposal (DD Form 1426) appearing at the end of this document or by letter or electronic mail.

1. SCOPE

1.1 Scope. This standard defines a standard practice for conducting system safety.

The practice defined herein conforms to the acquisition procedures in DoD Regulation 5000.2-R and provides a consistent means of evaluating identified risks. Mishap risk must be identified, evaluated, and mitigated to a level acceptable (as defined by the system user or customer) to the appropriate authority and compliant with federal laws and regulations, Executive Orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk must consider total life cycle cost in any decision. Residual mishap risk associated with an individual system must be reported to and accepted by appropriate authority. When MIL-STD-882 is required in a solicitation or contract and no specific paragraphs of this standard are identified, then only those requirements presented in paragraph 4 are applicable.

2. APPLICABLE DOCUMENTS

No applicable documents are specified in sections 3, 4, and 5 of this standard. This section does not include documents cited in other sections of this standard or recommended for additional information or as examples.

3. DEFINITIONS

3.1 Acronyms used in this standard. The acronyms used in this standard are defined as follows:

a. DoD Department of Defense

b. ESH Environmental, Safety, and Health

3.2 Definitions. Within this document, the following definitions apply (see 6.4):

1. Acquisition program. A directed, funded effort that is designed to provide a new, improved, or continuing system in response to a validated operational need.

2. Developer. The individual or organization assigned responsibility for a development effort. Developers can be either internal to the government or contractors.

3. Hazard. Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of equipment or property; or damage to the environment.

4. Hazardous material. Any substance that, due to its chemical, physical, or biological nature, causes safety, public health, or environmental concerns that would require an elevated level of effort to manage.

5. Life cycle. All phases of the system's life including research, development, test and evaluation, production, deployment (inventory), operations and support, and disposal.

6. Mishap. An unplanned event or series of events resulting in death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.

7. Mishap risk. An expression of the impact and possibility of a mishap in terms of potential mishap severity and probability of occurrence.

8. Program manager. A government official who is responsible for managing an acquisition program. Also, a general term of reference to those organizations directed by individual managers, exercising authority over the planning, direction, and control of tasks and associated functions essential for support of designated systems. This term will normally be used in lieu of system support manager, weapon program manager, system manager, and project manager when such organizations perform these functions.

9. Residual mishap risk. The remaining mishap risk that exists after all mitigation techniques have been implemented or exhausted, in accordance with the system safety design order of precedence (see 4.4).

10. Safety. Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.

11. Subsystem. A grouping of items satisfying a logical group of functions within a particular system.

12. System. An integrated composite of people, products, and processes that provide a capability to satisfy a stated need or objective.

13. System safety. The application of engineering and management principles, criteria, and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout all phases of the system life cycle.

14. System safety engineering. An engineering discipline that employs specialized professional knowledge and skills in applying scientific and engineering principles, criteria, and techniques to identify and eliminate hazards, in order to reduce the associated mishap risk.

4. GENERAL REQUIREMENTS

This section defines the system safety requirements that are to be performed throughout the life cycle for any system, new development, upgrade, modification, resolution of deficiencies, or technology development. When properly applied, these requirements are designed to ensure the identification and understanding of all known hazards and their associated risks, and that mishap risk is eliminated or reduced to accepted levels. The objective of system safety is to achieve acceptable mishap risk through a systematic approach of hazard analysis, risk assessment, and risk management. The requirements of this standard practice shall be applied without tailoring. When MIL-STD-882 is required in a solicitation or contract and no specific references are included, then only the requirements in this section are applicable. System safety requirements consist of the following:

1. Documentation of the system safety approach. Document the developer's and program manager's approved system safety engineering approach. This documentation will:

a. Describe the program’s implementation of the requirements of this standard, including identification of the hazard analysis and mishap risk assessment processes to be used.

b. Include information on how system safety will be integrated into the overall program structure.

c. Define how hazards and residual mishap risk are communicated to and accepted by the appropriate risk acceptance authority (see 4.7) and how hazards and residual mishap risk will be tracked (see 4.8).

2. Identification of hazards. Identify hazards through a systematic hazard analysis process encompassing detailed analysis of system hardware and software, the environment (in which the system will exist), and the intended usage or application. Historical hazard and mishap data, including lessons learned from other systems, are considered and used. Identification of hazards is a responsibility of all members of the program. During hazard identification, consideration is given to hazards over the system life cycle.

3. Assessment of mishap risk. Assess the severity and probability of the mishap risk associated with each identified hazard, i.e., determine the potential impact of the hazard on personnel, facilities, equipment, operations, the public, and the environment, as well as on the system itself.

4. Identification of mishap risk mitigation measures. Identify potential mishap risk mitigation alternatives and the expected effectiveness of each alternative or method. Mishap risk mitigation is an iterative process that culminates when the residual mishap risk has been reduced to a level acceptable to the appropriate authority. The system safety design order of precedence for mitigating identified hazards is:

a. Eliminate hazards through design selection. If an identified hazard cannot be eliminated, reduce the associated mishap risk to an acceptable level.

b. Incorporate safety devices. If the hazard cannot be eliminated, reduce the mishap risk to an acceptable level through the use of protective safety features or devices.

c. Provide warning devices. If safety devices do not adequately lower the mishap risk of the hazard, include a detection and warning system to alert personnel to the particular hazard.

d. Develop procedures and training. Where it is impractical to eliminate hazards through design selection or to reduce the associated risk to an acceptable level with safety and warning devices, incorporate special procedures and training. Procedures may include the use of personal protective equipment.

4.5 Reduction of mishap risk to an acceptable level. Reduce the mishap risk through a mitigation approach mutually agreed to by both the developer and the program manager. Residual mishap risk and hazards must be communicated to the associated test effort for verification.

4.6 Verification of mishap risk reduction. Verify the mishap risk reduction and mitigation through appropriate analysis, testing, or inspection. Document the determined residual mishap risk. New hazards identified during testing must be reported to the program manager and the developer.

4.7 Review of hazards and acceptance of residual mishap risk by the appropriate authority. Notify the program manager of identified hazards and residual mishap risk. The program manager must ensure that remaining hazards and residual mishap risk are reviewed and accepted by the appropriate risk acceptance authority. The appropriate risk acceptance authority must include the system user in the mishap risk review. The appropriate risk acceptance authority must formally acknowledge and document acceptance of hazards and residual mishap risk.

4.8 Tracking of hazards and residual mishap risk. Track hazards, their closure, and residual mishap risk. A tracking system for hazards, their closure, and residual mishap risk must be maintained throughout the system life cycle. The program manager must keep the system user apprised of the hazards and residual mishap risk.

5. DETAILED REQUIREMENTS

Program managers must identify in the solicitation and system specification any specific requirements for the system safety engineering effort including risk assessment and acceptance, unique classifications and certifications (see 6.6 and 6.7), or any unique mishap reduction needs for their program. Additional information on developing specific requirements for a program is located in Appendix A.

6. NOTES

(This section contains information of a general or explanatory nature that may be helpful, but is not mandatory.)

1. Intended use. This standard establishes a common basis for expectations of a properly executed system safety effort.

1. Data requirements. Hazard analysis data may be obtained from contracted sources by citing DI-MISC-80508, Technical Report - Study/Services. When it is necessary to obtain data, the applicable Data Item Descriptions (DIDs) must be listed on the Contract Data Requirements List (DD Form 1423), except where the DoD Federal Acquisition Regulation Supplement exempts the requirement for a DD Form 1423. The developer and the program manager are encouraged to negotiate access to internal development data when hard copies are not necessary.

2. Currently available DIDs that may be applicable to a system safety effort include (check DoD 5010.12-L, Acquisition Management Systems and Data Requirements Control List (AMSDL) or , for the most current version before use):

DID Number  DID Title

DI-MISC-80043 Ammunition Data Card

DI-SAFT-80101 System Safety Hazard Analysis Report

DI-SAFT-80102 Safety Assessment Report

DI-SAFT-80103 Engineering Change Proposal System Safety Report

DI-SAFT-80104 Waiver or Deviation System Safety Report

DI-SAFT-80105 System Safety Program Progress Report

DI-SAFT-80106 Occupational Health Hazard Assessment

DI-SAFT-80184 Radiation Hazard Control Procedures

DI-MISC-80508 Technical Report - Study Services

DI SAFT-80931 Explosive Ordnance Disposal Data

DI-SAFT-81065 Safety Studies Report

DI-SAFT-81066 Safety Studies Plan

DI-ADMN-81250 Conference Minutes

DI-SAFT-81299 Explosive Hazard Classification Data

DI-SAFT-81300 Mishap Risk Assessment Report

DI-ILSS-81495 Failure Mode, Effects, Criticality Analysis Report

3. Subject term (key word) listing.

Environmental

Hazard

Mishap

Mishap risk

Occupational Health

Residual mishap risk

Mishap Risk

Safety

System safety

System safety engineering

4. Definitions used in this standard. The definitions at 3.2 may be different from those used in other specialty areas. One must carefully check the specific definition of a term in question for its area of origination before applying the approach described in this document.

5. International standardization agreements. Certain provisions of this standard are the subject of international standardization agreements (AIR STD 20/23B, Safety Design Requirements for Airborne Dispenser Weapons, and STANAG No. 3786, Safety Design Requirements for Airborne Dispenser Weapons). When amendment, revision, or cancellation of this standard is proposed which will modify the international agreement concerned, the preparing activity will take appropriate action through international standardization channels, including departmental standardization offices, to change the agreement or make other appropriate accommodations.

6. Explosive hazard classification and characteristic data. Any new or modified item of munitions or of an explosive nature that will be transported to or stored at a DoD installation or facility must first obtain an interim or final explosive hazard classification. The system safety effort should provide the data necessary for the program manager to obtain the necessary classification(s). These data should include identification of safety hazards involved in handling, shipping, and storage related to production, use, and disposal of the item.

7. Use of system safety data in certification and other specialized safety approvals. Hazard analyses are often required for many related certifications and specialized reviews. Examples of activities requiring data generated during a system safety effort include: Federal Aviation Agency airworthiness certification of designs and modifications, DoD airworthiness determination, nuclear and non-nuclear munitions certification, flight readiness reviews, flight test safety review board reviews, Nuclear Regulatory Commission licensing, Department of Energy certification. Special safety-related approval authorities include USAF Radioisotope Committee, Weapon System Explosive Safety Review Board (Navy), Non-Nuclear Munitions Safety Board (USAF), Army Fuze Safety Review Board, Triservice Laser Safety Review Board, and the DoD Explosive Safety Board.

8. DoD acquisition practices. Information on DoD acquisition practices is presented in the Defense Acquisition Deskbook available from the Deskbook Joint Program Office, Wright-Patterson Air Force Base, Ohio, or . Nothing in the referenced information is considered additive to the requirements provided in this standard.

9. Identification of changes. Marginal notations are not used in this revision to identify changes with respect to the previous issue due to the extent of the changes.

APPENDIX A

GUIDANCE FOR IMPLEMENTATION OF

A SYSTEM SAFETY EFFORT

A.1 SCOPE

A.1.1 Scope. This appendix provides rationale and guidance to fit the needs of most system safety efforts. It includes further explanation of the effort and activities available to meet the requirements described in paragraph 4 of this standard. This appendix is not a mandatory part of this standard. However, program managers may extract portions of this appendix for inclusion in requirements documents and solicitations.

A.2 APPLICABLE DOCUMENTS

A.2.1 General. The documents listed in this section are referenced in sections A.3, A.4, and A.5. This section does not include documents cited in other sections of this appendix or recommended for additional information or as examples.

A.2.2 Government documents.

A.2.2.1 Specifications, standards, and handbooks. This section is not applicable to this appendix.

A.2.2.2 Other Government documents, drawings, and publications. The following other Government document forms a part of this document to the extent specified herein. Unless otherwise specified, the issue is that cited in the solicitation.

DoD 5000.2-R Mandatory Procedures for Major Defense Acquisition Programs (MDAPs) and Major Automated Information System (MAIS) Acquisition Programs

(Copies of DoD 5000.2-R are available from the Washington Headquarters Services, Directives and Records Branch (Directives Section), Washington, DC or ).

A.2.3 Non-Government publications. This section is not applicable to this appendix.

A.2.4 Order of precedence. Since this appendix is not mandatory, in event of a conflict between the text of this appendix and the reference cited herein, the text of the reference takes precedence. Nothing in this appendix supersedes applicable laws and regulations unless a specific exemption has been obtained.

A.3 DEFINITIONS

A.3.1 Acronyms used in this appendix. No additional acronyms are used in this appendix.

A.3.2 Definitions. Additional definitions that apply to this appendix:

1. Development agreement. The formal documentation of the agreed-upon tasks that the developer will execute for the program manager. For a commercial developer, this agreement usually is in the form of a written contract.

2. Fail safe. A design feature that ensures the system remains safe, or in the event of a failure, causes the system to revert to a state that will not cause a mishap.

3. Health hazard assessment. The application of biomedical knowledge and principles to identify and eliminate or control health hazards associated with systems in direct support of the life-cycle management of materiel items.

4. Mishap probability. The aggregate probability of occurrence of the individual events that might be created by a specific hazard.

5. Mishap probability levels. An arbitrary categorization that provides a qualitative measure of the most reasonable likelihood of occurrence of a mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, or system, subsystem, or component failure or malfunction.

6. Mishap risk assessment. The process of characterizing hazards within risk areas and critical technical processes, analyzing them for their potential mishap severity and probabilities of occurrence, and prioritizing them for handling.

7. Mishap risk categories. An arbitrary categorization of mishap risk assessment values often used to generate specific action such as mandatory reporting of certain hazards to management for action, or formal acceptance of the associated mishap risk.

8. Mishap severity. An assessment of the consequences of the most reasonable credible mishap that could be caused by a specific hazard.

9. Mishap severity category. An arbitrary categorization that provides a qualitative measure of the most reasonable credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, or system, subsystem, or component failure or malfunction.

10. Safety critical. A term applied to any condition, event, operation, process, or item whose proper recognition, control, performance, or tolerance is essential to safe system operation and support (e.g., safety critical function, safety critical path, or safety critical component).

11. System safety management. All plans and actions taken to identify, assess, mitigate, and continuously track, control, and document environmental, safety, and health mishap risks encountered in the development, test, acquisition, use, and disposal of DoD weapon systems, subsystems, equipment, and facilities.

A.4 GENERAL REQUIREMENTS

A.4.1 General. System safety applies engineering and management principles, criteria, and techniques to achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout all phases of the system life cycle. It draws upon professional knowledge and specialized skills in the mathematical, physical, and scientific disciplines, together with the principles and methods of engineering design and analysis, to specify and evaluate the environmental, safety, and health mishap risk associated with a system. Experience indicates that the degree of safety achieved in a system is directly dependent upon the emphasis given. The program manager and the developer must apply this emphasis during all phases of the life cycle. A safe design is a prerequisite for safe operations, with the goal being to produce an inherently safe product that will have the minimum safety-imposed operational restrictions.

A.4.1.1 System safety in environmental and health hazard management. DoD 5000.2-R has directed that environmental, safety, and health hazard management be integrated into the systems engineering process. While environmental and health hazard management are normally associated with the application of statutory direction and requirements, the management of mishap risk associated with actual environmental and health hazards is directly addressed by the system safety approach. Therefore, environmental and health hazards can be analyzed and managed with the same tools as any other hazard, whether they affect equipment, the environment, or personnel.

A.4.2 Purpose (see 1.1). All DoD program managers shall establish and execute programs that manage the probability and severity of all hazards for their systems (DoD 5000.2-R). Provision for system safety requirements and effort as defined by this standard should be included in all applicable contracts negotiated by DoD. These contracts include those negotiated within each DoD agency, by one DoD agency for another, and by DoD for other Government agencies. In addition, each DoD in-house program will address system safety. This appendix is not intended for reference, use, or implementation in contractual documents.

A.4.2.1 Solicitations and contracts. The requirements of paragraph 4 shall be applied to acquisitions without tailoring. MIL-STD-882 should be incorporated in the list of contractual compliance documents, and the potential of a developer to execute paragraph 4 requirements should be included as source selection evaluation criteria. Developers are encouraged to submit with their proposal a preliminary plan that describes the system safety effort required for the requested program. When directed by the program manager, this preliminary plan may be attached to the contract or referenced in the statement of work; it becomes the basis for a contractual system safety program.

A.4.3 System safety planning. Prior to formally documenting the system safety approach, the program manager, in concert with systems engineering and associated system safety professionals, must determine what system safety effort is necessary to meet program and regulatory requirements. This effort will be built around the requirements set forth in paragraph 4 and includes developing a planned approach for safety task accomplishment, providing qualified people to accomplish the tasks, establishing the authority for implementing the safety tasks through all levels of management, and allocating appropriate resources to ensure that the safety tasks are completed.

A.4.3.1 System safety planning subtasks. System safety planning subtasks should:

a. Establish specific safety performance requirements (see A.4.3.2) based on overall program requirements and system user inputs.

b. Establish a system safety organization or function and the required lines of communication with associated organizations (government and contractor). Establish interfaces between system safety and other functional elements of the program, as well as with other safety and engineering disciplines (such as nuclear, range, explosive, chemical, and biological). Designate the organizational unit responsible for executing each safety task. Establish the authority for resolution of identified hazards.

c. Establish system safety milestones and relate these to major program milestones, program element responsibility, and required inputs and outputs.

d. Establish an incident alerting/notification, investigation, and reporting process, to include notification of the program manager.

e. Establish an acceptable level of mishap risk, mishap probability and severity thresholds, and documentation requirements (including but not limited to hazards and residual mishap risk).

f. Establish an approach and methodology for reporting to the program manager the following information:

(1) Safety critical characteristics and features.

(2) Operating, maintenance, and overhaul safety requirements.

(3) Measures used to eliminate or mitigate hazards.

(4) Acquisition management of hazardous materials.

g. Establish the method for the formal acceptance and documenting of residual mishap risks and the associated hazards.

h. Establish the method for communicating hazards, the associated risks, and residual mishap risk to the system user.

i. Specify requirements for other specialized safety approvals (e.g., nuclear, range, explosive, chemical, biological, electromagnetic radiation, and lasers) as necessary (reference 6.6 and 6.7).

A.4.3.2 Safety performance requirements. These are the general safety requirements needed to meet the core program objectives. The more closely these requirements relate to a given program, the more easily the designers can incorporate them into the system. In the appropriate system specifications, incorporate the safety performance requirements that are applicable, and the specific risk levels considered acceptable for the system. Acceptable risk levels can be defined in terms of: a hazard category developed through a mishap risk assessment matrix; an overall system mishap rate; demonstration of controls required to preclude unacceptable conditions; satisfaction of specified standards and regulatory requirements; or other suitable mishap risk assessment procedures. Listed below are some examples of how safety performance requirements could be stated.

a. Quantitative requirements. Quantitative requirements are usually expressed as a failure or mishap rate, such as "The catastrophic system mishap rate shall not exceed x.xx X 10-y per operational hour."

b. Mishap risk requirements. Mishap risk requirements could be expressed as "No hazards assigned a Catastrophic mishap severity are acceptable." Mishap risk requirements could also be expressed as a level defined by a mishap risk assessment (see A.4.4.3.2.3), such as "No Category 3 or higher mishap risks are acceptable."

c. Standardization requirements. Standardization requirements are expressed relative to a known standard that is relevant to the system being developed. Examples include: "The system will comply with the laws of the State of XXXXX and be operable on the highways of the State of XXXXX" or "The system will be designed to meet ANSI Std XXX as a minimum."

A.4.3.3 Safety design requirements. The program manager, in concert with the chief engineer and utilizing systems engineering and associated system safety professionals, should establish specific safety design requirements for the overall system. The objective of safety design requirements is to achieve acceptable mishap risk through a systematic application of design guidance from standards, specifications, regulations, design handbooks, safety design checklists, and other sources. These are reviewed for safety design parameters and acceptance criteria applicable to the system. Safety design requirements derived from the selected parameters, as well as any associated acceptance criteria, are included in the system specification. These requirements and criteria are expanded for inclusion in the associated follow-on or lower level specifications. Some general safety system design requirements are listed below.

a. Hazardous material use is minimized, eliminated, or associated mishap risks are reduced through design, including material selection or substitution. When potentially hazardous materials must be used, the materials that pose the least risk throughout the life cycle of the system are selected.

b. Hazardous substances, components, and operations are isolated from other activities, areas, personnel, and incompatible materials.

c. Equipment is located so that access during operations, servicing, repair, or adjustment minimizes personnel exposure to hazards (e.g., hazardous substances, high voltage, electromagnetic radiation, and cutting and puncturing surfaces).

d. Power sources, controls, and critical components of redundant subsystems are protected by physical separation or shielding, or by other acceptable methods.

f. Safety devices that will minimize mishap risk (e.g., interlocks, redundancy, fail safe design, system protection, fire suppression, and protective measures such as clothing, equipment, devices, and procedures) are considered for hazards that cannot be eliminated. Provisions are made for periodic functional checks of safety devices when applicable.

g. System disposal (including explosive ordnance disposal) and demilitarization are considered in the design.

h. Warning signals are implemented so as to minimize the probability of incorrect personnel reaction to the signals, and should be standardized within like types of systems.

i. Warning and cautionary notes are provided in assembly, operation, and maintenance instructions, and distinctive markings are provided on hazardous components, equipment, and facilities to ensure personnel and equipment protection when no alternate design approach can eliminate a hazard. Use standard warning and cautionary notations where multiple applications occur. Standardize notations in accordance with commonly accepted commercial practice or, if none exists, normal military procedures. Do not use warning, caution, or other written advisory as the only risk reduction method for hazards assigned Catastrophic or Critical mishap severities.

j. Safety critical tasks may require personnel proficiency; if so, the developer should propose a proficiency certification process to be used.

k. Severity of injury or damage to equipment or the environment as a result of a mishap is minimized.

l. Inadequate or overly restrictive requirements regarding safety are not included in the system specification.

m. Acceptable risk is achieved in implementing new technology, materials, or designs in an item’s production, test, and operation. Changes to design, configuration, production, or mission requirements (including any resulting system modifications and upgrades, retrofits, insertions of new technologies or materials, or use of new production or test techniques) are accomplished in a manner that maintains an acceptable level of mishap risk. Changes to the environment in which the system operates are analyzed to identify and mitigate any resulting hazards or changes in mishap risks.

A.4.3.3.1 Some program managers include the following conditions in their solicitation, system specification, or contract as requirements for the system design. These condition statements are used optionally as supplemental requirements based on specific program needs.

A.4.3.3.1.1 Unacceptable conditions. The following safety critical conditions are considered unacceptable for development efforts. Positive action and verified implementation is required to reduce the mishap risk associated with these situations to a level acceptable to the program manager.

a. Single component failure, common mode failure, human error, or a design feature that could cause a mishap of Catastrophic or Critical severity.

b. Dual independent component failures, dual independent human errors, or a combination of a component failure and a human error involving safety critical command and control functions, which could cause a mishap of Catastrophic or Critical severity.

c. Generation of hazardous radiation or energy, when no provisions have been made to protect personnel or sensitive subsystems from damage or adverse effects.

d. Packaging or handling procedures and characteristics that could cause a mishap for which no controls have been provided to protect personnel or sensitive equipment.

e. Hazard categories that are specified as unacceptable in the development agreement.

A.4.3.3.1.2 Acceptable conditions. The following approaches are considered acceptable for correcting unacceptable conditions and will require no further analysis once mitigating actions are implemented and verified.

a. For non-safety critical command and control functions: a system design that requires two or more independent human errors, or that requires two or more independent failures, or a combination of independent failure and human error.

b. For safety critical command and control functions: a system design that requires at least three independent failures, or three independent human errors, or a combination of three independent failures and human errors.

c. System designs that positively prevent errors in assembly, installation, or connections that could result in a mishap.

d. System designs that positively prevent damage propagation from one component to another or prevent sufficient energy propagation to cause a mishap.

e. System design limitations on operation, interaction, or sequencing that preclude occurrence of a mishap.

f. System designs that provide an approved safety factor, or a fixed design allowance that limits, to an acceptable level, possibilities of structural failure or release of energy sufficient to cause a mishap.

g. System designs that control energy build-up that could potentially cause a mishap (e.g., fuses, relief valves, or electrical explosion proofing).

h. System designs where component failure can be temporarily tolerated because of residual strength or alternate operating paths, so that operations can continue with a reduced but acceptable safety margin.

i. System designs that positively alert the controlling personnel to a hazardous situation where the capability for operator reaction has been provided.

j. System designs that limit or control the use of hazardous materials.

A.4.3.4 Elements of an effective system safety effort. Elements of an effective system safety effort include:

a. Management is always aware, and formally documents this awareness, of the mishap risks associated with the system. Hazards associated with the system are identified, assessed, tracked, monitored, and the associated risks are either eliminated or controlled to an acceptable level throughout the life cycle. Actions taken to eliminate or reduce mishap risk to an acceptable level are identified and archived for tracking and lessons learned purposes.

b. Historical hazard and mishap data, including lessons learned from other systems, are considered and used.

c. Environmental protection, safety, and occupational health, consistent with mission requirements, are designed into the system in a timely, cost-effective manner. Inclusion of the appropriate safety features is accomplished during the applicable phases of the system life cycle.

d. Mishap risk resulting from harmful environmental conditions (e.g., temperature, pressure, noise, toxicity, acceleration, and vibration) and human error in system operation and support is minimized.

e. System users are kept abreast of the safety of the system and included in the safety decision process.

A.4.4 System safety engineering effort. As stated in paragraph 4, a system safety engineering effort consists of eight main requirements. The following paragraphs provide further descriptions on what efforts are typically expected due to each of the system safety requirements listed in paragraph 4.

A.4.4.1 Documentation of the system safety approach. The documentation of the system safety approach should describe the planned tasks and activities of system safety management and system engineering required to identify, evaluate, and eliminate or control hazards, or to reduce the residual mishap risk to a level acceptable throughout the system life cycle. The documentation should describe, as a minimum, the four elements of an effective system safety effort: a planned approach for task accomplishment, qualified people to accomplish tasks, the authority to implement tasks through all levels of management, and the appropriate commitment of resources (both manning and funding) to ensure that safety tasks are completed. Specifically, the provided documentation should:

a. Describe the scope of the overall system program and the related system safety effort. Define system safety program milestones. Relate these to major program milestones, program element responsibility, and required inputs and outputs.

b. Describe the safety tasks and activities of system safety management and engineering. Describe the interrelationships between system safety and other functional elements of the program. List the other program requirements and tasks applicable to system safety and reference where they are specified or described. Include the organizational relationships between other functional elements having responsibility for tasks with system safety impacts and the system safety management and engineering organization including the review and approval authority of those tasks.

      c. Describe specific analysis techniques and formats to be used in qualitative or quantitative assessments of hazards, their causes, and effects.

      d. Describe the process through which management decisions will be made (for example, timely notification of unacceptable risks, necessary action, incidents or malfunctions, waivers to safety requirements, and program deviations). Include a description on how residual mishap risk is formally accepted and this acceptance is documented.

      e. Describe the mishap risk assessment procedures, including the mishap severity categories, mishap probability levels, and the system safety design order of precedence that should be followed to satisfy the safety requirements of the program. State any qualitative or quantitative measures of safety to be used for mishap risk assessment including a description of the acceptable and unacceptable risk levels (if applicable). Include system safety definitions that modify, deviate from, or are in addition to those in this standard or generally accepted by the system safety community (see Defense Acquisition Deskbook and System Safety Society’s System Safety Analysis Handbook) (see A.6.1).

f. Describe how resolution and action relative to system safety will be implemented at the program management level possessing resolution authority.

g. Describe the verification (e.g., test, analysis, demonstration, or inspection) requirements for ensuring that safety is adequately attained. Identify any certification requirements for software, safety devices, or other special safety features (e.g., render safe and emergency disposal procedures).

h. Describe the mishap or incident notification, investigation, and reporting process for the program, including notification of the program manager.

i. Describe the approach for collecting and processing pertinent historical hazard, mishap, and safety lessons learned data. Include a description on how a system hazard log is developed and kept current (see A.4.4.8.1).

j. Describe how the user is kept abreast of residual mishap risk and the associated hazards.

A.4.4.2 Identification of hazards. Identify hazards through a systematic hazard analysis process encompassing detailed analysis of system hardware and software, the environment (in which the system will exist), and the intended usage or application. Historical hazard and mishap data, including lessons learned from other systems, are considered and used.

A.4.4.2.1 Approaches for identifying hazards. Numerous approaches have been developed and used to identify system hazards. A key aspect of many of these approaches is empowering the design engineer with the authority to design safe systems and the responsibility to identify to program management the hazards associated with the design. Hazard identification approaches often include using system users in the effort. Commonly used approaches for identifying hazards can be found in the Defense Acquisition Deskbook and System Safety Society’s System Safety Analysis Handbook (see A.6.1)

A.4.4.3 Assessment of mishap risk. Assess the severity and probability of the mishap risk associated with each identified hazard, i.e., determine the potential impact of the hazard on personnel, facilities, equipment, operations, the public, or environment, as well as on the system itself.

A.4.4.3.1 Mishap risk assessment models. To determine what actions to take to eliminate or control identified hazards, a system of determining the level of mishap risk involved must be developed. A good mishap risk assessment model will enable decision makers to properly understand the level of mishap risk involved, relative to what it will cost in schedule and dollars to reduce that mishap risk to an acceptable level.

A.4.4.3.2 Model development. Key to most mishap risk assessment models is the characterization of mishap risks as to mishap severity and mishap probability. Since the highest system safety design order of precedence is to eliminate hazards by design, a mishap risk assessment procedure considering only mishap severity will generally suffice during the early design phase to minimize the system’s mishap risks (for example, just don’t use hazardous or toxic material in the design). When all hazards cannot be eliminated during the early design phase, a mishap risk assessment procedure based upon the mishap probability as well as the mishap severity provides a resultant mishap risk assessment. The assessment is used to establish priorities for corrective action, resolution of identified hazards, and notification to management of the mishap risks. The information provided here is a suggested model and set of definitions that can be used. Program managers are allowed to develop models and definitions appropriate to their individual programs.

A.4.4.3.2.1 Mishap severity. Mishap severity categories are defined to provide a qualitative measure of the most reasonable credible mishap resulting from personnel error, environmental conditions, design inadequacies, procedural deficiencies, or system, subsystem, or component failure or malfunction. Suggested mishap severity categories are shown in Table A-I.

TABLE A-I. Suggested mishap severity categories.

|Description |

|Category |

|Environmental, Safety, and Health Result Criteria |

| |

|Catastrophic |

|   I |

|Could result in death, permanent total disability, loss exceeding $1M, or irreversible severe environmental damage that violates law or |

|regulation. |

| |

|Critical |

|   II |

|Could result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three |

|personnel, loss exceeding $200K but less than $1M, or reversible environmental damage causing a violation of law or regulation. |

| |

|Marginal |

|   III |

|Could result in injury or occupational illness resulting in one or more lost work days(s), loss exceeding $10K but less than $200K, or |

|mitigatible environmental damage without violation of law or regulation where restoration activities can be accomplished. |

| |

|Negligible |

|   IV |

|Could result in injury or illness not resulting in a lost work day, loss exceeding $2K but less than $10K, or minimal environmental |

|damage not violating law or regulation. |

| |

NOTE: These mishap severity categories provide guidance to a wide variety of programs. However, adaptation to a particular program is generally required to provide a mutual understanding between the program manager and the developer as to the meaning of the terms used in the category definitions. Other risk assessment techniques may be used provided that the user approves them.

A.4.4.3.2.2 Mishap probability. Mishap probability is the probability that a mishap will occur during the planned life expectancy of the system. It can be described in terms of potential occurrences per unit of time, events, population, items, or activity. Assigning a quantitative mishap probability to a potential design or procedural hazard is generally not possible early in the design process. At that stage, a qualitative mishap probability may be derived from research, analysis, and evaluation of historical safety data from similar systems. Supporting rationale for assigning a mishap probability is documented in hazard analysis reports. Suggested qualitative mishap probability levels are shown in Table A-II.

TABLE A-II. Suggested mishap probability levels.

|Description* |

|Level |

|Specific Individual Item |

|Fleet or Inventory** |

| |

|Frequent |

|    A |

|Likely to occur often in the life of an item, with a probability of occurrence greater than 10-1 in that life. |

|Continuously experienced. |

| |

|Probable |

|    B |

|Will occur several times in the life of an item, with a probability of occurrence less than 10-1 but greater than 10-2 in that |

|life. |

|Will occur frequently. |

| |

|Occasional |

|    C |

|Likely to occur some time in the life of an item, with a probability of occurrence less than 10-2 but greater than 10-3 in that |

|life. |

|Will occur several times. |

| |

|Remote |

|    D |

|Unlikely but possible to occur in the life of an item, with a probability of occurrence less than 10-3 but greater than 10-6 in |

|that life. |

|Unlikely, but can reasonably be expected to occur. |

| |

|Improbable |

|    E |

|So unlikely, it can be assumed occurrence may not be experienced, with a probability of occurrence less than 10-6 in that life. |

|Unlikely to occur, but possible. |

| |

| |

| |

   *Definitions of descriptive words may have to be modified based on quantity of items involved.

**The expected size of the fleet or inventory should be defined prior to accomplishing an assessment of the system.

A.4.4.3.2.3 Mishap risk assessment. Mishap risk characterization as to mishap severity and mishap probability can be performed through the use of the mishap risk assessment matrix. This assessment allows one to assign a mishap risk assessment value to a hazard based on its mishap severity and its mishap probability. This value is then often used to rank different hazards as to their associated mishap risks. An example of a mishap risk assessment matrix is shown at Table A-III.

TABLE A-III. Example mishap risk assessment values.

|SEVERITY |

|PROBABILITY |

|Catastrophic |

|Critical |

|Marginal |

|Negligible |

| |

|Frequent |

|1 |

|3 |

|7 |

|13 |

| |

|Probable |

|2 |

|5 |

|9 |

|16 |

| |

|Occasional |

|4 |

|6 |

|11 |

|18 |

| |

|Remote |

|8 |

|10 |

|14 |

|19 |

| |

|Improbable |

|12 |

|15 |

|17 |

|20 |

| |

A.4.4.3.2.4 Mishap risk categories. Mishap risk assessment values are often used in grouping individual hazards into mishap risk categories. Mishap risk categories are then used to generate specific action such as mandatory reporting of certain hazards to management for action or formal acceptance of the associated mishap risk. Table A-IV includes an example listing of mishap risk categories and the associated assessment values. In the example, the system management has determined that mishap risk assessment values 1 through 5 constitute “High” risk while values 6 through 9 constitute “Serious” risk.

TABLE A-IV. Example mishap risk categories and mishap risk acceptance levels.

|Mishap Risk Assessment Value |

|Mishap Risk Category |

|Mishap Risk Acceptance |

|Level |

| |

|1 – 5 |

|High |

|Component Acquisition Executive |

| |

|6 – 9 |

|Serious |

|Program Executive Officer |

| |

|10 – 17 |

|Medium |

|Program Manager |

| |

|18 – 20 |

|Low |

|As directed |

| |

   *Representative mishap risk acceptance levels are shown in the above table. Mishap risk acceptance is discussed in paragraph A.4.4.7

A.4.4.3.2.5 Mishap risk impact. The mishap risk impact is assessed, as necessary, using other factors to discriminate between hazards having the same mishap risk value. One might discriminate between hazards with the same mishap risk assessment value in terms of mission capabilities, or social, economic, and political factors. This would be a program management decision used to prioritize resulting actions.

A.4.4.3.3 Mishap risk assessment approaches. Commonly used approaches for assessing mishap risk can be found in the Defense Acquisition Deskbook and System Safety Society’s System Safety Analysis Handbook (see A.6.1)

A.4.4.4 Identification of mishap risk mitigation measures. Identify potential mishap risk mitigation alternatives and the expected effectiveness of each alternative or method. Mishap risk mitigation is an iterative process that culminates when the residual mishap risk has been reduced to a level acceptable to the appropriate authority.

A.4.4.4.1 Prioritize hazards for corrective action. To eliminate or otherwise control as many hazards as possible, prioritize hazards for corrective action. A categorization of hazards may be conducted according to the mishap risk potential they present.

A.4.4.4.2 System safety design order of precedence (see 4.4). The ultimate goal of a system safety program is to design systems that contain no hazards. However, since the nature of most complex systems makes it impossible or impractical to design them completely hazard-free, a successful system safety program often provides a system design where there exist no hazards resulting in an unacceptable level of mishap risk. As hazard analyses are performed, hazards will be identified that will require resolution. The system safety design order of precedence defines the order to be followed for satisfying system safety requirements and reducing risks. The alternatives for eliminating the specific hazard or controlling its associated risk are evaluated so that an acceptable method for mishap risk reduction can be agreed to.

A.4.4.5 Reduction of mishap risk to an acceptable level. Reduce the system mishap risk through a mitigation approach mutually agreed to by both the developer and the program manager.

A.4.4.5.1 Communication with associated test efforts. Residual mishap risk and associated hazards must be communicated to the system test efforts for verification.

A.4.4.6 Verification of mishap risk reduction. Verify the mishap risk reduction and mitigation through appropriate analysis, testing, or inspection. Document the determined residual mishap risk. The program manager must ensure that the selected mitigation approaches will result in the expected residual mishap risk. To provide this assurance, the system test effort should verify the performance of the mitigation actions. New hazards identified during testing must be reported to the program manager and the developer.

A.4.4.6.1 Testing for a safe design. Tests and demonstrations must be defined to validate selected safety features of the system. Tests or demonstrations must be performed on safety critical equipment and procedures to determine the mishap severity or to establish the margin of safety of the design. Induced or simulated failures will be considered to demonstrate the failure mode and acceptability of safety critical equipment. Where hazards are identified during the development effort and it cannot be analytically determined whether the action taken will adequately control the hazard, safety tests must be conducted to evaluate the effectiveness of the controls. Where costs for safety testing would be prohibitive, safety characteristics or procedures may be verified by engineering analyses, analogy, laboratory test, functional mockups, or subscale/model simulation. Tests of safety systems should be integrated into appropriate system test and demonstration plans to the maximum extent possible.

A.4.4.6.2 Conducting safe testing. The program manager must ensure that test teams are familiar with mishap risks of the system. Test plans, procedures, and test results for all tests including design verification, operational evaluation, production acceptance, and shelf-life validation should be reviewed to ensure that:

a. Safety is adequately demonstrated.

b. The testing will be conducted in a safe manner.

c. All additional hazards introduced by testing procedures, instrumentation, test hardware, and test environment are properly identified and controlled.

A.4.4.6.3 Communication of new hazards identified during testing. Testing organizations must ensure that hazards and safety discrepancies discovered during testing are communicated to the program manager and the developer.

A.4.4.7 Review and acceptance of residual mishap risk by the appropriate authority. Notify the program manager of identified hazards and residual mishap risk.

A.4.4.7.1 Residual mishap risk. The mishap risk that remains after all planned mishap risk management measures have been implemented is considered residual mishap risk. Residual mishap risk is documented along with the reason(s) for incomplete mitigation.

A.4.4.7.2 Residual mishap risk management. The program manager must know what residual mishap risk exists in the system being acquired. For significant mishap risks, the program manager is required to elevate reporting of residual mishap risk to higher levels of appropriate authority (such as the Program Executive Officer or Component Acquisition Executive) for action or acceptance. The program manager is encouraged to apply additional resources or other remedies to help the developer satisfactorily resolve hazards providing significant mishap risk. Table A-IV includes an example of a mishap risk acceptance level matrix based on the mishap risk assessment value and mishap risk category.

A.4.4.7.3 Residual mishap risk acceptance. The program manager is responsible for formally documenting the acceptance of the residual mishap risk of the system by the appropriate authority. The program manager should update this residual mishap risk and the associated hazards to reflect changes in the system or its use. The program manager should keep the system users apprised of the residual mishap risk of the system and the associated hazards.

A.4.4.8 Tracking hazards and residual mishap risk. Track hazards, their closures, and residual mishap risk. A tracking system for hazards, their closures, and residual mishap risk must be maintained throughout the system life cycle. The program manager must keep the system user apprised of system hazards and residual mishap risk.

A.4.4.8.1 Process for tracking of hazards and residual mishap risk. Each system must have a current log of identified hazards and residual mishap risk, including an assessment of the residual mishap risk (see A.4.4.7). As changes are integrated into the system, this log is updated to incorporate added or changed hazards and the associated residual mishap risk. The Government must formally acknowledge acceptance of system hazards and residual mishap risk. Users will be kept informed of hazards and residual mishap risk associated with their systems.

A.4.4.8.1.1 Developer responsibilities for communications, acceptance, and tracking of hazards and residual mishap risk. The developer (see 3.2.2) is responsible for communicating information to the program manager on system hazards and residual mishap risk, including any unusual consequences and costs associated with hazard mitigation. After attempting to eliminate or mitigate system hazards, the developer will formally document and notify the program manager of all hazards breaching thresholds set in the safety design criteria. At the same time, the developer will also communicate the system residual mishap risk.

A.4.4.8.1.2 Program manager responsibilities for communications, acceptance, and tracking of hazards and residual mishap risk. The program manager is responsible for maintaining a log of all identified hazards and residual mishap risk for the system. The program manager will communicate known hazards and associated risks of the system to all system developers and users. As changes are integrated into the system, the program manager shall update this log to incorporate added or changed hazards and the residual mishap risk identified by the developer. The program manager is also responsible for informing system developers about the program manager’s expectations for handling of newly discovered hazards. The program manager will evaluate new hazards and the resulting residual mishap risk, and either recommend further action to mitigate the hazards, or formally document the acceptance of these hazards and residual mishap risk. The program manager will evaluate the hazards and associated residual mishap risk in the context of the user requirements, potential mission capability, and the operational environment. Copies of the documentation of the hazard and risk acceptance will be provided to both the developer and the system user. Hazards for which the program manager accepts responsibility for mitigation will also be included in the formal documentation. For example, if the program manager decides to execute a special training program to mitigate a potentially hazardous situation, this approach will be documented in the formal response to the developer. Residual mishap risk and hazards must be communicated to system test efforts for verification.

A.5 SPECIFIC REQUIREMENTS

A.5.1 Program manager responsibilities. The program manager should:

A.5.1.1 Assure that all types of hazards are identified, evaluated, and mitigated to a level compliant with acquisition management policy, federal laws and regulations, Executive Orders, treaties, and agreements.

A.5.1.2 Establish, plan, organize, implement, and maintain an effective system safety effort that is integrated into all life cycle phases.

A.5.1.3 Ensure that system safety planning is documented to provide all program participants with visibility into how the system safety effort is to be conducted.

A.5.1.4 Establish definitive safety requirements for the procurement, development, and sustainment of the system. The requirements should be set forth clearly in the appropriate system specifications and contractual documents.

A.5.1.5 Provide historical safety data to developers.

A.5.1.6 Monitor the developer’s system safety activities and review and approve delivered data in a timely manner, if applicable, to ensure adequate performance and compliance with safety requirements.

A.5.1.7 Ensure that the appropriate system specifications are updated to reflect results of analyses, tests, and evaluations.

A.5.1.8 Evaluate new lessons learned for inclusion into appropriate databases and submit recommendations to the responsible organization.

A.5.1.9 Establish system safety teams to assist the program manager in developing and implementing a system safety effort.

A.5.1.10 Provide technical data on Government-furnished Equipment or Government-furnished Property to enable the developer to accomplish the defined tasks.

A.5.1.11 Document acceptance of residual mishap risk and associated hazards.

A.5.1.12 Keep the system users apprised of system hazards and residual mishap risk.

A.6 NOTES

A.6.1 DoD acquisition practices and safety analysis techniques. Information on DoD acquisition practices and safety analysis techniques is available at the referenced Internet sites. Nothing in the referenced information is considered binding or additive to the requirements provided in this standard.

A.6.1.1 Defense Acquisition Deskbook. Wright-Patterson Air Force Base, Ohio: Deskbook Joint Program Office. .

A.6.1.2 System Safety Analysis Handbook. Unionville, VA: System Safety Society. .

_________________________________________________________________________________________

System Safety Process Steps

Source: FAA Office of System Safety

The System Safety discipline is defined as the application of special technical and managerial skills to the systematic, forward-looking identification and control of hazards throughout the life cycle of a project, program, or activity. The primary objective of System Safety is accident prevention. Proactively identifying, assessing, and eliminating or controlling safety-related hazards, to acceptable levels can achieve accident prevention. A hazard is a condition, event, or circumstance that could lead to or contribute to an unplanned or undesired event. Risk is an expression of the impact of an undesired event in terms of event severity and event likelihood. Throughout this process, hazards are identified, risks analyzed, assessed, prioritized, and results documented for decision-making. The continuous loop process provides for validation of decisions and evaluation for desired results and/or the need for further action.

The System Safety process steps are depicted graphically in the following figure. It is a formal and flexible process that generally follows the steps in the FAA's Safety Risk Management Order, 8040.4. A systematic approach to process improvement requires proactively searching for opportunities to improve the process at every step, not simply identifying deficiencies after an undesired event. Risk Management has been defined as the process by which Risk Assessment results are integrated with political, social, economic, and engineering considerations for decisions about need/methods for risk reduction.

[pic]

1. Define Objectives

The first step in the System Safety process is to define the objectives of the system under review. These objectives are typically documented in business plans and operating specifications.

2. System Description

A description of the interactions among people, procedures, tools, materials, equipment, facilities, software, and the environment. This also includes descriptions of data available.

3. Hazard Identification: Identify Hazards & Consequences

Potential hazards may be identified from a number of internal and external sources. Generally, hazards are initially listed on a Preliminary Hazard List (PHL), then grouped by functional equivalence for analysis. Prior to risk analysis you must also include the consequence (undesired event) resulting from the hazard scenarios. Hazard scenarios may address the following: who, what where, when, why and how. This provides an intermediate product that expresses the condition and the consequences that will be used during risk analysis.

4. Risk Analysis: Analyze Hazards and Identify Risks

Risk analysis is the process whereby hazards are characterized for their likelihood and severity. Risk analysis looks at hazards to determine what can happen when. This can be either a qualitative or quantitative analysis. The inability to quantify and/or the lack of historical data on a particular hazard does not exclude the hazard from the need for analysis.

Some type of a Risk Assessment Matrix is normally used to determine the level of risk (see an example contained in Attachment 1).

5. Risk Assessment: Consolidate & Prioritize Risks

Risk Assessment is generally defined as the process of combining the impacts of risk elements discovered in risk analysis and comparing them against some acceptability criteria. Risk Assessment can include the consolidation of risks into risk sets that can be jointly mitigated, combined, and then used in decision making.

6. Decision Making: Develop Action Plans

This step begins with the receipt of a prioritized risk list. Review the list to determine how to address each risk, beginning with the highest prioritized risk. The four options that may be chosen for a risk are transfer, eliminate, accept, or mitigate (T.E.A.M). Generally, design engineering follows the "safety order of precedence": 1) Design for minimum risk, 2) Incorporate safety devices, 3) Provide warning devices, or 4) Develop procedures and training. This may result in alternative action plans.

7. Validations and Control: Evaluate Results of Action Plan for Further Action

Validation and control begins with (1) the results of scheduled analyses on the effectiveness of actions taken (this will include identification of data to be collected and identification of triggering events if possible; then developing a plan to review the data collected) and (2) the current status of each prioritized risk. The residual risk will either be acceptable, unacceptable, or unknown. If it is acceptable, then documentation is required to reflect the modification to the system, and the rationale for accepting the residual risk. If it is unacceptable, an alternate action plan may be needed, or a modification to the system/process may be necessary.

8. Modify System/Process (if needed)

If the status of a risk should change or the mitigating action does not produce the intended effect, a determination must be made as to why. It may be that the wrong hazard was being addressed, or the system/process needs to be modified. In either case, one would then re-enter the system safety process at the hazard identification step.

Attachment 1

Example Risk Assessment Matrix

[pic]

|Severity Scale Definitions |

|Catastrophic |Results in fatalities and/or loss of the system. |

|Critical |Severe injury and/or major system damage. |

|Marginal |Minor injury and/or minor system damage. |

|Negligible |Less than minor injury and/or less than minor system damage. |

|Likelihood Scale Definitions |

|Frequent |Individual |Likely to occur often. |

| |Fleet |Continuously experienced. |

|Probable |Individual |Will occur several times. |

| |Fleet |Will occur often. |

|Occasional |Individual |Likely to occur some time. |

| |Fleet |Will occur several times. |

|Remote |Individual |Unlikely to occur, but possible. |

| |Fleet |Unlikely but can reasonably be expected to occur. |

|Improbable |Individual |So unlikely, it can be assumed it will not occur. |

| |Fleet |Unlikely to occur, but possible. |

_________________________________________________________________________________________

Principles of System Safety

Source: FAA Office of System Safety

Definition of System Safety

System safety is a specialty within system engineering that supports program risk management. It is the application of engineering and management principles, criteria and techniques to optimize safety. The goal of System Safety is to optimize safety by the identification of safety related risks, eliminating or controlling them by design and/or procedures, based on acceptable system safety precedence. System Safety Management as a critical functional discipline to be applied during all phases of the life cycle of an acquisition. SSM contains a five step approach:

1. Planning

2. Hazard Identification

3. Analysis

4. Assessment

5. Decision.

The system safety principles involved in each of these steps are discussed in the following paragraphs.

Planning

System safety must be planned. It is an integrated and comprehensive engineering effort that requires a trained staff experienced in the application of safety engineering principles. The effort is interrelated, sequential and continuing throughout all program phases. The plan must influence facilities, equipment, procedures and personnel. Planning should include transportation, logistics support, storage, packing, and handling, and should address Commercial Off-the-Shelf (COTS) and Non-developmental Items (NDI). A System Safety Management Plan is needed in the Preinvestment Decision phases to address the management objectives, responsibilities, program requirements, and schedule (who?, what?, when?, where?, and why?). After the Investment Decision is made and a program is approved for implementation, a System Safety Program Plan is needed.

Managing Authority (MA) Role

Throughout this document, the term Managing Authority (MA) is used to identify the responsible entity for managing the system safety effort. In all cases, the MA has responsibility for the program, project or activity. Managerial and technical procedures to be used must be approved by the MA. The MA resolves conflicts between safety requirements and other design requirements, and resolves conflicts between associate contractors when applicable.

Defining System Safety Requirements

System safety requirements must be consistent with other program requirements. A balanced program attempts to optimize safety, performance and cost. System safety program balance is the product of the interplay between system safety and the other three familiar program elements of cost, schedule, and performance as shown in the figure below.

[pic]

Programs cannot afford accidents that will prevent the achievement of the primary mission goals. However, neither can we afford systems that cannot perform due to unreasonable and unnecessary safety requirements. Safety must be placed in its proper perspective. A correct safety balance cannot be achieved unless acceptable and unacceptable conditions are established early enough in the program to allow for the selection of the optimum design solution and/or operational alternatives. Defining acceptable and unacceptable risk is as important for cost-effective accident prevention as is defining cost and performance parameters.

Hazard Analysis

Both elements of risk (hazard severity and likelihood of occurrence) must be characterized. The inability to quantify and/or lack of historical data on a particular hazard does not exclude the hazard from this requirement1. Hazards are subdivided into sub-categories related to environment such as system states, environmental conditions or "initiating" and "contributing" hazards.

Realistically, a certain degree of safety risk must be accepted. Determining the acceptable level of risk is generally the responsibility of management. Any management decisions, including those related to safety, must consider other essential program elements. The marginal costs of implementing hazard control requirements in a system must be weighed against the expected costs of not implementing such controls.

The cost of not implementing hazard controls is often difficult to quantify before the fact. In order to quantify expected accident costs before the fact, two factors must be considered. These are related to risk and are the potential consequences of an accident and the probability of its occurrence. The more severe the consequences of an accident (in terms of dollars, injury, or national prestige, etc.) the lower the probability of its occurrence must be for the risk to be acceptable. In this case, it will be worthwhile to spend money to reduce the probability by implementing hazard controls. Conversely, accidents whose consequences are less severe may be acceptable risks at higher probabilities of occurrence and will consequently justify a lesser expenditure to further reduce the frequency of occurrence. Using this concept as a baseline, design limits must be defined.

Accident Scenario Relationships

In conducting hazard analysis, an accident scenario as shown in Figure 3-2 is a useful model for analyzing risk of harm due to hazards. Throughout this document, the term hazard will be used to describe scenarios that may cause harm. It is defined as a "Condition, event, or circumstance that could lead to or contribute to an unplanned or undesired event." Seldom does a single hazard cause an accident. More often, an accident occurs as the result of a sequence of causes termed initiating and contributory hazards. As can be seen below, contributory hazards involve consideration of the system state (e.g., operating environment) as well as failures or malfunctions.

[pic]

Definitions of Severity and Probability

Specific definitions for Severity and Probability to be used during all phases of the acquisition life cycle. These are shown in the tables below.

Severity Definitions for SSM Process

|Catastrophic |Results in multiple fatalities and/or loss of the system |

|Hazardous |Reduces the capability of the system or the operator ability to cope with adverse conditions to the |

| |extent that there would be: large reduction in safety margin or functional capability, physical |

| |distress/excessive workload such that operators cannot be relied upon to perform required tasks |

| |accurately or completely, serious or fatal injury to small number of personnel Fatal injury to ground |

| |personnel and/or general public |

|Major |Reduces the capability of the system or the operators to cope with adverse operating condition to the |

| |extent that there would be: significant reduction in safety margin or functional capability, significant|

| |increase in operator workload, conditions impairing operator efficiency or creating significant |

| |discomfort, physical distress to personnel including injuries, major occupational illness and/or major |

| |environmental damage, and/or major property damage |

|Minor |Does not significantly reduce system safety. Actions required by operators are well within their |

| |capabilities. Include: slight reduction in safety margin or functional capabilities, slight increase in |

| |workload such as routine workload changes, some physical discomfort to workers, minor occupational |

| |illness and/or minor environmental damage, and/or minor property damage |

|No |Safety effect has no effect on safety |

Probability of Occurrence Definitions

|Probable |Qualitative: Anticipated to occur one or more times during the entire system/operational life of an |

| |item. Quantitative: Probability of occurrence per operational hour is greater that 1 x 10-5 |

|Remote |Qualitative: Unlikely to occur to each item during its total life. May occur several time in the life |

| |of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is less |

| |than 1 x 10-5 , but greater than 1 x 10-7 |

|Extremely Remote |Qualitative: Not anticipated to occur to each item during its total life. May occur a few times in the|

| |life of an entire system or fleet. Quantitative: Probability of occurrence per operational hour is |

| |less than 1 x 10-7 but greater than 1 x 10-9 |

|Extremely |Qualitative: So unlikely that it is not anticipated to occur during the entire operational life of an |

|Improbable |entire system or fleet. Quantitative: Probability of occurrence per operational hour is less than 1 x |

| |10- |

MIL-STD-882C Definitions of Severity and Likelihood

An example taken from MIL-STD-882C of the definitions used to define Severity of Consequence and Event Likelihood are in the tables below.

Severity of Consequence

|Description |Category |Definition |

|Catastrophic |I |Death, and/or system loss, and/or severe environmental damage. |

|Critical |II |Severe injury, severe occupational illness, major system and/or environmental damage. |

|Marginal |III |Minor injury, minor occupational illness, and/or minor system damage, and/or environmental |

| | |damage. |

|Negligible |IV |Less then minor injury, occupational illness, or lee then minor system or environmental |

| | |damage. |

Event Likelihood (Probability)

|Description |Level |Specific Event |

|Frequent |A |Likely to occur frequently |

|Probable |B |Will occur several times in the life of system. |

|Occasional |C |Likely to occur some time in the life of the system. |

|Remote |D |Unlikely but possible to occur in the life of the system. |

|Improbable |E |So unlikely, it can be assumed that occurrence may not be experienced. |

Comparative Safety Assessment The risk management concept emphasizes the identification of the change in risk with a change in alternative solutions. Comparative Safety Assessment is made more complicated considering that a lesser safety risk may not be the optimum choice. Recognition of this is the keystone of safety risk management. These factors make system safety a decision making tool. It must be recognized, however, that selection of the greater safety risk alternative carries with it the responsibility of assuring inclusion of adequate warnings, personnel protective systems, and procedural controls.

Comparative Safety Assessment is also a planning tool. It requires planning for the development of safety operating procedures and test programs to resolve uncertainty when safety risk cannot be completely controlled by design. It provides a control system to track and measure progress towards the resolution of uncertainty and to measure the reduction of safety risk. Assessment of risk is made by combining the severity of consequence with the likelihood of occurrence in a matrix.

[pic]

Risk Acceptability Matrix

|High Risk |--Unacceptable. Tracking in the FAA Hazard Tracking System is required until the risk is reduced and |

| |accepted. |

|Medium |-- Acceptable with review by the appropriate management authority. Tracking in the FAA Hazard Tracking |

| |System is required until the risk is accepted. |

|Low |-- Low risk is acceptable without review. No further tracking of the hazard is required. |

Risk Acceptance Criteria

An example based on MIL-STD-882C is shown below. The matrix may be referred to as a Hazard Risk Index (HRI), a Risk Rating Factor (RRF), or other terminology, but in all cases, it is the criteria used by management to determine acceptability of risk.

The Comparative Safety Assessment Matrix below illustrates an acceptance criteria methodology. Region R1 on the matrix is an area of high risk and may be considered unacceptable by the managing authority. Region R2 may be acceptable with management review of controls and/or mitigations, and R3 may be acceptable with management review. R4 is a low risk region that is usually acceptable without review.

Example of a Comparative Safety Assessment Matrix

[pic]

Early in a development phase, performance objectives may tend to overshadow efforts to reduce safety risk. This is because sometimes safety represents a constraint on a design. For this reason, safety risk reduction is often ignored or overlooked. In other cases, safety risk may be appraised, but not fully enough to serve as a significant input to the decision making process. As a result, the sudden identification of a significant safety risk, or the occurrence of an actual incident, late in the program can provide an overpowering impact on schedule, cost, and sometimes performance. To avoid this situation, methods to reduce safety risk must be applied commensurate with the task being performed in each program phase.

In the early development phase (investment analysis and the early part of solution implementation), the system safety activities are usually directed toward:

1. establishing risk acceptability parameters

2. practical tradeoffs between engineering design and defined safety risk parameters

3. avoidance of alternative approaches with high safety risk potential

4. defining system test requirements to demonstrate safety characteristics, and

5. safety planning for follow-on phases.

The culmination of this effort is the safety Comparative Safety Assessment that is a summary of the work done toward minimization of unresolved safety concerns and a calculated appraisal of the risk. Properly done, it allows intelligent management decisions concerning acceptability of the risk.

The general principles of safety risk management are:

1. All system operations represent some degree of risk.

2. Recognize that human interaction with elements of the system entails some element of risk.

3. Keep hazards in proper perspective.

4. Do not overreact to each identified risk, but make a conscious decision on how to deal with it.

5. Weigh the risks and make judgments according to your own knowledge, inputs from subject matter experts, experience, and program need.

6. It is more important to establish clear objectives and parameters for Comparative Safety Assessment related to a specific program than to use generic approaches and procedures.

7. There may be no "single solution" to a safety problem. There are usually a variety of directions to pursue.

8. Each of these directions may produce varying degrees of risk reduction. A combination of approaches may provide the best solution.

9. Point out to designers the safety goals and how they can be achieved rather than tell him his approach will not work.

10. There are no "safety problems" in system planning or design. There are only engineering or management problems that, if left unresolved, may lead to accidents.

11. The determination of severity is made on a “worst credible case/condition” in accordance with MIL-STD-882C.

12. Many hazards may be associated with a single risk. In predictive analysis, risks are hypothesized accidents, and are therefore potential in nature. Severity assessment is made regarding the potential of the hazards to do harm.

_________________________________________________________________________________________

Risk Management Decision Making

For any system safety effort to succeed there must be a commitment on the part of management. There must be mutual confidence between program managers and system safety management. Program managers need to have confidence that safety decisions are made with professional competence. System safety management and engineering must know that their actions will receive full program management attention and support. Safety personnel need to have a clear understanding of the system safety task along with the authority and resources to accomplish the task. Decision-makers need to be fully aware of the risk they are taking when they make their decisions. They have to manage program safety risk. For effective safety risk management, program managers should:

• Ensure that competent, responsible, and qualified engineers be assigned in program offices and contractor organizations to manage the system safety program.

• Ensure that system safety managers are placed within the organizational structure so that they have the authority and organizational flexibility to perform effectively.

• Ensure that all known hazards and their associated risks are defined, documented, and tracked as a program policy so that the decision-makers are made aware of the risks being assumed when the system becomes operational.

• Require that an assessment of safety risk be presented as a part of program reviews and at decision milestones. Make decisions on risk acceptability for the program and accept responsibility for that decision.

Safety Order of Precedence

One of the fundamental principles of system safety is the Safety Order of Precedence in eliminating, controlling or mitigating a hazard. The Safety Order of Precedence is shown in Table 3-7. It will be referred to several times throughout the remaining chapters of this handbook.

|Description |Priority |Definition |

|Design for minimum |1 |Design to eliminate risks. If the identified risk cannot be eliminated, reduce it to an |

|risk. | |acceptable level through design selection. |

|Incorporate safety |2 |If identified risks cannot be eliminated through design selection, reduce the risk via |

|devices. | |the use of fixed, automatic, or other safety design features or devices. Provisions shall|

| | |be made for periodic functional checks of safety devices. |

|Provide warning |3 |When neither design nor safety devices can effectively eliminate identified risks or |

|devices. | |adequately reduce risk, devices shall be used to detect the condition and to produce an |

| | |adequate warning signal. Warning signals and their application shall be designed to |

| | |minimize the likelihood of inappropriate human reaction and response. Warning signs and |

| | |placards shall be provided to alert operational and support personnel of such risks as |

| | |exposure to high voltage and heavy objects. |

|Develop procedures |4 |Where it is impractical to eliminate risks through design selection or specific safety |

|and training. | |and warning devices, procedures and training are used. However, concurrence of authority |

| | |is usually required when procedures and training are applied to reduce risks of |

| | |catastrophic, hazardous, major, or critical severity. |

Examples:

1. Design for Minimum Risk: Design hardware systems that use low voltage rather than high voltage where access is provided for maintenance activities.

2. Incorporate Safety Devices If low voltage is unsuitable, provide interlocks.

3. Provide warning devices If safety devices are not practical, provide warning placards

4. Develop procedures and training Train maintainers to shut off power before opening high voltage panels

Behavioral-Based Safety

Safety management must be based on the behavior of people and the organizational culture. Everyone has a responsibility for safety and should participate in safety management efforts. Modern organization safety strategy has progressed from “safety by compliance” to more of an appropriate concept of “prevention by planning”. Reliance on compliance could translate to after-the-fact hazard detection, which does not identify organizational errors, that are often times, the contributors to accidents.

Modern safety management, i.e.--“system safety management”-- adopts techniques of system theory, statistical analysis, behavioral sciences and the continuous improvement concept. Two elements critical to this modern approach are a good organizational safety culture and people involvement. The establishment of system safety working groups, analysis teams, and product teams accomplishes a positive cultural involvement when there are consensus efforts to conduct hazard analysis and manage system safety programs.

Real-time safety analysis is conducted when operational personnel are involved in the identification of hazards and risks, which is the key to behavioral-based safety.

The concept consists of a “train-the-trainer” format. A selected safety team is provided the necessary tools and is taught how to:

• Identify hazards, unsafe acts or conditions;

• Identify “at risk” behaviors;

• Collect the information in a readily available format for providing immediate feedback;

• Train front-line people to implement and take responsibility for day-to-day operation of the program.

The behavioral-based safety process allows an organization to create and maintain a positive safety culture that continually reinforces safe behaviors over unsafe behaviors. This will ultimately result in a reduction of risk.

_________________________________________________________________________________________

Models Used by System Safety for Analysis

The system safety program may use various models to describe a system under study. Two models are known as the 5M model and the SHEL model. While there are many other models available, these two recognize the interrelationships and integration of the hardware, software, human, environment and procedures.

The first step in performing safety risk management is describing the system under consideration. This description should include at a minimum, the functions, general physical characteristics, and operations of the system. Normally, detailed physical descriptions are not required unless the safety analysis is focused on this area.

Keep in mind that the reason for performing safety analyses is to identify hazards and risks and to communicate that information to the audience. At a minimum, the safety assessment should describe the system in sufficient detail that the projected audience can understand the safety risks.

A system description has both breadth and depth. The breadth of a system description refers to the system boundaries. Bounding means limiting the system to those elements of the system model that affect or interact with each other to accomplish the central mission(s) or function. Depth refers to the level of detail in the description. In general, the level of detail in the description varies inversely with the breadth of the system. For a very broad system the description would be very general in nature with little detail on individual components. On the other hand, a simple system, such as a valve in a landing gear design, could include a lot of detail to support the assessment.

First, a definition of “system” is needed. MIL-STD-882C (System Safety Program Requirements) define a system as:

A composite at any level of complexity, of personnel, procedures, material, tools, equipment, facilities, and software. The elements of this composite entity are used together in the intended operation or support environment to perform a given task or achieve a specific production, support, or mission requirement.

Graphically, this is represented by the 5M and SHEL models, which depict, in general, the types of elements that should be considered within most systems.

5M model of System Engineering

|[pic] |• Msn - Mission: central purpose or functions |

| |• Man - Human element |

| |• Mach - Machine: hardware and software |

| |• Media - Environment: ambient and operational environment|

| | |

| |• Mgt- Management: procedures, policies, and regulations |

Mission. The mission is the purpose or central function of the system. This is the reason that all the other elements are brought together.

Man. This is the human element of a system. If a system requires humans for operation, maintenance, or installation this element must be considered in the system description.

Machine. This is the hardware and software (including firmware) element of a system.

Media. Media is the environment in which a system will be operated, maintained, and installed. This environment includes operational and ambient conditions. Operational environment means the conditions in which the mission or function is planned and executed. Operational conditions are those involving things such as air traffic density, communication congestion, workload, etc. Part of the operational environment could be described by the type of operation (air traffic control, air carrier, general aviation, etc.) and phase (ground taxiing, takeoff, approach, enroute, transoceanic, landing, etc.). Ambient conditions are those involving temperature, humidity, lightning, electromagnetic effects, radiation, precipitation, vibration, etc.

Management. Management includes the procedures, policy, and regulations involved in operating, maintaining, installing, and decommissioning a system.

SHELL Model of a system

|[pic] |S= Software (procedures, symbology, etc. |

| |H= Hardware (machine) |

| |E= Environment (operational and ambient) |

| |L= Liveware (human element) |

In the SHELL model, the match or mismatch of the blocks (interface) is just as important as the characteristics described by the blocks themselves. These blocks may be re-arranged as required to describe the system. A connection between blocks indicates an interface between the two elements.

Each element of the system should be described both functionally and physically if possible. A function is defined as

|An action or purpose for which a system, subsystem, or element is designed to perform. |

Functional description: A functional description should describe what the system is intended to do, and should include subsystem functions as they relate to and support the system function.

Physical characteristics: A physical description provides the audience with information on the real composition and organization of the tangible system elements. As before, the level of detail varies with the size and complexity of the system, with the end objective being adequate audience understanding of the safety risk.

_________________________________________________________________________________________

System Safety Summary

1. System safety is a basic requirement of the total system.

2. System safety must be planned

• Integrated and comprehensive safety engineering effort

• Interrelated, sequential, and continuing effort

• Plan must influence facilities, equipment, procedures, and personnel

• Applicable to all program phases

• Covers transportation and logistics support

• Covers storage, packaging, and handling

• Covers Non-Development Items (NDI).

3. Design safety precedence:

1. Design to minimum hazard

2. Use safety devices

3. Use warning devices

4. Use special procedures.

4. System Safety requirements must be consistent with other program requirements. Performance, cost, etc., requirements may have priority over safety Requirements.

5. System analyses are basic tools for systematically developing design specifications. Ultimate measure of safety is not the scope of analysis but in satisfied Requirements. Analyses are hazard not safety analyses. Analyses are performed to:

• Identify hazards and corrective actions

• Review safety considerations in tradeoffs

• Determine/evaluate safety design requirements

• Determine/evaluate operational, test, logistics requirements

• Validate qualitative/quantitative requirements have been met.

6. Level of risk assumption and criteria are an inherent part of risk management.

7. Safety Management defines functions, authority, and interrelationships. Exercises appropriate controls.

8. The degree of safety effort and achievements are directly dependent upon management emphasis by the host employer and contractors.

9. Results of safety effort depend upon clearly stated safety objectives/requirements. 10. Authorized manager responsibilities: -

• Plan, organize, and implement SSP

• - Establish safety requirements for system design

• - State safety requirements in contract

• - Requirements for activities in Statement of Work (SOW)

• - Review and insure adequate and complete system safety program plan (SSPP)

• - Supply historical data

• - Review contractor system safety effort/data

• - Ensure specifications are updated with test analyses results

• - Establish and operate system safety groups.

• • Software hazard analyses are a flow down requirements process followed by an upward flow verification process

11. Four elements of an effective System Safety Program:

1. Planned approach to accomplish tasks

2. - Qualified people

3. - Authority to implement tasks through all levels of management

4. - Appropriate manning/funding

_________________________________________________________________________________________

Design and Pre-Design Safety Activities

The design and pre-design system safety engineering activities, are listed below:

• Activity 1 - Preliminary Hazard List (PHL)

• Activity 2 - Preliminary Hazard Analysis (PHA)

• Activity 3 - Requirements Hazard Analysis (RHA)

• Activity 4- Subsystem Hazard Analysis (SSHA)

• Activity 5 - System Hazard Analysis (SHA)

• Activity 6 - Operating and Support Hazard Analysis (O&SHA)

• Activity 7 - Health Hazard Assessment (HHA)

The completion of these activities represents the bulk of the SSP. The output and the effects of implementing the activities are the safety program. Review of the documented analyses provides the visibility into the effectiveness and quality of the safety program. It is recommended that these analyses be documented in a format compatible with an efficient review.

The following format features are recommended:

• Inclusion of a "road map" to show the sequence of tasks performed during the analysis.

• Presentation style, which may be in contractor format, consistent with the logic of the analysis procedure.

• All primary (critical) hazards and risks listed in an unambiguous manner.

• All recommended hazard controls and corrective actions detailed.

Questions that the reviewer should ask as the analyses are reviewed include the following:

• Do the contributory hazards listed include those that have been identified in accidents of similar systems?

• Are the recommended hazard controls and corrective actions realistic and sufficient?

• Are the recommended actions fed back into the line management system in a positive way that can be tracked?

The figure below illustrates the interrelationship of these tasks and their relationship to the design and contractual process.

[pic]

Activity 1: Develop a Preliminary Hazard List

The Preliminary Hazard List (PHL) is generated at the start of each hazard analysis. It is basically a list of anything that the analyst can think of that can go wrong based on the concept, its operation and implementation. It provides an inherent list of hazards associated with the concept under consideration. The contractor may be required to investigate further selected hazards or hazardous characteristics identified by the PHL to determine their significance. This information is important in making a series of decisions ranging from "Should the program continue?" to shaping the post contractual safety requirements. The PHL may be generated by either the host employer or a contractor.

The PHL lists of hazards that may require special safety design emphasis or hazardous areas where in-depth analyses need to be done. Example uses of the PHL include providing inputs to the determination process of the scope of follow-on hazard analyses (e.g., PHA, SSHA). The PHL may be documented using a table-type format.

Activity 2: Conduct a Preliminary Hazard Analysis

The Preliminary Hazard Analysis (PHA) is the initial effort in hazard analysis during the system design phase or the programming and requirements development phase for facilities acquisition. It may also be used on an operational system for the initial examination of the state of safety. The purpose of the PHA is not to affect control of all risks but to fully recognize the hazardous states with all of the accompanying system implications.

The PHA effort should begin during the earliest phase that is practical and updated in each sequential phase. Typically, it is first performed during the conceptual phase but, when applicable, may be performed on an operational system. Performing a PHA early in the life cycle of a system provides important inputs to tradeoff studies in the early phases of system development. In the case of an operational system, it aids in an early determination of the state of safety. The output of the PHA may be used in developing system safety requirements and in preparing performance and design specifications.

In addition, the PHA is the basic hazard analysis that establishes the framework for other hazard analyses that may be performed.

A PHA must include, but not be limited to, the following information:

• As complete a description as possible of the system or systems being analyzed, how it will be used, and interfaces with existing system(s). If an OED was performed during predevelopment, this can form the basis for a system description.

• A review of pertinent historical safety experience (lessons learned on similar systems)

• A categorized listing of basic energy sources

• An investigation of the various energy sources to determine the provisions that have been developed for their control

• Identification of the safety requirements and other regulations pertaining to personnel safety, environmental hazards, and toxic substances with which the system must comply.

• Recommendation of corrective actions.

Since the PHA should be initiated very early in the planning phase, the data available to the analyst may be incomplete and informal. Therefore, the analysis should be structured to permit continual revision and updating as the conceptual approach is modified and refined. As soon as the subsystem design details are complete enough to allow the analyst to begin the subsystem hazard analysis in detail, the PHA can be terminated. The PHA may be documented in any manner that renders the information above clear and understandable to the non-safety community. A tabular format is usually used.

The following reference input information is helpful to perform a PHA:

• Design sketches, drawings, and data describing the system and subsystem elements for the various conceptual approaches under consideration

• Functional flow diagrams and related data describing the proposed sequence of activities, functions, and operations involving the system elements during the contemplated life span

• Background information related to safety requirements associated with the contemplated testing, manufacturing, storage, repair, and use locations and safety-related experiences of similar previous programs or activities.

The PHA must consider the following for identification and evaluation of hazards as a minimum.

• Hazardous components (e.g., fuels, propellants, lasers, explosives, toxic substances, hazardous construction materials, pressure systems, and other energy sources).

• Safety-related interface considerations among various elements of the system (e.g., material compatibility, electromagnetic interference, inadvertent activation, fire/explosive initiation and propagation, and hardware and software controls). This must include consideration of the potential contribution by software (including software developed by other contractors) to subsystem/system accidents.

• Environmental constraints, including the operating environments (e.g., drop, shock, vibration, extreme temperatures, noise, exposure to toxic substances, health hazards, fire, electrostatic discharge, lightning, electromagnetic environmental effects, ionizing and non-ionizing radiation).

• If available, operating, test, maintenance, and emergency procedures (e.g., human factors engineering, human error analysis of operator functions, tasks, and requirements; effect of factors such as equipment layout, lighting requirements, potential exposures to toxic materials, effects of noise or radiation on human performance; life support requirements and their safety implications in manned systems, crash safety, egress, rescue, survival, and salvage).

• If available, facilities, support equipment (e.g., provisions for storage, assembly, checkout, proof testing of hazardous systems/assemblies that may involve toxic, flammable, explosive, corrosive, or cryogenic materials/; radiation or noise emitters; electrical power sources), and training (e.g., training and certification pertaining to safety operations and maintenance).

• Safety-related equipment, safeguards, and possible alternate approaches (e.g., interlocks, system redundancy, hardware or software fail-safe design considerations, subsystem protection, fire detection and suppression systems, personal protective equipment, industrial ventilation, and noise or radiation barriers).

Activity 3: Conduct a Requirements Hazard Analysis

The purpose of Activity 3 is to perform and document the safety design requirements/design criteria for a system or facility undergoing development or modification. It is also an opportunity to develop safety requirements from regulations, standards, Public Laws, etc. that are generic and not related to a specific identified hazard. In the early system design phase, the developer can usually anticipate the system design, including likely software control and monitoring functions. This information can be used to determine the potential relationship between system-level hazards, hardware elements and software control and monitoring and safety functions, and to develop design requirements, guidelines, and recommendations to eliminate or reduce the risk of those hazards to an acceptable level. Enough information can be collected to designate hardware and software functions as safety critical.

During the Demonstration and Evaluation and/or Full-Scale Development phases, the developer should analyze the system along with hardware/software design and requirements documents to:

• Refine the identification of hazards associated with the control of the system

• Safety-critical data generated or controlled by the system

• Safety-critical non-control functions performed by the system and unsafe operating modes for resolution.

The requirements hazard analysis is substantially complete by the time the allocated baseline is defined. The requirements are developed to address hazards, both specific and nonspecific, in hardware and software.

The requirements hazard analysis may use the PHL and the PHA as a basis, if available. The analysis relates the hazards identified to the system design and identifies or develops design requirements to eliminate or reduce the risk of the identified hazards to an acceptable level. The requirements hazard analysis is also used to incorporate design requirements that are safety related but not tied to a specific hazard. This analysis includes the following:

Determination of applicable generic system safety design requirements and guidelines for both hardware and software from applicable military specifications, Government standards, and other documents for the system under development. Incorporate these requirements and guidelines into the high-level system specifications and design documents, as appropriate.

Analysis of the system design requirements, system/segment specifications, preliminary hardware configuration item development specifications, software requirements specifications, and the interface requirements specifications, as appropriate, including the following sub-activities:

• Develop, refine, and specify system safety design requirements and guidelines; translate into system, hardware, and software requirements and guidelines, where appropriate; implement in the design and development of the system hardware and associated software.

• Identify hazards and relate them to the specifications or documents above and develop design requirements to reduce the risk of those hazards.

• Analyze the preliminary system design to identify potential hardware/software interfaces at a gross level that may cause or contribute to potential hazards. Interfaces to be identified include control functions, monitoring functions, safety systems, and functions that may have indirect impact on safety.

• Perform a preliminary risk assessment on the identified safety-critical software functions using the hazard risk matrix or software hazard risk matrix or another process as mutually agreed to by the contractor and the host employer.

• Ensure that system safety design requirements are properly incorporated into the operator, users, and diagnostic manuals.

• Develop safety-related design change recommendations and testing requirements and incorporate them into preliminary design documents and the hardware, software, and system test plans. The following subactivities should be accomplished:

• Develop safety-related change recommendations to the design and specification documents listed above and include a means of verification for each design requirement.

• Develop testing requirements. The contractor may develop safety-related test requirements for incorporation into the hardware, software, and system integration test documents.

• Support the system requirements review, system design review, and software specification review from a system safety viewpoint. Address the system safety program, analyses performed and to be performed, significant hazards identified, hazard resolutions or proposed resolutions, and means of verification.

For work performed under contract details to be specified in the SOW should include, as applicable:

• Definition of acceptable level of risk within the context of the system, subsystem, or component under analysis

• Level of contractor support required for design reviews

• Specification of the type of risk assessment process.

Activity 4: Subsystem Hazard Analysis

The Subsystem Hazard Analysis (SSHA) is performed if a system under development contained subsystems or components that when integrated function together in a system. This analysis examines each subsystem or component and identifies hazards associated with normal or abnormal operations and is intended to determine how operation or failure of components or any other anomaly that adversely affects the overall safety of the system. This analysis should identify existing and recommended actions using the system safety precedence to determine how to eliminate or reduce the risk of identified hazards.

As soon as subsystems are designed in sufficient detail, or well into concept design for facilities acquisition, the SSHA can begin. Design changes to components also need to be evaluated to determine whether the safety of the system is affected. The techniques used for this analysis must be carefully selected to minimize problems in integrating subsystem hazard analyses into the system hazard analysis. The SSHA may be documented in a combination of text and/or tabular format.

A contractor may perform and document a subsystem hazard analysis to identify all components and equipment, including software, whose performance, performance degradation, functional failure, or inadvertent functioning could result in a hazard or whose design does not satisfy contractual safety requirements. The analysis may include:

• A determination of the hazards or risks, including reasonable human errors as well as single and multiple failures.

• A determination of potential contribution of software (including that which is developed by other contractors) events, faults, and occurrences (such as improper timing) on the safety of the subsystem

• A determination that the safety design criteria in the software specification(s) have been satisfied

• A determination that the method of implementation of software design requirements and corrective actions has not impaired or decreased the safety of the subsystem nor has introduced any new hazards.

When software to be used in conjunction with the subsystem is being developed under standards, the contractor performing the SSHA will monitor, obtain, and use the output of each phase of the formal software development process in evaluating the software contribution to the SSHA. Problems identified that require the response of the software developer should be reported in time to support the ongoing phase of the software development process. The contractor should update the SSHA when needed as a result of any system design changes, including software changes that affect system safety.

For work performed under contract details to be specified in the SOW should include, as applicable:

• Minimum risk severity and probability reporting thresholds

• The specific subsystems to be analyzed

• Any selected risks, hazards, hazardous areas, or other items to be examined or excluded

• Specification of desired analysis technique(s) and/or format.

Activity 5: System Hazard Analysis

A System Hazard Analysis (SHA) is accomplished in much the same way as the SSHA. However, as the SSHA examines how component operation or risks affect the system, the SHA determines how system operation and hazards can affect the safety of the system and its subsystems. The SSHA, when available, serves as input to the SHA. The SHA should begin as the system design matures, at the preliminary design review or the facilities concept design review milestone, and should be updated until the design is complete. Design changes will need to be evaluated to determine their effects on the safety of the system and its subsystems. This analysis should contain recommended actions, applying the system safety precedence, to eliminate or reduce the risk of identified hazards. The techniques used to perform this analysis must be carefully selected to minimize problems in integrating the SHA with other hazard analyses. The SHA may be documented in text and/or tabular format or a combination of both text and tables.

A contractor may perform and document an SHA to identify hazards and assess the risk of the total system design, including software, and specifically the subsystem interfaces. This analysis must include a review of subsystem interrelationships for:

• Compliance with specified safety criteria

• Independent, dependent, and simultaneous hazardous events including failures of safety devices and common causes that could create a hazard

• Degradation in the safety of a subsystem or the total system from normal operation of another subsystem

• Design changes that affect subsystems

• The effects of reasonable human errors

• The potential contribution of software (including that which is developed by other contractors) events, faults, and occurrences (such as improper timing) on safety of the system

• The determination that safety design criteria in the software specification(s) have been satisfied

The SHA may be performed using similar techniques to those used for the SSHA. When software to be used in conjunction with the system is being developed under software standards, the contractor performing the SHA should be required to monitor, obtain, and use the output of each phase of the formal software development process in evaluating the software contribution to safety. Problems identified that require the response of the software developer should be reported in time to support the ongoing phase of the software development process. A contractor should also be required to update the SHA when needed as a result of any system design changes, including software, which affect system safety.

When work is performed under contract, details to be specified in the SOW should include, as applicable:

• Minimum risk severity and probability reporting thresholds

• Any selected hazards, hazardous areas, or other specific items to be examined or excluded

• Specification of desired analysis technique(s) and/or format

Activity 6: Operating and Support Hazard Analysis

The Operating and Support Hazard Analysis (O&SHA) is performed primarily to identify and evaluate the hazards associated with the environment, personnel, procedures, operation, support, and equipment involved throughout the total life cycle of a system/element. The O&SHA may be performed on such activities as testing, installation, modification, maintenance, support, transportation, ground servicing, storage, operations, emergency escape, egress, rescue, post-accident responses, and training. The figure below shows O&SHA elements. The O&SHA may also be selectively applied to facilities acquisition projects to make sure operation and maintenance manuals properly address safety and health requirements.

[pic]

The O&SHA effort should start early enough to provide inputs to the design, system test, and operation. This analysis is most effective as a continuing closed-loop iterative process, whereby proposed changes, additions, and formulation of functional activities are evaluated for safety considerations prior to formal acceptance. The analyst performing the O&SHA should have available:

• Engineering descriptions of the proposed system, support equipment, and facilities

• Draft procedures and preliminary operating manuals

• PHA, SSHA, and SHA reports

• Related and constraint requirements and personnel capabilities

• Human factors engineering data and reports

• Lessons learned, including a history of accidents caused by human error

• Effects of off-the-shelf hardware and software across the interface with other system components or subsystems.

Timely application of the O&SHA will provide design guidance. The findings and recommendations resulting from the O&SHA may affect the diverse functional responsibilities associated with a given program. Therefore, it is important that the analysis results are properly distributed for the effective accomplishment of the O&SHA objectives. The techniques used to perform this analysis must be carefully selected to minimize problems in integrating O&SHAs with other hazard analyses. The O&SHA may be documented any format that provides clear and concise information to the non-safety community.

A contractor may perform and document an O&SHA to examine procedurally controlled activities. The O&SHA identifies and evaluates hazards resulting from the implementation of operations or tasks performed by persons considering the following:

• Planned system configuration/state at each phase of activity

• Facility interfaces

• Planned environments (or ranges thereof)

• Supporting tools or other equipment, including software-controlled automatic test equipment, specified for use

• Operational/task sequence, concurrent task effects and limitations

• Biotechnological factors, regulatory or contractually specified personnel safety and health requirements

• Potential for unplanned events, including hazards introduced by human errors.

The O&SHA must identify the safety requirements or alternatives needed to eliminate identified hazards, or to reduce the associated risk to a level that is acceptable under either regulatory or contractually specified criteria. The analysis may identify the following:

• Activities that occur under hazardous conditions, their time periods, and the actions required to minimize risk during these activities/time periods

• Changes needed in functional or design requirements for system hardware/software, facilities, tooling, or support/test equipment to eliminate hazards or reduce associated risks

• Requirements for safety devices and equipment, including personnel safety and life support equipment

• Warnings, cautions, and special emergency procedures (e.g., egress, rescue, escape), including those necessitated by failure of a software-controlled operation to produce the expected and required safe result or indication

• Requirements for handling, storage, transportation, maintenance, and disposal of hazardous materials

• Requirements for safety training and personnel certification.

The O&SHA documents system safety assessment of procedures involved in system production, deployment, installation, assembly, test, operation, maintenance, servicing, transportation, storage, modification, and disposal. A contractor must update the O&SHA when needed as a result of any system design or operational changes. If no specific analysis techniques are directed, the contractor should obtain approval of technique(s) to be used prior to performing the analysis.

For work performed under contract, details to be specified in the SOW should include, as applicable:

• Minimum risk probability and severity reporting thresholds

• Specification of desired analysis technique(s) and/or format

• The specific procedures to be evaluated.

Activity 7: Health Hazard Assessment

The purpose of a Health Hazard Assessment (HHA) is to identify health hazards, evaluate proposed hazardous materials, and propose protective measures to reduce the associated risk to an acceptable level.

The first step of the HHA is to identify and determine quantities of potentially hazardous materials or physical agents (noise, radiation, heat stress, cold stress) involved with the system and its logistical support. The next step is to analyze how these materials or physical agents are used in the system and for its logistical support. Based on the use, quantity, and type of substance/agent, estimate where and how personnel exposures may occur and if possible the degree or frequency of exposure. The final step includes incorporation into the design of the system and its logistical support equipment/facilities, cost-effective controls to reduce exposures to acceptable levels. The life-cycle costs of required controls could be high, and consideration of alternative systems may be appropriate.

An HHA evaluates the hazards and costs due to system component materials, evaluates alternative materials, and recommends materials that reduce the associated risks and life-cycle costs. Materials are evaluated if (because of their physical, chemical, or biological characteristics; quantity; or concentrations) they cause or contribute to adverse effects in organisms or offspring, pose a substantial present or future danger to the environment, or result in damage to or loss of equipment or property during the systems life cycle.

An HHA should include the evaluation of the following:

• Chemical hazards - Hazardous materials that are flammable, corrosive, toxic, carcinogens or suspected carcinogens, systemic poisons, asphyxiants, or respiratory irritants

• Physical hazards (e.g., noise, heat, cold, ionizing and non-ionizing radiation)

• Biological hazards (e.g., bacteria, fungi)

• Ergonomic hazards (e.g., lifting, task saturation)

• Other hazardous materials that may be introduced by the system during manufacture, operation, or maintenance.

The evaluation is performed in the context of the following:

• System, facility, and personnel protective equipment requirements (e.g., ventilation, noise attenuation, radiation barriers) to allow safe operation and maintenance. When feasible engineering designs are not available to reduce hazards to acceptable levels, alternative protective measures must be specified (e.g., protective clothing, operation or maintenance procedures to reduce risk to an acceptable level).

• Potential material substitutions and projected disposal issues. The HHA discusses long-term effects such as the cost of using alternative materials over the life cycle or the capability and cost of disposing of a substance.

• Hazardous material data. The HHA describes the means for identifying and tracking information for each hazardous material. Specific categories of health hazards and impacts that may be considered are acute health, chronic health, cancer, contact, flammability, reactivity, and environment.

The HHA’s hazardous materials evaluation must include the following:

• Identification of the hazardous materials by name(s) and stock numbers (or CAS numbers); the affected system components and processes; the quantities, characteristics, and concentrations of the materials in the system; and source documents relating to the materials

• Determination of the conditions under which the hazardous materials can release or emit components in a form that may be inhaled, ingested, absorbed by living beings, or leached into the environment

• Characterization material hazards and determination of reference quantities and hazard ratings for system materials in question

• Estimation of the expected usage rate of each hazardous material for each process or component for the system and program-wide impact

• Recommendations for the disposition of each hazardous material identified. If a reference quantity is exceeded by the estimated usage rate, material substitution or altered processes may be considered to reduce risks associated with the material hazards while evaluating the impact on program costs. For each proposed and alternative material, the assessment must provide the following data for management review:

• Material identification. Includes material identity, common or trade names, chemical name, chemical abstract service (CAS) number, national stock number (NSN), local stock number, physical state, and manufacturers and suppliers

• Material use and quantity. Includes component name, description, operations details, total system and life cycle quantities to be used, and concentrations of any mixtures

• Hazard identification. Identifies the adverse effects of the material on personnel, the system, environment, or facilities

• Toxicity assessment. Describes expected frequency, duration, and amount of exposure. References for the assessment must be provided

• Risk calculations. Includes classification of severity and probability of occurrence, acceptable levels of risk, any missing information, and discussions of uncertainties in the data or calculations.

For work performed under contract, details to be specified in the SOW include:

• Minimum risk severity and probability reporting thresholds

• Any selected hazards, hazardous areas, hazardous materials or other specific items to be examined or excluded

• Specification of desired analysis techniques and/or report formats.

__________________________________________________________________

Fault Tree Analysis

Source: Texas Workers’ Compensation Commission, Workers Health & Safety Division, Safety Education & Training Programs.

Background

A fault tree analysis (FTA) (similar to a logic diagram) is a “deductive” analytical tool used to study a specific undesired event. The “deductive” approach begins with a defined undesired event, usually a postulated accident condition, and systematically considers all known events, faults, and occurrences, which could cause or contribute to the occurrence of the undesired event

Engineers developed FTA to improve the safety of missile systems. They reasoned most accidents/incidents result from failures or malfunctions within a system. A system consists of people, equipment, material, and environmental factors. This system performs specific tasks using prescribed methods. The components of a system and its environment are interrelated, and a failure in any part can affect the other parts. A negative event can be a near miss or an incident that could have resulted in personal injury to an employee or equipment/property damage.

Analytical Trees

Analytical trees are graphic representations or pictures of a project or event. They use deductive reasoning in that they start with a general top event or output event and develop down through the branches to specific input events that must occur in order for the output to be generated. Analytical trees are called trees because their structure resembles a tree, narrow at the top with a single event symbol and then branching out as the tree is developed.

Fault Trees

Negative analytical trees or fault trees are excellent troubleshooting tools. They can be used to prevent or identify failures prior to their occurrence, but are more frequently used to analyze accidents or as investigative tools to pinpoint failures. When an accident or failure occurs, the root cause of the negative event can be identified. Each event is analyzed by asking, “How could this happen?” In answering this question, the primary causes and how they interact to produce an undesired event are identified. This logic process continues until all potential causes have been identified.

Throughout this process, a tree diagram is used to record the events as they are identified. Tree branches stop when all events leading to the negative event are complete.

Symbols are used to represent various events and describe relationships:

| |And gate - represents a condition in which all the events shown below the gate (input |

| |gate) must be present for the event shown above the gate (output event) to occur. This|

| |means the output event will occur only if all of the input events exist |

| |simultaneously. |

| |Or gate - represents a situation in which any of the events shown below the gate |

| |(input gate) will lead to the event shown above the gate (output event). The event |

| |will occur if only one or any combination of the input events exists. |

There are five types of event symbols:

|[pic] |1. Rectangle - The rectangle is the main building block for the analytical tree. It |

| |represents the negative event and is located at the top of the tree and can be located|

| |throughout the tree to indicate other events capable of being broken down further. |

| |This is the only symbol that will have a logic gate and input events below it. |

|[pic] |2. Circle – A circle represents a base event in the tree. These are found on the |

| |bottom tiers of the tree and require no further development or breakdown. There are no|

| |gates or events below the base event. |

|[pic] |3. Diamond – The diamond identifies an undeveloped terminal event. Such an event |

| |is one not fully developed because of a lack of information or significance. A |

| |fault tree branch can end with a diamond. For example, most projects require |

| |personnel, procedures, and hardware. The tree developer may decide to concentrate |

| |on the personnel aspect of the procedure and not the hardware or procedural |

| |aspects. In this case the developer would use diamonds to show “procedures” and |

| |“hardware” as undeveloped terminal events. |

|[pic] |4. Oval – An oval symbol represents a special situation that can only happen if |

| |certain circumstances occur. This is spelled out in the oval symbol. An example of |

| |this might be if switches must be thrown in a specific sequence before an action |

| |takes place. |

|[pic] |5. Triangle – The triangle signifies a transfer of a fault tree branch to another |

| |location within the tree. Where a triangle connects to the tree with an arrow, |

| |everything shown below the connection point transfers to another area of the tree. |

| |This area is identified by a corresponding triangle that is connected to the tree with|

| |a vertical line. Letters, numbers or figures identify one set of transfer symbols from|

| |another. To maintain the simplicity of the analytical tree, the transfer symbol should|

| |be used sparingly. |

Fault Tree Analysis involves the following steps:

1. Define the top event.

2. Know the system.

3. Construct the tree.

4. Validate the tree.

5. Evaluate the tree.

6. Study tradeoffs.

7. Consider alternatives and recommend action.

1. Define the top event. To define the top event the type of failure to be investigated must be identified. This could be whatever the end result of an incident may have been, such as a forklift overturning.

2. Determine all the undesired events in operating a system. Separate this list into groups having common characteristics. Several FTAs may be necessary to study a system completely. Finally, one event should be established representing all events within each group. This event becomes the undesired event to study.

3. Know the system. All available information about the system and its environment should be studied. A job analysis may prove helpful in determining the necessary information.

4. Construct the fault tree. This step is perhaps the simplest because only the few symbols are involved and the actual construction is pretty straightforward.

Principles of construction. The tree must be constructed using the event symbols listed above. It should be kept simple. Maintain a logical, uniform, and consistent format from tier to tier. Use clear, concise titles when writing in the event symbols. The logic gates used should be restricted to the and gate and or gate with constraint symbols used only when necessary. An example would be the use of the oval constraint symbol to illustrate a necessary order of events that must happen to have an event occur. The transfer triangle should be used sparingly if at all. The more the transfer triangle is used, the more complicated the tree becomes. The purpose of the tree is to keep the procedure as simple as possible.

5. Validate the tree. This requires allowing a person knowledgeable in the process to review the tree for completeness and accuracy.

6. Evaluate the fault tree. The tree should then be scrutinized for those areas where improvements in the analysis can be made or where there may be an opportunity to utilize alternative procedures or materials to decrease the hazard.

7. Study tradeoffs. In this step, any alternative methods that are implemented should be further evaluated. This will allow evaluators to see any problems that may be related with the new procedure prior to implementation.

8. Consider alternatives and recommend action. This is the last step in the process where corrective action or alternative measures are recommended.

[pic]

Benefits The primary advantages of fault tree analyses are the meaningful data they produce which allow evaluation and improvement of the overall reliability of the system. It also evaluates the effectiveness of and need for redundancy. Limitation: A limitation of the fault tree analysis is that the undesired event evaluated must be foreseen and all significant contributors to the failure must be anticipated. This effort may be very time consuming and expensive. And finally, the overall success of the process depends on the skill of the analyst involved.

__________________________________________________________________________________________

Fault Tree Analysis

Source: FAA System Safety Handbook, Ch. 9.

Fault Tree Analysis (FTA) is a popular and productive hazard identification tool. It provides a standardized discipline to evaluate and control hazards. The FTA process is used to solve a wide variety of problems ranging from safety to management issues.

This tool is used by the professional safety and reliability community to both prevent and resolve hazards and failures. Both qualitative and quantitative methods are used to identify areas in a system that are most critical to safe operation. Either approach is effective. The output is a graphical presentation providing technical and administrative personnel with a map of "failure or hazard" paths. FTA symbols may be found in Figure 8- 5. The reviewer and the analyst must develop an insight into system behavior, particularly those aspects that might lead to the hazard under investigation.

Qualitative FTAs are cost effective and invaluable safety engineering tools. The generation of a qualitative fault tree is always the first step. Quantitative approaches multiply the usefulness of the FTA but are more expensive and often very difficult to perform.

An FTA (similar to a logic diagram) is a "deductive" analytical tool used to study a specific undesired event such as "engine failure." The "deductive" approach begins with a defined undesired event, usually a postulated accident condition, and systematically considers all known events, faults, and occurrences that could cause or contribute to the occurrence of the undesired event. Top level events may be identified through any safety analysis approach, through operational experience, or through a "Could it happen?" hypotheses. The procedural steps of performing a FTA are:

1. Assume a system state and identify and clearly document state the top level undesired event(s). This is often accomplished by using the PHL or PHA. Alternatively, design documentation such as schematics, flow diagrams, level B & C documentation may be reviewed.

2. Develop the upper levels of the trees via a top down process. That is, determine the intermediate failures and combinations of failures or events that are the minimum to cause the next higher level event to occur. The logical relationships are graphically generated as described below using standardized FTA logic symbols.

3. Continue the top down process until the root causes for each branch is identified and/or until further decomposition is not considered necessary.

4. Assign probabilities of failure to the lowest level event in each branch of the tree. This may be through predictions, allocations, or historical data.

5. Establish a Boolean equation for the tree using Boolean logic and evaluate the probability of the undesired top level event.

6. Compare to the system level requirement. If it the requirement is not met, implement corrective action. Corrective actions vary from redesign to analysis refinement.

The FTA is a graphical logic representation of fault events that may occur to a functional system. This logical analysis must be a functional representation of the system and must include all combinations of system fault events that can cause or contribute to the undesired event. Each contributing fault event should be further analyzed to determine the logical relationships of underlying fault events that may cause them. This tree of fault events is expanded until all "input" fault events are defined in terms of basic, identifiable faults that may then be quantified for computation of probabilities, if desired. When the tree has been completed, it becomes a logic gate network of fault paths, both singular and multiple, containing combinations of events and conditions that include primary, secondary, and upstream inputs that may influence or command the hazardous mode.

[pic]

A non-technical person can, with minimal training, determine from the fault tree, the combination and alternatives of events that may lead to failure or a hazard. the figure above is a sample fault tree for an aircraft engine failure. In this sample there are three possible causes of engine failure: fuel flow, coolant, or ignition failure. The alternatives and combinations leading to any of these conditions may also be determined by inspection of the FTA.

Based on available data, probabilities of occurrences for each event can be assigned. Algebraic expressions can be formulated to determine the probability of the top level event occurring. This can be compared to acceptable thresholds and the necessity and direction of corrective action determined.

The FTA shows the logical connections between failure events and the top level hazard or event. "Event," the terminology used, is an occurrence of any kind. Hazards and normal or abnormal system operations are examples. For example, both "engine overheats" and "frozen bearing" are abnormal events. Events are shown as some combination of rectangles, circles, triangles, diamonds, and "houses." Rectangles represent events that are a combination of lower level events. Circles represent events that require no further expansion. Triangles reflect events that are dependent on lower level events where the analyst has chosen to develop the fault tree further. Diamonds represent events that are not developed further, usually due to insufficient information. Depending upon criticality, it may be necessary to develop these branches further.

In the aircraft engine example, a coolant pump failure may be caused by a seal failure. This level was not further developed. The example does not include a "house." That symbol illustrates a normal (versus failure) event. If the hazard were "unintentional stowing of the landing goal", a normal condition for the hazard would be the presence of electrical power.

FTA symbols can depict all aspects of NAS events. The example reflects a hardware based problem. More typically, software (incorrect assumptions or boundary conditions), human factors (inadequate displays), and environment conditions (ice) are also included, as appropriate.

Events can be further broken down as primary and secondary. A primary event is a coolant pump failure caused by a bad bearing. A secondary event would be a pump failure caused by ice through the omission of antifreeze in the coolant on a cold day. The analyst may also distinguish between faults and failures. An ignition turned off at the wrong time is a fault, an ignition switch that will not conduct current is an example of failure.

Events are linked together by "AND" and "OR" logic gates. The latter is used in the example for both fuel flow and carburetor failures. For example, fuel flow failures can be caused by either a failed fuel pump or a blocked fuel filter. An "AND" gate is used for the ignition failure illustrating that the ignition systems are redundant. That is both must fail for the engine to fail. These logic gates are called Boolean gates or operators. Boolean algebra is used for the quantitative approach. The "AND" and "OR" gates are numbered sequentially A# or O# respectively in the figure above.

As previously stated, the FTA is built through a deductive "top down" process. It is a deductive process in that it considers combinations of events in the "cause" path as opposed to the inductive approach, which does not. The process is asking a series of logical questions such as "What could cause the engine to fail?" When all causes are identified, the series of questions is repeated at the next lower level, i.e., "What would prevent fuel flow?" Interdependent relationships are established in the same manner.

When a quantitative analysis is performed, probabilities of occurrences are assigned to each event. The values are determined through analytical processes such as reliability predictions, engineering estimates, or the reduction of field data (when available). A completed tree is called a Boolean model. The probability of occurrence of the top level hazard is calculated by generating a Boolean equation. It expresses the chain of events required for the hazard to occur. Such an equation may reflect several alternative paths. Boolean equations rapidly become very complex for simple looking trees. They usually require computer modeling for solution.

In addition to evaluating the significance of a risk and the likelihood of occurrence, FTAs facilitate presentations of the hazards, causes, and discussions of safety issues. They can contribute to the generation of the Master Minimum Equipment List (MMEL).

The FTA's graphical format is superior to the tabular or matrix format in that the inter-relationships are obvious. The FTA graphic format is a good tool for the analyst not knowledgeable of the system being examined. The matrix format is still necessary for a hazard analysis to pick up severity, criticality, family tree, probability of event, cause of event, and other information. Being a top-down approach, in contrast to the fault hazard and FMECA, the FTA may miss some non-obvious top level hazards.

Evaluating a Fault Tree Analysis

FTA is a technique that can be used for any formal system safety program analysis (PHA, SSHA, O&SHA). The FTA is one of several deductive logic model techniques, and is by far the most common. The FTA begins with a stated top-level hazardous/undesired event and uses logic diagrams to identify single events and combinations of events that could cause the top event. The logic diagram can then be analyzed to identify single and multiple events that can cause the top event. Probability of occurrence values are assigned to the lowest events in the tree. FTA utilizes Boolean Algebra to determine the probability of occurrence of the top (and intermediate) events. When properly done, the FTA shows all the problem areas and makes the critical areas stand out. The FTA has two drawbacks:

1. Depending on the complexity of the system being analyzed, it can be time consuming, and therefore very expensive.

2. It does not identify all system hazards, it only identifies failures associated with the predetermined top event being analyzed. For example, an FTA will not identify "ruptured tank" as a hazard in a home water heater. It will show all failures that lead to that event. In other words, the analyst needs to identify all hazards that cannot be identified by use of a fault tree.

The graphic symbols used in a FTA are provided in the figure below.

The first area for evaluation (and probably the most difficult) is the top event. This top event should be very carefully defined and stated. If it is too broad (e.g., aircraft crashes), the resulting FTA will be overly large. On the other hand, if the top event is too narrow (e.g., aircraft crashes due to pitch-down caused by broken bellcrank pin), then the time and expense for the FTA may not yield significant results. The top event should specify the exact hazard and define the limits of the FTA. In this example, a good top event would be "uncommanded aircraft pitch-down," which would center the fault tree around the aircraft flight control system, but would draw in other factors, such as pilot inputs and engine failures. In some cases, a broad top event may be useful to organize and tie together several fault trees.

Some fault trees do not lend themselves to quantification because the factors that tie the occurrence of a second level event to the top event are normally outside the control/influence of the operator (e.g., an aircraft that experiences loss of engine power may or may not crash depending on altitude at which the loss occurs).

A quick evaluation of a fault tree may be possible by looking at the logic gates. Most fault trees will have a substantial majority of OR gates. If fault trees have too many OR gates, every fault of event may lead to the top event. This may not be the case, but a large majority of OR gates will certainly indicate this. An evaluator needs to be sure that logic symbols are well defined and understood. If nonstandard symbols are used, they must not get mixed with other symbols.

Check for proper control of transfers. Transfers are reference numbers permitting linking between pages of FTA graphics. Fault trees can be extremely large, requiring the uses of many pages and clear interpage references. Occasionally, a transfer number may be changed during fault tree construction. If the corresponding sub-tree does not have the same transfer number, then improper logic will result. Cut sets (minimum combinations of events that lead to the top event) need to be evaluated for completeness and accuracy. Establishing the correct number of cuts and their depth is a matter of engineering judgment.

Each fault tree should include a list of minimum cut sets. Without this list, it is difficult to identify critical faults or combinations of events. For large or complicated fault trees, a computer is necessary to catch all of the cut sets; it is nearly impossible for a single individual to find all of the cut sets. For a large fault tree, it may be difficult to determine whether or not the failure paths were completely developed. If the evaluator is not totally familiar with the system, the evaluator may need to rely upon other means. A good indication is the shape of the symbols at the branch bottom. If the symbols are primarily circles (primary failures), the tree is likely to be complete. On the other hand, if many symbols are diamonds (secondary failures or areas needing development), then it is likely the fault tree needs expansion.

Faulty logic is probably the most difficult area to evaluate, unless the faults lie within the gates, which are relatively easy to spot. A gate-to-gate connection shows that the analyst might not completely understand the workings of the system being evaluated. Each gate must lead to a clearly defined specific event, i.e., what is the event and when does it occur? If the event consists of any component failures that can directly cause that event, an OR gate is needed to define the event. If the event does not consist of any component failures, look for an AND gate.

When reviewing an FTA with quantitative hazard probabilities of occurrence, identify the events with relatively large probability of occurrence. They should be discussed in the analysis summaries, probably as primary cause factors.

A large fault tree performed manually is susceptible to errors and omissions. There are many advantages of computer modeling relative to manual analysis (of complex systems):

• Logic errors and event (or branch) duplications can be quickly spotted.

• Cut sets (showing minimum combinations leading to the top event) can be listed.

• Numerical calculations (e.g., event probabilities) can be quickly done.

• A neat, readable, fault tree can be drawn.

_________________________________________________________________________________________

Failure Mode and Effects Analysis (FMEA)

Source: FAA System Safety Handbook, Ch. 9.

FMEAs are important reliability programs tools that provide data usable by the system safety program. This analysis is performed for reliability, safety, and supportability information. Hazard analyses typically use a top down analysis methodology (e.g., Fault Tree). The approach first identifies specific hazards and isolates all possible (or probable) causes. The FMEA may be performed either top down or bottoms-up, usually the latter.

The procedural approach to generating an FMEA is comparable to that of the Fault Hazard Analysis.

The first step is to list all components or low level functions. Then, by examining system block diagrams, schematics, etc., the function of each component is identified.

Next, all reasonably possible failure modes of the lowest component being analyzed are identified. Using a coolant pump bearing as an example they might include frozen, high friction, or too much play. For each identified failure mode, the effect at the local level, an intermediate level, and the top system level are recorded. A local effect might be "the shaft won't turn," the intermediate "pump won't circulate coolant," and the system level "engine overheat and fail."

At this point in the analysis, the FMEA might identify a hazard.

The analyst next documents the method of fault detection. This input is valuable for designing self test features or the test interface of a system. More importantly, it can alert an air crew to a failure in process prior to a catastrophic event. A frozen pump bearing might be detected by monitoring power to the pump motor or coolant temperature. Given adequate warning, the engine can be shut down before damage or the aircraft landed prior to engine failure.

Next, compensating provisions are identified as the first step in determining the impact of the failure. If there are redundant pumps or combined cooling techniques, the significance of the failure is less than if the engine depends on a single pump. The severity categories used for the hazard analysis can be used as the severity class in the FMEA. A comments column is usually added to the FMEA to provide additional information that might assist the reviewer in understanding any FMEA column.

__________________________________________________________________________________________

System Safety Manager's Role and Responsibilities

Source: USAF System Safety Handbook.

System Safety Manager’s Role.

Similarly, the system safety managers do not directly control any program activities. They function only with the program managers’ or the commander’s authority. They are effective only to the degree that the program managers are willing to accept guidance and advice, and only to the degree that the commander supports them. Fundamental to the mishap risk management concept is the requirement that competent and responsible safety management be assigned with centralized authority and totally capable of maintaining a continuous safety overview of the technical and management planning aspects of the entire program. The responsibility for preventing a mishap belongs to the program manager. It cannot be delegated. When the program manager makes the decision to initiate testing or commence operations, all risk inherent in the system has been accepted.

It is the task of the system safety manager to be sure that, when the decision is made, the decision maker is fully aware of the mishap risks that are accepted by that decision. If the program manager is allowed to make a decision without full knowledge of the inherent risks in the system, that manager, along with the taxpayers and the country, is being cheated. They are being cheated in that a critical decision, which could result in millions of dollars lost, is required to be made with incomplete information. There is no reason for this to happen. The tools and talent are available to provide this information. Properly used, this information can significantly reduce the risk of losing valuable equipment, personnel, and time. Program managers are not always aware of this or willing to use the resources which are available through the system safety process.

The program manager should begin establishing his system safety activity in a position of authority. The program is made effective by assuring an awareness of risk and the importance of reducing risk within all program elements down to the lowest organizational level. Each program element manager must periodically be held directly accountable to implement safety policies and decisions at the lowest organizational level possessing such authority. Most important, the program manager must assign a capable and knowledgeable watchdog to act as eyes and ears throughout the organization to ensure that the tasks are accomplished. The system safety manager is that watchdog, and to be effective, he must be assigned the authority to act directly as the safety agent of the program manager. In this capacity, the system safety manager assures that proper engineering and management expertise is brought to bear on a specific problem to identify and affect a solution. The task is to tie together, to monitor, and to influence activities for developing safe systems. To be effective, continuous efforts from the large perspective of the total program, with an understanding of the various interrelationships among its organizational elements, are required. The system safety manager is a major motivating force for guiding system development safety through the evolutionary process and, as the program manager’s agent, the system safety manager focuses the program manager’s authority and responsibility on the program’s safety aspects. The program manager, in turn, should require frequent progress reports to keep his fingers on the pulse of the system safety activity.

The mishap risk management concept evolved because the accepted approach of eliminating hazardous conditions through good engineering practice alone was not necessarily adequate to assure safe operation of complex military systems. Military development programs are traditionally success oriented. Program managers are not necessarily receptive to a function which tries to find out ways it can fail. Throughout the entire life cycle, program-oriented safety management is necessary if all of the safety-critical aspects of a system are to be controlled cost effectively. In planning and managing the reduction of risk, the system safety manager must be free, within the program structure, to exercise professional judgment and organizational flexibility with the authority of the program manager.

System Safety Manager’s Responsibilities.

1. Maintain an overview of the technical and planning aspects of all program efforts through attendance at appropriate meetings and review of program documents. It doesn’t take long to lose touch with the world if you isolate yourself from it. The only way to get in touch and stay there is to maintain a constant working interface with as many individuals and groups as possible. The system safety manager should attend as many program office meetings as possible to have a good working knowledge of what is happening. There are some meetings that are specified as mandatory for the system safety manager, such as the configuration control board and system safety group meetings, but, generally, it is up to the system safety manager to determine which meetings are important.

2. Ensure the application of system safety design principles to developing programs through contract tailoring and continual program oversight. This requirement is met by assuring the application of MIL-STD-882 to the contract to provide for a strong management approach and by applying all necessary technical requirements documents in the specifications.

3. Serve as advisor to employer and contractor program management. In this way, you can be sure that the same advice and direction is being passed to all involved parties.

4. Initiate programs to ensure unacceptable accident/mishap risks are identified and acceptably controlled. Each program will, for analysis purposes, define unacceptable damage that will impact the mission or its objectives. Damage includes breakage, mangling, mutilation, or ruin of items which causes obstruction of functions generated across system or component interface by internal or external action, including human error.

5. Review all program documents to ensure they contain appropriate system safety tasks. This includes Statements of Work (SOW), plans, and operating procedures.

6. Ensure that the requirements of interfacing agencies and disciplines are addressed and properly implemented.

7. Ensure that system safety concepts are incorporated into planning documentation.

8. Ensure that the program manager receives regular reports and briefings on the status and progress of the above tasks.

9. Request staff assistance whenever problems or questions arise and the solution is beyond the scope of his knowledge and experience.

10. Provide a single point of contact for the purchasing office, all contractor internal program elements, and other program associate or subcontractors for safety-related matters.

11. Participate in all operational readiness reviews and arrange for presentation of required safety data.

12. Provide for technical support to program engineering activities on a daily basis. Such technical support will include consultation on safety-related problems, research on new product development, and research/interpretation of safety requirements, specifications, and standards.

13. Participate in configuration control activities to review and concur with safety significant system configuration and changes.

14. Review all trade studies and identify those that involve or affect safety. Provide participation in all safety-related trade studies to assure that system safety trade criteria is developed and the final decision is made with proper consideration of accident risk.

15. Provide participation in program-level status meetings where safety should be a topic of discussion. Provide the program manager the status of the system safety program and open action items.

16. Provide for safety certification of safety-critical program documentation and all safety data items.

17. Provide internal approval and technical coordination on deviations to the contractually imposed system safety requirements.

18. Conduct or arrange for internal audits of safety program activities.

19. Support purchasing office safety audits and inspections as required.

20. Coordinate system safety, industrial safety, facility safety, product safety, and other safety activities on the program to ensure total coverage.

__________________________________________________________________________________________

Management and Planning of a System Safety Program

Source: USAF System Safety Handbook.

Four essential factors or primary drivers of an effective system safety program that must be considered separately from other criteria are personnel qualifications and experience, managerial authority and control, effective program planning, and sufficient resources. If one of these is missing or insufficient, the program will fail.

1. Personnel Qualifications and Experience.

To provide decision makers with adequate mishap risk assessments, the government program manager must insist that the contractor have fully qualified, responsive system safety management personnel. This is not an unreasonable requirement since the contractor’s system safety manager is the one who certifies, for his employer, that all safety requirements have been met.

To evaluate an individual’s qualifications, first one determines which one of the six system safety levels, mentioned below, applies to the job.

|Six Levels of System Safety. |

| |

|The following six generic system safety levels provide a general idea of the variations in tasks and the way these tasks |

|are evaluated. |

| |

|Level One--Corporate or Headquarters. At this level, the system safety manager establishes policies and develops |

|implementation tools such as standards and techniques. Generally, these individuals are responsible for overseeing |

|multiple independent programs or cost centers. Qualifications should include a working knowledge of the other levels and |

|experience in management and engineering principles. |

| |

|Level Two--Procurement Activity. This level is predominant at the procurement activity where contracts are written, |

|policies and implementation tools are turned into contractual direction. Contractors have some activity in this area when|

|they write specifications for subcontractors or vendors. Professional safety expertise, coupled with an understanding of |

|the procurement process and effective contractor communications, is required for effective performance. |

| |

|Level Three--Contractor’s Management System Safety Program. At the contractor’s facility, the system safety manager uses |

|contractual direction to develop, manage, and control the program and its resources. To perform effectively, this |

|individual must not only know company policies, procedures, and practices but also he or she must understand the |

|requirements, activities, and functions of level four, Contracting Engineering System Safety Program, and level five, |

|Specifications and Requirements, incorporated into the design. Also, a good grasp of operational concepts, level six, is |

|an asset. |

| |

|Level Four--Contractor’s Engineering System Safety Program. The system safety engineer should possess in-depth knowledge |

|of engineering concepts, the system, and associated mishap risk to implement the system safety program. The engineer |

|develops design checklists, defines specific requirements, and performs analyses. |

| |

|Level Five--Specifications and Requirements. At this level, engineers and designers, possessing minimal safety knowledge,|

|incorporate safety criteria, specifications, and requirements into the system or product design. It is essential that |

|they know how to convert these requirements and criteria into a safe design. |

| |

|Level Six--Operational Location. The activities, at this level, usually occur at an operational location where the end |

|product is used. The system users and operators take the system analysis and operational data, prepared at level four, |

|Contractor’s Engineering System Safety Program, and level five, Specifications and Requirements incorporated into the |

|design, and manage the operations. In-depth knowledge of the system’s operational concepts and characteristics is |

|essential. To function effectively, individuals should be qualified at the contractor’s system safety program level—level|

|three; at the program implementation level—level four; and at the specifications and requirements incorporation |

|level—level five. Also, one should be knowledgeable of the principles at the second level, the procurement activity, and |

|at the first level, corporate or headquarters. |

Generally, the contractor’s system safety program effectiveness is evaluated on achievement in establishing and implementing the system safety program—levels three and four, respectively. Also, program effectiveness is measured by how well the specifications and requirements are incorporated into the design—level five and the success of the operational activities—level six. Operational success is influenced considerably by the quality of the system safety program at level three. Needless to say, dynamic interest at the corporate or headquarters level considerably enhances the overall system safety program’s effectiveness.

Usually, contractor activities encompass levels three through six; however, other levels sometimes are covered. Using a “Job Analysis Worksheet,” below, one assesses the job requirements for the specific level. You determine the major job requirements and the knowledge, skills, and abilities (KSA) necessary to implement the program successfully.

Sample Job Analysis Worksheet: System Safety Manager Knowledge, Skills, and Abilities (KSA)

1. Knowledge and ability to manage interrelationships of all components of a system safety program in support of both management and engineering activities. This includes planning, implementation, and authorization of monetary and personnel resources.

2. Knowledge of theoretical and practical engineering principles and techniques.

3. Knowledge of hazardous systems and environments.

4. Knowledge of management concepts and techniques.

5. Knowledge of this life-cycle acquisition process.

6. Ability to apply fundamentals of diversified engineering disciplines to achieve system safety engineering objectives.

7. Ability to adapt and apply system safety analytical methods and techniques to related scientific disciplines.

8. Ability to do independent research on complex systems to apply safety criteria.

9. Skill in the organization, analysis, interpretation, and evaluation of scientific/engineering data in the recognition and solution of safety-related engineering problems.

10. Skill in written and oral communication.

11. Ability to keep abreast of changes in scientific knowledge and engineering technology and apply new information to the solution of engineering problems.

Major Job Requirements

1. Acts as agent of the program manager for all system safety aspects of the program. Provides monthly briefings to the program management on the status of the system safety program.

2. Serves as system safety manager or safety engineering functions of major programs. (KSA 1 through 10)

3. Manages activities that review and evaluate information related to types and location of hazards. (KSA 1,2,3,4,6,8)

4. Manages activities to perform extensive engineering studies to determine hazard levels and to propose solutions. (KSA 1,2,5,6,7,8,10)

5. Manages the development of system guidelines and techniques for new/developing systems and emerging technologies. (KSA 5,6,7,8,9)

6. Provides system safety engineering expertise to identify/solve multidisciplinary problems involving state-of-the-art technology. (KSA 10)

The system safety manager requests the contractor to submit a position description that addresses the job functions and supports major job requirements, and the candidate’s resume. The position description is reviewed against the job requirements; then, reviewed against each KSA to determine if the candidate is really qualified to perform the job. Sample position descriptions are in Attachment I of this chapter. Normally, when a waiver is granted, it will be valid only for the specific program requested.

2. Management Authority and Control.

The system safety manager’s authority and control may be evaluated at various stages in the program. First, by reviewing the contractor’s proposal, which usually contains a preliminary system safety program plan, one ascertains the type of system safety program being established. The acquisition manager should review the proposal for the following points:

• What is the reporting level of the safety manager?

• What is the relationship between safety and the other disciplines?

• Can the safety manager effectively do the job in the proposed organization?

• Does the contractor recognize and understand the requirements?

• Does the contractor visualize his job at the right level and focus on the end events and products?

Later, by evaluating the updated system safety program plan, the system safety manager is able to assess if the proposed program is a reality.

3. System Safety Program Planning

An effective system safety program results primarily because both government and contractor program management recognize the importance of the planning task. The contractor’s system safety tasks and activities will be implemented. To a major extent, the contractor’s approach determines the program effectiveness in terms of cost and technical value. Since warning signs of an ineffective program may arise during the plan preparation, the system safety manager may prevent an ill-conceived safety program by conducting early evaluations and discussions with the contractor. The contractor’s problems in system safety planning phases are complex and not always obvious to either the preparer or the evaluator. Effective planning includes a systematic, detailed overall program analysis and the application of system safety requirements. One way to achieve this is to break down the entire program into tasks and subtasks as the basic elements relate to each program organizational element.

The system safety manager must determine the resources necessary to complete each task element and the organizational element responsible for task completion. These organizations have funds for system safety tasks allocated in their budgets. If possible, the system safety manager should control both manning and monetary resources. Effectiveness evaluation includes how well the planning phase was accomplished.

An excellent proposal and plan are nothing more than beautiful prose without adequate resources to accomplish the job. The right level of effort for each task and sufficient funds to obtain necessary engineering assistance must be allocated and applied appropriately. In evaluating a system safety program’s resources, manning is a prime consideration.

As a general rule of thumb, the following scale was developed to assist in considering the adequacy of manning resources depending on system complexity:

• Level One. One and a half to two qualified system safety managers for each major subordinate organization.

• Level Two. One to two dedicated system safety managers for each three major program segments or one dedicated person for each segment of $5,000,000 or more.

• Level Three. One qualified manager for each program segment of $5,000,000 or more. For programs less than $5,000,000, it is acceptable to consider attestment from an outside consultant to the effect that all requirements have been met.

• Level Four. Five percent of engineering manning for each major program segment.

• Level Five. At least one dedicated engineer for each major subsystem or for each system segment.

• Level Six. The manning requirements at this level vary considerably with system and operational complexity, number of facilities or areas involved. System safety manning should never be less than one qualified engineer/manager for each major operational segment.

__________________________________________________________________________________________

System Safety Management Plan (SSMP)

Source: USAF System Safety Handbook.

The SSMP is a document prepared by systems safety manager and becomes the road map for the project’s system safety effort. This plan tailors the system safety program requirements to the specific project. The SSMP establishes management policies and responsibilities for the execution of the system safety effort. The SSMP should be written so design system safety tasks and activity outputs contribute to timely project decisions. Evaluation of system safety project progress will be in accordance with the SSMP. The minimum elements of the SSMP are as follows:

1. Establishment of project risk acceptance criteria based on consideration of the user’s recommendations. The acceptable level of risk in a facility is an expression of the severity and frequency of a mishap type that the using organization is willing to accept during the operational life of the facility. This is a function of the mission. For instance, the goal is to identify all hazards and to eliminate those exceeding the defined level of acceptable risk. While this is not always possible, the analysis conducted will provide the information upon which to base risk acceptance decisions.

2. A specific listing of all tasks, including hazard analyses, which are a part of the design system safety effort; designation of the responsible parties for each task. Optional tasks should be designated as such, listing the conditions which would initiate these tasks.

3. Establishment of a system safety milestone schedule, keeping in mind that the purpose of the hazard analysis is to beneficially impact the design and that, therefore, early completion of these analyses is vital. The schedule for analysis completion must complement the overall design effort.

4. Establishment of procedures for hazard tracking and for obtaining and documenting residual risk acceptance decisions.

5. Outline of procedures for documenting and submitting significant safety data as lessons learned.

6. Establishment of procedures for evaluating proposed design changes for safety impact during the later stages of design or during construction after other safety analysis is complete.

7. Establishment of a communication system that will provide timely equipment requirements and hazard data to the facility design. This is necessary when equipment to be installed or utilized within the facility is being developed or procured separately from the facility.

Of course, the SSMP must give consideration to overall project time constraints, manpower availability, and monetary resources. For example, the degree of system safety effort expended will depend on whether the project is replacing an existing facility, creating a new facility, involves new technology, or is based on standard designs. The options for hazard analyses are many, and project managers will need additional guidance for deciding which ones to select.

__________________________________________________________________________________________

SYSTEM SAFETY VS INDUSTRIAL SAFETY

Source: USAF System Safety Handbook

Industrial safety activities are designed to protect the workers in the industrial environment. There are extensive standards imposed by the federal codes of regulations which provide for a safe workplace. Few, if any, of these apply to protection of a product being manufactured. The contractor system safety program is designed so that it supplements industrial safety activities to protect equipment and property being used or manufactured under contract. Use of contractor-owned or leased equipment is also subject to review. The figures below compare the concerns of system safety versus industrial safety.

When contractor-owned or leased equipment is being used in manufacturing, testing, or handling products being produced under contract, the system safety effort is required to analyze such equipment and require operational proof tests. This is done to show that risk of damage to the product has been minimized with proper design, maintenance, and operating procedures and to assure the equipment is operated by qualified personnel.

The contractor is required by law to implement these regulations. The contracted system safety effort is concerned only to the extent that these regulations affect the operation of the system being built and that risk of damage to government equipment and the product being developed has been minimized.

General Concerns

[pic]

Operations

[pic]

Equipment

[pic]

Facilities

[pic]

Procedures

[pic]

Personnel

[pic]

Changes/Unplanned Events/Mishaps

[pic]

The system safety activity is conducted to complement the industrial safety activities by addressing occupational safety and health needs in system design analysis and manufacturing planning. Often the interface between the two safety functions is not covered or is insufficient. This may leave gaps in the overall mishap prevention program.

For example, in one case, a satellite was being assembled and checked out in a controlled area; however, during the night, the plastic cover on a mercury-vapor light melted and the hot plastic, which dripped on some papers that were left on a wooden bench, started a fire. Before the fire was detected, most of the support and checkout equipment was badly damaged. Also, the dense smoke caused extensive damage and contamination to solar cells and other sensitive equipment.

When the system safety manager was asked what his analysis had indicated in this area, he said, “We didn’t look at that. That’s industrial safety.” When the industrial safety manager was asked when last he looked into the area, he responded, “They were testing a satellite in there. That is system safety’s job.” Further investigation showed that the system safety analysis had considered this problem and recommended metal benches be used. However, this analysis was not made available to the industrial safety people, and no follow-up action had been taken on the recommendation. While this is an example of bad management, by both system and industrial safety, this attitude is far too prevalent to be ignored.

Methods must be developed within each program which allow system and industrial safety engineers to adapt to each others needs. During early program planning, a cooperative industrial safety effort is needed to write the system safety program plan (SSPP) so that it includes industrial safety operations. An agreement must be reached on how to separate those functional elements which are required by contract and those required by law.

This should be done carefully to avoid payment for contractual tasks which also are paid for as overhead. This separation must take place without loss of the cooperative effort necessary to take full advantage of the methods and talents that are available in both functions. MIL-STD-882 provides an option for the contractor to conduct the system safety program so that it complements existing industrial safety activities to assure protection of government equipment and property. To accomplish the task, the contractor has to know the concerns and requirements of each function. Once this is understood, it becomes obvious where the overlapping concerns are. Then, agreements can be reached on which functional element will deal with the overlap. A description of how these areas are to be addressed is then included in the SSPP. Joint analyses and risk assessments are performed and should be included in the Mishap Risk Assessment Report.

Industrial Safety Problems and Problem Areas

1. Compliance with federal, state, and local industrial codes and regulations.

2. Required state inspections of equipment, such as boilers, cranes, elevators, degreasers, fire systems, etc.

3. Fire prevention and control program.

4. Personnel accident prevention program and statistical records.

5. Temperature and humidity control.

6. Noise level control within the plant.

7. Personal protective clothing requirements, i.e. safety glasses/shoes, hard hats, nonstatic work clothes, etc.

8. Safe and adequate tools for the job to be done.

9. Safety guards for moving parts of machinery, such as pulleys, gears, saws, grinders, conveyors, etc.

10. Material handling and storage methods.

11. In-plant cleanliness and good housekeeping practices.

12. Motor vehicle safety program.

13. Adequate lighting for type of work.

14. Warning alarms and signs.

15. Employee safety training.

16. Personal hygiene and first aid programs.

17. Proof testing and identification of lifting sling, ropes, etc.

18. Security control of identified hazardous areas.

19. Guard rails on platforms, stairs, walkways.

20. Personnel protection during hazardous testing.

System Safety Problems and Problem Areas

1. Manage and implement the product system safety program plan.

2. Identification of hazards associated with the system or desired product.

3. Incorporate safety into the product design, operation, test, and maintenance.

4. Evaluation of identified hazards and design action to eliminate or minimize and control the hazards.

5. Develop safety design criteria to be incorporated into the product design.

6. Conduct hazard analyses on the product being developed.

7. Maintain product safety records.

8. Identify hazardous characteristics of hazardous materials and energy sources, including explosives, flammables, corrosives, toxics, and methods of control and disposal.

9. Assure that all operations on or with the deliverable product elements can be identified.

__________________________________________________________________________________________

.

Preliminary Hazard Analysis

Source: USCG Risk-based Decision-making (RBDM) Guidelines.

[pic]

The preliminary hazard analysis (PrHA) technique is a broad, initial study used in the early stages of system design. It focuses on (1) identifying apparent hazards, (2) assessing the severity of potential accidents that could occur involving the hazards, and (3) identifying safeguards for reducing the risks associated with the hazards. This technique focuses on identifying weaknesses early in the life of a system, thus saving time and money that might be required for major redesign if the hazards were discovered at a later date.

Brief summary of characteristics

• Relies on brainstorming and expert judgment to assess the significance of hazards and assign a ranking to each situation. This helps in prioritizing recommendations for reducing risks.

• Typically performed by one or two people who are knowledgeable about the type of activity in question. They participate in review meetings of documentation and field inspections, if applicable.

• Applicable to any activity or system

• Used as a high-level analysis early in the life of a process

• Generates qualitative descriptions of the hazards related to a process. Provides a qualitative ranking of the hazardous situations; this ranking can be used to prioritize recommendations for reducing or eliminating hazards in subsequent phases of the life cycle.

• Quality of the evaluation depends on the quality and availability of documentation, the training of the review team leader with respect to the various analysis techniques employed, and the experience of the review teams

Most common uses

• Generally applicable for almost any type of risk assessment application, but focuses predominantly on identifying and classifying hazards rather than evaluating them in detail

• Most often conducted early in the development of an activity or system, when there is little detailed information or there are few operating procedures. Often a precursor to further risk assessment.

Limitations of Preliminary Hazard Analysis

Because the preliminary hazard analysis technique is typically conducted early in the process, before other analysis techniques are practical, this methodology has two primary limitations:

Generally requires additional follow-up analyses. Because the PrHA is conducted early in the process and uses preliminary design information, additional analyses are generally required to more fully understand and evaluate hazards and potential accidents identified by the PrHA team.

Quality of the results is highly dependent on the knowledge of the team. At the time of a PrHA, there are few or no fully developed system specifications and little or no detailed design information. Therefore, the risk assessment relies heavily on the knowledge of subject matter experts. If these experts do not participate in the risk assessment, or if the system is a new technology having little or no early operational history, the results of the PrHA will reflect the uncertainty of the team in many of its assessments and assumptions.

[pic]

Procedure for Preliminary Hazard Analysis

The procedure for conducting a preliminary hazard analysis consists of the following steps. Each step is further explained on the following pages.

1.0 Define the activity or system of interest. Specify and clearly define the boundaries of the activity or system for which preliminary hazard information is needed.

2.0 Define the accident categories of interest and the accident severity categories. Specify the problems of interest that the risk assessment will address (e.g., health and safety concerns, environmental issues). Specify the accident severity categories that will be used to prioritize resources for risk reduction efforts.

3.0 Conduct review. Identify the major hazards and associated accidents that could result in undesirable consequences. Also, identify design criteria or alternatives that could eliminate or reduce the hazards.

4.0 Use the results in decision making. Evaluate the risk assessment recommendations and the benefits they are intended to achieve (e.g., improved safety and environmental performance, cost savings). Determine implementation criteria and plans.

1.0 Define the activity or system of interest

Intended functions. Because all risk assessments are concerned with ways in which a system can fail to perform an intended function, clearly defining these intended functions is an important first step in any risk assessment. This step does not have to be formally documented for most preliminary risk assessments.

Boundaries. Few activities or systems operate in isolation. Most interact with or are connected to other activities or systems. By clearly defining the boundaries of an activity or system, especially boundaries with support systems such as electric power and compressed air, the analysis can avoid (1) overlooking key elements of an activity or system at interfaces and (2) penalizing an activity or system by associating other equipment with the subject of the study.

Example:

Functions of interest

• Safe handling and use of fuel oil for an LNG cargo ship

• Safe handling and use of LNG cargo for an LNG cargo ship

Boundaries

• Include only shipboard systems or operations

2.0 Define the accident categories of interest and the accident severity categories

Accident categories

The following paragraphs describe three of the most common types of accidents of interest in a PrHA:

Safety problems. The risk assessment team may look for ways in which improper performance of a marine activity or failures in a hardware system can result in personnel injury. These injuries may be caused by many mechanisms, including the following:

• Person overboard

• Exposure to high temperatures (e.g., through steam leaks)

• Fires or explosions

Environmental issues. The risk assessment team may look for ways in which the conduct of a particular activity or the failure of a system can damage the environment. These environmental issues may be caused by many mechanisms, including the following:

• Discharge of material into the water, either intentional or unintentional

• Equipment failures (e.g., seal failures) that result in a material spill

• Disruption of the ecosystem through over utilization of a marine area

Economic impacts. The risk assessment team may look for ways in which the improper conduct of a particular activity or the failure of a system can have undesirable economic impacts. These economic risks may be categorized in many ways, including the following:

• Business risks such as contractual penalties, lost revenue, etc.

• Environmental restoration costs

• Replacement costs for damaged equipment

Some risk assessments may focus only on events above a certain threshold of concern in one or more of these categories.

Accident severity categories

During a PrHA, a team assesses the severity of the various accidents that can occur with each of the hazards. Establishing severity categories with definitive boundaries allows the team to assess each accident against a consistent measure of severity. It thus provides the framework for prioritizing recommendations for risk reduction alternatives.

Example

The following table is an example of three accident severity categories for four different accident categories.

[pic]

3.0 Conduct review

Performing a PrHA identifies major hazards and accident situations that could result in losses. However, the PrHA should also identify design criteria or alternatives that could eliminate or reduce those hazards. Obviously, some experience is required in making such judgments. The team performing the PrHA should consider the following factors:

• Hazardous vessel equipment and materials, such as fuels, highly reactive chemicals, toxic substances, explosives, high pressure systems, and other energy storage systems

• Safety-related interfaces between equipment and materials, such as material interactions, fire or explosion initiation and propagation, and control or shutdown systems

• Environmental factors that may influence the vessel or facility equipment and materials, such as vibration, flooding, extreme temperatures, electrostatic discharge, and humidity

• Operating, testing, maintenance, and emergency procedures, such as human error potential, crew functions to be accomplished, equipment layout and accessibility, and personnel safety protection

• Vessel support, such as storage, equipment testing, training, and utilities

• Safety-related equipment, such as mitigating systems, redundancy, fire suppression, and personal protective equipment

[pic]

4.0 Use the results in decision making

Judge acceptability. Decide whether the estimated performance for the activity or system meets an established goal or requirement.

Identify improvement opportunities. Identify the elements of the activity or system that are most likely to contribute to future problems. These are the items with the largest percentage contributions to the identified risks.

Make recommendations for improvements. Develop specific suggestions for improving future activity or system performance, including any of the following:

• Equipment modifications

• Procedural changes

• Administrative policy changes, such as planned maintenance tasks or personnel training

Justify allocation of resources for improvements. Estimate how implementation of expensive or controversial recommendations for improvement will affect future performance. Compare the economic benefits of these improvements to the total life-cycle costs of implementing each recommendation.

Recommend additional risk assessments. As suggested by the name, preliminary hazard analysis is conducted in an early phase of a project. Additional risk assessments will likely be needed to investigate certain issues in more detail. The insights gained from the PrHA will help determine what, if any, additional risk assessments should be conducted.

__________________________________________________________________________________________

Failure Modes and Effects Analysis (FMEA)

Source: USCG Risk-based Decision-making (RBDM) Guidelines.

[pic]

FMEA is a qualitative reasoning approach best suited for reviews of mechanical and electrical hardware systems. The FMEA technique (1) considers how the failure modes of each system component can result in system performance problems and (2) ensures that appropriate safeguards against such problems are in place. A quantitative version of FMEA is known as failure modes, effects, and criticality analysis (FMECA).

Brief summary of characteristics

• A systematic, highly structured assessment relying on evaluation of component failure modes and team experience to generate a comprehensive review and ensure that appropriate safeguards against system performance problems are in place

• Used as a system-level and component-level risk assessment technique

• Applicable to any well-defined system

• Sometimes performed by an individual working with system experts through interviews and field inspections, but also can be performed by an interdisciplinary team with diverse backgrounds and experience participating in group review meetings of system documentation and field inspections

• A technique that generates qualitative descriptions of potential performance problems (failure modes, causes, effects, and safeguards) as well as lists of recommendations for reducing risks

• A technique that can provide quantitative failure frequency or consequence estimates

Most common uses

• Used primarily for reviews of mechanical and electrical systems, such as fire suppression systems and vessel steering and propulsion systems

• Used frequently as the basis for defining and optimizing planned equipment maintenance because the method systematically focuses directly and individually on equipment failure modes

• Effective for collecting the information needed to troubleshoot system problems

[pic]

Limitations of FMEA

Although the FMEA methodology is highly effective in analyzing various system failure modes, this technique has four limitations:

Examination of human error is limited. A traditional FMEA uses potential equipment failures as the basis for the analysis. All of the questions focus on how equipment functional failures can occur. A typical FMEA addresses potential human errors only to the extent that human errors produce equipment failures of interest. Misoperations that do not cause equipment failures are often overlooked in an FMEA.

Focus is on single-event initiators of problems. A traditional FMEA tries to predict the potential effects of specific equipment failures. These equipment failures are generally analyzed one by one, which means that important combinations of equipment failures may be overlooked.

Examination of external influences is limited. A typical FMEA addresses potential external influences (environmental conditions, system contamination, external impacts, etc.) only to the extent that these events produce equipment failures of interest. External influences that directly affect vessel safety, port safety, and crew safety are often overlooked in an FMEA if they do not cause equipment failures.

Results are dependent on the mode of operation. The effects of certain equipment failure modes often vary widely, depending on the mode of system operation. For example, the steering system on a vessel is of little importance while the vessel is docked and is unloading cargo. A single FMEA generally accounts for possible effects of equipment failures only during one mode of operation or a few closely related modes of operation. More than one FMEA may, therefore, be necessary for a system that has multiple modes of operation.

__________________________________________________________________________________________

Procedure for Failure Modes and Effects Analysis (FMEA)

Source: USCG Risk-based Decision-making (RBDM) Guidelines.

[pic]

The procedure for performing an FMEA consists of the following nine steps. Each step is further explained on the following pages.

1.0 Define the system of interest. Specify and clearly define the boundaries of the system for which risk-related information is needed.

2.0 Define the problems of interest for the analysis. Specify the problems of interest that the analysis will address. These may include safety issues, failures in systems such as steering or propulsion, etc.

3.0 Choose the type of FMEA approach for the study. Select a hardware approach (bottom-up), functional approach (top-down), or hybrid approach for applying FMEA.

4.0 Subdivide the system for analysis. Section the system according to the type of FMEA approach selected.

5.0 Identify potential failure modes for elements of the system. Define the fundamental ways that each element of the system can fail to achieve its intended functions. Determine which failures can lead to accidents of interest for the analysis.

6.0 Evaluate potential failure modes capable of producing accidents of interest. For each potential failure that can lead to accidents of interest, evaluate the following:

• The range of possible effects

• Ways in which the failure mode can occur

• Ways in which the failure mode can be detected and isolated

• Safeguards that are in place to protect against accidents resulting from the failure mode

7.0 Perform quantitative evaluation (if necessary). Extend the analysis of potentially important failures by characterizing their likelihood, their severity, and the resulting levels of risk. FMEAs that incorporate this step are referred to as failure modes, effects, and criticality analyses (FMECAs).

8.0 Transition the analysis to another level of resolution (if necessary or otherwise useful). For top-down FMEAs, follow-on analyses at lower (i.e., more detailed) levels of analysis may be useful for finding more specific contributors to system problems. For bottom-up FMEAs, follow-on analyses at higher (i.e., less detailed) levels of analysis may be useful for characterizing performance problems in broader categories. Typically, this would involve system and subsystem characterizations based on previous component-level analyses.

9.0 Use the results in decision making. Evaluate recommendations from the analysis and implement those that will bring more benefits than they will cost over the life cycle of the system.

1.0 Define the system of interest

Intended functions. Because all risk assessments are concerned with ways in which a system can fail to perform an intended function, a clear definition of the intended functions for a system is an important first step.

Boundaries. Few systems operate in isolation. Most are connected to or interact with other systems. By clearly defining the boundaries of a system, especially boundaries with support systems such as electric power and compressed air, analysts can avoid (1) overlooking key elements of a system at interfaces and (2) penalizing a system by associating other equipment with the subject of the study. A diagram or schematic of the system is helpful for identifying boundaries.

[pic]

2.0 Define the problems of interest for the analysis

Safety problems. The analysis team may be asked to look for ways in which failures in a hardware system may result in personnel injury. These injuries may be caused by many mechanisms, including the following:

• Steering or propulsion failures

• Hoist and rigging failures

• Exposure to high temperatures (e.g., through steam leaks)

• Fires and explosions

Environmental issues. The analysis team may be asked to look for ways in which the failure of a system can undesirably affect the environment. These environmental issues may be caused by many mechanisms, including the following:

• Equipment failures that result in an unplanned discharge of material into the water

• Equipment failures, such as seal failures, that result in a material spill

Economic impacts. The analysis team may be asked to look for ways in which the failure of a system may have adverse economic impacts. These economic risks may be categorized in many ways, including the following:

• Business risks, such as vessel detained at port, contractual penalties, lost revenue, etc.

• Environmental restoration costs

• Replacement costs, such as the cost of replacing damaged equipment

A particular analysis may focus only on events above a certain threshold of concern in one or more of these categories.

3.0 Choose the type of FMEA approach for the study

Hardware approach (bottom-up). The hardware approach is normally used when hardware items can be uniquely identified from schematics, drawings, and other engineering and design data. The hardware approach typically focuses on the potential failure modes of basic components of the system. This is generally the lowest level of resolution that provides valuable information to decision makers. The hardware approach for defining an FMEA is a good choice when every component of a system must be reviewed (e.g., to make design or maintenance decisions). It can be difficult or inefficient, however, for use in analyzing (1) complex systems or (2) systems that are not well defined when the analysis must be performed.

[pic]

Functional approach (top-down). The functional approach is normally used when hardware items cannot be uniquely identified or when system complexity requires progressive analysis, with each successive level of analysis focusing in more detail on only the most important contributors. This approach focuses on ways in which functional intents of a system may go unsatisfied rather than on the specific failure modes of individual equipment items. The functional approach to an FMEA is particularly effective if the analysis focuses on only a limited set of accidents of interest, or if it must directly address only the most important contributors to potential problems rather than every individual component.

Hybrid of the two. An FMEA may begin with a functional approach and then transition to a focus on equipment, especially equipment that directly contributes to functional failures identified as important. Traditional reliability-centered maintenance analysis uses this hybrid approach, beginning with identification of important system functional failures and then identifying the specific equipment failure modes that produce those system functional failures.

[pic]

4.0 Subdivide the system by equipment or functions for analysis

This step defines the elements of a system that will provide the basic structure of the initial FMEA. These elements may be equipment items for a hardware approach or intended functions for a functional approach. Example structures for both approaches are illustrated on the next two pages.

Example of the hardware approach (bottom-up)

[pic]

Example of the functional approach (top-down)

[pic]

5.0 Identify potential failure modes for elements of the system

The list of typical failure conditions above applies to equipment items and functional statements. The next five pages provide examples of these conditions applied to a wide range of typical industrial equipment. Below is an example of the typical failure conditions applied to one functional statement.

[pic]

6.0 Evaluate potential failure modes capable of producing accidents of interest

Evaluating potential failure modes generally defines the following:

Mission phase/operational mode. A description of how the system is being used. This perspective is important for understanding the impacts of failure modes. More than one mission phase or operational mode may have to be considered for each potential failure mode.

Effects. The accidents that are expected if the failure mode occurs are often divided into the following categories:

Local effects The initial changes in system conditions that will occur if the postulated failure mode occurs

Higher level effects The change in condition of the next higher level of equipment or system function caused by the occurrence of the postulated failure mode

End effects The overall effects on the system, typically related to one or more of the accidents of interest for the analysis. The end effect may be possible only if planned mitigating safeguards for the failure mode also fail

Causes. In a hardware-based FMEA, the causes are typically the failure modes of equipment at the next lower level of resolution for the system, as well as human errors and external events that cause equipment problems at this level of resolution. In a function-based FMEA, the causes are typically lower-level functional failures.

Indications. Indications are the identifiable characteristics that suggest to a crew member or some other inspector or troubleshooter that this failure mode has occurred. Indications can include visual, audible, physical, and odor clues.

Safeguards. Safeguards are the equipment, procedures, and administrative controls in place to help (1) prevent the postulated situation from occurring or (2) mitigate the effects if the situation does occur.

Recommendations/remarks. These are the suggestions for system improvements that the team believes are appropriate. Generally, they are suggestions for additional safeguards.

There are three basic levels of documentation possible for an FMEA analysis:

• Complete. Full descriptions for failure modes and a complete list of recommendations generated from the analysis

• Streamlined. Descriptions for failure modes that result in suggestions for improvement, along with the complete list of recommendations generated from the analysis

• Minimal. Complete list of recommendations generated from the analysis

7.0 Perform quantitative evaluation (if necessary)

Quantifying the risks associated with potential failure modes of a system provides more precise results than qualitative analysis alone. Quantifying the risks of potential failure modes has many benefits, including the following:

• Overall levels of risk can be judged against risk acceptance guidelines, if such guidelines exist

• Risk-based prioritization of potential failure modes provides a highly cost-effective way of allocating resources (design, maintenance, etc.) to best manage the most significant risks

• Risk reductions can be estimated to help justify the cost of recommendations generated during the analysis

8.0 Transition the analysis to another level of resolution (if necessary or otherwise useful)

Hardware approach (bottom-up). Summaries of important issues at higher levels (systems and subsystems) are sometimes needed. When this type of information is needed, the results of lower-level analyses may be compiled into composite analyses for the higher levels. This includes composite risk characterizations.

Functional approach (top-down). Further subdivision and analysis of system functions occur only if decision makers need information at a more detailed level. Often, only a few areas must be expanded further.

9.0 Use the results in decision making

System improvements. FMEA results generally present a number of specific, practical suggestions for reducing accident exposure associated with a specific system. These suggestions often cover a range of issues from changes in design configuration and equipment specifications to better operating and maintenance practices. The qualitative and quantitative results from FMEAs also present the case for implementing the suggestions.

Maintenance task planning. One very prominent use of FMEAs is in maintenance task planning. Approaches like reliability-centered maintenance and other similar tools use the systematic analysis of FMEA as a basis for establishing effective maintenance plans.

Spare parts inventories. Another prominent use of FMEAs is in determining the types and numbers of spare parts to have on hand.

Troubleshooting guidelines. FMEAs that address indications and isolation of failures contain the information needed to develop highly effective troubleshooting guidelines.

__________________________________________________________________________________________

Hazard and Operability (HAZOP) Analysis

Source: USCG Risk-based Decision-making (RBDM) Guidelines.

[pic]

The HAZOP analysis technique uses a systematic process to (1) identify possible deviations from normal operations and (2) ensure that appropriate safeguards are in place to help prevent accidents. The HAZOP technique uses special adjectives (such as "more," "less," "no," etc.) combined with process conditions (such as speed, flow, pressure, etc.) to systematically consider all credible deviations from normal conditions. The adjectives, called guide words, are a unique feature of HAZOP analysis.

Brief summary of characteristics

• Typically performed by a multidisciplinary team

• Applicable to any system or procedure

• Used most as a system-level risk assessment technique

• Generates primarily qualitative results, although some basic quantification is possible

Most common uses

• Used primarily for identifying safety hazards and operability problems of continuous process systems, especially fluid and thermal systems

• Also used to review procedures and sequential operations

Limitations of the HAZOP Technique

Requires a well-defined system or activity. The HAZOP process is a rigorous analysis tool that systematically analyzes each part of a system or activity. To apply the HAZOP guide words effectively and to address the potential accidents that can result from the guide word deviations, the analysis team must have access to detailed design and operational information. The process systematically identifies specific engineered safeguards (e.g., instrumentation, alarms, and interlocks) that are defined on detailed engineering drawings.

Time consuming. The HAZOP process systematically reviews credible deviations, identifies potential accidents that can result from the deviations, investigates engineering and administrative controls to protect against the deviations, and generates recommendations for system improvements. This detailed analysis process requires a substantial commitment of time from both the analysis facilitator and other subject matter experts, such as crew members, engineering personnel, equipment vendors, etc.

Focuses on one-event causes of deviations. The HAZOP process focuses on identifying single failures that can result in accidents of interest. If the objective of the analysis is to identify all combinations of events that can lead to accidents of interest, more detailed techniques should be used such as Fault Tree Analysis (FTA).

Procedure for HAZOP Analysis

[pic]

The procedure for performing a HAZOP analysis consists of the following five steps:

1.0 Define the system or activity. Specify and clearly define the boundaries of the system or activity for which hazard and operability information is needed.

2.0 Define the problems of interest for the analysis. Specify the problems of interest that the analysis will address. These may include health and safety issues, environmental concerns, etc.

3.0 Subdivide the system or activity and develop deviations. Subdivide the system or activity into sections that will be individually analyzed. Then apply the HAZOP guide words that are appropriate for the specific type of equipment in each section.

4.0 Conduct HAZOP reviews. Systematically evaluate each deviation for each section of the system or activity. Document recommendations and other information collected during the team meetings, and assign responsibility for resolving team recommendations.

5.0 Use the results in decision making. Evaluate the recommendations from the analysis and the benefits they are intended to achieve. The benefits may include improved safety and environmental performance or cost savings. Determine implementation criteria and plans.

1.0 Define the system or activity

Intended functions. Because all HAZOP analyses are concerned with ways in which a system can deviate from normal operations, clearly defining the intended functions for a system or activity is an important first step. It is important to clearly document this step for the HAZOP analysis.

Boundaries. Few systems or marine activities operate in isolation. Most are connected to or interact with others. By clearly defining the boundaries of a system or activity, analysts can avoid (1) overlooking key elements at interfaces and (2) penalizing a system or activity by associating other equipment or operations with the subject of the study. This is especially true of boundaries with support systems, such as electric power and compressed air, or boundaries with other vessel activities, such as cargo loading and unloading. It is also important to clearly define the extent to which support systems will be analyzed.

Example

The figures on the next two pages define the boundaries for a HAZOP analysis of fuel barge filling operations at small marine terminals. The procedure that follows describes the intended transfer operation.

2.0 Define the problems of interest for the analysis

Safety problems. The analysis team may be asked to look for ways in which improper performance of a marine activity or failures in a hardware system may result in personnel injury. These injuries may be caused by many mechanisms, including the following:

• Vessel collisions or groundings

• Drowning

• Exposure to high temperatures (e.g., through steam leaks)

• Fires or explosions

Environmental issues. The analysis team may be asked to look for ways in which the conduct of a particular marine activity or the failure of a system may adversely affect the environment. These environmental issues may be caused by many mechanisms, including the following:

• Discharge of material into the water, intentional or unintentional

• Equipment failures, such as seal failures, that result in a material spill

• Overutilization of a marine activity resulting in a disruption of the ecosystem

Economic impacts. The analysis team may be asked to look for ways in which the improper conduct of a particular marine activity or the failure of a system may have adverse economic impacts. These economic risks may be categorized in many ways, including the following:

• Business risks, such as vessels detained at port, contractual penalties, lost revenue, etc.

• Environmental restoration costs

• Replacement costs, such as the cost of replacing damaged equipment

A particular analysis may focus only on events above a certain threshold of concern in one or more of these categories.

Example for the barge filling HAZOP

The project team defined the problems of interest for this analysis as:

• Oil spill into the water or onto the ground, outside of secondary containment, during a barge filling operation

• Fire or explosion involving the product during a barge filling operation

For this brief demonstration workshop, the team chose not to address other possible consequences of interest, such as the following:

• Various types of injuries to workers not directly associated with the consequences listed above. These injuries can result from physical hazards, electrical hazards, thermal hazards, etc.

• Product contamination issues

• Equipment damage not directly associated with the consequences listed above

3.0 Subdivide the system or activity and develop deviations

Before the HAZOP team meets, the leader and scribe should conduct several activities to help make the team meeting time more efficient. These pre-meeting activities include the following:

3.1 Define sections. Sections are simply discrete parts of a process such as a section of piping a tank, etc. The leader and scribe must divide the system equipment into sections in order to properly apply the HAZOP technique. The leader must balance two competing factors: (1) the HAZOP team may overlook important deviations if the sections are too large and (2) the HAZOP team will waste time examining the same issues repeatedly if the sections are too small.

3.2 Develop credible deviations. Deviations are upset conditions compared to normal operations. The structured approach of the HAZOP analysis is accomplished by using special guide words. Deviations are derived in the following manner:

Guide Word + System Parameter = Deviation

The type of system section, such as piping or tank, will determine the applicable system parameters to be analyzed for that section. By combining guide words with the applicable process parameter, the leader develops a list of credible deviations to analyze during the study.

3.3 Develop HAZOP worksheets. The scribe is responsible for documenting a significant amount of information during the study. Preparing specialized worksheets before the meeting for each type of section and for the credible deviations will help the scribe more efficiently organize the HAZOP information collected during the meetings.

The following subsections describe these terms and steps in more detail.

3.1 Guidelines for defining sections for a HAZOP analysis

Three general considerations should guide the leader when dividing a system into sections:

Define sections appropriate for the HAZOP objectives. A HAZOP analysis investigating the potential for reportable material releases into the waterway may require consideration of many more system sections than a HAZOP analysis investigating material releases large enough to create long-term chronic health risks.

Define sections small enough to include all important deviations. It is far better to discover that a section has deviations that are the same as another section than to miss an important deviation. Experienced leaders will quickly recognize the unnecessary section and move the team on. Inexperienced leaders will learn to recognize unnecessary sections, but by defining small sections, they will be less likely to miss an important deviation, while gaining experience as a leader.

Define sections at a consistent level of detail. The HAZOP leader should not define every sample connection and instrument line as sections for one part of a process, while defining a shoreside tank farm as a single section elsewhere in the process. If the HAZOP objectives require sectioning the unit to a certain level of detail, then that same level should be applied throughout the analysis.

Dividing a system or activity into sections and selecting appropriate deviations are interrelated activities. The suggested deviations for sections presume these guidelines for sectioning have been followed. Specific circumstances will dictate exceptions to these sectioning guidelines and to the guidelines for selecting deviations. In most situations, following these guidelines will produce process sections that can be thoroughly reviewed by the HAZOP team with a minimum risk of overlooking important deviations. The guidelines are as follows:

3.1.1 Beginning guidelines (for leaders with less experience)

• Define each major component as a section. Usually, anything in which a fluid level is maintained should be considered a major component.

• Define one line section between each major component

• Define additional line sections for each branch off the main flow

• Define a section at each connection to existing equipment

3.1.2 Advanced guidelines

Experienced leaders will recognize that the beginning guidelines often produce some "unnecessary" process sections. The following are supplemental guidelines that will help experienced leaders reduce duplication:

• Define only one section for equipment in identical service. The most common situation is multiple pumps or heat exchangers. CAUTION: Pumps in different service with a "common" spare must be treated separately, and additional deviations such as misdirected flow must be considered. Usually, the HAZOP team must explicitly consider operation of the common spare as a special operating mode if the common spare has characteristics different from the pump it replaces. These characteristics may include higher pressure, larger flow, etc.

• Define only one line section for a series of components if there are no other flow paths. Line sections are necessary to cover deviations such as the low or high temperature caused by a heat exchanger or the low or high pressure caused by a pump. As illustrated in the figure below, only one line section is necessary between the vessel and the on-shore storage tank.

• Define only one additional line section if there are alternate flow paths, regardless of how many branches there are. However, add misdirected and reverse flow deviations specifically for each branch. As illustrated in the figure below, assuming flow through FV1 is the desired path, define Section B as the manifold with the following misdirected or reverse flow deviations:

Example sections for the barge filling HAZOP

To facilitate the HAZOP analysis, the team divided the system into the following three distinct sections:

• Section 1: Shoreside Transfer System. A line section from the storage tanks to the barge's piping manifold, including any pump stations, shoreside flow control valves and isolation valves, and the transfer hose

• Section 2: Barge Transfer System Piping. A line section from the transfer hose to the barge's cargo tanks, including the barge's manual valves

• Section 3: Barge Cargo Tanks. A vessel section representing each of the cargo tanks on the barge, including the tanks and associated gauging devices

3.2 Develop credible deviations

Deviations are developed in the HAZOP technique by applying guide words to system conditions.

Example sections for the barge filling HAZOP

For each section, the team developed a list of possible deviations (off-normal conditions) that could develop and cause consequences of interest. Consistent with the HAZOP analysis approach, the team developed this list of deviations by combining "guide words" (essentially a standard list of adjectives) with normal process parameters for sections of the system. The following table lists the deviations that the team considered for each section and illustrates how the team developed the list.

3.3 Develop HAZOP worksheets

During the meeting, the scribe will document the HAZOP information on worksheets. The following information will be documented for the HAZOP:

Section. Name of the section. This is usually documented by the leader and scribe before the meeting.

Intent. The team will describe the design intent for the particular HAZOP section being analyzed. Declaring this intent is important, because the remainder of the discussion will focus on ways that the process can deviate from this intent. An example of a design intent for a vessel unloading line may be: "Transfers crude oil from vessel cargo tanks to the shoreside storage tank using flow control."

Deviation. Specific deviation that will be analyzed by the team

Causes. Credible causes for the deviation as postulated by the HAZOP team

Accidents. Ultimate accidents of the deviation as postulated by the HAZOP team. These should correspond to the problems of interest that were defined as an objective for the study.

Safeguards. Engineering and administrative controls that protect against the deviations. These safeguards can either help prevent the cause from occurring or help mitigate the severity of the accidents should the cause occur.

Recommendations. Suggestions made by the team to help reduce the risk associated with specific issues if the team is not comfortable with the level of safeguards that currently exist

The table on the following page includes an example HAZOP worksheet. Completed HAZOP worksheets are presented later in this section.

[pic]

4.0 Conduct HAZOP reviews

The systematic analysis process of the HAZOP technique is conducted in the following manner:

Step 1. Introduce the team members.

Step 2. Describe the HAZOP approach.

Step 3. Identify Section 1.

Step 4. Ask the team to define the design intent of Section 1.

Step 5. Apply the first deviation to Section 1, and ask the team "What are the consequences of this deviation?"

Allow time for the team to consider the system upset. Some prompting may be necessary to get the discussion going.

If no accidents of interest are identified, go back to the beginning of Step 5 and apply the next deviation. If there are no credible accidents, there is no need for the team to investigate causes or safeguards.

Step 6. After the team has exhausted its analysis of accidents, prompt the team to identify all of the causes of the deviation.

Step 7. Identify the engineering and administrative controls that protect against the system upset. Remember, these controls can be either preventive (i.e., they help prevent the upset from occurring) or mitigative (i.e., they help reduce the severity of the accidents associated with the upset if it occurs).

Step 8. If the team is concerned that the level of protection is not adequate for the particular system upset, then the team should develop recommendations to investigate alternatives. Level of protection includes the number, type, and pedigree of the safeguards.

Step 9. Summarize the information collected for this deviation.

Step 10. Repeat Steps 5 through 9 for the remaining deviations associated with this section.

Step 11. Repeat Steps 3 through 10 for the remaining sections.

__________________________________________________________________________________________

System Safety Glossary

Source: FAA Office of System Safety

Acceptable Risk The residual (final) risk remaining after application of controls, i.e. Hazard Controls / Risk Controls, have been applied to the associated Contributory Hazards; that have been identified and communicated to management for acceptance.

Accident An unplanned fortuitous event that results in harm, i.e. loss, fatality, injury, system loss; also see Risk Severity. The specific type and level of harm must be defined; the worst case severity that can be expected as the result of the specific event under study. Various contributory hazards can result in a single accident; also see Contributory Hazard, Cause, Root Cause, and Initiating Events.

Accident. An unplanned event that results in a harmful outcome; e.g. death, injury, occupational illness, or major damage to or loss of property.

Accident. An unplanned event or series of events resulting in: Death. Injury. Occupational illness. Damage to or loss of equipment or property Damage to the environment.

Accreditation A formal declaration by the Accreditation Authority that a system is approved to operate in a particular manner using a prescribed set of safeguards.

Act A formal decision or law passed by a legislative body.

Administrative Hazard Control Administrative controls to eliminate or reduce safety related risk, i.e. training, programs, procedures, warnings, instruction, tasks, plans; also see Risk Control.

Anomalous Behavior Behavior which is not in accordance with the documented requirements

Architecture The organizational structure of a system, identifying its components, their interfaces and a concept of execution between them.

Assumed Risk The residual risk associated with a specific hazardous event or primary hazard, which has been accepted by management.

Audit An independent examination of the life cycle processes and their products for compliance, accuracy, completeness and traceability.

Audit Trail The creation of a chronological record of system activities (audit trail) that is sufficient to enable the reconstruction, review, and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or an event in a transaction from its inception to its final results.

Authenticate (1) To verify the identity of a user, device, or other entity in a system, often as a prerequisite to allowing access to resources in the system. (2) To verify the integrity of data that has been stored, transmitted, or otherwise exposed to possible unauthorized modification.

Barrier A material object or set of objects that separates, Demarcates, or services as a barricade; or something immaterial that impedes or separates. Both physical and non-physical barriers are utilized and applied in hazard control; i.e. anything used to control, prevent or impede unwanted adverse energy flow and / or anything used to control, prevent or impede unwanted event flow.

Baseline The approved, documented configuration of a software or hardware configuration item, that thereafter serves the basis for further development and that can be changed only through change control procedures.

Cause Something that brings about an event; a person or thing that is the occasion of an action or state; a reason for an action or condition.

Certification Legal recognition by the certification authority that a product, service, organization or person complies with the applicable requirements. Such certification comprises the activity of checking the product, service, organization or person and the formal recognition of compliance with the applicable requirements by issue of certificate, license, approval or other document as required by national law or procedures. In particular, certification of a product involves:

1. the process of assuring the design of a product to ensure that it complies with a set of standards applicable to that type of product so as to demonstrate an acceptable level of safety, (acceptable risk);

2. the process of assessing an individual product to ensure that it conforms to the certified type design;

3. the issue of any certificate required by national laws to declare that compliance or conformity has been found with applicable standards in accordance with item 1.

Certification Authority The organization or person responsible within the state (country) concerned with the certification of compliance with applicable requirements.

Class(es) Parameters of risk are classified in order to conduct analysis, evaluations, reviews, presentations, etc.; i.e. generic contributory hazards, generic risks, generic events. Code A collection of laws, standards, or criteria relating to a particular subject.

Component A combination of parts, devices, and structures, usually self-contained, which performs a distinctive function in the operation of the overall equipment.

Configuration The requirements, design and implementation that define a particular version of a system or system component.

Configuration Control The process of evaluating, approving or disapproving, and coordinating changes to configuration items after formal establishment of their configuration identification.

Configuration Item A collection of hardware or software elements treated as a unit for the purpose of configuration management.

Configuration Management The process of identifying and defining the configuration items in a system, controlling the release and change of these items throughout the system life cycle, recording and reporting the status of configuration items and change requests, and verifying the completeness and correctness of configuration items.

Contributory Hazard The potential for harm. An unsafe act and / or unsafe condition which contributes to the accident, (see cause, root cause, contributory events, initiator; the potential for adverse energy flow to result in an accident.) A hazard is not an accident. A failure or a malfunction can result in an unsafe condition, and / or unsafe act. Human error can result in an unsafe act. Contributory Hazards define the contributory events that lead to the final outcome. For simplicity, Contributory Hazards can also include Initiating Events and Primary Hazards. Sequential logic defining the Hazardous Event should remain consistent throughout the hazard analysis process.

Consequence See Risk Severity.

Control See Risk Control

Criticality Reliability term. The degree of impact that a malfunction has on the operation of a system.

Critical Path Defines the sequence of events that control the amount of time needed to complete the effort described within the PERT (Program Evaluation Review Technique) network.

Danger Danger expresses a relative exposure to a hazard. A hazard may be present, but there may be little danger because of the precautions taken.

Damage Damage is the severity of injury, and / or the physical, and/ or functional, and /or monetary loss that could result if hazard control is less then adequate.

Debug The process of locating and eliminating errors that have been shown, directly or by inference, to exist in software.

Deductive Analysis A top down approach of analysis logic: “What can cause a specific event to occur?”

Derived Requirements Essential, necessary or desired attributes not explicitly documented, but logically implied by the documented requirements.

Development Configuration The requirements, design and implementation that define a particular version of a system or system component.

Design Handbooks, Guides and Manuals Contain non-mandatory general rules, concepts, and examples of good and best practices to assist a designer or operator.

Emulator A combination of computer program and hardware that mimic the instruction and execution of another computer or system.

Engineering Controls Engineering design controls to eliminate or reduce safety related risks; also Hazard Control and Risk Control.

Entity Item That which can be individually described and considered. May be an activity, process, product, organization, system, person or any combination thereof.

Environment (a) The aggregate of operational and ambient conditions to include the external procedures, conditions, and objects that affect the development, operation, and maintenance of a system. Operational conditions include traffic density, communication density, workload, etc. Ambient conditions include weather, emi, vibration, acoustics, etc. (b) Everything external to a system which can affect or be affected by the system.

Error An act that through ignorance, deficiency, or accident departs from or fails to achieve what should be done. Errors can be predictable and random. Errors can also be categorized as primary or contributory. Primary errors are those committed by personnel immediately and directly involved with the accident. Contributory errors result from actions on the part of personnel whose duties preceded and affected the situation during which the results of the error became apparent. The difference between a computed, observed, or measured value or condition and true, specified, or theoretically correct value or condition. A mistake in engineering, requirement specification, or design, implementation, or operation which could result in a failure, and /or contributory hazard. There are four types of Human Errors: 1)Omission 2) Commission 3) Sequence 4) Timing

Explosion Proof The item is designed to withstand an internal explosion; designed to vent explosive bases below ignition temperature.

Fail-Operational A characteristic design which permit continued operation in spite of the occurrence of a discrete malfunction.

Fail-safe A characteristic of a system whereby any malfunction affecting the system safety will cause the system to revert to a state that is known to be within acceptable risk parameters.

Fail-Soft Pertaining to a system that continues to provide partial operational capability in the event of a certain malfunction.

Failure Reliability term. The inability of a system, subsystem, component, or part to perform its required function within specified limits, under specified conditions for a specified duration. A failure may result in an unsafe condition and / or act, i.e. a hazard; the termination of the ability of a system element to perform a required function; the lack of correct performance. Failures and hazards are not interchangeable.

Firmware The combination of a hardware device and computer instructions and data that reside as read-only software on that device.

Formal Verification The process of evaluating the products of a given phase using formal mathematical proofs to ensure correctness and consistency with respect to the products and standards provided as input to that phase.

Formal Qualification Review Formal evaluation by top management of the status and adequacy of the quality system in relation to quality policy and objectives.

Formal Qualification The process that allows the determination of whether a configuration item complies with the requirements allocated to it.

Hazard The potential for harm; also see Contributory Hazard, Primary Hazard. A hazard is not an accident. A Condition, event, or circumstance that could lead to or contribute to an unplanned or undesired event. Anything, real or potential, that could make possible, or contribute to making possible, an accident. A condition that is prerequisite to an accident.

Hazardous Event. An accident; also see Accident. It should be noted that a Hazardous Event is not being defined an occurrence that creates a hazard. This logic indicates that a Hazardous Event is an occurrence that creates the potential for harm; Initiating Event, or Root Cause, are more appropriate terms. The Hazardous Event (now) defines the total sequence of events from the Initiating Event to the final outcome, the harm, the Initiating Event, Contributory Hazards, Primary Hazard, and Risk Severity. The Hazardous Event under study is considered open or closed depending Report Status on the status of Hazard Control. The Hazardous Event under study is considered open; the corrective action Report Status evaluation and verification is in process. The status will remain open until (Open) management has reviewed the actions taken and accepted the associated risk. All related Contributory Hazards are to be evaluated. The hazardous Event under study is considered closed; the corrective Report Status action evaluation and verification is completed, and management has (Closed) reviewed the actions taken and has accepted the associated risk.

Hazard Probability Hazard Probability defines in quantitative or qualitative terms, the estimated probability of the specific Contributory Hazards which are defined within the Hazardous Event under study; possible elements within a fault tree. Note that hazard probability is not defined as the aggregate probability of occurrence of the individual hazardous events that create a specific hazard; see Hazardous Event and Accident. Also note that Hazard Probability is not the same as likelihood; see likelihood. Hazard Probability. The aggregate probability of occurrence of the individual events (conditions).

Hazard Severity. An assessment of the consequences of the worst credible accident that could be caused by a specific hazard.

Hazard Tracking and Resolution. A tracking log is maintained for closeout. Risk Tracking and Risk Resolution should be conducted throughout the system life cycle. Risk/Hazard Controls are to be formally verified.

Inadvertent Operation Unintentional operation.

Independent Verification & Validation (IV&V) Confirmation by independent examination and provision of objective evidence that specified requirements have been fulfilled, and that the particular requirements for a specific intended use are fulfilled.

Inductive Analysis A bottom-up analysis approach of analysis logic: “What happens if a specific failure occurs?”

Incident A near miss accident with minor consequences that could have resulted in greater loss. An unplanned event that could have resulted in an accident, or did result in minor damage, and which indicates the existence of, though may not define, a hazard or hazardous condition. Sometimes called a mishap.

Initiating Events Initiating Events; initiator; the contributory hazard; unsafe act and / or unsafe condition that initiated the adverse event flow, which resulted in the hazardous event under evaluation; also see Root Cause.

Intrinsically Safe Design Designers determine which hazards could be present, the level of associated risk that could constitute danger, and the controls to assure acceptable risk. Nothing is perfectly safe; see safe.

Inspection A static technique that relies on visual examination of development products to detect deviations, violations or other problems.

Latent Present and capable of becoming though not now visible or active.

Likelihood Likelihood defines in quantitative or qualitative terms, the estimated probability of the specific hazardous event under study. Likelihood is one element of associated risk. Fault Trees and other models can be constructed and individual Hazard Probabilities are estimated, and likelihood can be calculated via Boolean Logic. It should be noted that estimated likelihood defined in conventional hazard analysis may be appropriate due to the variability, conference, resources, and other factors.

Malfunction Failure to operate in the normal or usual manner. Any anomaly which results in system deviation.

Maintainability The ability of an item to be retained in or restored to specified condition when maintenance is performed by personnel having specified skill levels, using prescribed procedures, resources and equipment at each prescribed level of maintenance and repair.

Managing Activity Organization assigned acquisition management responsibility for the system, facility, or prime or associated contractors or subcontractors who wish to impose system safety tasks on their suppliers.

Methodology A particular procedure or set of procedures.

Mishap A source of irritation, annoyance, grievance, nuisance, vexation, mortification. Note that mishap is not a synonym for accident. It is more appropriate to consider a mishap a minor accident. A hazard. Note that the use of mishap is different within the FAA community than as used in MIL-STD-882C. The latter equates mishap to an accident.

Non-Developmental Item (NDI) Deliverable part not developed as a part of the developmental process being addressed. The developer, or some other party but provides software - deliverable software that is not developed under the contract. Non-developmental software may also be referred to as reusable software, government furnished software, commercially available software, or Commercial Off-The-Shelf (COTS) software.

Non-Programmable (N-P) System A system based upon non-programmable hardware devices (i.e., a system not based on programmable electronics. NOTE: Examples would include hardwired electrical or electronic systems, mechanical, hydraulic, or pneumatic systems, etc.

Objective Evidence Information, which can be proved true, based on facts obtained through observation, measurement, test or other means.

Optimum Safety The associated risks that have been identified have been accepted provided that all identified controls are implemented and enforced.

Phase Defined segment of work. Note: a phase does not imply the use of any specific life-cycle model, nor does it imply a period of time in the development of a product.

Practice Recommended methods, rules, and designs for voluntary compliance.

Process Set of inter-related resources and activities, which transform inputs into outputs.

Product Service History Historical data generated by activities at the interface between the supplier and the customer and by supplier internal activities to meet the customer needs regarding the quality, reliability and safety trends of the product or service.

Product Liability Generic term used to describe the onus on a producer or others to make restitution for loss related to personal injury, property damage or other harm caused by a product.

Proximate Cause The relationship between the plaintiff’s injuries and the plaintiff’s failure to exercise a legal duty, such as reasonable care.

Primary Hazard A primary hazard is one that can directly and immediately results in: loss, consequence, adverse outcome, damage, fatality, system loss, degradation, loss of function, injury, etc. The primary hazard is also referred to as: catastrophe, catastrophic event, critical event, marginal event, and negligible event.

Quality Assurance A planned and systematic pattern of actions necessary to provide adequate confidence that an item or product conforms to established requirements.

Quality Audit Systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives.

Quality Evaluation Systematic examination of the extent to which an entity is capable of fulfilling specified requirements.

Qualification Process Process of demonstrating whether an entity is capable of fulfilling specified requirements.

Quantitative Assessment. In any discussion of mishap risk management and risk assessment, the question of quantified acceptability parameters arises. Care should be exercised, under such conditions not to forget the limitations of a mathematical approach. In any high-risk system, there is a strong temptation to rely totally on statistical probability because, on the surface, it looks like a convenient way to measure safety "who can argue with numbers"? To do so, however, requires that the limitations and principles of this approach are well understood and that past engineering experience is not ignored. Quantitative acceptability parameters must be well defined, predictable, demonstrable, and above all, useful. They must be useful in the sense that they can be easily related to the design and the associate decision criteria. More detail may be found in chapter 7 on the limitations of the use of probabilities.

Many factors fundamental to system safety are not quantifiable. Design deficiencies are not easily examined from a statistical standpoint. Additionally, the danger that system safety analysts and managers will become so enamored with the statistics that simpler and more meaningful engineering processes are ignored. Quantification of certain specific failure modes, which depend on one of two system components, can be effective to bolster the decision to accept or correct it. General risk management principles are:

1. All human activity involving a technical device or process entails some element of risk.

2. Most hazards (safety risks) can be neutralized or controlled.

3. Hazards should be kept in proper perspective. Weighing the risk does this by knowledge gained through analysis and experience against program need.

4. System operations represent a gamble to some degree; good analysis assists the MA in controlling the risk.

5. System safety analysis and risk assessment does not eliminate the need for good engineering judgment.

6. It is more important to establish clear objectives and parameters for risk assessment than to find a cookbook approach and procedure.

7. There is no "best solution" to a safety problem. There are a variety of directions to go. Each of these directions may produce some degree of risk reduction.

Redundancy The existence in a system of more than one means of accomplishing a given function.

Reliability The ability of a system to perform its required functions under stated conditions for a specified period of time. A reliable system is no total assurance of acceptable risk.

Requirements Statements describing essential, necessary or desired attributes.

Requirements Specification Specification that sets forth the requirements for a system or system component.

Risk Risk is an expression of possible loss over a specific period of time or number of operational cycles. It may be indicated by the probability of an accident times the damage in dollars, lives, and/or operating units.

Hazard Probability and Severity are measurable and, when combined, give us risk.

4. Total risk is the sum of identified and unidentified risks.

5. Identified risk is that risk which has been determined through various analysis techniques. The first task of system safety is to identify, within practical limitations, all possible risks. This step precedes determine the significance of the risk (severity) and the likelihood of its occurrence (hazard probability). The time and costs of analysis efforts, the quality of the safety program, and the state of technology impact the number of risks identified.

6. Unidentified risk is the risk not yet identified. Some unidentified risks are subsequently identified when a mishap occurs. Some risk is never known.

7. Unacceptable risk is that risk which cannot be tolerated by the managing activity. It is a subset of identified risk that must be eliminated or controlled.

8. Acceptable risk is the part of identified risk that is allowed to persist without further engineering or management action. Making this decision is a difficult yet necessary responsibility of the managing activity. This decision is made with full knowledge that it is the user who is exposed to this risk.

9. Residual risk is the risk left over after system safety efforts have been fully employed. It is not necessarily the same as acceptable risk. Residual risk is the sum of acceptable risk and unidentified risk. This is the total risk passed on to the user. To make important program decisions, the PM must know what residual risk exists in the system being acquired. When such risks are marginally acceptable or potentially unacceptable, the PM is required to raise the presence of residual risk to higher levels of authority such as the Service Director or Associate/Assistant Administrator for action or acceptance. To present a cohesive description of the hazard to this higher level of decision making, all analyses performed and either the contractor or the FAA must document actions taken to control the hazard. In some contractual situations, the PM may apply additional resources or other remedies to help the contractor satisfactorily resolve the issue. If not, the PM can add his position to the contractor information and forward the matter to a higher decision level. A decision matrix very similar to a Risk Hazard Index called in this example a Risk Hazard Level index can be used to establish which decisions fall under the PM and which should be forwarded to a higher organizational level.

Risk Analysis The development of qualitative and / or quantitative estimate of risk based on evaluation and mathematical techniques.

Risk Acceptance. Accepting risk is a function of both risk assessment and risk management. Risk acceptance is not a simple matter and the concept is difficult for some to accept. Several points must be kept in mind.

1. Risk is a fundamental reality.

2. Risk management is a process of tradeoffs.

3. Quantifying risk doesn't ensure safety.

4. Risk is a matter of perspective.

On the surface, taking risks seems foolish and to be avoided. Everything we do, however, involves risk. Defining acceptable risk is subjective and perceived risks are often as important as actual risks. Risks imposed on us by others are generally considered to be less unacceptable than those inherent in nature. There are dangers in every type of travel, but there are dangers in staying home--40 percent of all fatal accidents occur there. There are dangers in eating most food caused by pesticides, preservatives, natural fats, or just eating more than necessary. There are breathing related dangers in industrial and urban areas. The results of air pollution leads to the death of at least 10,000 Americans each year; inhaling natural radioactivity is believed to kill a similar number; and many diseases are contracted by inhaling germs. 12,000 Americans are killed each year in job related accidents, and probably 10 times that number die from job related illness. There are dangers in exercising and dangers in not getting enough exercise. Risk is an unavoidable part of our everyday lives.

We all accept risk, knowingly or unknowingly. It is the ultimately the responsibility of the managing authority to determine how much and what kind is to be accepted and what is not. In the real word, making this decision is a trade-off process involving many inputs. As tradeoffs are being considered and the design progresses, it may become evident that some of the safety parameters are forcing higher program risk. From the program manager's perspective, a relaxation of one or more of the established parameters may appear to be advantageous when considering the broader perspective of cost and performance optimization. The program manager has the authority and responsibility, in some circumstances, to make a decision against the recommendation of his system safety manager. The system safety manager must recognize such management prerogatives.

A prudent program manager must make a decision whether to fix the identified problem or formally document acceptance of the added risk. In some cases, this requires contract or system specification modification. When the program manager decides to accept the risk, the decision must be coordinated with all affected organizations and then documented so that in future years everyone will know and understand the elements of the decision and why it was made. It also provides necessary data if the decision must be revisited.

Risk Assessment. The process by which the results of risk analysis are used to make decisions. Risk Control The Risk associated with the hazardous event under study is adequately controlled, by the reduction of severity and / or likelihood, via the application of engineering and/ or administrative hazard controls. Anything that mitigates or ameliorates the risk.

Risk Hazard Index. By combining the probability of occurrence with hazard severity, a matrix is created where intersecting rows and columns are defined by a Risk Hazard Index (RHI). The risk hazard index forms the basis for judging both the acceptability of a risk and the management level at which the decision of acceptability will be made. The index may also be used to prioritize resources to resolve risks due to hazards or to standardize hazard notification or response actions.

Prioritization may be accomplished either subjectively by qualitative analyses resulting in a comparative hazard risk assessment or through quantification of the probability of occurrence resulting in a numeric priority factor for that hazardous condition.

Risk Management The application of management methods for the identification, evaluation, elimination and control of all forms of risk. This effort is not confined only to safety-related risks. Risk Management comprised of two parts, Risk Control and Risk Finance. Risk Control considers all aspects in System Safety, Safety Management, and Safety Engineering. Risk Finance considers insurance, risk pooling, and self-insurance.

Risk Perspectives. There are three different perspectives in safety risk assessment:

1. Standpoint of an INDIVIDUAL exposed to a hazard. An individual exposed to a hazard is primarily concerned with the questions: How large is the probability that I will be killed or injured in an accident? How much does my individual risk due to this hazard increase my normal fatality rate? INDIVIDUAL RISK is defined as the (usually annual) probability that an identified person will be killed or injured as a consequence of an accident.

2. Standpoint of the INSTITUTION RESPONSIBLE FOR THE ACTIVITY. The institution responsible for an activity can be a private company or a government agency. From their point of view, it is not only essential to keep individual risks of employees or other persons and the collective risk at a minimum but also to avoid catastrophic and spectacular accidents.

3. Standpoint of the SOCIETY. Besides being interested in guaranteeing minimum individual risk for each of its members, society is concerned about the total risk to the general public: How large are the total losses (e.g., per year) from a hazardous activity? The risk to society is called COLLECTIVE RISK. If expressed in terms of annual risks, it corresponds to the respective value shown in annual accident statistics.

As experience clearly demonstrates (Bhopal, Seveso, Challenger, etc.), such catastrophic accidents damage the reputation, the image, and even the prosperity of the, institution responsible for the activity. Such risks are defined as INSTITUTIONAL RISKS.

Risk Severity The harm expected should the hazardous event occur, (i.e., loss, consequence, adverse outcome, damage, fatality, system loss, degradation, loss of function, injury) considering the risk associated with the hazardous event under evaluation.

Severity ranges should be sized so that events within each category are of comparable severity. Equating the severity of event and conditions, which can cause one fatality with those, which can cause 100 or 1,000 does not make sense. The potential problems associated with sizing of the severity ranges grow as the size of the system grows. Program managers need to be provided with risk information that has the fidelity to distinguish the hazardous events that meet general criteria.

Severity range thresholds for each severity category should be comparable when considering personal, system, or facility losses. For example, events or conditions that could cause the loss of an entire aircraft or facility would be categorized by MIL-STD-882 as catastrophic. Loss of a single crewman, mechanic, or passenger would also fall in the catastrophic category. Severe injuries, such as total loss of sight of a mechanic, and system damage of several million dollars are not normally considered to have equal value, even though both are in the critical category. If the RHI ranking criteria use risk as a function of severity and probability, quantitative scales or qualitative scales based on quantitative logic should be used. If the concept that the expected losses (or risk) associated with a hazardous event or condition may be estimated by multiplying the expected severity of the accident by the probability of the accident, then some sort of quantitative basis is necessary. Failure to provide a quantitative basis for the scales can cause significant confusion and dissipation of safety resources when an arbitrary risk ranking scale is used.

Develop the severity values using order of magnitude ranges. There are several advantages to separating severity categories by orders of magnitude ranges: They include:

• Limiting the likelihood of misuse of the analysis.

• Avoiding meaningless hair-splitting arguments.

• Simplifying severity assessment during PHAs without impacting usefulness.

Quantify the threshold values for the probability ranges. Quantification reduces confusion associated with strictly qualitative definitions. Although it is impossible to quantify the ranges in 882(C) due to its extremely broad application, developing quantified probability ranges for specific systems is a relatively easy task to accomplish.

The probability of occurrence should refer to the probability of an accident/consequence as opposed to the probability of an individual hazard/basic event occurring. The typical accident sequence is much more complicated than a single line of erect dominos where tipping the first domino (hazard) triggers a clearly predictable reaction. Develop the probability values using order of magnitude ranges.

Reaction Time Human response movement time plus response initiation time.

Root Cause The contributory events, initiating events, which started the adverse event flow are considered root causes. Should these causes be eliminated the hazardous event would not have occurred. It should be noted that accidents are the result of many contributors, both unsafe acts and /or unsafe conditions; also see Contributory Hazards, Hazard.

Safe Freedom from all forms of harm. Nothing is safe. Generals term denoting an acceptable level of risk of, relative freedom from, and low probability of harm. The associated risks that have been identified have been accepted provided that all identified controls are implemented and enforced.

Safety or Safe. Freedom from those conditions that can cause death, injury, occupational illness, or damage to or loss of equipment or property, or damage to the environment. Note that absolute safety is not possible because complete freedom from all hazardous conditions is not possible. Therefore, safety is a relative term that implies a level of risk that is both perceived and accepted. Thus the emphasis in SSPs as reflected in the definitions above is in managing risk. "System" is also a relative term. A subsystem can be viewed as a system with more narrow predetermined boundaries than the system. System safety is not an absolute quantity either. System safety is an optimized level of risk that is constrained by cost, time, and operational effectiveness (performance). System safety requires that risk be evaluated and the level of risk accepted or rejected by an authority. Finally, system safety is a discipline employed from the initial design steps through system disposal (also known as "cradle to grave or "womb to tomb"). Safety Analysis All associated analysis methods, process, and / or techniques to systematically evaluate safety related risks.

Safety Risk Management Committee (SRMC) The principal reason to employ risk management and/or risk analysis is to improve decisionmaking. Risk analysis and risk management is at the heart of regulatory decisions. Risk management requires first analyzing risk inturn requiring access to sufficient credible data, and then developing policies and procedures to eliminate, mitigate, and/or manage them. In keeping with this process, an intra-agency team (the SRMC) is formed to examine the organization's approach to risk management. The committee should include representatives interested in risk management.

If the RHI ranking criteria use risk as a function of severity and probability, quantitative scales or qualitative scales based on quantitative logic should be used. If the concept that the expected losses (or risk) associated with a hazardous event or condition may be estimated by multiplying the expected severity of the accident by the probability of the accident, then some sort of quantitative basis is necessary. Failure to provide a quantitative basis for the scales can cause significant confusion and dissipation of safety resources when an arbitrary risk ranking scale is used.

This committee inventories existing risk management processes, capabilities, and practices. Processes included types of decisions appropriate for risk management and current technical approaches. Capabilities included personnel skill levels, tools, and access to needed data. Practices include details of implementation and documentation. The may become a standing committee to serve as a resource that exchanges risk management information between offices and other agencies to avoid duplication of effort. It provides support across program lines including risk management/analysis training assistance capability. It identifies and recommends needed enhancements to risk management/analysis capabilities and/or efficiencies.

Safety Critical All interactions, elements, components, subsystems, functions, processes, interfaces, within the system that can affect a predetermined level of risk.

Safety Engineering Report Documents the results of safety analyses, including Operational Safety Assessments (OSA), Comparative Risk Assessments (CRA), Preliminary Hazard Analyses (PHA), System Hazard Analyses (SHA), Subsystem Hazard Analyses (SSHA), and Operational and Support Hazard Analysis (O&SHA).

Security Risk Some safety risks that the FAA must manage are the result of security issues. By its nature, the details of methodologies used to analyze and assess security hazards/risks cannot be published in this document. The section does, however, summarize a top-level approach to security risk management, especially as it relates to the methodologies used for safety risk management. Since the development of safety and risk management has not always been parallel, their terminology is sometimes different. Several security unique terms are introduced.

Safety and Security hazards are both caused by experiencing a series of events that lead to a questionable condition. In security analyses, the term vulnerability is used to summarize the event path (approach used to achieve negative effect) that leads to the hazard.

Single Point Failure A single item of hardware, the failure of which would lead directly to loss of life, and / or system. Actually, a single malfunction, and / or failure, and /or error, of which would lead to loss of life, and / or system.

Software Computer programs, procedures, rules, and associated documentation and data pertaining to the operation of a computer system. Software Code A software program or routine or set of routines, which were specified, developed and tested for a system configuration.

Structured Programming Any software development technique that includes structured design and results in the development of structured programs.

Subprogram A separately compilable, executable component of a computer programs.

Subroutine A routine that returns control to the program of subprogram that called it.

Subsystem An element of a system that, in itself, may constitute a system.

Syntax The structural or grammatical rules that define how the symbols in a language are to be combined to form words, phrases, expressions, and other allowable constructs.

System A composite, at any level of complexity, of personnel, procedures, materials, tools, equipment, facilities, and software. The elements of this composite entity are used together in the intended operational or support environment to perform a given task or achieve a specific production, support, requirement; a set of arrangement of components so related or connected as to form a unity or organic whole. A composite of people, procedures, materials, tools, equipment, facilities, and software operating in a specific environment to perform a specific task or achieve a specific purpose, support, or mission requirement.

Systems Approach A step - by - step procedure for solving problems; a decision making process which moves from the general to the specific; an iterative process.

System Safety The application of engineering and management principles, criteria, and techniques to optimize safety within the constraints of operational effectiveness, time, and cost throughout all phases of the system life cycle. A standardized management and engineering discipline that integrates the consideration of man, machine, and environment in planning, designing, testing, operating, and maintaining operations, procedures, and acquisition projects. System safety is applied throughout a system's entire life cycle to achieve an acceptable level of risk within the constraints of operational effectiveness, time, and cost.

System Safety Analysis The analysis of a complex system by means of methods, techniques, and / or processes, to comprehensively evaluate safety related risks that are associated with the system under study.

System Safety Engineer An engineer qualified by appropriate credentials: training, education, registration, certification, and / or experience to perform system safety engineering. One should have an appropriate background and credentials directly related to system safety in order to practice in the field, i.e., CSP, PE, training, education, and actual experience.

System Safety Engineering An engineering discipline requiring specialized professional knowledge and skills in applying scientific and engineering principles, criteria, and techniques to identify and eliminate, or reduce safety related risks.

System Safety Working Group A formally charted group of persons representing organizations associated with the system under study, organized to assist management in achieving the system safety objectives.

System Safety Manager A person responsible for managing the system safety program.

System Safety Objectives System safety is achieved through the implementation and careful execution of an SSP. As stated previously, the ultimate objective of system safety is eliminated or minimize accidents and their results. The objectives of an SSP are to ensure that:

1. Safety, consistent with system purpose and program constraints, is designed into the system in a timely, cost-effective manner.

2. Hazards are identified, evaluated, and eliminated, or the associated risk reduced to a level acceptable to the managing activity (MA) throughout the entire life cycle of a system.

3. Historical safety data, including lessons learned from other systems, are considered and used.

4. Minimum risk is sought in accepting and using new designs, materials, and production and test techniques.

5. Actions taken to eliminate hazards or reduce risk to a level acceptable to the MA are documented.

6. Retrofit actions are minimized.

7. Changes in design, configuration, or operational requirements are accomplished in a manner that maintains a risk level acceptable to the MA.

8. Consideration is given to safety, ease of disposal, and storage of any hazardous materials associated with the system.

9. Significant safety data are documented as "lessons learned" and are submitted to data banks, design handbooks, or specifications.

10. • Hazards identified after production are minimized consistent with program restraints.

System Safety Order of Precedence. The overall goal of a system safety program is to design systems that do not contain unacceptable hazards. However, the nature of most complex systems makes it impossible or impractical to design them completely hazard-free. As hazard analyses are performed, hazards will be identified that require resolution. System safety precedence defines the order to be followed for satisfying system safety requirements and reducing the presence and impact of risks. The alternatives for eliminating the specific hazard or controlling its associated risk must be evaluated so that an acceptable method for risk reduction can be pursued.

1. Design for Minimum Risk. The most effective safety program is one that eliminates hazards through design. If an identified hazard cannot be eliminated, reduce the associated risk to an acceptable level, as defined by the MA, through design selection. Defining minimum risk is not a simple matter. It is not a cookbook process that can be numerically developed without considerable thought. Minimum risk varies from program to program.

2. Incorporate Safety Devices. If identified hazards cannot be eliminated or their associated risk adequately reduced through design selection, that risk should be reduced to a level acceptable to the managing authority through the use of fixed, automatic, or other protective safety design features or devices. Provisions should be made for periodic functional checks of safety devices when applicable.

3. Provide Warning Devices. When neither design nor safety devices can effectively eliminate identified hazards or adequately reduce associated risk, devices should be used to detect the condition and to produce an adequate warning signal to alert personnel of the hazard. Warning signals and their application must be designed to minimize the probability of incorrect personnel reaction to the signals and shall be standardized within like types of systems.

4. Develop Procedures and Training. Where it is impractical to eliminate hazards through design selection or adequately reduce the associated risk with safety and warning devices, procedures and training should be used. However, without a specific waiver from the managing authority, no warning, caution, or other form of written advisory shall be used as the only risk reduction method for Category I or II hazards. Procedures may include the use of personal protective equipment.

System Safety Program The tasks and activities of system safety that enhance effectiveness by ensuring that requirements are met, in a timely, cost-effective manner throughout all phases of the system life cycle.

System Safety Program Plan A written description of the planned methods to be used to implement the system safety requirements.

System Safety Requirements by Acquisition Phase Concept Exploration:

1. Evaluate system safety design features

2. Identify possible interface problems

3. Highlight special safety considerations

4. Describe safety tests/data needed for next phase

5. Update requirements based on analysis results

6. Review designs of similar systems

7. Use past experience with similar system requirements

8. Identify waiver requirements

9. Prepare a report for milestone reviews

10. Tailor subsequent phase SSPs.

Demonstration/Validation

1. SSPP describing contractor's proposed safety program effort

2. Establish criteria for validating contractor performance

3. Update specifications, requirements, safety characteristics

4. PHA for hazards and inherent risks

5. Safety Interface study for subsystems, e.g., Subsystem Hazard Analysis (SSHA)

6. Trade-off studies

7. Identify risks from design, operating environment, and technology

8. Identify qualification/quantitative system safety requirements

9. Perform system and equipment interface analyses e.g., System Hazard Analysis (SHA) and Operating and Support Hazard Analysis (O&SHA)

10. Update test plans

11. Prepare summary reports for major program milestones

12. Review test plans

13. Review training plans

14. Evaluate hazards and failures for corrective actions

15. Perform SHA on test model

16. Identify need for special production and maintenance tools (e.g. barriers)

17. Review all related maintenance and production instructions

18. Review applicable safety requirements from OSHA, DOT, EPA.

Full Scale Development

1. Timely implementation of SSPP

2. Update system safety requirements

3. Perform hazard analyses. (SHA/O&SHA)

4. Evaluate system design for hazards and safety improvements

5. Establish test requirements and ensure verification of design

6. Participate in design reviews

7. Provide inputs to training manuals, emergency procedures

8. Evaluate mishaps/failures and make recommendations

9. Review/input to trade-off studies

10. Review drawings/specifications for safety

11. Identify safety/protective equipment

12. Provide safety input to training

13. Ensure designs incorporate safety

14. Correct hazards identified demonstration/validation phase

15. Evaluate storage, packing, and handling requirements/plans

16. Review production plans, drawings, procedures

17. Review plans for disposal of hazardous materials

18. Prepare documentation for major milestones

19. Tailor requirements for production

Production and Deployment

1. Monitor system for adequacy of design safety

2. Evaluate design changes to prevent degraded inherent safety

3. Review operations and maintenance publications for safety information

4. Evaluate accidents; recommended design changes

5. Review deficiency reports for operators

6. Review disposal of hazardous materials

7. Update SSPP

8. Monitor production line for safety and safety control of system

9. Review production, maintenance, and operation manuals for necessary cautions, warnings etc. for previously identified hazards

10. Review system for necessary cautions, warning labels, etc. previously identified (e.g., high voltage)

11. Verify safety precautions in test and evaluation (T&E) plans and procedures

12. Identify safety related aging problems and associated controls.

13. Update O&SHA

14. Identify critical parts, procedures, facilities, and inspections

15. Continue to monitor design and procedures to uncover residual hazards; follow-up on corrective action.

Facilities-Related Requirements

1. Ensure building, fire, and other related requirements are met

2. Review facility and installed systems interfaces

3. Review equipment plans

4. Update hazard tracking system

5. Evaluate accidents for deficiencies/oversights/corrective actions

6. Review design modifications for hazards; monitor corrective actions.

Test Case A set of test inputs, execution conditions, and expected results developed for a particular objective, such as to test a particular program path or to verify compliance with a specific requirement.

Testing The process of operating a system under specified conditions, observing or recording the results, and making an evaluation of some aspect of the system.

Test Procedure (a) Specified way to perform a test. (b) Detailed instructions for the set-up and execution of a given set of test cases, and instructions for the evaluation of results of executing the test cases.

Traceability Ability to trace the history, application or location of an entity by means of recorded identifications.

Transient Error An error that occurs once, or at unpredictable intervals.

Validation The process of evaluating a system (and subset), during or at the end of the development process to determine whether it satisfies specified requirements. Conformance to requirements is no total assurance of acceptable risk.

Verification The process of evaluating a system (and subset) to determine whether the products of a given development phase satisfy the conditions imposed at the start of the phase.

Volatile Memory Memory that requires a continuous supply of power to its internal circuitry to prevent the loss of stored information.

Voting A scheme in which the outputs of three of more channels of a system implementation are compared with each other in order to determine agreement between two or more channels, and to permit continued operation in the presence of a malfunction in one of the channels. A degree of fault / malfunction tolerance is obtained.

Watchdog Timer A device that monitors a prescribed operation of computer hardware and / or software and provides an indication when such operation has ceased.

Zero Energy State All energy within the system has been reduced to the lowest possible energy level, at “zero energy level” if possible. All stored or residual energy, such as within capacitors, springs, elevated devices, rotating flywheels, hydraulic systems, pneumatic systems, have been dissipated. It should be noted that it is not possible to dissipate / de-energize all energy within the system additional controls should be implemented, i.e. lockout, repositioning, isolating, restraining, guarding, shielding, relief, bleed off devices.

________________________________________________________________

AREA II C: AUDITING

Basics of Auditing

An audit is a systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives. Safety audits may be internal, completed by safety staff, or external, performed by hired consultants of others. Safety audits generally examines the quality of a safety management system, but may also be conducted to evaluate the design and performance of individual programs, plans, processes, procedures, and practices. The safety audit is an effective tool to determine if and what required and best-practice improvements are needed in a company's safety function.

Safety audits are intended to determine the extent to which the safety management system, its programs, plans, processes, procedures, and practices do the following:

1. Achieves its stated goals and objectives.

2. Conforms to OSHA and other regulatory agency requirements.

3. Complies with company vision and mission.

__________________________________________________________________________________________

Steps for Evaluating Change

Source: CDC/NIOSH

Evaluation should be a part of workplace changes from the start, through the process of finding an idea, trying it, testing to see if it results in positive outcomes, and if it does, adopting it. You can evaluate a plan or idea for change just as well as you can evaluate the actual change. Evaluation isn’t necessarily expensive or complicated. Here are four steps to follow:

Step 1: Form a team

Evaluations are best done by a team. When forming a team, keep in mind that workers are often the best source of information about the workplace.

Wherever possible, the team should include people who are

• affected by the safety and health change,

• responsible for implementing and maintaining the change, and/or

• involved in future decisions about changes.

The team should start by defining the problem as clearly as possible. The more specifically that the problem is defined, the better that a solution can be designed to fit, and the easier it is to test the solution. Brainstorm a solution for the problem and one or two ways to measure the effectiveness of the change. Using more than one way to measure the change will increase your confidence in the results.

Step 2: Collect Relevant Data

Collect accurate data on workplace safety and health. Consider collecting three kinds of data: conditions before the change, information about how the change was put in place, and what happened after the change was made. Good records of how the change was made will help if you want to do it again because they tell you what happened. Data on the outcome will tell you whether to bother doing it again.

How, how often, and when should you collect data?

One way is to measure an outcome (like employee injuries) before and after the change. Typically, injuries are infrequent occurrences; therefore, you may need to collect data for quite awhile before and afterwards to make sure that any changes you detect are real. On the other hand, if you are measuring changes in employee knowledge and attitudes after a training session, you may not need to measure for as long a period of time. You may measure immediately before the training, right after the training, and then one or two more times 3 months to 1 year after the training.

Another model for gathering information is to arrange the change so that it does not affect everyone in the operation at one time. By introducing the change to several different groups over a period of several months or a year, you can get a better idea of effectiveness. Simply measure all the groups (those who receive the change immediately and those who receive it later) at regular intervals as you gradually introduce the change to the selected groups. This takes more effort, but it gives you added confidence that any detected effects are from the change and not some other event.

What to measure depends on the following:

• Expected outcomes – what will happen as a result of the safety and health change? Whatever you expect – reduced injuries or absenteeism, increased productivity, -- measure those things.

• Nature of the safety and health change – for example, if the change is plant exhaust ventilation, then you may want to measure air quality before and after. If the change is increased rest breaks for employees, then you may want to measure productivity. If the change is new training, then you may want to look for performance indicators or success/failure rates.

• Opportunity – think of measurements that are practical. Remember that someone or something has to collect and analyze the measurements you choose.

Here are some simple ways of collecting data. If you use more than one of these methods to measure each change, you will be more certain of the results.

• Records

• Surveys

• Interviews

• Focus Groups

• Observation

• Environmental measures

Several types of records can provide data on the effectiveness of safety and health changes.

Useful data include the following:

• Injury frequency and rates

• Workers compensation costs

• Lost workdays and absenteeism due to work-related injuries

• Profit and loss

• Air sampling data, noise readings

• Production errors or waste

• Cost of respiratory equipment or ear protection

Records should be checked for completeness and accuracy before they are used.

Surveys are useful for determining workers’ perceptions both before and after a change:

Pre-change assessment

• • What is working well?

• What is working poorly?

• Where in the work process are there delays in production?

• Where can quality be improved?

• What procedures place workers at risk of illness or injury?

• What changes can be made to correct existing problems?

Post-change assessment

• Is the change effective?

• How has the workplace been changed?

• Are things better or worse?

• How could the change be improved?

You can also use surveys to measure knowledge, attitudes, and behaviors. Write the survey in such a way that all those who read or hear it will understand the questions. Test the survey with a sample of workers before using it to find out whether the questions are understood as you intend. Surveys can be distributed in a number of ways: in person, with paychecks, by mail, e-mail, Internet, or a combination of methods. Followups are usually necessary to increase participation and get the completed forms back.

It is always best to encourage the participation of your entire workforce in a survey. Often surveys lead to planned change and survey participants are more likely to feel a sense of ownership in the change. However, if you cannot afford to survey everyone in a very large workplace, select a sample that represents all important groups such as departments within a hospital or plant, and be sure to include all the groups that are anticipated to be included in the workplace change.

It is very important to establish a system that assures the confidentiality of each person's responses, including both the collection and the reporting of the survey data, i.e., anonymous surveys and results. This can go a long way toward encouraging employees to provide honest feedback on the survey.

Interviews are one-on-one, face-to-face conversations. In these conversations, the interviewer(s) asks the same set of questions to a number of people, but talking to only one person at a time. Interviews require more time and resources than surveys, but provide more detailed information. Record interviews so that statements can be accurately reviewed and analyzed. Since interviews usually involve fewer people than surveys, you should interview a range of people who represent all the important groups associated with the change. One drawback to interviews is that the data can be challenging to analyze because it may be quite detailed or because there may be extra material that is not important to the evaluation.

Focus groups involve gathering information and opinions that are “focused” on one subject from a small group of people (about 8 to 10 per group). These group discussions often provide insights that might not emerge in interviews. Focus groups can be used in all stages of making a safety and health change — from planning to determining effectiveness. You may want to recruit participants with similar characteristics (such as job classification) since group discussions often thrive on common experience. Hold separate group discussions when you want to solicit opinions from supervisors and the employees they supervise. Assuring the confidentiality of such discussions is essential.

Below are tips for planning and conducting a focus group:

• Develop a list of discussion topics ahead of time.

• Determine the amount of time to be spent on each topic. (Good discussions usually require about 1 ½ – 2 hours. )

• Design questions in such a way that they encourage discussion. (Don’t ask questions that get short answers like “yes” or “true.”)

• Start the session with an “ice breaker” that gets everyone to talk. Make sure that everyone knows that they are expected to contribute.

• Have an experienced note taker attend. If you can get all participants’ permission, record the session on audio or video tape.

• Afterward, review the tape or transcript and summarize major points. If a transcript is prepared, be sure to substitute fictional names for the names of actual participants.

Watching how people behave in the workplace before and after you make a safety and health change may give you good evidence about the effects of the change. Observation allows you to collect fairly continuous information about how the work is done and about the change in the workplace procedures while it is in use.

Follow these guidelines when you observe people:

• Decide in advance which behaviors to look for.

• Vary your observations so that they are a more-representative sample of people and time periods.

• Record your observations. This may involve watching people in person and recording their actions on a checklist. It could also involve recording people on video tape and then categorizing their actions later with the checklist.

• Whether you record people on tape or not, explain what you’re doing and why, and get their permission before you observe. Even though they know you’re watching, most people will quickly forget about it. Remember that the presence of an observer may affect what people do.

Some safety and health changes are designed to improve the physical work environment. Two examples are noise baffles around loud equipment and extra ventilation to remove contaminants. Environmental measures can help determine whether these changes are effective. Environmental measures include air sampling and noise monitoring. This type of data gathering may require people with special equipment and training, but the data they can collect may help pinpoint the value of the change.

Step 3: Analyze Data

Data must be systematically analyzed to determine whether the changes are effective. Data analysis can be simple or complex depending on the questions asked, the completeness of the data, and the experience of the evaluation team.

When analyzing data:

• Allow team members to interpret findings independently.

• Compare members’ findings with the goals set by the team.

• Arrive at conclusions about the change on the basis of the findings.

• Summarize the results in such a way that everyone involved understands them.

After the initial analysis is complete, you may want to continue collecting data about the change. These data can serve as baseline measures for future interventions. They are also useful for determining the long-term impact of the change.

|How to calculate injury rates |

| |

|The number of new injuries per 100 workers in a given period of time is called the incidence rate. Here is how |

|to calculate it: |

|[pic] |

|Note: The figure “200,000 hours” will always be the same in your calculations. It represents 2,000 hours per |

|worker, worked per year, times 100 workers.. |

|Example: During 2001, there were five new injuries at a plant. The total number of hours worked that year was |

|250,000. The incidence rate is calculated as follows: |

|[pic] |

|As shown, there were 4 new injuries per 100 workers at the plant in 2001. The incidence rate is 4. |

Step 4: Share Your Results

First, share your results with those affected by the change. The more you tell them about what you did and what you found, the more they will support your conclusions and your future efforts to evaluate safety and health changes in the workplace. A good way to start the feedback process is to hold work-group meetings to present the results. Don't worry about drawing conclusions from the results, just start with the basic findings. This approach will permit everyone to begin thinking about what the results suggest. You could also post the results in worker areas like break rooms, locker rooms, and cafeterias.

During the data analysis and results steps, be careful to maintain confidentiality. Breeches in confidentiality can affect your credibility. Do not report results in such a way that individual responses can be identified. This is especially important where there are workgroups of 3-6 people. In such circumstances, it may be necessary to report results for several workgroups, combined.

_________________________________________________________________________________________

AREA II D: DATA ANALYSIS AND STATISTICS

Glossary

A

Accidental Sample This sampling technique makes no attempt to achieve representativeness, but chooses subjects based on convenience and accessibility. FOR EXAMPLE, the "person-on-the-street" interviews.

Activities Services or functions carried out by a program (i.e., what the program does). FOR EXAMPLE, treatment programs may screen clients at intake, complete placement assessments, provide counseling to clients, etc.

After-Only Designs One-shot studies; evaluation designs involving only measures taken after the program has been completed.

Analysis A systematic approach to problem solving. Complex problems are made simpler by separating them into more understandable elements. This involves the identification of purposes and facts, the statement of defensible assumptions, and the formulation of conclusions.

Analysis of Covariance A method for analyzing the differences in the means of two or more groups of cases while taking account of variation in one interval-ratio variable.

Analysis of Variance A method for analyzing the differences in the means of two or more groups of cases.

Anchors Anchors are items that serve as reference points from which other items in the series or other points in the scale are judged or compared. FOR EXAMPLE, the opposite ends or poles of a scale identify the extremes so all values within the scale are either greater or less than one of these extremes. Also, the scale midpoint serves as an anchor in that it either divides the scale into categories or quantifies the half value.

Applied Research Research designed for the purpose of producing results that may be applied to real world situations.

Association General term for the relationship among variables.

Asymmetric Measure of Association A measure of association that makes a distinction between independent and dependent variables.

Attitude Surveys Data collection techniques designed to collect standard information from a large number of subjects concerning their attitudes or feelings. These typically refer to questionnaires or interviews. FOR EXAMPLE, a questionnaire may be mailed to residents in a community to assess how 'safe' they feel in their neighborhoods.

Attribute A characteristic that describes a person, thing, or event. FOR EXAMPLE, being female and male are attributes of persons.

Attrition The loss of subjects during the course of a study. This may be a threat to the validity of conclusions if participants of study and comparison/control groups drop out at different rates or for different reasons. FOR EXAMPLE, if treatment participants fail to appear for treatment and are subsequently excluded from the follow-up, the treatment and control subjects remaining may not be "comparable" due to attrition.

Audit The systematic examination of records and the investigation of other evidence to determine the propriety, compliance, and adequacy of programs, systems, and operations. The auditing process may include tools and techniques available from such diverse areas as engineering, economics, statistics, and accounting. The U.S. General Accounting Office auditing standards are applicable to all levels of government and not only relate to auditing of financial operations, but also are concerned with whether governmental organizations are: (1) achieving the purposes for which programs are authorized and funds made available, (2) operating economically and efficiently, and (3) complying with applicable laws and regulations.

B

Backfill Techniques Techniques used in cumulative case studies to collect information needed if the study is to be usable for aggregation; these techniques include, for example, obtaining missing information from the authors on how instances studied were identified and selected.

Baseline Data Initial information on a program or program components collected prior to receipt of services or participation activities. Baseline data are often gathered through intake interviews and observations and are used later for comparing measures that determine changes in a program.

Batch A group of cases for which no assumptions are made about how the cases are selected. A batch may be a population, a probability sample, or a nonprobability sample, but the data are analyzed as if the origin of the data is not known.

Before-After Designs The elementary quasi-experimental design known as the before-after design involves the measurement of "outcome" indicators (e.g., arrest rates, attitudes) prior to implementation of the treatment, and subsequent re-measurement after implementation. Any change in the measure is attributed to the treatment. This design provides a significant improvement over the one-shot study because it measures change in the factor(s) to be impacted. However, this design suffers from threats of history - the possibility that some alternate factor (besides the treatment) has actually caused the change.

Bell-Shaped Curve A distribution with roughly the shape of a bell; often used in reference to the normal distribution but others, such as the t distribution, are also bell-shaped.

Benchmarking Measuring progress toward a goal at intervals prior to the anticipated attainment of the goal. FOR EXAMPLE, measuring and tracking grade-level performance of students in a remedial program at intervals prior to completion of the program.

Benchmarks Measures of progress toward a goal, taken at intervals prior to the program's completion or the anticipated attainment of the final goal. FOR EXAMPLE, semi-annual measures of grade-level performance taken prior to completion of a remedial education program.

Between-Group Variances Indications of how the mean and variances of each group differ from the other groups.

Bias The extent to which a measurement, sampling, or analytic method systematically underestimates or overestimates the true value of an attribute. FOR EXAMPLE, words, sentence structure, attitudes, and mannerisms may unfairly influence a respondent's answer to a question. Bias in questionnaire data can stem from a variety of other factors, including choice of words, sentence structure, and the sequence of questions.

Biased Sample A sample that is not representative of the population to which generalizations are to be made. FOR EXAMPLE, a group of band students would not be representative of all students at the middle school, and thus would constitute a biased sample if the intent was to generalize to all middle school students.

Binary Variables A variable that identifies the presence or absence of a trait, characteristic, opinion, etc.; a "yes/no" variables. FOR EXAMPLE, Male - 0=No, 1=Yes.

Bivariate Analysis An analysis of the relationship between two variables. FOR EXAMPLE, an analysis of the relationship between sex (male/female) and delinquent activity, taking no other factors into account.

Bivariate Data Information about two variables.

Box-and-Whisker Plot A graphic way of depicting the shape of a distribution.

C

Case A single person, thing, or event for which attributes have been or will be observed. FOR EXAMPLE, a case would be one student if the sample to be studied were 250 high school students.

Case Study A method for learning about a complex instance, based on a comprehensive understanding of that instance, obtained by extensive description and analysis of the instance, taken as a whole and in its context.

Categorical Measure A measure that places data into a limited numbers of groups or categories. FOR EXAMPLE, Current Marital Status - Married, Never Married, Divorced, Widowed.

Causal Analysis A method for analyzing the possible causal associations among a set of variables.

Causal Association A relationship between two variables in which a change in one brings about a change in the other. FOR EXAMPLE, caffeine intake and sleeplessness are causally related if greater amounts of caffeine ingested result in a longer times taken to fall asleep.

Causal Model A model or portrayal of the theorized causal relationships between concepts or variables.

Causal Relationship The relationship of cause and effect. The cause is the act or event that produces the effect. The cause is necessary to produce the effect. FOR EXAMPLE, increasing the number of police on patrol causes crime to decrease.

Central Tendency General term for the midpoint or typical value of a distribution. FOR EXAMPLE, one measure of central tendency of a group of high school students is the average (mean) age of the students.

Closed Question A question with more than one possible answer from which one or more answers must be selected.

FOR EXAMPLE, the following is a closed question:

Sex: (1) Male (2) Female.

The following is not a closed question:

What is your political affiliation? _____________________.

Closed-Ended Questions A question that limits responses to predetermined categories. FOR EXAMPLE, multiple choice and yes/no questions.

Cluster Sample A probability sample for which groups or jurisdictions comprising groups were randomly selected.

Clustering Identifying similar characteristics and grouping cases with similar characteristics together.

Codebook A document which lists the variables in a dataset, possible values for each variable, and the definitions of codes that have been assigned to these values.

Coding The process of converting information obtained on a subject or unit into coded values (typically numeric) for the purpose of data storage, management, and analysis. FOR EXAMPLE, the sex of the respondent may be coded "1" for a female and "2" for a male.

Comparative Change Design The quasi-experimental design known as the comparative change design allows for the measurement of change in relevant outcome factors (using a pre- and post-test) and provides for comparison of this change between a treatment group and a non-random comparison group. Because comparison and treatment groups are not randomly selected, alternate explanations due to prior differences between groups continue to be a threat.

Comparative Post-test Design The elementary quasi-experimental design known as the comparative post-test design involves the measurement of outcomes for both the treatment group as well as a comparison group. However, unlike more sophisticated designs, selection of participants into the treatment and comparison groups is not done randomly. While such a design to some extent overcomes the issues of a one-shot study by allowing comparisons of success, this design is typically plagued by threats due to selection bias. That is, an alternate explanation for differences between group outcomes is that some alternate factor, which was related to the selection process, has actually caused the differences in outcomes.

Comparative Time-Series Design The quasi-experimental design known as the comparative time series tracks some outcome of interest for periods before and after program implementation for both the treatment group as well as a non-randomly selected comparison group. Because comparison and treatment groups are not randomly selected, alternate explanations due to prior differences between groups continue to be a threat.

Comparison Group A group of individuals whose characteristics are similar to those of a program's participants. These individuals may not receive any services, or they may receive a different set of services, activities, or products; in no instance do they receive the same services as those being evaluated. As part of the evaluation process, the experimental group (those receiving program services) and the comparison group are assessed to determine which types of services, activities, or products provided by the program produced the expected changes.

Composite Measure A measure constructed using several alternate measures of the same phenomenon. FOR EXAMPLE, a measure of class standing may be constructed using grade point average, standardized test scores, and teacher rankings.

Concept An abstract or symbolic tag that attempts to capture the essence of reality. The "concept" is later converted into variables to be measured. FOR EXAMPLE, "crime" or "recidivism."

Conditional Distribution The distribution of one or more variables given that one or more other variables have specified values. FOR EXAMPLE, the distribution of time in jail only for female (sex=female) inmates.

Confidence Interval An estimate of a population parameter that consists of a range of values bounded by statistics called upper and lower confidence limits, within which the value of the parameter is expected to be located.

Confidence Level The level of certainty to which an estimate can be trusted. The degree of certainty is expressed as the chance that a true value will be included within a specified range, called a confidence interval.

Confidence Limits Two statistics that form the upper and lower bounds of a confidence interval.

Confidentiality Secrecy. In research this involves not revealing the identity of research subjects, or factors which may lead to the identification of individual research subjects.

Confidentiality Form A written form that assures evaluation participants that information they provide will not be openly disclosed nor associated with them by name. Since an evaluation may entail exchanging or gathering privileged or sensitive information about residents or other individuals, a confidentiality form ensures that the participants' privacy will be maintained.

Confounding An inability to distinguish the separate impacts of two or more individual variables on a single outcome. FOR EXAMPLE, there has over time been an inability to adequately distinguish the separate impacts of genetics and environmental factors on IQ.

Consensus Building Outcome The production of a common understanding among participants about issues and programs.

Constraint A limitation of any kind to be considered in planning, programming, scheduling, implementing, or evaluating programs. FOR EXAMPLE, a major constraint to the development of many programs is the amount of funds available.

Construct A concept that describes and includes a number of characteristics or attributes. The concepts are often unobservable ideas or abstractions. FOR EXAMPLE, "community" or "peer pressure."

Construct Validity The extent to which a measurement method accurately represents a construct and produces an observation distinct from that produced by a measure of another construct.

Consultant An individual who provides expert or professional advice or services, often in a paid capacity.

Contamination The tainting of members of the comparison or control group with elements from the program. Contamination threatens the validity of the study because the group is no longer untreated for purposes of comparison.

Content Analysis A set of procedures for collecting and organizing nonstructured information into a standardized format that allows one to make inferences about the characteristics and meaning of written and otherwise recorded material.

Content Validity The ability of the items in a measuring instrument or test to adequately measure or represent the content of the property that the investigator wishes to measure.

Continuous Variable A quantitative variable with an infinite number of attributes. FOR EXAMPLE, distance or length.

Control Group A group of individuals whose characteristics are similar to those of the program participants but who do not receive the program services, products, or activities being evaluated. Participants are randomly assigned to either the experimental group (those receiving program services) or the control group. A control group is used to assess the effect of program activities on participants who are receiving the services, products, or activities being evaluated. The same information is collected for people in the control group and those in the experimental group.

Control Variable A variable that is held constant or whose impact is removed in order to analyze the relationship between other variables without interference, or within subgroups of the control variable. FOR EXAMPLE, if the relationship between age and frequency of delinquent activity is first investigated for male students, then separately investigated for female students, then sex has been used as a control variable.

Convenience Sample A sample for which cases are selected only on the basis of feasibility or ease of data collection. This type of sample is rarely useful in evaluation and is usually hazardous.

Correlation A synonym for association or the relationship between variables.

Correlation coefficient A numerical value that identifies the strength of relationship between variables.

Cost-Benefit A criterion for comparing programs and alternatives when benefits can be valued in dollars. Cost-benefit is the ratio of dollar value of benefit divided by cost. It allows comparison between programs and alternative methods.

Cost-Benefit Analysis An analysis that compares present values of all benefits less those of related costs when benefits can be valued in dollars the same way as costs. A cost-benefit analysis is performed in order to select the alternative that maximizes the benefits of a program.

Cost-Effectiveness A criterion for comparing alternatives when benefits or outputs cannot be valued in dollars. This relates costs of programs to performance by measuring outcomes in nonmonetary form. It is useful in comparing methods of attaining an explicit objective on the basis of least cost or greatest effectiveness for a given level of cost. FOR EXAMPLE, a treatment program may be more cost-effective than an alternative program if it produces a lower rate of recidivism for the same or lower costs, or the same rate of recidivism for a lower cost.

Covariation The degree to which two measures vary together.

Cross-Sectional Data Observations collected on subjects or events at a single point in time.

Criminal History Files Offender-based files which capture prior arrest records for each offender arrested in that jurisdiction.

Cues The alternative responses to questions that increase or decrease in intensity in an ordered fashion. The interviewee is asked to select one answer to the question.

Culture The shared values, traditions, norms, customs, arts, history, institutions, and experience of a group of people. The group may be identified by race, age, ethnicity, language, national origin, religion, or other social categories or groupings.

Cultural Relevance Demonstration that evaluation methods, procedures, and/or instruments are appropriate for the cultures to which they are applied. FOR EXAMPLE, having questionnaires available in multiple languages may make them more culturally relevant.

D

Data Documented information or evidence of any kind.

Data Analysis The process of systematically applying statistical and logical techniques to describe, summarize, and compare data.

Data Collection Instrument A form or set of forms used to collect information for an evaluation. Forms may include interview instruments, intake forms, case logs, and attendance records. They may be developed specifically for an evaluation or modified from existing instruments.

Data Collection Plan A written document describing the specific procedures to be used to gather the evaluation information or data. The document describes who collects the information, when and where it is collected, and how it is obtained.

Database A collection of information that has been systematically organized for easy access and analysis. Databases typically are computerized.

Demographic Question A question used in compiling vital background and social statistics. FOR EXAMPLE, age, marital status, or size of household.

Dependent Variable A variable that may, it is believed, be predicted by or caused by one or more other variables called independent variables. FOR EXAMPLE, if it is hypothesized that the treatment will reduce rearrest for drug us, then "rearrest for drug use" is the dependent variable, which is impacted by the independent variable or treatment.

Descriptive Statistic A statistic used to describe a set of cases upon which observations were made. FOR EXAMPLE, the average age of a class in high school calculated by using all members of that class.

Design The overall plan for a particular evaluation. The design describes how program performance will be measured and includes performance indicators.

Dichotomous Variable A variable with only two possible values. FOR EXAMPLE, "sex."

Direct Benefit Result that is closely related with the program by cause and effect. FOR EXAMPLE, increased adherence to probation restrictions is a result of participation in a compliance and sanctions program.

Direct Costs Resources that must be committed to implement a program. FOR EXAMPLE, program staff salaries.

Direct Impact An effect of a program that addresses a stated goal or objective of that program.

Discrete Variable A quantitative variable with a finite number of attributes. FOR EXAMPLE, day of the month.

Dispersion The extent of variation among cases.

Distribution of a Variable Variation of characteristics across cases.

Document Review A technique of data collection involving the examination of existing records or documents. FOR EXAMPLE, the examination of court documents to collect offender sentences.

Dummy Variables A dichotomous variable, typically used in regression analysis, which indicates the existence (and lack of existence) of a characteristic or group of characteristics in a case. FOR EXAMPLE, "white/male - 0=No, 1=Yes."

E

Ecological Fallacy False conclusions made by assuming relationships found through research with groups can be attributed to individuals.

Effect Size The size of the relationship between two variables (particularly between program variables and outcomes).

Effectiveness Ability to achieve stated goals or objectives, judged in terms of both output and impact.

Efficiency The degree to which outputs are achieved in terms of productivity and input (resources allocated). Efficiency is a measure of performance in terms of which management may set objectives and plan schedules and for which staff members may be held accountable.

Empirical Relying upon or derived from observation or experiment.

Empirical Research Research that uses data drawn from observation or experience.

Empirical Validity Empirical evidence that an instrument measures what it has been designed to measure.

Estimation Error The amount by which an estimate differs from a true value. This error includes the error from all sources (for example, sampling error and measurement error).

Evaluability Assessment An evaluability assessment is a systematic process used to determine the feasibility of a program evaluation. It also helps determine whether conducting a program evaluation will provide useful information that will help improve the management of a program and its overall performance.

Evaluation Evaluation has several distinguishing characteristics relating to focus, methodology, and function. Evaluation (1) assesses the effectiveness of an ongoing program in achieving its objectives, (2) relies on the standards of project design to distinguish a program's effects from those of other forces, and (3) aims at program improvement through a modification of current operations.

Evaluation Plan A written document describing the overall approach or design that will be used to guide an evaluation. It includes what will be done, how it will be done, who will do it, when it will be done, and why the evaluation is being conducted.

Evaluation Practice A practice or set of practices that consist mainly of management information and data incorporated into regular program management information systems to allow managers to monitor and assess the progress being made in each program toward its goals and objectives. Ideally, a program is self-evaluating, continuously monitoring its own activities.

Evaluation Team The individuals, such as the evaluation consultant and staff, who participate in planning and conducting the evaluation. Team members assist in developing the evaluation design, developing data collection instruments, collecting data, analyzing data, and writing the report.

Ex-post Facto Design A research design in which all group selection, pretest data, and posttest data are collected after completion of the treatment. The evaluator is thus not involved in the selection or placement of individuals into comparison or control groups. All evaluation decisions are made retrospectively.

Experimental Data Data produced by an experimental or quasi-experimental design.

Experimental Design A research design in which the researcher has control over the selection of participants in the study, and these participants are randomly assigned to treatment and control groups.

Experimental Group A group of individuals participating in the program activities or receiving the program services being evaluated or studied. Experimental groups (also known as treatment groups) are usually compared to a control or comparison group.

Experimental Mortality The loss of subjects from an experiment due to such factors as illness, lack of interest, or refusal to participate. This loss may effect the comparability of results between the experimental and control groups.

External Validity The extent to which a finding applies (or can be generalized) to persons, objects, settings, or times other than those that were the subject of study.

External Validity Threats Factors that may reduce the transferability of a program's findings to other groups or jurisdictions. FOR EXAMPLE, a program may appear successful using a group of specially selected clients (e.g., first time offenders). However, it would not be a fair test of how this program would work on the general offender population.

F

Feasibility Study A study of the applicability or practicability of a proposed action or plan.

Field Notes A written record of observations, interactions, conversations, situational details, and thoughts during the study period.

Flow Chart A graphic presentation using symbols to show the step-by-step sequence of operations, activities, or procedures. Used in computer system analysis, activity analysis, and in general program sequence representations.

Focus Group A group of 7 to 10 people convened for the purpose of obtaining perceptions or opinions, suggesting ideas, or recommending actions. A focus group is a method of collecting information for the evaluation process.

Focused Interview An interview organized around several predetermined questions or topics but providing some flexibility in the sequencing of the questions and without a predetermined set of response categories or specific data elements to be obtained.

Forced-Choice Question A question that requires respondents to choose between available options. Options such as "other" or "none of the above" are not available alternatives.

Forecasting Estimating the likelihood of an event taking place in the future, based on available data from the past.

Formative Evaluation A type of process evaluation of new programs or services that focus on collecting data on program operations so that needed changes or modifications can be made to the program in the early stages. Formative evaluations are used to provide feedback to staff about the program components that are working and those that need to be changed.

Frequency Distribution A distribution of the count of cases corresponding to the attributes of an observed variable. FOR EXAMPLE, a frequency distribution of a class of 45 students may indicate that 25 were male and 20 were females.

Function A group of related activities and/or projects for which an organizational unit is responsible. This is also the principal purpose a program is intended to serve.

G

Gamma A measure of association; a statistic used with ordinal variables.

Generalizability The extent to which the findings of a study can be applied to other populations, settings, or times. FOR EXAMPLE, the findings that a treatment program for adult females reduced recidivism may not be subsequently generalized to include adult males or juveniles.

Goal A desired state of affairs that outlines the ultimate purpose of a program. This is the end toward which program efforts are directed. FOR EXAMPLE, the goal of many criminal justice programs is a reduction in criminal activity.

H

Halo Effect Bias created by an observer's tendency to rate, perhaps unintentionally, certain objects or persons in a manner that reflects what was previously anticipated.

Hawthorne Effect A tendency of research subjects to act atypically as a result of their awareness of being studied, as opposed to any actual treatment that has occurred. FOR EXAMPLE, if a school principal observes a classroom of students reacting politely and enthusiastically to a new student teacher, such behavior could be a result of the principal's presence in the classroom, as opposed to the quality of the student teacher.

Histogram A graphic depiction of the distribution of a variable.

History Effect This threat to internal validity refers to specific events, other than the program, which may have taken place during the course of study which may have produced the results. FOR EXAMPLE, a highly publicized trial involving local law enforcement which occurs during the time of program operation may impact community attitudes.

Hypothesis A specific statement regarding the relationship between two variables. In evaluation research, this typically involves a prediction that the program or treatment will cause a specified outcome. Hypotheses are confirmed or denied based on empirical analysis.

I

Immediate Outcome The changes in program participants' knowledge, attitudes, and behavior that occur at certain times during program activities. FOR EXAMPLE, acknowledging gang involvement is an immediate outcome.

Impact The ultimate effect of the program on the problem or condition that the program or activity was supposed to do something about. FOR EXAMPLE, a 10% reduction in drug activity as a result of increased drug enforcement and investigation. (There also may be unexpected or unintended impacts.)

Impact Evaluation A type of outcome evaluation that focuses on the broad, long-term impacts or results of program activities. For example, an impact evaluation could show that a decrease in a community's crime rate is the direct result of a program designed to provide community policing.

Implementation Development of a program. The process of putting all program functions and activities into place.

Implementation Strategy The plan for development of a program and procedure for ensuring the fulfillment of intended functions or services.

Implemented Developed or put into place.

Incident-based Crime Files Data bases or files which maintain information on each offense or incident of crime occurring in a jurisdiction.

Independent Variable A variable that may, it is believed, predict or cause fluctuation in an dependent variable. FOR EXAMPLE, if it is believed that age influences the frequency of delinquent behavior, age is the independent variable and frequency of delinquent behavior is the dependent variable. In evaluation research, the treatment (or lack of) is typically treated as an independent variable since it is hypothesized that the treatment will influence some subsequent behavior or state.

Index A set of related measures combined to characterize a more abstract concept.

Index Crimes Part 1 crimes under the Uniform Crime Reporting System. These include murder and non-negligent manslaughter, forcible rape, robbery, aggravated assault, burglary, larceny-theft, motor vehicle theft, and arson.

Index of Dispersion A measure of spread; a statistic used especially with nominal variables.

Indicator A measure that consists of ordered categories arranged in ascending or descending order of desirability.

Indirect Benefit Results that are related to a program, but not its intended objectives or goals. FOR EXAMPLE, an increase in acceptable caseload per probation officer is due to an increased adherence to probation restrictions arising from a compliance program.

Indirect Costs The costs associated with impacts or consequences of a program. FOR EXAMPLE, the costs due to reincarceration.

Indirect Impact An effect of a program that is not associated with one of its stated objectives.

Inferential Statistic A statistic used to describe a population using information from observations on only a probability sample of cases from the population. FOR EXAMPLE, the average age of a class in high school calculated using a random sample of members of that class.

Informed Consent A written agreement by the program participants to voluntarily participate in an evaluation or study after having been advised of the purpose of the study, the type of the information being collected, and how information will be used.

Information System An organized collection, storage, and presentation system of data and other knowledge for decision making, progress reporting, and for planning and evaluation of programs. It can be either manual or computerized, or a combination of both.

In-Person Interviewing Face-to-face interviewing. The interviewer meets personally with the respondent to conduct the interview.

Input Organizational units, people, dollars, and other resources actually devoted to the particular program or activity.

Instrument A tool used to collect and organize information. FOR EXAMPLE, questionnaires, scales, tests.

Instrumental Outcome A measure or measures of phenomena directly related to program goals and objectives.

Instrumentation Bias Bias introduced in a study by a change in the measurement instrument during the course of the study. FOR EXAMPLE, the scale loses its calibration over time or a stopwatch slows.

Intermediate Outcome Results or outcomes of program activities that must occur prior to the final outcome in order to produce the final outcome. FOR EXAMPLE, a prison vocation program must first result in increased employment (intermediate outcome) before it may expect to reduce recidivism (final outcome).

Internal Consistency The extent to which all items in a scale or test measure the same concept.

Internal Validity The extent to which the causes of an effect are established by an inquiry.

Internal Resource An agency's or organization's resources, including staff skills and experience and any information already available through current program activities.

Internal Validity Threat Factors other than program participation that may affect the results or findings. FOR EXAMPLE, changes in the data collection instrument may influence the findings or a pre-test may influence responses to a post-test.

Interquartile Range A measure of spread; a statistic used with ordinal, interval, and ratio variables.

Interrater Reliability The extent to which two different researchers obtain the same result when using the same instrument to measure a concept.

Interrupted Times Series Design The interrupted time series design involves repeated measurement of an indicator (e.g., reported crime) over time, encompassing periods both prior to and after implementation of a program. The goal of such an analysis is to assess whether the treatment (or program) has "interrupted" or changed a pattern established prior to the program's implementation. However, the impact of alternate historical events may threaten the interpretation of the findings. FOR EXAMPLE, an interrupted times series study may collect quarterly arrest rates for drug related offenses in a given community for two years prior to and two years following the implementation of a drug enforcement task force. The analysis focuses on changes in patterns before and after the introduction of the program.

Interval Estimate General term for an estimate of a population parameter that is a range of numerical values.

Interval Measure A quantitative measure with equal intervals between categories, but with no absolute zero. FOR EXAMPLE, IQ scores.

Interval Scale A measurement scale that measures quantitative differences between values of a variable, with equal distances between the values.

Interval Variable A quantitative variable that attributes of which are ordered and for which the numerical differences between adjacent attributes are interpreted as equal. FOR EXAMPLE, Intelligence scores.

Intervening Variable A variable that causally links other variables to each other. In a causal model, this intermediate variable must be influenced by one variable in order for a subsequent variable to be influenced. FOR EXAMPLE, it may be expected that a vocational program will change an offender's employment status which will subsequently reduce recidivism. Participation in the vocational program would be the independent variable, employment status - the intervening variable, and rearrest - the dependent variable.

Interviews Interviews involve face-to-face situations or telephone contacts in which the researcher orally solicits responses.

J

Judgment Sample A sample selected by using discretionary criteria rather than criteria based on the laws of probability.

Judgmental Forecasting Judgmental Forecasting attempts to elicit and synthesize informed judgments and are often based on arguments from insight.

K

Kaldor-Hicks Criterion A criterion of equity which states that one social state is better than another if there is a net gain in efficiency and if those that gain can compensate the losers.

Kendall's tau A measure of association used to correlate two ordinal scales.

Kenneth Arrow's Impossibility Theorem A theorem to demonstrate that it is impossible to aggregate individual preferences through majority voting without violating one or more of five reasonable conditions of democratic decision-making.

Known-group Validation A procedure for validating an instrument which involves testing on a group for which the results are already known. FOR EXAMPLE, testing a self-report instruments on a group of known offenders.

Kurtosis A term used to describe a curve indicating that it is more peaked than the normal curve.

L

Lambda A measure of association; a statistic used with nominal variables.

Level of Measurement Refers to the four levels of variables and their empirical attributes - nominal, ordinal, interval, and ratio.

Likert Scale A type of composite measure using standardized response categories in survey questionnaires. Typically a range of questions using response categories such as strongly agree, agree, disagree, and strongly disagree are utilized to construct a composite measure.

Logic Model Describes how a program should work, presents the planned activities for the program, and focuses on anticipated outcomes. While logic models present a theory about the expected program outcome, they do not demonstrate whether the program caused the observed outcome. Diagrams or pictures that illustrate the logical relationship among key program elements through a sequence of "if-then" statements are often used when presenting logic models.

Longitudinal Data Sometimes called "time series data," observations collected over a period of time; the sample (instances or cases) may or may not be the same each time but the population remains constant. FOR EXAMPLE, quarterly arrest rates for drug-related offenses in a given city for a period of two years.

Longitudinal Study The study of the same group over a period of time. These generally are used in studies of change.

M

Management The guidance and control of action required to execute a program. Also, the individuals charged with the responsibility of conducting a program.

Management Information System An information collection and analysis system, usually computerized, that facilitates access to program and participant information. It is usually designed and used for administrative purposes.

Marginal Distribution The distribution of a single variable based upon an underlying distribution of two or more variables.

Matching A method utilized to create comparison groups, in which groups or individuals are matched to those in the treatment group based on characteristics felt to be relevant to program outcomes.

Matrix of Categories A method of displaying relationships among themes in analyzing case study data that shows whether changes in categories or degrees along one dimension are associated with changes in the categories of another dimension.

Maturation Effect A threat to the internal validity of an evaluation in which observed outcomes are a result of natural changes of the program participants over time rather than because of program impact. FOR EXAMPLE, age cohorts generally mature and/or change crime commission tendencies over time. This may naturally alter crime commission patterns independent of program participation.

Mean A measure of central tendency, the arithmetic average; a statistic used primarily with interval-ratio variables following symmetrical distributions. FOR EXAMPLE, the average age or average height of a group of middle school students.

Measurement A procedure for assigning a number to an object or an event.

Measurement Error The difference between a measured value and a true value.

Measures of Association Statistics that indicate the strength and nature of a relationship between variables.

Measures of Central Tendency Measures that indicate the midpoint or central value of a distribution. These measures include the mean, median, and mode. FOR EXAMPLE, one measure of central tendency of a group of high school students is the average (mean) age of the students.

Median A measure of central tendency, the value of the case marking the midpoint of an ordered list of values of all cases; a statistic used primarily with ordinal variables and asymmetrically distributed interval-ratio variables.

Meta-analysis The systematic analysis of a set of existing evaluations of similar programs in order to draw general conclusions, develop support for hypotheses, and/or produce an estimate of overall program effects.

Methodology The way in which information is found or something is done. The methodology includes the methods, procedures, and techniques used to collect and analyze information. FOR EXAMPLE, questionnaires or use of secondary information.

Mission The part of a goal or endeavor assigned as a specific responsibility of a particular organizational unit. It includes the task, together with the purpose, which clearly indicates the action to be taken and the reasons.

Mode A measure of central tendency, the value of a variable that occurs most frequently; a statistic used primarily with nominal variables.

Monitoring An on-going process of reviewing a program's activities to determine whether set standards or requirements are being met.

Monitoring System An on-going system to collect data on a program=s activities and outputs, designed to provide feedback on whether the program is fulfilling its functions, addressing the targeted population, and/or producing those services intended. FOR EXAMPLE, a computerized intake system may be utilized which captures client characteristics, and subsequently provides monthly reports on the numbers of clients processed and receiving services.

Mortality Threat A threat to the internal validity of an evaluation caused by participants withdrawing or dropping out prior to program conclusion. FOR EXAMPLE, the impact of the success of a drug awareness program is difficult to assess in a school with a high attrition rate.

Multivariate Analysis An analysis of the relationships between more than two variables.

N

N Number of cases. Uppercase "N" refers to the number of cases in the population. Lower case "n" refers to the number of cases in the sample.

Nominal Variable A quantitative variable whose attributes have no inherent order. FOR EXAMPLE, "sex" or "race."

Nonequivalent Comparison Group Design Evaluation designs that use nonrandomized comparison groups to evaluate program effects. Also referred to as quasi-experimental designs.

Non-experimental Data Data not produced by an experiment or quasi-experiment. FOR EXAMPLE, the data may be administrative records or the results of a survey.

Nonindex Crimes Part 2 crimes under the Uniform Crime Reporting System. Twenty-two crimes are included, such as simple assault, vandalism, gambling, drunkenness, and the like. (See Index Crimes.)

Non-probability Sample A sample not produced by a random process. FOR EXAMPLE, it may be a sample based upon an evaluator's judgment about which cases to select.

Non-respondent A person who fails to answer either a questionnaire or a question.

Non-response Bias The bias created by the failure of part of a sample to respond to a survey or answer a question. If those responding and those not responding have different characteristics, the responding cases may not be representative of the population from which they were sampled.

Normal Distribution (Curve) A theoretical distribution that is closely approximated by many actual distribution of variables.

Normative Question A type of evaluation question requiring comparison between what is happening (the condition) to norms and expectations or standards for what should be happening (the criterion).

Null Hypothesis A hypothesis stating that two variables are not related. Research attempts to disprove the null hypothesis by finding evidence of a relationship.

O

Objective Specific results or effects of a program's activities that must be achieved in pursuing the program's ultimate goals. FOR EXAMPLE, a treatment program may expect to change offender attitudes (objective) in order to ultimately reduce recidivism (goal).

Observation A data collection strategy in which the activities of subjects are visually examined. The observer attempts to keep his/her presence from interfering in or influencing any behaviors. FOR EXAMPLE, watching an interrogation through a one-way mirror or collecting information on arrest techniques by "riding along" involve observation.

Observational Techniques Data collection strategies which use observation of subjects as a means to collect data. These techniques generally involve attempts by the observer to not alter or change the behavior being observed. FOR EXAMPLE, collecting data on cases or courtroom procedures by watching, and recording, courtroom activity is an observational technique.

One-group Designs Research designs which study a single program with no comparison or control group.

One-shot Case Study The one-shot case study involves the measurement of an identified "outcome" after a treatment or program has been implemented. However, there are no measures taken or available for comparison (i.e., status before the program, or outcome of a comparison or control group). Without a comparison measure, there is no means for inferring that the "outcome" was actually influenced by the treatment or program.

Open-ended Interview An interview in which, after an initial or lead question, subsequent questions are determined by topics brought up by the person being interviewed; the concerns discussed, their sequence, and specific information obtained are not predetermined and the discussion is unconstrained, able to move in unexpected directions.

Open-ended Question A question that does not have a set of possible answers from which to make a selection but permits the respondent to answer in essay form. On a questionnaire, the respondent would write an essay or short answer or fill in a blank. During an interview, the respondent would give the interviewer an unstructured, narrative answer. The interviewer would record the response verbatim or select salient features. If a structured interview were used, a question might appear to be open-ended to the interviewee but could be "closed down" by the interviewer, who would have a set of alternative answers to check.

Operational Definition Detailed description of how a concept or variable will be measured and how values will be assigned. FOR EXAMPLE, one operational definition of prior criminal behavior may involve reported arrests for felony offenses based on an FBI fingerprint search, while another operational definition may involve self-reported criminal history obtained by response to a short list of questions on a standardized questionnaire.

Operationalization A process of describing constructs or variables in concrete terms so that measurements can be made. FOR EXAMPLE, one process for operationalizing prior criminal behavior may involve reported arrests for felony offenses based on an FBI fingerprint search, while another process may involve self-reported criminal history obtained by response to a short list of questions on a standardized questionnaire.

Operationalize To define a concept in a way that can be measured. In evaluation research, to translate program inputs, outputs, objectives, and goals into specific measurable variables. FOR EXAMPLE, one way to operationalize prior criminal behavior may involve only reported arrests for felony offenses based on an FBI fingerprint search, while another means to operationalize may involve self-reported criminal history obtained by response to a short list of questions on a standardized questionnaire.

Operational Plan A tactical statement of when and what critical milestones must be passed to attain objectives programmed for a specific period.

Ordinal Scale Data Data classified into exhaustive, mutually exclusive, and ordered or ranked categories. FOR EXAMPLE, a typical ordinal scale may involve responses of "very good," "good," "satisfactory," "poor," and "very poor."

Ordinal Variable A quantitative variable whose attributes are ordered but for which the numerical differences between adjacent attributes are not necessarily interpreted as equal. FOR EXAMPLE, amount of school completed - (1)elementary school, (2)middle school, (3)high school, (4)college.

Outcome Evaluation An evaluation used by management to identify the results of a program's effort. It seeks to answer management's question, "What difference did the program make?" It provides management with a statement about the net effects of a program after a specified period of operation. This type of evaluation provides management with knowledge about: (1) the extent to which the problems and needs that gave rise to the program still exist, (2) ways to ameliorate adverse impacts and enhance desirable impacts, and (3) program design adjustments that may be indicated for the future.

Outcome The results of program operations or activities. FOR EXAMPLE, anticipated outcomes of DARE programs may include increased knowledge about drugs and alcohol, changed attitudes about drugs and alcohol, and reduced involvement with drugs and alcohol.

Outlier Instances that are aberrant or do not fit with other instances: instances that, compared to other members of a population, are at the extremes on relevant dimensions. FOR EXAMPLE, while sentences for most criminal offenders may involve between one and twenty years, extreme cases may involve sentences (multiple consecutive sentences) of 300 years or more.

Output Immediate measures of what the program did. FOR EXAMPLE, the output of a drug enforcement team may include the amount of marijuana shipments seized, the number of drug rings investigated, and the number of drug arrests made.

Outside Evaluator An evaluator not affiliated with the agency prior to the program evaluation. Also known as third-party evaluator.

P

Panel Data A special form of longitudinal data in which observations are collected on the same sample of respondents over a period of time.

Panel Interviewing Conducting repeated interviews with the same group of respondents over time.

Parameter A number that describes a population. FOR EXAMPLE, percent of males in the population.

Participant A resident, family, complex, neighborhood, or community receiving or participating in services provided by the program. Also known as client or target population group.

Participant Observation A research method involving direct participation of the researcher in the events being studied. The researcher may either reveal or hide the true reason for involvement.

Pearson Product-Moment Correlation Coefficient A measure of association; a statistic used with interval-ratio variables.

Peer Review An assessment of a product conducted by a person or persons of similar expertise to the author.

Performance Evaluation An evaluation that compares actual performance with that planned in terms of both resource utilization and production. It is used by management to redirect program efforts and resources and to redesign the program structure.

Performance Measurement Involves ongoing data collection to determine if a program is implementing activities and achieving objectives. It measures inputs, outputs, and outcomes over time. In general, pre-post comparisons are used to assess change.

Performance Measures Ways to objectively measure the degree of success a program has had in achieving its stated objectives, goals, and planned program activities. FOR EXAMPLE, number of clients served, attitude change, and rates of rearrest may all be performance measures.

Pilot A pretest or trial run of a program, evaluation instrument, or sampling procedure for the purpose of correcting any problems before it is implemented or used on a larger scale.

Pilot Test Preliminary test or study of the program or evaluation activities to try out procedures and make any needed changes or adjustments. FOR EXAMPLE, an agency may pilot test new data collection instruments that were developed for the evaluation.

Planning The process of anticipating future occurrences and problems, exploring their probable impact, and detailing policies, goals, objectives, and strategies to solve the problems. This often includes preparing options documents, considering alternatives, and issuing final plans.

Point Biserial Coefficient A measure of association between an interval-ratio variable and a nominal variable with two attributes.

Point Estimate An estimate of a population parameter that is a single numerical value. FOR EXAMPLE, the percent of males in the population.

Policy A governing principle pertaining to goals, objectives, and/or activities. It is a decision on an issue not resolved on the basis of facts and logic only. FOR EXAMPLE, the policy of expediting drug cases in the courts might be adopted as a basis for reducing the average number of days from arraignment to disposition.

Policy Analysis An analysis used to help managers understand the extent of the problem or need that exists and to set realistic goals and objectives in response to such problem or need. It may be used to compare actual program activities with the program's legally established purposes in order to ensure legal compliance.

Population The total number of individuals or objects being analyzed or evaluated.

Posttest A test or measurement taken after services or activities have ended. It is compared with the results of a pretest to show evidence of the effects or changes resulting from the services or activities being evaluated.

Precision The exactness of a question's wording or the amount of random error in an estimate.

Pretest A test or measurement taken before services or activities begin. It is compared with the results of a posttest to show evidence of the effects of the services or activities being evaluated. A pretest can be used to obtain baseline data.

Primary Data Data collected by the researcher specifically for the research project. FOR EXAMPLE, a survey of program participants undertaken by the researcher involves the collection of primary data, while a subsequent review of the program's case files involves the use of secondary data.

Probability Distribution A distribution of a variable that expresses the probability that particular attributes or ranges of attributes will be, or have been observed.

Probability Sample A group of cases selected from a population by a random process. Every member of the population has a known, nonzero probability of being selected.

Probability Sampling A method for drawing a sample from a population such that all possible samples have a known and specified probability of being drawn.

Probe To examine a subject in an interview in depth, using several questions.

Problem statement A problem statement should describe the problem, describe its causes, and identify potential approaches or solutions to the problem through the use of literature reviews. In program evaluation, inclusion of a problem statement as part of the model provides an opportunity for the importance of a program to be conveyed. A detailed description of the problem and who is affected can provide a baseline for comparison purposes and a greater understanding of who has benefited from program services.

Process The programmed, sequenced set of things actually done to carry out a program mission.

Process Evaluation Process evaluation focuses on how a program was implemented and operates. It identifies the procedures undertaken and the decisions made in developing the program. It describes how the program operates, the services it delivers, and the functions it carries out. Like monitoring evaluation, process evaluation addresses whether the program was implemented and is providing services as intended. However, by additionally documenting the program's development and operation, it allows an assessment of the reasons for successful or unsuccessful performance, and provides information for potential replication.

Productivity The relationship between production of an output and one, some, or all of the resource inputs used in accomplishing the assigned task. It is measured as a ratio of output per unit of input over time. It is a measure of efficiency and is usually considered as output per person-hour.

Program A major endeavor authorized and funded to achieve a significant purpose, defined in terms of the principal actions/activities required. It may cross organizational lines.

Program Activities Activities, services, or functions carried out by the program (i.e., what the program does). FOR EXAMPLE, treatment programs may screen clients at intake, complete placement assessments, provide counseling to clients, etc.

Program Analysis The analysis of options in relation to goals and objectives, strategies, procedures, and resources by comparing alternatives for proposed and ongoing programs. It embraces the processes involved in program planning and program evaluation.

Program Effectiveness Evaluation The application of scientific research methods to estimate how much observed results, intended or not, are caused by program activities. Effect is linked to cause by design and analyses that compare observed results with estimates of what might have been observed in the absence of the program.

Program Failure A program shortcoming in which the outcome criteria are not affected by participation of the subjects in the program (i.e., the program does not accomplish its objective). FOR EXAMPLE, a prison alternative which has no impact on recidivism rates.

Program Implementation Objective What is planned to be done in the program, components, or services. FOR EXAMPLE, providing security patrols in five buildings three times each evening is a program implementation objective.

Program Justification The narrative and related analyses and statistical presentations supporting a program budget request. It includes: (1) definitions of program objectives, including a rationale for how the proposed program is expected to help solve the problem and the magnitude of the need, (2) plans for achieving the objectives , and (3) the derivation of the requested appropriation in terms of outputs or workloads showing productivity trends and the distribution of funds among organizational units.

Program Model A flowchart or model which identifies the objectives and goals of a program, as well as their relationship to program activities intended to achieve these outcomes.

Public Program Program conducted by a federal, state, or local governmental agency.

Purposive Sample Instances appropriately selected to answer different evaluation questions, on various systematic bases, such as best or worst practices; a judgmental sample. If conducted systematically, can be widely useful in evaluation.

Q

Qualitative Analysis An analysis that ascertains the nature of the attributes, behavior, or opinions of the entity being measured. FOR EXAMPLE, in describing a person, a qualitative analysis might conclude that the person is tall, thin, and middle-aged.

Qualitative Data Information that is difficult to measure, count, or express in numerical terms. For example, how safe a resident feels in his or her apartment is qualitative data.

Qualitative Research Research involving detailed, verbal descriptions of characteristics, cases, and settings. Qualitative research typically uses observation, interviewing, and document review to collect data.

Quantify To attach numbers to an observation.

Quality Control A procedure for keeping quality of inputs or outputs to specifications.

Quantitative Data Information that can be expressed in numerical terms, counted, or compared on a scale. FOR EXAMPLE, the number of 911 calls received in a month.

Quantitative Analysis An analysis that ascertains the magnitude, amount, or size, for example, of the attributes, behavior, or opinions of the entity being measured. FOR EXAMPLE, in describing a population, a quantitative analysis might conclude that the average person is 5 feet 11 inches tall, weighs 180 pounds, and is 45 years old.

Quantitative Research Research that examines phenomenon through the numerical representation of observations and statistical analysis.

Quasi-Experimental Design A research design with some, but not all, of the characteristics of an experimental design. While comparison groups are available and maximum controls are used to minimize threats to validity, random selection is typically not possible or practical.

Questionnaire A printed form containing a set of questions for gathering information.

Quota Sampling A nonprobability stratified sampling procedure in which units are selected for the sample to adhere to certain proportions of characteristics desired. FOR EXAMPLE, an interviewer is instructed to interview 100 individuals in a mall (half male and half female). If the interviewer obtains 50 female interviews first, only males will be interviewed until that quota is also met.

R

Random Assignment The assignment of individuals in the pool of all potential participants to either the experimental (treatment) group or the control group in such a manner that their assignment to a group is determined entirely by chance.

Random Comparison Group Design In this research design, the comparison group is randomly selected from the population of interest, even though the treatment group is not selected randomly.

Randomized Comparative Change Design In the experimental design known as the randomized comparative change design a treatment and control group are randomly selected for study. Both groups are administered a pre-test. The treatment group is given the treatment, while the control group is not. Both groups are tested or measured after the treatment. The test results of the two groups are compared. The pretest allows a check on the randomization process, and allows for control of any differences found.

Randomized Comparative Post-Test Design In the experimental design known as the randomized comparative post-test design a treatment and control group are randomly selected for study. The treatment group is given the treatment, while the control group is not. Both groups are tested or measured after the treatment. The test results of the two groups are compared.

Randomized Controlled Trial In a randomized controlled trial, the impact of a program is determined by randomly assigning individuals to an intervention group or control group.

Random Digit Dialing Rather than selecting names and numbers of individuals to be called, computers are used to generate random sets of seven-digit numbers, which are then called as the survey sample.

Random Sampling A procedure for sampling from a population that gives each unit in the population a known probability of being selected into the sample.

Range A measure of spread which gives the distance between the lowest and the highest values in a distribution; a statistic used primarily with interval-ratio variables. FOR EXAMPLE, a study may report that ages in the sample ranged from 21 to 65 years.

Ratio Measure A level of measurement which has all the attributes of nominal, ordinal, and interval measures, and is based on a "true zero" point. As a result, the difference between two values or cases may be expressed as a ratio. FOR EXAMPLE, it may be reported that person A weighed twice as much as person B, because weight is typically measured using a ratio measure (i.e., pounds).

Recidivism The repetition of criminal or delinquent behavior.

Regression Analysis A method for determining the association between a dependent variable and one or more independent variables.

Regression Coefficient An asymmetric measure of association; a statistic computed as part of a regression analysis.

Regression Discontinuity Design In this research design, subjects are placed into treatment and control groups based on a score obtained on some variable. Those scoring higher of the assignment variable are placed into one group, while those scoring lower are placed in the other group.

Regression Effects The tendency of subjects, who are initially selected due to extreme scores, to have subsequent scores move inward toward the mean. Also known as statistical regression/regression to the mean/regression fallacy. FOR EXAMPLE, students with the highest grades in a midterm exam are more likely to have scores closer to the mean at the final. This effect may be misinterpreted in evaluation research as being a result of the program.

Regression Fallacy The tendency of subjects, who are initially selected due to extreme scores, to have subsequent scores move inward toward the mean. Also known as statistical regression/regression to the mean/regression effect. FOR EXAMPLE, students with the highest grades in a midterm exam are more likely to have scores closer to the mean at the final. This effect may be misinterpreted in evaluation research as being a result of the program.

Reliability The extent to which a measurement instrument yields consistent, stable, and uniform results over repeated observations or measurements under the same conditions each time. FOR EXAMPLE, a scale is unreliable if it weighs a child three times in three minutes and gets three different weights.

Reliability Assessment An effort required to demonstrate the repeatability of a measurement or how likely a question may be to get consistently similar results. It is different from verification (checking accuracy) or validity.

Replication The duplication of an experiment or program.

Representative Reflecting the characteristics or nature of the larger population to which one wants to generalize.

Representative Sample A sample that has approximately the same distribution of characteristics as the population from which it was drawn.

Request For Proposal An open solicitation to potential grantees or contractors inviting them to compete for money available to evaluate programs.

Research Design A plan of what data to gather, from whom, how and when to collect the data, and how to analyze the data obtained.

Resistant Statistic A statistic that is not much influenced by changes in a few observations.

Resources Assets available and anticipated for operations. They include people, equipment, facilities and other things used to plan, implement, and evaluate public programs whether or not paid for directly by public funds.

Response Rate The percentage of persons in a sample who respond to a survey.

Response Style The tendency of a respondent to answer in a specific way regardless of how a question is asked. FOR EXAMPLE, some persons may be more likely to use extreme categories, such as "very good" or "excellent", while others may shy away from use of such extremes.

Response Variable A variable on which information is collected and which there is an interest because of its direct policy relevance. FOR EXAMPLE, in studying policies for retraining displaced workers, employment rate might be the response variable.

S

Sample A subset of the population. Elements are selected intentionally as a representation of the population being studied.

Sample Design The sampling procedure used to produce any type of sample.

Sampling Distribution The distribution of a statistic.

Sampling Error The maximum expected difference between a probability sample value and the true value.

Sampling Frame The complete list of the universe or population of interest in the study. FOR EXAMPLE, all persons living in a given area, or all offenders eligible for a given treatment.

Scale An aggregate measure that assigns a value to a case based on a pattern obtained from a group of related measures.

Scientific Sample Synonymous with Probability Sample. A group of cases selected from a population by a random process. Every member of the population has a known, nonzero probability of being selected.

Scoping Analyzing alternative ways for conducting an evaluation. It is clarifying the validity of issues, the complexity of the assignment, the users of final reports, and the selection of team members to meet the needs of an evaluation. Scoping ends when a major go/no-go decision is made about whether to do the evaluation.

Secondary Data Data that has been collected for another purpose, but may be reanalyzed in a subsequent study. FOR EXAMPLE, state criminal history files may be searched both to analyze prior criminal history of offenders in treatment programs and to identify subsequent recidivism. However, such data was not originally collected for such purposes.

Selection Bias Potential biases introduced into a study by the selection of different types of people into treatment and comparison groups. As a result, the outcome differences may potentially be explained as a result of pre-existing differences between the groups, as opposed to the treatment itself.

Selection Effects 1) Selection bias is a threat to the internal validity of an evaluation when the researcher chooses non-equivalent groups for comparison. FOR EXAMPLE, when the recidivism rate of a program tested on first time offenders is compared to the recidivism rate of the general prison population.

2) Selection bias is a threat to the external validity of an evaluation if the study group is not representative of the larger population to which results are intended to be inferred. FOR EXAMPLE, a program may appear successful using a group of specially selected clients (e.g., first time offenders). However, it would not be a fair test of how this program would work on the general offender population.

Self-evaluation The evaluation of a program by those conducting the program.

Self-Reported Data Information that program participants generate themselves that is used to assess program processes or outcomes.

Significance Level The probability of rejecting a set of assumptions when they are in fact true.

Simple Random Sample A method for drawing a sample from a population such that all samples of a given size have equal probability of being drawn.

Sleeper Effect An impact of a study that does not appear immediately, but may manifest at a later time.

Spread General term for the extent of variation among cases.

Spuriousness A condition in which two variables vary together, but are not in fact causally related. Both may be influenced independently by a third variable. FOR EXAMPLE, it may be found that children who eat more ice cream are less likely to be involved in delinquent behavior. Rather than concluding that "ice cream consumption" reduces "delinquent behavior," it may be found that both behaviors are a function of a third variable, "income."

Staffing Personnel required for a program or a project.

Standard A criterion for evaluating performance and results. It may be a quantity or quality of output to be produced, a rule of conduct to be observed, a model of operation to be adhered to, or a degree of progress toward a goal.

Standard Deviation A measure of the spread, the square root of the variance; a statistic used with interval-ratio variables.

Standard Instruments An assessment, inventory, questionnaire, or interview that has been tested with a large number of individuals and is designed to be administered to program participants in a consistent manner. Results of tests with program participants can be compared to reported results of the tests used with other populations.

Standardized Question A question that is designed to be asked or read and interpreted in the same way regardless of the number and variety of interviewers and respondents.

Statistic A number computed from data on one or more variables.

Statistical Analysis Analyzing collected data for the purposes of summarizing information to make it more usable and/or making generalizations about a population based on a sample drawn from that population.

Statistical Conclusion Validity The extent to which the observed statistical significance (or the lack of statistical significance) of the covariation between two or more variables is based on a valid statistical test of that covariation.

Statistical Control A statistical technique used to eliminate variance in dependent variables caused by extraneous sources. In evaluation research, statistical controls are often used to control for possible variation due to selection bias by adjusting data for program and control group on relevant characteristics.

Statistical Procedure A set of standards and rules based in statistical theory by which one can describe and evaluate what has occurred.

Statistical Sample Synonymous with probability sample; a group of cases selected from a population by a random process in which every member of the population has a known, nonzero probability of being selected.

Statistical Significance The degree to which a value is greater or smaller than would be expected by chance. Typically, a relationship is considered statistically significant when the probability of obtaining that result by chance is less than 5% if there were, in fact, no relationship in the population.

Statistical Test Type of statistical procedure that is applied to data to determine whether the results are statistically significant (that is, the outcome is not likely to have resulted by chance alone).

Statistical Weighting A technique used to assure representation of certain groups in the sample. Data for underrepresented cases are weighted to compensate for their small numbers, making the sample a better representation of the underlying population.

Stem The statement portion of a question.

Stem-and-Leaf Plot A graphic or numerical display of the distribution of a variable.

Strategic Evaluation An evaluation used by managers as an aid to decide which strategy a program should adopt in order to accomplish its goals and objectives at a minimum cost. In addition, strategy evaluation might include alternative specifications of the program design itself, detailing milestone and flow networks, manpower specifications, progress objectives, and budget allocations.

Strategic Plan The process of comprehensive, integrative program planning that considers, at a minimum, the future of current decisions, overall policy, organizational development, and links to operational plans.

Stratified Random Sampling A sampling procedure for which the population is first divided into strata or subgroups based on designated criteria and then the sample is drawn, either proportionately or disproportionately, from each subgroup.

Structural Equation Modeling A method for determining the extent to which data on a set of variables are consistent with hypotheses about causal association among the variables.

Structured Interview An interview in which questions to be asked, their sequence, and detailed information to be gathered are all predetermined; used where maximum consistency across interviews and interviewees is needed.

Summative Evaluation A type of outcome evaluation that assesses the results or outcomes of a program. This type of evaluation is concerned with a program's overall effectiveness.

Supplementary Variable A variable upon which information is collected because of its potential relationship to a response variable.

Survey The collection of information from a common group through interviews or the application of questionnaires to a representative sample of that group.

Surveys Data collection techniques designed to collect standard information from a large number of subjects. Surveys may include polls, mailed questionnaires, telephone interviews, or face-to-face interviews.

Symmetric Measure of Association A measure of association that does not make a distinction between independent and dependent variables.

Systematic Sample A sample drawn by taking every nth case from a list, after starting with a randomly selected case among the first n individuals.

T

Target An objective (constraint or expected result) set by management to communicate program purpose to operating personnel (for example, maintaining a monthly output level).

Target Population The population, clients, or subjects intended to be identified and served by the program. FOR EXAMPLE, a boot camp program may identify, as its target population, 18-20 year old first-time violent offenders.

Telescoping The tendency of respondents (particularly in victim surveys) to move forward and report as having occurred events which actually took place before the reference period or time period being studied. FOR EXAMPLE, a respondent asked if she had been the victim of a robbery in the last year, recalls and reports an incident that actually occurred 18 months prior.

Testing Bias Bias and foreknowledge introduced to participants as a result of a pretest. The experience of the first test may impact subsequent reactions to the treatment or to retesting.

Test-retest Administration of the same test instrument twice to the same population for the purpose of assuring consistency of measurement.

Theory Failure A program shortcoming in which the intermediate program effects succeed as planned but the outcome criteria remain unchanged.

Time-series Designs Research designs that collect data over long time intervals - before, during, and after program implementation. This allows for the analysis of change in key factors over time.

Transformed Variable A variable for which the attribute values have been systematically changed for the sake of data analysis.

Treatment Group The subjects of the intervention being studied.

Treatment Variable An independent variable in program evaluation that is of particular interest because it corresponds to a program's intent to change some dependent variable. FOR EXAMPLE, number of sessions with the case counselor or participation in training programs.

Trend The change in a series of data over a period of years that remains after the data have been adjusted to remove seasonal and cyclical fluctuations.

Triangulation The combination of methodologies in the study of the same phenomenon or construct; a method of establishing the accuracy of information by comparing three or more types of independent points of view on data sources (for example, interviews, observation, and documentation; different times) bearing on the same findings. Akin to corroboration and an essential methodological feature of case studies.

U

Uniform Crime Reports Standard information maintained by the U.S. Department of Justice on crime statistics as reported by participating police departments. The UCR includes the number of offenses reported and arrests made for major categories of crime.

Unit of Analysis The class of elemental units that constitute the population and the units selected for measurement; also, the class of elemental units to which the measurements are generalized.

Univariate Analysis An analysis of a single variable.

Unobtrusive Measures Any method of data collection in which the subjects are not aware that they are being studied. FOR EXAMPLE, physical traces, observation, analysis of existing data, and archives.

Usability Evaluation Assesses the degree to which a product or item can be operated by its users, the efficiency of the product/item and/or satisfaction with the product or item by the users.

V

Validity The extent to which a measurement instrument or test accurately measures what it is supposed to measure. FOR EXAMPLE, a reading test is a valid measure of reading skills, but it is not a valid measure of total language competency.

Validity Assessment The procedures necessary to demonstrate that a question or questions are measuring the concepts that they were designed to measure.

Variable Variables can be classified into three categories:

A. Independent (input, manipulated, treatment, or stimulus) variables, so called because they are "independent" of the outcome; instead, they are presumed to cause, effect, or influence the outcome.

B. Dependent (output, outcome, response) variables, so called because they are "dependent" on the independent variable; the outcome presumably depends on how these input variables are managed or manipulated.

C. Control (background, classificatory, or organismic) variables, so called because they need to be controlled, held constant, or randomized so that their effects are neutralized, canceled out, or equated for all conditions. Typically included are such factors as age, sex, IQ, SES (socioeconomic status), educational level, and motivational level; it is often possible to redefine these particular examples as either independent or dependent variables, according to the intent of the research.

A fourth category having to do with conceptual states within the organism is often cited: intervening variables (higher order constructs). These cannot be directly observed or measured and are hypothetical conceptions intended to explain processes between the stimulus and the response. Such concepts as learning, intelligence, perception, motivation, need, self, personality trait, and feeling illustrate this category.

Variance A measure of the spread of the values in a distribution. The larger the variance, the larger the distance of the individual cases from the group mean.

Verification An effort to test the accuracy of the questionnaire response data. The concern is uniquely with data accuracy and deals with neither the reliability nor the validity of measures.

Victimization Information Data collected from the victims of crime concerning offenses of which they were the victims, offender characteristics, and/or victim characteristics.

W

Weighting The assignment of different adjustment factors to data in order to take into account the relative importance of that data.

X

X2 Chi-square measures the significance of a relationship if one exists.

Y

Yoked Concurrent with. FOR EXAMPLE, data collection and analyses in case studies are iterative and concurrent - that is, are yoked.

Yule's Q (gamma) A special case of a measure of association (gamma) used with ordinal variables that can only be used in 2 x 2 tables.

Z

Z Scores Standard deviation units measuring the deviation from the mean relative to the standard deviation.

|Univariate and Multivariate Control Charts |

| |

|Source: NIST/SEMATECH e-Handbook of Statistical Methods |

|Comparison of |Control charts are used to routinely monitor quality. Depending on the number of process characteristics to be |

|univariate and |monitored, there are two basic types of control charts. The first, referred to as a univariate control chart, is |

|multivariate control |a graphical display (chart) of one quality characteristic. The second, referred to as a multivariate control |

|data |chart, is a graphical display of a statistic that summarizes or represents more than one quality characteristic. |

|Characteristics of |If a single quality characteristic has been measured or computed from a sample, the control chart shows the value|

|control charts |of the quality characteristic versus the sample number or versus time. In general, the chart contains a center |

| |line that represents the mean value for the in-control process. Two other horizontal lines, called the upper |

| |control limit (UCL) and the lower control limit (LCL), are also shown on the chart. These control limits are |

| |chosen so that almost all of the data points will fall within these limits as long as the process remains |

| |in-control. The figure below illustrates this. |

|Chart demonstrating |[pic] |

|basis of control chart | |

|Why control charts |The control limits as pictured in the graph might be .001 probability limits. If so, and if chance causes alone |

|"work" |were present, the probability of a point falling above the upper limit would be one out of a thousand, and |

| |similarly, a point falling below the lower limit would be one out of a thousand. We would be searching for an |

| |assignable cause if a point would fall outside these limits. Where we put these limits will determine the risk of|

| |undertaking such a search when in reality there is no assignable cause for variation. |

| |Since two out of a thousand is a very small risk, the 0.001 limits may be said to give practical assurances that,|

| |if a point falls outside these limits, the variation was caused be an assignable cause. It must be noted that two|

| |out of one thousand is a purely arbitrary number. There is no reason why it could have been set to one out a |

| |hundred or even larger. The decision would depend on the amount of risk the management of the quality control |

| |program is willing to take. In general (in the world of quality control) it is customary to use limits that |

| |approximate the 0.002 standard. |

| |Letting X denote the value of a process characteristic, if the system of chance causes generates a variation in X|

| |that follows the normal distribution, the 0.001 probability limits will be very close to the 3-sigma limits. From|

| |normal tables we glean that the 3-sigma in one direction is 0.00135, or in both directions 0.0027. For normal |

| |distributions, therefore, the 3-sigma limits are the practical equivalent of 0.001 probability limits. |

|Plus or minus "3 sigma"|In the U.S., whether X is normally distributed or not, it is an acceptable practice to base the control limits |

|limits are typical |upon a multiple of the standard deviation. Usually this multiple is 3 and thus the limits are called 3-sigma |

| |limits. This term is used whether the standard deviation is the universe or population parameter, or some |

| |estimate thereof, or simply a "standard value" for control chart purposes. It should be inferred from the context|

| |what standard deviation is involved. (Note that in the U.K., statisticians generally prefer to adhere to |

| |probability limits.) |

| |If the underlying distribution is skewed, say in the positive direction, the 3-sigma limit will fall short of the|

| |upper 0.001 limit, while the lower 3-sigma limit will fall below the 0.001 limit. This situation means that the |

| |risk of looking for assignable causes of positive variation when none exists will be greater than one out of a |

| |thousand. But the risk of searching for an assignable cause of negative variation, when none exists, will be |

| |reduced. The net result, however, will be an increase in the risk of a chance variation beyond the control |

| |limits. How much this risk will be increased will depend on the degree of skewness. |

| |If variation in quality follows a Poisson distribution, for example, for which np = .8, the risk of exceeding the|

| |upper limit by chance would be raised by the use of 3-sigma limits from 0.001 to 0.009 and the lower limit |

| |reduces from 0.001 to 0. For a Poisson distribution the mean and variance both equal np. Hence the upper 3-sigma |

| |limit is 0.8 + 3 sqrt(.8) = 3.48 and the lower limit = 0 (here sqrt denotes "square root"). For np = .8 the |

| |probability of getting more than 3 successes = 0.009. |

|Strategies for dealing |If a data point falls outside the control limits, we assume that the process is probably out of control and that |

|with out-of-control |an investigation is warranted to find and eliminate the cause or causes. |

|findings |Does this mean that when all points fall within the limits, the process is in control? Not necessarily. If the |

| |plot looks non-random, that is, if the points exhibit some form of systematic behavior, there is still something |

| |wrong. For example, if the first 25 of 30 points fall above the center line and the last 5 fall below the center |

| |line, we would wish to know why this is so. Statistical methods to detect sequences or nonrandom patterns can be |

| |applied to the interpretation of control charts. To be sure, "in control" implies that all points are between the|

| |control limits and they form a random pattern. |

The Histogram

NIST/SEMATECH e-Handbook of Statistical Methods

Purpose: Summarize a Univariate Data Set. The purpose of a histogram (Chambers) is to graphically summarize the distribution of a univariate data set.

The histogram graphically shows the following:

1. center (i.e., the location) of the data;

2. spread (i.e., the scale) of the data;

3. skewness of the data;

4. presence of outliers; and

5. presence of multiple modes in the data.

These features provide strong indications of the proper distributional model for the data. The probability plot or a goodness-of-fit test can be used to verify the distributional model.

Sample Symmetrical Plot

[pic]

Note the classical bell-shaped, symmetric histogram with most of the frequency counts bunched in the middle and with the counts dying off out in the tails. From a physical science/engineering point of view, the normal distribution is that distribution which occurs most often in nature (due in part to the central limit theorem).

Sample Skewed Right Plot

[pic]

Definition

The most common form of the histogram is obtained by splitting the range of the data into equal-sized bins (called classes). Then for each bin, the number of points from the data set that fall into each bin are counted. That is

• Vertical axis: Frequency (i.e., counts for each bin)

• Horizontal axis: Response variable

The classes can either be defined arbitrarily by the user or via some systematic rule. A number of theoretically derived rules have been proposed by Scott (Scott 1992).

The cumulative histogram is a variation of the histogram in which the vertical axis gives not just the counts for a single bin, but rather gives the counts for that bin plus all bins for smaller values of the response variable.

Both the histogram and cumulative histogram have an additional variant whereby the counts are replaced by the normalized counts. The names for these variants are the relative histogram and the relative cumulative histogram.

There are two common ways to normalize the counts.

1. The normalized count is the count in a class divided by the total number of observations. In this case the relative counts are normalized to sum to one (or 100 if a percentage scale is used). This is the intuitive case where the height of the histogram bar represents the proportion of the data in each class.

2. The normalized count is the count in the class divided by the number of observations times the class width. For this normalization, the area (or integral) under the histogram is equal to one. From a probabilistic point of view, this normalization results in a relative histogram that is most akin to the probability density function and a relative cumulative histogram that is most akin to the cumulative distribution function. If you want to overlay a probability density or cumulative distribution function on top of the histogram, use this normalization. Although this normalization is less intuitive (relative frequencies greater than 1 are quite permissible), it is the appropriate normalization if you are using the histogram to model a probability density function.

Questions

The histogram can be used to answer the following questions:

1. What kind of population distribution do the data come from?

2. Where are the data located?

3. How spread out are the data?

4. Are the data symmetric or skewed?

5. Are there outliers in the data?

______________________________________________________________________________________

AREA II E: SAFETY IN DESIGN

Safety in Design - Engineering Controls

Source: OSHA

Engineering controls, such as ventilation, and good work practices are the preferred methods of minimizing exposures to airborne lead at the worksite. The engineering control methods that can be used to reduce or eliminate lead exposures can be grouped into three main categories: (1) substitution; (2) isolation; and (3) ventilation. Engineering controls are the first line of defense in protecting workers from hazardous exposures.

Substitution. Substitution includes using a material that is less hazardous than lead, changing from one type of process equipment to another, or even, in some cases, changing the process itself to reduce the potential exposure to lead. In other words, material, equipment, or an entire process can be substituted to provide effective control of a lead hazard. However, in choosing alternative methods, a hazard evaluation should be conducted to identify inherent hazards of the method and equipment.

Examples of substitution include:

• Use of a less hazardous material: applying a nonleaded paint rather than a coating that contains lead.

• Change in process equipment: using less dusty methods such as vacuum blast cleaning, wet abrasive blast cleaning, shrouded power tool cleaning, or chemical stripping to substitute for open abrasive blast cleaning to reduce exposure to respirable airborne particulates containing lead.

• Change in process: performing demolition work using mobile hydraulic shears instead of a cutting torch to reduce exposure to lead fumes generated by heating lead compounds.

Any material that is being considered as a substitute for a lead-based paint should be evaluated to ensure that it does not contain equally or more toxic components (e.g., cadmium or chromates). Because substitute materials can also be hazardous, employers must obtain a Material Safety Data Sheet (MSDS) before a material is used in the workplace. If the MSDS identifies the material as hazardous, as defined by OSHA's hazard communication standard (29 CFR 1926.59), an MSDS must be maintained at the job site and proper protective measures must be implemented prior to usage of the material.

Isolation. Isolation is a method of limiting lead exposure to those employees who are working directly with it. A method which isolates lead contamination and thus protects both nonessential workers, bystanders, and the environment is to erect a sealed containment structure around open abrasive blasting operations. However, this method may substantially increase the lead exposures of the workers doing the blasting inside the structure. The containment structure must therefore be provided with negative-pressure exhaust ventilation to reduce workers' exposure to lead, improve visibility, and reduce emissions from the enclosure.

Ventilation. Ventilation, either local or dilution (general), is probably the most important engineering control available to the safety and health professional to maintain airborne concentrations of lead at acceptable levels. Local exhaust ventilation, which includes both portable ventilation systems and shrouded tools supplied with ventilation, is generally the preferred method. If a local exhaust system is properly designed, it will capture and control lead particles at or near the source of generation and transport these particles to a collection system before they can be dispersed into the work environment.

Dilution ventilation, on the other hand, allows lead particles generated by work activities to spread throughout the work area and then dilutes the concentration of particles by circulating large quantities of air into and out from the work area. For work operations where the sources of lead dust generation are numerous and widely distributed (e.g., open abrasive blasting conducted in containment structures), dilution ventilation may be the best control.

Examples of ventilation controls include the following:

▪ Power tools that are equipped with dust collection shrouds or other attachments for dust removal and are exhausted through a HEPA vacuum system.

▪ Vacuum blast nozzles (vacuum blasting is a variation on open abrasive blasting). In this type of blasting, the blast nozzle has local containment (a shroud) at its end, and containment is usually accomplished through brush-lined attachments at the outer periphery and a vacuum inlet between the blast nozzle and the outer brushes. Containment structures that are provided with negative-pressure dilution ventilation systems to reduce airborne lead concentrations within the enclosure, increase visibility, and control emissions of particulate matter to the environment.

Safety in Design - Machine Guarding

Source: OSHA

Rotating motion can be dangerous; even smooth, slowly rotating shafts can grip hair and clothing, and through minor contact force the hand and arm into a dangerous position. Injuries due to contact with rotating parts can be severe. Collars, couplings, cams, clutches, flywheels, shaft ends, spindles, meshing gears, and horizontal or vertical shafting are some examples of common rotating mechanisms which may be hazardous. The danger increases when projections such as set screws, bolts, nicks, abrasions, and projecting keys or set screws are exposed on rotating parts.

In-running nip point hazards are caused by the rotating parts on machinery. There are three main types of in-running nips. Parts can rotate in opposite directions while their axes are parallel to each other. These parts may be in contact (producing a nip point) or in close proximity. In the latter case, stock fed between two rolls produces a nip point. As seen here, this danger is common on machines with intermeshing gears, rolling mills, and calendars. Hazards are caused by the rotating parts on machinery. There are three main types of in-running nips. Parts can rotate in opposite directions while their axes are parallel to each other. These parts may be in contact (producing a nip point) or in close proximity. In the latter case, stock fed between two rolls produces a nip point. As seen here, this danger is common on machines with intermeshing gears, rolling mills, and calendars.

Nip points are also created between rotating and tangentially moving parts. Some examples would be: the point of contact between a power transmission belt and its pulley, a chain and a sprocket, and a rack and pinion.

Nip points can occur between rotating and fixed parts which create a shearing, crushing, or abrading action. Examples are: spoked handwheels or flywheels, screw conveyors, or the periphery of an abrasive wheel and an incorrectly adjusted work rest and tongue.

Reciprocating

Reciprocating motions may be hazardous because, during the back-and-forth or up-and-down motion, a worker may be struck by or caught between a moving and a stationary part.

Transversing

Transverse motion (movement in straight, continuous line) creates a hazard because a worker may be struck or caught in a pinch or shear point by the moving part.

Cutting

Cutting action may involve rotating, reciprocating, or transverse motion. The danger of cutting action exists at the point of operation where finger, arm and body injuries can occur and where flying chips or scrap material can strike the head, particularly in the area of the eyes or face. Such hazards are present at the point of operation in cutting wood, metal, and other materials. Examples of mechanisms involving cutting hazards include bandsaws, circular saws, boring and drilling machines, turning machines (lathes), or milling machines.

Punching

Punching action results when power is applied to

a slide (ram) for the purpose of blanking, drawing, or stamping metal or other materials. The danger of this type of action occurs at the point of operation where stock is inserted, held, and withdrawn by hand. Typical machines used for punching operations are power presses and iron workers.

Shearing

Shearing action involves applying power to a slide or knife in order to trim or shear metal or other materials. A hazard occurs at the point of operation where stock is actually inserted, held, and withdrawn. Examples of machines used for shearing operations are mechanically, hydraulically, or pneumatically powered shears.

Bending

Bending action results when power is applied to a slide in order to draw or stamp metal or other materials. A hazard occurs at the point of operation where stock is inserted, held, and withdrawn. Equipment that uses bending action includes power presses, press brakes, and tubing benders.

Safeguards must meet these minimum general requirements:

• Prevent contact: The safeguard must prevent hands, arms, and any other part of a worker's body from making contact with dangerous moving parts. A good safeguarding system eliminates the possibility of the operator or another worker placing parts of their bodies near hazardous moving parts.

• Secure: Workers should not be able to easily remove or tamper with the safeguard, because a safeguard that can easily be made ineffective is no safeguard at all. Guards and safety devices should be made of durable material that will withstand the conditions of normal use. They must firmly be secured to the machine.

• Protect from falling objects: The safeguard should ensure that no objects can fall into moving parts. A small tool which is dropped into a cycling machine could easily become a projectile that could strike and injure someone.

• Create no new hazards: A safeguard defeats its own purpose if it creates a hazard of its own such as a shear point, a jagged edge, or an unfinished surface which can cause a laceration. The edges of guards. for instance, should be rolled or bolted in such a way that they eliminate sharp edges.

• Create no interference: Any safeguard which impedes a worker from performing the job quickly and comfortably might soon be overridden or disregarded. Proper safeguarding can actually enhance efficiency as it can relieve the worker's apprehensions about injury.

• Allow safe lubrication: If possible, one should be able to lubricate the machine without removing the safeguards. Locating oil reservoirs outside the guard, with a line leading to the lubrication point, will reduce the need for the operator or maintenance worker to enter the hazardous area.

Training Considerations

Even the most elaborate safeguarding system cannot offer effective protection unless the worker knows how to use it and why. Specific and detailed training is therefore a crucial part of any effort to provide safeguarding against machine-related hazards. Thorough operator training should involve instruction or hands-on training in the following:

1. a description and identification of the hazards associated with particular machines;

2. the safeguards themselves, how they provide protection, and the hazards for which they are intended;

3. how to use the safeguards and why;

4. how and under what circumstances safeguards can be removed, and by whom (in most cases, repair or maintenance personnel only); and

5. when a lockout/tagout program is required.

6. what to do (e.g., contact the supervisor) if a safeguard is damaged, missing, or unable to provide adequate protection.

This kind of safety training is necessary for new operators and maintenance or setup personnel, when any new or altered safeguards are put in service, or when workers are assigned to a new machine or operation.

Miscellaneous Aids

While these aids do not give complete protection from machine hazards, they may provide the operator with an extra margin of safety. Sound judgment is needed in their application and usage. Examples of possible application include the following:

• An awareness barrier serves as a reminder to a person that he or she is approaching the danger area. Although the barrier does not physically prevent a person from entering the danger area, it calls attention to it. For an employee to enter the danger area, an overt act must take place, that is, the employee must either reach or step over, under or through the barrier. Generally, awareness barriers are not considered adequate when continual exposure to the hazard exists.

|[pic] |

|Push Stick and Push Block |

• Special hand tools may be used to place or remove stock, particularly from or into the point of operation of a machine. A typical use would be for reaching into the danger area of a press or press brake. A push stick or block may be used when feeding stock into a saw blade. When it becomes necessary for hands to be in close proximity to the blade, the push stick or block may provide a few inches of safety and prevent a severe injury.

Guard Construction

Today many builders of single-purpose machines provide point-of-operation and power transmission safeguards as standard equipment. However, not all machines in use have built-in safeguards provided by the manufacturer. Guards designed and installed by the builder offer two main advantages:

• They usually conform to the design and function of the machine.

• They can be designed to strengthen the machine in some way or to serve some additional functional purposes.

User-built guards are sometimes necessary for a variety of reasons. They have these advantages:

• Often, with older machinery, they are the only practical safeguarding solution.

• They may be the only choice for mechanical power transmission apparatus in older plants, where machinery is not powered by individual motor drives.

• They permit options for point-of-operation safeguards when skilled personnel design and make them.

• They can be designed and built to fit unique and even changing situations.

• They can be installed on individual dies and feeding mechanisms.

• Design and installation of machine safeguards by plant personnel can help to promote safety consciousness in the workplace.

User-built guard disadvantages:

• User-built guards may not conform well to the configuration and function of the machine.

• There is a risk that user-built guards may be poorly designed or built.

Feeding and Injection Methods

Many feeding and ejection methods do not require the operator to place his or her hands in the danger area. In some cases, no operator involvement is necessary after the machine is set up. In other situations, operators can manually feed the stock with the assistance of a feeding mechanism. Properly designed ejection methods do not require any operator involvement after the machine starts to function. Using these feeding and ejection methods does not eliminate the need for guards and devices. Guards and devices must be used wherever they are necessary and possible in order to provide protection from exposure to hazards. Types of feeding and ejection methods:

• Automatic Feed

o stock is fed from rolls, indexed by machine mechanism, etc.

o eliminates the need for operator involvement in the danger area

o other guards are required for operator protection, usually fixed barrier guards

o requires frequent maintenance

o may not be adaptable to stock variation

• Semiautomatic Feed

o stock is fed by chutes, movable dies, dial feed, plungers, or sliding bolster

• Automatic Ejection

o work pieces are ejected by air or mechanical means

o may create a hazard of blowing chips or debris

o size of stock limits the use of this method

o air ejection may present a noise hazard

• Semiautomatic Ejection

o work pieces are ejected by mechanical means which are initiated by the operator

o operator does not have to enter danger area to remove finished work

o other guards are required for operator protection

o may not be adaptable to stock variation

• Robots

o they perform work usually done by operator

o operator does not have to enter danger area

o are suitable for operations where high stress factors are present, such as heat and noise

o can create hazards themselves

o require maximum maintenance

o are suitable only to specific operations

Machinery Maintenance and Repair

Good maintenance and repair procedures contribute significantly to the safety of the maintenance crew as well as that of machine operators. The variety and complexity of machines to be serviced, the hazards associated with their power sources, the special dangers that may be present during machine breakdown, and the severe time constraints often placed on maintenance personnel all make safe maintenance and repair work difficult. If possible, machine design should permit routine lubrication and adjustment without removal of safeguards. But when safeguards must be removed, and the machine serviced, the lockout procedure of 29 CFR 1910.147 must be adhered to. The maintenance and repair crew must never fail to replace the guards before the job is considered finished and the machine released from lockout. In order to prevent hazards while servicing machines, each machine or piece of equipment should be safeguarded during the conduct of servicing or maintenance by:

1. notifying all affected employees (usually machine or equipment operators or users) that the machine or equipment must be shut down to perform some maintenance or servicing;

2. stopping the machine;

3. isolating the machine or piece of equipment from its energy source;

4. locking out or tagging out the energy source;

5. relieving any stored or residual energy; and

6. verifying that the machine or equipment is isolated from the energy source.

Although this is the general rule, there are exceptions when the servicing or maintenance is not hazardous for an employee, when the servicing which is conducted is minor in nature, done as an integral part of production, and the employer utilizes alternative safeguards which provide effective protection as is required by 29 CFR 1910.212 or other specific standards. When the servicing or maintenance is completed, there are specific steps which must be taken to return the machine or piece of equipment to service. These steps include:

1. inspection of the machine or equipment to ensure that all guards and other safety devices are in place and functional,

2. checking the area to ensure that energization and start up of the machine or equipment will not endanger employees,

3. removal of the lockout devices,

4. reenergization of the machine or equipment, and

5. notification of affected employees that the machine or equipment may be returned to service.

If it is necessary to oil machine parts while the machine is running, special safeguarding equipment may be needed solely to protect the oiler from exposure to hazardous moving parts. Maintenance personnel must know which machines can be serviced while running and which can not. The danger of accident or injury is greatly reduced by shutting off and locking out all sources of energy.

AREA II F: BENCHMARKING

Benchmarking Basics and the 10 Step Process

Source: USN Benchmarking Handbook

Benchmarking is a strategic and analytic process of continuously measuring an organization's products, services, and practices against a recognized leader in the studied area (Department of the Navy TQL Glossary, 1996).

Benchmarking is more than a simple comparison of one organization's business practices to another for the purpose of improving one's own process. Benchmarking provides a data-driven, decision-making vehicle to implement changes of world-class quality to core business practices. And, since there is no one way to perform a process that will be the industry's best practice forever, benchmarking is also an ongoing discovery process that recalibrates to establish new baselines for continuous improvement. Performed well, benchmarking will also promote teamwork and remove subjectivity from mission-critical decision making.

Background

The term "benchmark" comes from the U.S. Geological Survey benchmarking symbol. It means to take a measurement against a reference point. Probably the most successful of the benchmarking pioneers is the Xerox Corporation. Xerox began conducting benchmarking studies formally in the late 1970s in its copier duplicator manufacturing division. Other companies have achieved similar successes from benchmarking, including: Ford Motor Company, Alcoa, Milliken, AT&T, DuPont, IBM, Johnson & Johnson, Kodak, Motorola, and Texas Instruments. Many of these companies are winners of the Malcolm Baldride National Quality Award. The award program's board of examiners recognizes benchmarking as a key quality tool; it is tied to over one third of the total award points. Similar criteria are used for the President's Quality Award, the Quality Improvement Prototype Award, and the Deming Prize.

Other definitions of benchmarking include:

• A surveyor's mark … of a previously determined position… used as a reference point …a standard by which something can be measured or judged.. (Webster; 1984 [emphasis added]).

• …a process of industrial research that enables managers to perform company-to-company comparisons of processes and practices to identify the "best of the best" and attain a level of superiority or competitive advantage … the search for those best practices that will lead to the superior performance of a company.. (Camp, 1989).

• …a continuous, systematic process for evaluating the products, services, and work processes of organizations recognized as industry or world leaders.. (Spendolini, 1992).

• A process for rigorously measuring your organization's performance and processes vs. the .best-in-class. organizations (both public and private), and using the analysis to substantially improve services, operations, and cost position.. (Kaiser Associates, Inc., 1995).

• …the search for industry best practices that lead to superior performances.. (Benchmarking Report for the Assistant Secretary of Defense for Command, Control, Communication, and Intelligence, 1994).

• …the practice of being humble enough to admit that someone else is better at something and being wise enough to learn how to match and even surpass them at it.. (American Productivity and Quality Center, 1993).

A best practice is . . .

• the best-in-class z the industry leader

• the best-of-breed z world-class

• a relative term

Benchmarking is . . .

• a tool to identify, establish, and achieve standards of excellence.

• a structured process of continually searching for the best methods, practices, and processes and either adopting or adapting their good features and implementing them to become the "best of the best."

• the practice of measuring your performance against world-class organizations.

• an ongoing investigation and learning experience ensuring that best practices are

• uncovered, adapted, and implemented.

• a disciplined method of establishing performance goals and quality improvement projects based on industry best practices.

• a searching out and emulating of the best practices of a process that can fuel the motivation of everyone involved, often producing breakthrough results.

• a positive approach to the process of finding and adapting the best practices to improve organizational performance.

• a continuous process of measuring products, services, and practices against the company's toughest competitors or those companies renowned as industry leaders.

• learning how leading companies achieve their performance levels and then adapting them to fit your organization.

• a research project on a core business practice.

• a partnership where both parties should expect to gain from the information sharing.

• both a business tool and a quality tool for improving key business processes.

Successful benchmarking will help you . . .

• find who does the process best and close the gap.

• recognize the leading organizations in a process or activity.

• create performance standards derived from an analysis of the best in business.

• ensure that comparisons are relevant.

• measure your performance, your processes, and your strategies against best in business.

• measure business processes.

• assess performance over time.

• accelerate continuous process improvements (CPI).

• establish more credible goals for CPI.

• establish actionable objectives.

• discover and clarify new goals.

• establish customer expectations of business standards set by the best suppliers in industry.

• help your organization achieve breakthrough improvements.

• create a sense of urgency for change.

• increase customer satisfaction.

• become direction setting.

• provide a positive, proactive, structured process.

•

Benchmarking requires . . .

• a thorough understanding of your organization's business processes before any comparisons are attempted.

• planning to identify the best-in-class for comparison and data collection.

• analysis to determine the performance gaps.

• integration to set new goals and standards.

• an action plan to implement the changes to the process.

• constant updating to keep the standard of excellence.

• a means to measure.

• commitment by leadership.

• resources, including time.

Benchmarking works best when . . .

• it supports an organization's strategic plan.

• it's done on existing processes that are well-defined.

• the organizational leader is knowledgeable and committed to total quality (TQ).

• it is utilized as a tool in a TQ organization.

Benchmarking is not . . .

• just looking for a better way to do things; it looks for the best way.

• a mere comparison.8 only competitive analysis.

• site briefings.8 industrial tourism.

• spying.

• easy.

• quick.

• fool proof.

• free.

• subjective.

• a panacea.

• a program.

• a cookbook process.

• a mechanism for determining resource reductions.

• business as usual.

• a management fad.

Benchmarking does not . . .

• copy. Instead, you must adapt the information to fit your needs, your culture, and your system. And, if you copy, you can only be as good as your competitor, not better.

• steal. To the contrary, it is an open, honest, legal study of another organization's business practices.

• stop. Rather, it is a continuous process that requires recalibration.

Timeliness, responsiveness, accuracy, etc., are all performance measures that can be benchmarked against numerous processes. Don't just round up the "usual suspects." Stretch. Only your imagination will limit you.

|DO . . . |DON'T . . . |

|select benchmarking projects that are tied to strategic |benchmark just to say you did it. |

|goals/objectives. | |

|benchmark a core process. |expect big paybacks when benchmarking a non-core process. |

|obtain management commitment. |benchmark without sufficient support. |

|get the support/involvement of process owners. |leave out the middle managers. |

|know and clearly map out your own process before |expect to benchmark another's process without a thorough |

|attempting to benchmark. |understanding of your own. |

|identify the important measures of the process. |trust what you can't measure. |

|allocate adequate resources. |think you can get a big return without some investment of |

| |resources. |

|follow the DON Benchmarking Model. |reinvent the wheel. |

|plenty of research. |forget to research public domain. |

|limit the number of site visits and the benchmarking team|confuse benchmarking with industrial tourism. |

|members who participate in visits. | |

|research companies/organizations you visit before you go.|go on a site visit unprepared. |

|abide by the Benchmarking Code of Conduct. |assume Code of Conduct is implicitly known and understood. |

|reciprocate. |ask for information that you would not be willing to share. |

|debrief benchmarking teams ASAP after each site visit. |delay a debrief more than three days after the site visit. |

|keep communications flowing up and down the chain of |wait until benchmarking study is complete to get management's |

|command. |thumbs up or thumbs down on progress. |

|implement the improvements identified by the benchmarking|forget the primary reason for benchmarking is to implement the |

|study ASAP. |best practices. |

|ask internal/external customers what they think would |forget what's important to your customer(s). |

|improve the process. | |

|provide guidance/resources/charter. |over control. the team. |

Why Benchmark?

Benchmarking can greatly enhance an organization's performance. Researching and comparing a core business process to the best-in-class can yield dramatic benefits in a reasonably short length of time. Yet benchmarking does involve a commitment of resources and therefore is not to be entered into lightly.

A clear objective for the benchmarking initiative will greatly increase the likelihood of success. Some of the reasons why organizations use benchmarking are:

• to accelerate process improvement. Incremental change is often slow to produce results that people can see. Leaders are more likely to implement a major change in work processes because benchmarking demonstrates that it has been done successfully by others.

• to forecast industry trends. Because it requires the study of industry leaders, benchmarking can provide numerous indicators on where a particular business might be headed, which ultimately may pave the way for the organization to take a leadership position.

• to discover emerging technologies. The benchmarking process can help leaders uncover technologies that are changing rapidly, newly developed, or state-of-the-art.

• to stimulate strategic planning. The type of information gathered during a benchmarking effort can assist an organization in clarifying and shaping its vision of the future.

• to enhance goal-setting. Knowing the best practices in your business can dramatically improve your ability to know what goals are realistic and attainable.

• to maximize award-winning potential. Many prestigious award programs, such as the Malcolm Baldrige National Quality Award Program, the federal government's President's Quality Award Program, and numerous state and local awards recognize the importance of benchmarking and allocate a significant percentage of points to organizations that practice it.

• to comply with Customer Service Standards.

Types of Benchmarking

A copier company has benchmarked against a camping goods store. An ammunition supplier has benchmarked against a cosmetics company, comparing shell casings and lipstick holders. An airline company looked at a racing crew to see how to perform quick equipment maintenance and repairs. Within the federal government, agencies have benchmarked their customer service lines for promptness, accuracy, and courtesy against other federal agencies as well as the private sector. The type of study undertaken is not as important as recognizing that benchmarking, both inside and outside an organization, can be enormously beneficial for different reasons and in different ways. Due to the vast differences in resource investments and possible outcomes associated with different types, management must make the decision and identify which type the benchmarking team is to use.

No one type is the best way. One type might be more appropriate for an organization than another depending on its environment, products, services, resources, culture, and current stage of TQ implementation. There are four primary types of benchmarking: internal, competitive, functional, and generic.

1. Internal benchmarking is a comparison of a business process to a similar process inside the organization.

2. Competitive benchmarking is a direct competitor-to-competitor comparison of a product, service, process, or method.

3. Functional benchmarking is a comparison to similar or identical practices within the same or similar functions outside the immediate industry.

4. Generic benchmarking broadly conceptualizes unrelated business processes or functions that can be practiced in the same or similar ways regardless of the industry.

A more detailed explanation of these four types of benchmarking follows, along with: a brief description of each type; possible outcomes; examples from DON, DOD, federal government, and private industry; and some of the pros and cons for each type.

Internal benchmarking

Internal benchmarking is a comparison of a business process to a similar process inside the organization to acquire the best internal. business practices. At the federal level, two Department of Transportation sites might prepare their budget submissions for Congressional approval. In the private sector, a retail food store chain selects its most profitable store as a benchmark for the others.

Pros Cons

+ most cost efficient - fosters mediocrity

+ relatively easy - limits options for growth

+ low cost - low performance improvement

+ fast - can create atmosphere of competitiveness

+ good practice/training with benchmarking process - not much of a stretch

+ information sharing - internal bias

+ easy to transfer lessons learned - may not yield best-in-class comparisons

+ common language

+ gain a deeper understanding of your own process

+ makes a great starting point for future benchmarking studies

Competitive benchmarking

Competitive benchmarking is a direct competitor-to-competitor comparison of a product, service, process, or method. This form of benchmarking provides an opportunity to know yourself and your competition better; combine forces against another common competitor. An example of competitive benchmarking within the Department of Defense, might include contrasting Army and Air Force supply systems for Joint initiatives. Within the private sector, two or more American car companies might benchmark for mutual benefit against common international competitor; or, rival chemical companies benchmark for environmental compliance.

Pros Cons

+ know your competition better - difficult legal issues

+ comparing like processes - threatening

+ possible partnership - limited by .trade secrets.

+ useful for planning and setting goals - may provide misleading information

+ similar regulatory issues - may not get best-in-class comparisons

- competitors could capitalize on your weaknesses

- relatively low performance improve ment

Functional benchmarking

Functional benchmarking is a comparison to similar or identical practices (e.g., the picking process for assembling customer orders, maintaining inventory controls of spare computer parts, logistics to move operational forces, etc.) within the same or similar functions outside the immediate industry. Functional benchmarking might identify practices that are superior in your functional areas in whatever industry they may exist. Functional benchmarking would be accomplished at the federal level by comparing the IRS collections process against those of American Express. Comparing copper mining techniques to coal mining techniques is an example in the private sector.

Pros Cons

+ provides industry trend information - diverse corporate cultures

+ quantitative comparisons - great need for specificity

+ many common business functions - not invented here. syndrome

+ better improvement rate; about 35 - takes more time than internal or percent

- must be able to visualize how to adapt the best practices

- common functions can be difficult to find

Generic benchmarking

Generic benchmarking broadly conceptualizes unrelated business processes or functions that can be practiced in the same or similar ways regardless of the industry (e.g., transferring funds, bar coding, order fulfillment, admissions, replenishing inventory, warehousing, etc.). Generic means without a brand. It is a pure form of benchmarking,. (Camp, 1989). The focus is on being innovative and gaining insight into excellent work processes rather than on the business practices of a particular organization or industry. The outcome is usually a broad conceptualization, yet careful understanding, of a generic work process that works extremely well. Generic benchmarking is occurring when a Veterans Administration hospital's check-in process is contrasted against a car rental agency's check-in process. Adapting grocery store bar coding to control and sort airport luggage might be another example.

Pros Cons

+high payoff; about 35 percent - difficult concept

+noncompetitive/nonthreatening - can be difficult to identify best-in- class

+broad, new perspective - takes a long time to plan

+innovative - known world-class companies are

+high potential for discovery inundated with requests

+examines multiple industries -quantum changes can bring high risk and escalate fear

+can compare to world-class organizations in your process

Department of the Navy (DON) Benchmarking Model

The DON Benchmarking Model was developed after studying more than 20 other benchmarking models by recognized experts in the benchmarking and quality arenas, such as: AT&T's 12 step process; Spendolini's 11 steps; Camp's, Texas Instruments., and Xerox's 10 steps; Coopers & Lybrand's 9 steps; GM's 8 steps; Westinghouse's 7 steps; Goal/QPC, Alcoa, and Watson's 6 steps; GTE's 5 steps; and APQC's and the Air Force's 4 step models. Each model had its own value and strengths. The DON Benchmarking Model is unique for a number of reasons.

The PDSA Cycle

The DON Benchmarking Model is a 10 step model that relates directly to the Plan-Do-Study-Act cycle attributed to Dr. W. Edwards Deming. This model uses the Plan-Do-Study-Act cycle from Deming's 1993 book, The New Economics, because the word "study" most accurately reflects the activities taking place during a benchmarking initiative. The model in this section identifies steps 1 through 3 as part of the Plan phase, steps 4 and 5 in the Do phase, steps 6 through 8 in the Study phase, and steps 9 and 10 in the Act phase.

The DON TQL Approach

In keeping with the DON Total Quality Leadership (TQL) approach, the DON Benchmarking Model takes a systems view of the benchmarking process. An overview of the appropriate roles and responsibilities at every level of the organization follows. The DON Benchmarking Model as a System diagram at the end of this section graphically identifies the inputs and outputs for each step.

Top leaders, process owners, and working-level employees are all partners in this effort. Depending on the process an organization selects to benchmark, the size of the organization, and its maturity in total quality implementation, a Benchmarking (BMK) team may be somewhat different than what may be typically thought of by the organization.

The BMK Team can be cross functional, with various levels of employees serving on the team. The design and structure of the BMK Team is formed based on its appropriateness to the process being benchmarked.

The Overview of the DON BMK Model provides guidance in adapting the BMK Team within the standard TQL team structure. It is not the intent of this effort to simply create more teams and more meetings. The needs and requirements of the BMK Team should dictate the composition of the structure.

Strategic Planning

For maximum return on investment, the entire BMK process should begin and end with the organization's strategic plan. The strategic plan helps leaders to provide a framework and focus for an organization's improvement efforts (Wells and Doherty, 1994). Benchmarking initiatives can be the first step in achieving those improvements. When the initial benchmarking process is concluded, the vision, goals, strategies, and objectives of the strategic plan may need to be recalibrated based on the data collected and analyzed in the study of best practices.

The Department of the Navy Benchmarking Model

[pic]

The Department of the Navy Benchmarking Model for Conducting a Benchmarking Study: The 10 Steps

The Plan Phase

Step 1. Select the process to benchmark

Organizations that benchmark with a clear purpose or objective have greater success than those who undertake a benchmarking effort without a sense of purpose or clear direction. (Spendolini, 1991)

Input to Step 1:

• The organization's strategic plan.

• A team of the organization's top leaders (ESC).

• A macro flowchart of the organization and its processes.

A. Examine the strategic plan.

The Executive Steering Committee (ESC) is composed of the top leaders and senior managers of the organization. Their leadership, guidance, and support are critical to the success of any benchmarking effort. First, the ESC reviews the strategic plan and identifies the significant processes that support the organization's mission. The ESC looks at the specific goals, strategies, and objectives that are identified as both necessary and sufficient to bridge the gap to attain their desired vision of the organization (Wells and Doherty, 1994). The benchmarking effort has maximum value if every level of the organization can link the importance of the process being benchmarked to the organization's present and future needs. James Staker, director of the Strategic Planning Institute's Council on Benchmarking, observed that when an organization employs its strategic plan to guide the selection of its benchmarking effort, it is .using benchmarking to fundamentally change the business, not just tweak processes.(Biesada, 1992).

B. Evaluate significant business processes.

A process is a planned series of activities that results in a specific output. A significant process is directly related to mission performance and, if improved, will positively affect organizational effectiveness (Department of the Navy TQL Glossary, 1996). Obviously, there is higher payback to the organization and the customer(s) if an organization selects a significant business process to benchmark.

There are standard names used by many businesses and benchmarking organizations to identify core processes and promote common understanding. Some are organized around internal business processes while others are organized around customers. A common language will assist you in developing a solid benchmarking relationship with partners. Also, many benchmarking databases use similar listings of processes to facilitate search efforts. (Ref: Benchmarking Exchange - datproc.htm). These lists can help you identify, name, and categorize a process.

Now the ESC, with the help of its quality advisor, should:

• prepare a list of its organization's significant business processes.

• discuss the strategic implications of each process.

• select one. Ideally, the improvement of this process doesn't merely solve a problem, but actually improves a product or service provided to your customer(s).

• look at the current performance levels.

• examine any customer feedback systems already in place.

• determine how the improvement and success of the benchmarking findings will be measured.

A Word of Advice: Organizations that have not engaged in process improvement or have had some false starts with quality initiatives might start out with a "Benchmarking Lite" effort for practice. However, if it means working on a non-core process, manage resources carefully. Money and team energy may evaporate quickly and diminish what's available for more significant business process efforts. If a benchmarking effort is a test run, set it up for a limited time period (perhaps 30 but no more than 90 days).

C. Charter a team of process owners (QMB) and identify a benchmarking champion.

A Quality Management Board (QMB) should include all the process owners for the selected benchmarking process. The QMB is collectively responsible for the improvement of the process. They own it. The ESC provides the QMB with its charter, which is a written document that describes the purpose, boundaries, expectations, and resources for the benchmarking effort (DON Team Skills and Concepts, 1996).

A benchmarking champion should now be identified. A benchmarking champion is a high-level advocate for the benchmarking initiative, who might also serve as a linking pin. A linking pin, who serves on both teams, should be identified to connect the ESC and the QMB (DON Team Skills and Concepts, 1996).

A QMB team leader is typically a mid-level line manager who is accountable for the quality of the product or service being targeted for improvement. A quality advisor (who might also serve as a facilitator for the team) should also be identified to work with the QMB and assist them in developing a .big picture. functional flowchart of the process. Internal and external customers of the process should be identified along with their needs, expectations, and performance measures. The QMB also establishes the charter and sponsors and oversees the efforts of the Benchmarking (BENCHMARKING) Team.

Note: A QMB that contains the process owners for the benchmarking initiative may already exist. Or, there may be a QMB established that requires only one or two ad hoc members for this effort. The QMB that oversees the BMK Team is not required to have frequent, regularly scheduled meetings throughout this process. They are there primarily to guide, assist, support, and provide resources to the BMK Team as necessary.

D. Identify the type of benchmarking the BMK Team is to use.

The decision to pursue an internal, competitive, functional, or generic type of benchmarking effort is very important. It has a direct effect on the level of effort, the resources needed, the risks to be taken, and the outcome of the project itself. For more details on types of benchmarking, see the Types of Benchmarking section of this handbook.

When initially considering a benchmarking partner, an internal comparison may immediately leap to mind. For example, to improve a Navy acquisition process, an organization might first think to benchmark against another Navy acquisition process. Or, if you are examining the process of transporting Marine Corps equipment on the East Coast, you might think of comparing that to the Marine Corps process used on the West Coast. But if you reach beyond the obvious, you may find a number of breakthrough improvements that come from approaches used by completely different businesses and industries. Internal partners may only provide parity or a similar or slightly improved practice.

A Word of Advice: Internal comparisons probably won't lead you to benchmarking against the best practices. Ford may have the best training process; Hershey Foods might have the best warehouse and distribution process; Sony may have the best product development; Helene Curtis may have the best marketing process. Determine the type of benchmarking and standards carefully.

E. Identify the goals and desired level of improvement.

At this point, the ESC and the QMB need to be clear about their goals and expectations for this benchmarking initiative. Mixed messages will doom the effort. If the ESC wants a significant change in customer satisfaction and is looking to completely reengineer the process, while the QMB is looking for something less dramatic with an incremental change in the process, the benchmarking effort is bound to fail one group or the other. Be realistic and clear about the goals for each and every benchmarking project. Where in the hierarchy of standards should this team and this effort aim?

A hierarchy of standards in the search for benchmarking partner(s)

[pic]

Output of Step 1: The output of Step 1 is the input for Step 2.

• A significant process to benchmark.

• A top leader (ESC member) as benchmark champion.

• A chartered QMB.

• The type and desired level of improvement.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• How important is the selected process to the top leaders (ESC) and their strategic plan for the organization?

• How important is the selected process to the process owners (QMB)?

• Are the appropriate process owners on the QMB?

• Is there a QMB already established that can house the BMK Team?

• How important is the selected process to the middle managers?

• How important is the selected process to the working-level employees?

• How important is the selected process to the customer(s) and the stakeholder(s) of the organization?

• Do the top leaders of the organization (ESC) see a similar purpose and vision for the benchmarking study?

• Do the process owners (QMB) see a similar purpose and vision for the benchmarking study?

• Do the customers see a similar purpose and vision for the benchmarking study?

• Is there agreement on the macro flowchart of the process and how it fits into the larger system of the organization?

• What are the real expectations and desired results?

• Is there an honest sense of how much change/improvement is possible/desirable?

• Is there agreement on resources to be invested in the benchmarking effort?

• Has this process been studied before? If so, are there documents/records from the prior study?

• Who is the top-level benchmarking champion/sponsor?

• How is this process linked to the organization's strategic plan?

• How is this process linked to the budget?

• How will improving this process increase customer satisfaction?

• Are the top leaders (ESC) and process owners (QMB) committed to support this effort and its outcome?

• Have the ESC/QMB identified their goals and the desired level of improvement expected? (In other words, is this aimed at a continuous process improvement level, a good/better/best practice level, or at the world-class process level.)

Step 2. Select and prepare the Benchmarking (BMK) Team.

"The wisdom of teams lies not in encouraging teams for their own sake, but rather in helping those on potential teams have the chance to pursue their own performance challenges." (Katzenbach and Smith, 1993)

Input for Step 2: The input for Step 2 is the output from Step 1:

• A significant process to benchmark.

• A top leader (ESC member) as benchmark champion.

• A chartered QMB.

• The type and desired level of improvement.

A. Charter and guide the BMK Team.

The Benchmarking (BMK) Team charter is a document designed by the QMB to guide the team. The BMK Team may be cross functional, and may have various levels of employees working on it. The needs and requirements of the BMK Team are dictated by the process to be benchmarked. The charter will align the expectations of the BMK Team with the QMB and the ESC (DON Team Skills and Concepts, 1996).

In broad terms, the charter should state:

• the purpose of the team.

• any specific issues/problems/concerns identified by the QMB or ESC.

• their priorities.

• the goals and expectations of the QMB.

• any boundaries or parameters.

• the estimated resources available.

• the reporting requirements.

• the level of decision-making authority of the BMK Team.

In designing the BMK Team, the QMB should consider the size required and any time frames or other limitations that need to be imposed. (Any required changes can be negotiated between the BMK Team and QMB when necessary.) The BMK Team's charter should also provide guidance for any plans of action and milestones (POA&M) that need to be developed.

B. Clarify the roles and responsibilities.

The QMB needs to clarify the BMK Team members. roles and responsibilities.

The team leader:

• serves as the project manager.

• works with the quality advisor/facilitator to design agendas.

• oversees the team's resources and negotiates financial support with the assistance of the QMB linking pin.

• oversees the administration of the project logistics.

• reminds the team of benchmarking protocol, etiquette, and Code of Conduct.

The quality advisor/facilitator:

• serves as the consultant to the team leader.

• provides guidance on how to apply the DON Benchmarking Model.

• enforces the BMK Team's ground rules.

• provides just-in-time training in TQ team skills/tools.

• promotes participation and teamwork.

The linking pin from the QMB to the BMK Team:

• serves as the executive champion and ESC delegate.

• supports the BMK Team members and provides resources when needed.

• communicates up the chain of command.

• provides feedback and recognition for the team's efforts.

Note: The linking pin may also be the benchmarking champion, as described in Step 1c.

The union representative (where applicable):

• serves as a labor partner to management.

• expresses any concerns of union officials.

The information manager/recorder:

• serves as the team's librarian.

• records and keeps the minutes.

• organizes and retains relevant literature and records.

Team members:

Team members need to have an understanding of and experience working with the

overall process being benchmarked. Among the members, expertise in one or more of

the following areas is necessary to execute the BMK Team's work:

• designing a detailed flowchart of the internal process being benchmarked.

• conducting research projects.

• data collection and analysis methods.

• identifying special causes.

• performance measurement methods.

• technical expertise in the process.

• record keeping skills.

• time keeping skills.

• oral skills for presenting briefs.

• written skills for developing reports.

• a reliable point of contact for the benchmarking partner(s) and the site visit coordinator(s).

• leadership skills for leading teams and fostering teamwork.

Note: Administrative support is a necessary and important element for the BMK Team's success.

A Word of Advice: The individuals selected for the team will have an effect on the overall credibility of the study. A variety of personality types should be included on the team. All the members (the forward thinker and the foot dragger, the extrovert and the introvert, the enthusiastic supporter and the cynic) represent points of view also found in the larger organization and can add substantial value to the final outcome of the benchmarking project.

C. Flowchart the process to be benchmarked.

A flowchart (or a process map) is essential to a common understanding of the current process and also enables the teams to make quick, precise process comparisons. The flowchart should reflect the .as-is. process, not necessarily the "should-be" process. Later, this flowchart will be compared to the benchmarking partners. flowchart. Gaps and/or non-value added steps in the process will demonstrate the changes that need to be made.

Output from Step 2: The output from Step 2 is the input for Step 3.

• A chartered BMK Team.

• A flowchart of the process to be benchmarked.

•

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• How did the QMB ensure that the appropriate employees are on the BMK Team?

• Does the BMK Team charter provide clear guidance for the team?

• Is there a method for changing/adding/deleting BMK Team members if necessary?

• Is there someone on the BMK Team or someone who could be brought in as a resource to ensure that the BMK Team has all the skills and tools it needs?

• Have all members of the BMK Team understood and agreed to their roles and responsibilities?

• Is there a detailed flowchart of the "as-is" process to be benchmarked? At the Process Owners (QMB) level with Top Management (ESC) Linking Pin:

Step 3: Identify benchmarking partner(s) from best-in-class.

"Best management practices refer to the processes, practices, and systems identified in public and private organizations that are performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas." (General Accounting Office, 1995)

Input to Step 3: The input to Step 3 is the output from Step 2.

• A chartered BMK Team.

• A flowchart of the process to be benchmarked.

A. Research information sources for best practices.

There are numerous resources available to help identify who is the best at a particular process. Many sources are free and within the public domain. The problem is not so much finding the sources, as quantifying and qualifying them to limit the scope to those most useful to your particular benchmarking effort. Some sources of primary and secondary information are: The American Productivity and Quality Center lists 12 basic information sources for benchmarking. Also check recent winners and finalists for the Malcolm Baldrige National Quality Award, the President's Quality Award, and the Best Manufacturing Practices Center of Excellence Award. The DON Best Manufacturing Practices (BMP) is an excellent resource for locating best practices from industry, government, and academia. See the Supporting Materials section, Part A for a more detailed description of its Center for Excellence.

There are many government and private World Wide Web sites available to assist any search. Many provide resources, information, and even software to find best practices, perform a benchmarking study, or tie your benchmarking effort to your strategic plan and performance measures. Here are some that are frequently used for benchmarking and best practices studies:

Industry leaders can be identified a number of ways. In 1995, The Quality Network, Inc.

published a list of world-class organizations in specific process areas, which included:

• Coors, Southern California, Edison, and Allied Signal in health care management.

• Honda Motor, Xerox, and NCR in purchasing.

• Helene Curtis, The Limited, and Microsoft in marketing.

• Ford, General Electric, and Polaroid in training.

• 3M, Ben & Jerry's, and Dow Chemical in environmental management.

Prepare a list of companies/organizations to possibly benchmark. Ideally, your list of potential partners will have between 5-15 entries. Those companies of special interest to ESC, QMB, or BMK Team members can be used; however, ensure that most potential partners come from your primary and secondary research.

B. Rank potential partners.

After the research is completed, the possible number of partners needs to be narrowed. Investigate, and possibly contact, some potential partners to find out more about their suitability and interest in your effort. In Step 4, each benchmarking partner will be interviewed in more depth via mail, phone, other media, or in person.

The ranking process should be performed with blind company names. This means instead of calling a company or organization by its name (Xerox, Hughes, Bell Atlantic, etc.), use an anonymous heading (Company A, Company B, Company C, etc.). In this way, the final selection will be based solely on the data collected about each potential partner's best practices.

An example of 16 companies ranked in a benchmarking study by the Hughes Aircraft Company is included in the Supporting Materials section of this handbook, Part E. The highest scores represent the most desirable partners and are underlined. Recommendations are also noted at the bottom of each column to identify which companies rate a site visit, a phone call, a thank you letter, etc.

A less sophisticated matrix that could be used to evaluate the criteria for ranking partners follows.

Sample ranking matrix. Rank companies A through F with points from 1 (for the best) to 6 (for the worst) in each criteria. The lower the total number of points assigned, the better the company ranks.

[pic]

C. Select final benchmarking partner(s).

After you have established your selection criteria and categorized the potential partners into those that are of high, medium, and low interest, identify one single benchmarking partner that is the best-in-class, or select a limited number of partners (usually 1 to 5) that posses significant improvements. Selecting the partner(s) to benchmark against is a critical decision. It establishes the level of success you hope to achieve in this benchmarking process. Here, you are setting the standard for comparison. The BMK Team should get approval from at least the QMB level for the final partner(s).

D. Know and use the Benchmarking Code of Conduct.

Because benchmarking requires openness and trust, there are specific principles used to guide the conduct and ethical behavior of all partners. Organizations such as the International Benchmarking Clearinghouse, KPMG Peat Marwick, the Strategic Planning Institute's Council, and Texas Instruments have identified their own principles, many of which are similar or overlap the Benchmarking Code of Conduct. Here is a summary of what the principles cover:

1. Keep it legal.

2. Identify what level of information you are willing to exchange.

3. Respect the confidentiality of all benchmarking information.

4. Acknowledge the appropriateness and limitations of the use of the information.

5. Know who is the appropriate point of contact.

6. Obtain permission before providing contacts to others.

7. Demonstrate your professionalism and respect by always being prepared.

8. Commit to completing the study as mutually agreed.

9. Know how to understand and treat your partners.

Of course, the common sense rules of good business manners also apply. Be realistic and considerate when scheduling an interview or a site visit. Don't waste your partner's time. Limit the size of your team and the number of contacts you make. Respect proprietary information and Don't misrepresent any part of the study.

Refer to the detailed principles of the Benchmarking Code of Conduct in the Supporting Materials section of the handbook, Part B. Using this is the mark of a true professional in benchmarking and will help establish credibility with potential partners. As world-class organizations, they will be quite familiar with the Code. We strongly encourage all DON organizations involved in a benchmarking study to learn and abide by every principle in the Code.

Output from Step 3: The output from Step 3 is the input for Step 4.

• A list of possible benchmarking partners from research sources (approximately 15).

• A blind list of potential best practices (approximately 5-15).

• A list of the final partners selected (approximately 1-5).

• Team copies of the Benchmarking Code of Conduct.

Quality Advisor's Checklist

Before moving to the next step, the Quality Advisor should review the following checklist:

• Have you researched and investigated numerous sources to find the best practices?

• Did you select partners without names using a blind, objective scoring system?

• Do you now know who is the best-in-class?

• Does everyone involved know and understand the Benchmarking Code of Conduct?

• Are there any issues that need to be reviewed by your organization's legal department?

The Do Phase

Step 4: Collect and analyze the data.

"If you Don't measure it, you don't manage it." (Juran, 1989)

Input to Step 4: The input to Step 4 is the output from Step 3.

• A list of possible benchmarking partners from research

sources (approximately 15).

• A blind list of potential best practices (approximately 5-15).

• A list of the final partners selected (approximately 1-5).

• Team copies of the Benchmarking Code of Conduct.

A. Determine the data collection plan and method.

Now the BMK Team needs to determine a plan and agree on a method to collect data about the benchmarking process and any performance measures to be used for comparison(s), from within their own organization as well as from their benchmarking partner(s). The goal is to collect valid, reliable, objective performance data on the internal process first. Examples adapted from the American Productivity and Quality Center's The Benchmarking Management Guide (1993) of how you might measure data within a given process follow:

• Productivity, by transactions per unit.

• Accuracy, by the error rates.

• Responsiveness, by the time intervals.

• Speed, by the cycle time.

• Product stability, by the engineering change orders per month.

• Process financial contribution, by the value-to-cost ratio.

• Product availability, by fill rate.

• Product quality, by first-pass yield.

• Capacity, by volume managed.

• Service, by the on-time delivery.

In developing a data collection plan, the BMK Team should answer the following questions:

• What data will give us what we need to know to compare our process with the best-in-class (inventory control, recruitment, procurement, education and training, marketing, etc.) process?

• What kind of information/measurement is necessary (accuracy, quality, customer satisfaction, speed, dependability, etc.)?

• What data exist on the internal process?

• How should the BMK Team collect the data?

• Who on the BMK Team will collect the data?

• How will the BMK Team check its results?

• How much time will be needed to collect the data?

• How will the data be consolidated and analyzed?

• How will we evaluate the satisfaction of the customer(s) of the process?

• What method(s) should be used to collect data from partner(s)?

o hard copy correspondence (mail/e-mail/fax)?

o z telephone interviews?

o z publications/other media?

o z library and database research?

o z personal interviews/meetings?

Methods of Data Collection

One (or more) of the following methods can be used to collect the data. Following are some guidelines for each method and some advantages and disadvantages of each.

Correspondence. Using hard copy correspondence such as the U.S. Mail service, electronic mail, or fax to collect data is an inexpensive, easy, and time-efficient way to gather this information. However, correspondence limits the ability to probe, and may require follow-on questions. Be aware that some organizations may not give .answering the mail. a high priority.

Telephone. A telephone call is easy to plan and conduct. It facilitates contact with a large number of partners and can be relatively inexpensive. It provides a direct, personal contact with your partner(s). It also provides the ability to get a better sense of the organization and the individual with whom you are dealing. A common problem with telephoning, however, is that it can be difficult to .connect. with the person you wish to speak to (a.k.a. phone tag). In addition, a .cold call. can be time consuming and frustrating for all parties. It is recommended that you send a read-ahead package to prepare your partner(s). Include a suggested date and time and an estimate of the time required for the call to increase your chances of finding your point of contact available and informed. Contact a specific individual and maintain a good working relationship with this person. Explain again who you are and why you are calling. Mention any referrals. Exchange information where appropriate. Establish a follow-up session where necessary.

Publications. Publications and other forms of media, including World Wide Web sites, hold vast amounts of useful information, provide many opportunities to advertise for a partner, and often provide clues as to who may be considered the best-in-class. Magazines and journals often have articles on the pacesetters in a particular process. An ad in the newspaper or a trade paper can be minimally expensive and might solicit some surprising partner(s).

Research. By this point, the BMK Team has already done research to identify partner(s) via the library and database research. The BMK Team members can sift through this information to see what may already be contained and useful for this particular step of the process.

Interviews. Face-to-face contacts through personal interviews and meetings represent a powerful methodology. Conferences, meetings, training sessions, etc., provide informal opportunities to talk to others about what they do and how they do it. But this can become a resource-intensive method of gathering information from possible benchmarking partner(s), and, most importantly, it doesn't guarantee that you will find the recognized world-class organizations. It can also become awkward if the partnership doesn't work out as anticipated.

Site visit. It is possible to have a successful benchmarking study without a site visit. Sometimes through the use of technology, such as teleconferences and a groupware system, the information you need can be acquired at low cost. However, if it is necessary to go to a partner's location, here are some guidelines for the visit:

• Make contact with the appropriate person to provide the proper authority for the visit.

• State the purpose of the visit.

• Verify the suitability of the site.

• Offer a reciprocal visit.

• Identify mutually agreeable date(s) with start and end times.

• Select a limited number of benchmarking team members to visit (2 to 5).

• Send a letter to confirm the visit and include:

• the date(s)

• those who will be making the site visit

o those who you propose to visit at the partner's site

o a proposed agenda]

o a proposed time frame for visit

o a flowchart and/or explanation of the process you plan to benchmark

o the data collection process you plan to use

o any ground rules.

• Be sure to check on any security check-through procedures.

• Get clear directions on how to get there and where to park.

A Word of Advice: Don't rush off and do the site visit before the benchmarking team is adequately prepared. You want to be sure to use your time (as well as your partner's time) during the site visit effectively and efficiently. Send the right people and be prepared to provide business cards. Listen. Stay focused. Test for a common understanding among all internal and external parties throughout the site visit. Debrief as soon as possible; always debrief one site before you go to another. Neutralize emotions and be objective. You may find some great personalities at some great locations, but how great is their actual process?

Survey. Many organizations use survey instruments or a questionnaire to help focus the effort and standardize the information collected from various partners. A survey should consist of open-ended questions developed by the BMK Team. The questionnaire should be limited to no more than 15 questions that would take no more than one hour to answer.

Regardless of how contacts with potential partners are made, the same questions should be asked of each partner. This will enable the team to have like-responses for better comparisons. You should be able to answer the same survey questions for your own process. The answers to the survey reveal a lot about an organization's understanding of the benchmarking process as well as about their own business process.

B. Collect and rank the data.

Now the team can actually begin the comparison of its business process against those of a world-class organization. Designated BMK Team members should contact the partner(s) and collect the data based on the plan and methodology developed by the team. After the data are collected, each partner is ranked in performance measurement order. This identifies where your partner's performance is significantly above and below your current performance level.

After collecting the data about the process from the benchmarking partner(s), establish your own ranking and any performance gaps. This provides the basis for performance goal-setting (Step 6). Having a measurement system in place allows you to measure your progress toward the goals.

Partner(s) should be blindly ranked; that is the actual names of the organizations should be replaced with symbols such as Company #1, Company #2, and Company #3, etc., or Organization A, Organization B, Organization C, etc. The example that follows is a simple matrix showing generic performance measures and where each organization, as well as your own, ranks. It uses a 1 (best) to 5 (worst) numbering system. With this method, the team can quickly see which organizations are the best of breed. In this case, the lower the number the better.

Ranking the performance measures of a pharmacy

[pic]

A Word of Advice: The goal in ranking performance measures is to seek direction and categorize partners. Don't spend an inordinate amount of time splitting hairs between which organizations should be rated number 4 or number 5.

Look at the gaps in rankings and try to determine some of the reasons for the gaps. Project any future competitive gaps you may be aware of due to things such as evolving technologies. Camp stresses to look for balance in measures, not just cost (Camp, 1996). Things like quality, accuracy, delivery time, asset utilization, and the level of customer satisfaction in products should also be measured and ranked. Summarize the findings for the benchmarking report (Step 5).

C. Train the BMK Team with just-in-time skills/tools as needed.

When you assign the roles and responsibilities that each BMK Team member will have in researching, collecting, analyzing, and documenting the internal and external benchmarking data, consider if they will require specific training to participate. For example, training in: Many quality tools are available to assist the BMK Team in data collection and analysis. Those in your organization who have successfully completed the DON TQL Team Skills and Concepts course and/or the Systems Approach to Process Improvement course are trained in the use of these tools. Contact your TQL coordinator or specialist as needed. Some tools commonly used in benchmarking studies are:

• survey instrument development.

• use of databases/technology/World Wide Web sites.

• matrix development.

• data collection methods.

• statistical analysis.

• fishbone diagram.

• matrix.

• pareto analysis.

• histogram.

• affinity diagram.

• scatter diagram.

• run chart.

• storyboarding.

• integrated computer-aided manufacturing definition language (IDEF) modeling.

• cost/benefit analysis.

Output from Step 4: The output from Step 4 is the input for Step 5.

• A data collection plan and method.

• Quantitative (just the numbers) and qualitative (what the numbers mean) performance measures of the process.

• A blind list of partners in order of where they rank in each performance measure.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• Will the data collection plan and method provide valid, reliable, and objective performance information on the process?

• Are all BMK Team members collecting data in a similar fashion?

• Is a site visit necessary?

• Were potential partners ranked blindly?

• Does the BMK Team have all the tools and skills necessary to collect and analyze the data?

• Did the BMK Team document, document, and document some more? z Is there software available that could simplify the data collection and analysis? z Is there information that can be collected through secondary research without wasting resources?

Step 5: Determine performance gaps and strengths.

"The organization sees evidence of what others can do and accepts goals more readily because they are more realistic." (Thor, 1995)

Input to Step 5: The input to Step 5 is the output from Step 4.

• A data collection plan and method.

• Quantitative (just the numbers) and qualitative (what the numbers mean) performance measures of the process.

• A blind list of partners in order of where they rank in each performance measure.

A. Analyze performance gaps and strengths.

At this step, the BMK Team, with the guidance and support of the process owner's (QMB's) linking pin, can analyze the gaps between the organization's current process performance and that of the benchmarked partner(s) by:

• analyzing the gaps in your current business process against your benchmarking partner(s) and determining your strengths as well as your areas to target for improvement.

• doing a performance gap analysis with a detailed comparison of the .as-is. process to the "best-in-class."

• listing the best practices and the strengths where benchmarking partner(s) display superior performance.

• showing parity where there are no significant differences.

• describing where your internal practices are superior to the benchmarked partner(s).

• producing the analysis necessary for the benchmarking report and preparing to make recommendations to the process owners (QMB) based on that analysis.

• determining reasons for the gaps.

• projecting any future competitive gaps.

• re-flowcharting your process as a .could-be. process.

•

B. Produce a benchmarking report.

This report is intended to provide a summary of the benchmarking study, a permanent record for the organization, and an internal communications document. The report can also be used as a foundation for future benchmarking initiatives. It might include the following information:

• A statement of the need/purpose of the benchmarking study.

• The background on the study, which might include:

o how and why the process was selected

o how and why the partners were selected

o charts or current performance measurements.

• The customers of the process benchmarked and any specific customer requirements addressed by the analysis.

• The BMK Team members and the QMB members to whom they reported.

• An illustration of the benchmarking project's calendar and milestones.

• A description of the process as it actually existed at the start of the study (through an outline, flowchart, process map, matrix, charts, or narrative).

• Information sources researched and the criteria used in selecting partners.

• A description of the methodology used to collect the data.

• A data summary or matrix.

• An analysis of the data collected.

• The conclusions and results of the benchmarking study.

• The current performance gaps and strengths.

• Recommendations from the benchmarking team on improving the process.

• Identification of the next steps to be taken.

• Any lessons learned.

• A re-flowchart or updated process map of the new, "could-be" process.

Output from Step 5: The output from Step 5 is the input for Step 6.

• Data collected. Data analyzed. The BMK Team's benchmarking report.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• What are the strengths of the current process?

• Where can the current process be improved?

• Are the gaps in performance clearly identified?

• Were the gaps understood in terms of their tactical and strategic impact?

• Does the benchmarking report address the issues and concerns found in the original charter?

• Are customer requirements in the benchmarked organization similar or vastly different?

The Study Phase

Step 6: Take a systems view.

"A system is a series of functions or activities . . . within an organization that work together for the aim of the organization." (Deming, 1989)

Input to Step 6: The input to Step 6 is the output from Step 5.

• Data c

• Collected. Data analyzed. The BMK Team's benchmarking report.

A. Study the findings in a broader context.

The process owners (QMB) now review the BMK Team's findings and report. First, QMB members ensure a common understanding of the theory behind the process and the analysis of the performance gaps. Then, the QMB takes one step back to look at the bigger picture.

A process consists of interrelated and interacting parts. It is very rarely independent of the other processes and activities in the organization. The inputs, outputs, and outcomes of any process will ultimately impact other processes, and eventually, the aim of the larger organization in some way. Lack of appreciation and consideration of an organization as a system leads to fragmentation and suboptimization. Without a conscious effort by the QMB to see the organization as a system that exists in a dynamic environment, the people and processes in the organization could easily diverge in different directions and be at cross-purposes. The QMB needs to look at any possible impact on other management and operational processes, and then present recommendations to the top leaders (ESC).

The ESC can now review the findings and recommendations. At this level, as the managers of the system, it is important to look again for any larger systems implications. The interdependence of various parts of a system is not always obvious and may be widely separated in time and space. Therefore, the actions and consequences of recommended changes to the process need to be examined by the top-level managers who are ultimately responsible for the system and its aim. Evaluate any policies, rules, and regulations that govern the process to clear the path for success.

B. Make the final recommendations.

Now the findings and recommendations of the ESC, QMB, and BMK Team should be in alignment. The report, with its findings and recommendations, can be presented to all levels throughout the organization for internal customer feedback.

Output from Step 6: The output from Step 6 is the input for Step 7.

• The final report on findings and recommendations of benchmarking effort.

Questions for the Quality Advisor

Before moving to the next step, the quality advisor should review the following checklist:

• What other processes will this impact?

• Did the QMB and ESC look upstream and downstream of the process to see what else might be affected?

• Who else will be affected?

• Did all the process owners buy in?

• Will the recommendations aid the organization in achieving its aim/mission?

• What are the long-term and short-term costs of implementing this best practice?

• What impact, if any, will it have on the budget?

• How might changes to this process affect the strategic plan and/or strategic goals, strategies, and objectives of the organization?

• Will the people who are working on the process have the motivation and resources to make this successful?

Step 7: Communicate benchmarking findings.

"A man may well bring a horse to the water, but he cannot make him drink." (Heywood, c. 1540 )

Input to Step 7: The input to Step 7 is the output from Step 6:

• The final report on findings and recommendations of benchmarking effort.

A. Communicate the findings.

Successful change will require a common understanding and a willingness to make the changes work. Communicate the findings of the benchmarking effort and gain acceptance and support widely and deeply throughout your organization and among your customers.

For the internal customers of the process, prepare a presentation of the findings, analysis, and recommendations to achieve the desired goals and results. Be objective and as detailed as the intended audience requires. Have those who will actually be working in the process perform it and provide feedback.

Some ideas to disseminate the information in a different way include:

• Make the benchmarking report a freestanding PC presentation in the lobby/cafeteria.

• Hold one-on-one sessions with key individuals.

• Provide presentations to small and/or large groups with a feedback form and/or a question-and-answer period.

• Have a facilitated discussion within each division.

• Display a flowchart or blueprint that illustrates the .as-is. and .will-be. process.

•

Evaluate who else should be informed. External customers and stakeholders may also have a need to know and could possibly contribute positively to the changes in your process. It is extremely valuable to compare feedback data from your customers gathered both before and after the changes are made to help measure success.

Collecting the feedback in a formal way can be as simple as setting up an E-mail address for the benchmarking initiative or adding a survey to your home page. And Don't forget to let your benchmarking partner(s) know the output and outcome of your study. Allow them to share in your success stories.

B. Collect and analyze any input/feedback.

Allow the BMK Team, QMB, and ESC to gather and review any feedback data received from internal/external customers, stakeholders, and benchmarking partners. Not every suggestion needs to be implemented, but they should all be discussed and considered. Some helpful and important information on the process itself and on the chances of successfully implementing changes to the process can be found there.

A Word of Advice: The changes may affect budgets, organizations, and positions. As a result, the findings may receive mixed reviews. .Rice bowl. issues may ensue. To counter attempts at sabotage, proceed carefully but confidently. Use objective language. Your research will validate and justify your proposed changes. And try not to take criticism personally. Change stirs up fears.

Output of Step 7: The output from Step 7 in the input for Step 8.

• Feedback on the recommended process changes.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• Have the findings been communicated throughout the organization in a way that promotes understanding and acceptance?

• Has the feedback been looked at and considered by all the BMK Team and QMB members?

• What is the comfort level for support of these changes to the process? z Was there consensus and commitment to the findings at every level of the organization? z Was the data collected used to validate and justify the changes?

Step 8. Establish functional goals.

"Benchmarking may drive a change in emphasis on which goals are most important. A prioritization may be revealed that was not perceived before . . . the most thorough use of benchmarks would change the absolute value of the goals. metric." (Camp, 1995)

Input to Step 8: The input to Step 8 is the output from Step 7

• Feedback on the recommended process changes.

A. Write functional goals necessary and sufficient to achieve vision using best practices.

Since benchmarks are statements of an industry's best practices, finding them will require a reexamination of an organization's existing functional goals within the context of this new-found information. Functional goals need to be established as a way to translate the benchmarking findings and recommendations into specific statements of how the organization needs to change to meet or exceed the best-in-class. A goal is a statement of a result to be achieved representing a major accomplishment (DON TQL Glossary, 1996). Benchmarking goals, based on the findings of the benchmarked practices, will set the stage for changes in the strategies, objectives, and tasks of those who actually work in the process.

The organization should now have specific quantitative and qualitative statements from the benchmarking study, and can work on establishing methods for improvement with the specific information, numbers, and standards extracted from studying the best-in class. The world-class target in the process is now known.

Considerations to incorporate benchmarking findings may include:

• revising and rewriting functional goals.

• incorporating the benchmarking findings into the organization's strategic goals, strategies, and objectives.

• ensuring that there is no need to adjust the strategic plan itself based on the new knowledge gained from the benchmarking study.

In writing functional goals, the ESC and QMB should:

• specify short-and long-term goals.

• prioritize improvement areas as high, medium, or low levels of significance in scale. Discuss the possible affects on budgets, organizations, and positions.

• explore implications that new goals may have on the mission and resources of the larger organization.

B. Have performance standards and budget allocations reflect new organizational goals.

Change the performance standards, especially those of the process owners, to reflect the new goals and the desired outcomes of the benchmarked process. Those managers and employees who are contributing to attaining these goals and changes should be rewarded through the organization's performance process. Budget allocations are also a reward and can serve as motivation and incentive for others.

Output of Step 8: The output of Step 8 is the input for Step 9.

• Functional goals necessary and sufficient to incorporate benchmarking findings and recommendations into the organization.

• Performance standards that reflect functional goals.

• Budget allocations that reflect functional goals.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• Are all the benchmarking goals necessary to become a best practice in this process?

• Are the benchmarking goals sufficient to make the changes necessary to become a best practice in this process?

• Are the benchmarking goals leading toward the vision of the organization?

• How will the benchmarks be considered and incorporated into future strategic planning?

• How will the benchmarks be considered and incorporated into the future budgetary process?

The Act Phase

Step 9: Develop an action plan, implement procedures, and monitor progress.

"Developing the action plan is the culmination of the benchmarking team's work. At this stage, the team must identify the ways in which the knowledge gained during the benchmarking process can be applied to improve the organization." (Dutile, 1993)

Input to Step 9: The input to Step 9 is the output from Step 8.

• Functional goals necessary and sufficient to incorporate benchmarking findings and recommendations into the organization.

• Performance standards that reflect functional goals.

• Budget allocations that reflect functional goals.

A. Develop the .how to..

In developing an action plan to implement procedures and monitor the progress of the benchmarking initiative, the BMK Team looks at how to:

• z achieve desired results.

• z measure the results.

• z monitor feedback on the process changes.

• z identify the differences in tasks necessary to implement the process changes.

• z identify necessary training.

The QMB determines how to:

• achieve and measure the results.

• obtain and monitor the feedback.

• allocate resources necessary to support the effort (money, people, equipment, materials, training, etc.).

• propose the action plan to the ESC.

A draft action plan is then presented to the ESC.

B. Get top-level approval of the action plan.

Once the actions have been evaluated and the plan to implement the changes designed, the ESC must sanction a formal, standardized, sequenced process for the implementation of the best practices. The action plan, with milestones for monitoring progress and obtaining customer feedback, should now be approved by the ESC.

The ESC should allow the process owners (QMB) to manage the changes and hold them accountable.

Implementation requires a commitment to change and systems in place to support that change, more than just meetings, briefings, and plans that address the change. The QMB members own the process and are responsible for determining how the effectiveness and efficiency of the new practices will be measured. Lessons learned should be shared throughout the organization.

C. Celebrate successes.

Don't be shy about celebrating and rewarding success. Feedback, praise, and rewards can prove to be great motivators. The organization will have an easier time doing the next benchmarking project if this one goes well.

Output of Step 9: The output of Step 9 is the input for Step 10.

• Action plan.

Quality Advisor's Checklist

Before moving to the next step, the quality advisor should review the following checklist:

• Is the action plan clear?

• Does the action plan show how the gaps in performance will be closed?

• Does the action plan lead to necessary and sufficient changes?

• Has the QMB supported and praised the BMK Team for its work and recognized its accomplishments?

• Has the ESC supported and praised the QMB for its work and recognized its accomplishments?

• Is the organization ready to support and successfully implement the changes to the process?

• Is a process in place to implement this action plan?

• Are funds and rewards in place to implement this action plan?

Step 10. Recalibrate.

"The recalibration process [is] so necessary to stay current with changing conditions and the process for reaching a mature benchmarking position that yields superior performance." (Camp, 1992)

Input to Step 10: The input to Step 10 is the output from Step 9.

• Action plan.

A. Monitor your best practices process.

Once superiority is attained, the need for improvement still exists. Other organizations will benchmark your success and overtake you. To maintain superiority, the need remains for a continuous focus on improvement.

Recalibration means to reset the graduation marks used to indicate and calculate values. The new values become internal measurements for the next benchmarking effort. Review the completed benchmarking study and establish a new process baseline. Continue to monitor your current best practice against others. By recalibrating existing benchmarks based on potential and known new technologies and practices, the organization maintains its place at the forefront of quality, efficiency, and profitability. This sustained level of leading industry practices is the true aim of benchmarking.

B. Repeat cycle.

Once the benchmarking project is complete, start over. Have ongoing visits with your benchmarking partner(s). Environments evolve, technologies advance, new regulations are introduced. Competitors arise from unsuspected areas.

Recalibration doesn't just happen; it must be planned. There are no hard and fast rules on the frequency. One approach would be to recalibrate annually. A shorter timeframe would not be worthwhile since a best practice probably won't change that fast and the benchmarking process itself will probably take months to perform. If an organization reviews its strategic plan annually or semiannually, this may produce an opportune time to recalibrate benchmarks. Recalibration beyond three years will probably become a massive exercise.

The recalibration process means reexamining all 10 steps of the DON Benchmarking Model. No step should be skipped or assumed not necessary to repeat.

Many business processes can benefit from benchmarking. Expose and encourage the organization to learn more about the benchmarking process. For example, Xerox Corporation has trained thousands of employees, including most managers, in benchmarking practices. Managers and employees throughout the organization are empowered to initiate and conduct their own benchmarking projects. .This proliferation of trained and experienced employees results in a virtual continuous state of benchmarking activity across all departments, locations, and divisions. (Spendolini, 1992).

Output of Step 10: A continuous benchmarking process.

Conclusion

Benchmarking has enjoyed enormous success and has become big business. There are many software packages, training courses, and networking opportunities available on the subject. As you explore these materials you will realize that there is no one, single right way to benchmark. However, a word of advice: you should not try to pick and choose among your favorite models like a restaurant menu. The sum of each model is greater than its parts. Stick to one you feel comfortable with and see it through. Shortcuts are a recipe for suboptimization and disaster. Remember Deming's cautionary words: Do not copy and Do not tamper.

All too frequently, BMK Teams are expected to perform a study without adequate guidance from the process owners (QMB) or the top leaders (ESC) of the organization. Be advised that when surveyed by the American Productivity and Quality Center (APQC), companies listed poor planning, no top management support, no process owner involvement, and insufficient benchmarking skills as the top causes for benchmarking study failures (APQC, 1993). Managers should be active participants in this process without micromanaging the business process itself.

This handbook also addresses the relationship of benchmarking to strategic planning. As an organization implements its strategic plan, it should employ benchmarking to ensure that process improvements lead to world-class performance. The information that ultimately results from these initiatives can be invaluable in updating the strategic plan to recognize changing trends, new technologies, and other drivers.

Benchmarking is not for every organization. Although the gains can be great, it requires specific skills, dedicated resources, and a commitment from leadership to support the outcome. Leaders need to assess how ready and willing their organization is to accept the many challenges of this demanding but rewarding process. For those willing to accept the challenges, benchmarking provides an enormous opportunity for innovation and creativity in accomplishing the organization's mission and becoming recognized as a world-class industry leader.

The Benchmarking Code of Conduct

. © SPI Council on Benchmarking®, Cambridge, MA.

Benchmarking, the process of identifying and learning from best practices anywhere in the world, is a powerful tool in the quest for continuous improvement. To contribute to efficient, effective, and ethical benchmarking, individuals agree for themselves and their organizations to abide by the following principles for benchmarking with other organizations:

[pic]

1. Principle of Legality. Avoid discussions or actions that might lead to or imply an interest in restraint of trade, market or customer allocation schemes, price fixing, dealing arrangements, bid rigging, bribery, or misappropriation. Do not discuss costs with competitors if costs are an element of pricing.

2. Principle of Exchange. Be willing to provide the same level of information that you request, in any benchmarking exchange.

3. Principle of Confidentiality. Treat benchmarking interchange as something confidential to the individuals and organizations involved. Information obtained must not be communicated outside the partnering organizations without prior consent of participating benchmarking partners. An organization's participation in a study should not be communicated externally without their permission.

4. Principle of Use. Use information obtained through benchmarking partnering only for the purpose of improvement of operations within the partnering companies themselves. External use or communication of a benchmarking partner's name with their data or observed practices requires permission of that partner. Do not, as a consultant or client, extend one company's benchmarking study findings to another without the first company's permission.

5. Principle of First Party Contact. Initiate contacts, whenever possible, through a benchmarking contact designated by the partner company. Obtain mutual agreement with the contact on any hand off of communication or responsibility to other parties.

6. Principle of Third Party Contact. Obtain an individual's permission before providing their name in response to a contact request.

7. Principle of Preparation. Demonstrate commitment to the efficiency and effectiveness of the benchmarking process with adequate preparation at each process step, particularly at initial partnering contact.

_________________________________________________________________________________________

Glossary of Terms

This Glossary of Terms is taken from the Department of the Navy TQL Glossary (1996). Terms marked with an asterisk (*) were developed specifically for this handbook.

B

Benchmark To take a measurement against a reference point that can be observed or studied.

Benchmarking A strategic and analytic process of continuously measuring an organization's products, services, and practices against a recognized leader in the studied area.

*best-in-class Those organizations that perform a particular function or service more efficiently and more effectively than other organizations.

*Best Manufacturing Practices (BMP) See Department of the Navy's Best Manufacturing Practices.

*best practices The methods used in work processes whose output best meets customer requirements (Spendolini, 1992).

*BMK Frequently used abbreviation for the word benchmarking.

*BMK Team A team of high performance process experts, chartered to perform a benchmarking study on a particular process. The team may be cross-functional and/or represent various levels of an organization. Individuals are selected based on their particular skills and abilities in the process to be benchmarked. The BMK Team is assisted by an expert in the benchmarking process itself.

C

*champion A high-level advocate for benchmarking initiatives.

charter A written document that describes the boundaries, expected results, and resources to be used by a quality improvement team.

consensus A decision by a group that is acceptable to them, but is not necessarily unanimous nor arrived at by a majority vote. All members support the decision, even without universal agreement.

cross-functional team A team whose membership includes those from more than one organizational function and who have responsibility for some portion of an identified process.

customer The person or group who establishes the requirements of a process and receives or uses the output of the process. (Also see external customer, internal customer, end-user, and stakeholders.)

customer feedback system A system used by organizations or groups to obtain information from customers about relevant quality characteristics of products and services.

D

data Information, especially information organized for analysis, used as the basis for decision-making.

data collection plan A plan that provides guidance for gathering information. It establishes the why, who, what, how, where, and when of data collection.

*dantotsu A Japanese word that means to strive to be the .best of the best..

*Department of the Navy's Best Manufacturing Practices (DON BMP) A center for excellence sponsored by the DON, in collaboration with the Department of Commerce and the University of Maryland, whose purpose is to network and partner with industry, government agencies, and universities to identify and coordinate best practices through reports, site visits, databases, and software tools.

E

end-user The person for whom a product or service is intended. That person may be the user and/or buyer of the product or service.

*Executive Order #12862 Entitled .Setting Customer Service Standards,. this directive was provided to establish and implement customer services standards throughout all branches of government. One of its action areas was to benchmark customer service performance against the best in business.

Executive Steering Committee (ESC) The team of top leaders and guiding members of an organization who comprise the highest-level quality improvement team in the organization.

external customer An individual or group outside the boundaries of the producing organization who receive or use the output of a process.

F

facilitator A person who guides and intervenes to help a group or team process a tasking.

facilitation A process in which a person who is neutral and has no decision-making authority intervenes to help a group improve the way it identifies and solves problems and makes decisions, in order to increase the group's effectiveness.

flowchart A schematic diagram that uses various graphic symbols to depict the nature and flow of the steps in a process. The flowcharts can be drawn to represent different levels of analysis, e.g., macro, mini, and micro.

G

gap In the context of statistical sampling, a gap is the portion of the universe not included in the frame. The larger the gap, the higher the risk of invalid results. In the context of strategic planning, a gap is the difference between what an organization is doing today to accomplish its mission and what it needs to do to achieve its vision of the future organization.

goal A statement of a result to be achieved in the long term, representing a major accomplishment.

I

implementation To carry out a plan of action.

*industrial tourism Term used to describe site visits made without sufficient research or a clear purpose.

innovation The application of knowledge leading to the development of new processes, products, or services in response to anticipated customer requirements.

inputs Materials or information used to produce a product or service.

internal customer An individual or group inside the boundaries of the producing organization who receive or use output from a previous stage of a process in order to contribute to production of the final product or service.

*International Benchmarking Clearinghouse (IBC) A part of the American Productivity and Quality Center (APQC) that specializes in networking services, information searches, and databases for benchmarking.

J

just-in-time (JIT) The concept of supplying inputs only when they are needed for use.

L

leadership The process of inducing others to take action toward a common goal.

linking pin A member of an ESC or QMB who is assigned to work with the subordinate QMB or PAT in order to interpret the team's charter as well as provide guidance and support to the team's activities.

M

mission statement A written document that defines the fundamental and unique purpose that sets one organization apart from others and identifies the scope of operations. It describes what the organization does, whom it does it for, and how it does it.

N

*National Performance Review (NPR) Created by President Bill Clinton on 3 March 1993, who appointed Vice President Al Gore as its leader. It is an initiative to reform the way federal government works. Its goal is to create a government that .works better and costs less..

O

outcome The way a customer responds to a product or service.

output The product or service produced by a process.

P

*partners Those individuals or organizations who choose to associate because they share a common vision and set of strategies.

performance measurements Indicators to help determine how well an organization is performing.

Plan-Do-Study-Act cycle Also known as Plan-Do-Check-Act cycle, Deming cycle, or Shewhart cycle, it is an application of the scientific method useful for gaining knowledge about and improving a process.

*primary research The direct source of the research, that is, Deming's own writings instead of what others have said about his teachings.

process A set of causes and conditions that repeatedly come together to transform inputs into outputs.

*process mapping Diagramming, usually with flowcharts, the extended view of a process for the purpose of improvement.

Process Action Team (PAT) A team, composed of individuals who work together on a particular stage of a process, who are chartered by the ESC or a QMB to look at ways to improve

the process.

Q

quality The extent to which a product or service meets or exceeds customer requirements and expectations.

quality advisor A TQL support position within a DON organization. This person assists QMBs and PATs in data collection, analysis, and interpretation. The advisor also trains these teams in the use of methods and tools for process improvement.

quality characteristic A property or attribute of a product or service that is considered important to a stakeholder.

quality improvement team Any team that has been established to improve quality, usually through the improvement of an organization's processes. In the DON, the Executive Steering Committees, Quality Management Boards, and Process Action Teams are the teams linked by charters to make process improvements.

Quality Management Board (QMB) A cross-functional team composed of managers, usually of the same organization level, who are jointly responsible for a product, system, or service.

quality philosophy An enduring, value-based set of interrelated statements created by an organization's guiding members that reflect the quality principles, concepts, and methods that address what the organization stands for and how it conducts its business.

R

range A statistic that depicts the extent of dispersion in a set of data. It is determined by calculating the difference between the largest and smallest values in the data set.

*"rice bowl" issues Issues, topics, or resources that someone wants urgently to protect. They may define the person and/or the organization in the eyes of others who are influential.

S

secondary research This is the research that tells you about what organizations and companies do, through the eyes, ears, and perceptions of others outside the organization. Many benchmarking databases have this type of information where informed observers relate what goes on in an organization or company.

stakeholders The groups and individuals inside or outside the organization who affect and are affected by the achievement of the organization's mission, goals, and strategies.

strategic goal A long-range change target that guides an organization's efforts in moving toward a desired future state.

strategic intent A driving force compelling leadership toward its vision.

strategic management A process that links strategic planning and strategic intent with day-to-day operational management into a single management process. It is used to describe Phase Two of TQL implementation.

strategic plan A document that describes an organization's mission, vision, guiding principles, strategic goals, strategies, and objectives.

strategic planning The process by which the guiding members of an organization develop a strategic plan.

strategy A means for achieving a long-range strategic goal.

suboptimization A condition that occurs when the performance of a system component has a net negative effect on the aim of the total system.

system A network of interdependent components that work together to accomplish a common aim.

*systems view Knowing how all the parts of an organization link together, such as the suppliers, the entire production process, the customers, and the employees.

T

team A group of individuals organized to accomplish an aim.

team leader A member of the team responsible for leading the team in the accomplishment of the aim.

total quality An extension of the quality concept to include improvement of all of the quality characteristics that influence customer-perceived quality. This includes sources of variation from incoming supplies, all of the significant processes within an organization, and all those that can influence customer satisfaction, needs, or expectations when the product or service has left the organization. Also referred to as TQ

Total Quality Leadership (TQL) The application of quantitative methods and the knowledge of people to assess and improve materials and services supplied to the organization; all significant processes within the organization; and meeting the needs of the end-user, now and in the future.

TQL coordinator A person selected by the commanding officer to assist in the implementation of process management through TQL.

______________________________________________________________________________________

Back to the Basics: Measurement and Metrics

Source: Tim Perkins, Software Technology Support Center/SAIC, Ronald Peterson, SAIC, Larry Smith, Software Technology Support Center

Measurements and metrics are key tools to understanding the behaviors, successes, and failures of our programs and projects. This article highlights the basic principles of measures and metrics and encourages the reader to improve his or her use of these tools. The article is adapted from [1].

According to Tom DeMarco, "You cannot control what you cannot measure" [2]. Imagine going on a road trip of over a thousand miles. This is easy because most of us really have done this several times. Now imagine that your car has no speedometer, no odometer, no fuel gauge, and no temperature indicator. Imagine also that someone has removed the mile markers and road signs from all the roads between you and your destination. Just to complete the experiment, remove your watch.

What was once a simple journey becomes an endless series of guesses, fraught with risks. How do you know where you are, how far you have gone, or how far you have to go? When do you gas the car? Should you stop here or try to make the next town before nightfall? You could break down, run out of gas, be stranded, take the wrong road, bypass your destination, or waste time trying to find your location and how to reach your destination. Clearly, some method of measuring certain indicators of progress is essential for achieving a goal.

Imagine again going on a road trip. This time the cockpit of the car is filled with instruments. In addition to what you have been accustomed to in the past, there are now the following gauges:

• Speed in feet and yards per second, and as a percentage of c (light speed).

• Oil pressure in millibars.

• Estimated time to deplete or recharge the battery.

• Fuel burn rate and fuel weight.

• Oil viscosity and transparency indicators.

• Antifreeze temperature and pressure.

• Engine efficiency.

• Air conditioning system parameters (pressures, temperatures, efficiency).

• Elevation, rate of climb, heading, accelerometers for all directions.

• Indicators for distance and time to destination and from origin.

• Inside air temperatures for eight different locations in the car.

Also, there are instruments to count how many cars pass, vibration levels, and sound pressure levels within and outside the car. There are weather indicators for outside temperature, humidity, visibility, cloud ceiling, ambient light level, true and relative wind speeds and directions, warning indicators for approaching storms and seismic activity, etc. Along the roads will be markers for every hundredth mile and signs announcing exits every quarter mile for five miles before an exit is reached. Signs in five-mile-per-hour increments will announce speed changes.

To some, this may seem like a dream come true, at least the cockpit part. However, careful consideration will soon reveal that the driver will be inundated and quickly overwhelmed with unnecessary, confusing data. Measurement, in itself, is no prescription for achieving a goal. It can even make the goal unattainable.

Introduction

Metrics are measurements of different aspects of an endeavor that help us determine whether we are progressing toward the goal of that endeavor.

They are used extensively as management tools to provide some calculated, observable basis for making decisions. Some common metrics for projects include schedule deviation, remaining budget and expenditure rate, presence or absence of specific types of problems, and milestones achieved. Without some way to accurately track budget, time, and work progress, a project manager can only make decisions in the dark. Without a way to track errors and development progress, software development managers cannot make meaningful improvements in their processes. The more inadequate our metrics program, the closer we are to herding black cats in a dark room. The right metrics, used in the right way, are absolutely essential for project success.

Too many metrics are used simply because they have been used for years, and people believe they might be useful [3]. Each metric should have a purpose, providing support to a specific decisionmaking process. Leadership too often dictates metrics. A team under the direction of leadership should develop them. Metrics should be used not only by leadership but also by all the various parts of an organization or development team. Obviously, not all metrics that are useful to managers are useful to the accounting people or to developers. Metrics must be tailored to the users. The use of metrics should be defined by a program describing what metrics are needed, by whom, and how they are to be measured and calculated. The level of success or failure of your project will depend in large part on your use or misuse of metrics - on how you plan, implement, and evaluate an overall metrics program.

Process Description

Metrics are not defined and used solely, but are part of an overall metrics program. This program should be based on the organization's goals and should be carefully planned, implemented, and regularly evaluated for effectiveness. The metrics program is used as a decision support tool.

In relation to project management metrics, if the information provided through a particular metric is not needed for determining status or direction of the project, it is probably not needed at all. Process-related metrics, however, should not necessarily be dismissed so harshly since they indicate data useful in improving performance across repeated applications. The role of the metrics program in the organization and its three major activities are shown in Figure 1.

[pic]

Figure 1: Metrics Program Cycle

Developing a Metrics Program Plan

The first activity in developing a metrics program is planning. Metrics planning is usually based on the goal-question-metric (GQM) paradigm developed by Victor Basili (see Figure 2). The GQM paradigm is based on the following key concepts [3]:

1. Processes, including software development, program management, etc., have associated goals.

2. Each goal leads to one or more questions regarding the accomplishment of the goal.

3. Each question leads to one or more metrics needed to answer the question.

4. Each metric requires two or more measurements to produce the metric (e.g., miles per hour, budget spent vs. budget planned, temperature vs. operating limits, actual vs. predicted execution time, etc.).

5. Measurements are selected to provide data that will accurately produce the metric.

[pic]

Figure 2: Basili's Goal, Question, Metric Paradigm

The planning process is comprised of the three sub-activities implementing the GQM paradigm and one that defines the data collection process. Each of these is discussed in the following sections.

Table 1 shows two examples of goals and their related questions and metrics. Note that there could be one or more metrics associated with each question. As the initial list of questions and metrics is written and discussed, the goal is usually refined, which then causes a further refinement in the accompanying questions and metrics.

[pic]

Table 1: Goals and Their Related Questions and Metrics

Define Goals

Planning begins with well defined, validated goals. Goals should be chosen and worded in such a way that they are verifiable; that is, their accomplishment can be measured or observed in some way. Goals such as meeting a specific delivery schedule are easily observable. Requirements stating "software shall be of high quality" are highly subjective and need further definition before they can be used as valid goals.

You may have to refine or even derive your own goals from loosely written project objectives. The selection or acceptance of project goals will determine how you manage your project, and where you put your emphasis. Goals should meet the following criteria:

• They should support the successful accomplishment of the project's overall or system-level goals.

• They should be verifiable, or measurable in some way.

• They should be defined in enough detail to be unambiguous.

Derive Questions

Each goal should evoke questions about how its accomplishment can be measured. For example, completing a project within a certain budget may evoke questions such as these: What is my total budget? How much of my budget is left? What is my current spending rate? Am I within the limits of my spending plan?

Goals related to software time, size, quality, or reliability constraints would evoke different questions. It should be remembered that different levels and groups within the organization might require different information to measure the progress in which they are interested. Questions should be carefully selected and refined to support the previously defined project goals. Questions should exhibit the following traits:

• Questions only elicit information that indicates progress toward or completion of a specific goal.

• Questions can be answered by providing specific information. (They are unambiguous.)

• Questions ask all the information needed to determine progress or completion of the goal.

Once questions have been derived that elicit only the complete set of information needed to determine progress, metrics must be developed that will provide that information.

Develop Metrics

Metrics are the information needed to answer the derived questions. Each question can be answered by one or more metrics. These metrics are defined and associated with their appropriate questions and goals. Each metric requires two or more measurements. Measurements are those data that must be collected and analyzed to produce the metric.

[pic]

Figure 3: Goal, Question, Metrics Examples

Measurements are selected that will provide the necessary information with the least impact to the project workflow. Figure 3 summarizes the process of turning measurements into goal status.

Choosing measures is a critical and nontrivial step. Measurements that require too much effort or time can be counterproductive and should be avoided. Remember, just because something can be measured does not mean it should be. An in-depth introduction to measurements, "Goal-Driven Software Measurement - A Guidebook," has been published by the Software Engineering Institute and is available as a free download [5].

In addition to choosing what type of data to collect or measure, the methods of processing or analysis must also be defined in this step. How do you turn the measurements into a meaningful metric? How does the metric then answer the question? The analysis method should be carefully documented. Do not assume that it is obvious.

This activity is complete when you know exactly what type of data you are going to collect (what you are going to measure and in what units), how you are going to turn that data into metrics (analysis methods), and in what form (units, charts, colors, etc.) the metrics will be delivered.

Define the Collection Process

The final step of the metrics planning process is to determine how the metrics will be collected. At a minimum, this part of the plan should include the following:

• What data is to be collected?

• What will be the source of the data?

• How is it to be measured?

• Who will perform the measurement?

• How frequently should the data be collected?

• Who will the derived metrics be delivered to, and in what format?

Implementing a Metrics Program

A good rule of thumb to follow when starting a measurement program is to keep the number of measurements between five and 10. If the metrics program is well planned, implementing the program should be reduced to simply following the plan. There are four activities in the metrics implementation cycle, shown in Figure 4 [6].

[pic]

Figure 4: Metrics Implementation Cycle

Data is collected at specific intervals according to the plan. Data is then validated by examining it to ensure it is the result of accurate measurements, and that the data collection is consistent among members of the group if more than one individual is collecting it. In other words, is it being measured in the same way, at the same time, etc.? Once the data is determined to be valid, the metrics are derived by analyzing the data as documented in the metrics program plan. Metrics are then delivered to appropriate individuals and groups for evaluation and decision-making activities. This process is repeated until the project is complete.

Evaluating a Metrics Program

It is likely that a metrics program will not be perfect in its first iteration. Soon after its initial implementation and at regular intervals after that, the metrics program should be evaluated to determine if it is meeting the needs of the metrics users, and if its implementation is flowing smoothly. If metrics prove to be insufficient or superfluous, the program plan should be modified to provide the necessary information and remove any unneeded activity. The objective of a metrics program is to provide sufficient information to support project success while keeping the metrics program as simple and unobtrusive as possible. The following are areas that should be considered when reviewing a metrics program:

• Adequacy of current metrics.

• Superfluity of any metrics or measures.

• Interference of measurements with project work.

• Accuracy of analysis results.

• Data collection intervals.

• Simplification of the metrics program.

• Changes in project or organization goals.

Metrics Repository

A final consideration is establishing a metrics repository where metrics history is kept for future projects. The availability of past metrics data can be a gold mine of information for calibration, planning estimates, benchmarking, process improvement, calculating return on investment, etc. At a minimum, the repository should store the following:

• Description of projects and their objectives.

• Metrics used.

• Reasons for using the various metrics.

• Actual metrics collected over the life of each project.

• Data indicating the effectiveness of the metrics used.

Measurement and Metrics Checklist

This checklist is provided to assist you in developing a metrics program, and in defining and using metrics. If you cannot answer a question affirmatively, you should carefully examine the situation and take appropriate action. The checklist items are divided into three areas: developing, implementing, and reviewing a metrics program.

Developing a Metrics Program

? Is your use of metrics based on a documented metrics program plan?

? Are you using the GQM paradigm in developing your metrics?

? Are your metrics based on measurable or verifiable project goals?

? Do your goals support the overall system- level goals?

? Are your goals well defined and unambiguous?

? Does each question elicit only information that indicates progress toward or completion of a specific goal?

? Can questions be answered by providing specific information? (Is it unambiguous?)

? Do the questions ask for all the information needed to determine progress or completion of the goal?

? Is each metric required for specific decision-making activities?

? Is each metric derived from two or more measurements (e.g., remaining budget vs. schedule)?

? Have you documented the analysis methods used to calculate the metrics?

? Have you defined those measures needed to provide the metrics?

? Have you defined the collection process (i.e., what, how, who, when, how often, etc.)?

Metrics Program Implementation

? Does your implementation follow the metrics program plan?

? Is data collected the same way each time it is collected?

? Are documented analysis methods followed when calculating metrics?

? Are metrics delivered in a timely manner to those who need them?

? Are metrics being used in the decision- making process?

Metrics Program Evaluation

? Are the metrics sufficient?

? Are all metrics or measures required, that is, non-superfluous?

? Are measurements allowing project work to continue without interference?

? Does the analysis produce accurate results?

? Is the data collection interval appropriate?

? Is the metrics program as simple as it can be while remaining adequate?

? Has the metrics program been modified to adequately accommodate any project or organizational goal changes?

References

1. Software Technology Support Center. Condensed Version (4.0) of Guidelines for Successful Acquisition and Management of Software-Intensive Systems. Hill Air Force Base, Utah: Software Technology Support Center, Feb. 2003.

2. DeMarco, Tom. Controlling Software Projects. New York: Yourden Press, 1982.

3. Perkins, Timothy K. "The Nine-Step Metrics Program." CrossTalk, Feb. 2001 stsc.hill.af.mil/crosstalk/2001/02/perkins.html.

4. Bailey, Elizabeth, et al. Practical Software Measurement: A Foundation for Objective Project Management Ver. 4.0b1. Severna Park, MD: Practical Software and Systems Measurement, Mar. 2003 PSMGuide.asp under "Products."

5. Park, Robert E., et al. Goal-Driven Software Measurement - A Guidebook. Pittsburgh, PA: Software Engineering Institute, Aug. 1996 sei.cmu.edu/publications/documents/96.reports/96.hb.002.html.

6. Augustine, Thomas, et al. "An Effective Metrics Process Model." CrossTalk June 1999 stsc.hill.af.mil/crosstalk/1999/06/augustine.asp.

_______________________________________________________________________

AREA II G: BEHAVIORAL SAFETY PROCESSES

What is Behavior-based Safety?

Source: DOE

Behavior-based Safety is a method to use positive reinforcement to change unsafe behavior. The system:

• Is employee-based for continuous improvement.

• Analyzes tasks and hazards to identify critical safety behaviors.

• Analyzes behavior based on job observation.

• Uses feedback about safety performance as reinforcement.

Behavior-based Safety Principles

• Behavior is the cause of accidents.

• Consequences motivate behavior.

• What gets measured gets done.

• Feedback is essential to improvement.

• Quality is built-in early in the process.

• Conversations change organizations.

[pic]

Behavior-based Safety and Integrated Safety Management

Is Behavioral Safety the Missing Piece of ISMS? The Behavior-based Safety Process is an integral component of the Integrated Safety Management System (ISMS) and is consistent with the five ISMS core functions as follows:

|ISMS Core Function |BBS Process Element |

|Define the Scope of Work |Define the scope of the effort and personnel involved |

|Analyze the Hazards |Analyze the hazardous behaviors to identify critical safety acts |

|Develop and Implement Hazard Controls |Develop critical safety behavior checklists and behavioral |

| |observation methods |

|Perform Work Within Controls |Train workers/observers; establish safe acts baseline behavior; |

| |begin observation and calculation of the percentage of safe acts |

|Provide Feedback and Continuous Improvement |Provide feedback to workers and observe improvement in the |

| |percentage of safe acts and other measures (OSHA) |

[pic]

_____________________________________________________________________________________________

DOE HANDBOOK: GOOD PRACTICES FOR THE BEHAVIOR-BASED SAFETY PROCESS

Background of Behavior-Based Safety

Behavioral science traces its inception to a merging of different fields of science in one individual: a medical doctor who held a university chair in Philosophy in 1876. Behavior-based safety (BBS) brings together parts of behavioral science with industrial safety to create a “new” process to promote safety as an organizational value.

In the 1930’s, Heinrich reported that about 90% of all accidents involving fatalities, major and minor injuries were caused by “unsafe behavior” by workers. Subsequent studies by DuPont (1956) confirmed Heinrich’s contention. In the 1970’s and 1980’s, this was expanded to include near misses and Behavior Based Safety added “unsafe or at-risk behaviors.” Traditional engineering and management approaches to counter this (such as automation, procedure compliance, administrative controls, and OSHA-type standards and rules) were successful in reducing the number of accidents significantly. However, incidents and accidents persisted, keeping rates at a level that was still disturbing to customers, managers, and workers.

Developed in the late 1970s, BBS has had an impressive record. Research has shown that, as safe behaviors increase, safety incidents decrease. Measurement of “percent safe acts” is a leading safety indicator. In contrast, most safety measures are lagging measures, which are recorded after the incident (e.g., OSHA recordable cases).

Ample Anecdotal evidence also exists to indicate that measurement of “percentage or safe behaviors” is predictive. In other cases, the changes in the rate were acted upon, stopping the unsafe trend. In some cases the trend was not acted upon and an accident happened within a short period of time. Connelly (1997) claimed that some people he worked with felt that a change in the Safe Acts Index (% Safe Acts) was a three-week predictor of an accident.

This means that the observation and feedback techniques of BBS may be used to predict that safety problems may be growing in your facility. Intensifying the BBS observation cycle will often prevent an injury or accident.

Behavior-Based Safety in DOE

DOE sites are employing a growing number of BBS processes, each with it’s own specific orientation and techniques. Despite these variations, all BBS processes have four major components: (1) investigation of the antecedents to at-risk behavior, (2) the observation process, (3) action plans to influence at-risk behaviors and conditions, and (4) feedback.

Within DOE, BBS has been instituted at sites such as the Savannah River Site (SRS), Pantex, the Strategic Petroleum Reserve (SPR), and national laboratories such as Los Alamos National Laboratory (LANL), Idaho National Engineering and Environmental Laboratory (INEEL), and Lawrence Berkley National Laboratory (LBNL). In all cases, implementing the behavioral safety process has led to an increase in safe behaviors and a decrease in overall safety incidents.

Over the years, DOE has had an excellent safety record, as compared with much of industry, but there is still concern by oversight boards such as the Defense Nuclear Facilities Safety Board and Congress about the number and nature of safety problems in the DOE complex. As shown by the incident data in DOE’s Occurrence Reporting Processing System (ORPS), personnel error from all sources is present in over 77% of all occurrences. Instituting programs such as Integrated Safety Management (ISM) and the Voluntary Protection Program (VPP) has been part of the continuing responses to this persistent safety problem. Within this context, several DOE sites have looked to BBS to reduce the human error aspects of safety.

Reporting System (ORPS) reports (1999-2001)

The core philosophies of the BBS approach are complementary to those of many other programs within the DOE. For example, BBS supports VPP and ISM by giving an avenue for employee involvement and a systematic approach to identify and correct behaviors and conditions that lead to employee injuries.

BBS applies across a broad range of safety areas. BBS can be promoted on the production floor or in the office and is applicable off the job as well. BBS enhances several long-used safety tools (e.g., management tours, housekeeping audits, and safety meetings), thereby reducing the overall safety program cost. This indicates a shift in the focus of safety from programmatic to an “on the shop floor” focus. Organizations that properly implement BBS see the return on the investment (“ROI”) of spending safety resources directly in the active work area, and this also leads to “reduction of injuries.” This adds value to safety meetings and management tours, which customarily focus on conditions.

Benefits of Behavior-Based Safety

BBS is a process that provides organizations the opportunity to move to a higher level of safety excellence by promoting proactive response to leading indicators that are statistically valid; building ownership, trust, and unity across the team; and developing empowerment opportunities which relate to employee safety. Equally important to organizational culture, BBS provides line management the opportunity to prove and demonstrate their core values on the production floor.

BBS used in the context of ISM can impact injury rates and total reportable cases. The safety literature and DOE experience show that this occurs with consistency as shown in Figure 2, a “before-and-after” snapshot of Total Recordable Case (TRC) rate from seven different sites using BBS. In each of the cases, the TRC rate was lower following BBS implementation.

It should be noted, however, that multiple facets of an organization can influence the swings of injury rates. When a statistical process control perspective is applied, an organization realizes that specific fluctuations will occur; however, the process will remain “in control.” BBS is “a key on the key ring” of safety. It is neither a quick fix nor a silver bullet. It is, however, an important process that addresses the human element of industrial safety in a scientific, logical approach with leading and predictive indicators.

BBS is good business. Safety costs money, safety programs take manager and worker time, and incidents take time to investigate. The data from LBNL, SRS and SPRO (shown in Appendix C) reflect how BBS can save money. The observation process is also transportable to improving the way work is done, which can lead to enhanced quality.

BBS values, such as building trust, sound relationships, and the use of leading indicators, are applicable in all business activity. Once an organization becomes fluent in leading the safety process through a behavioral approach, it can transfer this experience into other business priorities, such as customer service, quality and absenteeism, making the implementation a spearhead to many business improvements.

History of Behavior-Based Safety

The merging of different disciplines or sciences is not a new concept. In 1876, a medical doctor who held a university chair in Philosophy started studying behavioral processes, and the science of psychology developed. In the 1970s and 1980s, a merger of the behavioral sciences as applied to safety (Komaki et al., 1978; Krause, Hidley, and Lareau, 1984) led to the birth of a “new” process— behavior-based safety.

Linking behavior to hazardous situations is not new. As early as the 1930s, Heinrich (1951) reported that “unsafe behaviors” were linked to about 90 percent of all accidents. Subsequent studies by DuPont (1956) confirmed Heinrich’s contention. Traditional engineering and management approaches tend to center around controls focused on automation, procedure compliance, and administrative controls. These, and OSHA-type standards and rules, were successful in significantly reducing the number of accidents. But, despite these actions, incidents and accidents kept rates at unacceptable levels. Data in DOE’s Occurrence Reporting Processing System (ORPS) show that personnel error is still present in over 77 percent of all occurrences. DOE’s Integrated Safety Management System (ISMS) and Voluntary Protection Program (VPP) are part of the continuing responses to this persistent safety problem. However, several DOE sites are also looking to behavioral solutions to reduce the human error aspects of safety.

Formally developed in the late 1970s, behavioral safety has an impressive record. Research shows that, as safe behaviors increase, safety incidents decrease. Within DOE, production facilities such as Pantex, the Savannah River Site (SRS), and the Strategic Petroleum Reserve (SPRO), and national laboratories such as Los Alamos National Laboratory (LANL), Idaho National Engineering and Environmental Laboratory (INEEL), and Lawrence Berkley Laboratory (LBL) have instituted behavioral safety. In all cases, implementing the behavioral safety process has led to an increase in safe behavior and a decrease in overall safety incidents.

Behavior-Based Safety and Integrated Safety Management Functions

DOE sites have embraced ISM as a philosophy for years. They have implemented ISM as it applies to specific work and tasks. A successful BBS process by default or design encompasses the Seven Guiding Principles of ISM. These principles provide the foundation on which any BBS process should be built. BBS enables organizations to apply the Five Core Functions across the entire organization on a day-to-day basis and does not restrict the process to the actual performance of work. Many workplace injuries occur when employees are involved in non-task-related activities such as walking from point A to point B. BBS processes also provide the footprints to show that ISM is at work around the clock.

Seven Guiding Principles of Integrated Safety Management

1. Line Management Responsibility for Safety The responsibility for safety and the BBS process is shared by management and front-line workers. All levels of the organization are involved in an effective BBS process.

2. Clear Roles and Responsibilities Functions within the BBS process are performed at the proper level and are integrated and adapted to fit the formal organization itself.

3. Competence Commensurate with Responsibilities An effective BBS process provides the skills needed to perform the tasks and functions associated with the job in a timely manner; provides the opportunity to use those skills on a regular basis; and provides for coaching and interaction with other people and organizations using the BBS process.

4. Balanced Priorities BBS provides the consistent stream of safety data that enables managers to balance safety priorities with production and other operational needs.

5. Identification of Safety Standards and Requirements Existing safety standards and requirements aid in developing the list of behaviors and definitions used in the BBS process.

6. Hazard Controls Tailored to Work Being Performed The observation process provides ongoing monitoring of processes so that Hazard Controls reflect the risks associated with work being performed in changing environments and conditions.

7. Operations Authorization The BBS process helps provide the behavior-related safety information necessary to make informed decisions prior to initiating operations.

Five Core Functions of Integrated Safety Management

Step 1. Define the Scope of Work

Sites developing and maintaining a BBS process follow several steps to define the scope of the work:

1. Form assessment team(s)

2. Extract behaviors that were involved in past accidents/incidents

3. Develop definitions that describe the safe behavior

4. Compile datasheet using identified behaviors

5. Determine observation boundaries

6. Train observers

7. Gather data

8. Determine barrier removal process

9. Form barrier removal teams

Step 2. Analyze the Hazards

Analyzing hazards is built into the BBS process. Hazards are analyzed during each observation, and the worker observed receives immediate feedback on how to minimize the risk. The assessment team and barrier removal team analyze the data gathered through observations to determine workplace hazards. The teams then develop action plans to remove barriers to safe work.

Step 3. Develop and Implement Hazard Controls

Employees tasked with planning or designing work can also use the behavior assessment and data. By studying the definitions and data, barriers that could require a worker to perform at-risk behaviors can be “designed out” up front. This forethought makes the workplace a much safer environment.

Step 4. Perform Work Within Controls

Although work has been designed and training conducted to help the employee know how to work safely, bad habits and shortcuts can introduce at-risk behaviors into the workplace. The ongoing observation process encourages the continued use of safe behaviors and reminds workers that one at-risk behavior could cause an accident, injury, or even fatality.

Step 5. Provide Feedback and Continuous Improvement

Feedback is provided each time an observation is performed. The feedback process reinforces the use of safe behaviors and helps determine why certain at-risk behaviors were performed. Collecting information about the at-risk behaviors helps the teams determine the root cause of a behavior and develop an action plan to remove the barrier causing the behavior.

Establishing a Behavior-Based Safety Process

Most behavioral safety processes are tailored to the work and management environment of the site. Despite these variations, all behavioral safety processes have three major components:

1. Development of a list of at-risk behaviors,

2. Observations, and

3. Feedback.

This handbook will provide a description of the basic process of setting up and running a behavioral safety program and give some variations that have worked in different sites around DOE.

The process starts with a behavioral hazard analysis to identify at-risk behaviors. These can be determined using accident/incident reports, job hazards analysis, employee interviews, and brainstorming. In some instances, a combination of all these tools could be used.

Using the at-risk behaviors, a checklist is then developed to assist in the observation of work behavior. In addition, a list of corresponding behavior definitions is helpful in maintaining consistency between observers and the resulting data. Observers record safe and at-risk behaviors on the datasheet and provide feedback to workers about their performance. This feedback reinforces the necessity for safe behaviors.

The observation data are used to identify barriers to safe behavior. Removing these barriers lowers the workers’ exposure to at-risk conditions and makes it easier for employees to work safely. Removing barriers and communicating successes increase employee involvement in the process. Many of these employees take these tools home, which helps decrease off-the-job injuries.

Readiness for Behavior-Based Safety

All aspects of BBS may not work in every organization. Employees will resist programs that promise big benefits but only result in more paperwork, less progress, and a mountain of wasted time for safety teams. Although it's no magic bullet for injury prevention, there are data to prove that, as observations go up, injuries go down. The question is: "Will it work for your company?" For BBS to succeed, your company has to be ready, and the conditions need to be right. Management support, effective management systems, and company culture are keys to determining whether or not a company is ready for a transition to BBS. Since implementation of these processes can be costly, how can one tell whether a company is ready for it?

Five conditions that increase the likelihood of success

Condition 1. Safety Leadership

Leadership must be active, visible, and genuine in their commitment to injury and illness prevention. Senior management should articulate a clear and inspiring vision that injury-free performance is the only acceptable goal. However, caution is needed here. These “vision messages” can be interpreted as “don’t report injuries” as a means of achieving the goal. The organization must view safety as a core organizational priority equal to research, operations, productivity, and quality.

Condition 2. Established Integrated Safety Management System

For BBS to be effective, an integrated safety management system needs to be in place. This includes minimum compliance, accident investigation, self-assessments, safety and health training program, and record-keeping systems. More advanced systems enhancements (such as observation, coaching, safety involvement teams, job safety analysis, accountability, and safety by objectives) all rely on the basics being in place.

Condition 3. Employee Empowerment and Participation in Safety

Employee empowerment and involvement enhance safety innovation, ownership and results. Labor/management cooperation serves as a catalyst for success. Without employee participation and involvement, BBS won’t get off the ground. Another critical facet of involvement is buy-in. Behavioral systems are much more effective in organizations that work hard at winning buy -in from the line to the executive office before they are introduced.

Condition 4. Organization’s Safety Culture

A positive social climate of trust, openness, and respect for individuals is an intangible of organizational life that dramatically affects worker performance. When the organizational style is more negative, involvement is low, complaining replaces problem solving, and coaching seems like scolding. In companies low on trust, BBS is resisted because it symbolizes another way to oppress the worker.

Condition 5. Measurement and Accountability

What gets measured gets done. Clearly defined responsibilities at every level of the organization are the starting point for top performance. When performance evaluations include safe and at-risk behaviors, strategies can be developed to focus on real threats to worker safety.

Setting Up the Behavior-Based Safety Process

As shown in the figure below, BBS is a multi-stage process leading to observation, feedback, and continuous safety improvement.

[pic]

BBS processes should be tailored to the work and management environment where they function. Initial work in setting up a BBS process should involve management, workers, and the union at your facility. A major player is the “champion” who has the responsibility for initially driving the process forward and guiding initial training and the initial selection of the steering committee (SC).

Establishing a Steering Committee

The SC is the cornerstone for the implementation and growth of the BBS process in an organization, as it sets the boundaries for the process and guides the development, implementation, and process continuation. The initial SC is selected from a group of qualified employees, preferably volunteers, representing each distinct group, team, etc., of the organization. The SC should be kept to a manageable size of around 10-15 members. If the SC is larger, it may not function as well. Therefore, multiple committees may be necessary. This decision may have negative consequences if not well managed. The SC should determine how new members will join. The SC is composed of employees from the facility or organization, and should be a diverse cross-section of the organization. It is equally important that the SC members be those who command the respect of their peers, display leadership qualities, and are forward thinkers.

The organization’s manager, the BBS coordinator, and the management champion may make initial assignments to the team and should establish the duration of the term, which is typically one year.

Steering Committee Roles and Responsibilities

The functions listed below have been shown to be essential to the successful workings of the SC and to guiding the organization through implementation. The functions may be combined based on the number of members available and the capabilities of those individuals.

Management must recognize that the implementation and growth of the BBS process requires time and resources. Personnel must be afforded the opportunity not only to serve on the SC, but also to adequately perform assigned functions within that body. For each of the following functions, consider the responsibilities, desired characteristics or abilities, and the expected time factor (TF) involvement (Hi, Med, and Lo):

Management Champion/Sponsor – The management champion or sponsor serves as an enabler and resource for the material needs of the SC. This individual must be a high-ranking member of management with a devotion to the BBS process. The individual must be willing to accept a role as an equal on the SC and avoid the temptation to manage the team. (TF=Lo to Hi)

Facilitator – This individual should be a strong supporter of BBS, be knowledgeable of the process, and be an energetic leader comfortable with working within the organization’s environment. This person leads the team through the BBS process implementation. Strong consideration should be given to selecting a deputy or assistant facilitator, for both continuity and depth of leadership. Functions include:

• BBS process expert

• Have a vision of long-term process sustainability

• Liaison with management team

• Action plan coordination

• Meeting chair

• Training and monitoring observation performance

• Other functions as identified by the SC and sponsor, such as data administrator and data input. (TF=Hi)

Data Administrator – The data administrator will be responsible for data analysis or assist the facilitator with this function. Access to the data will be necessary by various individuals. Access to the database should be controlled. This function will require some computer experience. (TF=Lo to Hi)

Data Entry – In organizations using a single data entry point, this function

should be associated with the SC. If a single data entry point is used, this person will input all completed observation forms into an observation database. This necessitates good typing skills and a flexible schedule. This task may be performed by committee members or clerical support. (TF=Lo to Hi)

Data Manager – For injuries and accidents to be predicted, the data gathered though observations must be reviewed and interpreted. The Data Manager prepares data packages for SC review, posts appropriate graphic information on organizational bulletin boards, provides necessary statistical information, etc. An additional desirable quality would be that of statistical analysis ability to help the SC interpret the data. (TF=Med to Hi)

Recording Secretary – This function records SC meeting minutes, prepares and issues the minutes, and issues the upcoming agenda prior to the next meeting. The timely issue of the meeting minutes requires the ability to do a quick turnaround. The recording secretary needs good organizational skills. (TF=Med)

Communicator – Experience in BBS implementation has shown that communications play a pivotal role in the involvement of the observer force and the education of the organization. This function provides for release of information from the SC to the observer force and the organization. Desirable qualities in an individual filling this function are creativity, flexibility, computer skills, and good oral and written communication abilities. (TF=Med)

One final factor for consideration is the level of involvement that the organizational safety engineer(s) will have with the SC and the BBS implementation. The SC may choose to include a safety engineer on the team. Safety engineers should be trained in the observation process along with other observers. The SC should fill these positions as they deem necessary for the success of their process.

Function of the Steering Committee

Basic responsibilities of the SC are:

• Develop the at-risk behaviors inventory

• Participate in the training and coaching of observers to provide for mentoring the observer process

• Design the observation process

• Analyze the observation data

• Build action plans to respond to the leading indicators seen in the data

• Ensure that communication with observers is maintained

• Ensure that BBS is promoted and communicated to all organizational levels.

The SC may elect, as part of their team-building efforts, to create an identity for the team or for their organization’s process. A unique name or acronym, logo, motto, or slogan can serve as a rallying point for the team. Depending on the scope of implementation, this identity may be site-wide, or facility-based.

Identifying At-Risk Behaviors

A very important step is the development of a list of at-risk behaviors. This inventory is supported by a list of definitions and examples of critical behaviors based on information extracted from injury reports, interviews, and observation of ongoing tasks native to a site’s work environment. This inventory of behaviors, customized for your facility, is the basic tool of observation. The observation data will ultimately be used to develop plans for risk reduction. Customizing the inventory is also critical in promoting acceptance and ownership of the process by the employees.

The behavioral definitions and examples should be written so that they are “observable.” Critical behaviors should be organized by risk factors, ranked in order of their potential severity.

Resources utilized for extraction of critical behaviors:

Accident/Incident Reports – Information extracted from the investigations will indicate behaviors that have placed employees at risk for injury in the past. Review of these reports will often result in more than one critical behavior contributing to an injury or incident. The SC should be involved in current and future investigation groups to maintain good continuity of information from a behavioral perspective.

Job Safety Analysis, Job Hazard Analysis, and PPE Assessments – Personnel who work closest to the risk should generate these documents. Information derived from these documents will assist in determining hazards on a “task to task/step by step” basis for SC members who may not be familiar with certain jobs.

Task Observations – Conducting observations of typical work tasks will not only validate behaviors that have already been extracted from historical sources, but may also reveal new critical behaviors that have not yet resulted in recordable injury. Observations can also provide a means of engaging employees in the development of the site process.

Employee Interviews – Interviewing employees from various work groups can provide an opportunity for workers to explain how they perform their jobs safely. Knowing what behaviors are used to perform jobs safely can aid in determining the risks of not performing a job in a behaviorally safe manner.

Brainstorming – Group interviews can help identify critical behaviors in work teams that have historically low injury rates and low risk perception.

Review and Revision

Maintaining a valid inventory is critical to continuous improvement. The inventory should be reviewed periodically (at least annually) for applicability by the SC. Observers also review the tools during routine observations. New at-risk behaviors may be identified, especially when new equipment, facilities, and processes are introduced. Some behaviors may not be currently valid because the tasks associated with them have been changed or are no longer contributing to risk. These may need to be retired from the inventory. Inventories are modified based on a combination of data and the informed judgment of the SC.

Maintaining and Growing the Process

Keeping the momentum is an important part of a successful process. To present new challenges for the team, consider questions such as:

• How soon can you achieve an observation/feedback rate that will improve safety?

• How can you improve or maintain this observation rate?

• What is the decision process for growing BBS into new “shops” or adding different at-risk behaviors to the process?

Behavior-Based Safety with Other Safety Efforts

How do you use BBS within the structure of ISMS, VPP, or other more traditional methods? Most safety programs concentrate on “things” and have been relatively successful in reducing the safety incidents having to do with “things.” As these more traditional methods find success, what seems to remain is a residual of problems related to human error. BBS addresses many of the causes of human error; it brings worker participation into the safety arena (supporting VPP) and looks at worker tasks (ISMS at the task level). BBS supplements existing safety programs and adds another level of protection—the worker.

BEHAVIORAL CHECKSHEET EXAMPLES

Local Safety Improvement Team (LSIT) Behavior-Based Safety Primer

Source: DOE Savannah River

Introduction

The Local Safety Improvement Team (LSIT) Primer was prepared by the Savannah River Site (SRS) Behavior-Based Safety Steering Committee (BBSSC). It is designed to assist work groups who are ready to establish a Local Safety Improvement Team, and it provides guidance for an LSIT to function as an integral part of the Behavior-Based Safety (BBS) process at the local level. It assumes that the workgroup has received the appropriate BBS training.

Each LSIT plays a pivotal role in the successful implementation and growth of the BBS process. Cooperating with each other, working through differences, functioning as a team, communicating within your organization, networking with other LSITs, and working with the company BBS Lead are vital to individual organizational successes and the success of BBS at your location.

We hope that you will find this Primer useful in your endeavor to improve safety by reducing at-risk behaviors, thereby preventing injuries.

Organizing a Local Safety Improvement Team Composition

A well-functioning LSIT is critical to the implementation and growth of the BBS process in an organization. To ensure the LSIT members have the necessary skills to support success, the initial LSIT should be carefully selected from a group of trained BBS observers. LSITs may be established for departments, work groups, buildings, etc as determined necessary to ensure proper participation and involvement with personnel.

A BBS Coordinator, along with a Management Champion, should be identified at the outset of your BBS implementation. The Coordinator and Management champion should make recommendations to Senior Management as to the initial assignments of an LSIT. The LSIT Charter (Section 4) should clearly define the

initial period of assignment and the method for subsequent rotation of members.

(Note: The coordinator typically does not become involved in an LSIT. The Coordinator may serve as a resource of information and as a liaison with company or Company BBS Lead.)

The BBS Process is most successful when the entire organization (observee through senior management) participates by supporting their particular roles. It is also important to have a representative composite of employees of the workgroups on the LSIT. Membership should include a diverse cross-section of the organization and the team should be comprised of employees who are respected by their peers, display leadership qualities, and are forward thinkers.

The exact number of team members on an LSIT can vary depending on the size and function of a particular workgroup, and should be defined in the Charter. Clearly defined and communicated roles and responsibilities for everyone are essential. Consideration may be given to establishing more than one LSIT depending on organizational needs.

The LSIT should take action, as soon as possible, to assign or elect LSIT leaders. Until that action is complete, the Management Champion may designate a Chairperson and a Recording Secretary. The Management

Champion should not serve as an officer.

Identity and Roles

The LSIT is encouraged to create a unique identity. This unique name or acronym, logo, motto or slogan can serve as a unifier for the team.

The functions listed below are vital if an LSIT is to guide the organization through successful implementation and support long term sustainability. Responsibilities of each function and the desired characteristics or abilities needed to carry out those functions are provided. The expected time factor (TF) and the level of involvement (High, Medium, and Low) are also shown. (NOTE: Functions may be combined, based on the number of team members available, as well as the capabilities of those individuals. Also, as the LSIT matures, rotation of these roles will help prevent LSIT stagnation.)

BBS Process Subject Matter Expert (SME)– The BBS process SME is strong supporter of BBS and very knowledgeable of the process. This person is an energetic leader who ensures that everyone in a workgroup understands and is involved in the BBS process. One BBS process SME may provide services to several LSITs. Functions include: ¤ working closely with the management team and the LSIT, ¤ coordinating action plans, ¤ providing training, ¤ monitoring observation performance ¤ assisting in motivating or coaching to continuously improve the process.

Due to the importance of this role, strong consideration should be given to this being a full-time position (Guideline: One SME per 300-400 persons in the workgroup). (TF = High)

Meeting Facilitator – The facilitator is not necessarily a member of the LSIT. The primary function is to facilitate the LSIT meetings in a way that consistently keeps the team on track and on time. This person must enforce set discussion times tactfully. The facilitator encourages pre-plan meetings with the LSIT Chair to ensure the meetings are both efficient and effective and works with the person recording the minutes to ensure the dissemination of accurate and timely meeting minutes. The facilitator assists the LSIT in developing the next agenda at the end of each meeting and encourages the team to determine appropriate discussion time for each agenda item. (TF = Medium)

Chair – The Chair of an LSIT should be a natural leader—someone the other team members respect. Functions include:

• working closely with the facilitator to ensure all LSIT members are engaged;

• working with the BBS Process SME to ensure the process is on track;

• monitoring database activities to ensure tracking and trending information is gathered and disseminated appropriately; and ¤ working closely with the Communicator to ensure that all employees are informed in the BBS process. (TF = High)

Access Administrator – Access to the BBS database (Section 6) should be password controlled. The Access Administrator is given database authority to administer. This function does not require a significant amount of time but does require computer experience. (TF = Low)

Form Administrator – Each LSIT should construct a unique observation checklist. The Form Administrator is given authority to use a form generator tool (typically a computer application, Section 7) to assemble and control the observation checklist for the LSIT. Computer experience is beneficial in performing this function. This function could be combined with that of the Access Administrator. (TF = Low)

Data Entry Person – If an LSIT chooses to have one person enter all the observation data, the Data Entry Person is given database authority to input the data from all completed observation checklists into the database. This function requires good typing skills and a flexible schedule. It is also beneficial if this person is a trained BBS observer so that the person is familiar with the BBS terminology, philosophies, etc. (TF = High)

Data Manager – Data gathered through observations must be reviewed and interpreted for the LSIT to provide positive feedback to employees for safe behaviors and develop solutions for trends that need action. The function of data management is to analyze the data in the BBS Database, produce appropriate reports/graphs, and prepare data packages for LSIT review. Graphical information should be shared with employees. Some ways to accomplish this are to post information on bulletin boards, show graphs in Safety Meetings, or put information in newsletters. It is of particular help if the person(s) carrying out this function can contact a statistical analysis SME to help the LSIT interpret data. (TF = Medium)

Recording Secretary – The recording secretary should be assigned either permanently or on a rotating basis to record LSIT meeting minutes and to prepare and distribute smooth meeting minutes to all LSIT members. This person works with the facilitator and the Chair to develop upcoming agendas prior to LSIT meetings. The timely issuance of the meeting minutes is very important and requires a person with good organizational skills to consistently provide a quick turnaround. (TF = Medium)

Timekeeper – This function may be served by a strong facilitator. However, the LSIT may choose to have an individual less involved in the leadership of the meeting assigned to ensure that the meetings stay on time. (TF = Low)

Management Champion – The Management Champion serves as an enabler and resource for the LSIT. The selection of this individual is very important. The Management Champion should be a high-ranking, respected member of management with a devotion to the BBS process. The Management Champion must be willing to accept the neutral role as Champion of the LSIT, and must avoid the temptation to manage the team. (TF = High)

Communicator – Experience in BBS implementation has determined that communication plays a pivotal role in the involvement of every person in the workgroup in the observation process and the continuing education of all employees. This function provides for release of information from the LSIT to the organization. Desirable qualities of an individual filling this function are creativity, flexibility, computer skills and good oral and written communication abilities. One recommendation is to involve the Company, Division, or Department Communicator. (TF = Medium)

Safety Professional – If your organization employees a Safety Professional as an integral part of the Safety Program, the LSIT may ask that individual to play a part in the BBS process. The Safety Professional should be trained as BBS observers and involved in your BBS process. An LSIT may choose to include a Safety Engineer on the team. When this is not practical, the Safety Engineer should be recognized as a valuable resource for specific safety resolutions.

Responsibilities of the LSIT The Team

Develop the list of critical behaviors for the work group

Critical behaviors are those behaviors that most often place personnel in a particular organization at-risk for injury. It is very important for the LSIT to identify these critical behaviors as a first step in making the process unique to the organization and most effective in improving safety locally. By analyzing the organizational history and ensuring that these critical behaviors are in fact “critical” (i.e. statistically valid vs. just “gut feel”) observations will be focused on specific areas of concern. Experts agree that several methods may be used by an LSIT to develop its first set of critical behaviors. They include:

• Review injury history over the past five years: Contact the Site Safety Organization or the Safety Engineer to determine how to obtain statistics and records. This information can assist the LSIT in determining how people have been injured. If an investigation was conducted, the records may help determine what behaviors contributed to the injury.

• Look at current accident investigations: Identify emergent behaviors that may not have been previously identified. Because these are ongoing investigations, facts are fresh in the minds of those involved; and they more easily recall pertinent information.

• Evaluate Integrated Safety Management System (ISMS) reviews, Job Hazard

• Analysis (JHAs), or other Hazard Analysis documentation: Obtain copies of ISMS and JHAs reviews from the persons in the organization who are responsible for these documents. Notice the identified hazards for the reference work activities. Determine critical behaviors associated with particular hazards.

• Conduct observations of typical work group tasks: This is not only an excellent way to determine behaviors that are critical to certain jobs; it is a great way to get workers involved early on in the BBS process and lets them see the LSIT at work.

• Interview employees from various work groups: Give employees an opportunity to talk about the hazards associated with their work and let them explain how they safely perform their jobs. These discussions will provide valuable information. Depending on receptivity, interviews can also be conducted to obtain information that will help the LSIT understand previous injury events.

• Use a Critical Behaviors Library for reference. Your company may already have a “library” of critical behaviors that has been developed. The LSIT may select from the existing library or identify any other critical behaviors that need to be included in the specific observation checklist. (CAUTION: Remember these behaviors must be from YOUR workgroup. Resist the temptation to “boiler plate” critical behaviors from the site library or another work group.)

•

Should the LSIT need to add a new critical behavior to the library, submit it to the company BBS Lead for consideration. Each new behavior must be clearly defined when submitted for inclusion in the library. This is necessary to ensure consistent use of a particular behavior within your company. Consideration should be given to writing the Critical Behaviors as short action statements describing behavior (Protecting Hands, Aware of/Avoiding Pinch Points, etc.)

An LSIT should review the critical behaviors annually to determine if changes need to be made in the specific observation checklist based on the data analysis.

Analyze the Observation Data

Data from the observation checklists is collected and entered into the BBS database. Key parameters to analyze are:

• Overall % Safe

• Overall % At-Risk

• % Trained Observers

• Number of Active Observers

• Completed Action Plans

• Breakdown of % At-Risk

• Breakdown of % Safe

• High At-Risk Categories

• Facilities or activities observed

• High At-Risk Trends

Other parameters may be selected for analysis by the LSIT. These become the leading indicators of safety performance for the work group.

Form action plans or determine other solutions

Once the data is analyzed, the LSIT determines which at-risk behaviors are trending toward an injury. The LSIT influences the trend from at-risk to safe by identifying the best approach for changing a behavior and communicating it to the workgroup. As action plans unfold, additional observations are performed to determine action plan effectiveness. A good action plan equates to an increase in safe behaviors. There may be a simple solution such as making sure Personal Protective Equipment is always available. However, an issue may be complex and the best solution may be for the LSIT to develop an action plan with specific objectives identified, tracked and completed to ensure the solution is appropriate.

Promote and Effectively Communicate the BBS Process

The BBS philosophy and process must spread beyond the LSIT and the BBS observers. Communications is a key function and responsibility for an LSIT. Develop a newsletter, issue bulletins, use bulletin boards, etc., to communicate details about the process to the company.

Although these tools as well as graphics, such as posters and charts have some impact, it is the face-to-face communication that pays off long-term. It is vital to communicate with everyone.

Manager and leader - The LSIT has the ability to influence management and leadership in several ways:

• Give positive feedback to managers who support BBS (i.e. those who give time for observations to occur).

• Keep the managers and leaders informed of successes and trends.

• Encourage key managers and leaders to talk about BBS in all meetings.

• Monitor and review critical behaviors for managers and leaders at staff meetings.

Observers – The LSIT has numerous opportunities to reinforce observers:

• Keep them advised of the results of the observations, data and action plans.

• Provide positive reinforcement for all their efforts.

• Allow them the opportunity to discuss concerns or problems with the LSIT.

• Accompany them on observations and use BBS techniques to discuss their observations with them, i.e., positively reinforce what they did well, and by asking questions, get them to identify their own problem areas or weaknesses.

• Share improvements to the observation process as they are developed.

Observees – Positively reinforce their willingness to be observed and keep the pulse of the process:

• If an observer approached them, ask if they allowed an observation. Positively reinforce those who did, and determine what barriers existed for those who did not.

• Get their perspective on how well the observations are going.

• If they have not been approached to participate in an observation, review the process with them and encourage them to encourage any observer who does approach them.

• Encourage them to become an observer.

• Share the results of observations to date: data, trends, and action plans.

• Share success stories you have heard.

LSIT – The LSIT should be the hub of communication:

• Develop accountability within the team to share results of the communication paths listed above.

• Communicate the information within the LSIT on a timely basis in order to support the communication paths listed above.

• Develop meeting times and methods that include all members of the LSIT in some way.

• Conduct LSIT meetings in a way that all attendees feel valued, appreciated, and listened to.

• Positively reinforce each other. Strive to have members who want to build each other up.

• Establish a means for the LSIT to continuously improve both the process and safety by communicating and networking with other LSITs on site and by utilizing other site resources.

• Maintain an open line of communication with the company BBS Lead.

Participate in training BBS observers

Experienced LSITs have learned that it is very effective for seasoned observers to communicate and share their observation skills with peers. It is also evident that new observers enjoy learning from their peers. By encouraging BBS observers to participate in training new observers, the process is greatly improved.

Regularly attend LSIT meetings

Regular attendance is necessary in order to keep the pulse of the process, to be made aware of areas in which individual members can support the process, and to stay abreast of the improvements which the workgroup is making in safety.

Observers volunteered to be involved in the BBS process because they are interested in promoting a safer work place. From time to time, observers may lose their original zeal. It is incumbent on the LSIT to support those observers by providing them with positive feedback, letting them know that they are vital to the process, etc. (NOTE: This is a key role for line management also.)

Other Behaviors

LSIT members should encourage all employees to be observed. Sometimes it becomes necessary for an LSIT to visit other LSITs or network with other work groups to infuse vitality into a BBS process that becomes stagnant. LSITs should be very willing to assist others in coaching and mentoring techniques that are effective in revitalizing a process. Networking is a key to our success.

Positively reinforce co-workers when they support your job in your absence. At times, LSIT responsibilities will require you to leave your “normal job”. During these times, if someone covers for you, you should remember to give your coworker positive reinforcement for supporting you in this way.

Remember, too, that an LSIT member must be a model for reduction of at-risk behaviors and conditions. As in many things, BBS is communicated by what members do at least as much as by what they say.

The LSIT Charter

The charter provides an outline of the structure and objectives of the LSIT and also captures the philosophy of the work group. It is a living document and can be modified as the process matures. See the appendix for examples.

Brainstorming is an excellent tool to use in the initial development of the charter content. In brainstorming everything is captured, and discussions of each item follow once the brainstorming is completed.

Charter Elements

• Outline the team's functions. Use this as a resource.

• Define the organization of the LSIT, e.g., determine if you will use a Chair, a facilitator or both.

• Decide how new members will be selected.

• Define the relationships with the management team. Invite a key organizational manager and the Management Champion to sit in on your discussion of this section of the charter.

• Establish membership criteria, including rotational frequency.

• Ensure that you have a good cross-section representation of the organization.

• Determine quorum requirements.

• Establish attendance expectations, e.g. attend ¾ of scheduled meetings or provide a designated substitute.

Assessing The LSIT

There are going to be ups and downs in the performance of your LSIT, especially at the beginning. Be honest about what is happening and how the team is managing itself. An honest self-assessment is vital if the team is at-risk for failure. See appendix 4.0 for sample assessment criteria

Do not allow the LSIT to fall into the trap of conducting mini-critiques as the observation data is analyzed. Just as observations focus on the positives, so should the LSIT. During the first year, you should schedule a six-month self-assessment to help keep the LSIT on track.

The LSIT should have an annual assessment. The assessment should be based on a list of Critical Behaviors for LSITs that provides a good guide for assessment. Sample Criteria may be found in the Appendix of this Primer.

Honesty is the best policy. Find facts, not faults. Some guidelines for the assessment meeting are to:

• plan the meeting offsite to limit distraction,

• consider using an impartial facilitator,

• summarize strengths and weaknesses,

• prepare an action plan to address the weaknesses,

• communicate the completed action, focusing on accomplishments.

The BBS Database Application

For the LSIT to effectively increase safe behaviors, it must be able to view and analyze the data being gathered by observations. A computer application is necessary to ensure timely collection and analysis of observation data. This data should be entered into a database that allows for the generation of graphical reports on selected parameters. A good database will allow multiple functions to be performed. The following information is provided as an example of such a database developed by Westinghouse Savannah River Company for use with its BBS process.

The program Data Acquisition in Real Time (DART) has been developed as a multi-functional tool to collect, store and analyze information of various types. The DART© BBS application contains two modules. Its purpose is to:

• Collect Data from the Forms – Database Module

• Compile the Data and Generating Reports – Report Generator Module

The data collected by the observation process is entered into DART©. The DART© Report Generating Module can analyze and correlate the data and produce report graphics for use by the LSIT. By using the reports generated by DART©, the LSIT can review key parameters such as:

• Overall % Safe

• Overall % At-Risk

• Breakdown of % At-Risk

• Breakdown of % Safe

• Review of high At-Risk Categories and the associated observations

• Review of high At-Risk Trends

The report function of DART© also provides the text fields of each completed observation. This helps the LSIT interpret the data. The comments supplied during observations help put substance to the numbers. The comments enable the LSIT to take a trend that shows, for example, an increase in at-risk behavior for hand safety and helps them see what the real issues are behind the trend.

Access to the various modules in the database is based on different security levels. Most often these individuals will be members of the LSIT. The company may designate Module Administrators who have access to provide additional support for the LSIT.

Constructing the Observer Form

Each LSIT determines the content of its observer form because of the variety of activities that take place on site and the resulting variety of behaviors.

As mentioned earlier in this document, the LSIT should assign the function of Form Administrator to an LSIT member. This individual will be given the proper authority to build the form using the selected software or to initiate form production by a graphics support group.

The Observation form is the single most important piece of paper involved in the BBS process. It is used to collect the observation data and results in data entry into the BBS database or DART© (Section 6).

Once the LSIT has determined the critical behaviors for your organization, you are ready to begin the construction of your form. To encourage use and allow time for the process to mature, the form should be initially designed to be easy for the observer to use and for the Data Entry Person to translate into the BBS database or DART©.

To help in this task, a computer application should be selected to ease the building of the form. This allows the LSIT to build a form that is specific for the organization. Experience has determined that several fields need to be mandatory.

Mandatory Header Fields : \

• Month/Year

• Division/Facility (you may select to use company, site, or area)

• Observer’s Name

• Activity Observed

• Number Observed (this will be used to help calculate Contact Rate)

Non-mandatory Header Fields:

The LSIT determines if other fields to be identified in the header. Fields may be added later as the organization matures in the process and the LSIT determines a need for more detailed information.

The header may also contain space for the LSIT Logo, Slogan, Identifier or other graphics or text which can be used to customize your form. Graphics should be in a standard format such as the GIF or JPEG file format.

Body Fields:

The body of the form will be composed of two Major Columns:

• The Critical Behaviors Column

• Behavior Assessment Column.

In the Critical Behaviors Column list the initial Critical Behaviors to be observed for the first year. Add the following mandatory fields:

Mandatory Critical Behavior Fields:

• Safe – Provides indication of status of the observed behavior. Left blank if not observed.

• Number At-Risk – This field is used to enter the total number of people observed to be At-Risk in the observation for a given observed critical behavior. For example, you may have observed a 3 person crew doing an activity but only one was involved in a specific At-Risk behavior.

• Obstacle Number – This will identify the causal factor for the at-risk behavior, which will be further explained in the Assessment Column.

Mandatory Behavior Assessment Fields:

• Critical Behavior Index Number -The number comes from the Critical Behavior Column to help correlate comments with the observed behavior.

• What Was Observed - Comments on what safe or at-risk behavior was observed will be entered here.

• Reason/Assessment – This field essentially provides an explanation of the Obstacle that was selected by the observer.

An optional text field is available in the Body Library:

• This field is a follow-up field to indicate those observations which should be examined closely for more specific action.

Footer Fields. A multipurpose text field can be placed in the footer. This text field can be used as determined by the LSIT to document: Best/Good practices observed, an overall summary of the “flavor” of the observation, a summary of any safety commitments obtained etc. The footer may also be used to provide a list of obstacles, critical behavior definitions or guidance, etc.

Entering Observations

Two methods of data entry may be used:

• Data Entry Person -This method of data entry uses one or more individuals designated and authorized as the only person(s) who may enter the Observation Checklist information into the database. Hard copy observation forms are used by the observers and handwritten to complete the observation process. The forms are then channeled to the Data Entry Person for entry into the database. A Data Entry Person will always be necessary for organizations that allow BBS trained observers from outside the workgroup (Guest Observers) to complete forms.

• Observer Data Entry – This method of data entry allows observers to have access to the data entry page in a database such as DART© via individually assigned passwords. The electronic version of the hard copy Observation Checklist is completed by the observer and the data is entered into the database by clicking an “add record” button.

Each method has its own strengths and weaknesses. The LSIT will have to decide what procedures work best for its workgroup. At least initially the LSIT will need to monitor its data entry process closely to determine if adjustments or changes are needed. Regardless of the method chosen, it is important that after the data is entered, any physical observation form is discarded or shredded.

One of the biggest issues for observee participation is the fear of determining who was observed. Therefore, observation forms shall never be shared individually. Reports generated should have a minimum number of data sheets (e.g. > 10) included so that individual observees cannot be determined from information publicized. Additionally, the LSIT can design the reports generated so that all of the information obtained on the observation form (e.g. time of day, title of the job observed) is not disseminated outside of the LSIT.

Leading Indicators and Interpreting Data

The LSIT is to use leading indicators to understand and reduce at-risk behavior and the resultant injuries. Leading indicators are trends identified from the observation data that indicate an increase in at-risk behavior prior to an accident occurring. The analysis of the leading indicators will point the LSIT (thereby the workgroup) in the right direction. This is the greatest task of the LSIT. Second is the formation of solutions that are needed to change at-risk trends.

The LSIT can provide solutions in several ways:

• Keep asking the question, “Why?” Get the LSIT to the center of the real issue.

• Look for obvious adverse trends. Analyze the causal factors.

• Discuss potential solutions thoroughly. Determine the best method to turn the trend. The easiest may not be the best.

• If however, the LSIT recognizes that an adverse trend of at-risk behavior has a simple solution, it should identify both the solution and the person responsible for the action so the problem can be remedied quickly.

• If the team has a complex situation, it may need to develop a formal action plan, with stated actions, responsibilities, and schedule.

• If the solution involves utilizing a communications tool, the LSIT should identify the target audience and the person(s) responsible for producing and distributing the communiqué.

• Actions requiring the acquisition or use or financial resources, e.g., procurement of goods or services, may require assistance from the Management Champion.

• Meeting minutes may be formatted to serve as an assignment and tracking tool for solutions. Long-term solutions may be better tracked by the commitment tracking system.

Observer Involvement

Observer involvement is essential to successful BBS implementation. Observers must continuously see that there is value from management, the LSIT, and fellow employees for the observations they are performing. The LSIT must actively encourage observer involvement to keep all observers engaged. Several suggestions for engaging the observers include:

Select a primary method to regularly communicate with all observers. Consider the use of e-mail distribution of observer-focused information. Observer buy-in meetings might be planned. Define the periodicity for primary communications. The more frequent the communication, the more likely the observers will maintain interest. Be consistent! Failure to communicate as scheduled tends to indicate that an LSIT is not inspired to build the process.

Provide supplemental communications to celebrate successes and encourage and inspire observers. These communications might provide observers with information about observations; e.g., number of observations received, how the information is being used to feed the solution process, the actions created as a result of their observations and follow-up information so they know their efforts achieved results. (CAUTION: Just as “no name, no blame” of the observee is fundamental in BBS, so is “no name, no FAME”. Everything that occurs within the bounds of an observation is privileged. Therefore, even when someone does something “very right”, this information can not be shared. This insures the integrity of the observation process.)

Ensure observers receive a status report of the process periodically. Provide information about new volunteers, management support, LSIT or observer involvement in the site activities.

Invite observers to attend LSIT meetings. Let them see the process working. Encourage observers who visit to share with their workgroup what the LSIT is doing. This is a good idea for all communications regarding the process. Periodically offer opportunities to serve on the LSIT.

Establish a mentoring program. Use LSIT members who are well versed in the observation process, and also consider asking observers who have displayed skill to be mentors. Consider establishing accountability teams to coach and encourage each other to be an active part of the process.

Quantify what an “active observer” is within their workgroup. A rule of thumb is that one quality observation per month for three consecutive months constitutes an active observer.

Maturing the Process

The LSIT, in conjunction with the company steering committee or lead, is responsible for the growth of the process in the organization. Considerations are:

• Ensure you have strong division representation at the site or company level steering committee.

• Network with already-established LSITs.

• Promote management support and all-employee involvement.

• Understand the basic components of BBS and speak to it at every opportunity.

• Periodically review information from available resources to obtain new ideas.

• Seek out continuing education opportunities for LSIT members.

• Make BBS a part of the way you do business. Include BBS in every safety meeting, add it to toolbox meetings, have periodic publicity to encourage new observers, and praise successes.

Organizational Motivation

Workgroups implementing BBS should be cautioned not to place the success of BBS on any single entity. Often people assume that the most important person in BBS is the observer. Without these valuable volunteers, observations (therefore the process) would fail. However, it could also be argued that the LSIT members are most critical. Without data analysis, long-term solutions cannot be determined which would improve the overall culture of an organization. Another view could be that everything hinges on the observee. If they don’t volunteer to be observed, then the process would never get started. First and second line managers need to allow time for observations. Without their support the process could not succeed. Lastly, it is realized that when it’s all said and done, senior management has to provide resources so that improvements determined can be funded and on-going training can be attended.

Behavior based safety involves every member of the team. All of these people and functions are critical to a successful BBS process. Each person, from the observee to the senior manager, has a crucial role to support the success and long-term sustainability of BBS. When each person gives strong individual support, the process will be most effective and succeed.

_____________________________________________________________________________________________

AREA II H: ROOT CAUSE ANALYSIS

Hazard Identification and Control Basics

Source: Steven Geigle, CSHM

Before we study identifying, investigating and controlling hazards in the workplace, it's important to know how OSHA defines the term. A hazard is:

A hazardous condition or unsafe practice that could cause injury or illness to an employee.

Look around...what do you see?

I'll bet if you look around your workplace, you'll be able to locate a few hazardous conditions or work practices without too much trouble. Did you know that at any time an OSHA inspector could announce his or her presence at your corporate front door to begin a comprehensive inspection. What would they find? What do they look for? Now, if you used the same inspection strategy as an inspector, wouldn't that be smart? Well, that's what I'm going to show you in this module!

Two strategies

To identify and control hazards in the workplace, two basic strategies are used. First, and most common is the walkaround inspection. Now, you probably have participated in a safety inspection, or at least have watched others conduct one.

• Most companies conduct quarterly safety committee inspections in compliance with OSHA rule requirements. But, is that good enough? Safety committee inspections may be effective, but only if the safety committee is properly educated and trained in hazard identification and control concepts and principles specific to your company. In high hazard industries which see change on a daily basis, it take more to keep the workplace safe from hazards.

• In world-class safety cultures supervisors, as well as all employees inspect their areas of responsibility as often as the hazards of the materials, equipment, tools, environment, and tasks demand. It's really a judgment call, but if safety is involved, it's better to inspect often.

• Employees should inspect the materials, equipment, and tools they use, and their immediate workstation for hazardous conditions at the start of each workday. They should inspect equipment such as forklifts, trucks, and other vehicles before using them at the start of each shift. Again, it's better to inspect closely and often.

What's the major weakness of the safety inspection?

By its very nature, the walkaround inspection is ineffective in uncovering unsafe work practices because most inspectors do not take enough time to effectively analyze individual task procedures. Usually the inspectors walk into an area, look up...look down...look all around...possibly ask a few questions, and move on to the next area. Consequently, the safety inspection is effective in uncovering approximately 3% of the causes for workplace accidents. Isn't it possible to inspect a workplace on a Monday, and then experience a fatality on Tuesday as a result of an unsafe work practice which was not uncovered the day before?

So, what's the solution?

A walkaround inspection of this jobsite was completed just 30 minutes prior to this picture being taken. Did it catch this unsafe practice? This illustrates the major weakness of the inspection process. The Job Hazard Analysis can be the answer to this weakness. It uncovers unsafe work procedures as well as hazardous conditions because sufficient time is given to the analysis of one unique task. A joint supervisor/employee JHA uses the following steps:

• While the employee accomplishes several cycles of the task, the supervisor observes.

• The task is divided into a number of unique steps which are listed sequentially.

• Each step is analyzed to see if hazardous materials, equipment, tools, or other hazards are involved.

• Each step is then analyzed to determine safe work procedures that will eliminate or at least reduce any hazards present. This might include the use of personal protective equipment (PPE), using new or redesigned equipment, or changing the procedure itself.

• A written safe work procedure is developed for the entire task.

Dig up the roots!

When investigating hazards discovered in a walkaround inspection or JHA, it's important that you uncover the root causes that have allowed those hazards to exist in the workplace. Taking this approach to hazard investigation is called root cause analysis.

Check out the well-known "accident weed" to the left.

The flower represents the injury. It's the result of the transfer of an excessive amount of energy from an outside source to the body. This is called the direct cause of the accident.

The leaves of the weed represent hazardous conditions and unsafe work practices in the workplace. Conditions and/or practices are typically called the surface or indirect causes of an accident.

The roots of the weed represent management's effort to maintain a safe and healthful workplace, safety policies, safety supervision, safety training, and enforcement of safety rules. Think of these as management controls which pre-exist every hazardous condition, unsafe work practice, and accident. Inadequate or missing system components represent the root causes for accidents in the workplace. System weaknesses may include programs, policies, plans, processes and procedures (remember the "5 P's") in any or all of the seven element areas of the safety management system. Root causes may feed and actually promote or nurture hazardous conditions and unsafe work practices.

Research findings indicate hazardous conditions, alone, represent only about 3% of the causes for accidents in the workplace, while unsafe behaviors make up about 95% of the causes for accidents. Consequently, about 98% of all workplace accidents are ultimate caused by a combination of inadequate safety management system components, under the control of management, that result in hazardous conditions and/or unsafe work practices.

The missing guardrail

You are conducting a walkaround safety inspection when you notice the guardrail along an elevated platform area is missing. As you now understand, the missing guardrail represents a hazardous condition and would be considered a surface cause if an accident occurred. But it also represents a symptom of a deeper problem...a root cause...a system weakness: What might that be?

To make sure the guardrail gets replaced, and remains in place, you must always consider and correct the system weaknesses that allowed the hazardous condition in the first place.

Incident/Accident Analysis

The process of analysis is extremely important in identifying and eliminating those conditions, behaviors and system weaknesses that result in workplace accidents. In this module, we'll be discussing the various concepts, principles and procedures related to the analysis process so that you can, hopefully, transform your workplace, as close as possible, into a "risk free" zone.

Fix the system not the blame!

If your safety program fails to eliminate workplace hazards, chances very likely an accident will result. When it does, it's important to conduct an effective accident investigation. Wait a minute! Did I say "investigation"? Well, wash my mouth out with soap. It's important that we get beyond accident investigation and perform an accident "analysis." In most workplaces, the term "investigation" implies that the primary purpose of the activity is to establish liability (blame). That may be why OSHA conducts their investigations, but to be most effective, you can't afford to get stuck in that rut. You've got to conduct this activity for the express purpose of improving your safety management system. The only way to receive any long-term benefit from accident analysis is to make sure system weaknesses are uncovered and permanently corrected.

|[pic] |Remember this graphic from the course introduction? The message is that there is a |

| |substantial cost to pay for each and every accident your company has. |

| |Although accident investigation is a valuable and necessary tool to help reduce accident |

| |losses, it is always considerably more expensive to rely on accident investigation than |

| |hazard investigation as a strategy to reduce losses and eliminate hazards in the workplace. |

| |In some cases it may cost hundreds of thousands of dollars more as a result of direct, |

| |indirect, and unknown accident costs. |

| |But, when the accident happens...it happens. And it's important to minimize accident costs to|

| |the company. This can be done if effective accident investigation procedures are used. |

| |So, let's take a quick look at some basic concepts and then discuss the first steps to take |

| |in building an effective accident investigation program. |

Accidents just happen...don't they?

Do they? Are they really unexpected or unplanned? If a company has 20 disabling injuries one year, and sets an objective to reduce the accident rate by 50% by the end of the next year, aren't they planning 10 accidents for that year? If they reach that goal, won't they be happy about it...content? "Hey, let's kick our feet up, pat ourselves on the back, and relax!" Is that really acceptable? (Just some food for thought) You can't ever afford to relax, or be content in safety.

Incident and Accident defined

What is the difference between an incident and an accident? We'll use the following definitions for these two terms in this module:

• An incident is an unexpected event that may result in property damage, but does not result in an injury or illness. Incidents are also called, "near misses," or "near hits."

• An accident is an unexpected event that may result in property damage, and does result in an injury or illness to an employee.

A typical accident is the result of many related and unrelated factors (conditions, behaviors) that occur sometime, somewhere that somehow all directly or indirectly contribute to the injury event or accident. It is estimated that there are usually more than ten factors that contribute to a serious accident. Other experts state that there is an average of 27 contributing factors. What's the point here? Explaining why an accident occurred may not be an easy task.

Plan the work...work the plan!

When a serious accident occurs in the workplace, everyone will be too busy dealing with the emergency at hand to worry about putting together an investigation plan, so the best time to develop effective accident investigation procedures is before the accident occurs. The plan should include as a minimum procedures that determine:

• Who should be notified of accident.

• Who is authorized to notify outside agencies (fire, police, etc.)

• Who is assigned to conduct investigations.

• Training required for accident investigators:

• Who receives and acts on investigation reports.

• Timetables for conducting hazard correction.

|Accident Scenario: John's hurt bad... fell off a scaffold over at the worksite! |[pic] |

|You've just been notified of an injury in the workplace and immediately swing into action. You grab your| |

|investigator's kit and hurry to the accident scene. By the time you get there, the EMT's are | |

|administering first aid. It's a serious accident so the victim is transported to the hospital. Now it's | |

|safe to investigate. | |

The first task is to secure the accident scene. The easiest way to do this is to place yellow warning tape around the area. If tape is not available, warning signs or guards may be required.

Just the facts, ma'm...just the facts

The next step in the procedure is to gather useful information about what directly and indirectly contributed to the accident. Interviewing eye witnesses to the accident is probably one of the most important techniques in gathering information, but there are many other tools and techniques too.

• Take photographs of the scene.

• Videotape the scene.

• Make sketches of the scene.

• Make observations about the scene.

• Include measurements.

Gathering background information about the accident may be accomplished in many ways.

Of course you want to get initial statements through interviews with eye witnesses. They can give you much information about the circumstances surrounding the accident. You should tell those who you initially interview that you may conduct follow-up interviews if more questions surface. Interview other interested persons such as supervisors, co-workers, etc. You should also review any records associated with the accident, including:

• Training records

• Disciplinary records

• Medical records (as allowed)

• Maintenance records

• EMT reports

• Police reports (rare)

• Coroner's report (fatalities)

• OSHA 200 Log (past similar injuries)

• Safety Committee records

Remember you are gathering information to use in developing a sequence of steps that led up to the accident. You are ultimately trying to determine surface and root causes for the accident. It is not your job, as an accident investigator, to place blame. Just gather the facts.

What happened next?

Now you've gathered tons of information about the accident, and it's piled high on your desk. What do you do with it? It's important that you read through the information initially to develop an accurate sequence of events that led up to and included the accident. Jump here to see what an accident investigation sequence of events might look like. OTN Online Safety Training Course 702, Incident/Accident Analysis Program Management, goes into more detail on this subject.

It's important, here, to note that one of the symptoms of conducting accident investigations to determine liability is that not much analysis is conducted once liability can be established. On the other hand, in a fix-the-system culture, analysis is in-depth and the question of liability does not surface until after system weaknesses have been determined. If no root causes contributing to the accident exist, then, and only then, is the question of appropriate discipline discussed; and then, only after the accident investigation is concluded.

| |What caused the accident? |

| |The next step is to determine cause. This step may be difficult because you are first searching for the |

| |surface causes of the accident, and then, from the clues you uncovered, ultimate the system weaknesses or|

| |root causes. Remember, just like the leaves on the plant to the left, surface causes are usually pretty |

| |see to see and not too difficult to uncover. However, you may find it takes a great deal more time to |

| |accurately "dig up" the underlying safety management system weaknesses that contributed to the accident. |

Surface causes

The conditions and behaviors directly or indirectly producing the accident. A readily apparent reason for an accident/incident that usually appears early in an accident/incident investigation. A long-lasting corrective action does not come from a surface cause. A surface cause leads to a root cause. Primary surface causes directly cause the accident and usually involve the victim an some object or behavior. The secondary surface cause are conditions or behaviors that indirectly contribute to the accident. Secondary surface causes can occur anytime, by any person in the organization, and at any location. Conditions are objects or "states of being." Behaviors describe some sort of action, activity. Examples:

• Unguarded saw (condition)

• Horseplay (behavior)

• Not using hearing protection when required (behavior)

• Slippery floor (condition)

• Inadequately trained employee (condition)

Root causes

Underlying system weaknesses that indirectly produce the primary and secondary surface causes leading to the accident incident/accident. The system weaknesses always exist prior to the surface causes that produced the accident. They are the programs, policies, plans, processes, and procedures in any of the seven elements or activity areas in a safety management system. It takes more in-depth investigation and results in long-lasting corrective action that can prevent repetition of the accident. A root cause may be referred to as a "basic" cause in some accident investigation references.

• Inadequate or missing safety training plan.

• No clearly stated supervision.

• No inspection procedures.

• Inadequate hazard reporting process.

• Inadequate purchasing policy.

• No progressive discipline process.

Time to report...

Now that you have developed the sequence of steps leading up to, and including the accident, and determined surface and root causes, it's time to report your findings. Some employers also ask accident investigators to make recommendations for corrective action, so be prepared for that.

Most companies purchase accident investigation forms. That's fine, but some forms leave little room to write the type of detailed report that is necessary for a serious accident. If you use such a form, make sure you attach important information like the sequence of events, and findings which include both surface and root causes.

A better idea is to develop your own report form that includes the following five sections:

Section One: Background Information. This is the who, what, where, why, etc. It merely tells who conducted the inspection, when it was done, who the victim was, etc: Just a fill-in-the-blank section.

Section Two: Description of the Accident. This section includes the sequence of events you developed to determine cause. Just take the numbers off, and make a nice concise paragraph that describes the events leading up to, and including the accident.

Section Three: Findings. This section includes a description of the surface and root causes associated with the accident. List the surface causes first, and then its associated root cause. Remember, your investigation is to determine cause, not blame. It's virtually impossible to blame any one individual for a workplace accident. Don't let anyone pressure you into placing blame.

Section Four: Recommendations. This section may be part of your report if requested by your employer. Recommendations should relate directly to the surface and root causes for the accident. For instance, if one of the surface causes for an accident was a slippery floor, the related recommendation should address eliminating that hazard through:

• Engineering controls

• Work Practice controls

• Administrative controls

• Personal protective equipment

It's crucial that, after making recommendations to eliminate or reduce the surface causes, you use the same procedure to recommend actions to correct the root causes. If you fail to do this, it's a sure bet that similar accidents will continue to occur.

Section Five: Summary. In this final section, it's important to present a cost-benefit analysis. What are the estimated direct and indirect costs of the accident being investigated? These represent potential future costs if a similar accident were to occur. Compare this figure with the costs associated with taking corrective action?

___________________________________________________________________________________________

Accident Investigation Procedures

Thousands of accidents occur throughout the United States every day. The failure of people, equipment, supplies, or surroundings to behave or react as expected causes most of the accidents. Accident investigations determine how and why these failures occur. By using the information gained through an investigation, a similar or perhaps more disastrous accident may be prevented. Conduct accident investigations with accident prevention in mind. Investigations are NOT to place blame.

An accident is any unplanned event that results in personal injury or in property damage. When the personal injury requires little or no treatment, it is minor. If it results in a fatality or in a permanent total, permanent partial, or temporary total (lost-time) disability, it is serious. Similarly, property damage may be minor or serious. Investigate all accidents regardless of the extent of injury or damage.

Accidents are part of a broad group of events that adversely affect the completion of a task. These events are incidents. For simplicity, the procedures discussed in later sections refer only to accidents. They are, however, also applicable to incidents.

This discussion introduces the reader to basic accident investigation procedures and describes accident analysis techniques.

ACCIDENT PREVENTION

Accidents are usually complex. An accident may have 10 or more events that can be causes. A detailed analysis of an accident will normally reveal three cause levels: basic, indirect, and direct. At the lowest level, an accident results only when a person or object receives an amount of energy or hazardous material that cannot be absorbed safely. This energy or hazardous material is the DIRECT CAUSE of the accident. The direct cause is usually the result of one or more unsafe acts or unsafe conditions, or both. Unsafe acts and conditions are the INDIRECT CAUSES or symptoms. In turn, indirect causes are usually traceable to poor management policies and decisions, or to personal or environmental factors. These are the BASIC CAUSES.

In spite of their complexity, most accidents are preventable by eliminating one or more causes. Accident investigations determine not only what happened, but also how and why. The information gained from these investigations can prevent recurrence of similar or perhaps more disastrous accidents. Accident investigators are interested in each event as well as in the sequence of events that led to an accident. The accident type is also important to the investigator. The recurrence of accidents of a particular type or those with common causes shows areas needing special accident prevention emphasis.

INVESTIGATIVE PROCEDURES

The actual procedures used in a particular investigation depend on the nature and results of the accident. The agency having jurisdiction over the location determines the administrative procedures. In general, responsible officials will appoint an individual to be in charge of the investigation. The investigator uses most of the following steps:

1. Define the scope of the investigation.

2. Select the investigators. Assign specific tasks to each (preferably in writing).

3. Present a preliminary briefing to the investigating team, including:

a. Description of the accident, with damage estimates.

b. Normal operating procedures.

c. Maps (local and general).

d. Location of the accident site.

e. List of witnesses.

f. Events that preceded the accident.

4. Visit the accident site to get updated information.

5. Inspect the accident site.

a. Secure the area. Do not disturb the scene unless a hazard exists.

b. Prepare the necessary sketches and photographs. Label each carefully and keep accurate records.

6. Interview each victim and witness. Also interview those who were present before the accident and those who arrived at the site shortly after the accident. Keep accurate records of each interview. Use a tape recorder if desired and if approved.

7. Determine

a. What was not normal before the accident.

b. Where the abnormality occurred.

c. When it was first noted.

d. How it occurred.

8. Analyze the data obtained in step 7. Repeat any of the prior steps, if necessary.

9. Determine

a. Why the accident occurred.

b. A likely sequence of events and probable causes (direct, indirect, basic).

c. Alternative sequences.

10. Check each sequence against the data from step 7.

11. Determine the most likely sequence of events and the most probable causes.

12. Conduct a post-investigation briefing.

13. Prepare a summary report, including the recommended actions to prevent a recurrence. Distribute the report according to applicable instructions.

An investigation is not complete until all data are analyzed and a final report is completed. In practice, the investigative work, data analysis, and report preparation proceed simultaneously over much of the time spent on the investigation.

FACT-FINDING

Gather evidence from many sources during an investigation. Get information from witnesses and reports as well as by observation. Interview witnesses as soon as possible after an accident. Inspect the accident site before any changes occur. Take photographs and make sketches of the accident scene. Record all pertinent data on maps. Get copies of all reports. Documents containing normal operating procedures, flow diagrams, maintenance charts, or reports of difficulties or abnormalities are particularly useful. Keep complete and accurate notes in a bound notebook. Record pre-accident conditions, the accident sequence, and post-accident conditions. In addition, document the location of victims, witnesses, machinery, energy sources, and hazardous materials.

In some investigations, a particular physical or chemical law, principle, or property may explain a sequence of events. Include laws in the notes taken during the investigation or in the later analysis of data. In addition, gather data during the investigation that may lend itself to analysis by these laws, principles, or properties. An appendix in the final report can include an extended discussion.

INTERVIEWS

In general, experienced personnel should conduct interviews. If possible, include an individual with a legal background. In conducting interviews, the team should:

• Get preliminary statements as soon as possible from all witnesses.

• Locate the position of each witness on a master chart (including the direction of view).

• Arrange for a convenient time and place to talk to each witness.

• Explain the purpose of the investigation (accident prevention) and put each witness at ease.

• Listen, let each witness speak freely, and be courteous and considerate.

• Take notes without distracting the witness. Use a tape recorder only with consent of the witness.

• Use sketches and diagrams to help the witness.

• Emphasize areas of direct observation. Label hearsay accordingly.

• Be sincere and do not argue with the witness.

• Record the exact words used by the witness to describe each observation. Do not "put words into a witness' mouth."

• Word each question carefully and be sure the witness understands.

• Identify the qualifications of each witness (name, address, occupation, years of experience, etc.).

• Supply each witness with a copy of his or her statements. Signed statements are desirable.

After interviewing all witnesses, the team should analyze each witness' statement. They may wish to re-interview one or more witnesses to confirm or clarify key points. While there may be inconsistencies in witnesses' statements, investigators should assemble the available testimony into a logical order. Analyze this information along with data from the accident site.

Not all people react in the same manner to a particular stimulus. For example, a witness within close proximity to the accident may have an entirely different story from one who saw it at a distance. Some witnesses may also change their stories after they have discussed it with others. The reason for the change may be additional clues.

A witness who has had a traumatic experience may not be able to recall the details of the accident. A witness who has a vested interest in the results of the investigation may offer biased testimony. Finally, eyesight, hearing, reaction time, and the general condition of each witness may affect his or her powers of observation. A witness may omit entire sequences because of a failure to observe them or because their importance was not realized.

PROBLEM SOLVING TECHNIQUES

Accidents represent problems that must be solved through investigations. Several formal procedures solve problems of any degree of complexity. This section discusses two of the most common procedures: Change Analysis and Job Safety Analysis.

Change Analysis

As its name implies, this technique emphasizes change. To solve a problem, an investigator must look for deviations from the norm. Consider all problems to result from some unanticipated change. Make an analysis of the change to determine its causes. Use the following steps in this method:

1. Define the problem (What happened?).

2. Establish the norm (What should have happened?).

3. Identify, locate, and describe the change (What, where, when, to what extent).

4. Specify what was and what was not affected.

5. Identify the distinctive features of the change.

6. List the possible causes.

7. Select the most likely causes.

Job Safety Analysis

Job safety analysis (JSA) is part of many existing accident prevention programs. In general, JSA breaks a job into basic steps, and identifies the hazards associated with each step. The JSA also prescribes controls for each hazard. A JSA is a chart listing these steps, hazards, and controls. Review the JSA during the investigation if a JSA has been conducted for the job involved in an accident. Perform a JSA if one is not available. Perform a JSA as a part of the investigation to determine the events and conditions that led to the accident.

REPORT OF INVESTIGATION

As noted earlier, an accident investigation is not complete until a report is prepared and submitted to proper authorities. Special report forms are available in many cases. Other instances may require a more extended report. Such reports are often very elaborate and may include a cover page, a title page, an abstract, a table of contents, a commentary or narrative portion, a discussion of probable causes, and a section on conclusions and recommendations.

The following outline has been found especially useful in developing the information to be included in the formal report:

1. Background Information

a. Where and when the accident occurred

b. Who and what were involved

c. Operating personnel and other witnesses

2. Account of the Accident (What happened?)

a. Sequence of events

b. Extent of damage

c. Accident type

d. Agency or source (of energy or hazardous material)

3. Discussion (Analysis of the Accident - HOW; WHY)

a. Direct causes (energy sources; hazardous materials)

b. Indirect causes (unsafe acts and conditions)

c. Basic causes (management policies; personal or environmental factors)

4. Recommendations (to prevent a recurrence) for immediate and long-range action to remedy:

a. Basic causes

b. Indirect causes

c. Direct causes (such as reduced quantities or protective equipment or structures)

SUMMARY

Thousands of accidents occur daily throughout the United States. These result from a failure of people, equipment, supplies, or surroundings to behave as expected. A successful accident investigation determines not only what happened, but also finds how and why the accident occurred. Investigations are an effort to prevent a similar or perhaps more disastrous sequence of events.

Most accident investigations follow formal procedures. This discussion covered two of the most common procedures: Change Analysis and Job Safety Analysis. An investigation is not complete however, until completion of a final report. Responsible officials can then use the resulting information and recommendations to prevent future accidents.

_____________________________________________________________________________________________

ESTABLISHING COMPLETE HAZARD INVENTORIES

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

If you are to protect your employees from workplace hazards you first must understand just what those hazards are. Are you sure you know all of the potential hazards generally associated with your type of business and your specific working conditions?

A means of systematically identifying all workplace hazards would be useful. OSHA's Safety and Health Program Management Guidelines address such an inventory. The Guidelines recommend:

• Periodic, comprehensive safety, industrial hygiene and health surveys:

• Change analysis of the potential hazards in new facilities, equipment, materials and processes; and

• Routine hazard analysis, such as job hazard analysis, process hazard analysis or phase hazard analysis.

These three major actions -- comprehensive surveys, change analysis, and routine hazard analysis -- form the basis from which good hazard prevention and control can develop. After hazards are recognized and controls are put in place, additional worksite analysis tools can help ensure that the controls stay in place and that other hazards do not appear. For detailed discussions of these additional tools, such as inspections, employee reports of hazards, accident and incident investigations, and accident pattern analysis, you should refer to other chapters.

But first you need to understand the existing and potential hazards in your workplace.

COMPREHENSIVE SURVEYS

Who Should Do the Survey?

While safety inspections often are done by employees at the site, OSHA believes that comprehensive surveys ideally should be performed by people who can bring to your workplace fresh vision and extensive knowledge of safety, health, or industrial hygiene. Because there are few professional consultants equipped to do comprehensive surveys in all three areas, the best approach is to use a team consisting of three separate specialists: a safety professional, an industrial hygienist, and an occupational health professional.

The occupational health professional can be a physician or a registered nurse with specialized training and experience in occupational health. He/she can assist the safety or industrial hygiene professional or can do a separate health survey, depending on the circumstances of your site.

For small businesses, safety and industrial hygiene experts usually can be found in the OSHA-funded, State-run consultation service. Occupational health professionals sometimes can be found at local clinics and hospitals, or may be no farther away than the plant nurse. Many workers' compensation carriers and other insurance companies offer expert services to help their clients evaluate safety and health hazards. Numerous private consultants provide a variety of safety and health expert services. Larger businesses may find the needed expertise at the company or corporate level.

A very useful tool for the small business that decides to conduct its hazard survey exclusively with in-house staff is OSHA Publication 2209 (Revised 1992), OSHA Handbook for Small Businesses. This booklet provides, in a more compact, simplified format than the current publication, suggestions for implementing an effective workplace safety and health program. Its extensive checklists, while not all-inclusive, offer particularly useful guidance for conducting a hazard survey.

If you use experts from within your company, be on guard for "tunnel vision," which can lead to a failure to spot hazards in areas not directly related to your firm's primary function. You want your maintenance shop, for example, to be just as safe as your production line. OSHA frequently finds unguarded saws and grinders, non-code electrical wiring, and other basic safety hazards in areas that are outside the main production process but regularly used by employees.

For the industrial hygiene survey you should, at a minimum, inventory all chemicals and hazardous materials in the plant, review your hazard communication program, and analyze air samples. For many industries, a survey of noise levels and a review of the respirator program also will be vital.

Questions to Ask Before Contracting for a Survey:

To ensure that your worksite will receive the comprehensive survey envisioned by the Guidelines, you may want to ask potential surveyors certain questions:

• What type of training and experience has your prospective surveyor had?

o How recent is it?

o What is its scope? Is it limited to your industry only? Does it consist of only practical experience, without formal training?

o If he/she has professional certification, is it still valid, or has it lapsed for lack of recent training or seminar attendance?

• Ask for references and check those where comprehensive surveys have been done recently.

o Ask references whether any OSHA inspections occurred after the survey and if so, whether any serious hazards were found that the consultant had missed.

o Find out what tools the consultant brought along, and what the survey covered.

• What kind of information will he/she need in advance? A professional who is planning an in-depth survey will prepare by learning beforehand as much as possible about your worksite and its processes.

o Both safety and industrial hygiene professionals will probably want to see a layout of your operations.

o The industrial hygienist may ask for a list of the chemicals you use or the Material Safety Data Sheets (MSDSs) you have received from your suppliers and the types of processes in which you use them.

• What kind of test equipment will the consultant bring?

o You should expect the safety professional to bring: a tape measure; a ground loop circuit tester to test electrical circuits; a multi-meter or Wiggins (for 220 and/or 440 volts only); a tic tracer (or similar equipment) to check wire or electrical equipment to see if they are energized; and a ground fault circuit interrupter tester.

o The industrial hygienist should bring noise testing equipment and, depending upon the chemicals or other contaminants expected, sampling pumps or grab sampling devices.

• How long will the survey take?

o It should take several times longer than a routine inspection of your worksite.

o If the industrial hygienist does sampling, it should be time-weighted, 8- hour or full-shift sampling to understand the overall exposure to employees.

How Will You Know the Surveyor Has Done a Thorough Job?

Here are some signs of a thorough survey:

• Safety professionals, industrial hygienists and occupational health professionals should start with your injury and illness logs and look for patterns.

o The safety professional also may want to see other program documentation.

o The industrial hygienist and occupational health professional will want to see your hazard communication program, and if applicable, your hearing conservation and/or respirator program.

o The occupational health professionals will want to see your records of employee visits to clinics, fist aid stations and other sites where treatment is given for work-related illness and injury. They will want to examine records of employee training in first aid, CPR and EMT. Baseline and follow-up testing records probably will be reviewed also.

• The safety professional should start at the beginning of your process, where raw materials are brought in, and carefully go through all your processes, watching each operation and talking to employees, until the point where your worksite's product is shipped out or otherwise completed. He/she should:

o Watch how materials are handled from the time they are received and how they are moved and stored, checking the stability of storage racks and the safe storage of flammables/explosives;

o Check the openings that expose moving parts for pinch points and other hazards;

o Check hand tools and equipment and wiring in the maintenance shop;

o Arrange to see operations on every shift and to observe any after-hours operations, such as clean-up or forklift battery recharging;

o Show interest in how you manage your hazard prevention and control program;

o Open every door and look in every corner of your facility;

o Walk around the outside of buildings to check on such things as chocks for trucks at the loading/unloading docks, fork lift ramps, outdoor storage of flammable/explosives and any fueling areas;

o Suggest target tasks for job safety analysis, especially those tasks that might involve ergonomic hazards; and

o Assist in developing or improving your injury reduction program.

• The industrial hygienist and occupational health professional also should start at the beginning of your production operation, observe all processes, talk to employees, and follow the production flow to the point of shipping They will want to:

o Make a list of all hazardous chemicals that can be found in the worksite (as required by 29 CFR 1910.1200(e), OSHA's Hazard Communication standard), or check the accuracy of your existing inventory list;

o Determine what metals are used in any welding operations;

o Check any production areas where eating or smoking is allowed;

o Check for the possible presence of asbestos, lead, other carcinogens, etc;

o If respirators are used, check whether you are using each brand properly, how you fit test each employee, whether pulmonary function testing is done, and how the respirators are cleaned, maintained, and stored;

o Do full-shift sampling of contaminants thought to be present in order to understand the overall exposure to employees;

o Watch the movements workers make in performing their jobs to see if there are existing or potential cumulative trauma disorders (CTDs) or other ergonomic hazards;

o Possibly suggest processes for routine process hazard analysis; and

o Help you set up or improve regular monitoring programs for any contaminants or other health hazards found to be present.

Note: The items above are signs of a thorough survey. They do not constitute an exhaustive list of activities you should expect.

The baseline survey should provide the basic inventory of hazards and potential hazards of your worksite. This hazard inventory will be expanded and improved by what you learn from later periodic surveys, change analysis and routine hazard analysis. However, the foundation of your inventory is the baseline comprehensive survey. Consequently, it is very important that this initial survey be done well.

Follow-up Surveys

You need periodic follow-up surveys if you are to apply the rapidly growing scientific and engineering knowledge about hazards, their prevention, and their control. These follow-ups also help uncover the hazards that develop as processes and procedures evolve over time. The frequency of follow-up surveys will depend upon the size and complexity of your operations.

INVOLVING WORKERS IN ESTABLISHING THE INVENTORY

Whenever you can, do use the special knowledge your workers have gained from their close involvement with equipment, materials, and processes. You should encourage your employees to communicate openly with the professionals who do the comprehensive surveys.

Don't make the mistake of limiting your employees' involvement to what they can tell the professionals during general hazard surveys. Ensure worker participation in the various kinds of hazard analysis discussed below. It makes sense to involve them in change analysis of new equipment and/or processes because of their valuable insights into how things really will work. As indicated in the section on job hazard analysis, many companies regularly include hourly operators in this activity. Employees can play a similar role in process hazard analysis. In addition to the benefit that you receive from their insights, they also profit. Greater understanding of hazards, prevention, and control helps employees do a better job of protecting themselves and their coworkers.

CHANGE ANALYSIS

Before Making changes in the Worksite, Analyze the Changes to Identify Potential Hazards

Anytime you bring something new into your worksite, whether it be a piece of equipment, different materials, a new process, or an entirely new building, you unintentionally may introduce new hazards. If you are considering a change for your worksite, you should analyze it thoroughly beforehand. This change analysis is cost-effective in terms of the human suffering and financial loss it prevents. Moreover, heading off a problem before it develops usually is less expensive than attempting to fix it after the fact.

An important step in preparing for a worksite change is considering the potential effect on your employees. Individuals respond differently to change, and even a clearly beneficial change can throw a worker temporarily off-balance -- literally as well as figuratively -- and increase the risk of accidents. You will want to inform all affected employees of the change, provide training as needed, and pay attention to worker response until everyone has adapted.

The nearest State or Federal OSHA office will look at plans, blueprints, and photographs and will advise you on health and safety concerns. This assistance will not trigger an enforcement visit. Federal OSHA personnel cannot come to the site to see what you are planning; you must bring information to them. This restriction does not apply to OSHA-funded Stated consultants, who are allowed to visit your site to provide assistance when resources permit.

Building or Leasing a New Facility.

Even something as basic as a new facility needs to be reviewed carefully to identify hazards it might pose. A design that seems to enhance production of your product and appears delightful to the architect may be a harmful or even fatal management decision. Have safety and health experts take a careful look beforehand at all the design/building plans.

When leasing a facility that was built for a different purpose at an earlier time, the risk of acquiring health and safety problems is even greater. You should make a thorough review of the actual facility, plus the blueprints or plans for any renovations. One of the most obvious concerns in acquiring an existing facility is whether asbestos insulation is present and whether it is friable (flaking off in tiny particles). But you also may discover that something as easy to fix as a loose stair railing has gone unnoticed in the rush to renovate production areas.

Save frustration, money, and lives: Have expert safety and health professionals involved in the planning of any facility construction, purchase, or lease.

Installing New Equipment.

An equipment manufacturer does not know how its product will be used at your worksite. Therefore, you cannot rely totally on the manufacturer to have completely analyzed and prepared controls or safe procedures for the product. Moreover, if the equipment is produced in a foreign country, it may not meet clear requirements of U.S. standards and laws. Therefore, involve health and safety professionals in the purchase decision and in the installation plans.

Many companies also provide a period to test newly installed equipment. The company assigns its most experienced operators to watch for hidden hazards in the operations before full production begins. As with new facilities, the sooner flaws are detected, the easier and cheaper the corrections are likely to be.

Using New Materials.

Before introducing new materials to your production processes, research the hazards that the materials themselves present. Also try to determine any hazards that may appear due to the processes you plan to use with the materials.

In many instances, the place to start will be the manufacturer's Material Safety Data Sheet. An MSDS is required for all materials containing hazardous chemicals. It should arrive with each shipment. The MSDS should provide the information an industrial hygienist needs to analyze the hazard a chemical presents and to prevent or control it.

Some traditional materials, such as lead in paint, are dangerous to use but are replaceable with less hazardous mixtures. For other materials, you may not be able to find adequate substitutes. You may need to establish controls for the hazards these materials present.

Starting Up New Processes.

New processes require workers to perform differently. Consequently, new hazards may develop even when your employees are using familiar materials, equipment, and facilities. Carefully develop safe work procedures for new processes. After the operators have become familiar with these procedures, perform routine hazard analysis (discussed below) to discover any hidden hazards.

Analyzing Multiple Changes.

Often a big change is composed of several smaller changes. When you begin producing a new product, chances are you will have new equipment, materials, and processes to monitor. Make sure each new addition is analyzed not only individually, but also in relation to the other changes.

Once you have analyzed the changes at your worksite, add this information to your basic inventory of hazards. This inventory is the foundation from which you design your hazard prevention and control program.

When People Change.

Worker changes that have safety and health ramifications can be divided into two basic categories. The first is staffing changes. A task previously done by one worker now is being performed by someone else. The new employee may bring to the position a different level of skill from the previous jobholder. Almost certainly, he/she will possess a different degree of experience performing the tasks, following the specific work rules and procedures of the site, and interacting with nearby workers. Especially in high hazard situations, these differences should be examined and steps should be taken to minimize any increased risk, both to the new employee and to anyone affected by his/her presence.

The second category of worker change is the sometimes sudden, sometimes gradual change that can occur in the individual employee. The change may be related to temporary or chronic medical problems, a partially disabling condition, family responsibilities, family crisis and other personal problems, alcohol or drug abuse, aging, or the worker's response to workplace changes. An analysis of this change, followed by physical and/or administrative accommodations to ensure safe and healthful continued performance, sometimes may be appropriate; for example, when an accident affects an employee's functioning. At other times, a less formal response will be more suitable.

It may be useful to remember that workplace hazards do not exist in a vacuum. The human element is always present, and the human condition is one of change. An effective manager will be sensitive to these changes and their potential effect on the safety and health of the individual and the company as a whole.

JOB HAZARD ANALYSIS

This is the most basic and widely used tool in routine hazard analysis. It is sometimes called job safety analysis. You begin by breaking down a job into its component steps. This is best done by listing each step in order of occurrence as you watch an employee performing the job. Next you examine each step to determine the hazards that exist or that might occur. Reviewing the job steps and hazards with the employee performing the job will help insure an accurate and complete list. Manufacturer's equipment operating instructions or Material Safety Data Sheets (MSDSs) should also be considered.

Now determine whether the job could be performed differently to eliminate the hazards. Would it help to combine steps or change the sequence? Are safety equipment and other precautions needed? If a safer way of performing the job is possible, list each new step, being as specific as possible about the new procedure. If no safer way to perform the job is feasible, determine whether any physical changes will eliminate or reduce the danger. These might include redesigning equipment, changing tools, adding machine guards, using personal protective equipment, or improving ventilation. Establishing a personal hygiene routine may be appropriate where toxic dust is a hazard.

Review these new safe work procedures with all employees performing the job. Obtaining their ideas about the hazards and proposed changes is an important part of this process. It will help ensure that your proposed changes are sensible and are accepted by the workers you are trying to protect. Many companies have had success with assigning the workers who perform the tasks to the job hazard analysis team.

Improvements in job methods can lead to reduced costs resulting from employee absenteeism and workers' compensation premiums, and often can lead to increased productivity. Detailed information on this important tool can be found in OSHA Publication 3071 (Revised 1992), Job Hazard Analysis.

PROCESS HAZARD ANALYSIS

What Is a "Process" for the Purpose of this Analysis?

A process can be defined as any series of actions or operations that convert raw material into a product. The process can terminate in a finished product ready for consumption or in a product that is the raw material for subsequent processes.

OSHA's Process Safety Management of Highly Hazardous Chemicals standard (Part 1910.119 of Title 29 of the Code of Federal Regulations) defines process for the purpose of the standard as any activity involving a highly hazardous chemical, including any use, storage, manufacturing, handling, or on-site movement of such chemicals, or a combination of these activities. This standard aims to protect employees by preventing or minimizing the consequences of chemical accidents involving highly hazardous chemicals.

Two useful booklets dealing with the standard are OSHA Publication 3131 (Revised 1994), "Process Safety Management", and OSHA Publication 3132 (Revised 1993), "Process Safety Management - Guidelines for Compliance."

Employers should refer to the standard and its appendices to determine whether they have processes covered by the standard and to take advantage of the standard's greater detail regarding requirements for establishing a process safety management program. Such a program includes conducting process hazard analyses. However, the concept of process safety management is relevant and useful to the full range of workplaces, not only those subject to the standard's requirements. OSHA believes that any business aiming for a comprehensive safety and health program will benefit from conducting a process hazard analysis.

A process hazard analysis is a detailed study of a process to identify every possible hazard to employees. Every element of the process must be studied. Each action of every piece of equipment, each substance present, and every move made by an employee must be assumed initially to pose a hazard to employees. Process hazard analysis then is applied to show that the element either poses no hazard, poses a hazard that is controlled in every foreseeable circumstance, or poses an uncontrolled hazard.

Various methodologies employed in process hazard analysis are discussed in greater detail in OSHA's Process Safety Management standard, 29 CFR 1910.119(e).

Often the process hazard analysis will concentrate on the specialized equipment used in the process. The equipment may be used to:

• Move materials;

• Apply mechanical forces to change materials;

• Apply special forms or concentrations of energy to materials (e.g., ionizing radiation, magnetic or electric fields, and lasers);

• Mix materials; or

• Bring the hold materials together and contain them, under either ambient or special conditions, for chemical or biological reactions, etc.

Processes may be either batch or continuous. Some operations may be conducted remotely. There may be special instrumentation to monitor conditions at various stages in the process. These instruments will keep the operator informed and perhaps also directly control the process or shut down operations if a hazardous or otherwise undesirable condition is approaching.

The best time for an employer to conduct a process hazard analysis is when the process is first being designed, before equipment is selected. This review, in turn, will assist you in choosing process equipment for its effective, efficient, and safe operation. Be sure to consider the equipment's capacity for confining the process within predetermined safe limits. The type, number, and location of detectors you select for monitoring the process should ensure not only productive operation, but also safe operation. Remember to take into account any substance or mixture of substances that could present fire or explosion hazards.

When you have selected your equipment, the information from the process hazard analysis will help you to develop an appropriate inspection and maintenance schedule.

Remember, even when a process initially appears to be so simple that hazard analysis during the design phase seems unnecessary, it needs to be done anyway. If the process really is simple, and there are no known potential hazards, then the process hazard analysis likewise will be simple and will require very little time and expense. On the other hand, if things are not as simple as they seem, the analysis may reveal potential problems that might have been overlooked otherwise. Correction at this early stage will save time, money, and possible injuries and grief.

Process hazard analysis will include hazards associated with;

• Mechanical and chemical operations,

• Low and high temperature and pressure operations,

• Possible high levels of radiant energy,

• Direct contamination of employees, and

• Contamination of the air with toxic substances.

Remember that toxic substances may be the raw materials entering the process, the intermediate products, or the by-products or waste products.

PREPARING FOR THE UNPLANNED EVENT

Especially when dealing with high hazard chemicals or volatile explosives, it is not enough to analyze only those hazards associated with normal operations, those times when the process works as expected. Using analytical tools such as "what if," "checklist," hazard and operability study (HAZOP), failure mode and effect analysis (FMEA), or "fault-tree" analysis, you can determine most of the possible process breakdowns. You then can design prevention/controls for the likely causes of these unwanted events.

"What if" analysis, appropriate for relatively uncomplicated processes, starts with points in the process where something could go wrong. You then determine what else could happen, and what all possible outcomes would be. You must plan additional prevention and controls for those possible unplanned events that could contribute to an undesirable outcome.

For more complex processes, the "what if" study can best be organized through the use of a "checklist." Aspects of the process are assigned to analysis team members with the greatest experience or skill in those areas. Operator practices and job knowledge are audited, the suitability of equipment and materials of construction is studied, the chemistry of the process and the control systems are reviewed, and the operating and maintenance records are audited.

Hazard and operability study is a method for systematically investigating each element of a system to uncover ways in which important parameters can deviate from the intended design conditions and, as a result, can create hazards and operability problems. Typically, an analysis team studies the piping and instrument diagrams (or plant model). The team analyzes the effects of potential deviations from design conditions in, for example, flow, temperature, pressure, and time. The team then assesses the system's existing safeguards, the causes of and potential for system failure, and the requirements for protection.

Failure mode and effect analysis is a methodical study of component failures. This review starts with a diagram of the process and includes all components that could fail and conceivably affect the safety of the operation. Typical examples are instrument transmitters, controllers, valves, pumps, and rotometers. The components are listed on a data tabulation sheet and individually analyzed for their potential mode of failure, the effects of failure, detection methods, and other factors. The last step in the analysis is to analyze the component data and develop recommendations for risk management.

In "fault-tree" analysis, you start with an undesirable outcome that is possible, even if highly unlikely, given the potential hazards involved in your process. Then you trace back into the process to identify all possible events or combinations of events that would have to occur to produce that outcome. This information is graphically represented using logic symbols in a diagram that looks like a tree with many branches. Once you have determined these sequences of events, you then can design prevention/controls to make it impossible or nearly impossible for them to occur.

For additional information on methodologies, see OSHA's Process Safety Management of Highly Hazardous Chemicals standard at 1910.119(e) and OSHA Publication 3133 (Revised 1994), "Process Safety Management - Guidelines for Compliance."

UPDATING THE PROCESS HAZARD ANALYSIS

At least every 5 years after completion of the initial process hazard analysis, the analysis should be updated to ensure that it is consistent with the current process. For businesses covered by the standard, this update is required, and the analysis must be revalidated by a team meeting the standard's requirements.

PHASE HAZARD ANALYSIS

Phase hazard analysis is a helpful tool in construction and other industries that involve a rapidly changing work environment, different contractors, and widely different operations. A phase is defined as an operation involving a type of work that presents hazards not experienced in previous operations, or an operation where a new subcontractor or work crew is to perform work. In this type of hazard analysis, before beginning each major phase of work, the contractor or site manager should assess the hazards in the new phase. He/she should not only coordinate appropriate supplies and support, but also prepare for hazards that can be expected and establish a plan to eliminate or control them.

To find these hazards and to eliminate or control them, you will use many of the same techniques that you use in routine hazard analysis, change analysis, process analysis, and job analysis. One major additional task will be to find those hazards that develop when combinations of activities occur in close proximity. Workers for several contractors with differing expertise may be intermingled. They will need to learn how to protect themselves from the hazards associated with the work of nearby colleagues as well as the hazards connected to their own work and the hazards presented by combinations of the two kinds of work.

USING THE INVENTORY OF HAZARDS

You will use the surveys and analyses we have described to plan a program of hazard prevention and control. Briefly, you should prevent hazards by substituting less hazardous materials or equipment whenever possible. Engineering controls that distance the worker from the hazard are the next best option. For the remaining hazards, design safe work practices, train your workers adequately in these practices and enforce them consistently. In some instances, you may also need to establish other administrative controls, such as worker rotation or more frequent work breaks. Where needed, use personal protective equipment.

SUMMARY

Establishing a complete hazard inventory is not as complicated as it may sound. It begins with having industrial hygiene, safety, and occupational health experts conduct a comprehensive survey of your worksite to determine the existing and potential hazards. Periodic surveys, done at intervals that make sense for the size and complexity of your worksite, will bring into play any new engineering or scientific knowledge of hazards and their prevention. These subsequent surveys also can help find new hazards that have evolved along with changing work procedures over time.

Change analysis prevents expensive problems before they occur. Individuals who are knowledgeable in worker health and safety can help you design and plan for changes in your worksite. Change analysis uses elements of routine hazard analysis appropriate to the type of change being contemplated.

Routine hazard analysis also adds to your inventory. It enables you to control hazards that develop in work procedures or within processes, or that occur because of changes in the phases of the operation.

The tools and approaches used in the various types of hazard analysis tend to overlap. This overlapping helps ensure total coverage and a more comprehensive inventory on which to base your prevention program.

Involving your employees in the effort to inventory hazards is sure to pay off. Hazard surveyors will benefit from workers' practical knowledge. And employees, as they become more knowledgeable about workplace hazards, prevention, and controls, will be better able to protect themselves and others.

When assessing workplace hazards, do not overlook the human element. Whenever one employee is replaced by another, the difference in skill and experience can mean increased risk to both the new worker and his/her coworkers. Changes in the individual employee's health, ability to function on the job, and personal life, whether these changes are sudden or gradual, can affect workplace safety and health. A manager needs to be sensitive to these changes and willing to provide training and orientation, physical and administrative adjustments, or other accommodations.

___________________________________________________________________________________________

ESTABLISHING HAZARD PREVENTION AND CONTROL PROGRAM

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

You have conducted a comprehensive survey of your workplace to uncover existing and potential hazards. Now what are you going to do about them? The Occupational Safety and Health Act of 1970 requires that each employer "...furnish to each of his employees employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm..." (29 U.S.C. 651, Sec. 5(a)(1)).

In this chapter we will discuss the management systems used to prevent and control hazards. These include; control by engineering, safe work practices, administrative arrangements and personal protective equipment (PPE); systems to track hazard correction; preventive maintenance systems; emergency preparation; and medical programs.

Emergency preparation is the subject of OSHA Publication 3088 (Revised 1991), "How to Prepare for Workplace Emergencies."

The goal of the hazard prevention and control program is to make foolproof the workplace and its operations, to the extent feasible, to keep employees from being harmed. It is an ongoing program, never finished. You will design and implement and then revise and improve preventive measures and controls as your worksite changes and as your store of hazard information grows.

The most frequent sources for updating hazard information are routine general inspections, employee reports of hazards and accident/incident investigations. Other good sources for hazard information updates are the ongoing job hazard analyses (OSHA Publication 3071), process and phase hazard analyses, change analyses and periodic comprehensive hazard surveys.

Small business owners may wish to contact the nearest office of the OSHA-funded, State-run consultation service for advice and assistance in developing a hazard prevention and control system. Larger employers with specific difficulties can receive assistance over the telephone or by letter from the nearest State or Federal OSHA enforcement office.

THE TERMINOLOGY OF HAZARD CONTROL

Hazards take many forms: air contaminants, tasks involving repetitive motions, equipment with moving parts or openings that can catch body parts or clothing, microorganisms, extreme heat or cold, noise, toxic liquids, and more. The terms we use here to describe the principles of engineering control may sound strange when applied to some of these hazards. You may find that, in other discussions of hazard control, the terms are used somewhat differently. There should be agreement, however, about the concepts the terms describe.

ENGINEERING CONTROLS

These controls focus on the source of the hazard, unlike other types of controls that generally focus on the employee exposed to the hazard. The basic concept behind engineering controls is that, to the extent feasible, the work environment and the job itself should be designed to eliminate hazards or reduce exposure to hazards. While this approach is called engineering control, it does not necessarily mean that an engineer is required to design the control.

Engineering controls can be very simple in some cases. They are based on the following broad principles:

1. If feasible, design the facility, equipment or process to remove the hazards and/or substitute something that is not hazardous or is less hazardous;

2. If removal is not feasible, enclose the hazard to prevent exposure in normal operations; and

3. Where complete enclosure is not feasible, establish barriers or local ventilation to reduce exposure to the hazard in normal operations.

Elimination of Hazards through Design

Designing facilities, equipment or processes so that the hazard is no longer even potentially present is obviously the best worker protection. Some examples of this are:

• Redesigning, changing or substituting equipment to remove the source of excessive temperatures, noise or pressure;

• Redesigning a process to use less toxic chemicals;

• Redesigning a work station to relieve physical stress and remove ergonomic hazards; or

• Designing general ventilation with sufficient fresh outdoor air to improve indoor air quality and generally to provide a safe, healthful atmosphere.

Enclosure of Hazards.

When you cannot remove a hazard and cannot replace it with a less hazardous alternative, the next best control is enclosure. Enclosing a hazard usually means that there is no hazard exposure to workers during normal operations. There still will be potential exposure to workers during maintenance operations or if the enclosure system breaks down. For those situations, additional controls such as safe work practices or personal protective equipment (PPE) may be necessary to control exposure.

Some examples of enclosure designs are:

• Complete enclosure of moving parts of machinery;

• Complete containment of toxic liquids or gasses from the beginning of the process using or producing them to detoxification, safe packing for shipment, or safe disposal of toxic waste products;

• Glove box operations to enclose work with dangerous microorganisms, radioisotopes or toxic substances; and

• Complete containment of noise, heat or pressure-producing processes with materials especially designed for those purposes.

Barriers or Local Ventilation.

When the potential hazard cannot be removed, replaced, or enclosed, the next best approach is a barrier to exposure or, in the case of air contaminants, local exhaust ventilation to remove the contaminant from the workplace. This engineered control involves potential exposure to the worker even in normal operations. Consequently, it should be used only in conjunction with other types of controls, such as safe work practices designed specifically for the site condition and/or PPE. Examples include:

• Ventilation hoods in laboratory work;

• Machine guarding, including electronic barriers;

• Isolation of a process in an area away from workers, except for maintenance work;

• Baffles used as noise-absorbing barriers; and

• Nuclear radiation or heat shields.

GENERAL WORKPLACE RULES AND SAFE WORK PRACTICES

Many of your organization’s general workplace rules have a bearing on safety and health. It is accurate to think of these rules as hazard controls.

In addition to the general workplace rules that apply to everyone, specific work practices may be needed to safeguard your employees in a variety of situations. For example, even when a hazard is enclosed, exposure can occur when maintenance is necessary, when the enclosure system suffers a partial or complete breakdown, or when enclosure does not fully control the hazard. By following established safe work practices for accomplishing a task safely (and using PPE in many cases), your employees can further reduce their exposure to hazard.

Workplace Rules.

The safety and health rules that you develop and make part of your overall workplace rules are an important component of your hazard prevention and control program. These rules play a major part in identifying acceptable and unacceptable behavior. For example, you may have rules outlawing horseplay or violent behavior on company property, or requiring your employees to wear personal protective equipment.

Safety and health rules are most effective when they are written, posted, given to all affected employees, and discussed with them. Many employers emphasize the link between safety and health rules and the consequences of breaking them by reviewing the rules with their employees. They then ask the employees to sign a statement at the bottom of the list: "I have read the rules, I understand them, and I have received an explanation of the consequences of breaking them." Employer and employee both keep a copy of this signed statement.

Some employers ask their employees to help develop the workplace rules and then to help revise them as needed. When employees play a role in formulating the rules, they are more likely to understand and follow them.

Safe Work Practices

Some of these practices are very general in their applicability. They include housekeeping activities such as:

• Removal of tripping, blocking, and slipping hazards;

• Removal of accumulated toxic dust on surfaces; and

• Wetting down surfaces to keep toxic dust out of the air.

Other safe work practices apply to specific jobs in the workplace and involve specific procedures for accomplishing a job. To develop these procedures, you conduct a job hazard analysis. This process is clearly described with examples and illustrations in OSHA Publication 307l (Revised 1992), "Job Hazard Analysis.

OSHA recommends that you keep the written analysis of a job separate from the written procedures your workers will follow to accomplish the job safely. A good job hazard analysis is more detailed than a good work instruction sheet. Each document suffers from being combined with the other.

You may decide that a training program is needed, using the job hazard analysis as the basis for training your workers in the new procedures. A training program may be essential if your employees are working with highly toxic substances or in dangerous situations.

DRAWBACKS TO CONTROLLING HAZARDS WITH SAFE WORK PRACTICES

While safe work practices are a necessity and can work very well, they are only as good as the management systems that support them. This is because they are susceptible to human error. The controls first must be designed from a base of solid hazard analysis. They then must be accompanied by good worker training, reinforcement, and consistent and reasonable enforcement. Safe work practices should be used in conjunction with, and not as a substitute for, more effective or reliable engineering controls.

Safe Work Practices Training

Anticipate resistance when teaching new job practices and procedures to workers. If your employees have done a job long enough without special precautions, they are likely to feel unconcerned about hazards. It is essential that they understand why special work practices are needed. Therefore, training begins with a discussion of hazards. Your workers must be assisted in understanding that, for an accident or injury to occur, two things must be present: a hazard and an employee. Remove the hazard and there will be no injury. Train the employee to follow proper work practices, and those safe work practices can significantly help the employee to avoid harm.

Just presenting training may not be sufficient. An employer has a responsibility to ensure that worker training has achieved its objective and that workers understand the hazards and know how to protect themselves. A supervisor easily can perform informal testing to check the results of training. This means stopping at an employee's work station and asking for an explanation of the hazards involved in the work and the employee's means of protection. If the training has been presented well and has been understood, each trained worker should be able to give a clear, comprehensive response.

Positive Reinforcement.

Each supervisor should provide frequent reinforcement of work practices training. The informal testing described above serves not only to gauge training effectiveness, but also to reinforce the desired behavior. Some worksites also provide special recognition for the use of safe work practices. Some supervisors periodically hand out "Thank you for working safely" cards that can be redeemed for a free cup of coffee or soft drink. Other supervisors periodically observe individual workers at their tasks and give oral and/or written feedback on what was done safely.

OSHA recommends award systems that recognize positive activities rather than absence of injuries. Award programs with prizes for hours worked without injury can put heavy pressure on workers not to report injuries.

Enforcement.

Workers must realize that safe work practices are a requirement of employment and that unsafe practices will not be tolerated. It is necessary, therefore, that the employer have a disciplinary system that is implemented fairly and consistently. If no such system exists in your workplace, you would be wise to have employees assist in designing one. We discuss disciplinary systems in greater detail below.

ADMINISTRATIVE CONTROLS

While workplace rules and safe work practices can legitimately be considered forms of administrative control, we use this term here to connote other measures aimed at reducing employee exposure to hazard, generally by manipulating the work schedule. Such measures include lengthened rest breaks, additional relief workers, exercise breaks to vary body motions, and rotation of workers through different jobs to reduce or "even out" exposure to hazards or to allow them to work part of the day without respirators or other burdensome PPE. Administrative controls normally are used in conjunction with other controls that more directly prevent or control exposure to hazard.

Administrative controls are often employed to reduce ergonomic hazards. For example, employees in a meatpacking plant might rotate among several tasks to reduce accumulated stress on particular muscles and tendons. Administrative controls have also been used in situations of extreme temperatures, and to counteract the dangers of some widely used chemicals. However, such controls are not appropriate in dealing with carcinogens or chronic chemical hazards such as lead.

PERSONAL PROTECTIVE EQUIPMENT (PPE)

When exposure to hazards cannot be engineered completely out of normal operations or maintenance work, and when safe work practices and other forms of administrative control cannot provide sufficient additional protection, a supplementary method of control is the use of protective clothing and/or equipment. These are collectively called personal protective equipment, or PPE. PPE may also be appropriate for controlling hazards while engineering and work practice controls are being installed.

The term PPE covers such items as face shields (whether worn by dentists or welders), steel-toed shoes and boots, safety glasses and goggles, hard hats, back supports, leather aprons, metal-mesh gloves, forearm guards, respirators, and "space suits."

Legal Requirements.

One section of the OSHA standards (29 CFR 1910, Subpart I) specifically addresses PPE. Many other OSHA standards require certain types of PPE. If respirators are ever worn for any reason at your worksite, you must have a written respirator program, perform fit testing, train supervisors and workers in proper respirator use, and meet other requirements of the standard (29 CFR 1910.134). For further information about respirators, see OSHA Publication 3079 (Revised 1993), "Respiratory Protection." A useful general source of information is OSHA Publication 3077 (Revised 1994), "Personal Protective Equipment."

If you are not sure what is required or what types of PPE might be best for your employees, you can call or write the nearest State or Federal OSHA office for guidance. Small business employers may contact the OSHA-funded, State-run consultation service in their State.

PPE Drawbacks.

The limitations and drawbacks of safe work practices also apply to PPE. Employees need training in why the PPE is necessary and how to use and maintain it. It also is important to understand that PPE are designed for specific functions and are not suitable in all situations. For example, no one type of glove or apron will protect against all solvents. To pick the appropriate glove or apron, you should refer to recommendations on the material safety data sheets of the chemicals you are using.

Your employees need positive reinforcement and fair, consistent enforcement of the rules governing PPE use. (See discussion below.) Some employees may resist wearing PPE according to the rules, because some PPE is uncomfortable and puts additional stress on employees, making it unpleasant or difficult for them to work safely. This is a significant drawback, particularly where heat stress is already a factor in the work environment. An ill-fitting or improperly selected respirator is particularly hazardous, since respirators are used only where other feasible controls have failed to eliminate a hazard.

Bearing the Cost.

OSHA standards require employers to provide respirators that fit individual employees. Most employers also provide other required PPE, with the exception of safety shoes and safety glasses. But even when employees must provide their own safety shoes, safety glasses, or other PPE, employers usually pay part of the cost.

INTERIM PROTECTION

When a hazard is recognized, the preferred correction or control cannot always be accomplished immediately. However, in virtually all situations, interim measures can be taken to eliminate or reduce worker risk. These can range from taping down wires that pose a tripping hazard to actually shutting down an operation temporarily. The importance of taking these interim protective actions cannot be overemphasized. There is no way to predict when a hazard will cause serious harm, and no justification to continue exposing workers unnecessarily to risk.

HAZARD CORRECTION TRACKING

An essential part of any day-to-day safety and health effort is the correction of hazards that occur in spite of your overall prevention and control program. Documenting these corrections is equally important, particularly for larger sites. Documentation is important because:

• It keeps management and the Safety Department or the person is charge of safety and health aware of the status of long-term correction items;

• It provides a record of what occurred, should the hazard reappear at a later date; and

• It provides timely and accurate information that can be supplied to an employee who reported the hazard.

Notations on the Report Form.

Many companies use the form that documents the original discovery of a hazard to track the correction of the hazard. Inspection reports include notations about hazard correction alongside the information about the hazard. Employee reports of hazards and reports of accident/incident investigations also should provide space for notations about hazard correction.

When recording information about hazard correction, it is important to note all interim protective measures and to include the date of a completed action. Otherwise, you run the risk of intended corrections never actually being completed. This may not pose a problem if the hazard can be corrected in a short period of time. Someone probably will remember to see that the final correction occurs. There is always a danger, however, that the expected correction will "slip through the cracks." This can happen when a part has to be ordered and time is needed for procurement, or when interim, less than adequate measures become substitutes for preferred but possibly more costly or time-consuming actions.

Tracking by Committee.

Some companies separate the tracking of hazard correction from the system that uncovered the hazard. Typically, either a central management safety committee or a joint employee-management committee will devote a part of each meeting to reviewing inspection reports, employee hazard reports, and accident/incident reports. The committee will list in its minutes any remaining uncorrected hazards for continued tracking.

The benefit of such a system is the high-level scrutiny applied to hazard correction tracking. The system can be cumbersome, however, especially when information must be transferred from the reports to the committee. There is the possibility of information being lost in transit or of incomplete and incorrect information being conveyed. This can be minimized by allowing the committee to review the original reports.

Tracking by Separate Form.

Another way to track hazard correction is to transfer information from the original hazard report to a separate hazard tracking report. Ideally, this system receives information on all uncorrected hazards and not just information from one of the avenues for uncovering hazards. Tracking by separate form is most effective when computerized.

For small businesses that do not use written inspection reports or written employee reports of hazards, this system provides important documentation that otherwise might not exist.

The weakness in this system is much the same as for tracking by committee: there is always a possibility that incorrect or incomplete information will be transferred or that a correction needing tracking will fail to be recorded.

REWARD SYSTEM

Rewarding safe behavior is at least as important as correcting and punishing unsafe actions. Positive feedback can be a powerful motivator. It is especially important to recognize self-initiated acts of safety or health protection, those times when employees, of their own accord, act to protect themselves or others.

A reward system can be very simple and inexpensive: letters or certificates of appreciation, a few hours of paid leave, a special and convenient parking space for a month in the company parking lot, a small pin or tie tack. Evaluate your reward program periodically. If employees are showing signs of losing interest, give your program a fresh charge with new ideas.

Rewarding an employee for good safety and health behavior not only recognizes the employee, it also provides incentive to other workers. Public recognition is likely to be more important than monetary value when distributing one-time awards. Of course, taking safety and health performance into account when promoting employees or issuing bonuses is probably the most meaningful reward.

One type of reward program can backfire and should be avoided. Rewards based on the least number of accidents can do more harm than good. They tend to create pressure on employees to avoid reporting injuries and illnesses. For best results, emphasize the positive: reward your employees' constructive safety and health efforts.

ROLE OF DISCIPLINARY SYSTEMS IN THE WORKPLACE

The disciplinary system does not exist primarily to punish employees. Its purpose should be to control the work environment so that workers are protected and accidents are prevented. A disciplinary system helps ensure workplace safety and health by letting your employees know what you expect of them. It provides workers with opportunities to correct their behavior before an accident happens.

A disciplinary system is one of the keys to successfully implementing your safety and health program. It ensures that your rules and safe working practices are taken seriously by employees and are actually followed. It lets employees know how you expect them to operate in relation to the goals of your safety and health program. And it lays out the actions you will take if individuals do not meet your expectations.

A disciplinary system cannot work in a vacuum. Before you can hold your employees accountable for their actions, you first need to establish your safety and health policy and disciplinary rules. Then you need to develop safe operating procedures, train your employees on these procedures, and supervise their actions.

Policy Statement.

Employees need to know where you stand on safety and health and what you expect of them. They need a clear understanding of the rules and the consequences of breaking those rules. This is true in all areas of work, but it is especially important for worker safety and health. As part of the policy statement, or in an employee manual or booklet, you should have a written statement setting forth your disciplinary policy.

Employee Information and Training.

It is important that employees understand the system and have a reference to turn to if they have any questions. Therefore, in addition to issuing a written statement of your disciplinary policy, you should draw up a list of what you consider major violations of company policy and less serious violations. This list should specify the disciplinary actions that will be taken for first, second, or repeated offenses.

Training can reduce the need for disciplinary action. Instruct your employees in the importance of workplace safety and health, the need to develop safety habits, your operation's safe work practices and the hazards they control, and the standards of behavior that you expect. Be sure your employees understand the disciplinary system and the consequences of any deliberate, unacceptable behavior.

Supervision.

Supervision includes both training and corrective action. Ongoing monitoring of your employees work and safety habits gives you and/or your supervisors the opportunity to correct any problems before serious situations develop.

In most cases, effective supervision means correcting a problem before issuing any punishment. Where the relationship between employees and their supervisors is open and interactive, problems are discussed and solutions are mutually agreed upon. This type of relationship fosters a work environment where the need for disciplinary action is reduced. When such action is needed, the parties are more likely to perceive it as corrective than punitive.

Employee Involvement.

You may want to involve your employees in setting up or revising your disciplinary system. Employees who contribute their ideas to workplace rules and disciplinary actions are more likely to be knowledgeable about the system. They are more likely to understand that the system is designed to protect them against the unsafe acts of others. Of course, at sites with collective bargaining agents, you will need to involve employee representatives.

Employees should be encouraged to help informally in the enforcement of rules and practices. The intent here is not to turn employees into spies and informers, but to encourage them to be their "brother's keeper" and to watch out for the safety and health of their colleagues. Many employers successfully have encouraged an atmosphere -- a company "culture" -- where employees readily speak up when they see an easily corrected problem, for example, a coworker who needs reminding to put on safety goggles.

Your employees deserve the opportunity to correct their own behavior problems. An effective disciplinary system is a two-way process. Once a problem is spotted, discuss it with the employee, who should be given at least one or two opportunities to change the behavior or correct the problem. Only after these discussions (and possibly some retraining) should disciplinary action be taken.

Appropriate Control Measures.

Disciplinary actions need to be proportionate to the seriousness or hazardousness of the offense and the frequency of its occurrence. It is certainly inappropriate to fire someone for occasional tardiness. It is equally inappropriate to issue only oral warnings to an employee who repeatedly removes a machine guard.

Disciplinary procedures should not be instituted without explanation. Be sure to provide feedback to the employee on what behavior is unacceptable, why the corrective action is necessary, and how the employee can prevent future violations and disciplinary action. In addition, take time to recognize an employee who improves or corrects his/her behavior.

Consistent Enforcement.

If your disciplinary system is to work well and be accepted by your workforce, you must assure your employees -- in word and deed -- that the system applies equally to everyone. This includes subjecting managers and supervisors to similar rules and similar or even more stringent disciplinary procedures.

Documentation.

One key to ensuring fairness and consistency in a disciplinary system is keeping good records. It is in the best interest of both the employer and the employee to have written rules and disciplinary procedures. It is just as important to document instances of good or poor safety and health behavior, including discussions with the employee, and to place relevant information in the employee's personnel file.

Documentation serves a variety of purposes. It helps you to track the development of a problem, corrective actions, and the impact of measures taken. It provides information enabling you to keep employees informed of problems that need correction. When you are evaluating the managerial and supervisory skills of your supervisors, it provides a useful record of how they handled problems.

If warnings, retraining, and other corrective actions fail to achieve the desired effect, and if you decide to discharge an employee, then documentation becomes even more critical. Conversely, you may want to consider an annual clearing of the personnel files of employees whose good overall safety records are marred by minor warnings.

PREVENTIVE MAINTENANCE

You might not associate preventive maintenance with your safety and health program. Nonetheless, good preventive maintenance plays a major role in ensuring that hazard controls continue to function effectively. Periodic workplace monitoring, for example, to check for chemical exposures or noise exposures, will help assure that installed controls are still working as designed. Preventive maintenance also keeps new hazards from arising due to equipment malfunction.

Whenever systems are enclosed, the enclosure usually depends on the smooth functioning of pipes, valves, pressure releases, etc. Malfunctions of these parts of the enclosed system may result in hazards to workers. Ventilation systems that control hazards rely on the proper performance of duct work, fans, and filters. Many guards are electronic or electrically energized and require maintenance for continuing smooth operation. Equipment that is not hazardous under normal conditions may become so if it malfunctions. Clearly, preventive maintenance is a vital link in any safety and health program.

Scheduling. Preventive maintenance requires reliable scheduling of maintenance activity. The scheduling, in turn, depends on knowledge of what needs maintenance and how often. The whole point of preventive maintenance is to get the work done before repairs or replacement must be done.

Maintenance survey. A preventive maintenance program starts with a survey of maintenance needs at the worksite. Every piece of equipment or part of a system that needs maintenance, such as oiling, cleaning, testing, replacement of worn parts, or checking, should be surveyed. You will need a complete list of all items to be maintained. If such a list does not exist at your worksite, you should require your maintenance supervisor to develop one. The survey should be repeated periodically and the list of items updated. Whenever new equipment is placed in the worksite, the list should be revised accordingly.

Maintenance timetable. Once the complete list is developed, a timetable must be established. For each item on your list, estimate the average length of time before the maintenance work becomes reactive rather than preventive. Plan to perform the maintenance before that average time. (Maintenance should be performed at least as often as recommended by the manufacturer.) Review maintenance documents periodically to see how much reactive maintenance (repair or replacement of defective parts after failure) has been done. Then make new estimates of average time, and adjust your maintenance timetable accordingly.

Posted or computerized schedules. Make sure the preventive maintenance schedule is accessible. Easy availability of the schedule will help your maintenance staff plan its work. A well communicated schedule also will help to ensure the maintenance department's accountability for performing the work on time. Select a method of communication that works well for your employees.

Maintenance Documentation.

Preventive maintenance can be a complicated matrix of timing and activity. But keeping track of completed maintenance tasks can be as simple as adding a date and initials to the posted work schedule. Some employers use their computer system to keep track of completed maintenance activity.

Documentation can help you to identify and reward employees whose efforts have prevented costly repairs and accidents/incidents. It also can be instrumental in your effort to require accountability of employees responsible for maintenance.

EMERGENCY PREPARATION

This topic is more thoroughly covered by OSHA Publication 3088 (Revised 1991), “How to Prepare for Workplace Emergencies.” Here we will consider only the most important general points.

The Nature of Emergencies.

During emergencies, hazards appear that normally are not found in the workplace. These hazards may be the result of natural causes such as earthquakes, tornadoes, hurricanes, floods, or ice storms. Events caused by humans and beyond your control may create hazards, for example, train or plane accidents, terrorist activities, or occurrences at nearby worksites that affect your site. Finally, emergencies may occur within your own systems due to unforeseen combinations of events or the failure of one or more hazard control systems.

Emergencies, by their nature, are not part of the expected, everyday routine. They may never occur. But if they do, their cost in terms of both dollar losses and human suffering can be enormous. Your job is to become aware of possible emergencies --not merely probable events -- and to plan the best way to control or prevent the hazards they present.

Survey of Possible Emergencies.

Just because a particular emergency has never occurred does not mean that it never will. Therefore, your emergency preparation should begin with a survey of all possible emergency situations at your worksite. Start by listing possible emergency occurrences by the general categories below, taking into consideration the unique characteristics of your worksite and its location.

Natural disaster. Review each type of natural disaster that has occurred in your geographical areas and consult experts on the chances of other types of natural disasters happening.

Human errors or deliberately caused disasters beyond the controls of your worksite. Consider the environment of your worksite. Are you near an airport or on an airport's landing/takeoff pattern? Is there a train track used to carry products other than those that you ship or receive? If so, is it near enough so that an accident involving release of toxic materials could impact your worksite? Are there chemical or other dangerous sites in your neighborhood that could have internal emergencies that might affect your worksite? Have there been terrorist activities against other plants belonging to your company? against plants involved in similar processes or products?

Hazard control failures at your worksite. Ask yourself, what are the worst things that could possibly happen as a result of conditions here? Every worksite has some potential for fire. Some have much greater potential than others. What is your potential for explosion or release of toxic substances?

Emergency Planning

After listing all possible emergencies, you must plan actions to reduce their potential impact on your workers' safety and health. Some actions will be appropriate in all emergency situations. But the measures required by some types of emergencies may differ from or even contradict those needed in other emergency scenarios. Plan what first aid or medical response is needed and where that response will come from. If you are relying on outside medical or emergency response organizations, establish communications with them and plan together for emergencies. If possible, have these outside resources participate in your drills.

Employee Information and Training

Your employees need to be informed of the emergency plans that require their participation. Each employee needs to know precisely what he/she is expected to do in each type of emergency.

For the most likely emergencies, employees should be drilled in the actions you expect them to take. You want their responses to become second nature, so that they will be able to protect themselves and others regardless of the stress of the moment. Fire and evacuation drills should be held annually. For other types of emergencies, such as tornadoes or earthquakes, drills should follow a predetermined schedule based on the frequency and/or probability of the event.

MEDICAL PROGRAMS

Medical programs provide occupational health care, both onsite and nearby. This care consists of approaches to both identifying health problems that may be work-related and responding to injuries and illnesses that occur. The size and complexity of a medical program will depend on the size of the worksite, its location in relation to health care provider organizations and the nature of the hazards at the worksite.

You must always be prepared to offer first aid at your worksite. In fact, this is required by OSHA's Medical and First Aid standard, 29 CFR 1910.151 (b), for worksites that are not close to medical facilities. OSHA strongly advises that both first aid and CPR assistance be available on every shift at your worksite. OSHA's Bloodborne Pathogens standard, 29 CFR 1910.1030, also discussed in Chapter X, imposes various requirements to protect employees who provide first aid and CPR.

Medical programs consist of everything from a basic first aid and CPR response to sophisticated approaches for the diagnosis and resolution of ergonomic problems. The nature and extent of your medical program will depend on a number of factors. Small business employers can contact a local physician or the OSHA-funded, State-run consultation service for assistance in deciding what type of medical program meets their site's needs. If use of nearby medical facilities appears to be the best arrangement, be sure to meet with representatives of that facility to discuss your medical needs. (See also Chapter X for a suggested method of determining health care needs.)

Whatever medical program you decide on, it is important to use medical specialists with occupational health/medical training. Not every nurse or doctor is trained to understand the relationships between the workplace, the work, and certain medical symptoms.

SUMMARY

You should approach each category of workplace hazard with the intention of totally preventing it, if feasible. If total prevention is not feasible, you should control the hazard as completely as is feasible through work and equipment design. To the extent that potential exposure exists despite the designed controls, then you should use safety and health rules, work practices, and other administrative measures to control that exposure. Finally, you may need to use personal protective clothing and other equipment to further reduce levels of individual exposure.

To complement these hazard controls, you also must have good systems of preventive maintenance; hazard correction tracking; a fair and consistent enforcement of rules, work practices, and PPE; a solid system for responding to unexpected emergencies; and a good medical program that helps identify hazards and minimize harm when injuries and work-related illnesses occur.

These are the basic components of a hazard prevention and control program. With these measures, you can provide your employees with comprehensive protection from occupational hazards.

____________________________________________________________________________________________

ASSESSING SAFETY & HEALTH MANAGEMENT PROGRAMS

Source: Onsite Safety & Health Consultation Program, Industrial Services Division, Illinois Department of Commerce & Community Affairs

Worksite Analysis

Worksite analysis is a combination of systematic actions that provide the employer with the information necessary to recognize and understand the existing and potential hazards of the workplace. While these actions may appear complicated, they are really basic activities that are performed in most workplaces. It includes these actions:

• A comprehensive hazard identification program established and a hazard inventory completed.

• Regular site safety and health inspections are completed on a regular basis (i.e. monthly or more often).

• A system is established for employees to report hazards without fear of reprisal.

• An accident/incident investigation procedure is in place.

• A procedure for analyzing injury/illness trends at least annually established.

Comprehensive Identification

In order to design a program of prevention and control, an employer must have a comprehensive hazard survey, a change analysis, and a routine hazard analysis.

The comprehensive hazard survey is the most basic tool used to establish a prevention and control program. This survey should be performed by experts, preferably someone not involved with the workplace, who has a broad knowledge base of safety engineering, industrial hygiene and, if applicable, occupational medicine. This survey identifies current and possible hazards at the worksite. This survey should be performed on a periodic basis.

The second component used to build a prevention and control program is the change analysis. This analysis is conducted prior to a change i n facilities, equipment, processes, or materials in the workplace. In this way, potential hazards can be identified before the change goes into effect. It will also provide a source of savings for the employer in that possible faulty designed can be locate d and changed before going into place.

The last component of the comprehensive hazard identification is the routine hazard analysis. The most basic form of routine hazard analysis is the job safety analysis. This analysis divides a job into tasks and steps, and then it allows for an analysis of potential hazards. A method of prevention and control can then be developed from the analysis that can eliminate the potential hazards.

• Require periodic inspections, surveys or consultations from outside source s such as your insurance carrier or the onsite consultation project in your state. Require periodic industrial hygiene surveys.

• Develop procedures to be conducted by in -house personnel to support the improvement recommendations made in those surveys, such as insuring that ventilation systems are maintained, personal protective equipment is used, etc.

• Require that capital expenditures for new facilities or new equipment be reviewed from a safety aspect during their planning stages.

• Secure from equipment manufacturers use and servicing instructions for all equipment in use.

• Ensure that your operating procedures are consistent with safety rules furnished by the manufacturer and that they are adequate to protect your workforce.

• Develop specific safe work procedures using job hazard analysis techniques for tasks where the procedures are insufficient or lacking.

• Perform routine job hazard analyses on all new tasks, tasks involving new machinery or processes, and tasks identified as being involved in accidents.

Worksite Inspections

Each worksite should perform a safety and health inspection on a regular basis. Employees at the worksite can be trained to perform these inspections. The goal of performing this inspection will be to identify any controls that might have slipped since the routine analysis was performed.

• · Develop an inspection program and assign responsibility.

• · Train in-house safety inspectors and supervisors in hazard identification.

• · Require written reports of inspections.

• · Follow up to ensure correction of items identified by in -house inspectors.

• · Develop interim protections as a temporary hazard correction.

Reporting Hazards

The goal of any safety and health program is to identify and correct hazards before they become a problem and employees are harmed. The employer should use all employees as hazard lookouts. The name of the game is accident and illness prevention, and it should start with each person who enters the job site. To be effective, employees need to know whom to notify and how, fear no reprisal. Employees will also need to see timely response to their reports. These responses are visible evidence of management's commitment to worker safety and health and your desire for meaningful employee involvement.

• Develop a safety observation and reporting system to provide a way for employees to notify you of conditions or practices they think are hazardous.

• Ensure that all new employees are aware of how to report unsafe conditions and what actions should be taken while the hazard is being corrected.

• Develop a tracking procedure that requires final disposition of recommendations or hazards reported.

• Develop a response system to ensure that employees are informed of decisions; this will increase employee's confidence that you are serious about safety and health.

Incident/Accident Analysis

Unfortunately accidents can happen. Accidents must be investigated and analyzed in a timely manner while the facts are still fresh and allows for accident reenactment. Prompt investigation also indicates managements concern.

Employers should use accidents as learning tools by investigating them to determine the causes and then developing ways to avoid similar situations in the future. Every accident has a cause. Once you determine what caused the accident, you can take steps to keep it from happening again and minimize time loss. The emphasis for accident investigation should be on fact-finding, not fault finding. Because the immediate supervisor is usually first on the scene, the supervisor should be trained in accident investigation. The investigation should determine:

• Exactly what happened and where;

• Under what circumstances the accident occurred; and

• What should be done to prevent the circumstances which caused the accident

• Develop an accident investigation procedure.

• Train supervisors in accident investigation techniques.

• Require that all accidents be investigated, the cause determined and corrective action taken within 24 hours of the accident.

• Insist upon fact-finding, not fault finding.

• Take constructive steps to eliminate or control the hazard that caused the accident.

• Ensure that employees understand that hazardous conditions and unsafe acts will not be tolerated.

Trend Analysis

A good record keeping system can help management by providing them with the means to objectively evaluate the magnitude of his accident problems. Tracking injuries and illnesses over periods of time can be useful information in devising a prevention plan. They can help you discover trends such as an increase in the number of severity of accidents, or an increase in a certain kind of accident, or an increase of accidents in a certain department. They may also point out problem areas that are missed by simple inspections.

• Develop a system for reporting incidents involving no injury, near-miss accidents and first aid cases.

• Assign responsibility for maintaining records (OSHA 300 Logs and other accident/incident forms) to one individual.

• Analyze accident records (OSHA 300 logs, first aid cases, no injury reports) on an annual basis to identify trends or for common underlying or primary cause factors.

_____________________________________________________________________________________________

CATCHING THE HAZARDS THAT ESCAPE CONTROLS

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

In the ideal safety and health scenario, the employer knows precisely the hazards and potential hazards to which employees could be exposed and has designed a perfect system of prevention and control. In real life, some hazards may escape detection during the inventory process. Others have a way of slipping out of the controls set up to protect workers. So, you need ways to catch these hazards and get them controlled, or better controlled, before anyone gets hurt.

OSHA's Safety and Health Program Management Guidelines recommend a complete worksite analysis to provide the basis for hazard prevention and control. This analysis includes identifying all hazards and potential hazards through comprehensive surveys, change analysis, and routine hazard analysis; regular site inspections; employee reports of hazards; accident and near-miss investigations; and analysis of injury and illness trends over time.

REGULAR SITE INSPECTIONS

Inspections are the best understood and most frequently used tool of worksite analysis. Much has been written about them, and many inspection checklists are available in other publications. For a general checklist for small businesses or a starting point for larger businesses, OSHA recommends the checklist found in OSHA Publication 2209 (Revised 1992), "OSHA Handbook for Small Businesses."

In this discussion, we will consider some aspects of inspections that are frequently not covered in other publications.

What Do We Mean By Regular Site Inspections?

The term inspection refers to looking closely at something to see if it meets requirements. At your worksite, several kinds of inspections probably are done, some of them at fixed intervals. In OSHA's Safety and Health Program Management Guidelines, the term "regular site inspection" means a general inspection of every part of the worksite to locate any hazards that need correction. This includes routine industrial hygiene monitoring and sampling.

Inspection Frequency.

The regular site inspection is done at specified intervals. OSHA recommends that medium and large fixed worksites be inspected completely at least every quarter, with some part of the inspection occurring each month. For construction sites, OSHA recommends site inspections at least weekly because of the rapidly changing nature of the site and its hazards.

At small fixed worksites, the entire site should be inspected at one time. And even for the smallest worksite, inspections should be done at least quarterly. If the small worksite uses hazardous materials or involves hazardous procedures or conditions that change frequently, inspections should be done more often. Small business employers can contact the local office of the OSHA-funded, State-run consultation service for help in determining the most appropriate frequency for inspections.

What Should Be Inspected?

A methodical inspection will follow a checklist based on the inventory of hazards and the preventive actions and controls designed to reduce or eliminate worker exposure. Regular site inspections should be designed to check each one of those controls to make sure that hazards are contained.

Hazards may be controlled by engineering. Examples of engineering controls are the guards placed on equipment to prevent hand or body contact with tools or machinery that can cut or pinch body parts or catch clothing, hair, or body parts and pull them into the machinery. These guards should be checked during inspections to make sure they are in good working order and remain in place during operations. Another example of an engineering control of hazards is the ventilation system that carries away air contaminants. The velocity of the ventilation system should be checked periodically. Depending on the risk of the contaminant controlled, periodic air sampling may also be needed.

You also can control hazards with specifically designed work practices and procedures. An example is the precautions taken by a production equipment operator when restarting after a jam. The inspector should keep an eye out for any unauthorized modifications of these work practices.

Still another way to control hazards is through personal protective equipment (PPE). Meat cutters, for example, should wear protective mesh gloves. Many varied types of worksites require safety glasses or hearing protection devices in designated areas. The inspector will want to examine the equipment to ensure its good condition. Just as important, the inspector should see whether employees are wearing required PPE and whether the equipment is being worn appropriately. This includes, for example, stopping workers who have placed disposable hearing protection only partway into their ears and have left most of the plug protruding. The inspector will insist that the PPE be worn as intended.

Do not overlook areas outside of the production mainstream. Your search for common hazards and OSHA standards violations should cover the entire worksite, including all office areas. In addition to the checklist in the "OSHA Handbook for Small Businesses," you may find useful the inventory list at the back of this chapter.

Who Should Inspect?

Ideally, medium and large worksites will have more than one type of regular site inspections.

Supervisors. Many employers make it the supervisor's responsibility to inspect his/her work area at the beginning of every shift to ensure that equipment and personnel are ready to work safely. This can be particularly helpful when other shifts use the same area and equipment or when after-hours maintenance and cleaning are routinely done. Supervisors' inspections of their own areas should not substitute, however, for the broad general inspection recommended in the OSHA Guidelines. There are two reasons for this:

• Those who work in an area can start "not seeing" things that they get used to. It is always good to have cross-inspections where supervisors or employees from one area look at another area.

• A general site inspection will encompass areas not assigned to individual supervisors, for example, outdoor and other common areas.

Employees. OSHA recommends involving employees in the safety and health program, in both problem identification and resolution. One way to do this is to have the employee committee or the joint employee-management committee conduct routine inspections. By employing this method, you:

• Expand the number of people doing inspections, and therefore, improve the odds of finding hazards; and

• Increase employee awareness of the safety and health program.

Safety and Health Staff. It is most common and most logical for the staff personnel who specialize in safety and health to conduct the inspections. Even when other employees conduct inspections, it is wise also to involve the specialists. In a small business, the specialist may be the Human Resources Director or another member of management with many important duties in addition to safety and health. By having the safety and health staffer conduct inspections, you:

• Keep the person responsible for safety and health in touch with the successes and/or problems in the hazard prevention and control program and

• Use your greatest in-house source of expertise.

What Training Should Inspectors Have?

Safety and Health Staff. Personnel responsible for developing the safety and health program should have, at a minimum, the equivalent of the OSHA Training Institute Course #501, "A Guide to Voluntary Compliance in Safety and Health." Additional training is needed for large worksites and small worksites with hazardous operations or materials.

Supervisors. All supervisors should have training in the hazards that workers under their supervision are likely to encounter, plus training in how to control these hazards. When they are responsible for area inspections, supervisors also should have specific training in how to inspect. Formal coursework may not be necessary, but the training should be provided by someone who is knowledgeable.

Employees. All employees should understand the potential hazards to which they might be exposed and the ways they can protect themselves and their fellow workers. Those who are involved in inspections need training in recognizing and controlling all the potential hazards of the worksite. They will also need written guidance, tips for inspecting, and some on-the-job training by safety and health staff or other specialists.

WRITTEN INSPECTION REPORTS

In all but the smallest and least dangerous of workplaces, written inspection reports are necessary to record the hazards discovered, responsibility assigned for correction and tracking of correction to completion.

Having a written record will help ensure:

• Assignment of responsibility for hazard correction,

• Tracking of correction to completion,

• Identification of problems in the controls system when the same type of hazards keep appearing even after correction is verified,

• Identification of problems in the accountability system and

• Identification of hazards for which no prevention or control has been planned.

Of course, having such written records will be most helpful if they are read by someone knowledgeable in the safety and health program. This person then can provide top managers with summaries of problems.

TRACKING CORRECTIONS OF HAZARDS

If correction cannot be accomplished immediately after the discovery of a hazard, the inspection report should include whatever interim protective measures have been taken, and should not be considered closed until the final correction has been made. A written tracking system will improve your inspection program. And the best tracking system is written right into your inspection report form.

Important things to remember about regular site inspections and follow-up:

• These inspections should cover every part of the worksite;

• They should be done at regular intervals, with frequency depending upon the size of the worksite and the nature of the hazards;

• In-house inspectors should be trained to recognize hazards and to bring fresh vision to work areas being examined;

• Found hazards must be tracked to correction; and

• Information from inspections should be used to expand the inventory of hazards and/or improve the hazard prevention and control program.

EMPLOYEE REPORTS OF HAZARDS

Employees play a key role in helping you discover and control the hazards that may develop -- or that already exist -- in your workplace. They have a unique and valuable perspective on procedures and conditions.

A reliable system for employee reporting is an important element of an effective safety and health program. Such a system is characterized by:

• A genuine company or worksite policy that is consistent with other policies and that encourages employees to report their concerns about safety and health conditions or possible hazards in work practices,

• Timely and appropriate responses to the reporting employee,

• Timely and appropriate action valid concern exists,

• Tracking of any required hazard correction and

• Protection of reporting employees from official and unofficial harassment.

COMPANY POLICY

You have decided what your policy will be concerning employee reporting. The next step is to ensure that all employees understand the policy. Further, they need to be made aware that the policy is genuine. In larger worksites, the policy should be typed and placed on bulletin boards, distributed to all employees, and discussed in weekly or monthly safety meetings. In the smallest worksites, it may be sufficient to gather everyone together, go over the policy, and then invite discussion or questions. You will know that you have done enough when every employee, when asked, can tell you what the policy is.

The written policy is a good place to affirm your intention to protect employees from harassment or reprisal of any kind.

TIMELY AND APPROPRIATE RESPONSE AND ACTION

Having employees report hazards will not work if they cannot see reasonable results in a reasonable amount of time. You can give your employee a preliminary response when extra time is needed to analyze a reported hazard. Many larger workplaces assign special maintenance codes to work orders that involve safety or health. The code requires the maintenance supervisor to give that work a higher priority. When complete correction of a hazard requires ordering parts or materials and a wait of several months, give your employee a status update from time to time. You will be sending a message that his/her concern has not been forgotten.

Important: when the preferred corrective measures cannot be accomplished immediately, it is your responsibility to provide interim protection to your workers. You must take whatever steps may be feasible to temporarily eliminate or control the hazard.

Results must not only be timely, but must also alleviate the employee's concern. If management decides that no hazard exists, the reason behind this judgment should be thoroughly explained to the reporting employee. Care should be taken to express gratitude for the employee's erring on the side of safety and health. It is better to have some non-hazards reported than to overlook even one real hazard because a worker believed that management would not respond.

If you are uncertain whether the reported practice or condition is hazardous, further checking needs to be done. If a good description can be given over the phone, or photographs or drawings made that reveal the situation, you can call or visit the nearest Federal or State OSHA office for advice. Small businesses can contact the nearest office of the OSHA-funded, State-run consultation service.

If your employee has discovered a real hazard, the action that you take to correct it should be appropriate and swift.

TRACKING HAZARD CORRECTIONS

Each valid hazard identified through employee reports of hazards should be tracked to complete correction. Hazards that are quickly corrected may not present a problem for long-term tracking, but a record of the correction will help in determining where management systems have broken down should the same hazard reappear. Different management measures may be needed for hazards that do not stay corrected, as contrasted with those that do not get corrected. For hazards that require complicated or time-consuming corrections, a system of tracking is needed to make sure that the final correction is not forgotten in the press of other matters. Additionally, tracking long-term hazard correction enables management to keep the reporting employee better informed.

PROTECTION FROM HARASSMENT

It is important that employees know that reporting a hazard will not result in any official or unofficial harassment or reprisal from management, individual supervisors, or coworkers. The policy on employee reports of hazards should make this clear. In addition, there are several steps you can take to help ensure that harassment is never considered:

• Avoid performance evaluations that rate supervisors negatively for employee reports of hazards in their areas as long as they are responding appropriately to the reports.

• Separate employee reports of hazards from the disciplinary system. For example, avoid placing policy statements dealing with these two subjects close together on a bulletin board or in sequence in an employee handbook. Such physical proximity can give the impression that one employee can get another in trouble by reporting him or her for hazardous practices.

• Approach all discussions and written descriptions of employee reporting of hazards as a group effort to keep the worksite safe and healthful. Emphasize the positive.

• Emphasize the responsibility that each employee has for coworkers' safety and health as well as for his/her own. The safety and health of individual employees is everyone's business.

• If you discover a case of harassment for reporting a hazard, enforce your policy clearly and emphatically.

REPORTING SYSTEMS

There are several ways that employees can report hazards. The most common are:

• Oral reports to supervisors,

• Suggestion programs,

• A hazard card program,

• Maintenance work orders, and

• Written forms that provide for anonymity.

Many larger worksites will use a combination of some or all of these systems.

Oral reports. At every worksite employees should be able to report hazards to their supervisors. When the supervisor is properly trained and accepts his/her responsibility for the safety and health of the workers under supervision, informal oral reporting can occur naturally. When an employee's concerns appear valid, the supervisor then has the responsibility to either correct the hazard, request correction by maintenance, or ask for assistance from the safety department.

Most worksites encourage this type of reporting. Used alone, however, it does not provide for hazard correction tracking. Nor does it enable you to look for trends and patterns. And it provides little protection from supervisors who may not be sufficiently concerned about health and safety.

At very small worksites, where "everybody knows everything," this oral system may be all that is needed. OSHA recommends, however, that you at least adopt a simple written system where the supervisor makes a short report of each hazard reported and the action taken.

Suggestion Programs. The most frequently used type of written system is a program where employees are encouraged to make safety and health suggestions. This is a very positive approach. Not only does it provide for reporting unsafe conditions and acts, but it also encourages employees to come up with imaginative new ways of doing things safely and healthfully. If a suggestion program is used for hazard reporting, however, management must be sure that collection points are checked several times a day and that suggestions are read at the time of collection. This will ensure that identified hazards get corrected in a timely manner.

If the suggestion program is the sole means of reporting hazards or the only written system, management must encourage employees to use the system for all types of hazard reporting, and not just for ideas in the "It would be nicer if..." category.

A hazard card program. Many medium and large worksites develop or purchase a program for employee hazard reporting. One such program includes a format for training employees in basic hazard recognition. It uses cards on which employees jot down unsafe conditions and practices. These cards usually are turned in to the safety department for checking and tracking of any valid hazard correction.

Some workplaces give awards for the highest number of cards with valid concerns turned in over a specific period of time. Others have set quotas for the number of cards turned in. The success of these special uses seems to depend upon the "culture" of the worksite.

Maintenance work orders. For unsafe conditions, maintenance usually will have to make the correction. Some companies give every employee the right to fill out a maintenance work order. Others allow employees to fill them out but require supervisory sign-off before orders are sent to the maintenance department.

This system for employee hazard reporting should be used only if there is a special high priority safety and health code for maintenance work orders. With such a code, the maintenance supervisor is required to give hazard correction work orders higher priority than maintenance for production improvement only. Copies of coded work orders should be carried immediately to the Safety Department (or person responsible for safety and/or health) so that correction tracking can begin.

This special code also helps your safety and health staff look for patterns that may become apparent over time and that call for closer scrutiny of conditions or practices.

The work order system for employee reporting of hazards is not sufficient if used alone. While it can lead to correction of hazardous conditions, it cannot correct hazardous practices. And this system is not useful for encouraging imaginative new approaches to improving conditions and procedures.

Written Forms. Some of the systems described above involve the use of forms. The best written system for your worksite may be one that you devise especially for employee reports of hazards. You can allow for anonymity, when desired, by not requiring the reporting employee to either sign his/her name or give the completed form to the supervisor. You can post your response to an anonymous report on a bulletin board in the area mentioned in the report.

For all the reporting systems discussed above, some variations will work better for your site than others. The important points to remember are:

• Have a policy that encourages employee reports of hazards,

• Make this policy well known and understood,

• Protect reporting employees from harassment,

• Respond in an appropriate and timely manner,

• Track all hazards to correction and

• Use the information you obtain about hazards to revise your hazard inventory and/or to improve your hazard prevention program.

ACCIDENT/INCIDENT INVESTIGATION

Much has been written about investigating accidents, and many elaborate charts have been devised to assist the investigator. In this chapter, OSHA will not attempt to duplicate all the information readily available elsewhere. (A good publication available from the National Safety Council is "Accident Investigation...A New Approach." For this and other materials, contact the NSC, P.O. Box 558, Itasca, IL 60143, telephone (800) 621-7619.)

Accident/incident investigation is another tool for uncovering hazards that either were missed earlier or have managed to slip out of the controls planned for them. It is useful only when done with the aim of discovering every contributing factor to the accident/incident in order to "foolproof" the condition and/or activity and prevent future occurrences. In other words, your objective is to identify root causes.

Definitions

The National Safety Council defines "accident" as "an unplanned, undesired event that results in personal injury or property damage." It defines "incident" as "an unplanned, undesired event that adversely affects completion of a task." An illness that results from a single occurrence comes within the term "personal injury." This term does not include occupational illness resulting from long-term exposure to health hazards.

What Should Be Investigated?

Since all accidents result in property damage or personal injury, they should be investigated to determine the contributing causes and actions needed to prevent future occurrences. Since incidents could result in property damage or personal injury, these, too, should be investigated. "Near-misses" fall into this latter category. This term describes incidents where no property was damaged and no personal injury sustained, but where, given a slight shift in time or position, damage and/or injury easily could have occurred.

Who Should Investigate?

The usual investigator for all incidents is the supervisor in charge of the involved area and/or activity. At a minimum, the safety department or the person in charge of safety and health should review these investigations and provide for another level of investigation when:

• The event had very serious results,

• The nature of the event is very complex,

• The event involved more than one supervisor’s responsibilities and/or

• The initial investigation did not clearly establish a full range of contributing factors and/or preventive actions.

Many companies use a team or a subcommittee of the joint employee-management committee to investigate accidents involving serious injury or extensive property damage. This may supplant the supervisor's investigation or may serve as a second-level investigation. When a team or committee investigates, the team leader or chairperson must have enough authority and status in the organization to do whatever is needed.

Training for Incident Investigation.

No one should investigate accidents or incidents without appropriate accident investigation training. Many safety and health consultants and professional organizations provide this type of training. Before you commit resources to training, you might want to check the course contents against the information found in the National Safety Council's booklet, "Accident Investigation. . .A New Approach." After your investigators have received training, you should follow up by checking investigative reports to see if the training is being put to good use.

Results Desired.

The investigation report, regardless of length or style of presentation, should document all applicable facts. The report should include thorough interviews of everyone with any knowledge of the event. Six key questions should be answered: who, what, when, where, why, and how. Fact should be distinguished from opinion, and both should be presented carefully and clearly. A good investigation is likely to reveal several contributing factors, and it probably will recommend several preventive actions.

You will want to avoid the trap of laying sole blame on the injured employee. Even if injured workers openly blame themselves for making a mistake or not following prescribed procedures, the investigator must not be satisfied that all contributing causes have been identified. The error made by the employee may not be even the most important contributing cause. The employee who has not followed prescribed procedures may have been encouraged directly or indirectly by a supervisor to "cut corners." The prescribed procedures may not be practical, or even safe, in the eyes of the employee. Sometimes elaborate and difficult procedures are required, when engineering redesign might be a better answer. In such cases, management errors -- not employee error -- may be the most important contributing causes.

All supervisors and others who investigate accidents/incidents should be held accountable for describing causes carefully and clearly. When reviewing investigation reports, the safety department or in-house safety expert should be on the lookout for catch-phrases, for example, "Employee did not plan job properly." While such a statement may suggest an underlying problem with this worker, it is not conducive to identifying all possible causes, preventions, and controls. Certainly, it is too late to plan a job when the employee is about to do it. Further, it is unlikely that safe work will always result when each employee is expected to plan procedures alone.

Recommended preventive actions should make it very difficult, if not impossible, for the event to recur. The investigative report should list all the ways to "foolproof" the condition or activity. Considerations of cost or engineering should not enter at this stage. Top management should have the benefit of the investigator's complete thinking before making decisions about prevention. Some recommended actions will be capable of immediate accomplishment. Others may take time, planning, and capital expenditure.

Use of Accident Investigations.

The primary purpose of accident/incident investigations is to prevent future occurrences. Therefore, the investigation should be a springboard to corrective action. Ensure results by tracking the measures you choose to their completion.

Beyond this immediate use, apply the information obtained through the investigation to update and revise your inventory of hazards and/or your program for hazard prevention and control.

ANALYSIS OF PATTERNS

OSHA's Safety and Health Program Management Guidelines list the analysis of "injury and illness trends over time, so that patterns with common causes can be identified and prevented," as the last action under Worksite Analysis. A review of OSHA illness and injury logs is the most common form of pattern analysis. These logs are not, however, the only useful source of such information. Any records of hazards can be analyzed for patterns. Examples are inspection records and employee hazard reporting records.

Pattern Analysis of the OSHA Log of Injury and Illness

Period of time covered. A record being analyzed for patterns must contain enough entries to allow patterns to emerge. A worksite with few employees or very little hazardous work may require a review of 3 to 5 years of records. Because a site is small or does little hazardous work does not mean, however, that pattern analysis is useless. Even if an office operation has only one or two injuries each year, a 5-year review may indicate uncontrolled cumulative trauma hazards or lack of attention to tripping hazards. Larger sites will find useful information in yearly, quarterly, or monthly reviews.

What to look for. Similar injuries or illnesses indicate a hazard or type of hazard that has not been controlled yet. Diagnostic clues can be traced by noting where the injuries or illnesses occurred, what type of work was being done, the time of day, any similarities of equipment, etc. Injuries need not be identical. They can be, for example, to the same part of the body. Obviously, repetitions of the same type of injury or illness indicate that hazard controls are not working adequately.

Any clue that suggests a previously unnoticed connection between several injuries or illnesses is worth further investigation.

Pattern Analysis of Inspection Records and Employee Hazard Reports.

Hazard identification should be occurring more frequently than incidents/accidents. It should be possible, therefore, to uncover patterns in hazard identification records over shorter periods of time than may be needed to analyze patterns in incidents. Repeat hazards, just like repeat injuries, mean that controls are not working. Upgrading a control may be as simple as improving accountability. (Of course, what is simple is not always easy.)

The causes of hazards can be investigated using techniques similar to those developed to find the causes of accidents.

SUMMARY

Even after you have conducted comprehensive hazard surveys, analyzed each workplace change for hazards, routinely analyzed jobs and/or processes for hazards, and developed a program of hazard prevention and control, there still will be some hazards in your worksite. These hazards may have been missed, or measures taken may not have been adequate to maintain prevention or control over time.

This chapter has examined additional techniques for learning more about these persistent hazards, their correction, and effective and continuing control. Regular site inspections; employee reports of hazards; accident/incident investigations; and analyses of patterns of illness and injury, incidents, and hazards will help complete your safety and health program.

____________________________________________________________________________________________

TOOLS FOR A SAFETY AND HEALTH PROGRAM ANALYSIS

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

There are three basic methods for assessing safety and health program effectiveness. This description will explain each of them. It also will provide more detailed information on how to use these tools to evaluate each element and subsidiary component of a safety and health program.

The three basic methods for assessing safety and health program effectiveness are:

1. Checking documentation of activity;

2. Interviewing employees at all levels for knowledge, awareness and perceptions; and

3. Reviewing site conditions and, where hazards are found, finding the weaknesses in management systems that allowed the hazards to occur or to be "uncontrolled."

Some elements of the safety and health program are best assessed by using one of these methods. Others lend themselves to assessment by two or all three methods.

Documentation

Checking documentation is a standard audit technique. It is particularly useful for understanding whether the tracking of hazards to correction is effective. It can also be used to determine the quality of certain activities, such as self-inspections or routine hazard analysis.

Inspection records can tell the evaluator whether serious hazards are being found, or whether the same hazards are being found repeatedly. If serious hazards are not being found and accidents keep occurring, there may be a need to train inspectors to look for different hazards. If the same hazards are being found repeatedly, the problem may be more complicated. Perhaps the hazards are not being corrected. If so, this would suggest a tracking problem or a problem in accountability for hazard correction.

If certain hazards recur repeatedly after being corrected, someone is not taking responsibility for keeping those hazards under control. Either the responsibility is not clear, or those who are responsible are not being held accountable.

Employee Interviews

Talking to randomly selected employees at all levels will provide a good indication of the quality of employee training and of employee perceptions of the program. If safety and health training is effective, employees will be able to tell you about the hazards they work with and how they protect themselves and others by keeping those hazards controlled. Every employee should also be able to say precisely what he or she is expected to do as part of the program. And all employees should know where to go and the route to follow in an emergency.

Employee perceptions can provide other useful information. An employee's opinion of how easy it is to report a hazard and get a response will tell you a lot about how well your hazard reporting system is working. If employees indicate that your system for enforcing safety and health rules and safe work practices is inconsistent or confusing, you will know that the system needs improvement.

Interviews should not be limited to hourly employees. Much can be learned from talking with first-line supervisors. It is also helpful to query line managers about their understanding of their safety and health responsibilities.

Site Conditions and Root Causes of Hazards

Examining the conditions of the workplace can reveal existing hazards. But it can also provide information about the breakdown of those management systems meant to prevent or control these hazards.

Looking at conditions and practices is a well established technique for assessing the effectiveness of safety and health programs. For example, let's say that in areas where PPE is required, you see large and understandable signs communicating this requirement and all employees -- with no exceptions -- wearing equipment properly. You have obtained valuable visual evidence that the PPE program is working.

Another way to obtain information about safety and health program management is through root analysis of observed hazards. This approach to hazards is much like the most sophisticated accident investigation techniques, in which many contributing factors are located and corrected or controlled.

For example, let's say that during a review of conditions, you find a machine being operated without a guard on a pinch point. You should not limit your response to ensuring that a guard is installed. Asking a few questions can reveal a lot about the safety program's management systems. Why was the guard missing? If the operator says he did not know a guard was supposed to be on the machine, follow up with questions about the existence of safe work procedures and/or training.

If he says that the guard slows him down, and that the supervisor knows he takes it off, ask questions about the enforcement of rules, accountability, and the clarity of the worksite objective of putting safety and health first.

Let's say, however, that your insurance inspector or an OSHA inspector is the first person to notice the need for the guard. Or you first notice it when someone is hurt. A different lead-off question is appropriate. Has a comprehensive survey of the worksite been done by someone with enough expertise to recognize all potential and existing hazards?

Analyzing the root causes of hazards, while very helpful during a formal assessment, is a technique that also lends itself to everyday use. Attempt to analyze causes whenever hazards are spotted.

When evaluating each part of your worksite's safety and health program, use one or more of the above methods, as appropriate.

Elements of a quality safety and health program and useful ways to assess these components

1. Assessing the Key Components of Management Leadership and Employee Involvement.

* Worksite Policy on Safe and Healthful Working Conditions

• - Documentation. If there is a written policy, does it clearly declare the priority of worker safety and health over other organizational values, such as production.

• - Interviews. When asked, can employees at all levels express the worksite policy on worker safety and health?

o If the policy is written, can hourly employees tell you where they have seen it?

o Can employees at all levels explain the priority of worker safety and health over other organizational values, as the policy intends?

• - Site Conditions and Root Causes of Hazards. Have injuries occurred because employees at any level did not understand the importance of safety precautions in relation to other organizational values, such as production?

* Goal and Objective for Worker Safety and Health

• - Documentation.

o If there is a written goal for your safety and health program, is it updated annually?

o If there are written objectives, such as an annual plan to reach that goal, are they clearly stated?

o If managers and supervisors have written objectives, do these documents include objectives for the safety and health program?

• - Interviews.

o Do managers and supervisors have a clear idea of their objectives for worker safety and health?

o Do hourly employees understand the current objectives of the safety and health program?

• - Site Conditions and Root Causes of Hazards. (Only helpful in a general sense.)

* Visible Top Management Leadership

• - Documentation. Are there one or more written programs which involve top-level management in safety and health activities? For example, top management can receive and sign off on inspection reports either after each inspection or in a quarterly summary. These reports can then be posted for employees to see. Top management can provide "open door" times each week or each month for employees to come in to discuss safety and health concerns. Top management can reward the best safety suggestions each month or at other specified intervals.

• - Interviews. Can hourly employees describe how management officials are involved in safety and health activities?

o - Do hourly employees perceive that managers and supervisors follow safety and health rules and work practices, such as wearing appropriate personal protective equipment?

• - Site Conditions and Root Causes of Hazards. When employees are found not wearing required personal protective equipment or not following safe work practices, have any of them said that managers or supervisors also did not follow these rules?

* Employee Involvement

• - Documentation.

o Are there one or more written programs that provide for employee involvement in decisions affecting their safety and health?

o Is there documentation of these activities; for example, employee inspection reports, minutes of joint employee-management or employee committee meetings?

o Is there written documentation of any management response to employee safety and health program activities?

o Does the documentation indicate that employee safety and health activities are meaningful and substantive?

o Are there written guarantees of employee protection from harassment resulting from safety and health program involvement?

• - Interviews.

o Are employees aware of ways they can be involved in decisions affecting their safety and health?

o Do employees appear to take pride in the achievements of the worksite safety and health program?

o Are employees comfortable answering questions about safety and health programs and conditions at the site?

o Do employees feel they have the support of management for their safety and health activities?

• - Site Conditions and Root Causes of Hazards. (Not applicable.)

* Assignment of Responsibility

• - Documentation. Are responsibilities written out so that they can be clearly understood?

• - Interviews. Do employees understand their own responsibilities and those of others?

• - Site Conditions and Root Causes of Hazards.

o Was the hazard caused in part because no one was assigned the responsibility to control or prevent it?

o Was the hazard allowed to exist in part because someone in management did not have the clear responsibility to hold a lower-level manager or supervisor accountable for carrying out assigned responsibilities?

* Adequate Authority and Resources

• - Documentation. (Only generally applicable.)

• - Interviews.

o Do safety staff members or any other personnel with responsibilities for ensuring safe operation of production equipment have the authority to shut down that equipment or to order maintenance or parts?

o Do employees talk about not being able to get safety or health improvements because of cost?

o Do employees mention the need for more safety or health personnel or expert consultants?

• - Site Conditions and Root Causes of Hazards.

o Do recognized hazards go uncorrected because of lack of authority or resources?

o Do hazards go unrecognized because greater expertise is needed to diagnose them?

* Accountability of Managers, Supervisors and Hourly Employees

• - Documentation

o Do performance evaluations for all line managers and supervisors include specific criteria relating to safety and health protection?

o Is there documented evidence of employees at all levels being held accountable for safety and health responsibilities, including safe work practices? Is accountability accomplished through either performance evaluations affecting pay and/or promotions or disciplinary actions?

• - Interviews.

o When you ask employees what happens to people who violate safety and health rules or safe work practices, do they indicate that rule breakers are clearly and consistently held accountable?

o Do hourly employees indicate that supervisors and managers genuinely care about meeting safety and health responsibilities?

o When asked what happens when rules are broken, do hourly employees complain that supervisors and managers do not follow rules and never are disciplined for infractions?

• - Site Conditions and Root Causes of Hazards.

o Are hazards occurring because employees, supervisors, and/or managers are not being held accountable for their safety and health responsibilities?

o Are identified hazards not being corrected because those persons assigned the responsibility are not being held accountable?

* Evaluation of Program Operations

• - Documentation. Is there a written evaluation of each major part of the program, as identified in the OSHA Safety and Health Program Management Guidelines (54 CFR 3908, January 26, 1989)? Does this written evaluation list what is being done, assess the effectiveness of each program element against the goal and objectives and recommend changes as needed to make the program more effective or to try alternatives?

• - Interviews. Can employees, supervisors and/or managers tell you how the program is evaluated and revised each year?

• - Site Conditions and Root Causes of Hazards. (Only generally applicable).

2. Assessing the Key Components of Worksite Analysis

* Comprehensive Surveys, Change Analysis, Routine Hazard Analysis

• - Documentation.

o Are there documents that provide comprehensive analysis of all potential safety and health hazards of the worksite?

o Are there documents that provide both the analysis of potential safety and health hazards for each new facility, equipment, material, or process and the means for eliminating or controlling such hazards?

o Does documentation exist of the step-by-step analysis of the hazards in each part of each job, so that you can clearly discern the evolution of decisions on safe work procedures?

o If complicated processes exist, with a potential for catastrophic impact from an accident but low probability of such accident (as in nuclear power or chemical production), are there documents analyzing the potential hazards in each part of the processes and the means to prevent or control them?

o If there are processes with a potential for catastrophic impact from an accident but low probability of an accident, have analyses such as "fault tree" or "what if?" been documented to ensure enough back-up systems for worker protection in the event of multiple control failure?

• - Interviews.

o Do employees complain that new facilities, equipment, materials, or processes are hazardous?

o Do any employees say they have been involved in job safety analysis or process review and are satisfied with the results?

o Does the safety and health staff indicate ignorance of existing or potential hazards at the worksite?

o Does the occupational nurse/doctor or other health care provider understand the potential occupational diseases and health effects in this worksite?

• - Site Conditions and Root Causes of Hazards.

o Have hazards appeared where no one in management realized there was potential for their development?

o Where workers have faithfully followed job procedures, have accidents or near-misses occurred because of hidden hazards?

o Have hazards been discovered in the design of new facilities, equipment, materials, and processes after use has begun?

o Have accidents or near-misses occurred when two or more failures in the hazard control system occurred at the same time, surprising everyone?

* REGULAR SITE SAFETY AND HEALTH INSPECTIONS

• Documentation.

o If inspection reports are written, do they show that inspections are done on a regular basis?

o Do the hazards found indicate good ability to recognize those hazards typical of this industry?

o Are hazards found during inspections tracked to complete correction?

o What is the relationship between hazards uncovered during inspections and those implicated in injuries or illness?

• Interviews. Do employees indicate that they see inspections being conducted, and that these inspections appear thorough?

• Site Conditions and Root Causes of Hazards. Are the hazards discovered during accident investigations ones that should have been recognized and corrected by the regular inspection process?

* EMPLOYEE REPORTS OF HAZARDS

• Documentation

o Is the system for written reports being used frequently?

o Are valid hazards that have been reported by employees tracked to complete correction?

o Are the responses timely and adequate?

• Interviews.

o Do employees know whom to contact and what to do if they see something they believe to be hazardous to themselves or coworkers?

o Do employees think that responses to their reports of hazards are timely and adequate?

o Do employees say that sometimes when they report a hazard, they hear nothing further about it?

o Do any employees say that they or other workers are being harassed, officially or otherwise, for reporting hazards?

• Site Conditions and Root Causes of Hazards.

o Are hazards ever found where employees could reasonably be expected to have previously recognized and reported them?

o When hazards are found, is there evidence that employees had complained repeatedly but to no avail?

* ACCIDENT AND NEAR-MISS INVESTIGATIONS

• Documentation.

o Do accident investigation reports show a thorough analysis of causes, rather than a tendency automatically to blame the injured employee?

o Are near-misses (property damage or close calls) investigated using the same techniques as accident investigations?

o Are hazards that are identified as contributing to accidents or near-misses tracked to correction?

• Interviews.

o Do employees understand and accept the results of accident and near-miss investigations?

o Do employees mention a tendency on management's part to blame the injured employee?

o Do employees believe that all hazards contributing to accidents are corrected or controlled?

• Site Conditions and Root Causes of Hazards. Are accidents sometimes caused at least partly by factors that might also have contributed to previous near-misses that were not investigated or accidents that were too superficially investigated?

* INJURY AND ILLNESS PATTERN ANALYSIS

• Documentation.

o In addition to the required OSHA log, are careful records kept of first aid injuries and/or illnesses that might not immediately appear to be work-related?

o Is there any periodic, written analysis of the patterns of near-misses, injuries, and/or illnesses over time, seeking previously unrecognized connections between them that indicate unrecognized hazards needing correction or control?

o Looking at the OSHA 200 log and, where applicable, first aid logs, are there patterns of illness or injury that should have been analyzed for previously undetected hazards?

o If there is an occupational nurse/doctor on the worksite, or if employees suffering from ordinary illness are encouraged to see a nearby health care provider, are the lists of those visits analyzed for clusters of illness that might be work-related?

• Interviews. Do employees mention illnesses or injuries that seem work-related to them but that have not been analyzed for previously undetected hazards?

• Site Conditions and Root Causes of Hazards. (Not generally applicable.)

3. Assessing the Key Components of Hazard Prevention and Control

* APPROPRIATE USE OF ENGINEERING CONTROLS, WORK PRACTICES, PERSONAL PROTECTIVE EQUIPMENT, AND ADMINISTRATIVE CONTROLS

• Documentation.

o If there are documented comprehensive surveys, are they accompanied by a plan for systematic prevention or control of hazards found?

o If there is a written plan, does it show that the best method of hazard protection was chosen?

o Are there written safe work procedures?

o If respirators are used, is there a written respirator program?

• Interviews.

o Do employees say they have been trained in and have ready access to reliable, safe work procedures?

o Do employees say they have difficulty accomplishing their work because of unwieldy controls meant to protect them?

o Do employees ever mention personal protective equipment, work procedures, or engineering controls as interfering with their ability to work safely?

o Do employees who use PPE understand why they use it and how to maintain it?

o Do employees who use PPE indicate that the rules for PPE use are consistently and fairly enforced?

o Do employees indicate that safe work procedures are fairly and consistently enforced?

• Site Conditions and Root Causes of Hazards.

o Do you ever find that controls meant to protect workers are actually putting them at risk or not providing enough protection?

o Are employees engaging in unsafe practices or creating unsafe conditions because rules and work practices are not fairly and consistently enforced?

o Are employees in areas designated for PPE wearing it properly, with no exceptions?

o Are hazards that could feasibly be controlled through improved design being inadequately controlled by other means?

* FACILITY AND EQUIPMENT PREVENTIVE MAINTENANCE

• Documentation.

o Is there a preventive maintenance schedule that provides for timely maintenance of the facilities and equipment?

o Is there a written or computerized record of performed maintenance that shows the schedule has been followed?

o Do maintenance request records show a pattern of certain facilities or equipment needing repair or breaking down before maintenance was scheduled or actually performed?

o Do any accident/incident investigations list facility or equipment breakdown as a major cause?

• Interviews.

o Do employees mention difficulty with improperly functioning equipment or facilities in poor repair?

o Do maintenance employees believe that the preventive maintenance system is working well?

o Do employees believe that hazard controls needing maintenance are properly cared for?

• Site Conditions and Root Causes of Hazards.

o Is poor maintenance a frequent source of hazards?

o Are hazard controls in good working order?

o Does equipment appear to be in good working order?

* EMERGENCY PLANNING AND PREPARATION

• Documentation. Are there clearly written procedures for every likely emergency, with clear evacuation routes, assembly points, and emergency telephone numbers?

• Interviews. When asked about any kind of likely emergency, can employees tell you exactly what they are supposed to do and where they are supposed to go?

• Site Conditions and Root Causes of Hazards.

o Have hazards occurred during actual or simulated emergencies due to confusion about what to do?

o In larger worksites, are emergency evacuation routes clearly marked?

o Are emergency telephone numbers and fire alarms in prominent, easy to find locations?

* ESTABLISHING A MEDICAL PROGRAM

• Documentation. Are good, clear records kept of medical testing and assistance?

• Interviews.

o Do employees say that test results were explained to them?

o Do employees feel that more first aid or CPR-trained personnel should be available?

o Are employees satisfied with the medical arrangements provided at the site or elsewhere?

o Does the occupational health care provider understand the potential hazards of the worksite, so that occupational illness symptoms can be recognized?

• Site Conditions and Root Causes of Hazards.

o Have further injuries or worsening of injuries occurred because proper medical assistance (including trained first aid and CPR providers) was not readily available?

o Have occupational illnesses possibly gone undetected because no one with occupational health specialty training reviewed employee symptoms as part of the medical program?

4. Assessing the Key Components of Safety and Health Training

* ENSURING THAT ALL EMPLOYEES UNDERSTAND HAZARDS

• Documentation.

o Does the written training program include complete training for every employee in emergency procedures and in all potential hazards to which employees may be exposed?

o Do training records show that every employee received the planned training?

o Do the written evaluations of training indicate that the training was successful, and that the employees learned what was intended?

• Interviews.

o Can employees tell you what hazards they are exposed to, why those hazards are a threat, and how they can help protect themselves and others?

o If PPE is used, can employees explain why they use it and how to use and maintain it properly?

o Do employees feel that health and safety training is adequate?

• Site Conditions and Root Causes of Hazards.

o Have employees been hurt or made ill by hazards of which they were completely unaware, or whose dangers they did not understand, or from which they did not know how to protect themselves?

o Have employees or rescue workers ever been endangered by employees not knowing what to do or where to go in a given emergency situation?

o Are there hazards in the workplace that exist, at least in part, because one or more employees have not received adequate hazard control training?

o Are there any instances of employees not wearing required PPE properly because they have not received proper training? Or because they simply don't want to and the requirement is not enforced?

* ENSURING THAT SUPERVISORS UNDERSTAND THEIR RESPONSIBILITIES

• Documentation. Do training records indicate that all supervisors have been trained in their responsibilities to analyze work under their supervision for unrecognized hazards, to maintain physical protections, and to reinforce employee training through performance feedback and, where necessary, enforcement of safe work procedures and safety and health rules?

• Interviews.

o Are supervisors aware of their responsibilities?

o Do employees confirm that supervisors are carrying out these duties?

• Site Conditions and Root Causes. Has a supervisor's lack of understanding of safety and health responsibilities played a part in creating hazardous activities or conditions?

* ENSURING THAT MANAGERS UNDERSTAND THEIR SAFETY AND HEALTH RESPONSIBILITIES

• Documentation. Do training plans for managers include training in safety and health responsibilities? Do records indicate that all line managers have received this training?

• Interviews. Do employees indicate that managers know and carry out their safety and health responsibilities?

• Site Conditions and Root Causes of Hazards. Has an incomplete or inaccurate understanding by management of its safety and health responsibilities played a part in the creation of hazardous activities or conditions?

_____________________________________________________________________________________________

EVALUATING YOUR SAFETY AND HEALTH PROGRAM

Source: Missouri Department of Labor and Industrial Relations

The scenario: Your safety and health program is in place. You have set your goal for the year and clearly stated the objectives, procedures, and activities necessary to meet that goal. Responsibilities have been defined and clearly assigned. Adequate authority and resources have been allocated. People have been trained in their safety and health program roles, and they understand the consequences of failing to perform their assignments.

Your responsibility for employee safety and health does not stop here. The next step -- a critical one -- is to evaluate how well your safety and health program is working.

This process is more than an inspection or an audit. Inspections are necessary to look at the facility, the process, and the individual jobs in order to identify and then to eliminate or control any hazards that may exist. Audits focus on program activities and seek to determine whether specific objectives have been met. For example, if you are assessing employee participation by looking at the activities of the safety committee, you will want to know if that committee met at the intervals specified, and if most of the members attended each meeting. These are audit questions.

But beyond this simple accounting are larger questions. For example, has employee participation at safety committee meetings helped improve the worksite's safety and health program? How is the work of the safety committee helping you meet your goal? These are the kinds of issues addressed by an evaluation.

A safety and health evaluation looks at the systems you have created to carry out your safety and health program. It asks if these systems are working effectively and efficiently. All systems that contribute to your safety and health program should be reviewed. These should include management leadership and the evaluation of that leadership, the analysis of the worksite to identify hazards, hazard prevention and control, accident and near-miss investigations, employee involvement, safety and health training, use of personal protective equipment (PPE), the health program, and the emergency response program. Your site may have additional programs or systems that contribute to the safety and health program. These also will need evaluating.

Who should conduct the evaluation? Although evaluations can be performed by worksite employees, they are best done by people who are knowledgeable about the site's processes and about managing safety and health programs, but who do not work at the site being evaluated.

Evaluation often causes anxiety for workers. You may be able to reduce that anxiety by letting your employees know that the evaluator will be focusing on systems and not on people.

Three useful tools for this evaluation are document review, employee interviews, and review of site conditions. These tools will provide you with the basis for an evaluation report. This report should contain a list of the programs or systems reviewed and a narrative account of the examination of each system or program. It also should contain a schedule of needed changes, with target completion dates, responsible parties, and space to indicate the date when changes are actually completed. Some reports include photographs of excellent situations and those needing improvement. Some provide a grading system, so that each year's results can be compared quickly to previous years. This report should be available to any employee who wants to read it, so it should be written in a straightforward and understandable way, avoiding jargon.

WHAT SHOULD BE EVALUATED?

Ideally, everything that you know to be contributing directly to your safety and health program should be evaluated. OSHA's Safety and Health Program Management Guidelines can help you determine which areas of your program need evaluation. These are the four major areas of the Guidelines, what OSHA calls elements:

1. The demonstration of management leadership and employee involvement through:

o Setting and communicating the safety and health policy;

o Setting and communicating a clear goal and objectives;

o Being visibly involved in employee safety and health;

o Ensuring employee involvement in safety and health problem identification and resolution;

o Assigning clear responsibility for safety and health;

o Giving adequate authority and assuring efficient use of resources;

o Holding all personnel accountable; and

o Ensuring quality.

2. Worksite analysis to identify existing and potential hazards through:

o Comprehensive safety and health hazard surveys;

o Analysis of planned changes to identify hazards that might be introduced;

o Routine hazard analyses, such as:

▪ Job hazard analysis (also known as job safety analysis),

▪ Process hazard analysis (used in industries with complex and hazardous processes), and

▪ Phase hazard analysis (used mainly in construction);

o Periodic worksite inspections, including:

▪ Self-inspections conducted by supervisors in their work areas, and

▪ General inspections of the entire site conducted by safety and health staff;

o Employee reports of hazards;

o Accident/incident investigations; and

o Analysis of injury/illness trends.

3. Hazard prevention and control through:

o Engineering controls;

o Work practice controls;

o Personal protective equipment;

o Administrative controls;

o Disciplinary systems to enforce controls;

o Preventive maintenance;

o Emergency preparedness; and

o Medical program.

o

4. Safety and health training to ensure that all employees know how to protect themselves and others from existing and potential hazards of the worksite.

WHO SHOULD EVALUATE?

Evaluators can be drawn from the workplace safety and health department or the safety committee, but the best evaluators will be people possessing fresh vision. They will not be involved in the day-to-day operations of the site. Look in the corporate safety department, another worksite of the company, insurance companies, and outside consulting firms. Or have two activity managers switch places and evaluate each other's results.

Many workers' compensation insurance carriers offer their clients the services of a certified safety professional and a certified industrial hygienist. These experts are qualified to review your program activities.

Evaluators should be knowledgeable in the technical aspects of occupational safety and health, the management of safety and health, and the evaluation of programs. Of these three areas, management of safety and health is the most important. One source of assistance for training evaluators in safety and health management is the VPP Participants' Association, P.O. Box 991, McLean, VA 22101, telephone (703) 761-1146.

TOOLS FOR COLLECTING INFORMATION USED IN EVALUATION

OSHA has found that there are three indispensable evaluation tools for judging the effectiveness of occupational safety and health program management. These are:

• Document review,

• Interviews with employees at different levels, and

• Review of site conditions.

Documentation

Every worksite will have, at an absolute minimum, written accident reports and the OSHA log of injuries and illnesses as required by law. Major companies should have written procedures and records of all their safety and health programs. The evaluator should compare the written program to the written records of what occurred.

Interviews

In addition to the documentation, interviews can be very helpful in establishing what has occurred. OSHA uses two kinds of interviews, called formal and informal. The formal interviews are conducted privately with randomly selected employees who are asked preselected questions. Informal interviews occur at employee work stations and generally follow a list of topics.

To assess how well the worksite safety and health policy is communicated and understood, and how well the disciplinary system is working, ask the employees to explain them.

To gauge the effectiveness of safety and health training, interview hourly employees and first-line supervisors. Ask employees to describe what hazards they are exposed to, and how they are protected. Ask them to explain what they are supposed to do in several different types of emergencies. Ask supervisors how they teach, how they reinforce the teaching, how they enforce safety and health rules and safe work practices, and what their responsibilities are during emergency situations.

Interviews with management should focus on its involvement in and commitment to the safety and health program. Ask how the policy statement was created, and how that statement is communicated to all employees. Ask what information management receives about the safety and health activities, and what action management takes as a result of that information. Ask how management's commitment to safety and health is demonstrated to the workforce.

Review of Site Conditions

The conditions at the worksite reveal much about the safety and health program's effectiveness. Worksite conditions can be observed indirectly by examining documents such as inspection reports of hazards, employee reports of hazards, and accident/incident investigations.

Site tours also may reveal hazards. Be careful, however, that the site tour does not become a routine inspection, with emphasis only on hazard correction. When a hazard is found, certainly take steps to ensure its correction. But in addition, ask what management system(s) should have prevented or controlled the hazard. Determine why system(s) failed, and either change them or take other appropriate corrective measures.

DO PROGRAM ACTIVITIES GET RESULTS?

Time and resources can be wasted when safety and health program activities do not achieve the desired results. Each year, activities should be planned with the intention of achieving specific objectives. These objectives, in turn, are geared toward reaching the safety and health program's goal.

As an example, a company's goal is:

Develop a comprehensive safety and health program that effectively protects employees by preventing or controlling existing and potential workplace hazards.

To reach this goal, one objective this year is:

Develop a comprehensive preventive maintenance program.

The company expects that achieving this objective will require more than 1 year. For the current year, the company plans to undertake two activities, each with governing procedures:

Activity 1: Create preventive maintenance checklists for all classes of company vehicles. Procedure: By Feb. 1, Transportation Department Chief will hold joint meeting of all drivers and vehicle maintenance mechanics to determine maintenance needs and create checklist of preventive maintenance tasks. Checklist will assign responsibilities to appropriate staff, indicate required time frames, and provide for sign-off.

Activity 2: Conduct a survey of non-vehicle machinery throughout the worksite to determine preventive maintenance needs. Procedure: By Feb. 1, each Department will submit to Maintenance Department a list of all machinery located within the Department, together with notations about operating problems, hazards, maintenance needs. By Mar. 1, Maintenance Department Chief and staff will visit each Department to examine machinery and to discuss needs with operators. By Apr. 1, a comprehensive report will be submitted to Vice-President for Operations, inventorying machinery and indicating maintenance needs and suggested maintenance schedule.

The end-of-year safety and health program evaluation will determine whether these activities were conducted and whether they had the desired effect, i.e., successfully began the process of developing a comprehensive preventive maintenance program. The evaluation will then examine the value of this objective: did the achievement of this phase of a preventive maintenance program move the company closer to its targeted safety and health goal? If this analysis finds program efforts that are ineffective and do not contribute to the goal, the evaluation should include recommendations for program changes or deletions or additions for the next year.

Activities and Procedures

Do the actual safety and health program activities and the procedures for implementing them bring the expected results?

Larger worksites. Large companies will have written procedures for the major activities of their safety and health program. They also will have written records of those activities as they were performed. Evaluating whether the written procedures were followed in the period evaluated, or how well they were followed, is an audit function of quality assurance or program evaluation.

Smaller worksites. Even if yours is a smaller business with more limited recordkeeping, you still should put some effort into thinking about how safety and health activities were carried out for the period evaluated, and whether the results achieved were those expected at the outset.

Sample questions. The precise questions you should ask will depend upon the activity being audited and the way the activity was to be accomplished. For example, if plans call for a certain person to carry out the inspection program, did this person actually conduct the inspections? In many workplaces, inspections are conducted by the person with the most expertise along with members of the site safety and health committee. Was the expert present during every inspection? Did the employee members always participate?

Other questions about inspections might include the following:

• Is there evidence that the inspectors went to every part of the worksite that was specified in the inspection plans?

• Did their reports indicate that the inspectors were finding the kinds of hazards they were trained to recognize?

• Was hazard correction appropriately assigned?

• Were the hazards corrected in an appropriate and timely manner?

• Was the correction tracked to completion?

Similar questions should be asked about each activity under the safety and health program. When a discrepancy is found between the original plan and actual execution of the activity, assess which way best meets the safety and health objectives and goal. Then make sure that everyone follows that procedure.

Objectives

The objectives connect the goal for the safety and health program to the program procedures and activities.

Objectives that can be audited. Sometimes a program objective will be to complete a new or improved activity. For example, suppose the objective states, "Complete one job safety analysis each month, with follow-up revision of safe work procedures and employee training in the following month." In this case, the objective describes the frequency of activities rather than the desired result. An evaluation of this objective involves no more than determining whether the activities occurred. Therefore, an audit will be appropriate. Look for evidence that job safety analyses were done each month. Is there evidence that revisions of procedures and training also were made each month as a result of the previous month's job safety analysis? If the answer is yes, and other program evaluation reveals no need to do anything differently, the frequency of these activities will become an ongoing subject of audit.

Objectives that must be evaluated. Ordinarily, objectives should focus on the results desired from the program activities. For example, an objective might state, "Identify and assign all areas of safety and health responsibility that are not presently clearly assigned, so that all safety and health responsibilities can be successfully carried out." A set of activities will be needed to accomplish this objective. The activities might include assigning a committee to list all the safety and health responsibilities; reviewing assignment of those responsibilities; identifying missing, duplicate, and unclear assignments; and recommending clearer assignments.

In this case the evaluation will focus on whether the objective was accomplished. That is, were all areas of safety and health responsibilities that were not clearly defined actually identified and clarified? Perhaps these areas were identified but the corrections not made because the Personnel Department needed to first rewrite seven major job descriptions to get the responsibilities correctly assigned. This, then, leads to a new objective, to get the seven job descriptions rewritten with clearer assignment of safety and health responsibilities. If all safety and health areas have been identified and clarified, this objective will not lead to another objective.

As another example, say the objective is to increase employee safety and health awareness by involving the employees' families in a safety and health awareness program. The evaluation will seek to measure the difference between employee awareness before the family program and after it. One way to measure that difference is to ask the employees who participated in the program to complete a questionnaire. Another is to select employees randomly and ask them if they thought their awareness was increased. Still another is to ask supervisors if they perceived a difference in employee awareness after the family program began. If, after using some type of meaningful measurement tool, the findings indicate that the program has increased awareness, it will make sense to designate the family program an ongoing activity subject to audit. If the findings show no measurable increase in awareness, then the family program can be changed or another activity substituted. The altered objective will then be to increase employee awareness by this new means.

Goal

The goal is the ultimate intention of the safety and health program, its basic aim.

Objectives should be evaluated to make sure they are leading to the program goal. For example, suppose the goal is the development of a comprehensive and effective safety and health program, and one of the objectives intended to achieve that goal is, "Hold monthly safety meetings for all employees." Since this is an activity objective, it can be audited to determine whether safety meetings are actually being held. But the next question is, "Did achieving this objective help fulfill the goal of the safety and health program?" In other words, did the safety meetings help employees understand the hazards to which they are exposed and result in plans to reduce exposure?

There are various ways to collect such information. A sign-off sheet can indicate who attended the training. The same sheet can ask employees to describe hazards and potential hazards that exist in their work area and ways to better control them. If there is no sign-off sheet, interviews with some randomly selected employees can reveal their opinion of whether the meetings improved their understanding of hazards and resulted in plans to control them. Interviews with supervisors can reveal whether employees exhibited better understanding after training.

If the results indicate that not much was learned at these sessions, ask further questions to see what went wrong. In this way, all the objectives can and should be checked to see if they are helping achieve the goal.

Program evaluation can identify activities that are not really helping to improve worksite safety and health. In so doing, evaluation can save you time, effort, and money.

Evaluation Judgments

The important work of gathering information about safety and health program activities is the most time-consuming part of program evaluation. It is, however, the easiest to understand and accomplish. The hardest part is making judgments about program effectiveness.

Employers should draw up appropriate, site-specific procedures for gathering information and making judgments. You may also want to add environmental, product safety, or security considerations to the evaluation process. The questions you ask should be based on individual site program activities and site objectives.

Insist that the evaluator determine the program's bottom line profitability, its real benefit. In other words, which activities contribute to the safety and health goal, and which do not? Judgments and decisions made by evaluators should be driven by this quest for profitability, by which we mean improvement in safety and health protection. Do not accept a narrative that only describes the program. Insist that the hard questions about program effectiveness be addressed.

HOW TO USE THE EVALUATION

The evaluation will prove valuable only if it leads to improved performance in meeting the safety and health goal. Some of the recommendations that result from the evaluation will be for one-time corrections. Many, however, will involve changing emphasis or trying new activities. These recommendations should be incorporated into the objectives for the next year. Consider establishing, as a permanent objective, an audit of the procedures that your program sets for safety and health program activities.

Larger Worksites

The evaluation should result in a written report with written recommendations and documented follow-up to those recommendations. It may be useful to refer to past years' evaluations when preparing new ones or when planning new objectives. If you find that the same recommendations are being made year after year, the process of implementing and tracking recommendations to completion needs improvement.

Smaller Worksites

At smaller sites a written evaluation report may not be practical. However, it is important to set aside time to think about desired changes. The evaluation process already has involved considering what was done during the course of the year, talking to people, looking at the site's working conditions, and reviewing available documents. Next, decide what you want to do differently and make sure that everyone understands what is expected.

SUMMARY

By using this information to perform annual evaluations, you will be able to compute your company's safety and health bottom line, just as you now can calculate your organization's financial bottom line. You will have the information needed to make knowledgeable and effective decisions promoting workplace safety and health.

___________________________________________________________________________________________

Analysis

Source: FAA System Safety Handbook, Ch. 12.

What is the Purpose of the Hazard Analysis?

Hazard analysis is performed to identify and define hazardous conditions/risks for the purpose of their elimination or control. The analysis examines the system, subsystems, components, and interrelationships.

Steps in performing a hazard analysis:

1. Describe and bound the system in accordance with system description.

2. Perform functional analysis if appropriate to the system under study.

3. Develop a preliminary hazard list.

4. Identify contributory hazards, initiators, or any other causes.

5. Establish hazard control baseline by identifying existing controls when appropriate.

6. Determine potential outcomes, effects, or harm.

7. Perform a risk assessment of the severity of consequence and likelihood of occurrence.

8. Rank hazards according to risk.

9. Develop a set of recommendations and requirements to eliminate or control risks

10. Provide managers, designers, test planners, and other affected decision makers with the information and data needed to permit effective trade-offs

11. Conduct hazard tracking and risk resolution of medium and high risks. Verify that recommendations and requirements identified in Step 9 have been implemented.

12. Demonstrate compliance with given safety related technical specifications, operational requirements, and design criteria.

What are the Basic Elements of A Hazard Analysis?

The analytical approach to safety requires four key elements if the resulting output is to impact the system in a timely and cost effective manner. They are:

1. Hazard identification

2. Hazard evaluation

3. Hazard resolution

4. Timely solutions

These concepts are described in detail below:

Identification of a risk is the first step in the risk control process. Identifying a risk provides no assurance that it will be eliminated or controlled. The risk must be documented, evaluated (likelihood and severity), and when appropriate, highlighted to those with decision making authority.

Evaluation of risks requires determination of how frequently a risk occurs and how severe it could be if an accident occurs as a result of the hazards. A severe risk that has a realistic possibility of occurring requires action; one that has an extremely remote chance may not require action. Similarly, a non-critical accident that has a realistic chance of occurring may not require further study. Frequency may be characterized qualitatively by terms such as "frequent" or "rarely." It may also be measured quantitatively such as by a probability (e.g., one in a million flight hours). In summary, the evaluation step prioritizes and focuses the system safety activity and maximizes the return-on-investment for safety expenditures.

The timing of safety analysis and resulting corrective action is critical to minimize the impact on cost and schedule. The later in the life cycle of the equipment that safety modifications are incorporated, the higher the impact on cost and schedule. The analysis staff should work closely with the designers to feed their recommendations or, at a minimum, objections back to the designers as soon as they are identified. A safe design is the end product, not a hazard analysis. By working closely with the design team, hazards can be eliminated or controlled in the most efficient manner. An inefficient alternate safety analysis approach is when the safety engineer works alone in performing an independent safety analysis and formally reports the results. This approach has several disadvantages.

Significant risks will be corrected later than the case where the design engineer is alerted to the problem shortly after detection by the safety engineer. This requires a more costly fix, leads to program resistance to change, and the potential implementation of a less effective control. The published risk may not be as severe as determined by the safety engineer operating in a vacuum, or overcome by subsequent design evolution.

Once the risks have been analyzed and evaluated, the remaining task of safety engineering is to follow the development and verify that the agreed-upon safety requirements are met by the design or that the risks are controlled to an acceptable level.

What is the Relationship Between Safety and Reliability? Reliability and system safety analyses complement each other. They can each provide the other more information than obtained individually. Neither rarely can be substituted for the other but, when performed in collaboration, can lead to better and more efficient products.

Two reliability analyses (one a subset of the other) are often compared to hazard analyses. Performance of a Failure Modes and Effects Analysis (FMEA) is the first step in generating the Failure Modes, Effects, and Criticality Analysis (FMECA). Both types of analyses can serve as a final product depending on the situation. An FMECA is generated from a FMEA by adding a criticality figure of merit. These analyses are performed for reliability, and supportability information. A hazard analysis uses a top-down methodology that first identifies risks and then isolates all possible (or probable) causes. For an operational system, it is performed for specific suspect hazards. In the case of the hazard analysis, failures, operating procedures, human factors, and transient conditions are included in the list of hazard causes.

The FMECA is limited even further in that it only considers hardware failures. It may be performed either top-down or bottom-up, usually the latter. It is generated by asking questions such as "If this fails, what is the impact on the system? Can I detect it? Will it cause anything else to fail?" If so, the induced failure is called a secondary failure.

Reliability predictions establish either a failure rate for an assembly (or component) or a probability of failure. This quantitative data, at both the component and assembly level, is a major source of data for quantitative reliability analysis. This understanding is necessary to use it correctly. In summary, however, hazard analyses are first performed in a qualitative manner identifying risks, their causes, and the significance of hazards associated with the risk.

What General Procedures Should Follow in the Performance of a Hazard Analysis?

1. Establish safety requirements baseline and applicable history (i.e., system restraints):

• Specifications/detailed design requirements

• Mission requirements (e.g., How is it supposed to operate?)

• General statutory regulations (e.g., noise abatement)

• Human factors standardized conventions (e.g., switches "up" or "forward" for on)

• Accident experience and failure reports

2. Identify general and specific potential accident contributory factors (hazards):

• In the equipment (hardware, software, and human)

• Operational and maintenance environment

• Human machine interfaces (e.g., procedural steps)

• Operation

• All procedures

• All configurations (e.g., operational and maintenance)

3. Identify risks for each contributory factor (e.g., risks caused by the maintenance environment and the interface hazards). An example would be performing maintenance tasks incompatible with gloves in a very cold environment.

4. Assign severity categories and determine probability levels. Risk probability levels may either be assigned qualitatively or quantitatively. Risk severity is determined through hazard analysis. This reflects, using a qualitative measure, the worst credible accident that may result from the risk. These range from death to negligible effect on personnel and equipment. Evaluating the safety of the system or risk of the hazard(s), quantitatively requires the development of a probability model and the use of Boolean algebra. The latter is used to identify possible states or conditions (and combinations thereof) that may result in accidents. The model is used to quantify the likelihood of those conditions occurring.

5. Develop corrective actions for critical risks. This may take the form of design or procedural changes.

What Outputs Can Be Expected from a Hazard Analysis?

• An assessment of the significant safety problems of the program/system

• A plan for follow-on action such as additional analyses, tests, and training

• Identification of failure modes that can result in hazards and improper usage

• Selection of pertinent criteria, requirements, and/or specifications

• Safety factors for trade-off considerations

• An evaluation of hazardous designs and the establishment of corrective/preventative action priorities

• Identification of safety problems in subsystem interfaces

• Identification of factors leading to accidents

• A quantitative assessment of how likely hazardous events are to occur with the critical paths of cause

• A description and ranking of the importance of risks

• A basis for program oriented precautions, personnel protection, safety devices, emergency equipment-procedures-training, and safety requirements for facilities, equipment, and environment

• Evidence of compliance with program safety regulations.

Qualitative and Quantitative Analysis

Hazard analyses can be performed in either a qualitative or quantitative manner, or a combination of both.

Qualitative Analysis A qualitative analysis is a review of all factors affecting the safety of a product, system, operation, or person. It involves examination of the design against a predetermined set of acceptability parameters. All possible conditions and events and their consequences are considered to determine whether they could cause or contribute to injury or damage. A qualitative analysis always precedes a quantitative one. The objective of a qualitative analysis is similar to that of a quantitative one. Its method of focus is simply less precise.

Qualitative analysis verifies the proper interpretation and application of the safety design criteria established by the preliminary hazard study. It also verifies that the system will operate within the safety goals and parameters established by the Operational Safety Assessment (OSA). It ensures that the search for design weaknesses is approached in a methodical, focused way.

Quantitative Analysis

Quantitative analysis takes qualitative analysis one logical step further. It evaluates more precisely the probability that an accident might occur. This is accomplished by calculating probabilities.

In a quantitative analysis, the risk probability is expressed using a number or rate. The objective is to achieve maximum safety by minimizing, eliminating, or establishing control over significant risks. Significant risks are identified through engineering estimations, experience, and documented history of similar equipment.

A probability is the expectation that an event will occur a certain number of times in a specific number of trials. Actuarial methods employed by insurance companies are a familiar example of the use of probabilities for predicting future occurrences based on past experiences. Reliability engineering uses similar techniques to predict the likelihood (probability) that a system will operate successfully for a specified mission time. Reliability is the probability of success. It is calculated from the probability of failure, in turn calculated from failure rates (failures/unit of time) of hardware (electronic or mechanical). An estimate of the system failure probability or unreliability can be obtained from reliability data using the formula:

P = 1-e-lt

Where P is the probability of failure, e is the natural logarithm, l is the failure rate in failures per hour, and t is the number of hours operated.

However, system safety analyses predict the probability of a broader definition of failure than does reliability. This definition includes:

• A failure must equate to a specific hazard

• Hardware failures that are hazards

• Software malfunctions

• Mechanically correct but functionally unsafe system operation due to human or procedural errors

• Human error in design

• Unanticipated operation due to an unplanned sequence of events, actions or operating conditions.

• Adverse environment

It is important to note that the likelihood of damage or injury reflects a broader range of events or possibilities than reliability. Many situations exist in which equipment can fail and no damage or injury occurs because systems can be designed to fail safe. Conversely, many situations exist in which personnel are injured using equipment that functioned reliably (the way it was designed) but at the wrong time because of an unsafe design or procedure. A simple example is an electrical shock received by a repair technician working in an area where power has not failed.

_____________________________________________________________________________________________

The 5 Whys Technique

Source: USCG Risk-based Decision-making (RBDM) Guidelines.

The 5 Whys technique is a simpler form of fault tree analysis for investigations, especially investigations of specific accidents as opposed to chronic problems.

The 5 Whys technique is a brainstorming technique that identifies root causes of accidents by asking why events occurred or conditions existed.

The 5 Whys process involves selecting one event associated with an accident and asking why this event occurred. This produces the most direct cause of the event. For each of these subevents or causes, ask why it occurred. Repeat the process for the other events associated with the accident.

Limitations of the 5 Whys technique

The 5 Whys technique is an effective tool for determining causal factors and identifying root causes. However, it does have three primary limitations:

• Brainstorming is time consuming. Compared to other techniques, the 5 Whys technique can be time consuming. The brainstorming process can be tedious for team members trying to reach consensus. This is especially true for large teams.

• Results are not reproducible or consistent. Another team analyzing the same issue may reach a different solution. The brainstorming process is very difficult, if not impossible, to duplicate.

• Root causes may not be identified. Like event and causal factor charting, the 5 Whys technique does not provide a means to ensure that root causes have been identified.

[pic]

Creating a Simplified Fault Tree for Root Cause Analysis

[pic]

Step 1. Define an event of interest as the TOP event of the fault tree

Clearly describe a specific, known event of interest for which you will explore the potential underlying causes. Events such as the primary events and conditions and the secondary events and conditions can be the events of interest. Examples might be, "Flow control valve FCV-1 opened prematurely" or "The room temperature was greater than 80 ºF." Typically, the event of interest for a fault tree is an equipment or system failure or a human error.

When using a fault tree as the primary analysis tool, the accident is the TOP event.

Step 2. Define the next level of the tree

Determine the combinations of events and conditions that can cause the event to occur. If two or more events must occur to cause the event, use an AND gate and draw the events under the AND gate. For example, for a fire to exist, fuel, an oxygen source, and an ignition source must all occur simultaneously. If there are multiple ways for an event to occur, use an OR gate. For example, the fuel for a fire can be paper or gasoline.

Regardless of whether an AND gate or an OR gate is selected, this level of development is a "baby step." It should be the smallest logical step, within reason, toward the underlying potential causes of the event above it. Taking too large a step can cause you to overlook important possibilities. Remember to include equipment failures, human errors, and external events as appropriate.

After the tree level is developed, test the tree for logic. Start with each event at the bottom of the tree. Does the logic of the tree reflect your understanding of the event or system? If an event is connected to an OR gate above, then it must be enough to cause the event above. If an event is connected to an AND gate above, is it required to cause the event above? Must ALL of the other events connected to the AND gate also occur for the event above to occur?

Step 3. Develop questions to examine the credibility of branches

Develop questions to test the credibility of each branch. What evidence would be present if this branch were true?

Step 4. Gather data to answer questions

Gather data to answer the questions that were generated in the previous step.

Step 5. Use data to determine the credibility of branches

Use the data gathered in the previous step to evaluate which branches of the tree do or do not contribute to the event of interest. Do the data support or refute the presence of this branch? Do you have sufficient information to determine the credibility of the branch? If not, you need to gather more data or continue on to the next level of the tree. Cross out any branches that you can dismiss with high confidence, and list the specific data used to make this determination beneath the crossed-out branch.

For chronic problems, assigning probabilities (i.e., percentages) to the various events will help characterize the types of events that occur most often. For chronic events, you may not be able to address every type of event that occurs, so you need to focus on those that occur most frequently. These percentages will be used in Step 6 to determine if we need to develop the event further.

If all branches leading to the event of interest through an OR gate or one or more branches leading to the event of interest through an AND gate are eliminated, either (1) the event of interest did not occur, (2) some of the data are inaccurate or were misapplied, or (3) other ways exist for the event of interest to occur.

Step 6. Is the branch credible?

Determine if the branch is credible. For acute problems, if the branch is credible, continue on to Step 7. If the branch is not credible, proceed to Step 8. For chronic problems, if the percentage of events for this branch is high, continue on to Step 7. If the percentage of events for this branch is low, proceed to Step 8.

Step 7. Is the branch sufficiently developed?

Determine if the branch is sufficiently developed. The branch is complete when it is detailed enough to allow an understanding of how the top event occurs. If the branch is not complete, return to Step 2. If the branch is complete, move on to Step 9.

Step 8. Stop branch development

There is no reason to develop the branch further if you have determined it is not credible. Stop development of this branch and move on to Step 9.

Step 9. Stop when the scenario model is "complete"

The model is complete when you have a clear understanding of how the accident occurred. Keep your model "barely adequate" for identifying the issues of concern for your analysis; avoid unnecessary detail or resolution that will not influence your results. For acute problems, if you have more than one possible way for the event of interest to have occurred and cannot gather data to dismiss any of the remaining possibilities, you should consider each as a potential causal factor and make recommendations to prevent each. For chronic problems, you will typically need to address a number of primary contributors to the event of interest.

Step 10. Identify causal factors (optional)

If the fault tree method is being used as the primary analysis tool, causal factors should be identified.

Remember, you need not be, and probably will not be, the subject matter expert for the analysis. Use the expertise of others to help you develop the fault tree structure and apply the known data to dismiss branches appropriately.

Use Post-it® Notes to "draw" the tree

• Allows for rapid revision of the tree

• Use different colors for different items

o green (events)

o yellow (OR gates)

o pink (AND gates)

Conclusions about 5 Whys

• Resulting subevents and conditions should be at or near the root causes of the event

• More or less detailed evaluation may be necessary for some cases to reach management system root causes

• Judgment and experience are key factors in selecting the right level of evaluation and the completeness of results

• This technique can be time consuming compared to techniques that do not require brainstorming

• This technique works, even when the management systems are ill defined

• The results are not reproducible or consistent, but the application is auditable

___________________________________________________________________________________________

Event and Causal Factor Charting

[pic]

Event and causal factor charting is a written or graphical description for the time sequence of contributing events associated with an accident. The charts produced in event charting consist of the following elements:

Condition. A distinct state that facilitates the occurrence of an event. A condition may be equipment status, weather, employee health, or anything that affects an event.

Event. A point in time defined by a specific action occurring

Accident. Any action, state, or condition in which a system is not meeting one or more of its design intents. Includes actual accidents and near misses. This event is the focus of the analysis.

Primary event line. The key sequence of occurrences that led to the accident. The primary event line provides the basic nature of the event in a logical progression, but it does not provide all of the contributing causes. This line always contains the accident, but it does not necessarily end with an accident event. The primary event line can contain both events and conditions.

Primary events and conditions. The events and conditions that make up the primary event line

Secondary event lines. The sequences of occurrences that lead to primary events or primary conditions. The secondary event lines expand the development of the primary event line to show all of the contributing causes for an accident. Causal factors are almost always found in secondary event lines, and most event and causal factor charts have more than one secondary event line. Note that the secondary event lines can contain both events and conditions.

Secondary events and conditions. The events and conditions that make up a secondary event line

Causal factors. Key events or conditions that, if eliminated, would have prevented an accident or reduced its effects. Causal factors are such things as human error or equipment failure, and they commonly include the following:

• The initiating event for an accident

• Each failed safeguard

• Each reasonable safeguard that was not provided

Items of note. Undesirable events or conditions identified during an analysis that must be addressed or corrected but did not contribute to the accident of interest. These are shown as separate boxes outside the event chain.

Limitations of Event and Causal Factor Charting

Although event charting is an effective tool for understanding the sequence of contributing events that lead to an accident, it does have two primary limitations:

Will not necessarily yield root causes. Event charting is effective for identifying causal factors. However, it does not necessarily ensure that the root causes have been identified, unless the causal factor is the root cause.

Overkill for simple problems. Using event charting can overwork simple problems. A two-event accident probably does not require an extensive investigation of secondary events and conditions.

Procedure for Event and Causal Factor Charting

[pic]

1.0 Gather and organize data. Collect known data for actors associated with the accident. An actor is a person, parameter, or object that has an action in the event chain. Organize the data into a timeline. Review data for consistency and gaps. This step is not always necessary for simple events.

[pic]

2.0 Select the accident. Define the accident of interest. If there is more than one accident, choose the last one to occur.

[pic]

3.0 Define the primary sequence of events leading to the accident. Outline the thumbnail sketch of the sequence of events leading to the accident. Work backward from the accident, making certain that each subsequent event is the one that most directly leads to the previous event.

[pic]

Draw events using the guidance in the table and bullets below.

• Draw events as rectangles

o describe events specifically with one noun and one action verb

o use quantitative descriptions when possible to characterize events

o include the timing of the event when known

o use solid lines for known events and dashed lines for assumed events

• Draw conditions as ovals

o describe conditions specifically using a form of the verb to be

o use quantitative descriptions to characterize conditions

o include the timing and duration of the condition when known

o use solid lines for known conditions and dashed lines for assumed conditions

[pic]

4.0 Complete the model by adding secondary events and conditions. Add secondary events and conditions as appropriate to ensure that all events and conditions leading to an accident are sufficient and necessary to cause the accident. Add events as appropriate to display the contributors to the secondary events and conditions.

[pic]

5.0 Identify causal factors and items of note. Designate the underlying contributors to the accident as causal factors. Document any items of note.

The following is an example accident scenario and the resulting event and causal factor chart.

Example

A barge carrying gasoline and diesel ran aground in an environmentally sensitive area. The accident was a spill of 1,500 gallons of gasoline and 120 gallons of diesel fuel into a bay, which is an especially sensitive environmental area. This accident was described as "gasoline and diesel spill continued (1,500 gallons of gasoline and 120 gallons of diesel)," and it is shown on the second page of the event and causal factor chart that follows. The chart traces the sequence of events from the initiating event as the barge got under way through the grounding event, which resulted in the gasoline and oil spill. The chart continues to trace the sequence of events from the initial oil spill through spill identification, response, and control actions implemented by both the Coast Guard and local authorities. The event chart identifies 10 causal factors judged to be significant contributors to the accident. The event and causal factor chart also identifies one item of note revealed during the investigation.

_____________________________________________________________________________________________

HAZARD ASSESSMENT AND ANALYSIS

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

If you are to protect your employees from workplace hazards you first must understand just what those hazards are. Are you sure you know all of the potential hazards generally associated with your type of business and your specific working conditions?

A means of systematically assess and analyze all workplace hazards would be useful. Useful methods to accomplish this are:

• Periodic, comprehensive safety, industrial hygiene and health surveys:

• Change analysis of the potential hazards in new facilities, equipment, materials and processes; and

• Routine hazard analysis, such as job hazard analysis, process hazard analysis or phase hazard analysis.

These three major actions -- comprehensive surveys, change analysis, and routine hazard analysis -- form the basis from which good hazard prevention and control can develop. After hazards are recognized and controls are put in place, additional worksite analysis tools can help ensure that the controls stay in place and that other hazards do not appear. For detailed discussions of these additional tools, such as inspections, employee reports of hazards, accident and incident investigations, and accident pattern analysis, you should refer to other chapters.

But first you need to understand the existing and potential hazards in your workplace.

COMPREHENSIVE SURVEYS

Who Should Do the Survey?

While safety inspections often are done by employees at the site, OSHA believes that comprehensive surveys ideally should be performed by people who can bring to your workplace fresh vision and extensive knowledge of safety, health, or industrial hygiene. Because there are few professional consultants equipped to do comprehensive surveys in all three areas, the best approach is to use a team consisting of three separate specialists: a safety professional, an industrial hygienist, and an occupational health professional.

The occupational health professional can be a physician or a registered nurse with specialized training and experience in occupational health. He/she can assist the safety or industrial hygiene professional or can do a separate health survey, depending on the circumstances of your site.

For small businesses, safety and industrial hygiene experts usually can be found in the OSHA-funded, State-run consultation service. Occupational health professionals sometimes can be found at local clinics and hospitals, or may be no farther away than the plant nurse. Many workers' compensation carriers and other insurance companies offer expert services to help their clients evaluate safety and health hazards. Numerous private consultants provide a variety of safety and health expert services. Larger businesses may find the needed expertise at the company or corporate level.

If you use experts from within your company, be on guard for "tunnel vision," which can lead to a failure to spot hazards in areas not directly related to your firm's primary function. You want your maintenance shop, for example, to be just as safe as your production line. OSHA frequently finds unguarded saws and grinders, non-code electrical wiring, and other basic safety hazards in areas that are outside the main production process but regularly used by employees.

For the industrial hygiene survey you should, at a minimum, inventory all chemicals and hazardous materials in the plant, review your hazard communication program, and analyze air samples. For many industries, a survey of noise levels and a review of the respirator program also will be vital.

Questions to Ask Before Contracting for a Survey:

To ensure that your worksite will receive the comprehensive survey envisioned by the Guidelines, you may want to ask potential surveyors certain questions:

• What type of training and experience has your prospective surveyor had?

o How recent is it?

o What is its scope? Is it limited to your industry only? Does it consist of only practical experience, without formal training?

o If he/she has professional certification, is it still valid, or has it lapsed for lack of recent training or seminar attendance?

• Ask for references and check those where comprehensive surveys have been done recently.

o Ask references whether any OSHA inspections occurred after the survey and if so, whether any serious hazards were found that the consultant had missed.

o Find out what tools the consultant brought along, and what the survey covered.

• What kind of information will he/she need in advance? A professional who is planning an in-depth survey will prepare by learning beforehand as much as possible about your worksite and its processes.

o Both safety and industrial hygiene professionals will probably want to see a layout of your operations.

o The industrial hygienist may ask for a list of the chemicals you use or the Material Safety Data Sheets (MSDSs) you have received from your suppliers and the types of processes in which you use them.

• What kind of test equipment will the consultant bring?

o You should expect the safety professional to bring: a tape measure; a ground loop circuit tester to test electrical circuits; a multi-meter or Wiggins (for 220 and/or 440 volts only); a tic tracer (or similar equipment) to check wire or electrical equipment to see if they are energized; and a ground fault circuit interrupter tester.

o The industrial hygienist should bring noise testing equipment and, depending upon the chemicals or other contaminants expected, sampling pumps or grab sampling devices.

• How long will the survey take?

o It should take several times longer than a routine inspection of your worksite.

o If the industrial hygienist does sampling, it should be time-weighted, 8- hour or full-shift sampling to understand the overall exposure to employees.

How Will You Know the Surveyor Has Done a Thorough Job?

Here are some signs of a thorough survey:

• Safety professionals, industrial hygienists and occupational health professionals should start with your injury and illness logs and look for patterns.

o The safety professional also may want to see other program documentation.

o The industrial hygienist and occupational health professional will want to see your hazard communication program, and if applicable, your hearing conservation and/or respirator program.

o The occupational health professionals will want to see your records of employee visits to clinics, fist aid stations and other sites where treatment is given for work-related illness and injury. They will want to examine records of employee training in first aid, CPR and EMT. Baseline and follow-up testing records probably will be reviewed also.

• The safety professional should start at the beginning of your process, where raw materials are brought in, and carefully go through all your processes, watching each operation and talking to employees, until the point where your worksite's product is shipped out or otherwise completed. He/she should:

o Watch how materials are handled from the time they are received and how they are moved and stored, checking the stability of storage racks and the safe storage of flammables/explosives;

o Check the openings that expose moving parts for pinch points and other hazards;

o Check hand tools and equipment and wiring in the maintenance shop;

o Arrange to see operations on every shift and to observe any after-hours operations, such as clean-up or forklift battery recharging;

o Show interest in how you manage your hazard prevention and control program;

o Open every door and look in every corner of your facility;

o Walk around the outside of buildings to check on such things as chocks for trucks at the loading/unloading docks, fork lift ramps, outdoor storage of flammable/explosives and any fueling areas;

o Suggest target tasks for job safety analysis, especially those tasks that might involve ergonomic hazards; and

o Assist in developing or improving your injury reduction program.

• The industrial hygienist and occupational health professional also should start at the beginning of your production operation, observe all processes, talk to employees, and follow the production flow to the point of shipping They will want to:

o Make a list of all hazardous chemicals that can be found in the worksite (as required by 29 CFR 1910.1200(e), OSHA's Hazard Communication standard), or check the accuracy of your existing inventory list;

o Determine what metals are used in any welding operations;

o Check any production areas where eating or smoking is allowed;

o Check for the possible presence of asbestos, lead, other carcinogens, etc;

o If respirators are used, check whether you are using each brand properly, how you fit test each employee, whether pulmonary function testing is done, and how the respirators are cleaned, maintained, and stored;

o Do full-shift sampling of contaminants thought to be present in order to understand the overall exposure to employees;

o Watch the movements workers make in performing their jobs to see if there are existing or potential cumulative trauma disorders (CTDs) or other ergonomic hazards;

o Possibly suggest processes for routine process hazard analysis; and

o Help you set up or improve regular monitoring programs for any contaminants or other health hazards found to be present.

Note: The items above are signs of a thorough survey. They do not constitute an exhaustive list of activities you should expect.

The baseline survey should provide the basic inventory of hazards and potential hazards of your worksite. This hazard inventory will be expanded and improved by what you learn from later periodic surveys, change analysis and routine hazard analysis. However, the foundation of your inventory is the baseline comprehensive survey. Consequently, it is very important that this initial survey be done well.

Follow-up Surveys

You need periodic follow-up surveys if you are to apply the rapidly growing scientific and engineering knowledge about hazards, their prevention, and their control. These follow-ups also help uncover the hazards that develop as processes and procedures evolve over time. The frequency of follow-up surveys will depend upon the size and complexity of your operations.

INVOLVING WORKERS IN ESTABLISHING THE INVENTORY

Whenever you can, do use the special knowledge your workers have gained from their close involvement with equipment, materials, and processes. You should encourage your employees to communicate openly with the professionals who do the comprehensive surveys.

Don't make the mistake of limiting your employees' involvement to what they can tell the professionals during general hazard surveys. Ensure worker participation in the various kinds of hazard analysis discussed below. It makes sense to involve them in change analysis of new equipment and/or processes because of their valuable insights into how things really will work. As indicated in the section on job hazard analysis, many companies regularly include hourly operators in this activity. Employees can play a similar role in process hazard analysis. In addition to the benefit that you receive from their insights, they also profit. Greater understanding of hazards, prevention, and control helps employees do a better job of protecting themselves and their coworkers.

CHANGE ANALYSIS

Before Making changes in the Worksite, Analyze the Changes to Identify Potential Hazards

Anytime you bring something new into your worksite, whether it be a piece of equipment, different materials, a new process, or an entirely new building, you unintentionally may introduce new hazards. If you are considering a change for your worksite, you should analyze it thoroughly beforehand. This change analysis is cost-effective in terms of the human suffering and financial loss it prevents. Moreover, heading off a problem before it develops usually is less expensive than attempting to fix it after the fact.

An important step in preparing for a worksite change is considering the potential effect on your employees. Individuals respond differently to change, and even a clearly beneficial change can throw a worker temporarily off-balance -- literally as well as figuratively -- and increase the risk of accidents. You will want to inform all affected employees of the change, provide training as needed, and pay attention to worker response until everyone has adapted.

The nearest State or Federal OSHA office will look at plans, blueprints, and photographs and will advise you on health and safety concerns. This assistance will not trigger an enforcement visit. Federal OSHA personnel cannot come to the site to see what you are planning; you must bring information to them. This restriction does not apply to OSHA-funded Stated consultants, who are allowed to visit your site to provide assistance when resources permit.

Building or Leasing a New Facility.

Even something as basic as a new facility needs to be reviewed carefully to identify hazards it might pose. A design that seems to enhance production of your product and appears delightful to the architect may be a harmful or even fatal management decision. Have safety and health experts take a careful look beforehand at all the design/building plans.

When leasing a facility that was built for a different purpose at an earlier time, the risk of acquiring health and safety problems is even greater. You should make a thorough review of the actual facility, plus the blueprints or plans for any renovations. One of the most obvious concerns in acquiring an existing facility is whether asbestos insulation is present and whether it is friable (flaking off in tiny particles). But you also may discover that something as easy to fix as a loose stair railing has gone unnoticed in the rush to renovate production areas.

Save frustration, money, and lives: Have expert safety and health professionals involved in the planning of any facility construction, purchase, or lease.

Installing New Equipment.

An equipment manufacturer does not know how its product will be used at your worksite. Therefore, you cannot rely totally on the manufacturer to have completely analyzed and prepared controls or safe procedures for the product. Moreover, if the equipment is produced in a foreign country, it may not meet clear requirements of U.S. standards and laws. Therefore, involve health and safety professionals in the purchase decision and in the installation plans.

Many companies also provide a period to test newly installed equipment. The company assigns its most experienced operators to watch for hidden hazards in the operations before full production begins. As with new facilities, the sooner flaws are detected, the easier and cheaper the corrections are likely to be.

Using New Materials.

Before introducing new materials to your production processes, research the hazards that the materials themselves present. Also try to determine any hazards that may appear due to the processes you plan to use with the materials.

In many instances, the place to start will be the manufacturer's Material Safety Data Sheet. An MSDS is required for all materials containing hazardous chemicals. It should arrive with each shipment. The MSDS should provide the information an industrial hygienist needs to analyze the hazard a chemical presents and to prevent or control it.

Some traditional materials, such as lead in paint, are dangerous to use but are replaceable with less hazardous mixtures. For other materials, you may not be able to find adequate substitutes. You may need to establish controls for the hazards these materials present.

Starting Up New Processes.

New processes require workers to perform differently. Consequently, new hazards may develop even when your employees are using familiar materials, equipment, and facilities. Carefully develop safe work procedures for new processes. After the operators have become familiar with these procedures, perform routine hazard analysis (discussed below) to discover any hidden hazards.

Analyzing Multiple Changes.

Often a big change is composed of several smaller changes. When you begin producing a new product, chances are you will have new equipment, materials, and processes to monitor. Make sure each new addition is analyzed not only individually, but also in relation to the other changes.

Once you have analyzed the changes at your worksite, add this information to your basic inventory of hazards. This inventory is the foundation from which you design your hazard prevention and control program.

When People Change.

Worker changes that have safety and health ramifications can be divided into two basic categories. The first is staffing changes. A task previously done by one worker now is being performed by someone else. The new employee may bring to the position a different level of skill from the previous jobholder. Almost certainly, he/she will possess a different degree of experience performing the tasks, following the specific work rules and procedures of the site, and interacting with nearby workers. Especially in high hazard situations, these differences should be examined and steps should be taken to minimize any increased risk, both to the new employee and to anyone affected by his/her presence. Chapter 11 offers a variety of training and job orientation methods that will help you to ensure a safe employee transition.

The second category of worker change is the sometimes sudden, sometimes gradual change that can occur in the individual employee. The change may be related to temporary or chronic medical problems, a partially disabling condition, family responsibilities, family crisis and other personal problems, alcohol or drug abuse, aging, or the worker's response to workplace changes. An analysis of this change, followed by physical and/or administrative accommodations to ensure safe and healthful continued performance, sometimes may be appropriate; for example, when an accident affects an employee's functioning. At other times, a less formal response will be more suitable.

It may be useful to remember that workplace hazards do not exist in a vacuum. The human element is always present, and the human condition is one of change. An effective manager will be sensitive to these changes and their potential effect on the safety and health of the individual and the company as a whole.

JOB HAZARD ANALYSIS

This is the most basic and widely used tool in routine hazard analysis. It is sometimes called job safety analysis. You begin by breaking down a job into its component steps. This is best done by listing each step in order of occurrence as you watch an employee performing the job. Next you examine each step to determine the hazards that exist or that might occur. Reviewing the job steps and hazards with the employee performing the job will help insure an accurate and complete list. Manufacturer's equipment operating instructions or Material Safety Data Sheets (MSDSs) should also be considered.

Now determine whether the job could be performed differently to eliminate the hazards. Would it help to combine steps or change the sequence? Are safety equipment and other precautions needed? If a safer way of performing the job is possible, list each new step, being as specific as possible about the new procedure. If no safer way to perform the job is feasible, determine whether any physical changes will eliminate or reduce the danger. These might include redesigning equipment, changing tools, adding machine guards, using personal protective equipment, or improving ventilation. Establishing a personal hygiene routine may be appropriate where toxic dust is a hazard.

Review these new safe work procedures with all employees performing the job. Obtaining their ideas about the hazards and proposed changes is an important part of this process. It will help ensure that your proposed changes are sensible and are accepted by the workers you are trying to protect. Many companies have had success with assigning the workers who perform the tasks to the job hazard analysis team.

PROCESS HAZARD ANALYSIS

What Is a "Process" for the Purpose of this Analysis?

A process can be defined as any series of actions or operations that convert raw material into a product. The process can terminate in a finished product ready for consumption or in a product that is the raw material for subsequent processes.

OSHA's Process Safety Management of Highly Hazardous Chemicals standard (Part 1910.119 of Title 29 of the Code of Federal Regulations) defines process for the purpose of the standard as any activity involving a highly hazardous chemical, including any use, storage, manufacturing, handling, or on-site movement of such chemicals, or a combination of these activities. This standard aims to protect employees by preventing or minimizing the consequences of chemical accidents involving highly hazardous chemicals.

Employers should refer to the standard and its appendices to determine whether they have processes covered by the standard and to take advantage of the standard's greater detail regarding requirements for establishing a process safety management program. Such a program includes conducting process hazard analyses. However, the concept of process safety management is relevant and useful to the full range of workplaces, not only those subject to the standard's requirements. OSHA believes that any business aiming for a comprehensive safety and health program will benefit from conducting a process hazard analysis.

A process hazard analysis is a detailed study of a process to identify every possible hazard to employees. Every element of the process must be studied. Each action of every piece of equipment, each substance present, and every move made by an employee must be assumed initially to pose a hazard to employees. Process hazard analysis then is applied to show that the element either poses no hazard, poses a hazard that is controlled in every foreseeable circumstance, or poses an uncontrolled hazard.

Often the process hazard analysis will concentrate on the specialized equipment used in the process. The equipment may be used to:

• Move materials;

• Apply mechanical forces to change materials;

• Apply special forms or concentrations of energy to materials (e.g., ionizing radiation, magnetic or electric fields, and lasers);

• Mix materials; or

• Bring the hold materials together and contain them, under either ambient or special conditions, for chemical or biological reactions, etc.

Processes may be either batch or continuous. Some operations may be conducted remotely. There may be special instrumentation to monitor conditions at various stages in the process. These instruments will keep the operator informed and perhaps also directly control the process or shut down operations if a hazardous or otherwise undesirable condition is approaching.

The best time for an employer to conduct a process hazard analysis is when the process is first being designed, before equipment is selected. This review, in turn, will assist you in choosing process equipment for its effective, efficient, and safe operation. Be sure to consider the equipment's capacity for confining the process within predetermined safe limits. The type, number, and location of detectors you select for monitoring the process should ensure not only productive operation, but also safe operation. Remember to take into account any substance or mixture of substances that could present fire or explosion hazards.

When you have selected your equipment, the information from the process hazard analysis will help you to develop an appropriate inspection and maintenance schedule.

Remember, even when a process initially appears to be so simple that hazard analysis during the design phase seems unnecessary, it needs to be done anyway. If the process really is simple, and there are no known potential hazards, then the process hazard analysis likewise will be simple and will require very little time and expense. On the other hand, if things are not as simple as they seem, the analysis may reveal potential problems that might have been overlooked otherwise. Correction at this early stage will save time, money, and possible injuries and grief.

Process hazard analysis will include hazards associated with;

• Mechanical and chemical operations,

• Low and high temperature and pressure operations,

• Possible high levels of radiant energy,

• Direct contamination of employees, and

• Contamination of the air with toxic substances.

Remember that toxic substances may be the raw materials entering the process, the intermediate products, or the by-products or waste products.

Who Should Do the Process Hazard Analysis?

OSHA believes that a team approach is the best approach for performing a process hazard analysis, because no one person will possess all of the necessary knowledge and experience. Additionally, when more than one person is performing the analysis, different disciplines, opinions, and perspectives will be represented, and additional knowledge and expertise will be contributed to the analysis. At least one member of the team should be an employee who has experience with and knowledge of the process being evaluated.

Small businesses may need to hire expert consultants to help with this analysis. If you have a small business and you do not know whether your process requires a high degree of expertise, call for advice from your local office of the OSHA-funded, State-run consultation service or the nearest State or Federal OSHA office.

Overview of the Process

Start by writing down answers to the questions contained in the worksheet below. Using these answers, combined with any additional information pertinent to your operation, prepare a detailed narrative report. Your report should be understandable even to persons unfamiliar with the process.

PROCESS OVERVIEW WORKSHEET

Begin your hazard analysis by writing down answers to the following questions:

1. What kind of process is it? Mechanic? Chemical? Biological?

2. What is the product?

3. What is the rate of production?

4. What raw materials will be used? How much?

5. Will there be intermediate products? Their quantities?

6. Will there be waste materials that will be a problem because of their toxicity and/or their quantity?

7. Does this process pose inherent hazards that suggest that you should look for a safer way to product the product?

8. Have there been previous incidents involving this process that had a likely potential for catastrophic consequences in the workplace?

9. Is the process sited where it could be affected by a failure in nearby processes or where its failure could affect other processes?

10. What kinds of equipment are used in the process? Is other, safer equipment available?

11. Is there sufficient and reliable monitoring and control equipment? Is it fail-safe in all instances?

12. What are the various workers’ roles?

13. Where employees work directly with substances and equipment, are their activities as safe as possible?

14. Are there points in the process where workers’ exposure to hazards could be reduced?

15. Could emergency situations develop? How many unexpected events could happen at the same time? What would result?

Combine the above questions and answers and any added information that you believe pertinent into a detailed narrative report. This will be the basis for your process flow chart.

Process Flow Chart

Unless your process is very simple, with only one or two steps, you should now prepare a diagram or flow chart of the process. The flow chart is a detailed expansion of the overview. It is prepared as a visual and verbal description of each step in the process, clearly relating each step to the others. A careful review of the flow chart should reveal any elements not considered in the overview.

Hazardous Substances.

Examine each substance in the process:

• Raw materials,

• Intermediate products,

• Final product,

• By-products, and

• Wastes.

Be sure to look at all activity involving substances that could produce hazardous conditions or products. Consider the potential for the air's oxygen content being reduced in any inhabited areas, especially confined spaces. Study the potential hazards of each substance -- toxicity, fire or explosive hazard, and others. (This is required by the Hazard Communication standard at 29 CFR 1910.1200(d).) See how each substance appears in the process and in what quantity. Is each hazardous substance being handled in a way that minimizes its hazard? Could a less hazardous material be substituted?

With these answers, you can plan your program of prevention and control. Take the precautions necessary to protect your workers, beginning with substitutions and engineering controls. Establish safe work practices and other administrative controls, and use personal protective equipment (PPE) as necessary.

Equipment

Look at all the equipment, from that used to bring in the raw materials at the beginning of the process, to the equipment used to move out the products, by-products, and waste products at the end of the process. It must be safe not only for the operator, but also for other workers nearby.

Look at the materials handling equipment throughout the process. Examine all the machines used to bend, form, cut, grind, mill, smooth, or otherwise change the surface or contours of solid materials. Look at equipment used to weld, crimp, rivet, or otherwise fasten one solid piece to another.

For liquids and gases, there will be enclosed systems for transfer and storage, vessels for mixing, and reactor vessels that may be subjected to high or low temperatures and/or pressures. If there are exothermic reactions (reactions that release heat), are there adequate provisions for removing the heat? Look at any special equipment capable of producing hazardous levels of radiant energy.

Once you have determined the potential hazards, you can plan your prevention/control by using the safest equipment, implementing engineering controls and safe work practices, and providing and ensuring the use of PPE as necessary.

Worker Exposure

Look at each worker's locations and actions throughout the workday. With what substances and equipment does the worker interact? Does the worker perform actions that result in a hazard for himself/herself or others?

Employee exposures to physical agents such as microwave radiation will have to be measured with special instrumentation. Air contaminants will have to be measured to determine exposure levels. When outside doors and windows are closed at the end of summer, will air contaminant levels and worker exposure rise?

With the information you have gathered about employee exposure, plan your prevention/control, employing engineering controls, safe work practices, and PPE as necessary. See a sample process hazard analysis worksheet below.

PROCESS HAZARD ANALYSIS WORKSHEET

|1. Name the process. |

|2. Give the date the operations began. |

|3. Write a short description of the process. |

|4. Conduct an overview and write a narrative. Date completed? |

|5. Prepare process flow chart and attach. Date completed? |

|6. For each step in the process as shown on your flow chart, identify and record each: |

|a. hazardous substance, |

|b. piece of equipment that presents a hazard, and; |

|c. employee operation that may be hazardous. |

| |

PREPARING FOR THE UNPLANNED EVENT

Especially when dealing with high hazard chemicals or volatile explosives, it is not enough to analyze only those hazards associated with normal operations, those times when the process works as expected. Using analytical tools such as "what if," "checklist," hazard and operability study (HAZOP), failure mode and effect analysis (FMEA), or "fault-tree" analysis, you can determine most of the possible process breakdowns. You then can design prevention/controls for the likely causes of these unwanted events.

"What if" analysis, appropriate for relatively uncomplicated processes, starts with points in the process where something could go wrong. You then determine what else could happen, and what all possible outcomes would be. You must plan additional prevention and controls for those possible unplanned events that could contribute to an undesirable outcome.

For more complex processes, the "what if" study can best be organized through the use of a "checklist." Aspects of the process are assigned to analysis team members with the greatest experience or skill in those areas. Operator practices and job knowledge are audited, the suitability of equipment and materials of construction is studied, the chemistry of the process and the control systems are reviewed, and the operating and maintenance records are audited.

Hazard and operability study is a method for systematically investigating each element of a system to uncover ways in which important parameters can deviate from the intended design conditions and, as a result, can create hazards and operability problems. Typically, an analysis team studies the piping and instrument diagrams (or plant model). The team analyzes the effects of potential deviations from design conditions in, for example, flow, temperature, pressure, and time. The team then assesses the system's existing safeguards, the causes of and potential for system failure, and the requirements for protection.

Failure mode and effect analysis is a methodical study of component failures. This review starts with a diagram of the process and includes all components that could fail and conceivably affect the safety of the operation. Typical examples are instrument transmitters, controllers, valves, pumps, and rotometers. The components are listed on a data tabulation sheet and individually analyzed for their potential mode of failure, the effects of failure, detection methods, and other factors. The last step in the analysis is to analyze the component data and develop recommendations for risk management.

In "fault-tree" analysis, you start with an undesirable outcome that is possible, even if highly unlikely, given the potential hazards involved in your process. Then you trace back into the process to identify all possible events or combinations of events that would have to occur to produce that outcome. This information is graphically represented using logic symbols in a diagram that looks like a tree with many branches. Once you have determined these sequences of events, you then can design prevention/controls to make it impossible or nearly impossible for them to occur.

UPDATING THE PROCESS HAZARD ANALYSIS

At least every 5 years after completion of the initial process hazard analysis, the analysis should be updated to ensure that it is consistent with the current process. For businesses covered by the standard, this update is required, and the analysis must be revalidated by a team meeting the standard's requirements.

PHASE HAZARD ANALYSIS

Phase hazard analysis is a helpful tool in construction and other industries that involve a rapidly changing work environment, different contractors, and widely different operations. A phase is defined as an operation involving a type of work that presents hazards not experienced in previous operations, or an operation where a new subcontractor or work crew is to perform work. In this type of hazard analysis, before beginning each major phase of work, the contractor or site manager should assess the hazards in the new phase. He/she should not only coordinate appropriate supplies and support, but also prepare for hazards that can be expected and establish a plan to eliminate or control them.

To find these hazards and to eliminate or control them, you will use many of the same techniques that you use in routine hazard analysis, change analysis, process analysis, and job analysis. One major additional task will be to find those hazards that develop when combinations of activities occur in close proximity. Workers for several contractors with differing expertise may be intermingled. They will need to learn how to protect themselves from the hazards associated with the work of nearby colleagues as well as the hazards connected to their own work and the hazards presented by combinations of the two kinds of work.

USING THE INVENTORY OF HAZARDS

You will use the surveys and analyses we have described to plan a program of hazard prevention and control. Briefly, you should prevent hazards by substituting less hazardous materials or equipment whenever possible. Engineering controls that distance the worker from the hazard are the next best option. For the remaining hazards, design safe work practices, train your workers adequately in these practices and enforce them consistently. In some instances, you may also need to establish other administrative controls, such as worker rotation or more frequent work breaks. Where needed, use personal protective equipment.

SUMMARY

Establishing a complete hazard inventory is not as complicated as it may sound. It begins with having industrial hygiene, safety, and occupational health experts conduct a comprehensive survey of your worksite to determine the existing and potential hazards. Periodic surveys, done at intervals that make sense for the size and complexity of your worksite, will bring into play any new engineering or scientific knowledge of hazards and their prevention. These subsequent surveys also can help find new hazards that have evolved along with changing work procedures over time.

Change analysis prevents expensive problems before they occur. Individuals who are knowledgeable in worker health and safety can help you design and plan for changes in your worksite. Change analysis uses elements of routine hazard analysis appropriate to the type of change being contemplated.

Routine hazard analysis also adds to your inventory. It enables you to control hazards that develop in work procedures or within processes, or that occur because of changes in the phases of the operation.

The tools and approaches used in the various types of hazard analysis tend to overlap. This overlapping helps ensure total coverage and a more comprehensive inventory on which to base your prevention program.

Involving your employees in the effort to inventory hazards is sure to pay off. Hazard surveyors will benefit from workers' practical knowledge. And employees, as they become more knowledgeable about workplace hazards, prevention, and controls, will be better able to protect themselves and others.

When assessing workplace hazards, do not overlook the human element. Whenever one employee is replaced by another, the difference in skill and experience can mean increased risk to both the new worker and his/her coworkers. Changes in the individual employee's health, ability to function on the job, and personal life, whether these changes are sudden or gradual, can affect workplace safety and health. A manager needs to be sensitive to these changes and willing to provide training and orientation, physical and administrative adjustments, or other accommodations.

__________________________________________________________________________________________

HAZARD PREVENTION AND CONTROL

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

In this chapter we will discuss the four generally recognized strategies for controlling hazards in the workplace. These strategies include the use of:

1. engineering controls - that eliminate or reduce the hazard

2. administrative controls - that eliminate or reduce exposure

3. personal protective equipment (PPE) - used in conjunction with other controls

4. interim measures - temporary control measures

The goal of a hazard prevention and control program is to make foolproof the workplace and its operations, to the extent feasible, to keep employees from being harmed. It is an ongoing program, never finished. You will design and implement and then revise and improve preventive measures and controls as your worksite changes and as your store of hazard information grows.

The most frequent sources for updating hazard information are routine general inspections, employee reports of hazards and accident/incident investigations.

THE TERMINOLOGY OF HAZARD CONTROL

Hazards take many forms: air contaminants, tasks involving repetitive motions, equipment with moving parts or openings that can catch body parts or clothing, microorganisms, extreme heat or cold, noise, toxic liquids, and more. The terms we use here to describe the principles of engineering control may sound strange when applied to some of these hazards. You may find that, in other discussions of hazard control, the terms are used somewhat differently. There should be agreement, however, about the concepts the terms describe.

1. ENGINEERING CONTROLS

These controls focus on the source of the hazard, unlike other types of controls that generally focus on the employee exposed to the hazard. The basic concept behind engineering controls is that, to the extent feasible, the work environment and the job itself should be designed to eliminate hazards or reduce exposure to hazards. While this approach is called engineering control, it does not necessarily mean that an engineer is required to design the control.

Engineering controls can be very simple in some cases. They are based on the following broad principles:

1. If feasible, design the facility, equipment or process to remove the hazards and/or substitute something that is not hazardous or is less hazardous;

2. If removal is not feasible, enclose the hazard to prevent exposure in normal operations; and

3. Where complete enclosure is not feasible, establish barriers or local ventilation to reduce exposure to the hazard in normal operations.

Elimination of Hazards through Design

Designing facilities, equipment or processes so that the hazard is no longer even potentially present is obviously the best worker protection. Some examples of this are:

• Redesigning, changing or substituting equipment to remove the source of excessive temperatures, noise or pressure;

• Redesigning a process to use less toxic chemicals;

• Redesigning a work station to relieve physical stress and remove ergonomic hazards; or

• Designing general ventilation with sufficient fresh outdoor air to improve indoor air quality and generally to provide a safe, healthful atmosphere.

Enclosure of Hazards.

When you cannot remove a hazard and cannot replace it with a less hazardous alternative, the next best control is enclosure. Enclosing a hazard usually means that there is no hazard exposure to workers during normal operations. There still will be potential exposure to workers during maintenance operations or if the enclosure system breaks down. For those situations, additional controls such as safe work practices or personal protective equipment (PPE) may be necessary to control exposure.

Some examples of enclosure designs are:

• Complete enclosure of moving parts of machinery;

• Complete containment of toxic liquids or gasses from the beginning of the process using or producing them to detoxification, safe packing for shipment, or safe disposal of toxic waste products;

• Glove box operations to enclose work with dangerous microorganisms, radioisotopes or toxic substances; and

• Complete containment of noise, heat or pressure-producing processes with materials especially designed for those purposes.

Barriers or Local Ventilation.

When the potential hazard cannot be removed, replaced, or enclosed, the next best approach is a barrier to exposure or, in the case of air contaminants, local exhaust ventilation to remove the contaminant from the workplace. This engineered control involves potential exposure to the worker even in normal operations. Consequently, it should be used only in conjunction with other types of controls, such as safe work practices designed specifically for the site condition and/or PPE. Examples include:

• Ventilation hoods in laboratory work;

• Machine guarding, including electronic barriers;

• Isolation of a process in an area away from workers, except for maintenance work;

• Baffles used as noise-absorbing barriers; and

• Nuclear radiation or heat shields.

2. ADMINISTRATIVE CONTROLS

GENERAL WORKPLACE RULES AND SAFE WORK PRACTICES

Many of your organization’s general workplace rules have a bearing on safety and health. It is accurate to think of these rules as hazard controls.

In addition to the general workplace rules that apply to everyone, specific work practices may be needed to safeguard your employees in a variety of situations. For example, even when a hazard is enclosed, exposure can occur when maintenance is necessary, when the enclosure system suffers a partial or complete breakdown, or when enclosure does not fully control the hazard. By following established safe work practices for accomplishing a task safely (and using PPE in many cases), your employees can further reduce their exposure to hazard.

Workplace Rules.

The safety and health rules that you develop and make part of your overall workplace rules are an important component of your hazard prevention and control program. These rules play a major part in identifying acceptable and unacceptable behavior. For example, you may have rules outlawing horseplay or violent behavior on company property, or requiring your employees to wear personal protective equipment.

Safety and health rules are most effective when they are written, posted, given to all affected employees, and discussed with them. Many employers emphasize the link between safety and health rules and the consequences of breaking them by reviewing the rules with their employees. They then ask the employees to sign a statement at the bottom of the list: "I have read the rules, I understand them, and I have received an explanation of the consequences of breaking them." Employer and employee both keep a copy of this signed statement.

Some employers ask their employees to help develop the workplace rules and then to help revise them as needed. When employees play a role in formulating the rules, they are more likely to understand and follow them.

Other safe work practices apply to specific jobs in the workplace and involve specific procedures, such as a Job Hazard Analysis, for accomplishing a job. You should keep the written analysis of a job separate from the written procedures your workers will follow to accomplish the job safely. A good job hazard analysis is more detailed than a good work instruction sheet. Each document suffers from being combined with the other.

You may decide that a training program is needed, using the job hazard analysis as the basis for training your workers in the new procedures. A training program may be essential if your employees are working with highly toxic substances or in dangerous situations.

DRAWBACKS TO CONTROLLING HAZARDS WITH SAFE WORK PRACTICES

While safe work practices are a necessity and can work very well, they are only as good as the management systems that support them. This is because they are susceptible to human error. The controls first must be designed from a base of solid hazard analysis. They then must be accompanied by good worker training, reinforcement, and consistent and reasonable enforcement. Safe work practices should be used in conjunction with, and not as a substitute for, more effective or reliable engineering controls.

Safe Work Practices Training

Anticipate resistance when teaching new job practices and procedures to workers. If your employees have done a job long enough without special precautions, they are likely to feel unconcerned about hazards. It is essential that they understand why special work practices are needed. Therefore, training begins with a discussion of hazards. Your workers must be assisted in understanding that, for an accident or injury to occur, two things must be present: a hazard and an employee. Remove the hazard and there will be no injury. Train the employee to follow proper work practices, and those safe work practices can significantly help the employee to avoid harm.

Just presenting training may not be sufficient. An employer has a responsibility to ensure that worker training has achieved its objective and that workers understand the hazards and know how to protect themselves. A supervisor easily can perform informal testing to check the results of training. This means stopping at an employee's work station and asking for an explanation of the hazards involved in the work and the employee's means of protection. If the training has been presented well and has been understood, each trained worker should be able to give a clear, comprehensive response.

Positive Reinforcement.

Each supervisor should provide frequent reinforcement of work practices training. The informal testing described above serves not only to gauge training effectiveness, but also to reinforce the desired behavior. Some worksites also provide special recognition for the use of safe work practices. Some supervisors periodically hand out "Thank you for working safely" cards that can be redeemed for a free cup of coffee or soft drink. Other supervisors periodically observe individual workers at their tasks and give oral and/or written feedback on what was done safely.

Be sure to develop incentive and recognition programs that recognize positive activities rather than absence of injuries. Award programs with prizes for hours worked without injury can put heavy pressure on workers not to report injuries.

Enforcement.

Workers must realize that safe work practices are a requirement of employment and that unsafe practices will not be tolerated. It is necessary, therefore, that the employer have a disciplinary system that is implemented fairly and consistently. If no such system exists in your workplace, you would be wise to have employees assist in designing one. We discuss disciplinary systems in greater detail below.

WORK SCHEDULES

Manipulating work schedules include lengthened rest breaks, additional relief workers, exercise breaks to vary body motions, and rotation of workers through different jobs to reduce or "even out" exposure to hazards or to allow them to work part of the day without respirators or other burdensome PPE.

Scheduling strategies are often used to reduce ergonomic hazards. For example, employees in a meatpacking plant might rotate among several tasks to reduce accumulated stress on particular muscles and tendons. Administrative controls have also been used in situations of extreme temperatures, and to counteract the dangers of some widely used chemicals. However, such controls are not appropriate in dealing with carcinogens or chronic chemical hazards such as lead.

3. PERSONAL PROTECTIVE EQUIPMENT (PPE)

When exposure to hazards cannot be engineered completely out of normal operations or maintenance work, and when safe work practices and other forms of administrative control cannot provide sufficient additional protection, a supplementary method of control is the use of protective clothing and/or equipment. These are collectively called personal protective equipment, or PPE. PPE may also be appropriate for controlling hazards while engineering and work practice controls are being installed.

The term PPE covers such items as face shields (whether worn by dentists or welders), steel-toed shoes and boots, safety glasses and goggles, hard hats, back supports, leather aprons, metal-mesh gloves, forearm guards, respirators, and "space suits."

Legal Requirements.

One section of the OSHA standards (29 CFR 1910, Subpart I) specifically addresses PPE. Many other OSHA standards require certain types of PPE. If respirators are ever worn for any reason at your worksite, you must have a written respirator program, perform fit testing, train supervisors and workers in proper respirator use, and meet other requirements of the standard (29 CFR 1910.134). For further information about respirators, see OSHA Publication 3079 (Revised 1993), "Respiratory Protection." A useful general source of information is OSHA Publication 3077 (Revised 1994), "Personal Protective Equipment."

If you are not sure what is required or what types of PPE might be best for your employees, you can call or write the nearest State or Federal OSHA office for guidance. Small business employers may contact the OSHA-funded, State-run consultation service in their State.

PPE Drawbacks.

The limitations and drawbacks of safe work practices also apply to PPE. Employees need training in why the PPE is necessary and how to use and maintain it. It also is important to understand that PPE are designed for specific functions and are not suitable in all situations. For example, no one type of glove or apron will protect against all solvents. To pick the appropriate glove or apron, you should refer to recommendations on the material safety data sheets of the chemicals you are using.

Your employees need positive reinforcement and fair, consistent enforcement of the rules governing PPE use. (See discussion below.) Some employees may resist wearing PPE according to the rules, because some PPE is uncomfortable and puts additional stress on employees, making it unpleasant or difficult for them to work safely. This is a significant drawback, particularly where heat stress is already a factor in the work environment. An ill-fitting or improperly selected respirator is particularly hazardous, since respirators are used only where other feasible controls have failed to eliminate a hazard.

Bearing the Cost.

OSHA standards require employers to provide respirators that fit individual employees. Most employers also provide other required PPE, with the exception of safety shoes and safety glasses. But even when employees must provide their own safety shoes, safety glasses, or other PPE, employers usually pay part of the cost.

4. INTERIM MEASURES

When a hazard is recognized, the preferred correction or control cannot always be accomplished immediately. However, in virtually all situations, temporary measures can be taken to eliminate or reduce worker risk. These can range from taping down wires that pose a tripping hazard to actually shutting down an operation temporarily. The importance of taking these interim protective actions cannot be overemphasized. There is no way to predict when a hazard will cause serious harm, and no justification to continue exposing workers unnecessarily to risk.

HAZARD CORRECTION TRACKING

An essential part of any day-to-day safety and health effort is the correction of hazards that occur in spite of your overall prevention and control program. Documenting these corrections is equally important, particularly for larger sites. Documentation is important because:

• It keeps management and the Safety Department or the person is charge of safety and health aware of the status of long-term correction items;

• It provides a record of what occurred, should the hazard reappear at a later date; and

• It provides timely and accurate information that can be supplied to an employee who reported the hazard.

Notations on the Report Form.

Many companies use the form that documents the original discovery of a hazard to track the correction of the hazard. Inspection reports include notations about hazard correction alongside the information about the hazard. Employee reports of hazards and reports of accident/incident investigations also should provide space for notations about hazard correction.

When recording information about hazard correction, it is important to note all interim protective measures and to include the date of a completed action. Otherwise, you run the risk of intended corrections never actually being completed. This may not pose a problem if the hazard can be corrected in a short period of time. Someone probably will remember to see that the final correction occurs. There is always a danger, however, that the expected correction will "slip through the cracks." This can happen when a part has to be ordered and time is needed for procurement, or when interim, less than adequate measures become substitutes for preferred but possibly more costly or time-consuming actions.

Tracking by Committee.

Some companies separate the tracking of hazard correction from the system that uncovered the hazard. Typically, either a central management safety committee or a joint employee-management committee will devote a part of each meeting to reviewing inspection reports, employee hazard reports, and accident/incident reports. The committee will list in its minutes any remaining uncorrected hazards for continued tracking.

The benefit of such a system is the high-level scrutiny applied to hazard correction tracking. The system can be cumbersome, however, especially when information must be transferred from the reports to the committee. There is the possibility of information being lost in transit or of incomplete and incorrect information being conveyed. This can be minimized by allowing the committee to review the original reports.

Tracking by Separate Form.

Another way to track hazard correction is to transfer information from the original hazard report to a separate hazard tracking report. Ideally, this system receives information on all uncorrected hazards and not just information from one of the avenues for uncovering hazards. Tracking by separate form is most effective when computerized. See the sample form with instructions below:

Instructions: Under the column headed "System," note how the hazard was found. Enter Insp. for inspection, ERH and name of employee for employee report of hazard or Acc. for accident/incident investigation.

Under the column headed "Hazard Description," take as many lines as you need to describe the hazard. In the third column, provide the name of the person who has been assigned correction responsibility. In the fourth column, list any interim action to correct the hazard and the date performed. In the last column, enter the completed corrective action and the date that final correction was made.

|SYSTEM |HAZARD DESCRIPTION |ASSIGNED TO: |INTERIM ACTION WITH DATE |COMPLETED ACTION WITH DATE|

| | | | | |

For small businesses that do not use written inspection reports or written employee reports of hazards, this system provides important documentation that otherwise might not exist.

The weakness in this system is much the same as for tracking by committee: there is always a possibility that incorrect or incomplete information will be transferred or that a correction needing tracking will fail to be recorded.

CORRECTIVE AND PREVENTIVE MAINTENANCE

You might not associate corrective and preventive maintenance with your safety and health program. Nonetheless, good equipment maintenance plays a major role in ensuring that hazard controls continue to function effectively. Periodic workplace monitoring, for example, to check for chemical exposures or noise exposures, will help assure that installed controls are still working as designed. Preventive maintenance also keeps new hazards from arising due to equipment malfunction.

Whenever systems are enclosed, the enclosure usually depends on the smooth functioning of pipes, valves, pressure releases, etc. Malfunctions of these parts of the enclosed system may result in hazards to workers. Ventilation systems that control hazards rely on the proper performance of duct work, fans, and filters. Many guards are electronic or electrically energized and require maintenance for continuing smooth operation. Equipment that is not hazardous under normal conditions may become so if it malfunctions. Clearly, preventive maintenance is a vital link in any safety and health program.

Scheduling.

Preventive maintenance requires reliable scheduling of maintenance activity. The scheduling, in turn, depends on knowledge of what needs maintenance and how often. The whole point of preventive maintenance is to get the work done before repairs or replacement must be done.

Maintenance survey. A preventive maintenance program starts with a survey of maintenance needs at the worksite. Every piece of equipment or part of a system that needs maintenance, such as oiling, cleaning, testing, replacement of worn parts, or checking, should be surveyed. You will need a complete list of all items to be maintained. If such a list does not exist at your worksite, you should require your maintenance supervisor to develop one. The survey should be repeated periodically and the list of items updated. Whenever new equipment is placed in the worksite, the list should be revised accordingly.

Maintenance timetable. Once the complete list is developed, a timetable must be established. For each item on your list, estimate the average length of time before the maintenance work becomes reactive rather than preventive. Plan to perform the maintenance before that average time. (Maintenance should be performed at least as often as recommended by the manufacturer.) Review maintenance documents periodically to see how much reactive maintenance (repair or replacement of defective parts after failure) has been done. Then make new estimates of average time, and adjust your maintenance timetable accordingly.

Posted or computerized schedules. Make sure the preventive maintenance schedule is accessible. Easy availability of the schedule will help your maintenance staff plan its work. A well communicated schedule also will help to ensure the maintenance department's accountability for performing the work on time. Select a method of communication that works well for your employees.

Maintenance Documentation.

Preventive maintenance can be a complicated matrix of timing and activity. But keeping track of completed maintenance tasks can be as simple as adding a date and initials to the posted work schedule. Some employers use their computer system to keep track of completed maintenance activity.

Documentation can help you to identify and reward employees whose efforts have prevented costly repairs and accidents/incidents. It also can be instrumental in your effort to require accountability of employees responsible for maintenance.

EMERGENCY PREPARATION

During emergencies, hazards appear that normally are not found in the workplace. These hazards may be the result of natural causes such as earthquakes, tornadoes, hurricanes, floods, or ice storms. Events caused by humans and beyond your control may create hazards, for example, train or plane accidents, terrorist activities, or occurrences at nearby worksites that affect your site. Finally, emergencies may occur within your own systems due to unforeseen combinations of events or the failure of one or more hazard control systems.

Emergencies, by their nature, are not part of the expected, everyday routine. They may never occur. But if they do, their cost in terms of both dollar losses and human suffering can be enormous. Your job is to become aware of possible emergencies --not merely probable events -- and to plan the best way to control or prevent the hazards they present.

Survey of Possible Emergencies.

Just because a particular emergency has never occurred does not mean that it never will. Therefore, your emergency preparation should begin with a survey of all possible emergency situations at your worksite. Start by listing possible emergency occurrences by the general categories below, taking into consideration the unique characteristics of your worksite and its location.

Natural disaster. Review each type of natural disaster that has occurred in your geographical areas and consult experts on the chances of other types of natural disasters happening.

Human errors or deliberately caused disasters beyond the controls of your worksite. Consider the environment of your worksite. Are you near an airport or on an airport's landing/takeoff pattern? Is there a train track used to carry products other than those that you ship or receive? If so, is it near enough so that an accident involving release of toxic materials could impact your worksite? Are there chemical or other dangerous sites in your neighborhood that could have internal emergencies that might affect your worksite? Have there been terrorist activities against other plants belonging to your company? against plants involved in similar processes or products?

Hazard control failures at your worksite. Ask yourself, what are the worst things that could possibly happen as a result of conditions here? Every worksite has some potential for fire. Some have much greater potential than others. What is your potential for explosion or release of toxic substances?

Emergency Planning

After listing all possible emergencies, you must plan actions to reduce their potential impact on your workers' safety and health. Some actions will be appropriate in all emergency situations. But the measures required by some types of emergencies may differ from or even contradict those needed in other emergency scenarios. Plan what first aid or medical response is needed and where that response will come from. If you are relying on outside medical or emergency response organizations, establish communications with them and plan together for emergencies. If possible, have these outside resources participate in your drills.

Employee Information and Training

Your employees need to be informed of the emergency plans that require their participation. Each employee needs to know precisely what he/she is expected to do in each type of emergency.

For the most likely emergencies, employees should be drilled in the actions you expect them to take. You want their responses to become second nature, so that they will be able to protect themselves and others regardless of the stress of the moment. Fire and evacuation drills should be held annually. For other types of emergencies, such as tornadoes or earthquakes, drills should follow a predetermined schedule based on the frequency and/or probability of the event.

MEDICAL PROGRAMS

Medical programs provide occupational health care, both onsite and nearby. This care consists of approaches to both identifying health problems that may be work-related and responding to injuries and illnesses that occur. The size and complexity of a medical program will depend on the size of the worksite, its location in relation to health care provider organizations and the nature of the hazards at the worksite. Medical programs are covered in detail in Chapter 10, so only summary information is offered here.

You must always be prepared to offer first aid at your worksite. In fact, this is required by OSHA's Medical and First Aid standard, 29 CFR 1910.151 (b), for worksites that are not close to medical facilities. OSHA strongly advises that both first aid and CPR assistance be available on every shift at your worksite. OSHA's Bloodborne Pathogens standard, 29 CFR 1910.1030, also discussed in Chapter X, imposes various requirements to protect employees who provide first aid and CPR.

Medical programs consist of everything from a basic first aid and CPR response to sophisticated approaches for the diagnosis and resolution of ergonomic problems. The nature and extent of your medical program will depend on a number of factors. Small business employers can contact a local physician or the OSHA-funded, State-run consultation service for assistance in deciding what type of medical program meets their site's needs. If use of nearby medical facilities appears to be the best arrangement, be sure to meet with representatives of that facility to discuss your medical needs. (See also Chapter X for a suggested method of determining health care needs.)

Whatever medical program you decide on, it is important to use medical specialists with occupational health/medical training. Not every nurse or doctor is trained to understand the relationships between the workplace, the work, and certain medical symptoms.

SUMMARY

You should approach each category of workplace hazard with the intention of totally preventing it, if feasible. If total prevention is not feasible, you should control the hazard as completely as is feasible through work and equipment design. To the extent that potential exposure exists despite the designed controls, then you should use safety and health rules, work practices, and other administrative measures to control that exposure. Finally, you may need to use personal protective clothing and other equipment to further reduce levels of individual exposure.

To complement these hazard controls, you also must have good systems of preventive maintenance; hazard correction tracking; a fair and consistent enforcement of rules, work practices, and PPE; a solid system for responding to unexpected emergencies; and a good medical program that helps identify hazards and minimize harm when injuries and work-related illnesses occur.

These are the basic components of a hazard prevention and control program. With these measures, you can provide your employees with comprehensive protection from occupational hazards.

AREA II I: MANAGEMENT THEORY AND METHODS

Creating a Safety Culture

Why do you want a strong safety culture?

It has been observed at the OSHA VPP sites and confirmed by independent research that developing strong safety cultures have the single greatest impact on accident reduction of any process. It is for this single reason that developing these cultures should be top priority for all managers and supervisors.

What is a safety culture - how will it impact my company?

Safety cultures consist of shared beliefs, practices, and attitudes that exist at an establishment. Culture is the atmosphere created by those beliefs, attitudes, etc., which shape our behavior. An organizations safety culture is the result of a number of factors such as:

• Management and employee norms, assumptions and beliefs;

• Management and employee attitudes;

• Values, myths, stories;

• Policies and procedures;

• Supervisor priorities, responsibilities and accountability;

• Production and bottom line pressures vs. quality issues;

• Actions or lack of action to correct unsafe behaviors;

• Employee training and motivation; and

• Employee involvement or "buy-in."

In a strong safety culture, everyone feels responsible for safety and pursues it on a daily basis; employees go beyond "the call of duty" to identify unsafe conditions and behaviors, and intervene to correct them. For instance, in a strong safety culture any worker would feel comfortable walking up to the plant manager or CEO and reminding him or her to wear safety glasses. This type of behavior would not be viewed as forward or over-zealous but would be valued by the organization and rewarded. Likewise coworkers routinely look out for one another and point out unsafe behaviors to each other.

A company with a strong safety culture typically experiences few at-risk behaviors, consequently they also experience low accident rates, low turn-over, low absenteeism, and high productivity. They are usually companies who are extremely successful by excelling in all aspects of business and excellence.

Creating a safety culture takes time. It is frequently a multi-year process. A series of continuous process improvement steps can be followed to create a safety culture. Employer and employee commitment are hallmarks of a true safety culture where safety is an integral part of daily operations.

A company at the beginning of the road toward developing a safety culture may exhibit a level of safety awareness, consisting of safety posters and warning signs. As more time and commitment are devoted, a company will begin to address physical hazards and may develop safety recognition programs, create safety committees, and start incentive programs.

Top management support of a safety culture often results in acquiring a safety director, providing resources for accident investigations, and safety training. Further progress toward a true safety culture uses accountability systems. These systems establish safety goals, measure safety activities, and charge costs back to the units that incur them. Ultimately, safety becomes everyone's responsibility, not just the safety director's. Safety becomes a value of the organization and is an integral part of operations. Management and employees are committed and involved in preventing losses. Over time the norms and beliefs of the organization shift focus from eliminating hazards to eliminating unsafe behaviors and building systems that proactively improve safety and health conditions. Employee safety and doing something the right way takes precedence over short term production pressures. Simultaneously, production does not suffer but is enhanced due to the level of excellence developed within the organization.

Building a safety culture

Any process that brings all levels within the organization together to work on a common goal that everyone holds in high value will strengthen the organizational culture. Worker safety and health is a unique area that can do this. It is one of the few initiatives that offer significant benefits for the front-line work force. As a result, buy-in can be achieved enabling the organization to effectively implement change. Obtaining front line buy-in for improving worker safety and health is much easier than it is to get buy-in for improving quality or increasing profitability. When the needed process improvements, are implemented all three areas typically improve and a culture is developed that supports continuous improvement in all areas. The following represents the major processes and milestones that are needed to successfully implement a change process for safety and health. It is intended to focus you on the process rather than individual tasks. It is common to have a tendency to focus on the accomplishment of tasks, i.e., to train everyone on a particular concern or topic or implement a new procedure for incident investigations, etc. Sites that maintain their focus on the larger process to be followed are far more successful. They can see the "forest" from the "trees" and thus can make mid-course adjustments as needed. They never lose sight of their intended goals, therefore, they tend not to get distracted or allow obstacles to interfere with their mission. The process itself will take care of the task implementation and ensure that the appropriate resources are provided and priorities are set.

Management Processes Typically Ripe for Improvement:

• Define safety responsibilities for all levels of the organization, e.g., safety is a line management function.

• Develop upstream measures, e.g., number of reports of hazards/suggestions, number of committee projects/successes, etc.

• Align management and supervisors through establishing a shared vision of safety and health goals and objectives vs. production.

• Implement a process that holds managers and supervisors accountable for visibly being involved, setting the proper example, and leading a positive change for safety and health.

• Evaluate and rebuild any incentives & disciplinary systems for safety and health as necessary.

• Ensure the safety committee is functioning appropriately, e.g., membership, responsibilities/functions, authority, meeting management skills, etc.

• Provide multiple paths for employees to bring suggestions, concerns, or problems forward. One mechanism should use the chain of command and ensure no repercussions. Hold supervisors and middle managers accountable for being responsive.

• Develop a system that tracks and ensures the timeliness in hazard correction. Many sites have been successful in building this in with an already existing work order system.

• Ensure reporting of injuries, first aids, and near misses. Educate employees on the accident pyramid and importance of reporting minor incidents. Prepare management for initial increase in incidents and rise in rates. This will occur if under-reporting exists in the organization. It will level off, then decline as the system changes take hold.

• Evaluate and rebuild the incident investigation system as necessary to ensure that it is timely, complete, and effective. It should get to the root causes and avoid blaming workers.

Obtain Top Management "Buy-in" - This is the very first step that needs to be accomplished. Top managers must be on board. If they are not, safety and health will compete against core business issues such as production and profitability, a battle that will almost always be lost. They need to understand the need for change and be willing to support it. Showing the costs to the organization in terms of dollars (direct and indirect costs of accidents) that are being lost, and the organizational costs (fear, lack of trust, feeling of being used, etc.) can be compelling reasons for looking at needing to do something different. Because losses due to accidents are bottom line costs to the organization, controlling these will more than pay for the needed changes. In addition, when successful, you will also go a long way in eliminating organizational barriers such as fear, lack of trust, etc.: Issues that typically get in the way of everything that the organization wants to do.

Continue Building "Buy-in" for the needed changes by building an alliance or partnership between management, the union (if one exists), and employees. A compelling reason for the change must be spelled out to everyone. People have to understand WHY they are being asked to change what they normally do and what it will look like if they are successful. This needs to be done up front. If people get wind that something "is going down" and haven't been formally told anything, they naturally tend to resist and opt out.

Build Trust - Trusting is a critical part of accepting change and management needs to know that this is the bigger picture, outside of all the details. Trust will occur as different levels within the organization work together and begin to see success.

Conduct Self Assessments/Bench Marking - To get where you want to go, you must know where you are starting from. A variety of self-audit mechanisms can be employed to compare your site processes with other recognized models of excellence such as Star VPP sites. Visiting other sites to gain first hand information is also invaluable.

Initial Training of Management-Supervisory staff, Union Leadership (if present), and safety and health committee members, and a representative number of hourly employees. This may include both safety and health training and any needed management, team building, hazard recognition, or communication training, etc. This gives you a core group of people to draw upon as resources and also gets key personnel onboard with needed changes.

Establish a Steering Committee comprised of management, employees, union (if one exists), and safety staff. The purpose of this group is to facilitate, support, and direct the change processes. This will provide overall guidance and direction and avoid duplication of efforts. To be effective, the group must have the authority to get things done.

Develop Site Safety Vision, key policies, goals, measures, and strategic and operational plans. These policies provide guidance and serve as a check-in that can be used to ask yourself if the decision you're about to make supports or detracts from your intended safety and health improvement process.

Align the Organization by establishing a shared vision of safety and health goals and objectives vs. production. Upper management must be willing to support by providing resources (time) and holding managers and supervisors accountable for doing the same. The entire management and supervisory staff need to set the example and lead the change. It's more about leadership than management.

Define Specific Roles and responsibilities for safety and health at all levels of the organization. Safety and health must be viewed as everyone's responsibility. How the organization is to deal with competing pressures and priorities, i.e., production, versus safety and health, needs to be clearly spelled out.

Develop a System of Accountability for all levels of the organization. Everyone must play by the same rules and be held accountable for their areas of responsibility. Signs of a strong culture is when the individuals hold themselves accountable.

Develop Measures and an ongoing measurement and feedback system. Drive the system with upstream activity measures that encourages positive change. Examples include the number of hazards reported or corrected, numbers of inspections, number of equipment checks, JSA's, pre-start-up reviews conducted, etc.

While it is always nice to know what the bottom line performance is, i.e., accident rates, overemphasis on these and using them to drive the system typically only drives accident reporting under the table. It is all too easy to manipulate accident rates which will only result in risk issues remaining unresolved and a probability for more serious events to occur in the future.

Develop Policies for Recognition, rewards, incentives, and ceremonies. Again, reward employees for doing the right things and encourage participation in the upstream activities. Continually reevaluate these policies to ensure their effectiveness and to ensure that they do not become entitlement programs.

Awareness Training and Kick-off for all employees. It's not enough for a part of the organization to be involved and know about the change effort - the entire site needs to know and be involved in some manner. A kick-off celebration can be used to announce it's a "new day" and seek buy-in for any new procedures and programs.

Implement Process Changes via involvement of management, union (if one is present), and employees using a "Plan To Act" process Total Quality Management (TQM).

Continually Measure performance, Communicate Results, and Celebrate Successes. Publicizing results is very important to sustaining efforts and keeping everyone motivated. Everyone needs to be updated throughout the process. Progress reports during normal shift meetings allowing time for comments back to the steering committee opens communications, but also allows for input. Everyone needs to have a voice, otherwise, they will be reluctant to buy-in. A system can be as simple as using current meetings, a bulletin board, and a comment box.

On-going Support - Reinforcement, feedback, reassessment, mid-course corrections, and on-going training is vital to sustaining continuous improvement.

Source: OSHA

_____________________________________________________________________________________________

7 Guiding Principles of Integrated Safety Management

Source: DOE

1. Line Management Responsibility for Safety.

Line management is directly responsible for the protection of the public, the workers, and the environment. As a complement to line management, the Department's Office of Environment, Safety and Health provides safety policy, enforcement, and independent oversight functions.

2. Clear Roles and Responsibilities.

Clear and unambiguous lines of authority and responsibility for ensuring safety shall be established and maintained at all organized levels within the Department and its contractors.

3. Competence Commensurate with Responsibilities.

Personnel shall possess the experience, knowledge, skills, and abilities that are necessary to discharge their responsibilities.

4. Balanced Priorities.

Resources shall be effectively allocated to address safety, programmatic, and operational considerations. Protecting the public, the workers, and the environment shall be a priority whenever activities are planned and performed.

5. Identification of Safety Standards and Requirements.

Before work is performed, the associated hazards shall be evaluated and an agreed-upon set of safety standards and requirements shall be established which, if properly implemented, will provide adequate assurance that the public, the workers, and the environment are protected from adverse consequences.

6. Hazard Controls Tailored to Work Being Performed.

Administrative and engineering controls to prevent and mitigate hazards shall be tailored to the work being performed and associated hazards.

7. Operations Authorization.

The conditions and requirements to be satisfied for operations to be initiated and conducted shall be clearly established and agreed-upon.

5 Core Functions of Integrated Safety Management

1. Define the Scope of Work. Missions are translated into work, expectations are set, tasks are identified and prioritized, and resources are allocated.

2. Analyze the Hazards. Hazards are associated with the work identified, analyzed, and categorized.

3. Develop and Implement Hazard Controls. Applicable standards and requirements are identified and agreed-upon, controls to prevent/mitigate hazards are identified, the safety envelope is established, and controls are implemented.

4. Perform Work Within Controls. Readiness is confirmed and work is performed safely.

5. Provide Feedback and Continuous Improvement. Feedback information on the adequacy of controls is gathered, opportunities for improving the definition and planning of work are identified and implemented, line and independent oversight is conducted, and, if necessary, regulatory enforcement actions occur.

____________________________________________________________________________________________

OVERVIEW OF SAFETY MANAGEMENT SYSTEM ELEMENTS

Effective management is the key to reducing the numbers and severity of workplace injuries and illnesses in the workplace. This means using proven management methods to find and understand existing and potential hazards, and then either preventing or controlling those hazards.

A direct relationship exists between effective management and low numbers and severity of injuries. A well-managed safety and health program prevents or controls employee exposure to toxic substances or other unhealthful conditions that can cause sickness. This chapter briefly reviews elements of an SMS that mirrors those found in OSHA's draft document, Managing Worker Safety and Health.

THE ELEMENTS

All safety management systems consists of programs, policies, plans, processes, procedures, practices, rules, etc., that effectively interact to accomplish the following: to make sure all employees recognize and understand the actual and potential hazards of the workplace; to prevent or control those hazards; and to train employees at all levels so they understand the potential hazards they may be exposed to and know how to help protect themselves and others. To accomplish this, we may divide a safety management system into four basic parts or elements:

• Leadership and Involvement

• Systems Analysis and Evaluation

• Hazard Prevention and Control

• Education and Training.

Each element is further divided in several recommended actions. Additional source information for study will be added to each element.

LEADERSHIP AND INVOLVEMENT

This element describes the leadership that management and employees provide to ensure workplace safety and health and to encourage involvement in protection efforts. Many of the actions listed under this element are applicable to all areas of business management. The actions cover:

• Developing an effective Safety Plan and Policy

• Developing Goals and Objectives,

• Demonstrating Leadership Through Example and Engagement

• Encouraging Employee Involvement,

• Assigning Responsibility,

• Providing Adequate Authority and Resources,

• Accountability, and

• Evaluation.

DEVELOPING A PLAN AND POLICY. By developing a clearly stated safety management plan and policy, you help everyone understand the importance of safety and health protection in relation to other organizational values. By clearly communicating the policy to all employees, you ensure that no confusion will exist when a conflict arises between two of these values, such as productivity and safety or health. Here is the language of the Guidelines that describes this desired action:

DEVELOPING GOALS AND OBJECTIVES.

You make your general safety and health policy specific by establishing clear goals and objectives for your program. These set the framework for assigning responsibility. Each employee should be able to see his/her work activities in terms of moving toward goals and achieving objectives. Establish and communicate goals for safety and health programs and objectives for meeting each goal, so that all members of the organization understand the results wanted and the measures planned for achieving them.

DEMONSTRATING LEADERSHIP.

It's true that, "you can not NOT teach." Every day, managers, supervisors, and employees teach others something about who they are and what they do as leaders. It's important that managers and supervisors teach effectively leadership. When effective, leadership can be learned and copied. If employees see the emphasis that managers and other employees place on safety and health, they are more likely to emphasize it in their own activities. It is important for all managers and supervisors to follow safety and health rules and work practices scrupulously to provide an example for rank and file workers. Managers can demonstrate leadership in many other ways as well: for example, conducting plant-wide safety and health inspections and program audits; personally stopping activities or conditions that are hazardous until the hazards can be corrected or controlled; personally tracking safety and health performance; and -- an essential management function -- holding themselves and employees accountable for their actions.

INVOLVING EMPLOYEES

The best worker safety and health protection occurs where everyone at the worksite shares responsibility for protection. For that to happen, all employees, from top to bottom, must know that they are helping to shape the safety culture. Employees at all levels should be actively involved in finding and correcting safety and health problems. This does not mean the employer gives up responsibility and authority. OSHA places responsibility for worker protection from occupational hazards squarely on the employer. The wise employer, however, uses employees' unique knowledge and experience to help find problems and resolve them successfully.

ASSIGNING RESPONSIBILITY.

Everyone in the workplace should have some responsibility for safety and health. Clear assignment helps avoid overlaps or gaps in accomplishing needed activities. In particular, you should make sure that the safety/health "expert" is not assigned line responsibility that properly belongs to line managers and supervisors. This line responsibility would include functions such as supervising and evaluating a worker's performance in areas of safety and health, providing on-the-job training in safe work practices and personal protective equipment (PPE), and encouraging worker participation in safety and health activities. The responsibilities should flow logically from the objectives that were set to meet safety management system goals and objectives.

PROVIDING AUTHORITY.

Any realistic assignment of responsibility must be accompanied by needed authority and adequate resources. The latter includes appropriately trained and equipped personnel as well as sufficient operational and capital funding. The language of the Guidelines is:

HOLDING EVERYONE ACCOUNTABLE.

Once you have assigned responsibility and provided instruction, appropriate authority and adequate resources to employees, you must follow up by holding these persons accountable for achieving what they have been asked to do. Accountability is crucial to helping employees understand how critical their individual performances are and to teaching them to take personal responsibility for their performance.

ANALYSIS AND EVALUATION

Safety management system analysis and evaluation is a combination of systematic actions that provide you with the information needed to understand and improve the existing safety management system. While these actions may appear complicated at first glance, they consist of activities that already are being performed in most workplaces. Analyzing workplace inspection and program audit strategies include:

• Comprehensive Hazard Identification

o Comprehensive Hazard Surveys

o Change Analysis

o Routine Hazard Analysis

• Regular Site Safety and Health Inspections

• Employee Reports of Hazards

• Accident/Incident Investigations

• Injury and Illness Trend Analysis

IDENTIFYING HAZARDS

There are three components of a complete hazard inventory from which a program of prevention and control can be designed. The first of these is the comprehensive survey. This is the most basic of all the tools used to establish the inventory of hazards and potential hazards at your worksite. This survey is best performed by experts from outside the worksite who have a broad-based knowledge that includes safety engineering, industrial hygiene, and in most cases, occupational medicine. After the initial survey, comprehensive surveys need to be repeated only periodically: these will enable the expert who is conducting the survey to apply new information about hazards or methods of control.

The second component of comprehensive hazard identification is change analysis. This means what its name suggests: each time there is a change of facilities, equipment, processes, or materials in your workplace, the intended change before being introduced should be analyzed for hazards. This helps you avoid exposing your workers to new hazards. You also avoid the needless expense of retrofitting controls after installation and use.

The final component of a complete hazard inventory is routine hazard analysis. The basic form of this analysis, which is useful at every type of worksite, is the job safety analysis. This analysis divides a job into tasks and steps and then analyzes the potential hazards of each step. The analysis then produces a method of prevention or control to reduce exposure. One variation that is used at worksites with highly complex hazards -- such as chemicals or nuclear energy -- is the process hazard analysis. This analysis reduces a process to its smallest elements and then identifies the hazards of these elements and devises preventive measures or controls. In rapidly changing workplaces such as construction, phase hazard analysis is another useful form of the routine hazard analysis. Here each phase of the rapidly changing work is analyzed for the new hazards it may introduce so that preventions or controls can be devised.

CONDUCTING SAFETY INSPECTIONS.

Safety inspections should be performed by personnel in the workplace. Do not make the mistake of relying solely on the safety manager and/or safety committee: It's everyone's' job. . Employees will need training to recognize hazards that can slip out of the controls designed to reduce employee exposure. Inspectors also should watch for hazards that may not have been identified in the comprehensive survey or uncovered by other means.

REPORTING HAZARDS.

A successful safety management system identifies and corrects problems before any harm is done. Provide one or more systems for employees to alert you to hazards, and guarantee that employees who report hazards will be protected from harassment. Employees will need to be thanked, and see timely and appropriate responses to their reports. These responses are visible evidence of management's commitment to worker safety and health and your desire for meaningful employee involvement.

INVESTIGATING INCIDENTS AND ACCIDENTS.

Investigating accidents and incidents presents another opportunity to find hazards and design prevention and controls. For each accident, there usually are several steps that must be taken to prevent future occurrences.

ANALYZING INJURY AND ILLNESS TRENDS.

It is useful to review injuries and illnesses that have occurred over a period of time, including those illnesses that do not appear to be occupationally related. Such an analysis may reveal patterns or clusters that suggest common worksite causes or origins not apparent when the cases first were recorded.

PREVENTING AND CONTROLLING HAZARDS

Once you have inventoried the hazards and potential hazards of your workplace, you can begin designing a program of prevention and control. Your program will consist of:

• Appropriate Controls

• Preventive Maintenance

• Emergency Preparation

• Medical Program

APPROPRIATE CONTROLS.

In designing a program of prevention and control, the ideal choice always is prevention of employee exposure to a hazard. To do this, safety managers use the familiar "hierarchy of controls" to prioritize their hazard control strategies. The hierarchy of controls involves first removing the hazard or preventing exposure through engineering controls. Where complete removal of the hazard is not feasible, the next best choice is complete enclosure. Where complete enclosure is not feasible, a combination of partial enclosure, safe work practices, and other administrative controls is the next best choice. To supplement these controls, you may need to use personal protective equipment (PPE).

This hierarchy of controls is subject to some variation. There may be situations, for example, where PPE is the primary means of hazard control, as in oxygen-deficient environments where respirators are essential. Because every workplace has its unique characteristics, a careful hazard analysis is a critical preliminary to decisions about controls.

Safe work practices and PPE place special responsibilities on the employees who use them. Employees should be trained (and OSHA standards require that you provide training in specified situations) to understand why they need these protections and how they can use these methods to protect themselves and others. You should stress the seriousness of these protections in every possible way, including, when necessary, the use of fair and consistent discipline.

MAINTAINING EQUIPMENT.

A good equipment corrective and preventive maintenance program can keep engineering control systems working as intended and can prevent ordinary non-hazardous equipment from becoming hazardous.

PREPARING FOR EMERGENCIES.

Planning and preparing for emergencies is an essential part of any effective safety and health program. The greater the possibility of an emergency, the more preparation should be done. All employees should know exactly what they must do in each type of emergency. With sufficient practice the responses needed at times of crisis can become practically automatic.

INVOLVING MEDICAL PROFESSIONALS.

Having a medical management program does not necessarily mean having an onsite doctor or nurse. It does mean involving occupational health professionals in worksite analysis for hazards, in hazard prevention and control programs, in early recognition and treatment of injuries and illnesses, and in limiting the severity of illness and injury. For smaller businesses, these important tasks can be arranged by contract with occupational health professionals. In addition to health professionals, other employees should be trained in first aid and CPR.

EDUCATING AND TRAINING EMPLOYEES

For an effective safety management system, it is crucial that everyone understand their role in that program, the hazards and potential hazards that need to be prevented or controlled, and the ways to protect themselves and others. You can achieve such a program by:

• Ensuring that employees understand hazards,

• Ensuring that supervisors understand their responsibility to:

o analyze the work under their supervision of hazards,

o maintain physical protections, and

o reinforce and enforce needed protective measures; and

• Ensuring that managers understand their responsibilities.

EMPLOYEES.

At a minimum, employees must know the general safety and health rules, specific site hazards and the safe work practices needed to help control exposure, and the individual’s role in all types of emergencies. You usually can achieve this by thorough orientation, periodic safety and health training, and emergency drills. Additional specialized training may be needed to teach skills required for the job or for activities under the safety and health program. Most safety training will be hands-on-how-to (HOHO) and adequately documented with certifications of competency.

MANAGERS AND SUPERVISORS.

All managers, top to bottom, and supervisors should be given special instruction training to help them in their leadership role. They need to understand and carry out their basic obligations to employees. Basic obligations include providing training, enforcing safety rules, recognizing excellence, adequate oversight, providing resources and support, and, of course, personal leadership by example. They should be taught to look for hidden hazards in the workplace under their supervision, to insist upon the maintenance of the physical protection in their areas, and to reinforce employee hazard training through performance feedback and, when necessary, fair, consistent enforcement.

SUMMARY

Effective design, implementation and performance of a safety management system will ultimately translate into fewer injuries and illnesses, higher employee morale, higher productivity, improved product quality, and reduced business costs. This manual can help you implement a quality safety and health management program to provide that protection. The information we present is useful whether you own or manage a small or large business. We predict that your efforts to protect your workers will be amply rewarded.

____________________________________________________________________________________________

Safety Management System Implementation

Source: DOE

Achieving a consistent record requires two conditions: (1) broad appreciation of precisely what is meant by “effective implementation,” and (2) availability of a tool to promote and provide the ability to achieve or enhance effective implementation—both for those work activities transitioning from the process of selecting standards into the implementation phase and for those work activities seeking to make improvements in ongoing implementation initiatives and practices.

IMPLEMENTATION: BASIC DEFINITION

Implementation, in its broadest sense, deals with getting the work done, with the steps that follow the selection and approval of a set of standards for the work and the hazards. Implementation deals with the following elements:

1. Department line management and contractor management implement necessary and sufficient sets of standards to provide protection during the accomplishment of work, including all requirements imposed by law.

2. Department line management and contractor management incorporate agreed-upon standards through design, operating and administrative controls

3. Work is performed in compliance with design, operating, and administrative controls

4. Implementation of the agreed-upon standards is confirmed

5. Compliance with agreed-upon standards is maintained, and noncompliances are resolved in a timely manner.

Another way to envision the scope of implementation is by using the basic figure depicting the five functions accomplished by a Safety Management System (SMS). Using this communication model, implementation is the cumulative scope of the three shaded elements: establish controls, perform work, assess and feedback.

IMPLEMENTATION: EXPANDED DEFINITION

Using this basic representation of implementation, a more specific definition can be derived. Additionally, the more exact definition can be used to introduce the concept of “effectiveness,” the recognition of when these functions are done well.

[pic]

Figure 2. Implementation and Integrated Safety Management.

As a first step in refining the definition, implementation was defined in terms of its scope: Implementation represents the scope of activity encompassed in (1) planning work, (2) performing work, (3) performance assessment, and (4) providing and addressing feedback. This basic definition was then expanded by defining specific starting and ending points for each of the components of implementation (see below), and then by introducing the notion of “effectiveness.”

Combining the preliminary definitions with the statements of starting and ending points produced a clearly articulated framework for understanding and communicating the concept of effective implementation, effective work planning, effective work performance, effective performance assessment, and effective work feedback.

Effective Implementation: Planning and performing the work in accordance with the agreed-upon standards, confirming this has been done, and maintaining and improving work planning and performance based on feedback.

Effective Work Planning: Reaching agreement on standards and expectations for refined definitions of work down to the level of activity at which work is performed, concluding with the informed acceptance of expectations by those responsible for the performance of work. Informed acceptance means with full knowledge and understanding of all management expectations.

|Component |Start Point |End Point |

|Work Planning |Work, hazards, and N&S standards for the work |Informed acceptance of expectations for the work |

| |have been defined |by those responsible for the performance of work |

|Work Performance |Approval to proceed with work |Completion of the approved work |

|Performance Assessment |Approval to performs work |Completion of the approved work |

|Work Feedback |No specific starting point; can start anytime in |Disposition of feedback |

| |the process | |

Figure 3. Parameters for Implementation Components.

Effective Work Performance: Performing work safely and in accordance with the work plans and work controls incorporated in the work plans.

Effective Performance Assessment: Providing recognized and credible information on strengths and weaknesses of work planning and performance.

Effective Work Feedback: Appropriately using assessment information for maintaining performance or achieving improvement.

The relationship of ownership to responsibility and accountability deserves discussion in light of the different perceptions that were encountered during the preparation of this report. Responsibility for work can be assigned, and individuals can be held accountable for performing the work. Ownership cannot be assigned. It arises within an individual as a result of the informed acceptance of responsibility and accountability for defined work. In some cases, individuals can feel ownership for all of the work of their organization, even work for which they are not directly responsible. This broader sense of ownership can be highly productive when expressed in appropriate ways, through teamwork, for example.

|Work Planning |Work Performance |Assessment |Feedback |

|• Worker input |• Safety experience |• Basis for assessment at each |• Feedback from worker |

|• Customer input |• Safety behavior |level of planning and performance |• Feedback to worker |

|• Documentation |• Cost and schedule experience | |• Lessons learned |

|• Communication methods |• Worker authority versus | |• Performance metrics |

|• Maintaining information current |responsibility | |• Trending |

|• Integration of standards |• Worker confidence | | |

|(including cost and schedule | | | |

Areas of Specific Focus

21 ATTRIBUTES OF EFFECTIVE SAFETY MANAGEMENT SYSTEM IMPLEMENTATION

1. Planning, performance, and assessment are focused on the work.

2. ES&H standards are integrated with other expectations for the work.

3. Line ownership of ES&H is evident.

4. Worker ownership, confidence, and job satisfaction are evident.

5. DOE and contractor line management provide tangible evidence of commitment to implementation of agreed-upon standards.

6. Workers know and understand operational and strategic objectives.

7. Managers and workers promote compatibility between individual motives and institutional norms.

8. Workers have timely participation in work planning.

9. Work planning is carried out with an integrated project approach.

10. Work planning and work controls are based on collective knowledge.

11. Information necessary for work planning and performance is reliable, readily available, and communicated with appropriate tools and methods.

12. Training and qualification of workers support reliance on judgment and expertise.

13. Workers know, understand, and believe in agreed-upon standards.

14. Managers do not allow worker ownership without informed acceptance.

15. Work is conducted in accordance with agreed-upon work controls.

16. Performance of work is based on worker knowledge and ownership.

17. A formal program of self-assessment supports organizational learning.

18. Assessment criteria are developed during work planning.

19. Assessment criteria are based on agreed-upon expectations.

20. Cost effectiveness is one measure of performance.

21. Planning and performance of work are responsive to feedback.

These 21 attributes relate to all four components of effective implementation (planning, performance, confirmation, and feedback). Some attributes, rather than lying exclusively within the boundaries of one of these components, have broad reaching implications that are equally applicable, and equally essential to each of the four components. Others are more specifically focused on a particular component of implementation. The attributes are presented in a single list; the numbers are used simply to discriminate among the attributes and are not intended to suggest relative importance or order of examination.

The set, as noted, does not provide a template, model, or checklist for assessing or achieving effective implementation. Each attribute, and the set as a whole, must be carefully considered in light of the particular circumstances governing its proposed use. In this regard, each attribute is described using a structure designed to allow potential implementers to make judgments regarding the appropriate degree to which the attribute is and should be in evidence in the workplace. With the same goal of fostering thinking rather than promoting prescription, select examples of how each attribute has been observed among the visited sites is provided again, not as models to be replicated, but as examples of the various means by which the attribute has been introduced.

ATTRIBUTE 1: Planning, performance, and assessment are focused on the work.

Evidence of Attribute: At each level of work management, the identification of standards for the work begins with a characterization of the work, the work environment, and the hazards associated with the work. The level of detail for the characterization is necessary and sufficient for the identification of the standards appropriate for the level of work management. (For example, the level of detail will be greater for identifying task level work controls than will be needed for identifying contract requirements or site level standards.) Work performance is focused on completing the work in a manner that meets all applicable standards, including, as appropriate, ES&H, quality, productivity, schedule, and design standards. Assessment is focused on performance to meet objectives and expectations, and on how improvements in performance could be effected by changes to the design of the work or modification of the standards.

Benefits of Attribute: An integrated approach to work planning, performance and assessment requires a global approach that is best achieved by focusing on the central issue: the work. (Focusing on hazards or requirements tends to result in segregation of issues—stovepiping.) The result of focusing on the work is a more substantive and accurate characterization of the work, work environment and hazards, and the identification of standards that are constructively related to (i.e., necessary and sufficient for) safe performance of the work. This improves safety, worker morale, and program efficiency.

ATTRIBUTE 2: ES&H standards are integrated with other expectations for the work.

Evidence of Attribute: ES&H standards are incorporated into the work planning process and are addressed concurrently with the other management expectations for the performance of the work. Work design takes into account the potential for reducing or eliminating hazards. Multidisciplinary work planning teams include ES&H professionals along with the workers and the other technical disciplines relevant to the safe, efficient performance of the work. Line managers and workers understand that their responsibility encompasses safety as will as other aspects of work performance. Self-assessments address all aspects of work performance—safety, quality, and efficiency—with a particular focus on conformance with agreed-upon work controls.

Benefits of Attribute: Work plans that integrate all expectations eliminate conflicts and result in a more uniform understanding of performance criteria. Line manager and worker ownership is encouraged when accountability for safety is clearly established. Worker confidence and safety are improved. Efficiency is not threatened by add-on safety requirements after work planning is completed.

ATTRIBUTE 3: Line ownership of ES&H is evident.

Evidence of Attribute: Line managers establish and communicate goals for the integrated ES&H program and objectives for meeting those goals in a manner that conveys full understanding of expectations to all workers. They provide active and visible leadership in implementing the program so that all workers (contractor, subcontractor, and facility users) understand that management commitment is genuine and enthusiastic. Line managers facilitate and encourage employee involvement in the structure and operation of the program, as well as in the decisions that affect their safety and health, and the protection of the environment. Worker commitment to achieve program goals and objectives is fostered and maintained by line managers. Responsibility (and associated accountability) is assigned and communicated for all aspects of the program so that all managers, supervisors, and employees in all parts of the organization know what is expected of them.

Benefits of Attribute: Ownership by line managers and workers, achieved by involvement in the day-to-day incorporation of safety into operations at every level, provides continued reductions in all levels and kinds of injuries and environmental incidents. The establishment of a positive, team-oriented work environment produces continued improvement of efficiency and performance by using managers and workers as a diverse source of technological and operational experience and ideas.

ATTRIBUTE 4: Worker ownership, confidence, and job satisfaction are evident.

Evidence of Attribute: Workers can describe why their jobs are important and can describe what job ownership (informed acceptance) means. Workers express pride in their jobs and are confident in their abilities to perform safely and efficiently. Workers express not merely a sense of ownership in their own jobs, but joint ownership of the organizational goals as well. Management provides opportunities for workers to expand their skills and knowledge. Workers are confident that they are meeting management's expectations. Workers express satisfaction with their jobs and with their organization. Workers believe that communications to and from management are effective and adequate. Management regularly applies, and pays attention to, measures of worker confidence and satisfaction.

Benefits of Attribute: Work ownership by qualified individuals meets individual goals of competency, esteem, and achievement; and meets management goals of accomplishing work safely and effectively. Although research on “job satisfaction” varies widely, individual feelings of self-worth, competency, and satisfaction generally do promote greater productivity and better work performance. Job satisfaction may even enhance safety performance. Job satisfaction also aids integration of individual and institutional needs.

ATTRIBUTE 5: Host and contractor line management provide tangible evidence of commitment to implementation of agreed-upon standards.

Evidence of Attribute: Personnel at each organizational level express the belief that higher levels of management are committed to implementation of agreed-upon standards. An active self-assessment program is aimed at improving performance of work to meet and exceed agreed-upon standards. Performance assessments and associated award systems use the agreed-upon standards as measures of performance. Non-conformance with standards results in rapid and effective corrective action by management.

Benefits of Attribute: Workers respond to what they see, not what they are told; management inconsistency results in workforce confusion and demoralization. Tangible evidence of management commitment to implementation of agreed-upon standards provides the workforce with a logical, clear and consistent sense of direction. Experience has shown that this motivates workers to meet and exceed standards, and to identify and initiate correction of non-conformances.

ATTRIBUTE 6: Workers know and understand operational and strategic objectives.

Evidence of Attribute: Workers are able to describe how their work fits into the overall work of their site and of the DOE. Workers know what work is to be done, and workers understand how that work will support the announced goals for their site and for DOE. That is, workers also understand why work is being done. DOE and company management communicate objectives and goals to workers, and help to show workers how their work supports the objectives and goals.

Benefits of Attribute: Workers want to feel that their work matters, that their contribution makes a difference. By helping workers know and understand DOE and company goals, management helps workers see that their work has a purpose. A worker who knows his or her work is important in supporting an announced goal will be more involved than a worker who doesn't know how or if his or her work contributes. Fostering a knowledge of goals helps foster a sense of responsibility in the worker, which can lead to improved performance. In addition, a worker who knows what his or her work supports is in a much better position to suggest work enhancements and improvements.

ATTRIBUTE 7: Managers and workers promote compatibility between individual motives and institutional norms.

Evidence of Attribute: Managers communicate and gain worker acceptance of institutional norms (such as organizational structure, training, advancement policies, benefits, working conditions, and management behavior). Institutional norms reflect consideration of individual motives (such as security, interpersonal relationships, competence, esteem, and achievement). Managers adjust institutional norms as necessary (and as possible) to support workers’ individual motives. Workers are able to identify the rationale underlying institutional norms that affect their interests. Workers are encouraged to communicate their interests and concerns to managers. The most recent examples of worker concerns indicate effective management response.

Benefits of Attribute: When managers and workers understand the need for compatibility between individual motives and institutional norms, open communication can be established and maintained. Cooperative engagement is easier to achieve. Workers identify more readily with the organization and job satisfaction is enhanced, which usually results in improved productivity.

ATTRIBUTE 8: Workers have timely participation in work planning.

Evidence of Attribute: Workers express confidence that the results of the work planning and the associated work controls adequately reflect their knowledge of the work and the work environment. The timely participation of workers (e.g., on committees or teams) in work planning is institutionalized. Timely means that the workers at all levels responsible for doing the work—contribute to the development of work plans, not merely that they are given an opportunity to comment on the plans.

Benefits of Attribute: Employee involvement in planning results in better work because of their collective, detailed knowledge of the processes/operations and the work environment associated with the work. It also ensures their knowledge and understanding of the work, the hazards, and the ES&H and other standards applicable to the work. Workers who are knowledgeable about the work, hazards, and standards perform better and develop a sense of ownership for the work. Workers are more likely to support and use programs in which they have input. Also, workers who are encouraged to offer their ideas and whose contributions are taken seriously are more satisfied and productive.

ATTRIBUTE 9: Work planning is carried out with an integrated project approach.

Evidence of Attribute: Work planning procedures require formal (documented) consideration of potential interactions and interfaces between individual tasks within the work plan and between the defined work and other activities that can affect or be affected by the work. Work plans reflect this requirement. Individuals with task responsibilities are knowledgeable or aware of the other tasks within the defined work and who the other members of the work team are.

Benefits of Attribute: Using an integrated project approach provides all involved with a full and complete perspective of the work, eliminating fracturing of efforts, overlaps in assignments, and potential for stovepiping requirements. In terms of ES&H, the inclusion of relevant management and workers involved in integrated ES&H program activities will ensure that these considerations are not added to work at a later stage, but rather integrated up-front in the work planning effort to take advantage of potential savings and schedule streamlining opportunities while minimizing program redundancies.

Hazards and interferences arising out of interactions and interfaces are identified and resolved during the planning process (e.g., radiation sources behind walls where work is being performed; limited resources being assigned to two concurrent tasks; one task requiring power and a second task requiring the circuits to be de-energized). An integrated project approach supports the goal of informed acceptance by managers and workers and enhances both safety and efficiency.

ATTRIBUTE 10: Work planning and work controls are based on collective knowledge.

Evidence of Attribute: Multi-disciplinary teams plan work, decide on the work controls, and determine the criteria for performance assessments. The teams include the workers who are to perform the work. The teams depend mainly on consensus building but are encouraged to consult management to achieve timely resolution of differences and concerns. Where appropriate, multi-disciplinary teams are also used to perform the work. Communication among team members and between them and management is formally encouraged.

Benefits of Attribute: Workers feel ownership for the work and the work controls. Morale and performance are improved when workers are empowered to apply their knowledge to the design and planning of the work they do. Involving workers in the selection of criteria for performance assessments improves their understanding of the expectations for the work and their corresponding commitment.

ATTRIBUTE 11: Information necessary for work planning and performance is reliable,

readily available, and communicated with appropriate tools and

methods.

Evidence of Attribute: Information is delivered in a manner that is easy for the planners and workers to use and understand. Those who rely on the information are confident in its validity (currency and accuracy) and are able to use it in the forms presented. Configuration control is maintained so that changes that may affect the work are incorporated in ongoing and new tasks.

Benefits of Attribute: Work proceeds safely and efficiently when information is reliable, available, and useful. Rework is reduced and worker safety is enhanced. Worker and management confidence is increased, and costs and schedules can be maintained.

ATTRIBUTE 12: Training and qualification of workers support reliance on judgment and expertise.

Evidence of Attribute: Workers are knowledgeable of and can describe the details of systems they work with; they understand and can describe the hazards present as well as their magnitude; they are familiar with and can describe the details of engineered and/or administrative controls and processes which govern the conduct of their work.

Secondarily, individual job assignments are developed with input from the workers, which includes an identification and analysis of hazards. From this understanding of the work and hazards, an assessment of required knowledge, skills, and abilities is developed, a suitable pedagogy and plan for acquiring the needed skills and capabilities is assembled, and progress towards achieving and maintaining the plan is tracked. No work is performed until suitable proficiency is demonstrated.

Benefits of Attribute: Workers trained and qualified to plan and perform the work will reduce the need for highly proceduralized work controls. This results in (1) efficient performance of quality work in accordance with agreed-upon standards and (2) appropriate responses to unusual or unexpected events and circumstances.

ATTRIBUTE 13: Workers know, understand, and believe in the agreed-upon standards.

Evidence of Attribute: Workers can describe the relationship between the standards and the work and hazards. They speak of the standards using possessive forms (“our standards” not “they want us to...”). They can describe the relationship between applicable higher-level standards and the standards that directly control the work for which they are responsible.

Benefits of Attribute: Gaining the full measure of worker buy-in is predicated on their understanding and acceptance of the standards. When workers know, understand, and believe in standards, they have a rationale for making sure those standards are incorporated effectively into work controls, that work controls are followed, and that timely feedback is provided when any deviation from the standards is identified. Worker commitment is far more effective than attempting to audit people into adhering to work policies and practices. Starting with participation in selecting the standards, in work planning, and in generating work controls and assessment criteria, workers can be expected to reflect a “comfort” with the standards commensurate with their degree of ownership.

ATTRIBUTE 14: Managers do not allow worker ownership without informed acceptance.

Evidence of Attribute: A method or system exists to provide workers sufficient information and skill to perform a task safely and in accordance with all applicable standards (expectations) before accepting responsibility for work. The system includes methods and resources for workers to obtain the needed skills and information about the work, work environment, hazards, and work controls through experience, training, or documentation (e.g., procedures).

Benefits of Attribute: Insisting on informed acceptance of responsibility engenders a sense of ownership. In turn, ownership that is grounded in informed acceptance ensures better performance of work, appropriate responses to unusual occurrences, and a proactive role in continued improvement.

ATTRIBUTE 15: Work is conducted in accordance with agreed-upon work controls.

Evidence of Attribute: Consistent outcome of the work demonstrates that the work controls are in place and are being followed. Self-assessments and independent assessments find few or no nonconformances with agreed-upon work controls. Workers express confidence that work controls are being followed.

Benefits of the Attribute: Conformance with agreed upon work controls provides managers and workers with confidence that there is adequate protection against the hazards identified during the work planning process and compliance with all applicable higher-level standards.

ATTRIBUTE 16: Performance of work is based on worker knowledge and ownership.

Evidence of Attribute: Workers and work teams are selected on the basis of their experience and knowledge of the work. Line management discretion is allowed to determine when procedures and other formal work controls are necessary for carrying out the work, and the degree of rigor and detail needed in the procedures. Formal, documented work controls are limited to work that is hazardous, complex, or unconventional.

Benefits of the Attribute: Limiting the use of rigorous, formal work controls to cases where they are justified gives workers a broader scope for the exercise of their skills and judgment. This extends their experience and capability to perform effectively. Line manager discretion in matching work controls to the job improves efficiency.

ATTRIBUTE 17: A formal program of self-assessment supports organizational learning.

Evidence of Attribute: A formal self-assessment program exists. People who work in the areas being assessed perform or assist in the performance of the assessments. The self-assessment program includes both objectives and procedures for drawing lessons from the information gathered during assessments (in addition to providing performance metrics). Self-assessment reports are routinely reviewed by management and the conclusions documented. Management follows up on decisions to correct deficiencies and improve performance. Internal findings of deficiency and recommendations for improvement are resolved in a timely and effective manner. External assessments generally result in neutral or positive findings. The number of negative findings from external assessments does not exceed the number of negative findings from self-assessments.

Benefits of Attribute: Active and effective use of self-assessments by people who work in the areas being assessed fosters ownership and self-improvement. Management interest in and use of self-assessment findings stimulates a culture of continuous improvement and excellent performance. Consistently good results from external assessments result in a reduced external assessment burden.

ATTRIBUTE 18: Assessment criteria are developed during work planning.

Evidence of Attribute: Work plans or documents associated with the work plans contain clear statements of the criteria by which performance will be measured against expectations. The definition or description of the expectations, criteria, and (quantitative or qualitative) methods for measuring performance are readily available to managers and workers responsible for conducting the work.

Benefits of Attribute: Defining assessment criteria during work planning establishes management expectations in the clearest possible form. This approach also contributes to informed acceptance and accountability of managers and workers, both of which contribute to improved performance.

ATTRIBUTE 19: Assessment criteria are based on agreed-upon expectations.

Evidence of Attribute: Assessment criteria correspond directly with standards and expectations established for the work. Personnel involved in selecting the standards, work planning, and work performance recognize this correspondence. They can articulate how the assessment criteria directly contribute to maintaining adherence to the standards and achieving the intended outcomes. In turn, assessment findings focus on the safety, health, and environmental consequences of inadequate standards or non-conformance with agreed-upon standards. Assessment reports identify opportunities for improvement of performance in terms of improved protection of workers, the public, and the environment. Sanctions are levied only against systemic, repeated, or egregious non-conformance with agreed-upon standards, and are balanced by explicit recognition of superior performance. Managers and workers recognize the importance in providing a thorough and timely resolution of findings.

Benefits of Attribute: Assessment criteria based on agreements foster cooperation, participation, and commitment. The participants in planning, performing, and assessing work are seen by each other and see themselves as part of a team—as a community sharing a common goal, with members contributing their particular expertise and experience toward achieving that end. When findings are identified, they are respected by management and workers. They challenge, but do not undermine, the feeling of ownership for the work and standards where it exists. They encourage and support a collaborative effort to correct deficiencies and improve performance, and provide a supportable basis for sanctions when ownership and a cooperative effort to improve are not evident.

ATTRIBUTE 20: Cost effectiveness is one measure of performance.

Evidence of Attribute: The cost of work, in terms of direct and indirect charges is both assessed and tracked. Managers and workers contribute to a cost-effective balance among safety, economy and effectiveness in the planning and conduct of work. Cost considerations of various options are assessed. Appropriate measures and indicators are used for timely estimating, forecasting, capturing, and tracking of costs. Agreed-upon goals are developed. Programs are in place to assess the costs incurred, to compare them with the benchmarks, to make acceptable improvements, and to keep workers informed of the status.

Benefits of Attribute: Confidence that all resources are effectively utilized helps to foster organizational stability and provides an environment for effective short- and long-term planning. Plans may be more meaningfully developed and credibly assessed or defended. Staffing levels are defensible as necessary for the performance of work, and thus stabilized against nonprogrammatic influences. Changes in staffing level are more easily planned and accommodated. Opportunities for economies of scale are more readily identified and assessed. Decisions for appropriate allocation of resources to eliminate/mitigate risk are better informed and an improved basis for agreement on these decisions is obtained.

ATTRIBUTE 21: Planning and performance of work are responsive to feedback.

Evidence of Attribute: Processes exist for analyzing feedback and for incorporating it as lessons learned for future work planning and performance. When feedback is incorporated into changes in work planning and performance, it is done in a timely manner. Initiators of feedback express satisfaction with the responses. Workers can describe the feedback mechanisms they employ or have available to them and can point to tangible examples of where their feedback has resulted in changes to work planning and performance.

Benefits of Attribute: A process of continuous improvement is engendered: as worker knowledge and experience increases, improvements are introduced throughout the spectrum of planning and performance. Results are seen in more effective tailoring of work controls to the work, the hazards, and the physical and human characteristics of the work environment. Workers and supervisors develop a basis for enhanced understanding of efficient and effective work practices. Line management is kept informed of the efficiency and effectiveness of mechanisms they establish for the control of work. Worker pride and ownership are strengthened.

____________________________________________________________________________

Getting Top Management Commitment

Source: Steven Geigle, CSHM

It is essential to the success of your company's safety and health program that top management demonstrate not only an interest, but a long term serious commitment to protect every employee from injury and illness on the job. But, if you think you don't have that level of commitment, how do you get it? Real commitment doesn't just appear out of thin air. What is the secret?

Management commitment to safety will occur to the extent they clearly understand the positive benefits derived from the effort. Understanding the benefits will create a strong desire to improve the company's safety culture. Managers will invest serious time and money into effective safety management by developing formal programs, policies, plans, processes and procedures. They will also display leadership through effective accountability and recognition of behaviors and results.

Employers "do" safety (a behavior) for one or more reasons:

• To fulfill the legal imperative. At this level, the primary goal is to fulfill the obligation to comply with OSHA rules. To stay out of trouble. Do only what has to be done to meet minimum requirements. Safety is not a priority or value.

• To fulfill the fiscal imperative. Employers who are motivated to do safety understand the financial benefits derived from effective application of safety systems. The primary reason for "doing safety" shifts to maximizing profits. The goal is to fulfill the obligation to stakeholders to operate the business in a fiscally prudent manner. The employer will do whatever needs to be done reactively and proactively to save on direct and indirect costs of accidents. The employer will likely go beyond minimum legal requirements if needed. Safety is most likely a high priority...However, it may be subject to rapid change when the going gets tough.

• To fulfill the social imperative. Employers who, for whatever reason, have come to the realization that long-term corporate survival depends on more than maximizing short-term profits, will value and tap into the incredible creative potential of each employee, from janitor to president. Managers appreciate the inherent value of each employee, not just as a worker, but as a corporate "family" member. They also realize and value the roles their employees fulfill away from work, in the community, as mothers, fathers, coaches, helpers, etc. Employers strive to fulfill their obligation to each employee, local community, and general society to support and protect the welfare of all employees. Safety is perceived as a core corporate value that does not change when the going gets tough.

It's a question of leadership

Every day, employees, supervisors and managers have many opportunities to communicate and act in ways that demonstrate safety leadership. Unfortunately, these opportunities go unanswered because they are not seen as opportunities. Employers and manager do not understand that the simple expression of tough-caring safety leadership can result in enormous benefits. The inability to perceive leadership opportunities as they arise limits the company's potential to succeed.

It's appropriate to assume that employees at all levels of the organization are good people trying to do the best they can with what they've got. The problem is, they don't always have the physical resources and psychosocial support to achieve the kind of results expected of them. Why? Ultimately, the workplace culture may not support effective safety management and leadership.

Corporate culture...

The way we perceive "The way things are around here"...can exert a great influence on leadership styles. We can associate three fundamental leadership styles to the three management imperatives discussed above. Let's take a look at this association.

The tough-coercive leadership model

In this approach, managers are tough on safety to protect themselves: to avoid penalties. The manager's approach to controlling performance may primarily rely on the threat of punishment. The objective is to achieve compliance to fulfill legal or fiscal imperatives. The culture is fear-driven. Management resorts to an accountability system that emphasizes negative consequences. By what managers do and say, they may communicate negative messages to employees that establish or reinforce negative relationships. Here are some examples of what a tough-coercive leader might say:

▪ Punishment - "If I go down...I'm taking you all with me!" (I've heard this myself!)

▪ Punishment - "If you violate this safety rule, you will be fired."

▪ Punishment - "If you report hazards, you will be labeled a complainer."

▪ Negative reinforcement - "If you work accident free, you won't be disciplined."

As you might guess, fear-driven cultures, by definition can not be effective in achieving world-class safety because employees work (and don't work) to avoid a negative consequence. Employees AND managers all work to avoid punishment...consequently the motivations driving behaviors are likely to be driven by fear and selfish. Bottom-line...the culture is not healthful to employees at all levels of the organization. It may be successful in achieving compliance...but that's it.

The tough-controlling leadership model

Managers are tough on safety to control losses. They have high standards for behavior and performance, and they control all aspects of work to ensure compliance.

This leadership model is most frequently exhibited in the "traditional" management model. As employers gain greater understanding, attitudes and strategies to fulfill their legal and fiscal imperatives improve. They become more effective in designing safety systems that successfully reduce injuries and illnesses, thereby cutting production costs. Tight control is necessary to achieve numerical goals. Communication is typically top-down and information is used to control. A safety "director" is usually appointed to act as a cop...controlling the safety function.

Tough-controlling leaders move beyond the threat of punishment as the primary strategy to influence behavior. However, they will rely to a somewhat lesser extent on negative reinforcement and punishment to influence behavior. Positive reinforcement may also be as a strategy. Tough-controlling leadership styles may or may not result in a fear-based culture. Examples of what you might hear from a tough-controlling leader include:

▪ Negative reinforcement - "If you have an accident, you'll be disciplined."

▪ Negative reinforcement - "If you don't have an accident, you won't lose your bonus."

▪ Positive reinforcement - "If you comply with safety rules, you will be recognized."

Extinction, the withholding of positive reinforcement, is common in cultures in which managers employ the tough-controlling leadership style because, once again...the manager is more likely to be concerned with his or her own success than the success of "subordinates". Consequently, production, profitability, morale and all other long term bottom-line results are not as positive as they might otherwise be. Why? Although excellence is requested, the safety system is designed to produce compliance behaviors.

The tough-caring leadership model

Managers are tough on safety because they have high expectations and they insist their followers behave, and they care about the success of their employees first. This is a self-less leadership approach.

The tough-caring leadership model represents a major shift in leadership and management thinking from the selfish tough controlling model. Managers understand that complying with the law, controlling losses, and improving production can best be assured if employees are motivated, safe, and able.

Management understands that they can best fulfill their commitment to external customers by fulfilling their obligation to employees...their internal customers. Communication is typically all-way: information is used to share so that everyone succeeds. A quantum leap in effective safety (and all other functions) occurs when employers adopt a tough-caring approach to leadership. A safety "coordinator" may be appointed to help all corporate functions "do" safety. This results in dramatic positive changes in corporate culture which is success-driven.

Although positive reinforcement is the primary strategy used to influence behaviors, tough-caring managers are not reluctant in administering disciplined when it's justified because they understand it to be a matter of leadership. But, before they discipline, managers will evaluate the fulfillment of their own accountabilities first. If they have failed in that effort, they will apologize and correct their own deficiency rather than discipline. What are you likely to hear from a tough-caring leader?

▪ Positive reinforcement - "If you comply with safety rules, report injuries and hazards, I will personally recognize you."

▪ Positive reinforcement - "If you get involved in the safety committee, you will be more promotable."

▪ Positive reinforcement - "If you suggest and help make improvements, I will personally recognize and reward you."

You can imagine that in a tough-caring safety culture, trust between management and labor is promoted through mutual respect, involvement and ownership in all aspects of workplace safety.

So you're committed? Show me the time and money

Top management may communicate their support for safety, but the real test for commitment is the degree to which management acts on their communication with serious investments in time and money. When management merely communicates their interest in safety, but does not follow-through with action, they are expressing moral support, not commitment.

Leaders get what they give!

Real commitment is an expression of tough-caring leadership by example. Integrity, character, and discipline are values that all managers seek in their employees. Employees will demonstrate these important attributes when (and only when) they see management exhibiting these values first. Great leaders truly care about those they lead. What better way to demonstrate leadership then by providing a safe and healthful place of work for all employees.

___________________________________________________________________________________________

Leadership Traits

SOURCE: SBA

Over the past several years, one of the most important contributions psychology has made to the field of business has been in determining the key traits of acknowledged leaders. Psychological tests have been used to determine what characteristics are most commonly noted among successful leaders. This list of characteristics can be used for developmental purposes to help managers gain insight and develop their leadership skills.

The increasing rate of change in the business environment is a major factor in this new emphasis on leadership. Whereas in the past, managers were expected to maintain the status quo in order to move ahead, new forces in the marketplace have made it necessary to expand this narrow focus. The new leaders of tomorrow are visionary. They are both learners and teachers. Not only do they foresee paradigm changes in society, but they also have a strong sense of ethics and work to build integrity in their organizations.

Raymond Cattell, a pioneer in the field of personality assessment, developed the Leadership Potential equation in 1954. This equation, which was based on a study of military leaders, is used today to determine the traits which characterize an effective leader. The traits of an effective leader include the following:

1. Emotional stability. Good leaders must be able to tolerate frustration and stress. Overall, they must be well-adjusted and have the psychological maturity to deal with anything they are required to face.

2. Dominance. Leaders are often times competitive and decisive and usually enjoy overcoming obstacles. Overall, they are assertive in their thinking style as well as their attitude in dealing with others.

3. Enthusiasm. Leaders are usually seen as active, expressive, and energetic. They are often very optimistic and open to change. Overall, they are generally quick and alert and tend to be uninhibited.

4. Conscientiousness. Leaders are often dominated by a sense of duty and tend to be very exacting in character. They usually have a very high standard of excellence and an inward desire to do one's best. They also have a need for order and tend to be very self-disciplined.

5. Social boldness. Leaders tend to be spontaneous risk-takers. They are usually socially aggressive and generally thick-skinned. Overall, they are responsive to others and tend to be high in emotional stamina.

6. Tough-mindedness. Good leaders are practical, logical, and to-the-point. They tend to be low in sentimental attachments and comfortable with criticism. They are usually insensitive to hardship and overall, are very poised.

7. Self-assurance. Self-confidence and resiliency are common traits among leaders. They tend to be free of guilt and have little or no need for approval. They are generally secure and free from guilt and are usually unaffected by prior mistakes or failures.

8. Compulsiveness. Leaders were found to be controlled and very precise in their social interactions. Overall, they were very protective of their integrity and reputation and consequently tended to be socially aware and careful, abundant in foresight, and very careful when making decisions or determining specific actions.

Beyond these basic traits, leaders of today must also possess traits which will help them motivate others and lead them in new directions. Leaders of the future must be able to envision the future and convince others that their vision is worth following. To do this, they must have the following personality traits:

1. High energy. Long hours and some travel are usually a prerequisite for leadership positions, especially as your company grows. Remaining alert and staying focused are two of the greatest obstacles you will have to face as a leader.

2. Intuitiveness. Rapid changes in the world today combined with information overload result in an inability to "know" everything. In other words, reasoning and logic will not get you through all situations. In fact, more and more leaders are learning to the value of using their intuition and trusting their "gut" when making decisions.

3. Maturity. To be a good leader, personal power and recognition must be secondary to the development of your employees. In other words, maturity is based on recognizing that more can be accomplished by empowering others than can be by ruling others.

4. Team orientation. Business leaders today put a strong emphasis on team work. Instead of promoting an adult/child relationship with their employees, leaders create an adult/adult relationship which fosters team cohesiveness.

5. Empathy. Being able to "put yourself in the other person's shoes" is a key trait of leaders today. Without empathy, you can't build trust. And without trust, you will never be able to get the best effort from your employees.

6. Charisma. People usually perceive leaders as larger than life. Charisma plays a large part in this perception. Leaders who have charisma are able to arouse strong emotions in their employees by defining a vision which unites and captivates them. Using this vision, leaders motivate employees to reach toward a future goal by tying the goal to substantial personal rewards and values.

Overall, leaders are larger than life in many ways. Personal traits play a major role in determining who will and who will not be comfortable leading others. However, it's important to remember that people are forever learning and changing.

Leaders are rarely (if ever) born. Circumstances and persistence are major components in the developmental process of any leader. So if your goal is to become a leader, work on developing those areas of your personality that you feel are not "up to par". For instance, if you have all of the basic traits but do not consider yourself very much of a "people" person, try taking classes or reading books on empathy. On the other end, if relating to others has always come naturally to you, but you have trouble making logical decisions, try learning about tough-mindedness and how to develop more psychological resistance. Just remember, anyone can do anything they set their mind to...

_____________________________________________________________________________________________

Managers get what they design!

Source: Steven Geigle, CSHM

They say "perception is reality." If you perceive a lack of top management commitment to safety and health, what can you do about it. First of all, think about fixing the system... not the blame. It's all about system design. If management is not demonstrating commitment through action, then you have an opportunity to become a key player to get things moving.

With the help of the safety committee you can "educate up" to help management gain the all-important vision and understanding needed positively affect attitudes and subsequent behaviors that give workplace safety the emphasis it deserves. Now let's take a look at what you can do.

We need to know who we are to be more effective at what we do

Your first step may be quite simple, yet it can have a major long-term impact on safety and health in the workplace. Propose that the company include the concept of safety in their vision statement and mission statement.

The vision statement let's the employee and customer know who you are by defining the role your company plays and what its basic values are. The vision statement reflects the corporate culture. One way to understand corporate culture is to think of it as the company's unique "personality" setting it apart from all others.

|Sample Vision Statement - XYZ Widgets values its "relationship with customer" above all. To be successful we treat all employees as valued |

|internal customers. We respect their ideas, value their work, and provide whatever is needed so that they may accomplish excellence in a |

|safe-productive manner. Doing this empowers our employees so that they may manifest our values daily with our external customers. |

The mission statement tells the world what you do -- why your company exists, by stating its intended purpose. The mission statement lets everyone know what your company's produce or service is; who its customers are; what its service territory is.

|Sample Mission Statement - It is the mission of XYZ Widgets to safely manufacture and deliver the highest quality megalithic cyberwidgets to our|

|valued customers throughout the Western United States. |

If your company doesn't have a mission statement, try to develop one and convince management of the benefits that will result from a written mission statement. Now let's take a look at two basic approaches employers may adopt in safety and health program management.

Reactive vs. Proactive Safety Strategies

Don't just react to safety

It's sad but true - some companies have adopted an approach to safety and health that emphasizes a reactive strategy. A reactive approach assumes that accidents just happen, and there's not much that can be done about it. Consequently, the company places most of its effort reacting to accidents after they occur. A reactive response occurs after an injury or illness and usually has the purpose of minimizing the costs associated with the injury or illness. Reactive safety programs always cost much more than proactive programs...always...because they aren't implemented until an injury or illness has occurred. When management emphasizes a reactive approach to safety and health, it sends two negative messages to employees, (1) we don't care about you, and (2) it's all about money, not your safety. Here are some examples of reactive safety programs.

Be business smart...be proactive

A proactive strategy emphasizes anticipation: doing whatever it takes to make sure accidents never happen in the workplace. There are no excuses for an accident. A proactive response to safety and health in the workplace occurs before an accident has occurred. It anticipates and tries to prevent accidents. By emphasizing accident prevention, management sends a message of caring to all employees. Proactive strategies are always less expensive than reactive strategies because the company makes investments that result in potentially huge returns. Remember, proactive programs are implemented to prevent future injuries and illnesses. Here are some examples of proactive safety and health programs.

Goals and objectives

So now you have a mission statement developed. The next step is to think of some proactive goals and objectives to improve your company's safety and health program.

Goals are easy to write. They're nothing more than wishes. However, operational objectives take a little more thought. Well written objectives should have the following elements present:

• Starts with an action verb. (Decrease, increase, improve, etc.)

• Specifies a single key result to be accomplished.

• Is quantifiable. Uses numbers to measure a desired change. (i.e., 50% increase)

• Specifies a target date for accomplishment.

For example, operational safety objectives might be written like this:

• "Increase the number of safety suggestions to 25 a month by July 31st."

• "Reduce the number of back injuries in the warehouse by 70% by the end of 1997."

Remember to work with the safety committee to share the goals and objectives with everyone in the company. By the end of this course you should be able to think of many more ways to increase management commitment.

Talk money... the bottom line

Have you ever proposed a recommendation to correct a hazard or improve a procedure, only to have it fall on what appears to be deaf ears? Odds are, management cares very much about safety and health in the workplace, but like you, they are very busy. When a busy manager receives a recommendation from the safety committee, and it's merely a vague one-liner like, "We need to install a new guardrail in the warehouse," the likely response might be to put it on the back burner.

Dan Petersen, Author of Safety Management: A Human Approach, states that, "Management is first of all interested in how the safety professional's ideas relate to the profits of the organization. That is, what will management get in return for the money it is being asked to spend? Thus, safety people ought to be dollar-oriented when talking to management. Even if management understands the language of frequency and severity rates, dollar indicators ought to be used instead."

Effective recommendations describe costs and benefits

According to the National Safety Council figures for 2003, when considering all industries nationally, the average direct and indirect claim cost for a non-lost-time injury is about $7,000. The average for a more serious lost-time injury is over $38,000, and a fatality averages $1,100,000.

Indirect costs, according to the NSC figures above, average 1.6x direct costs. However, it's important to understand that indirect costs may be much higher. Three things to remember in when estimating indirect costs:

• The lower the direct cost, the higher the ratio between the direct and indirect costs. For instance, if someone suffers only minor injury requiring a few hundred dollars to close the claim, the indirect/direct costs ratio may be much higher than the NSC average.

• Capital intensive operations, where large sums have been invested in facilities, realize higher and average indirect/direct cost ratios. For example, if someone is seriously or fatally injured on a oil-drilling rig, resulting in operations shutting down for a day or so, many thousands of dollars in lost production will result. In high capital intensive work processes, the expected ratio between direct and indirect costs may be 5x to 50x.

• Labor intensive operations, where more investment is made in labor than capital assets, realize lower indirect/direct cost ratios. Someone may suffer a serious injury, but operations are not as likely to be significantly impacted. In labor intensive operations the expected ratio between direct and indirect costs may be 2x to 10x.

Take a look and download OSHA's Safety Pays software program that can be helpful in determining direct and indirect cost. You can use these figures to demonstrate the benefits of taking corrective action.

Your supervisor may ask you what the Return on Investment (ROI) will be. If the investment in corrective actions is $1,000, and the potential accident could cost the company $38,000 sometime in the foreseeable future (let's say five years), just divide $38,000 by $1,000 and you come up with 3800 percent. Divide that total by 5 years and you come up with an ROI of over 760 percent a year! Whoah! Now that's a return!

Management may want to know how quickly the investment will be paid back: what the Payback Period is. Just divide $38,000 by 60 months and you come up with $633 per month in potential accident costs. Since the investment is $1,000, it will be paid back in a little under two months. After that, the corrective action may be considered as actually saving the company some big money. Now that's talking the bottom line!

_____________________________________________________________________________________________

Management Leadership

Source: OSHA

Effective protection from occupational hazards takes leadership and commitment from top management. Management leadership provides the motivating force and the resources for organizing and controlling activities within an organization. In an effective program, management regards worker safety and health as a fundamental value of the organization. Ideally, this means that concern for every aspect of the safety and health of all workers throughout the facility is demonstrated.

Does your safety and health system incorporate:

• Reasons for establishing a safety and health program (or the worksite policy),

• Where you want to end up (or the goal), and

• The path to your goal (objectives).

These are some of the actions recommended by OSHA to ensure that management leadership is in place.

Other recommended actions for management leadership include visible management involvement, assigning and communicating responsibility, authority and resources to responsible parties and holding those parties accountable. In addition, management should ensure that workers are encouraged to report hazards, symptoms, injuries and illnesses, and that there are no programs or policies which discourage this reporting.

Visible Leadership

Successful top managers use a variety of techniques that visibly involve them in the safety and health protection of their workers. Managers should look for methods that fit their style and workplace. Some methods include:

• Getting out where you can be seen, informally or through formal inspections.

• Being accessible.

• being an example, by knowing and following the rules employees are expected to follow.

• Being involved by participating on the workplace Safety and Health Committee.

___________________________________________________________________________________________

DEMONSTRATING LEADERSHIP

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

You usually hear that an effective safety culture must include top management commitment. However, the truth is that any world-class safety culture requires visible commitment from all managers, supervisors and employees. That commitment is essential, and it can be demonstrated by everyone from top to bottom in an organization.

In this chapter we will describe ways to provide visible leadership. Ideally, this means involvement in a program that shows concern for every aspect of the safety and health of all workers throughout the site. Therefore, we have included a description of a system for ensuring that contract workers are both protected from hazards and prevented from endangering employees of the owner-company.

An understanding of the principle that "you can not NOT teach" is critical to a leadership effort. We need to understand that what we say and do, at every point in time, teaches someone something about us. We create a story and communicate many things:

• who we are as a person

• what we think and believe

• how we feel about things

• what we consider important

• how much we care, or don't care

Successful managers and supervisors take advantage of many opportunities during the workday to demonstrate leadership. A variety of techniques that visibly involve them in the safety and health protection of their workers. These methods generally can be classified as:

• Getting out where you can be seen

• Being accessible

• Being an example

• Taking charge

GETTING OUT WHERE YOU CAN BE SEEN

In recent years, we often hear the phrase "management by walking around." This describes a manager who frequents all parts of the operation, getting to know the people who make it happen, and seeing firsthand what is working well and what isn’t. This can succeed not only as a tool for management but also as a message to employees. Employees who see the manager "walking around" likely will come to believe that he/she cares about what they are doing and how well they are doing it. And when they see that certain areas -- like safety and health -- interest the top brass, they become more aware of these areas.

In the area of worker safety and health, this style of management can be demonstrated either informally or formally.

Informal Action.

A manager who stops to get hazardous conditions or practices corrected as he/she walks through operations areas impresses workers with the importance of health and safety. As you conduct your walk-around be particularly aware of short cuts in safe work procedures that are being taken to speed production. The involved manager knows that short cuts that cancel out safety and health precautions are a form of Russian roulette. It is only a matter of time until an employee and the company get hurt.

No worker or supervisor wants to have the top manager stop the work until it can be done correctly. Consequently, this kind of informal involvement is a strong inducement for your employees to do the job right the time.

If you also stop occasionally to compliment workers on how well they are following safe work procedures, you can expect your comments to have a strong positive influence on the desired behavior.

This type of involvement should be a fairly routine occurrence. If it happens only "once in a blue moon," it will not have significant impact. And it only works for managers who are out in operational areas several times a week (if not several times every day). This informal style is particularly well-suited for the small business where the owner/manager, of necessity, spends considerable time in the operations areas.

To catch and correct hazards, you also must have a thorough knowledge of what is safe and healthful. A top manager who lacks expertise or is unsure of his/her knowledge should not try to interfere with lower level managers and supervisors who do possess shop safety and health expertise.

Formal Inspections.

A more formal method of getting out where you can be seen is to conduct surprise inspections. These inspections must occur often enough to make a difference. Housekeeping inspections are the variety most commonly performed by top managers, possible because the plant or site manager need not be a safety or health expert to spot housekeeping violations or problems. However, such inspections do not merely provide an opportunity for management visibility: good housekeeping contributes significantly to safe and healthful conditions.

Some managers give positive or negative points during these inspections and award prizes or a rotating trophy to the department that does the best.

A plant or site manager can accomplish much the same result by unexpectedly accompanying the safety committee or safety and health professional during a regularly scheduled inspection. Again, the element of surprise and the frequency of the manager’s involvement are important.

BEING ACCESSIBLE

If you can "manage by walking around," you will find many opportunities to listen and respond to employee questions and comments. But even if your duties prevent you from spending a lot of time in the site’s operations areas, you still can make yourself available to your employees through more formal systems. Take care, however, that your involvement does not undercut the authority of the managers and supervisors you have given primary responsibility for ensuring safety and health. Being accessible means walking a careful line between encouraging employees to use that access and interfering with their normal relationships and responsibilities.

Informal "Instant" Access.

Once again, this informal method is well-suited to the small non-union business owner/manager. If you get into operations areas frequently, encourage your employees to speak up about problems they see interfering with getting the work done in a safe and healthful manner. (Obviously, you need not focus only on safety and health.) Take their concerns and questions seriously and make sure they get timely and appropriate responses. In return, your employees will continue to let you know what is troubling them.

In an organized workplace, such employee concerns may first have to be presented to the exclusive bargaining representative.

Open Door Policy.

If your managerial work keeps you in your office, an "open door" policy might be a good choice for you. Your office door must actually remain open, either continually or during regularly scheduled and well communicated time periods. This technique may not work for managers who must have frequent private meetings. Encourage employees to drop by and discuss their safety and health concerns, without fear of reprisal, if they have been unable to get satisfactory answers through normal supervisory channels.

If you a are the owner or top manager of a business, you have delegated certain responsibilities to other worksite managers and supervisors. You want to avoid undercutting their authority since that would interfere with their ability to carry out those responsibilities. At the same time, you want to demonstrate your own commitment to reducing safety and health hazards and protecting your work force. How do you walk this fine line?

• Put a complete safety and health program in place.

• Hold your managers and supervisors strictly accountable.

• Encourage employees to use the routine systems afforded to them by the safety and health program.

• Forge a partnership with your managers and supervisors that encourages employees to speak out and use the system.

Each method you use to improve workplace safety and health protection will work even better if complemented by the other techniques of good management. While the chapters of this manual separate safety and health program management into component parts, a functioning program is the sum of all those parts. Therefore, it would be a mistake to allow managers to pick and choose, using some program parts and not the rest.

ACCOUNTABILITY

Managers and supervisors held accountable for their safety and health responsibilities are more likely to press for solutions to safety and health problems than to present barriers to problem resolution. They are more likely to suggest new ideas for hazard prevention and control then oppose new ideas. By holding your managers and supervisors accountable, you encourage their positive involvement in the safety and health program.

The next step is to encourage the rest of your work force to use the system built into the program and to do their part.

Encourage employees to take full advantage of opportunities to become involved in problem identification, problem solving and hazard reporting. Then, when they do become involved, make sure they get appropriate and timely management feedback, including recognition and reward.

When your program's systems are working well, most safety and health problems will be resolved before your employees feel the need to approach you directly. Big problems may arise, however, that the normal systems cannot handle. Your supervisors probably will understand that these problems are not a reflection on them, and that you are the proper person to address these concerns.

What should you do when an employee brings a problem or suggestion to your attention? Listen carefully! Then tactfully ask what attempts have been made already to solve the problem or submit the suggestion. In other words, what systems -- safety and health program mechanisms -- have already been used?

Perhaps the employee will respond that he/she has spoken with the supervisor but has gotten no action. This may indicate a problem within your program. Although unlikely, the problem may be a supervisor who genuinely does not care about having a safe or healthful workplace. Rather than approach this situation as a personal matter involving this particular supervisor, focus on how the system is not working. Maybe the supervisor did not understand the issue raised by the employee or could not explain to the employee why no action was necessary. Make clear to the supervisor's manager that you want the problem within the system to be resolved. If the supervisor's attitude is at least part of the problem, give the supervisor and his/her manager a chance to work it out. It is not a good idea to confront the supervisor based on one incident.

Obviously, if your accountability system is going to work, any individual who continues to present barriers to effective safety and health management will have to be held accountable. It is important, however, to try to separate any accountability activity from your immediate response to employee-raised questions, concerns or suggestions.

Remember, too, that your safety and health systems not only encourage employee involvement in identifying hazards and resolving problems, but also protect those employees from retaliatory and discriminatory actions, including unofficial harassment.

FORGING A PARTNERSHIP

Make sure your supervisors know you understand that not every safety or health problem can be solved at the supervisory level. Call upon your managers and supervisors to help make the employee input systems work. Think of your work units -- crews, department -- as teams striving to identify and solve problems throughout whatever system mechanisms are needed. Your managers and supervisors are the team leaders, working with you and the other players toward a common goal.

You may wish to reward or otherwise recognize the teams that report hazards or suggest new hazard control ideas. Recognition can be based on the submission of reports and suggestions or on the quality of employee input. Let your managers and supervisors know that when an employee brings a safety or health matter to your attention, you consider that a good reflection of the supervisor's leadership.

Employees should not be required to make an appointment. That will discourage all but the most determined. Remember, you want to make this a casual, informal tool so that everyone will feel comfortable with it. Chances are once employees test your policy and work gets around that your door really is open, employees will not make frequent use of this access so long as your other systems are working well. Consequently, you need not be concerned about frequent visits that could disrupt your other duties.

More Formalized Access

As top manager at your worksite, perhaps you cannot spend a lot of time in operations areas, and your need for private meetings may preclude an open door. You may choose to schedule periodic meetings where you speak directly with hourly employees, skipping over mid-level management personnel. These meetings are usually open for any questions, comments, or concerns that employees may have, but they are particularly useful as a forum for health and safety issues. The size of the group probably should not exceed 200, so in larger businesses more than one meeting may be required to hear all employees. Some top managers choose to hold a separate meeting with first-line supervisors and other managers with whom they do not regularly interact. You may need to try various group sizes before finding the one that best fits your style.

The success of such meetings will depend on you, the top official at the worksite: whether you create a climate where employees feel free to speak up, and how you handle the questions they raise. Treat all questions with respect, even if, from your perspective, the answer seems simple or the concern unwarranted. Try to imagine how the situation looks to the employee. Take the time to give a clear explanation. When you don't know the answer to a question, or when you need to know more about the circumstances surrounding an issue, don't be afraid to say so. Be sure, however, that you follow up thoroughly, and that all employees who attended the meeting see or hear your response.

The Birthday Lunch.

This is another, less formal version of the scheduled access meeting. The plant or site manager provides a lunch for all employees with a birthday during a given time period. This kind of meeting usually works best when you keep it small (approximately 20 participants), but you may want to experiment with size. Grouping people by birthdate results in a reasonably random selection of employees from all parts of the worksite.

Try to steer the conversation to questions or concern that your employees may have. In a small group such as this some people may be frightened to speak up about perceived problems. Aim for a warm atmosphere that encourages a frank exchange. Otherwise, most of the suggestions for a successful formal access meeting also will hold true for the birthday lunch.

BEING AN EXAMPLE

Providing a good example is one of the most important ways management can become visibly involved in safety and health.

Following the Rules.

Make sure you know all the rules that employees are expected to follow. Then make sure you and your subordinate managers follow them scrupulously. Your workplace may have some rules that apply only to people who will be working with specified equipment. To the extent practical, you and your managers should follow these rules also, even if you are just visiting for a few minutes and will not be working directly with the equipment.

Setting an Example for Supervisors.

If you see an infraction of the rules or safe work practices, do not ever let it go uncollected. Your insistence on working in a safe and healthful manner will be a model for your supervisors.

TAKING CHARGE

Make it clear to everyone that you are in charge of ensuring that your site is a safe and healthful place to work. One technique widely used in the chemical industry is for the site manager to chair the central safety committee. But taking charge of safety and health protection also means holding your subordinate managers and supervisors accountable. And it means insisting that any contract work at your site be done in a safe and healthful manner.

Chairing the Central Safety and Health Committee.

In its usual form, the central committee is made up of the worksite executive staff. At some sites, hourly employees occupy two or three positions. Employee membership can be rotated throughout the hourly workforce to provide maximum training and awareness experience.

By chairing this committee, attending regularly and participating actively, you show your subordinate managers and employees that you are taking charge of safety and health protection. The committee, of course, must have serious tasks to accomplish, and it should meet at least monthly.

Insisting on Accountability.

Regardless of your workplace’s formal system of accountability, your employees will watch you for clues to what is important. If you never raise the subject of safety and health with your managers, they eventually will assume that you don’t care. Therefore, it is particularly important for you to demonstrate a tough-caring leadership approach: One that insists that managers and supervisors all up and down the line both carry out their own responsibilities and require employees to follow safe work practices. Why? Because you care about everyone's welfare. You're tough because you care: That's the tough-caring leadership approach.

Ensuring Safe and Healthful Contract Work.

The actions of contract workers can have an adverse impact on the safety and health of everyone at the site. Where contact workers and your own employees are intermingled, any unsafe practices or conditions of contract work will jeopardize your own employees. But even if contract workers are removed somewhat from your normal operations, your employees will benefit from knowing that you insist on good safety and health practices and protection for every worker at your worksite.

Bidding Process. You should insist that all potential contractors meet certain requirements as a qualification for bidding on your work:

• The contractor must have an acceptable level of experience modifier rate (EMR), set by that company's insurer. The lower the EMR, the better a company's past safety performance record.

• The contractor must have an implemented safety and health program.

You or your agent should instruct all bidders to include in their costs any expenses necessary to meet OSHA standards and the rules of your worksite. Make sure potential contractors understand that you intend these precautions to be fully met.

Take special care with the company with no known experience. It may have gone by another name last year. There usually is a good reason for a name change, and it probably does not bode well for the performance you can expect.

Contract Language. The contract you use should spell out precisely what you expect of the contractor’s safety and health program management. If the contractor’s work involves potential hazards to your workers and/or the community, then the skill, education and experience requirements for the contractor’s employees should be specified. If you expect them to go beyond OSHA standards in certain areas, such as fall protection on a construction contract, then the contract should so state. The following requirements are frequently specified in contracts:

• Employee safety and health orientation and periodic safety and health training/meetings.

• A formally established relationship with a physician and contractor employees at the site who are trained in first aid;

• Regular safety inspections and, where applicable, industrial hygiene monitoring, with discovered hazards to be corrected promptly; and

• An appropriately trained safety and health coordinator.

There also should be specific language in the contract giving your agent the right to:

• Monitor safety and health activities,

• Investigate contractor accidents/incidents,

• Require that any worker who continues to violate safe work practices be removed from the site, and

• Remove the contract company from the site if the requirements of the contract are not being met.

Further, the contract should require that your agent be informed of all chemicals or other hazardous substances the contractor intends to bring onto the worksite.

Monitoring Contract Work. Your routine general inspections should include those locations where contract work is being performed. Unsafe work or work violating any part of the contract should be helped and corrected through the appropriate supervisor, if possible. Your agent should check to make sure that contract employees are informed, not only about serious hazards to which their own company’s work may expose them. Obviously, your own employees also will need to know about, and be prepared to protect themselves against, any hazards associated with the contracted work.

Arrange to include the contract employees in evacuation and other emergency drills. (You should also make plans for handling vendor employees and visitors to the site.)

Follow Through. Use the safeguards that you put into the contract. If you discover inexperienced laborers being assigned to work that involves significant hazards, despite repeated warnings and the contract clause requiring training, cancel the work and reopen bids. If, after being corrected and cautioned, certain workers continue to violate safe work practices, remove these workers from the site. If a contract company continues to violate rules or refuses to make corrections, then close the contract. Taking these actions may cost you some time, but that cost is insignificant compared to the potential loss of time, money, and lives if an unqualified contract worker makes the wrong moves.

You have the power and obligation to assure safe and healthful conditions at your worksite. Let it be known throughout your community that, at your place of business, only safe and healthful work is acceptable. In the long run, you will find that contract companies willing to insist on safe and healthful work also will be the most efficient and cost effective.

SUMMARY

As the owner or top manager at a worksite, your visible commitment to safety and health can make a major difference in the quality of worker protection. You can choose among a variety of formal and informal methods and styles for achieving this impact. Small businesses are probably better suited for the more informal approaches.

Demonstrate to everyone in your company that you are vitally interested in worker safety and health. Do this by making yourself accessible: encourage your employees to speak up about safety and health, listen carefully, and then follow through. Set a good example: follow the rules, make time to carry out your safety and health responsibilities, and insist that your managers and supervisors do the same. Make sure everyone understands that you are in charge of a business where safety and health will not be compromised and where hazard awareness and safe work practices are expected of everyone, including on-site contractors and their workers.

___________________________________________________________________________________________

DEVELOPING POLICIES, GOALS AND OBJECTIVES

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

When planning a safety management system, you first decide and put in writing your reason for establishing various programs within the system. This is your policy. Next you decide where you want to end up. This is your goal. Then you map out the path toward your goal, the roads you will take and the vehicles you will use. These are your objectives. In this way you decide the direction of your program.

This chapter will explain how to write and communicate your safety and health policy, and how to set and evaluate your goal and objectives. You will find many examples and worksheets to help you on your way.

POLICY STATEMENTS

The company states its commitment through a written and clearly communicated policy for workplace safety and health. This policy stresses the top priority of employee safety and health. The policy statement should be signed by the highest ranking company official on the site.

THE PRIORITY OF SAFETY AND HEALTH

A truly successful company places workplace safety and health ahead of such priorities as production, sales and quality control. If your policy statement makes this clear, it will be easier for employees to choose the correct action when a conflict arises between safety and health and other priorities. Here are some examples of policy statements that convey this belief:

"People are our most important resource. Our company’s principal responsibility is the safety and health of our employee."

"Every employee is entitled to a safe and healthful place in which to work."

"No job is so important is can’t be done in a safe and healthful manner."

"If it is not safe and healthful, we will not do it."

WRITING A POLICY STATEMENTS

Policy statements can vary in length and content. The briefest are typically basic statements of policy only. Longer statements may include company philosophy. Still others will address the safety and health responsibilities of management and other employees.

Some policy statements will cover in detail items such as specific assignment of safety and health duties, description of these duties, delegation of authority, safety and health rules and procedures, and encouragement of employee involvement. While some companies may wish to include these additional items in the policy statement, OSHA believes it usually is best to leave these details for later discussion.

This worksheet is designed to help you develop your safety and health policy statement. It contains examples of specific statements often found in safety and health policies. These are examples only, but they may give you ideas for a policy statement that expresses your style, your attitudes and your values.

INTRODUCTORY STATEMENT

The written policy statement generally starts with a clear, simple expression of your concern for and attitude about employee safety and health. Examples of introductions of policy statements include:

• This company considers no phase of its operation or administration more important then safety and health. We will provide and maintain safe and healthful working conditions, and we will establish and insist on safe work methods and practices at all times.

• Accident prevention is a primary job of management, and management is responsible for establishing safe and healthful working conditions.

• This company has always believed that our employees are our most important asset. We will always place the highest priority on safe operations and on the safety and health of employees.

• The company will, at all times and at every level of management, attempt to provide and maintain a safe and healthful working environment for all employees. All safety and health protection programs are aimed at preventing accidents and exposures to harmful atmospheric contaminants.

• All members of management and all employees must make safety and health protection a part of their daily and hourly concern.

PURPOSE/PHILOSOPHY

An effective safety and health program will have a stated purpose or philosophy. This is included in the written policy statement so that both you and your employees are reminded of the purpose and value of the program. You may wish to incorporate into your policy such statement as:

• We have established our safety and health program to eliminate employee work-related injuries and illnesses. We expect it to improve operations and reduce personal and financial losses.

• Safety and health protection shall be an integral part of all operations including planning, procurement, development, production, administration, sales and transportation. Accidents and health hazard exposures have no place in our company.

• We want to make our safety and health protection efforts so successful that we make elimination of accidents, injuries and illnesses a way of life.

• We aim to resolve safety and health problems through prevention.

• We will involve both management and employees in planning, developing, and implementing safety and health protection.

MANAGEMENT RESPONSIBILITIES

Your safety and health action plan will describe in detail who is to develop the program and make it work, as well as who is assigned specific responsibilities, duties and authority. The policy statement may include a summary of these responsibilities.

For example:

• Each level of management must reflect an interest in company safety and health and must set a good example by complying with company rules for safety and health protection. Management interest must be vocal, visible and continuous from top management to departmental supervisors.

• The company management is responsible for developing an effective safety and health program.

• Plant superintendents are responsible for maintaining safe and healthful working conditions and practices in areas under their jurisdiction.

• Department heads and supervisors are responsible for preventing accidents and health hazard exposures in their departments.

• Foremen are responsible for preventing accidents and health hazard exposures on their lines.

• Supervisors will be accountable for the safety and health of all employees working under their supervision.

• The Safety Director has the authority and responsibility to provide guidance to supervisors and to help them prevent accidents and exposure to health hazards.

• Management representatives who have been assigned safety and health responsibilities will be held accountable for meeting those responsibilities.

EMPLOYEE RESPONSIBILITIES

Many companies acknowledge the vital role of their employees in the operation of a successful safety and health program by summarizing employee roles and contributions in the policy statement. Here are some examples:

• All employees are expected to follow safe working practices, obey rules and regulations, and work in a way that maintains the high safety and health standards developed and sanctioned by the company.

• All employees are expected to give full support to safety and health protection activities.

• Every employee must observe established safety and health regulations and practices, including the use of personal protective equipment.

• All employees are expected to take active interest in the safety and health program, participate in program activities, and abide by the rules and regulations of this company.

• All employees must recognize their responsibility to prevent injuries and illnesses and must take necessary actions to do so. Their performance in this regard will be measured along with overall performance.

CLOSING STATEMENT

The closing statement is often a reaffirmation of your commitment to provide a safe and healthful workplace. It also may appeal for the cooperation of all company employees in support of the safety and health program.

• I urge all employees to make this safety and health program an integral part of their daily operations.

• By accepting mutual responsibility to operate safely, we all will contribute to the well-being of one another and consequently the company.

• We must be so successful in our efforts that total elimination of accidents, injuries and illnesses becomes a way of life.

SUMMARY

Generally, a written safety and health policy statement will run 6 to 12 sentences in length. It will include some or all of the five elements listed above: an introductory statement, a statement of the purpose or philosophy of the policy, a summary of management responsibilities, a summary of employee responsibilities, and a closing statement.

One example of a safety and health policy statement is:

This company considers no phase of its operation more important than safety and health protection. We will provide and maintain safe and healthful working conditions and establish and insist upon safe work methods and practices at all times.

Safety and health shall be an integral part of all operations including planning, procurement, development, production, administration, sales, and transportation. Accidents have no place in our company.

We will work consistently to maintain safe and healthful working conditions, to adhere to proper operating practices and procedures designed to prevent injury and illness, and to comply with Federal, state, local, and company safety and health regulations.

Each level of management must reflect an interest in company safety and health objectives and is required to set a good example by always observing the rules as a part of the normal work routine. Management interest must be vocal, visible, and continuous, from top management to departmental supervisors.

All employees are expected to follow safe working practices, obey rules and regulations, and work in a way that maintains the high safety and health standards developed and sanctioned by the company.

We urge all employees to make our safety and health program an integral part of their daily operations. Then the total elimination of accidents and injuries will become not just an objective, but a way of life.

COMMUNICATING YOUR POLICY

To be effective, it is critical that your safety and health policy be communicated to all employees. You communicate your policy by word, action and example.

Communicate by Word. A new employee starts learning about the company’s attitude toward safety and health from day one. By discussing job hazards and providing training in safe work procedures, both one-on-one and in group meetings, you tell the employee that safety and health have a high priority in your company. The supervisor’s continuing emphasis on safety and health reinforces this positive company attitude.

In the smallest of companies, the safety and health policy may be easily explained and understood through spoken statements. However, for all companies, a carefully written policy statement is always recommended. A written statement:

• Clarifies policy,

• Creates consistency and continuity,

• Serves as a checkpoint whenever safety and health appear to conflict with production or other priorities, and

• Supports your supervisors in their enforcement of safety and health rules and safe work practices.

You will want to include the written statement in the information you give new employees. Be sure to post a signed policy statement on employee information bulletin boards. Another eye catching way you can communicate your safety and health policy is by your company letterhead.

Communicate by Action. What you do -- or fail to do -- speaks louder than what you say. Demonstrate your concern for your employees’ safety and health by committing resources to the prevention and control of unsafe or unhealthy work or working conditions, to safe work practices and personal protective equipment (PPE) where needed, and to safety and health training. Whenever you demonstrate a willingness to put safety and health before short-term production goals, your actions forcefully and clearly proclaim your policy.

Communicate by Example. Top management, middle managers and supervisors express the company’s attitude toward workplace safety and health by their daily example. The rules and regulations that you post on bulletin boards and discuss at meetings are useless if management does not follow and enforce them. Set an example: Use PPE properly. Operate equipment safely. Hold supervisors accountable for their safety and health responsibilities.

GOALS

The policy statements discussed above all boil down to the same concept of desiring to provide work and working conditions that are not harmful to your employees. This is in keeping with the stated purpose of the Occupational Safety and Health Act of 9170 [29 U.S.C. 651 et seq.], "to assure so far as possible...safe and healthful working conditions" and to require that each employer "furnish to each of his employees employment and a place of employment which are free from recognized hazard..." and the Act's requirement that each employer "...furnish to each of his employees employment and a place of employment which are free from recognized hazards...."

You may want to consider at least two basic types of goals: numerical and descriptive.

Numerical Goal. Numerical Goals have the advantage of being easy to measure. However, it is difficult to set a numerical goal that is both attainable and comprehensive enough to serve as destination for your journey.

• If you set a goal, for example, of zero hazards at any time, it may be so difficult to reach that you and your employees will become disillusioned long before you have a chance to reach your destination.

• You could set a goal of a certain number of injuries. In doing so, however, you ignore both illnesses and those existing hazards that have not yet resulted in an injury.

• A goal of a certain number of injuries and illnesses may not be feasible. Illnesses often are difficult to recognize until long after employees’ exposure to hazards that could have been prevented or better controlled. And as with the example above, this goal does not address hazards that have not yet resulted in injury or illness.

Descriptive Goal.

No numerical goal can be sufficiently inclusive and still attainable. Therefore, you may want to adopt a broad, descriptive safety and health goal: A comprehensive program that assesses all existing and known potential hazards of your worksite and prevents or controls these hazards. Such a goal is neither as succinct nor as easily measurable as a numerical goal. But it is attainable. Further, this goal will be helpful in setting objectives. And it should not be difficult to evaluate objectives and program results against this goal.

OBJECTIVES

Setting objectives will make the difference between a haphazard effort and a carefully planned safety management system. Careful planning is much more likely to result in the desired effects. Conduct GAP Analysis to help set objectives.

Steps in GAP Analysis

Step One: Conduct a Baseline Assessment.

Conduct inspections, audits, surveys and interviews to gather as much information as possible about the current conditions at your workplace and about practices that are already a part of your safety management system.

Is Your safety management system Complete? At a minimum, your program should reflect these four basic elements:

• Leadership and Involvement

• System analysis and evaluation

• Hazard Prevention and Control and

• Safety Education and Training

What obvious physical conditions currently exist that indicate OSHA violations or other hazards? In answering this question, you are beginning to identify your workplaces’ problems and look ahead to the solution. If you come up with an excessive number of physical problems, get these fixed before your attempt to set objectives. Not only are you vulnerable to an OSHA inspection, you are also putting your employees at risk. Further, those safety and health problems that are obvious to you are undoubtedly obvious to your employees. Correct the problems and you demonstrate your interest in their safety and health.

Step Two: Benchmark to Determine the GAP.

Here is an opportunity to get employees involved. Ask employees and supervisors to help you identify both the successful and unsuccessful parts of your program. Take a look at existing safety and health activities at your workplace and others. Which ones work well and which do not? Study your records (accidents, injury or illness data, workers' compensation rates) to see what they tell you. Review the literature such as Professional Safety and industry publications.

Step Three: Determine How to Close the GAP.

Now that you know here you stand, what do you need to get done? This is another opportunity to get employees involved in the development of your program. Allow them to participate in setting program objectives. Involvement helps create an atmosphere of acceptance and commitment to the safety and health effort.

Developing Objectives

Objectives are statements of results or performance. They are short-term, positive steps along the way to your company's goal. Workplace objectives for safety and health are similar to those you set for other business functions such as sales or production. They identify WHAT? WHEN? and HOW MUCH? They do not include a justification for why they should be done; such justification properly belongs in your policy statement. Nor do they contain a description of how they should be accomplished; those details belong in your action plan.

Identify Your Objectives.

Anything can become an objective -- from creating a safety and health committee to investigating accidents to developing an orientation program for new employees. You must decide which activities are most important to your program goal and which will help you create an effective overall safety management system. The objectives you select should be consistent with your basic safety and health policy. And they should be part of the normal business of your company, rather then special projects added on to the normal workload.

Set Your Objectives.

Objectives should be based on performance measures, that is, indicators that tell you whether you did or did not perform as expected. When setting objectives, keep the following points in mind:

• Objectives should relate to some part of your overall goal. Example: "Develop and carry out a program to train and license fork lift truck drivers." This objective relates to the part of your goal to ensure that all employees understand the hazards and potential hazards of their work and how to protect themselves and others.

• Objectives should aim at specific areas of performance that can be measured or verified. Example: "Improve safety and health performance next month," is too general an objective to be useful. Better to say, "Make weekly inspections and make certain all hazards found are corrected within 24 hours."

• Objectives should be realistic and attainable, but should still present a significant challenge.

Example: "Reduce recordable injuries in the upcoming year by 100 percent." This objective may be unattainable because of the extent and complexity of the measures needed to prevent all injuries. An objective well beyond reach can soon create a defeatist attitude among all those working toward its achievement.

On the other hand, "Reduce recordable injuries by 5 percent in the next year," can destroy employee interest by presenting too small a challenge.

To set a realistic injury reduction goal, examine your pattern of injury rates for the last 3 years, and set a goal related to improving the best point in that pattern. For example, if you had injury rates of 5.8, 5.6, and 5.7 for the past 3 years, your goal for the next year could be, "Reduce recordable injury rate to 5.0." But always remember that the Occupational Safety and Health Act was passed "to prevent the first accident," and strive to eliminate all injuries and illnesses from your workplace.

• When setting objectives, solicit input from as wide a range of employees as practical. Your ideas already may strongly influence your supervisors. Nonetheless, you will find that safety and health objectives are most effective when you discuss them beforehand with your supervisors or employees. At the least, secure their agreement or cooperation. People who feel they have helped set an objective will be most motivated to achieve that objective.

• Objectives should be understood by all those directly involved. Use terms that have a clear meaning to all concerned supervisors and employees. Leave no doubt about what is to be accomplished. Example: "Determine the cause(s) of all accidents and incidents," may be too abstract to be understood (and therefore accomplished) by those with responsibility. Be clear and specific: "Investigate all accidents and incidents at once to determine all contributing causes, and take corrective action within 24 hours of completing the investigation."

• Objectives need to be achievable with available resources. An objective that requires a large outlay of money or an increase in staff during a budget crunch probably won’t be achieved. Setting such an objective is a waste of time and effort. However, you need not discard this objective. Postpone it. For the present, create an intermediate objective of working to produce the needed resources. Remember, you travel toward your goal one step at a time. The objective you achieve this year may enable you to tackle a larger objective next year.

WRITING OBJECTIVES.

Put each objective in writing. That gives it more importance. It also helps you track your position at any time and thereby determine how far along you are in accomplishing the assignment.

Spell out in concrete terms what is to be achieved, to what degree, and by when. Be very specific in your wording, and focus on performance. You may also want to include a statement indicating the maximum amount of time or money available to accomplish the objective. In general, a well-formulated objective:

• Starts with an action verb.

• Specifies a single key result to be accomplished.

• Specifies a target date for its accomplishment.

• Is specific and quantitative; therefore, is measurable and verifiable.

• Specifies the what and when; avoids the why and how.

• Relates directly to the accountable manager’s role in the organization.

• Is readily understandable by those who will be contributing to its attainment.

• Is realistic and attainable but represents a significant challenge.

• Provides maximum payoff on the required investment of time and resources when compared with other objectives being considered.

• Is consistent with available or anticipated resources.

• Is consistent with basic organizational policies and practices.

Here are some examples of safety management system objectives:

• Conduct weekly inspections with emphasis on good housekeeping, proper use of protective equipment, condition of critical parts of equipment and preventive maintenance.

• Determine the cause(s) of any accident within 24 hours.

• Create a written system for documenting all accidents and near-misses and all subsequent investigations and corrective actions.

• Eliminate any hazard(s) identified during accident investigations and weekly planned inspections within 24 hours whenever possible.

• Complete one job safety analysis each month in each department, with follow-up revision of safe work procedures and employee training by the following month.

• Hold and evaluate emergency drills for tornadoes (where appropriate) every 6 months and a joint fire drill/evacuation with local emergency organizations every year.

Keep copies of the written objectives and use them in discussions with your supervisors and employees. Be sure your people understand their assigned responsibilities. Stress that they will be personally held accountable for these responsibilities.

DEVELOPING AN ACTION PLAN.

Actually, at this stage you're already well along in the process of assessing your current situation, identifying safety management system elements that are either lacking or in need of improvement, and formulating objectives that address your program's needs. Your action plan should address:

• What activities will be undertaken;

• Who has responsibility;

• When the action realistically should be accomplished;

• What resources are needed, for example, people, time, dollars, equipment; and

• How the action will be tracked and evaluated.

The development of your action plan presents another opportunity for employee involvement. Managers and other employees can play an important role in mapping out the details they will be expected to accomplish.

Step Is It Working?

Review your objectives periodically.

• Are you getting the desired performance from supervisors and employees?

• Are objectives being achieved?

• Are the results moving you toward your goal?

Any program or activity in which you invest time and resources on a continuing basis should prove its worth. If an objective has been achieved, but there continue to be too many injuries, too many close calls, too many unsafe acts, or no improvement in conditions, then different or additional objectives are needed.

SAMPLE ACTION PLAN

OBJECTIVE: Increase employee involvement in plant hazard assessment and control.

|Activity |1. Conduct monthly employee |2. Establish procedures for |3. Provide hazard recognition & accident |

| |safety and health meetings at |mgmt/employee participation in |investigation training to mgmt. & |

| |Division level |inspections & accident investigations |employees |

|Time Frame |Begin by June |Inspections & investigations begin by |Complete by December 3l |

| | |Sept. 30 | |

|Person(s) Responsible |Division Managers |Safety Manager |Safety Manager |

|Resources Needed |1 hour payroll, all employees, |Payroll for time spent by employees on |Payroll, training materials, possibly |

| |each month; audio-visual |inspections & investigations |outside consultant/trainer |

| |equipment | | |

|Results Expected |Employee input on s&h matters; |Inspections & investigations being |Inspections that ID all hazards; |

| |volunteers for involvement |performed |investigations that uncover root causes; |

| |programs | |fewer incidents and accidents |

|Possible Roadblocks |Employee mistrust at first; |Lack of employee interest |Cost of reduced production; unwillingness |

| |limited knowledge about all | |to spend $$ |

| |potential hazards | | |

|Status/Evaluation |Monthly reports to Safety Mgr; |Quarterly reports to CEO, look for |Keep training records; retrain |

| |evaluate yearly |patterns or trends; evaluate yearly |periodically |

SUMMARY

Your safety management system deserves to be carefully thought out and directed. The first step is to write and communicate your safety and health policy. The first step is to write and communicate your safety and health policy. This states your reasons for the program and your commitment to the health and safety of your employees. You express this policy by word (both spoken and written), by action and by example.

The second step is to set and communicate a goal for your program. This is like choosing the destination for a journey. It requires a determination of where you want to be. Your goal can be expressed either numerically or descriptively. A comprehensive and yet attainable goal is most likely to be descriptive such as the following goal:

A comprehensive program to assess all existing hazards and known potential hazards of the workplace and to prevent or control those hazards.

The third step in determining the direction of your safety management system is to map out your route by setting program objectives. To do this, you first need to know where you are: take a close look at the current state of your safety management system and your workplace. What more is needed to protect your workers’ safety and health?

The objectives that you formulate, and the steps that you choose to take to accomplish these objectives, should be specific, measurable actions that move you toward your goal. They must be attainable and yet challenging. Use the clearest possible wording, so that your supervisors and employees understand their responsibility and accountability. Once your program is set in motion, periodically review your objectives and the action plan designed to help you implement them. Is everyone performing as expected? Are the results being achieved worth the time and resources being expended? Are you moving closer to your goal?

The success of this effort depends on the commitment of top management and the participation of your workforce. Involve your supervisors and employees in the setting of program objectives and the development of an action plan. The greater their involvement in mapping the route to safety and health, the greater will be their acceptance of the challenges and responsibilities of the journey.

____________________________________________________________________________________________

Accountability Systems

Source: Steven Geigle, CSHM

Have you ever worked for someone who had responsibility or authority, yet was not held accountable by the employer? Confusion about the meaning of these important concepts appears to be wide-spread throughout the public and private sectors, and there is good reason for the confusion. According to Webster, responsible is defined as "being obliged to account [for]," while accountable is defined as being "responsible."

Let's clear up the confusion

Being assigned responsibility for Responsibility by the employer, your performance is not necessarily measured. But when you are held accountable, your performance is (1) evaluated in relation to formal standards or expectations, and (2) results in the application of positive or negative consequences.

An owner or top manager of a business delegates certain responsibilities to other worksite managers or supervisors. The owner must avoid undercutting the authority of the managers, since that will interfere with their ability to carry out those responsibilities. At the same time, the owner wants to demonstrate their own commitment to reducing safety and health hazards and protecting employees. How can this be done?

Elements of an effective accountability system

The condition of accountability in the workplace doesn't just happen. To be effective, accountability requires careful design and performance of an supportive accountability system. An effective accountability system should have the following elements to be effective:

• Established standards in the form of company policies, procedures or rules that clearly convey standards of performance in safety and health to employees. It's important that employees understand safety policies and rules, and why they are important. They need to understand the natural and system consequences of their personal behavior.

o Natural consequences refer to the hurt or health the employee will experience as a direct result of their behavior. Examples include injury, illness, and health.

o System consequences refer to the negative or positive consequences administered by the organization as a result of their personal behavior. Examples include discipline or positive recognition.

• Resources and support. To be justified, the employer must provide the physical resources and psychosocial support to enable employees to achieve the standards set.

o Physical resources include safe tools, equipment, material, facilities, environment.

o Psychosocial support includes safe procedures, reasonable workload and scheduling, suitable employee relations and effective leadership.

• An evaluation/measurement system which specifies acceptable behavior. Examples of measured safety behavior at various levels include:

o Top/Mid-level managers: Measurement at this level includes personal behavior, safety activities, and statistical results, such as following company safety and health rules, enforcing safety and health rules, arranging safety and health training and workers’ compensation costs.

o Supervisors: Measurement should include personal safety behavior and safety activities which they are able to control, such as making sure employees have safe materials and equipment, following and enforcing safety rules, and conducting safety inspections and meetings.

o Employees: Measurement usually includes personal behavior, such as complying with safety and health rules, and reporting injuries and hazards.

• Effective consequences, both positive and negative. Effective consequences will change behavior in the desired direction. The nature of, and significance of consequences is determined by the employee receiving the consequences. What works for one employee may not be effective for another.

o Negative consequences include verbal warnings, written reprimands, suspension from work and termination.

o Positive consequences include informal or personal recognition, raises, promotion and money.

• Appropriate application at all levels. An accountability plan must address all levels of management, not just line employees. Discipline is administered only if justified. Management should meet all obligations to employees to be justified. The safety management system should not have contributed to the noncompliance behavior. Positive and negative consequences should not be applied based on and employee's accident record (a result). If you don't have an accident , you'll get a bonus. Rather, consequences should result ONLY from an employee's compliance record (behavior).

• Effective program evaluation. As with any system, the design and performance of an accountability system should be evaluated on using a continuous improvement model. Safety committees or other staff may be an excellent forum for this activity.

When managers and employees are held accountable for their safety and health responsibilities, they are more likely to press for solutions to safety and health problems than to present barriers. By implementing an accountability system, positive involvement in the safety and health program is created.

____________________________________________________________________________________________

ASSIGNING RESPONSIBILITIES

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

As a business owner or manager, you have ultimate accountability for the safety and health of your employees. You cannot delegate this accountability to others in your company. You can, however, expect others to share the responsibility for certain elements of the safety and health program.

If you own or manage a small operation, you may be questioning why you should share the responsibility for safety and health. You have a strong working knowledge of your business’ everyday problems, and you are close to your employees. However, as your business grows and your workforce increases, being responsible for all the details of an effective safety and health program may become less feasible. It will be important to have a mechanism for delegating some of that responsibility.

For managers of large organizations, a method of clearly assigning safety and health responsibilities, authority and resources is an absolute necessity.

We recommend that you make use of written job descriptions. These documents can effectively:

• Clarify the specific safety and health responsibilities and authority of individuals, and

• Distribute responsibilities between supervisors and rank and file employees.

In this Chapter we discuss how to develop useful job descriptions that spread safety and health responsibilities throughout your organization. You will need to:

• Review your existing organizational structure,

• Decide what part each position should play in your total safety and health program and what level of authority and resources will be needed,

• Decide and assign the responsibilities for each position, and

• Discuss assigned responsibilities with the people involved.

THE VALUE OF WRITTEN JOB DESCRIPTIONS

An individual job description describes the most important characteristics and responsibilities of a position. An organization’s job descriptions, when viewed collectively, describe the total company structure and work systems including the safety and health management system.

You may already have written job descriptions for all the positions in your company. This chapter will help you develop a safety and health section to add to these personnel documents and to include in your overall safety and health program. While some small businesses do not rely on written job descriptions, we believe that written statements are preferable to oral assignments with respect to safety and health responsibilities. Carefully written documents:

• Remove any doubt about the responsibilities and authority of each position;

• Enhance communication and coordination among jobs;

• Aid in determining whether all responsibilities have been accounted for within the organization and whether new tasks and responsibilities should be assigned; and

• Aid in developing job performance objectives and establishing performance measurements.

REVIEW THE EXISTING ORGANIZATION

Within every business there are people who should be involved in carrying out the safety and health program. On a sheet of paper, list all the positions in your business. Use a separate sheet for each position. The worksheet below is an excellent tool to help develop position descriptions and related responsibilities:

WORKSHEET

All employees will be fully responsible for carrying out the provisions of our safety and health policy that pertain to operations under their jurisdiction. The responsibilities listed below are out minimum expectations. We encourage individual initiatives to curb losses.

JOB TITLE:

GENERAL STATEMENT:

LIMITS OF AUTHORITY AND RESOURCES (Expenditures, reporting, authority to shut down equipment):

-

THE EMPLOYEE WILL BE RESPONSIBLE FOR AND HELD ACCOUNTABLE FOR:

-

DETERMINE THE SAFETY AND HEALTH ROLE OF EACH POSITION

What role do you want each position or group of positions to play in your safety and health program? What level of authority will the person holding this position need? Write a general statement will correspond to the first three entries on the worksheet above.

While authority is built into managerial and supervisory positions, you may want to make changes specifically relating to your safety and health program. If so, be sure you clearly state the scope of authority by showing supervisory relationships, the amount of money the position holder can spend or any other measures that describe what a person in this position can do without obtaining further approval. At this stage do not attempt to describe in detail each job’s specific safety and health tasks. Here are some examples of safety and health roles:

• The Owner: establishes and provides the leadership and resources for carrying out the stated company safety and health policy.

• Managers and Supervisors: maintain safe and healthful working conditions within their respective jurisdictions.

• Employees: exercise care within their work to prevent injuries to themselves and to their co-workers.

• Visitors, Vendors, Customers, and Subcontractors: comply with all safety and health regulations while on the premises.

The people with responsibility in the following areas may have some additional general duties:

• Safety: be fully responsible to the owner or manager for the direction and day-to-day operation of the safety and health policy.

• Engineering: ensure that all equipment that could affect the safety and health of employees is selected, installed and maintained in a way that eliminates or controls potential hazards.

• Purchasing: ensure that safety and health equipment and materials are purchased in a timely manner; and that new materials, parts and equipment are analyzed for potential hazards so that preventive measures or controls can be implemented; and that such materials, parts and equipment are obtained in accord with all applicable safety and health requirements.

DETERMINE AND ASSIGN SPECIFIC RESPONSIBILITIES

You have decided who should be involved in your safety and health program. Now you need to develop written statements that specify what each person must do to help you meet program goals. This corresponds to the last entry on the worksheet.

SAMPLE ASSIGNMENT OF SAFETY AND HEALTH RESPONSIBILITIES

Below are some suggested safety and health responsibilities of several categories of employee. This is appropriate wording for job descriptions. Which of these responsibilities fit into your program? At what authority level and to which specific positions within your business should these responsibilities be assigned.

PRESIDENT/OWNER/SITE MANAGER

* Establish a policy to hold the worksite in compliance with all applicable Federal or State standards and to provide safe and healthful work and working conditions for every person at the site.

* Provide the leadership and resources to carry out the stated company safety and health policy.

*Resolve conflicts of priority where safety and health are concerned.

* Set objectives and support safety and health personnel and employees in their requests for information, training, experts, facilities, tools, and equipment needed to conduct an effective program and to establish a safe and healthy workplace.

* Assign clear responsibility for the various aspects of the safety and health program. Ensure that employees with assigned responsibilities have adequate resources and authority to perform their duties.

* Hold accountable those employees (including managers and supervisors) with assigned responsibilities by checking to make sure they are meeting their responsibilities and by correcting or rewarding them, as appropriate.

* Evaluate the effectiveness of managers and supervisors in the safety and health program.

* Keep in touch with employees and the company's safety and health activities, assist in giving direction and authority for those activities, and visibly show your involvement.

* Set a good example by following safety and health rules and safe work practices.

* Require all vendors, customers, subcontractors and visitors to comply with the company safety and health policy.

* Thoroughly understand the hazards and potential hazards that employees may be exposed to at the worksite. Ensure that a comprehensive program of prevention and control is set up and operating.

* Provide a reliable system for employees to report to appropriate managers any conditions and situations that appear hazardous. Ensure that responses to such reports are appropriate and timely.

* Encourage employees to use the established hazard reporting system(s). Guarantee a strict prohibition of retribution for all employees, supervisors and managers who use the system(s).

* Establish an inspection system, including self-inspections, and review the results periodically to ensure proper and timely hazard correction.

* Establish a plant preventive maintenance program to ensure proper care and functioning of equipment and facilities.

* Review accident reports to keep informed of causes and trends.

* Provide a medical program, emergency response system and first aid facilities adequate for the size and hazards of the worksite.

* Require periodic drills to ensure that each employee knows what to do in case of an emergency.

* Establish training programs that improve the ability of all employees, including managers and supervisors, to recognize and understand hazards and to protect themselves and others.

SAFETY AND HEALTH DIRECTOR/COORDINATOR

* Maintain safety and health expertise through training, reading, conferences and use of outside experts.

* Keep informed of and be able to interpret laws and standards dealing with employee risk reduction in this industry and illness and injury recordkeeping requirements.

* Act as the eyes, ears, and "conscience" of top management where employee safety and health are concerned.

* Keep top management advised of all significant safety and health developments, including the status and results of hazard evaluations, inspections, and accident investigations, and any serious problems or deficiencies in the overall safety and health program.

* Working with managers, supervisors, hourly employees and experts as needed, develop a complete inventory of hazards and potential hazards, and plan a program of prevention and control.

* Evaluate the effectiveness of the plant preventive maintenance program in ensuring a safe and healthful workplace.

* Conduct a hazard analysis that includes hazard detection and plans for prevention or control whenever new equipment, facilities or materials are designed, purchased or used, and whenever new processes are designed.

* Provide technical assistance and support to production supervisors and employees in their safety and health activities.

* Assist management to ensure that appropriate general plant safety and health rules are developed, communicated and understood.

* Assist in or oversee the development of a system for consistent and firm enforcement of the rules and safe work practices.

* Assist in or oversee the development for personal protection, industrial hygiene, safety and fire prevention.

* Inspect and/or assist in inspection of facilities to detect hazards that may have escaped established prevention and control mechanisms and to uncover any previously undetected hazards.

* Investigate or oversee investigation of employee reports of hazards. Respond to employee safety and health suggestions.

* Assist supervisors in investigating accidents and incidents such as property damage and near-misses.

* Provide technical assistance to employees in the performance of their duties under the safety and health program.

* Assist in developing and providing safety and health training to all employees so that they will understand the hazards of the workplace and their responsibility to protect themselves and others.

* Oversee, analyze and critique periodic emergency drills to improve worksite emergency readiness.

PLANT SUPERINTENDENT/DIVISION MANAGERS/DIRECTORS

* Provide the leadership and direction essential to maintain the safety and health policy as the fundamental priority in all operations.

* Hold all subordinate supervisors accountable for all assigned safety and health responsibilities, including their responsibility to ensure that employees under their direction comply with all safety and health policies, procedures and rules.

* Evaluate the safety and health performance of subordinate supervisors taking into account these indicators of good performance: low injury and illness experience; good housekeeping; a creative, cooperative involvement in safety and health activities; a positive approach to safety and health problems and solutions; and a willingness to implement recommendations of professionals.

* Ensure the safety of the physical plant including structural features, equipment and the working environment. Insist that a high level of housekeeping be maintained, that safe working procedures be established, and that employees follow these procedures and apply good judgment to the hazardous aspects of all tasks. Participate in regular inspections of the plant to observe safety and health conditions and to communicate with employees. Offer positive reinforcement and instruction during these tours, and require the correction of any hazards.

0* Actively participate in and support employee participation in safety and health program activities. Provide timely and appropriate follow-up to recommendations made by any employee (or joint labor-management) group operating under the safety and health program.

* Make certain that all new facilities, equipment, materials and processes are analyzed for potential hazards before completion of design or purchase, that all potential hazards are prevented or controlled before their introduction into the worksite, that tools and machinery are used as designed, and that all equipment is properly maintained.

* Ensure that job hazard analyses are conducted periodically for all jobs, with particular emphasis on tasks known to be dangerous, so that hazards can be uncovered and prevented or controlled.

* Make sure that employees know about and are encouraged to use systems for reporting hazards and making safety and health suggestions, that they are protected from harassment, that their input are genuinely considered, and that their ideas are adopted when helpful and feasible.

* Ensure that prompt corrective action is taken whenever and wherever hazards are recognized or unsafe acts are observed.

* Make sure that all hazardous tasks are covered by specific safe work procedures or rules to minimize injury.

* Provide all necessary safety and health equipment and protective devices, and make sure employees understand and use them properly.

* Ensure that all injured persons, regardless how minor the injuries, receive prompt and appropriate medical treatment.

* Ensure that all accidents and incidents are promptly reported, thoroughly investigated and properly recorded, and that safety award programs do not discourage reporting of any incident that must be recorded on the log.

* Keep abreast of accident and injury trends. Take proper corrective action, when needed, to reverse these trends.

* Ensure that all employees are physically qualified to perform their work.

* Make sure that all employees are trained and, when necessary, retrained to recognize and understand hazards and to follow safe work procedures for each hazardous job.

* Ensure that supervisors hold periodic safety and health meetings to review and analyze the causes of accidents/incidents and to promote free discussion of hazardous work problems and possible solutions.

* Use the safety director to help promote aggressive and effective safety and health programs.

* Help develop and implement emergency procedures. Make sure that all employees have opportunities to practice their emergency duties.

* Participate in safety and health program evaluation.

* Refer to corporate level conflicts between productivity and safety and health.

* Refer to corporate level major concerns and capital needs for safety and health.

SUPERVISORS

* Supervise and evaluate worker performance, including each worker's safety and health behavior and work methods.

* Encourage and actively support employee involvement in the safety and health program. Provide positive reinforcement and recognition to outstanding individual and group performance.

* Obtain and maintain up-to-date knowledge and skills required to detect safety and health violations and other hazards, such as improperly functioning machinery, tools, or equipment.

* Maintain good housekeeping in your work area.

* Ensure that the plant preventive maintenance program is being followed and that any repair and replacement needs found during those activities are tracked to completion.

* Conduct frequent inspections, using a checklist, to evaluate your area's physical conditions.

* Investigate accidents thoroughly to determine how hazards can be eliminated or controlled..

* Hold employees accountable for their safety and health responsibilities. Actively discourage short cuts. Consistently and fairly enforce safe work procedures and safety and health rules.

* Provide continuing on-the-job training in safe work procedures and the use and maintenance of personal protective equipment.

* Make sure each employee knows what to do in case of an emergency.

* Practice what you preach. Be thorough and conscientious in following the safe work procedures and safety and health rules that apply to the area.

* Refer to higher management any resource problems you cannot resolve.

EMPLOYEE RESPONSIBILITIES

* Learn the rules. Understand them, follow them and avoid short cuts.

* Review the safety and health educational material posed on bulletin boards and distributed to work areas. If you do not understand something, ask questions.

* Take personal responsibility for keeping yourself, your co-workers and equipment free from mishaps.

* Be certain that you completely understand instructions before starting work. Avoid taking short cuts through safe work procedures.

* Seek information on any hazardous chemicals you work with in order to understand their dangers and how to protect yourself.

* If you have any doubt about the safety and/or healthfulness of a task, stop and get instructions from your supervisor before continuing.

* If you have a suggestion for reducing safety and health risks, offer it. It is your responsibility to get involved.

* Take part in the employee participation system and support other employees in their assigned roles under the safety and health program.

* Make sure you understand exactly what your responsibilities are in emergency situations.

* Know how and where medical help can be obtained.

* Report all accidents and unsafe conditions and acts to your supervisor or use the system set up to allow reporting elsewhere.

When writing out responsibilities for non-supervisory employees, be careful not to confuse these responsibilities with specific work rules and safe work practices. A brief, general statement about the employee’s responsibility to understand and follow rules and safe work practices is more appropriate.

You should delegate the details for carrying out your safety and health program to the same people who are responsible for plant operations and production. In this way you build safety and health into the complete management system as firmly as production. Be sure that each assigned responsibility comes with the authority and resources needed to fulfill it.

COMMUNICATE WITH YOUR EMPLOYEES

After you have clarified the safety and health responsibilities of each position you must discuss this information to your employees. You may find it useful to combine all these written statements of safety and health responsibility into a single document. Then post it or circulate it to all employees involved. Discuss the job descriptions and responsibilities in face-to-face meetings with the employees who will be responsible for carrying out the program. Keep a copy of this document and periodically refer to it when meeting with employees for performance reviews.

SUMMARY

For your safety and health program to succeed you need to delegate responsibility to specific positions, departments and staff levels within your company. Follow these steps:

1. Review your existing structure.

2. Decide what part each job position should have within the overall safety and health program, and what authority and resources are needed to carry out this role.

3. Determine and assign safety and health responsibilities and write these responsibilities into each position’s job description.

4. Communicate with the employees involved by discussing the responsibilities and authority in face-to-face meetings and circulated documents.

___________________________________________________________________________________________

ACCOUNTABILITY

Source: Missouri Department of Labor and Industrial Relations

INTRODUCTION

Successful accountability, in the broad sense, occurs when appropriate behaviors are factually evaluated and result in effective consequences. When this approach to the concept is taken, effective consequences may be perceived by employees as positive or negative. Accountability, according to OSHA, refers primarily to perceived negative consequences generally considered administering some form of progressive discipline program.

You cannot NOT have a culture without consequences. Every response to a behavior or result is a consequences. The trick is to develop a culture of consequences that effectively balances perceived positive and negative consequences in such a manner that extremely high levels of compliance and voluntary participation occur.

Why develop a specific accountability program? Isn't accountability inherent in any organization that hires and fires people, gives them raises, bonuses, and promotions?

An example may help explain the importance and purpose of accountability. Imagine a sports organization with an owner, manager, coach and team of players. Each person has specific tasks and responsibilities that are critical to the overall success of the team.

A system of accountability ensures that each person on the team fulfills his or her responsibilities. When players fail to show up for practice with no reasonable cause they are fined. If they perform poorly, for whatever reason, they fail to make the starting lineup. Player contracts reflect trends in poor performance or relative value to the team, thus creating a form of personal accountability for performance. We have all heard of coaches and managers fired at the end -- sometimes even in the middle -- of a season. The potential for dismissal creates a very real sense of personal accountability among coaches and managers. For owners, considerations of profit and loss are powerful motivators to do the job well. Reputation and public approval are strong motivators for all team members.

One readily can see how important an accountability system is for a sports club, and the purposes this system serves. Business also involves owners, managers, coaches (or supervisors), and players (the general staff). Each person on the team has his or her area of responsibility. Unfortunately, these areas are not always clearly defined, particularly in a small business. The organization's members may not understand that each person must perform at top efficiency in order to create a successful team.

Often the owner also functions as manager and supervisor. Supervisors are sometimes asked to double as managers or production workers as needs arise. These kinds of flexible and undefined (yet often necessary) organizational structures in a small business can lead to breakdowns in accountability. As new responsibilities and business initiatives are created, they are not always accompanied by additional personnel, and existing programs may suffer.

In large businesses, responsibilities frequently are so complex that some get neglected. Accountability also breaks down when responsibilities are assigned but the needed authority or resources are not provided.

The purpose of an accountability program is to help all team members understand how critical their performance is and to teach them to take personal responsibility for their performance. In the present context, accountability ensures that your safety and health program is not just a "paper tiger" with no real power to win its objectives. The following steps will help you ensure safety and health accountability.

SET A CLEAR GOALS AND ASSIGN RESPONSIBILITIES

Before you can hold people accountable for their actions you must be sure they know what is expected of them. They must have goals set for their personal performance.

Individual goals for safety and health stem from the overall company goal. By working with these guides you will have established your company’s broad safety and health goal, the objectives leading to that goal, and a set of job descriptions with clearly delineated safety and health responsibilities.

The next step is to set individual performance objectives for employees with assigned safety and health responsibilities. These objectives must be understandable, measurable, and achievable. It is your job to clearly establish who is responsible for performing specific tasks. Check your assignments of responsibility to make sure that they specify who does what, and that they are reasonably attainable. Where objectives are unclear, the ball can easily get dropped, and it will be hard to determine whose performance is lacking.

When you assign responsibilities to individuals, it is essential that you also delegate the necessary authority and/or commit sufficient resources. Few things can be more demoralizing to a conscientious employee than being given an assignment without the means necessary to carry it out. By providing the means you will be helping to ensure the accomplishing of objectives.

SET INDIVIDUAL OBJECTIVES FOR ACCOUNTABILITY SYSTEMS

Objectives for individuals should be based upon performance measures. These are indicators that tell you whether the person did or did not perform as expected. The following considerations will help you set reasonable objectives:

• Aim your objectives at specific areas of performance that can be measured or verified. "Improve safety and health performance in my department next month," is too general an objective to be useful. A better objective would be, "Reduce first aid injuries by 10 percent next month." Even more measurable are those objectives over which the manager or supervisor has complete control, such as, "Hold 30 minute safety meetings for all employees in my division every Monday morning."

• Objectives should be realistic and attainable but also should represent a significant challenge.

o Appropriate authority is necessary. Example: A safety director’s objective to improve the safety and health record in the Press Department is not directly attainable, because achievement is dependent on the performance of the Press Department supervisor and the workers supervised. An objective to determine specific classroom safety and health training needs, locate or develop the training, and notify managers of its availability is within the bounds of the safety director’s authority and, therefore, is achievable.

o Appropriate training is necessary. Example: A supervisor's objective is to investigate all accidents and near-misses that occur in his/her area and ensure future prevention. This objective may be unattainable if the supervisor has not received training in accident/incident investigation techniques and hazard recognition. The supervisor also may need training in and access to appropriate hazard correction technology.

o Adequate resources must be available. Example: A maintenance manager's objective is, "Ensure that all machinery is safe to operate." That objective will be unattainable without an adequate budget for replacement parts and capital improvements. Likewise, if the manager is held accountable for a clean area at the end of each shift, but is not given enough staff to complete all tasks and also finish the clean-up, an objective of clear aisles and work areas at shift's end will be unrealistic and probably unattainable.

• Objectives need to be understood by all concerned parties. Use clear, understandable language that leaves no doubt about what someone is supposed to do. Example: An objective is, "Investigate accidents to determine multiple causation." This may be unclear to a supervisor. "Investigate accidents to determine all causes, and take corrective action within 24 hours of the accident," is a clearer, more specific objective.

• Objectives should be agreed to by those with responsibility for achieving them. Even when you and your supervisors agree on most issues, you should discuss with them their safety and health performance objectives and secure their agreement or cooperation.

WRITE OBJECTIVES

Write each objective. State in specific terms what is to be achieved and to what degree. Include a deadline for accomplishing the objective. Try to keep the objective concrete and measurable. At a later time, you will need to be able to determine whether the objective has been achieved.

The very act of writing will help you clarify your meaning and intent. When questions arise, there will be a document to which you and others can refer. The existence of this document will signal that you are serious about meeting the objective. Examples:

• Conduct weekly inspections of my department with emphasis on housekeeping, personal protective equipment, preventive maintenance, and the wear and tear of critical machine parts.

• Determine the causes of any accident occurring in the department, and take corrective action within 24 hours.

• Track to elimination all hazards identified through employee reports of hazards, accident/incident investigations and weekly planned inspections.

• Complete one job safety analysis each month for the department.

Give a copy of the performance objectives to the employee for whom they were written. Refer to these objectives in future performance discussions with this employee.

REVIEW OBJECTIVES

Periodically review the performance objectives to make sure you are getting the desired performance and results. For instance, if a supervisor meets the objectives, but the department continues to have too many accidents, too many close calls, or no improvement in conditions, then the objectives need to be revised.

Performance evaluation can be oral, written, or both. An effective evaluation will include the following critical elements:

• It should be performed at specified intervals. If performance evaluation is new to your business, short intervals will be helpful in the beginning. Unacceptable performance can be spotted and changed quickly. As your employees become accustomed to working toward defined performance objectives, the intervals between evaluations can be lengthened. The evaluation can become an opportunity to provide encouragement and refresher training.

• The evaluation always should be performed against a backdrop of previously defined objectives (as discussed above). There should be no surprises to the person being evaluated regarding what was expected. Should problems develop, it may be necessary to modify the objectives to ensure that they are understandable, measurable, and achievable. You may decide that your employee needs a more careful explanation of what is expected and possibly some additional training.

• Ideally, the evaluation can be an opportunity for the evaluator and the person being evaluated to explore ways of improving both the system and the performance of the individual. Negative attitudes, such as refusal to listen to one another, animosity, blaming one another, or fear and intimidation serve only to limit the evaluation's usefulness.

• The goal of the evaluation session should be to encourage personal responsibility and the individual's efforts toward improving the performance of the team. Give positive reinforcement for a job well done. This can range from verbal expressions of gratitude or commendation to more tangible rewards such as bonuses, awards, raises, etc.

• Both parties must be able to come to some agreement on needed changes in objectives or performance. If the evaluation determines that performance did not meet expectations, some changes must be made. Sometimes the required changes will be obvious. In other cases, you may need to carefully explore the reasons for the objective's not being met and possible solutions. Perhaps the wrong person was assigned a particular responsibility. A simple change in assignments may alleviate the problem. Perhaps the level of authority of the assigned person needs to be increased. The objectives themselves may need to be modified and employees helped to develop capabilities that they do not possess presently (and for which they should not, therefore, be held accountable).

• The agreed upon changes must be incorporated into the already existing performance objectives. Many evaluation systems break down when managers fail to incorporate and implement changes.

• There must be a point where some predetermined consequences for poor performance begins.

Some task monitoring may be necessary to support the performance evaluation. For example, you may need to monitor a supervisor’s accident investigations after each accident until it is clear that the supervisor has developed the necessary skills. This task monitoring can form the substance of later performance evaluations.

Keep in mind that the complexity and formality of your evaluations should be in keeping with the rest of your safety and health program.

SET CONSEQUENCES FOR FAILURE TO PERFORM ADEQUATELY

At first, as the employee learns new skills and changes behavior patterns, there should be minimal or no consequences for poor performance. Instead, use positive reinforcement during this initial phase of performance evaluation to encourage your employee's natural desire to do well and to be recognized.

Although the goal of any accountability program should be to develop a sense of personal accountability for actions, individuals often need to know there are negative consequences for poor performance. Consequences reinforce the importance of meeting objectives. Be sure that supervisors and managers understand when the consequence will occur. There should be no surprises.

It is useful to make a list of the kinds of violations that are considered major or serious and a second list of other types of behavior that, while not as serious, are still not acceptable. The following suggested rules can be starting point.

Major Offenses:

• Failure to follow rules use of company equipment or materials

• Horseplay in work areas or otherwise creating unsafe conditions

• Tampering with machine safeguards or removing machine tags or locks

• Not wearing required PPE

• Provoking or engaging in an act of violence against another person on company property

• Using or being under the influence of alcohol or illegal drugs on the job

• Major traffic violations while using a company vehicle, and

• Other major violations of company rules or policies

General Offenses:

• Minor traffic violations while company vehicles

• Creating unsafe or unsanitary conditions or poor housekeeping habits

• Threatening an act of violence against another person while on company property

• Misrepresentation of facts or falsification of company records

• Unauthorized use of company property

• Other violations of company policy and rules

Link each type of offense to a structured procedure f or corrective action. Your goal is to make sure that the corrective action is appropriate to the seriousness of the violation; that employees are given the opportunity to correct their own behavior; and that the system is workable, and consequently, used and useful.

|Written Warning |No safety glasses |

| |Horseplay |

| |Unsafe work habits |

| |Violation of other safety or health rule or regulation |

|Suspension |Three or more safety or health violations of the same type |

| |General overall record of unsafe practices |

| |Refusal to follow safety and health guidelines or instructions |

|Termination |Excessive and repeated safety and/or health violations |

| |Purposely ignoring safety and/or health rules |

| |Unsafe actions that seriously jeopardize the safety or health of others |

| |General disregard for safety and health of self and others |

Safe Work Practices

Some of these practices are very general in their applicability. They include housekeeping activities such as:

• Removal of tripping, blocking, and slipping hazards;

• Removal of accumulated toxic dust on surfaces; and

• Wetting down surfaces to keep toxic dust out of the air.

Consequences need to be appropriate to the situation. Firing a supervisor for the first poorly conducted accident investigation is an obvious example of overreacting to a problem. Gradually, though, the consequences of poor performance should be increased to some specified maximum severity.

DISCIPLINARY SYSTEM WORKSHEET

The nature and severity of disciplinary action should be appropriate for the seriousness and frequency of the violation. Below are a series of questions designed to help you develop a disciplinary system that best meets the needs of your workplace. You already may have addressed the first two areas when you developed safe work practices for various jobs. If you have not yet developed these practices, it makes sense to do so before developing a disciplinary system. Other workplace problems, such as attendance and attitude, are equally important but are not addressed here.

1. Operations. What key operation(s) occur at your workplace? What equipment is used? By whom? What materials are used, and by whom? Are there any hazards associated with the use of the equipment or the materials?

2. Practices and Procedures. What are the key types of jobs at your workplace? What do most people do in the course of their work? What is the most efficient way for them to perform their jobs? What is the safest way for them to perform their jobs? (Note: You will need to perform a job hazard analysis to properly answer this. For information, see OSHA Publication 3071 (Revised 1992), "Job Hazard Analysis."

3. Problems. What would happen if a job or a procedure were not done safely? Exactly what would happen if an employee performed in an unsafe or unhealthful manner? What would happen if all employees did the same thing? How serious would the consequences be? Would the unsafe action or behavior affect just one employee, or all employees?

4. Correction. For each type of safety and health violation you have identified, what kind of corrective action seems appropriate? What would you do for a second offense, or for repeated violations of the same rule? Should warnings be oral or written? How long a suspension is warranted for what type of violation? Are there any actions that should automatically result in termination?

For this last stage in developing your disciplinary system, you may find it helpful to develop a grid, like the one on the next page, to identify corrective actions for different kinds of violations and repetitions.

|VIOLATION |FIRST OFFENSE |SECOND OFFENSE |REPEATED VIOLATION |

|Unsafe work habits | | | |

|Refusal to follow safety | | | |

|instructions | | | |

|Unsafe actions that | | | |

|jeopardize self and others | | | |

You can experiment with a variety of consequences as long as your employees are fully informed of your intentions. See sample progressive disciplinary systems below:

EXAMPLES OF SEVERAL-STEP DISCIPLINARY SYSTEMS

Most disciplinary systems use corrective procedures that involve three, four or five steps. These are described briefly below.

THREE STEP SYSTEM

|First Violation |Written warning; copies to employee and employee’s file. |

|Second Violation |Written warning; suspension without pay for 1/2 or full day. |

|Third Violation |Written report for file and immediate termination. |

FOUR STEP SYSTEM

|First Violation |Oral warning; notation for personnel file. |

|Second Violation |Written warning; copy for file or Personnel office. |

|Third Violation |Written warning; 1 day's suspension without pay. |

|Fourth Violation |Written warning and 1 week's suspension or termination if warranted. |

FIVE STEP SYSTEM

|First Violation |Instruction/discussion concerning violation, proper procedures and the hazards |

| |they control; notation for supervisor’s file. |

|Second Violation |Re-instruction with notation in the employee’s personnel file. |

|Third Violation |Written warning describing the violation and actions that will be taken if it |

| |recurs. |

|Fourth Violation |Final warning; may include suspension. |

|Fifth Violation |Discharge |

NOTE: The use of these corrective procedures obviously will vary with the nature of the problem and the frequency with which it occurs. Violations of company rules generally are considered more serious than other employee behavior problems, but all require correction. Keep in mind -- and tell your employees -- that your primary goal is to prevent accidents by controlling unsafe acts and conditions.

You may eventually conclude that the individual is not capable of handling the assigned responsibilities. Sufficient training and nurturing through the accountability system have been documented, and poor performance continues. At this point, the reason for the problem (inadequate capabilities, improper attitudes, etc.) should not be the issue. The maximum degree of consequence must be enforced. Otherwise, other employees will conclude that consequences are not to be taken seriously or do not apply equally to everyone. This belief among employees will destroy any chance for an effective accountability program.

SUMMARY

An accountability system is essential if all the hard work and effort you spent in developing a safety and health program is not to be lost. However, there is more to an accountability program than enforcing punishment for “bad” employees (including managers and supervisors). The accountability program aims to methodically teach your managers and supervisors to take personal responsibility for their actions and the subsequent effect of these actions on the team. This is achieved by:

• Clearly defining expected performance in written performance objectives;

• Periodically evaluating this performance jointly with individual employee;

• Allowing your employees the freedom to learn and develop in a positive, non-threatening atmosphere; and.

• Enforcing negative consequences only when training and nurturing have not been effective.

Your employees deserve to have a clear understanding of the nature, severity and timetable of consequences. The interaction between employer and employees provided by an effective accountability program allows your employees to choose for themselves: they can change their performance, they can attempt to change but ultimately acknowledge an inability to perform adequately, or they can choose to ignore your expectations and endure the consequences.

__________________________________________________________________________________________

DETERMINING THE DIRECTION OF YOUR PROGRAM: ESTABLISHING POLICY, GOAL AND OBJECTIVES

Source: Missouri Department of Labor and Industrial Relations

When you embark on a journey you usually have a reason for going, a destination and a specific plan for reason for going, a destination and a specific plan for reaching your destination. Similarly, when planning a safety and health program, you first decide and put in writing your reason for establishing such a program. This is your policy. Next you decide where you want to end up. This is your goal. Then you map out the path toward your goal, the roads you will take and the vehicles you will use. These are your objectives. In this way you decide the direction of your program.

This chapter will help you begin your journey by explaining how to write and communicate your safety and health policy, and how to set and evaluate your goal and objectives. You will find many examples and worksheets to help you on your way.

POLICY

The hallmark of every successful safety and health program is top management’s active and aggressive commitment. This commitment, in turn, influences the actions of the company’s managers, supervisors and employees. It ultimately decides the effectiveness of the safety and health program in reducing or eliminating workplace injuries and illnesses.

The company states its commitment through a written and clearly communicated policy for workplace safety and health. This policy stresses the top priority of employee safety and health. The policy statement should be signed by the highest ranking company official on the site.

THE PRIORITY OF SAFETY AND HEALTH

A truly successful company places workplace safety and health ahead of such priorities as production, sales and quality control. If your policy statement makes this clear, it will be easier for employees to choose the correct action when a conflict arises between safety and health and other priorities. Here are some examples of policy statements that convey this belief:

"People are our most important resource. Our company’s principal responsibility is the safety and health of our employee."

"Every employee is entitled to a safe and healthful place in which to work."

"No job is so important is can’t be done in a safe and healthful manner."

"If it is not safe and healthful, we will not do it."

COMMUNICATING YOUR POLICY

To be effective, it is critical that your safety and health policy be communicated to all employees. You communicate your policy by word, action and example.

Communicate by Word. A new employee starts learning about the company’s attitude toward safety and health from day one. By discussing job hazards and providing training in safe work procedures, both one-on-one and in group meetings, you tell the employee that safety and health have a high priority in your company. The supervisor’s continuing emphasis on safety and health reinforces this positive company attitude.

In the smallest of companies, the safety and health policy may be easily explained and understood through spoken statements. However, for all companies, a carefully written policy statement is always recommended. A written statement:

• Clarifies policy,

• Creates consistency and continuity,

• Serves as a checkpoint whenever safety and health appear to conflict with production or other priorities, and

• Supports your supervisors in their enforcement of safety and health rules and safe work practices.

You will want to include the written statement in the information you give new employees. Be sure to post a signed policy statement on employee information bulletin boards. Another eye catching way you can communicate your safety and health policy is by your company letterhead.

Keep in mind that the written statement is not the policy. It is simply one way of communicating the policy. The real policy is your attitude toward your employees’ safety and health. You demonstrate this attitude by your actions.

Communicate by Action. What you do -- or fail to do -- speaks louder than what you say. Demonstrate your concern for your employees’ safety and health by committing resources to the prevention and control of unsafe or unhealthy work or working conditions, to safe work practices and personal protective equipment (PPE) where needed, and to safety and health training. Whenever you demonstrate a willingness to put safety and health before short-term production goals, your actions forcefully and clearly proclaim your policy.

Communicate by Example. Top management, middle managers and supervisors express the company’s attitude toward workplace safety and health by their daily example. The rules and regulations that you post on bulletin boards and discuss at meetings are useless if management does not follow and enforce them. Set an example: Use PPE properly. Operate equipment safely. Hold supervisors accountable for their safety and health responsibilities. Run your business in a safe and healthful manner.

• Use PPE properly.

• Operate equipment safely.

• Hold supervisors accountable for their safety and health responsibilities.

• Run your business in a safe and healthful manner.

GOAL

By setting a safety and health policy, you have decided the reason for your journey: to establish an effective safety and health program. Now you must choose your destination, the point toward which your program strives. It is time to identify and set your program goal.

The policy statements discussed above all boil down to the same concept of desiring to provide work and working conditions that are not harmful to your employees. This is in keeping with the stated purpose of the Occupational Safety and Health Act of 9170 [29 U.S.C. 651 et seq.], "to assure so far as possible...safe and healthful working conditions" and to require that each employer "furnish to each of his employees employment and a place of employment which are free from recognized hazard..." and the Act's requirement that each employer "...furnish to each of his employees employment and a place of employment which are free from recognized hazards...."

You may want to consider at least two basic types of goals: numerical and descriptive.

Numerical Goal. Numerical Goals have the advantage of being easy to measure. However, it is difficult to set a numerical goal that is both attainable and comprehensive enough to serve as destination for your journey.

• If you set a goal, for example, of zero hazards at any time, it may be so difficult to reach that you and your employees will become disillusioned long before you have a chance to reach your destination.

• You could set a goal of a certain number of injuries. In doing so, however, you ignore both illnesses and those existing hazards that have not yet resulted in an injury.

• A goal of a certain number of injuries and illnesses may not be feasible. Illnesses often are difficult to recognize until long after employees’ exposure to hazards that could have been prevented or better controlled. And as with the example above, this goal does not address hazards that have not yet resulted in injury or illness.

Descriptive Goal.

No numerical goal can be sufficiently inclusive and still attainable. Therefore, OSHA recommends that you adopt a broad, descriptive safety and health goal: A comprehensive program that assesses all existing and known potential hazards of your worksite and prevents or controls these hazards. Such a goal is neither as succinct nor as easily measurable as a numerical goal. But it is attainable. Further, this goal will be helpful in setting objectives. And it should not be difficult to evaluate objectives and program results against this goal.

You may find another way of stating this concept. But OSHA urges you to stay with this basic idea.

OBJECTIVES

You have established the reason behind your journey (policy) and your desired destination (goal). Now you are ready to decide on a travel route. The specific paths you will follow in your journey are your objectives. Setting objectives will make the difference between a haphazard trip and a carefully planned journey. Careful planning is much more likely to get you where you want to be.

Where Are You Now? Before figuring out how to get from point A to point B, it helps to have a clear idea of the location of point A. This may seem absurdly obvious; but most of us, at one time or another, have jumped into a new project or taken off in a new direction without first assessing our present situation. Now is the time to gather as much information as possible about the current conditions at your workplace and about practices that are already a part of your safety and health program.

Is Your Safety and Health Program Complete? At a minimum, your program should reflect these four basic elements:

• Management Leadership and Employee Involvement,

• Worksite Analysis,

• Hazard Prevention and Control, and

• Safety and Health Training.

Get Everyone Involved. Here is an opportunity to get employees involved. Ask employees and supervisors to help you identify both the successful and unsuccessful parts of your program. Take a look at existing safety and health activities at your workplace. Which ones work well and which do not? Study your records (accidents, injury or illness data, workers' compensation rates) to see what they tell you.

Take a Good Look at Your Physical Surroundings. What obvious physical conditions currently exist that indicate OSHA violations or other hazards? In answering this question, you are beginning to identify your workplaces’ problems and look ahead to the solution. If you come up with an excessive number of physical problems, get these fixed before your attempt to set objectives. Not only are you vulnerable to an OSHA inspection, you are also putting your employees at risk. Further, those safety and health problems that are obvious to you are undoubtedly obvious to your employees. Correct the problems and you demonstrate your interest in their safety and health.

What Must be Done to Get From Here to There.

Now that you know here you stand, what do you need to get done? This is another opportunity to get employees involved in the development of your program. Allow them to participate in setting program objectives. Involvement helps create an atmosphere of acceptance and commitment to the safety and health effort.

Objectives are statements of results or performance. They are short-term, positive steps along the way to your company's goal. Workplace objectives for safety and health are similar to those you set for other business functions such as sales or production. They identify WHAT? WHEN? and HOW MUCH? They do not include a justification for why they should be done; such justification properly belongs in your policy statement. Nor do they contain a description of how they should be accomplished; those details belong in your action plan.

Identify Your Objectives. Anything can become an objective -- from creating a safety and health committee to investigating accidents to developing an orientation program for new employees. You must decide which activities are most important to your program goal and which will help you create an effective overall safety and health program. The objectives you select should be consistent with your basic safety and health policy. And they should be part of the normal business of your company, rather then special projects added on to the normal workload.

Set Your Objectives. Objectives should be based on performance measures, that is, indicators that tell you whether you did or did not perform as expected. When setting objectives, keep the following points in mind:

• Objectives should relate to some part of your overall goal. Example: "Develop and carry out a program to train and license fork lift truck drivers." This objective relates to the part of your goal to ensure that all employees understand the hazards and potential hazards of their work and how to protect themselves and others.

• Objectives should aim at specific areas of performance that can be measured or verified. Example: "Improve safety and health performance next month," is too general an objective to be useful. Better to say, "Make weekly inspections and make certain all hazards found are corrected within 24 hours."

• Objectives should be realistic and attainable, but should still present a significant challenge. Example: "Reduce recordable injuries in the upcoming year by 100 percent." This objective may be unattainable because of the extent and complexity of the measures needed to prevent all injuries. An objective well beyond reach can soon create a defeatist attitude among all those working toward its achievement. On the other hand, "Reduce recordable injuries by 5 percent in the next year," can destroy employee interest by presenting too small a challenge. To set a realistic injury reduction goal, examine your pattern of injury rates for the last 3 years, and set a goal related to improving the best point in that pattern. For example, if you had injury rates of 5.8, 5.6, and 5.7 for the past 3 years, your goal for the next year could be, "Reduce recordable injury rate to 5.0." But always remember that the Occupational Safety and Health Act was passed "to prevent the first accident," and strive to eliminate all injuries and illnesses from your workplace.

• When setting objectives, solicit input from as wide a range of employees as practical. Your ideas already may strongly influence your supervisors. Nonetheless, you will find that safety and health objectives are most effective when you discuss them beforehand with your supervisors or employees. At the least, secure their agreement or cooperation. People who feel they have helped set an objective will be most motivated to achieve that objective.

• Objectives should be understood by all those directly involved. Use terms that have a clear meaning to all concerned supervisors and employees. Leave no doubt about what is to be accomplished. Example: "Determine the cause(s) of all accidents and incidents," may be too abstract to be understood (and therefore accomplished) by those with responsibility. Be clear and specific: "Investigate all accidents and incidents at once to determine all contributing causes, and take corrective action within 24 hours of completing the investigation."

• Objectives need to be achievable with available resources. An objective that requires a large outlay of money or an increase in staff during a budget crunch probably won’t be achieved. Setting such an objective is a waste of time and effort. However, you need not discard this objective. Postpone it. For the present, create an intermediate objective of working to produce the needed resources. Remember, you travel toward your goal one step at a time. The objective you achieve this year may enable you to tackle a larger objective next year.

Write Your Objectives. Put each objective in writing. That gives it more importance. It also helps you track your position at any time and thereby determine how far along you are in accomplishing the assignment.

Spell out in concrete terms what is to be achieved, to what degree, and by when. Be very specific in your wording, and focus on performance. You may also want to include a statement indicating the maximum amount of time or money available to accomplish the objective.

Here are some examples of safety and health program objectives:

• Conduct weekly inspections with emphasis on good housekeeping, proper use of protective equipment, condition of critical parts of equipment and preventive maintenance.

• Determine the cause(s) of any accident within 24 hours.

• Create a written system for documenting all accidents and near-misses and all subsequent investigations and corrective actions.

• Eliminate any hazard(s) identified during accident investigations and weekly planned inspections within 24 hours whenever possible.

• Complete one job safety analysis each month in each department, with follow-up revision of safe work procedures and employee training by the following month.

• Hold and evaluate emergency drills for tornadoes (where appropriate) every 6 months and a joint fire drill/evacuation with local emergency organizations every year.

Keep copies of the written objectives and use them in discussions with your supervisors and employees. Be sure your people understand their assigned responsibilities. Stress that they will beheld personally accountable for these responsibilities.

Develop an action plan. Actually, at this stage you're already well along in the process of assessing your current situation, identifying safety and health program elements that are either lacking or in need of improvement, and formulating objectives that address your program's needs. Your action plan should address:

• What activities will be undertaken;

• Who has responsibility;

• When the action realistically should be accomplished;

• What resources are needed, for example, people, time, dollars, equipment; and

• How the action will be tracked and evaluated.

The development of your action plan presents another opportunity for employee involvement. Managers and other employees can play an important role in mapping out the details they will be expected to accomplish.

Is It Working?

Review your objectives periodically.

• Are you getting the desired performance from supervisors and employees?

• Are objectives being achieved?

• Are the results moving you toward your goal?

Any program or activity in which you invest time and resources on a continuing basis should prove its worth. If an objective has been achieved, but there continue to be too many injuries, too many close calls, too many unsafe acts, or no improvement in conditions, then different or additional objectives are needed.

SUMMARY

Your safety and health program deserves to be carefully thought out and directed. The first step is to write and communicate your safety and health policy. The first step is to write and communicate your safety and health policy. This states your reasons for the program and your commitment to the health and safety of your employees. You express this policy by word (both spoken and written), by action and by example.

The second step is to set and communicate a goal for your program. This is like choosing the destination for a journey. It requires a determination of where you want to be. Your goal can be expressed either numerically or descriptively. There are advantages and difficulties with both, but OSHA has found that a comprehensive and yet attainable goal is most likely to be descriptive. OSHA recommends the following goal:

A comprehensive program to assess all existing hazards and known potential hazards of the workplace and to prevent or control those hazards.

The third step in determining the direction of your safety and health program is to map out your route by setting program objectives. To do this, you first need to know where you are: take a close look at the current state of your safety and health program and your workplace. What more is needed to protect your workers’ safety and health?

The objectives that you formulate, and the steps that you choose to take to accomplish these objectives, should be specific, measurable actions that move you toward your goal. They must be attainable and yet challenging. Use the clearest possible wording, so that your supervisors and employees understand their responsibility and accountability. Once your program is set in motion, periodically review your objectives and the action plan designed to help you implement them. Is everyone performing as expected? Are the results being achieved worth the time and resources being expended? Are you moving closer to your goal?

The success of this effort depends on the commitment of top management and the participation of your workforce. Involve your supervisors and employees in the setting of program objectives and the development of an action plan. The greater their involvement in mapping the route to safety and health, the greater will be their acceptance of the challenges and responsibilities of the journey.

____________________________________________________________________________________________

ASSESSING SAFETY & HEALTH MANAGEMENT PROGRAMS

Source: Onsite Safety & Health Consultation Program, Industrial Services Division, Illinois Department of Commerce & Community Affairs

Leadership and Involvement

Leadership is looked upon as the outside influence that shapes corporate culture. Management should provide leadership that encourages workers within an organization to participate in the programs offered by the company, in this case, the safety and health program. The elements of a safety and health program can be broken into the following components:

• A safety policy written and communicated to all employees.

• A goal established and objectives developed.

• Responsibilities are assigned.

• Top management provides visible leadership.

• Employees are involved and actively participate in the program.

• Employees have the authority and resources to do the task.

• Employees are held accountable for results.

• The program results are evaluated and changes made for continuous improvement.

Policy Statements

A clear worksite safety and health policy allows employees to understand the importance of safety and health protection in relation to other organizational values such as quality and efficiency. Safety and health need to be corporate objectives, similar to sales and profits. Reducing compensation costs does have an immediate and extensive effect on the bottom line.

Policy statements signed by top management show that endorsement of the policy is from the top. A concern shown by top management for safety makes it easier for supervisors to carry out and enforce company policy, for the company to promote safe and healthful work practices, for employees to observe the stated policy, to purchase equipment that has been designed with safety features, and to maintain and repair equipment according to good engineering control and safety practices. DO:

• Develop a formal written policy statement in which the company declares its intent to provide a safe and healthful place of employment, which is signed by the business owner or other chief executive officer.

• Hold a meeting with all employees to communicate your safety and health policy and discuss your objectives for safety and health for the rest of the year.

• Post your policy and allow employees time to read and understand it.

• Ensure that newly hired employees are impressed during their orientation with the idea that safety is an important part of their job.

Goals and Objectives

You make your general safety and health policy specific by establishing a clear goal and objectives. These set the framework for assigning responsibility. Once a policy is developed, management should set a goal for safety and health, and then build objectives that will allow employees to reach the goal. The goal should be a realistic one, so as not to discourage employees from striving for the goal.

Once the goal is established, you can now set objectives and assign responsibilities. Set objectives based on performance measures and get others involved in establishing the objectives. Each employee should be able to see his or her work activities moving toward the goal, thus allowing them to meet the objectives.

• Establish a numeric or descriptive goal to make your policy specific.

• Identify objectives that are most important to your program goal which help you create an effective program.

• Set objectives based on indicators, which tell you whether you did, or did not perform as expected.

• Assign a person to carry out the activity indicated in the objective.

• Discuss the goal and objectives with all employees through meetings, letters or postings.

Assigning Responsibility

Everyone should have some responsibility for safety and health in the workplace. It should be clearly understood by all employees what their responsibilities are in the workplace, and what discipline will be forthcoming if failure to carry out these responsibilities should occur. The employer should try to base responsibility on the goal and set objectives. This way everyone knows what the goal is, and will try to meet the objectives that were set. Put responsibilities in writing and specify responsible parties. Giving people responsibility and accountability for their actions instills a sense of pride, which will carry over in terms of wanting to have a good performance record.

• Make clear assignments of responsibility for every element of the program you develop. Make certain that everyone understands them.

• Ensure through a periodic audit that safety responsibilities are known and are being carried out.

• Include safety responsibilities in the periodic employee review.

• Hold all employees accountable for results.

• Develop a positive way to reward good safety performance.

Commitment and Leadership

If it is perceived by employees that management fully supports and abides by the safety and health program, they are more likely to emphasize safety and health in their own work habits. Employees follow management's lead.

• Make sure that support from the top is visible by taking an active part in the safety and health program.

• Personally review all inspection and accident reports to ensure follow-up when needed.

• Ensure that all managers and supervisors follow all safety requirements that employees must follow, even if they are only in the area briefly.

• Stop infractions of safety rules or work procedures you might notice; personally stop hazardous conditions or activities.

• Hold managers, supervisors and employees accountable for their actions.

• Take charge by letting it be known that safety and health are high priorities in your company.

• Reward good performance.

• Listen to employee concerns and correct deficiencies.

• Be "visible" to employees by making periodic walk-throughs.

Employee Involvement

Get employees involved. Decide what employee involvement means to you (i.e. asking for input before management decisions are made; or sharing the decision-making responsibility; or allowing employees to make decisions) and communicate this to employees.

The best worker safety and health protection occurs where everyone at the worksite shares responsibility for protection. This does not take the responsibility of the safety and health of the worker from the employer.

Management should encourage employees to have real input into the total safety program for a variety of reasons: employees often know best; it promotes high morale; and it indicates that the management cares. Employees should be encouraged to make suggestions that will decrease the danger of accidents to themselves and their fellow employees and reduce risks o f damage to equipment and materials. Involving employees in developing their workplace safety and health program is a good way to obtain buy-in for the program.

• Decide the extent of employee involvement and communicate to employees.

• Tell your employees what you expect of them.

• Promote employee involvement through safety committees or other advisory groups.

• Give employees adequate training and resources for the job expected of them.

• Require that departments use employees to develop safe work procedures for new tasks and processes.

• Provide a procedure for employees to report hazards.

• Ensure that employees are given a response to their safety concerns.

• Make sure coworkers hear about it when other employees' ideas are successful.

Authority and Resources

Any realistic assignment of responsibility must be accompanied by needed authority and resources. When an employee is given the responsibility to do something, the resources and authority to complete the task should be accompanying. As employees within the organization grow, they will take on more responsibility if they feel management is backing them. The employer should provide all the tools necessary for the employee to be successful at his or her task. As an example, safety equipment, meetings and related expenses should be budgeted because safety and health programs must be reflected as a legitimate function of the company. Providing employees adequate authority and resources makes them problem solvers, not problem givers.

• Develop an annual safety budget.

• Prioritize expenditures regarding safety.

• Develop alternate safety measures for safety improvements that must be postponed due to lack of available funding.

• Give those with responsibility adequate resources and support (people, training, money), and authority to get the job done.

Accountability

Once you have assigned responsibility and provided the appropriate authority and resources, hold people accountable for achieving what they have been asked to do. Accountability for one's actions must accompany the responsibility given and the authority and resources provided. Holding employees accountable helps them see how important they are to the total process within the company.

• Enforce your program fairly and consistently.

• Build positive reinforcement into the safety program. This positive reinforcement can be in the form of:

1. Letter of appreciation signed by an officer of the company;

2. Certificate of service that can be framed and displayed in the worker's home;

3. Expression of appreciation at a group meeting.

• Reflect compliance with your safety program in employee performance evaluations.

• Reward effective safety performance as future behavior patterns are strengthened.

• Develop a disciplinary action program so that employees are held accountable once they have been trained.

Program Evaluation

Once the safety and health program is in place and all components are functioning, management needs to check on it from time to time to ensure its effectiveness. Some key indices of safety and health performance are property damage; frequency rates, lost time injuries; high turnover or absenteeism; employee's perception of management's interest and involvement; and insurance claims. If the program is not working, the employer should decide why and try to resolve it. Some areas of the program may need more work; some procedures may need to be changed or added where current activities are not producing the desired results. A successful safety and health program will provide a sense of pride among employees, making them feel like they are accomplishing something.

• Review program at least annually using tools such as incidence rates; experience modification factors; worker’s compensation costs; program goals and objectives.

• Make changes as needed

Controlling Hazards

Once a list of hazards and potential hazards for the workplace has been produced, the prevention and control program can be designed. The program should consist of the following: R Appropriate Controls - all controls in place.

• A preventative maintenance program established and working.

• An emergency action plan established and all employees know how to respond.

• A program is in place to render emergency treatment.

Appropriate Controls

When designing the prevention and control program, apply controls following this ranking: engineering; controls; work practices; personal protective equipment; and administrative controls. A further explanation follows:

1. Engineering to eliminate the hazard by substitution or by removing the hazard from the method, material, structure or process. It's the most effective way of ensuring employees' health and safety. In most situations, OSHA requires that an employer implement feasible engineering controls for both safety and health concerns before relying on guarding, safe work practices, personal protective equipment or administrative controls.

2. Controlling hazard by enclosing or guarding at its source. All machines and equipment should be guarded for pinch points, catch points, shear points, squeeze points, flying objects or sparks, sharp and pointed objects, hot and cold objects.

3. Using work rules and work practices to train personnel to be aware of the hazard and to follow safe job procedures to avoid it. Employees must be trained to understand why these rules and work practices are necessary and how they can be used to protect themselves and others.

4. Providing and requiring the use of personal protective equipment to shield them against the hazard. Employees must be trained and be knowledgeable on the selection, use, limitation and care of all personal protective equipment. Before an employer can rely on the use of personal protective equipment, engineering controls must be used where feasible to reduce exposure to the lowest extent possible.

5. Using administrative (management) controls to limit the time/duration of the exposure. Administrative controls are only effective in certain cases and the control must not expose more employees to undesirable environments of toxic and injurious materials.

Of course the ideal situation would be to eliminate hazards or exposures that employees would encounter. Since this is not always possible, employers should use the best available methods for protecting employees. Engineering controls combined with good work practices can, for the most part, provide maximum protection for employees. The employer is responsible for providing whatever training is necessary to ensure that their employees know how to use t he systems in place for protection.

• Get familiar with OSHA requirements.

• Apply controls using the ranking method, i.e., engineering; safeguarding; work rules and safe work practices; personal protective equipment; administrative.

• Develop general safety and health work rules and communicate them clearly and frequently to your employees.

• Solicit your employees input when developing your plant safety rules and regulations.

• Post work rules and regulations in the workplace

• Review rules periodically to ensure that they are kept current with existing practices.

• Develop procedures for enforcing safety and health rules and safe work practices to ensure that employees do not neglect them.

Preventive Maintenance

Provide a good equipment maintenance program that will keep the in -place engineering controls operating as efficiently as possible. Check items such as ventilation systems to make sure it maintains the correct airflow. Check electronic or electrical controls to see that they work. Check guards and guarding devices to see that they are in place, are being used and are effective. When equipment is not maintained properly, it can become hazardous. Maintain good housekeeping as it eliminates clutter, which can cause trips, slips and falls or contribute to fires; promotes efficient use of space; reduces operating energy requirements; and promotes good morale.

•

• Establish an equipment maintenance program so that engineering controls function properly and hazardous breakdowns can be prevented.

• Survey and list all processes, machines and portable power tools available.

• Audit all maintenance records for the machines you have. Determine if manufacturers manuals exist, if they are adequate and whether they are being followed.

• Develop a tracking procedure that lists the status of each tool or machine or process, its location and relevant inspection data.

• Clearly define inspection criteria, appropriate schedules for maintenance and inspections.

• Clearly define organizational responsibility for inspections.· Clearly define organizational responsibility for inspections.

Emergency Preparation

No safety and health program is complete without a plan for emergencies. Survey for all possible emergency situations (fire, natural disasters, human errors such as toxic spills). Just because something has never happened, does not mean it won't. Plan for the emergency to determine who is supposed to do what. Train and educate so that the responses needed at times of crisis can become practically automatic. The greater the possibility of an emergency, the mo re preparation should be done. Each employee should be trained in the emergency procedures of the workplace. For those who have special responsibilities during emergencies, additional training should be provided that will allow them to safely perform their duties. Working training drills into the activities of the workplace will better prepare everyone should an emergency arise. All should know immediately how to respond, through planning, training and drills.

• Identify all possible emergency situations such as those created by work processes, natural disasters, fires, and human error.

• Develop a plan for responding to each type of emergency identified.

• Train employees and conduct a drill on emergency actions to ensure that all know immediately what to do when an emergency arises.

• Post emergency telephone numbers, emergency exit routes.

• Insure that new employees are aware of your emergency response procedures.

• Periodically review emergency planning in meetings.

Medical Program

A medical program consists of prevention, early recognition and treatment, and limiting the severity of injuries and illnesses. This means that you need to provide basic health care services onsite. It does not mean establishing a large department of doctors and nurses. Instead, most facilities have employees within their site that can provide basic health care should an emergency situation arise. Employers should look for occupational health providers when putting together the health and safety program. For small companies, the employer can arrange for health care through local clinics. The key to the medical program is to minimize the time an injured person will have to wait before being properly treated. Training employees onsite in first aid and CPR provides companies with a source of help during times of trouble.

• · Contract with occupational health professionals to provide for emergency medical treatment for employees.

• · Arrange for industrial hygiene surveys or ergonomic studies if conditions indicate they are necessary.

• · Train employees in first aid/CPR (at least 2 persons per shift).

• · Establish procedures for handling emergency medical situations to reduce the likelihood of panic and to result in faster and more efficient emergency care.

Source: Onsite Safety & Health Consultation Program, Industrial Services Division, Illinois Department of Commerce & Community Affairs

Education and Training

For an effective safety and health program, it is crucial that everyone at the workplace understand his/her role in the program, actively work to prevent and/or control hazards and potential hazards at the worksite, and the ways they should protect themselves should a hazard occur. A good safety and health program is achievable if the following understand their roles and responsibilities within their group:

• Employees are trained to understand the hazards of their jobs and how to protect themselves.

• Supervisors understand their safety responsibilities; understand how to reinforce and enforce employee training.

• Managers understand their own responsibilities regarding training.

Safety and Health Training

For an effective safety and health program, it is crucial that everyone at the workplace understand his/her role in the program, actively work to prevent and/or control hazards and potential hazards at the worksite, and the ways they should protect themselves should a hazard occur. A good safety and health program is achievable if everyone understands their roles and responsibilities within their group.

Employees

Each employee should understand how important they are to the overall picture of safety and health, not only for their well-being, but for every worker involved. Training is especially important for new employees. However, periodic retraining of all employees is also essential. The employees need to know the general safety and health rules, specific site hazards and the safe work practices that are used to control exposure, and the role they are to play in an emergency situation.

Supervisors

Supervisors should be given training both in the safety and health area and in the leadership area. The supervisor needs to be tuned in to the worksite and the potentials for hazards occurring in their areas. Supervisors need special training in the maintenance of their areas, as well as how to get their employees involved in hazards control.

Managers

It is necessary for the manager to have a good system of communication to the workers who are in his or her department. The manager must also understand what his or her role in the safety and health program is, and set the leadership example for others to follow. The employer should do whatever it takes to help raise the level of awareness o f the managers at the worksite and offsite.

• Identify training needs and objectives specific to your company.

• Involve employees in identifying training needs and when possible use them as trainers.

• Create a safety bulletin board as an aid in training and charge an employee with responsibility for its maintenance.

• Establish a training budget.

• Provide training for supervisory and managerial personnel (i.e. leadership, hazard identification, accident investigation, training methods).

• Establish an orientation program for new hires. At a minimum, employees must know the general safety and health rules, specific site hazards and the safe work practices needed to help control exposure, and the individual's role in all types of emergency situations.

• Evaluate training on a regular basis.

• Establish and maintain training records.

______________________________________________________________________________________

4 Steps to Workplace Safety and Health

1. Evaluate your workplace for safety and health

• What is your injury or illness rate?

• What types of injuries and illnesses are you experiencing?

• What operations are involved in the injuries and illnesses?

• What is your Industrial Insurance premium rate?

• What OSHA regulations have you been found in violation of?

2. Determine what safety improvements you want to make.

• What changes do you need to make that will make a difference?

• Establish safety goals. For example, reduce injury rates, premium rates or eliminate violations of safety standards.

• Make changes in those areas that will have the most impact on the safety and health of your employees.

3. Determine how to make the improvements.

• How will you make those changes?

• Carefully plan changes to make sure desired effects are achieved.

4. Complete the activities for improving your program, then measure your results. Act, then measure your results.

• Complete the activities you need to achieve the desired improvements.

• Measure results to ensure that your improvement activities were successful.

____________________________________________________________________________________

AREA II: QUESTIONS WITH KEY

Introduction

This part of the CSHM Preparation Guide presents approximately 2000 questions representative of those that can be expected on the CSHM exam. Do not attempt to memorize these questions as a strategy for study. Rather, focus on being familiar with the various subject areas. An enormous amount of information is presented that closely mirrors the subject matter within the exam. Answering these questions, as one form of study, may be quite helpful in determining your academic strengths and weaknesses.

Certification Examinations

The Institute’s CSHM certification examination is administered nation-wide a minimum of three times a year. Examination application deadlines and dates are posted at the Institutes website (.). The examination consists of 150 multiple-choice questions, each with four possible answers. Three hours are allotted to complete the examination. A passing or cut score is determined using the expert judgments of a standards setting panel. This score will vary depending on the actual examination form utilized.

The certification examination measures an individual’s mastery of the body of knowledge deemed appropriate as a result of a Job Practice Analysis conducted by the Institute. Preparation for the examination is best accomplished by mastering the body of knowledge recognized as appropriate for safety managers. The Institute uses exclusively four option multiple-choice items in its certification examinations for a number of reasons:

• 1. They are flexible and adaptable.

• 2. They tend to be more reliable than other formats.

• 3. They can accommodate a wide range of skills, knowledge and abilities to be measured.

• 4. They provide good sampling.

• 5. They have low chance scores.

• 6. They can be machine scored.

Multiple-choice items consist of three parts:

1. Stem - The stem states the problem or question to be answered.

2. Correct Answer - The correct answer is one of four potential options which represents the only correct response or the best correct response. (“Best” means a panel of experts would agree to this judgment.)

3. Distractors - Three distracters serve as incorrect responses. They are plausible, yet wrong, or not the best possible option.

The following is an example of the parts of a multiple-choice item:

|Stem: Typically, the most unreliable tool utilized in the selection process is a(n): |

| |Correct Answer: |A. employment interview |

| |Distractor: |B. selection test |

| |Distractor: |C. physical examination |

| |Distractor: |D. background check |

Items used on the Institute’s certification examinations were developed by certified safety and health managers who volunteer their services. A final review of each examination form was conducted by the Institute’s Board of Directors. Each examination form is carefully evaluated by the Board before being certified for use.

The three-step process of item development, item review and validation and examination review ensures that items are:

• clear, unambiguous and grammatically proper

• technically correct

• appropriate in terms of fairness--geographically, ethnically or culturally

• important for human resource professionals to know, and

• correctly coded to the ISHM Content Outline

Examination Preparation Methods, Strategies, and Resources

An important issue for examinees is preparation. There are a number of methods available in preparing for the ISHM examination. The selection of a method is a matter of individual preference based upon what best fits into one’s lifestyle. In the future, methods will range from the highly informal individual self-study to highly structured courses and workshops offered by professional organizations such as the National Safety Council, American Society of Safety Engineers, OSHA Training Network, and the National Safety Management Society.

Likewise, the strategy used to prepare for the certification examinations is equally important. Just like a world class athlete must “peak” at the precise moment of competition, so must an examinee on examination day. In addition to being able to master the safety management body of knowledge, the examinee should be both mentally and physically prepared to sit for the examination. Strategy is a critical element of preparation. The resources used to prepare are also critical elements of preparation. Sometimes the resources utilized will be a function of the preparation method selected. Other times, the potential examinee will have to select an appropriate resource from a wide range of possibilities. A mistake in selecting resources can significantly impact an examinee’s score.

Source: ISHM Electronic Certification Guide

AREA II: MANAGEMENT METHODS AND THEORY

Area II. Topic A. SMBO and TQM Principles

1. This management principle is defined by Odiorne as 'a process whereby superior and subordinate managers jointly identify common goals, define responsibilities in terms of expected results, and use measures to assess the contribution of its members': (Petersen, SM, 274)

a. Behavioral-Based Management (BBM)

b. Total Quality Management (TQM)

c. Management by Wandering Around (MBWA)

d. Management by Objectives (MBO)

2. Which of the statements below is not one of the key activities used in the MBO process? (Petersen, SM, 274)

a. define responsibilities in terms of expected results

b. jointly identify common goals

c. measure results using process indicators

d. assess the contribution of each member

3. It is important to understand the difference in the meaning of 'injury' and 'accident' to assure: (Grimaldi & Simons, 13)

a. the terms are not used interchangeably

b. the proper orienting safety management objectives

c. statistical accuracy

d. all of the above

4. Webster defines this term as, 'an event or condition occurring by chance or arising from an unknown or remote cause:' (Grimaldi & Simons, 15)

a. incident

b. injury

c. accident

d. mishap

5. Which of the following is not listed by Dan Petersen as a step in the SBO system? (Petersen, SM, 276)

a. obtain management-supervision agreement

b. give each supervisor and opportunity to perform

c. give supervisors an opportunity to practice

d. help, guide, and train

6. Which of the following is not listed by Dan Petersen as a step in the SBO system? (Petersen, SM, 276)

a. obtain management-supervision agreement

b. give selected supervisors and opportunity to perform

c. give supervisors feedback

d. reward according to progress

7. Which of the following is not listed by Dan Petersen as a step in the SBO system? (Petersen, SM, 276)

a. give each supervisor and opportunity to perform

b. give supervisors feedback

c. withhold help until requested

d. reward according to progress

8. Which of the following is not listed by Dan Petersen as a step in the SBO system? (Petersen, SM, 276)

a. give each supervisor and opportunity to perform

b. give supervisors feedback

c. help, guide, and train

d. reward once objectives are achieved

9. Which of the following is not discussed by Dan Petersen as a critical step in the SBO system? (Petersen, SM, 276)

a. get agreement on results objectives only

b. provide regular, current, and pertinent feedback

c. provide technical and managerial assistance

d. a reward system that is geared to the progress made

10. Which of the following is not discussed by Dan Petersen as a necessary step in the SBO system? (Petersen, SM, 276)

a. get agreement on results and activity objectives

b. provide feedback at least quarterly

c. provide technical and managerial assistance

d. a reward system that is geared to the progress made

11. Which of the following is not discussed by Dan Petersen as an important step in the SBO system? (Petersen, SM, 276)

a. get agreement on results and activity objectives

b. provide regular, current, and pertinent feedback

c. provide technical and managerial assistance

d. a reward system emphasizes recognition of achieved objectives

12. Each of the following is a characteristic of effective brainstorming, EXCEPT:

a. Generate lots of ideas quickly

b. Understand the root cause of the problem

c. People contribute without fear of ridicule.

d. Everyone agrees on the topic or issue.

13. Which of the following is not discussed by Dan Petersen as an important step in the SBO system? (Petersen, SM, 276)

a. get agreement on results and activity objectives

b. provide regular, current, and pertinent feedback

c. provide technical and managerial assistance

d. a reward system emphasizes recognition of achieved objectives

14. Which of the following is not considered by Petersen as an advantage of SBO? (Petersen, SM, 280)

a. brings goal-directed behavior

b. assures viable accountability for achievement

c. fosters participation in the safety program

d. incorporates response tools

15. Each of the following is considered by Petersen as an advantage of SBO, EXCEPT: (Petersen, SM, 280)

a. brings process-directed behavior

b. provides current, immediate, relevant reinforcement

c. fosters participation in the safety program

d. incorporates response tools

16. Each of the following is considered by Petersen as an advantage of SBO, EXCEPT: (Petersen, SM, 280)

a. facilitates planning in safety

b. provides current, immediate, relevant reinforcement

c. fosters participation in the safety program

d. taps human resources, particularly involvement of workers

17. Which of the following is not considered by Petersen as an advantage of SBO? (Petersen, SM, 280)

a. brings goal-directed behavior

b. uses established traditional techniques

c. fosters participation in the safety program

d. incorporates response tools

18. Which of the following is not considered by Petersen as an advantage of SBO? (Petersen, SM, 280)

a. brings goal-directed behavior

b. facilitates planning in safety

c. uses the brains and energies of workers

d. incorporates response tools

19. According to Dan Petersen, the Human Era was ushered in at some time after this era: (Petersen, SM, 7)

a. Noise Era

b. Industrial Hygiene Era

c. OSHA Era

d. Accountability Era

20. What is a safety process?

a. It assures continuous improvement and employee participation

b. It converts system inputs into system outputs

c. Anything that satisfies customers

d. Anything that causes change

21. Which of the following is not considered by Petersen as an advantage of SBO? (Petersen, SM, 280)

a. fosters compliant goal-setting

b. facilitates planning in safety

c. uses the brains and energies of supervisors

d. incorporates response tools

22. This technique, popularized by Dan Petersen, is a systematic method of measuring accident prevention effort: (Petersen, TSM, 95)

a. SMBO

b. SCRAPE

c. SQTM

d. TSM

23. According to W. Edwards Deming, this cause category is responsible for 94 percent of total variation: (Mears, QIT&T, 68)

a. special variations

b. common variations

c. surface variations

d. root variations

24. The 'SCRAPE' rate indicates the amount of work done by a supervisor and by the company to: (Petersen, TSM, 95)

a. assure compliance within a given period

b. inspect and correct hazards within a given period

c. observe critical behaviors within a given period

d. prevent accidents within a given period

25. The first step in the 'SCRAPE' process is to: (Petersen, TSM, 95)

a. determine specifically what line managers are to do

b. develop goals and objectives to measure

c. meet to seek agreement on objectives to be measured

d. write an effective plan prior to action

26. According to Dan Petersen, the Accountability Era was in full swing during which decade? (Petersen, SM, 7)

a. 1950's

b. 1960's

c. 1970's

d. 1980's

27. Under the 'SCRAPE' process, managers are interested in prioritizing what supervisors will do in each of the following activity categories, except: (Petersen, TSM, 95)

a. orienting new employees

b. enforcing regulatory standards

c. training or coaching people

d. writing safety policy

28. Under the 'SCRAPE' process, managers are interested in prioritizing what supervisors will do in each of the following activity categories, except: (Petersen, TSM, 95)

a. conducting physical inspections of the department

b. enforcing regulatory standards

c. training or coaching people

d. investigating accidents

29. The value of Petersen's 'SCRAPE' process rests in its ability to: (Petersen, TSM, 97)

a. measures the lack of safety after an accident occurs

b. pressures supervisors to achieve measures objectives

c. measure safety activity before an accident occurs

d. relies on management measurement rather than employee compliance

30. The most important result of Petersen's 'SCRAPE' process is that it: (Petersen, TSM, 97)

a. measures safety activity, not the lack of safety

b. forces supervisors to achieve high levels of performance

c. makes management define what it wants from supervisors

d. measures effort after an accident occurs

31. According to Dan Petersen, during this decade, safety professionals started seriously thinking, for the first time, in management terms: (Petersen, SM, 4)

a. 1930's

b. 1940's

c. 1950's

d. 1960's

32. According to Dan Petersen, this decade saw the onset of the OSHA Era: (Petersen, SM, 5)

a. 1950's

b. 1960's

c. 1970's

d. 1980's

Area II. Topic B. Systems Safety

1. According to Brauer, system safety is an approach to accident prevention that involves detection of system components that: (Brauer, p.544)

a. may contribute to product failure

b. breakdown in process quality

c. cause implementation failures

d. have accident potential

2. System safety applies proactive identification and control of hazards throughout the life cycle of: (Brauer, p.544)

a. systems

b. projects

c. programs

d. all of the above

3. The cost for changes is greatest in which stage of development? (Brauer, p.545)

a. Planning

b. Design

c. Occupancy

d. Construction

4. According to Brauer, the key element in system safety is: (Brauer, p.544)

a. system improvement

b. hazard analysis

c. accident investigation

d. program development

5. In the system safety approach, hazard analysis: (Brauer, p.544)

a. is continued over the life cycle of a system

b. is systematic yet random

c. is specific to each program

d. is constructed to ensure integration

6. Which of the following is not considered a control that extends from system safety hazard analysis? (Brauer, p.544)

a. engineering controls

b. work practice controls

c. behavioral controls

d. interim measures

7. The concepts of system safety evolved with: (Brauer, p.544)

a. ship building projects during WWII

b. Abrams tank development projects

c. aircraft and missile projects

d. area 51 back engineering projects

8. Today, system safety concepts are incorporated into all of the following, EXCEPT: (Brauer, p.546)

a. product design

b. building and facility design

c. accident prevention management

d. toxicological study design

9. According to Brauer, this document represents the common thread in the many variations in system safety procedures: (Brauer, p.545)

a. HAZOP-STD 437

b. OSHAct 1970

c. MIL-STD-882B

d. CSP-23 Plan

10. Which of the following is not one of the typical phases in the life cycle of a system? (Brauer, p.545)

a. concept design

b. production

c. deployment

d. review

11. Which of the following is not one of the system safety program objectives defined by MIL-STD-882B? (Brauer, p.546)

a. identify maximum acceptable system risk

b. design safety consistent with mission

c. identify, evaluate and eliminate system hazards

d. use historical data from other systems

12. Which of the following is not one of the system safety program objectives defined by MIL-STD-882B? (Brauer, p.546)

a. seek minimum level of risk

b. include safety features to minimize retrofit actions

c. protect critical components

d. document significant safety data

13. System safety design approaches to minimize risk from hazards that cannot be eliminated include all of the following, except: (Brauer, p.546)

a. interlocks

b. fail-safe design

c. compatible materials

d. protective clothing

14. Which of the following is the top priority for satisfying system safety requirements and resolving identified hazards? (Brauer, p.547)

a. Incorporate safety devices

b. Develop procedures and training

c. Design for minimum risk

d. Provide warning devices

15. Which of the following is the lowest priority for satisfying system safety requirements and resolving identified hazards? (Brauer, p.547)

a. Incorporate safety devices

b. Develop procedures and training

c. Design for minimum risk

d. Provide warning devices

16. According to the order of precedence for satisfying system safety requirements guidance within MIL-STD-882B, which method would be employed if safety design or warning devices cannot adequately reduce risk: (Brauer, p.547)

a. Incorporate safety devices

b. Develop procedures and training

c. Design for minimum risk

d. Provide warning devices

17. According to the order of precedence for satisfying system safety requirements guidance within MIL-STD-882B, this method should be employed if all other methods fail to adequately reduce risk: (Brauer, p.547)

a. Incorporate safety devices

b. Develop procedures and training

c. Design for minimum risk

d. Provide warning devices

18. This category is the only risk criterion allowed by MIL-STD-882B during the early design phases: (Brauer, p.547)

a. risk exposure

b. hazard probability

c. hazard severity

d. risk assessment

19. When hazards are not eliminated by design during early design phases, MIL-STD-882B requires these criteria to set priorities for corrective action and resolution of identified hazards: (Brauer, p.547)

a. risk and severity

b. severity and probability

c. probability and exposure

d. exposure and risk

20. MIL-STD-882B requires alternative strategies be employed when methods to eliminate or reduce these hazards are impossible or impractical: (Brauer, p.547)

a. CRITICAL AND SERIOUS

b. CATASTROPHIC AND CRITICAL

c. POTENTIAL AND SERIOUS

d. FREQUENT AND CRITICAL

21. This analysis technique employs boolean logic concepts to evaluate events and is often used in system safety programs for complex systems: (Brauer, p.551)

a. Root cause analysis

b. Fault tree analysis

c. HAZOP analysis

d. System analysis

22. This analysis technique displays the principal or top undesired event, which is broken down into factors that are further subdivided into event causes: (Brauer, p.551)

a. Root cause analysis

b. Fault tree analysis

c. HAZOP analysis

d. System analysis

23. Which of the following is a possible failure which represents a major weakness inherent in fault tree analysis? (Brauer, p.551)

a. failure to determine root causes for the top event

b. failure to evaluate the relationship among events

c. failure to assign valid probability to an event

d. failure to identify all events that may lead to the top event

24. A significant difficulty in fault tree analysis is: (Brauer, p.551)

a. determining root causes for the top event

b. evaluating the relationship among events

c. assigning valid probability to an event

d. identifying all events that may lead to the basic event

25. Which of the following is the top or intermediate event that must be described further in the tree? (Brauer, p.551)

a. normal event

b. fault event

c. undeveloped event

d. basic event

26. Which of the following fault tree analysis events requires no further analysis? (Brauer, p.551)

a. normal event

b. fault event

c. undeveloped event

d. basic event

27. Which of the following fault tree analysis events has two states: it occurs or does not occur? (Brauer, p.552)

a. normal event

b. fault event

c. undeveloped event

d. basic event

28. Which of the following fault tree analysis events is chosen by the analyst not to be analyzed? (Brauer, p.552)

a. normal event

b. fault event

c. undeveloped event

d. basic event

29. Which of the following fault tree analysis events may not be critical to the problem at hand? (Brauer, p.552)

a. normal event

b. fault event

c. undeveloped event

d. basic event

30. Symbols that describe the relationship among elements are called: (Brauer, p.552)

a. relationship doors

b. logic gates

c. rational elements

d. notation symbols

31. Which of the following describes fault tree analysis logic gates? (Brauer, p.552)

a. OR and AND gates

b. GO and NOGO gates

c. IF and THEREFORE gates

d. WHEN and THEN gates

32. This fault tree analysis gate indicates that all of the input events must occur to cause the output event: (Brauer, p.552)

a. OR gate

b. GO gate

c. AND gate

d. NOGO gate

33. Two fault tree analysis input events for this gate may be mutually exclusive: (Brauer, p.552)

a. OR gate

b. GO gate

c. AND gate

d. NOGO gate

34. This term describes any element of a fault tree analysis that represents an occurrence: (Brauer, p.553)

a. fault

b. gate

c. event

d. state

35. This fault tree analysis event results when the function of a component is interrupted: (Brauer, p.553)

a. normal

b. fault

c. failure

d. intermittent

36. This 1911 disaster in New York triggered public demand for improved factory safety laws and an increase of factory safety inspection system:

a. The New York Tunnel disaster

b. The Triangle Shirtwaste Company fire

c. The Stock Market crash

d. The New York riots

37. This fault tree analysis event describes a condition that contributes in some way to the occurrence of an undesired event: (Brauer, p.553)

a. normal

b. fault

c. failure

d. intermittent

38. In fault tree analysis, failing to respond to an emergency chemical spill would be described as a: (Brauer, p.553)

a. normal

b. fault

c. failure

d. intermittent

39. In fault tree analysis, inability to detect an emergency chemical spill would be described as a: (Brauer, p.553)

a. normal

b. fault

c. failure

d. intermittent

40. In fault tree analysis, this failure is an internal problem with components that make them inoperative: (Brauer, p.553)

a. direct

b. contributing

c. primary

d. secondary

41. In fault tree analysis, this failure is an external problem with components that make those components inoperative: (Brauer, p.553)

a. direct

b. contributing

c. primary

d. secondary

42. In fault tree analysis, this failure is an internal problem with components that make them inoperative: (Brauer, p.553)

a. direct

b. contributing

c. primary

d. secondary

43. In fault tree analysis, this fault is an external event that causes abnormal operation: (Brauer, p.553)

a. direct

b. contributing

c. primary

d. secondary

44. Which of the following describe the two types of basic fault tree analysis? (Brauer, p.554)

a. qualitative and quantitative

b. surface and root

c. personal and system

d. primary and secondary

45. This strategy is an inductive procedure that moves from the specific to the general: (Brauer, p.555)

a. Fault Tree Analysis (FTA)

b. Failure Mode and Effects Analysis (FMEA)

c. Management Oversight and Risk Tree (MORT)

d. Simultaneous Timed Events Plotting Analysis (STEP)

46. This strategy is emphasizes the analysis of the relationship of component conditions to system conditions: (Brauer, p.555)

a. Fault Tree Analysis (FTA)

b. Failure Mode and Effects Analysis (FMEA)

c. Management Oversight and Risk Tree (MORT)

d. Simultaneous Timed Events Plotting Analysis (STEP)

47. This strategy analyzes events from a time or sequence perspective to determine actors and actions that contribute to an accident: (Brauer, p.558)

a. Fault Tree Analysis (FTA)

b. Failure Mode and Effects Analysis (FMEA)

c. Management Oversight and Risk Tree (MORT)

d. Simultaneous Timed Events Plotting Analysis (STEP)

48. This safety system analysis process attempts to identify and assess risks associated with an operation and refer them to the proper management level for action: (Brauer, p.559)

a. Fault Tree Analysis (FTA)

b. Failure Mode and Effects Analysis (FMEA)

c. Management Oversight and Risk Tree (MORT)

d. Simultaneous Timed Events Plotting Analysis (STEP)

49. The MORT analysis method arranges safety program elements into each of the following levels, except: (Brauer, p.559)

a. specific surface causes

b. generic problems or undesirable events

c. basic events

d. less than adequate (LTA) criteria

50. This safety system analysis process assumes that in a perfect safety system all components function in a manner that contributes to or compliments the achievement of tasks: (Brauer, p.559)

a. Fault Tree Analysis (FTA)

b. Failure Mode and Effects Analysis (FMEA)

c. Management Oversight and Risk Tree (MORT)

d. Simultaneous Timed Events Plotting Analysis (STEP)

51. The Labor-Federal Security Appropriations Act in July of 1941 authorized science and management courses as part of the:

a. Safety Engineering Education (SEE)

b. Engineering, Science and Management Defense Training (ESMDT)

c. Wartime Industrial Safety Engineering (WISE)

d. National Occupational Safety Defense Engineering (NOSDE)

52. Which of the following is not one of the recognized interactive components analyzed in the system safety approach?

a. Federal Laws

b. Environment

c. Worker

d. Equipment and Materials

53. Thorough analysis of most accidents indicates the causes can be attributed, directly or indirectly to:

a. employee ignorance

b. unsafe behaviors

c. management system weaknesses

d. hazardous conditions

54. When designing equipment or a production process, the safety of an operation should be:

a. the least important feature to be considered

b. designed after first considering productivity

c. considered as most important feature

d. regarded as a normal and integral feature

55. This company originated the fault tree analysis process: (Brauer, p. 551)

a. United Airlines

b. The Rand Corporation

c. Bell Telephone Laboratories

d. Rutan Manufacturing

56. According to Pope, this term should be used instead of 'accident' to eliminate any vagueness: (Pope, p. 107)

a. Operational error

b. Operational occurrence

c. Operational incident

d. Operational oversight

57. What is the acronym for the safety management reporting system that is a cornerstone of Theory S? (Pope, Chap. 5)

a. HRIS

b. SMIS

c. SMRS

d. SISM

58. Which of the following is not one of Pope and Creswell's Theory S components? (Pope, Chap. 5)

a. Creation of a computerized information system

b. Industrial mishaps are symptoms of management incompetence

c. Systems operate in a condition of probable failure

d. Systems interact differently with each other

59. Using System Safety Management or Theory S in an industrial enterprise requires the acceptance of which of the following ideas? (Pope, p. 135)

a. All enterprises function in a similar manner

b. Business enterprises are social systems

c. Industrial mishaps are symptoms of incompetence

d. Avoidance of correctable loss is the focus

60. TAFS is an acronym for: (Pope, p. 322)

a. Triadic Analysis of Flawed Systems

b. Testing Approach of Functional Systems

c. Testing Analysis for Fundamental Safety

d. Triadic Approach to Fundamental Safety

61. TAFS is an acronym for: (Pope, p. 322)

a. Triadic Analysis of Flawed Systems

b. Testing Approach of Functional Systems

c. Testing Analysis for Fundamental Safety

d. Triadic Approach to Fundamental Safety

62. What component does Pope's Triadic Analysis of Flawed Systems (TAFS) approach add to traditional safety management? (Pope, Chap. 6)

a. Correction of observable phenomenon of unsafe acts and conditions

b. Define methods of determining unsafe acts and conditions

c. Objective thinking about the direction and control of management

d. Use of inspections to gather objective evidence

63. Pope states that the actions taken in response to an accident are determined by its impact on four factors. Which of the following is not one of the factors? (Pope, p. 162)

a. employee(s) involved

b. expense to the corporation

c. regulatory compliance

d. disruption of the work process

64. Pope's Triadic Analysis of Flawed Systems (TAFS) studies the impact of human error and flawed management practices on what three systems? (Pope, p. 165)

a. social, physical, biological

b. organizational, environmental, social

c. social, mechanical, organizational

d. physical, biological, organizational

65. There are four principles to the theory of error-free performance (EPS). Which of the following statements does not reflect these principles? (Pope, p. 192)

a. equipment design should consider capabilities and limitations

b. greatest gains come from improving man, machine and management systems

c. management defines safety performance in light of personal flaws

d. errors are evidence of ineffective operations and management incompetence

66. According to Pope, McGregor's Theory X and Theory Y is considered within which management school? (Pope, p. 281)

a. Contingency management

b. Participative management

c. Human relations theory

d. Scientific management

67. Which of the following is not a recognized system safety measure to protect power sources? (Brauer, p. 546 )

a. warning signs

b. redundant subsystems

c. physical separation

d. physical separation

68. This person is considered the father of the scientific approach to safety? (Pope, p. 36)

a. Dan Petersen

b. H.W. Heinrich

c. Nestor Roos

d. W. Edwards Deming

69. This safety approach identifies and controls hazards throughout the life cycle of a system, project, program or activity:

a. Reliable

b. Primary

c. Proactive

d. Reactive

70. This organization recognized that a building's fire safety could benefit from a systems analysis: (Brauer, p. 563)

a. OSHA

b. ASSE

c. AFA

d. NFPA

71. What is meant by the term 'negative event' in Fault Tree Analysis? (Texas WCC)

a. A political rally for a negative candidate

b. A near miss, or accident that results in personal injury or property damage

c. An automobile race where all the vehicles drive in reverse

d. A series of events that actually make a positive event

72. What is a benefit of the fault tree analysis? (Texas WCC)

a. It offers shade on a sunny day

b. You can determine the amount of money it will cost to implement a procedure

c. You will get meaningful data about the overall reliability of the system

d. It takes little time and expense to create

73. What does the circle symbol used in the formation of the tree represent? (Texas WCC)

a. The negative event that will be studied

b. The transfer of a branch to another location on the tree

c. A terminal event that doesn’t need to be developed further

d. A base event with no events below it

74. A fault tree analysis should be: (Texas WCC)

a. complicated to discourage safety managers

b. used to show a condition or actor

c. used to show a procedure or event

d. hard to visualize for the novice

75. What was the fault tree analysis created to do? (Texas WCC)

a. To evaluate the production of baked goods

b. To increase the safety level of the space program

c. To improve the safety of missile systems

d. To illustrate how to safely set up a Christmas tree

76. This organization recognized that a building's fire safety could benefit from a systems analysis: (Brauer, p. 563)

a. OSHA

b. ASSE

c. AFA

d. NFPA

77. How many management and control tasks are listed in standard MIL-STD-882B? (Brauer, p. 548)

a. 3

b. 5

c. 7

d. 9

Area II. Topic C. Auditing

1. This hazard control system step is required to ensure changes are effective long term:

a. Developing solutions

b. Writing recommendations

c. Taking action

d. Evaluating the results

2. This procedure is conducted by the supervisor and employees at the beginning of a work shift and throughout the workday: (Joseph LaDou, OH&S, 131)

a. accident investigation

b. general audit

c. informal inspection

d. formal review

3. This procedure measures the results of supervisor action before an accident occurs: (Petersen, TSM, 129)

a. before-the-fact measure

b. results measure

c. performance measure

d. behavioral measure

4. The most frequently performed inspections are the: (Joseph LaDou, OH&S, 131)

a. general audit

b. formal inspection

c. informal inspection

d. accident investigation

5. These measures tend to be generated from injury records: (Petersen, TSM, 129)

a. outcomes evaluations

b. results measures

c. performance measures

d. failure measures

6. Which of the following must be present before an accident can occur?

a. unsafe behavior, lack of common sense

b. hazard, exposure

c. hazard, lack of common sense

d. unsafe behavior, exposure

7. This procedure is conducted periodically and often covers all areas of operations: (Joseph LaDou, OH&S, 131)

a. accident investigation

b. general audit

c. informal inspection

d. formal review

8. Which of the following could result in the employee being a 'hazardous condition'?

a. inadequate training

b. mental deficiency

c. physical deficiency

d. any of the above

9. An inspection following a proper sequence is generally more effective because: (Joseph LaDou, OH&S, 131)

a. it always looks at the same items

b. it takes less time

c. it is more efficient

d. it's easier to do

10. An analysis process examines:

a. where hazards can be found and how to find it

b. each part, step or event to determine its impact on the whole

c. performance to judge its effectiveness

d. culture to evaluate how well it supports safety

11. Employing a numbering system in an inspection or audit is important for the following reason: (Joseph LaDou, OH&S, 133)

a. simplifies the evaluation process

b. allows for averaging several components to get a rating

c. easy to score

d. simple to train inspectors or auditors

12. Most accidents in the workplace are caused by:

a. carelessness

b. unsafe behaviors

c. hazardous conditions

d. lack of common sense

13. According to the National Safety Council, all of the following are examples of inspections and audits, except: (Joseph LaDou, OH&S, 131)

a. general audit

b. accident investigation

c. employee survey

d. informal and formal inspection

14. These measures may be used before or after an accident occurs: (Petersen, TSM, 127)

a. outcomes evaluations

b. results measures

c. performance measures

d. behavioral measures

15. The frequency of formal inspections and general audits depend on all of the following factors, except: (Joseph LaDou, OH&S, 131)

a. location of procedures

b. loss severity potential

c. regulatory requirements

d. the budget

16. Some results measures can be quite useful for all of the following reasons, except: (Petersen, TSM, 129)

a. they can attract attention

b. they are not sensitive to change

c. they can provide recognition for good performance

d. they can be constructed to provide swift feedback

17. Correctly classifying hazards during the inspection or audit helps management: (Joseph LaDou, OH&S, 133)

a. understand and evaluate problems

b. assign priorities

c. reach decisions quickly

d. all of the above

18. This procedure is considered a most effective proactive method to collect useful data about the causes of most accidents in a workplace:

a. Inspection

b. Employee interview

c. Survey

d. Observation

19. The core of a management action plan after an audit should be to: (Joseph LaDou, OH&S, 133)

a. determine responsibilities

b. establish accountability for program failures

c. upgrade program components to standard

d. predict possible OSHA penalties

20. This procedure is a measure of performance (and results) that enters the scene at middle- and upper- management levels: (Petersen, TSM, 123)

a. appraisal

b. survey

c. inspection

d. audit

21. This audit occurs reactively, after a loss has occurred: (Joseph LaDou, OH&S, 131)

a. accident investigation

b. general audit

c. informal inspection

d. formal review

22. This procedure is considered a most effective proactive method to collect useful data about employee opinions and attitudes workplace.

a. Inspection

b. Surveillance

c. Survey

d. Observation

23. All of the following properly describe hazards in an inspection or audit, except: (Joseph LaDou, OH&S, 133)

a. pallets are not properly stacked in the yard

b. upper guard missing on grinder

c. slippery oil spots on the floor in the maintenance shop

d. poor housekeeping in administrative offices

24. An audit is considered to be a: (Petersen, TSM, 123)

a. outcomes evaluation

b. results measure

c. performance measure

d. behavioral measure

25. This planned process is conducted by a team composed of management, labor, safety and maintenance staff: (Joseph LaDou, OH&S, 131)

a. accident investigation

b. general audit

c. informal inspection

d. formal review

26. This formal procedure is usually not very effective in uncovering the causes of most accidents in the workplace:

a. Inspection

b. Surveillance

c. Survey

d. Observation

27. This procedure is simply a measure of what middle managers do - of whether they perform their assigned tasks: (Petersen, TSM, 123)

a. appraisal

b. survey

c. inspection

d. audit

28. What is a major weakness in the walk-around safety inspection process?

a. Takes too much time

b. Does not adequately identify unsafe behaviors

c. Does not adequately identify hazardous conditions

d. Requires both employee and management participation

29. If a hazard is immediately corrected during an inspection or audit, all of the following are acceptable recordkeeping practices, except: (Joseph LaDou, OH&S, 133)

a. make a note that the item was corrected

b. line out the hazard

c. cross the item out with an 'x'

d. erase the item

30. The findings of an audit should: (Brauer, 520)

a. measure a limited number of performance variables

b. address policy and procedural problems

c. disclose findings to employees

d. pinpoint specific behaviors

31. At the middle- and upper- management level we usually concentrate on: (Petersen, TSM, 130)

a. outcomes evaluations

b. results measures

c. performance measures

d. behavioral measures

32. The purpose of an audit is to: (Brauer, 520)

a. detect and correct hazards in the workplace

b. determine the values of a corporate culture

c. challenge existing policies, procedures, and practices

d. evaluate first-line supervisor performance

33. What is a major weakness in the walk-around safety inspection process?

a. Takes too much time

b. Does not adequately identify unsafe behaviors

c. Does not adequately identify hazardous conditions

d. Requires both employee and management participation

34. This procedure, developed by Thiokol Chemical Corporation, effectively measures results as well as performance: (Petersen, TSM, 125)

a. Lost Work Day Case Indicator (LWDCI)

b. Safety Audit Factor Evaluation Report (SAFER)

c. Safety Performance Indicator (SPI)

d. Safety Performance Report Card (SPRC)

35. According to Brauer, the purpose of an audit is to: (Brauer, 520)

a. look at leadership and how well it achieves results

b. challenge underlying concepts and principles

c. challenge existing policies, procedures, and practices

d. all of the above

36. Conduct this type of analysis any time you bring something new into your worksite, whether it be a piece of equipment, different materials, a new process, or an entirely new building:

a. Phase Analysis

b. Process Hazard Analysis

c. Job Hazard Analysis

d. Change Analysis

37. The findings of a safety audit should include: (Brauer, 520)

a. names of those responsible and recommended disciplinary action

b. what things need improvement and ways to improve them

c. identified hazards and maintenance requests

d. an evaluation of performance results

38. Traditionally, there have been two figures or variables used to measure company-wide safety performance. Which of the following describe these two measures? (Petersen, TSM, 123)

a. duration, frequency

b. probability, duration

c. frequency, severity

d. frequency, duration

39. If a hazard has been temporarily corrected during an inspection or audit, yet requires further action, all of the following are acceptable recordkeeping practices, except: (Joseph LaDou, OH&S, 133)

a. make a note that the item was corrected

b. line out the hazard

c. cross the item out with an 'x'

d. erase the item

40. Brauer warns that management audits must be handled cautiously so that they: (Brauer, 520)

a. measure a limited number of performance variables

b. do not become a tool for blame or ridicule

c. do not disclose findings to employees

d. are designed to pinpoint specific behaviors

41. Every inspection program must define all of the following, except: (Joseph LaDou, OH&S, 140)

a. how results will be handled

b. how records will be filed and classified

c. how results will be followed up

d. how discipline will be administered

42. What-if, checklists, hazard and operability study (HAZOP), failure mode and effect analysis (FMEA), or fault-tree analysis, may be used in this type of analysis to determine possible process breakdowns:

a. Phase Analysis

b. Process Hazard Analysis

c. Job Hazard Analysis

d. Change Analysis

43. Who should review the results of an audit or inspection? (Joseph LaDou, OH&S, 140)

a. the safety and health committee

b. the responsible supervisor

c. the responsible employees

d. all of the above

44. A manager's department may be audited by: (Brauer, 520)

a. the manager of that department

b. another department's safety staff

c. one of the manager's supervisors

d. another employee within the department

45. The SAFER audit report, developed by Robert Mills for Grumman Aerospace, is a guide for reviewing and checking key factors on a broad category range. What are the categories? (Petersen, TSM, 123)

a. not present, needs work, adequate

b. does not exist, present

c. none, minimal, adequate

d. less than adequate, adequate

46. According to Brauer, an audit is: (Brauer, 520)

a. the same process as an inspection

b. a process of having outsiders evaluate management

c. conducted by an internal consultant

d. conducted by employees to evaluate supervisors

47. According to Dan Petersen, audits have some severe setbacks. Which of the following is not one he lists? (Petersen, TSM, 238)

a. they stifle autonomy

b. they stifle creativity

c. they force uniformity

d. they force compliance

48. According to the results of a nine year Association of Americans Railroads study, the effectiveness of safety efforts can NOT be measured: (Petersen, TSM, 238)

a. with traditional procedural-engineering criteria

b. with surveys of employee perceptions

c. with management audits

d. with inspections by first-line supervisors

49. According to Dan Petersen, audits have some advantages. Which of the following is one of them? (Petersen, TSM, 238)

a. they get attention

b. they force performance

c. they encourage involvement

d. both a and b above

50. According to the results of a nine year Association of Americans Railroads study, the effectiveness of safety efforts can be measured: (Petersen, TSM, 238)

a. with traditional procedural-engineering criteria

b. with surveys of employee perceptions

c. with management audits

d. with inspections by first-line supervisors

51. Which of the following is not an approach discussed by Petersen to analyzing and improving the safety management system? (Petersen, TSM, 211)

a. simple checklists

b. simple yes-no audits

c. complicated quantified audits

d. system compliance approaches

52. Which of the following is not an approach discussed by Petersen to analyzing and improving the safety management system? (Petersen, TSM, 211)

a. accident investigations

b. perception surveys

c. TOR analyses

d. system safety approaches

53. According to Petersen, as with any measure, the audit can be a: (Petersen, TSM, 228)

a. excellent tool forcing supervising compliance

b. superb motivational tool

c. demotivating if tied to compliance

d. a waste of time if corrective actions are not taken

54. According to Petersen, there seems to be little question that the way an employee sees the company safety program: (Petersen, TSM, 230)

a. strongly influences behavior on the job

b. influences the ability to learn

c. influences ability to respond

d. all of the above

55. An Employers Insurance of Warsaw study found three types of companies exist. Which of the following activities would be seen as 'overzealous' in the study? (Petersen, TSM, 230)

a. companies requiring a great amount of safety equipment be worn

b. offering prizes for safety records or for writing slogans

c. stimulating competition, offering plaques for zero accidents

d. gets busy doing safety only after an accident occurs

Area II. Topic D. Data Analysis and Applied Statistics

1. Points above this line on a Control chart indicate the process is out of control: (Mears, QIT&T, 69)

a. Loss Control Line (LCL)

b. Upper Control Limit (UCL)

c. Maximum Control Limit (MCL)

d. Lower Control Limit (LCL)

2. The fishbone diagram is used to: (Petersen, SM, 7)

a. identify root causes

b. establish a sequence of events

c. determine flow over time

d. establish the vital few

3. This SPC tool is a bar graph of identified causes in descending order of magnitude or frequency: (Petersen, TSM, 271)

a. Pareto diagram

b. Run chart

c. Histogram

d. Fishbone diagram

4. The fishbone diagram is used to: (Mears, QIT&T, 52))

a. identify root causes

b. establish a sequence of events

c. determine flow over time

d. establish the vital few

5. Data points on a Control chart located outside control limits represent abnormal variation resulting from: (Mears, QIT&T, 68)

a. special causes

b. common causes

c. surface causes

d. root causes

6. When all data points on a Control chart are located inside control limits, the process is said to be: (Mears, QIT&T, 71)

a. predictable

b. static

c. stable

d. out of control

7. This SPC tool is a cause and effect diagram for analyzing problems and the factors that contribute to them: (Petersen, TSM, 272)

a. Pareto diagram

b. Run chart

c. Histogram

d. Fishbone diagram

8. This tool, also called an Ishikawa diagram, show relationships between events: (Mears, QIT&T, 52)

a. Pareto diagram

b. Run chart

c. Histogram

d. Fishbone diagram

9. This tool, employs a series of dots at various points on a table to show the relationship between two variables events: (Mears, QIT&T, 57)

a. Pareto diagram

b. Scatter diagram

c. Histogram

d. Fishbone diagram

10. This tool, employs a series of dots at various points on a table to show the relationship between two variables events: (Mears, QIT&T, 61)

a. Pareto diagram

b. Scatter diagram

c. Run chart

d. Fishbone diagram

11. This tool is often called a line graph or trend chart and is used to display out of a process over time: (Mears, QIT&T, 61)

a. Pareto diagram

b. Scatter diagram

c. Run chart

d. Fishbone diagram

12. This SPC tool is a is a bar graph displaying a frequency distribution: (Petersen, TSM, 271)

a. Pareto diagram

b. Run chart

c. Histogram

d. Fishbone diagram

13. The vertical axis, which represents the quantity or frequency of what's being displayed on a run chart is called the: (Mears, QIT&T, 61)

a. x axis

b. y axis

c. key axis

d. z axis

14. Points below this line on a Control chart indicate the process is in control: (Mears, QIT&T, 69)

a. Loss Control Line (LCL)

b. Upper Control Limit (UCL)

c. Maximum Control Limit (MCL)

d. Lower Control Limit (LCL)

15. How do you know if a process is in statistical control when viewing a SPC control chart?

a. Performance exceeds standards

b. Performance measures are within upper and lower control limits

c. Customers are satisfied

d. Performance measures display variation consistent with a normal curve

16. This SPC tool is a graph displaying the correlation of two characteristics: (Petersen, TSM, 273)

a. Pareto diagram

b. Scatter diagram

c. Histogram

d. Fishbone diagram

17. What tool is used to identify statistically significant changes that may occur in a process? (Mears, QIT&T, 67)

a. Run chart

b. Scatter diagram

c. Control chart

d. Flow chart

18. A Histogram is used to:

a. Provide a picture using discrete data

b. Track continuous data over time.

c. Separate the vital few from the trivial

d. Identify the most important cause of a problem.

19. This SPC tool is a method of monitoring the output of a process or system, through sample measurement of a selected characteristic and analysis of its performance over time: (Petersen, TSM, 273)

a. Pareto diagram

b. Run chart

c. Histogram

d. Control chart

20. Dan Petersen calls this the working tool of statistical control. It is particularly useful for plotting accident rates against time, with the overall accident rate or mean for the entire period: (Petersen, TSM, 273)

a. Pareto diagram

b. Run chart

c. Histogram

d. Control chart

21. A Pareto Chart is used to:

a. Document the steps and material used in a process

b. Identify averages of performance measure

c. Separate the vital few from the trivial

d. Track performance over time

22. Points below this line on a Control chart indicate the process is out of control: (Mears, QIT&T, 69)

a. Loss Control Line (LCL)

b. Upper Control Limit (UCL)

c. Maximum Control Limit (MCL)

d. Lower Control Limit (LCL)

23. According to Dan Petersen, if data is outside the UCL or LCL on a control chart, it is: (Petersen, TSM, 274)

a. caused by a common cause

b. a chance occurrence - a warning to be watchful

c. not strictly by chance - something is wrong

d. a random occurrence - something may be wrong

24. When some data points on a Control chart are located outside control limits, the process should be: (Mears, QIT&T, 71)

a. stopped and corrected

b. not be changed

c. considered unpredictable

d. monitored more closely

25. If a number of data points fall below the LCL on an accident rate control chart, it indicates: (Petersen, TSM, 275)

a. a significant change for the better

b. a significant change for the worse

c. a negative change for which there is an assignable cause

d. a positive change due to system improvements

26. Data points on a Control chart located inside control limits represent normal variation resulting from: (Mears, QIT&T, 68)

a. special causes

b. common causes

c. surface causes

d. root causes

27. If one percent upper and lower control limits are set on an accident rate control chart, is the probability of a data point falling outside the UCL or LCL when the accident rate is stable? (Petersen, TSM, 275)

a. .001

b. .005

c. .01

d. .05

28. When some data points on a Control chart are located outside control limits, the process should be: (Mears, QIT&T, 71)

a. stopped and corrected

b. not be changed

c. considered unpredictable

d. monitored more closely

29. According to Petersen, one percent control limits are satisfactory for industrial accident studies. However, should all data points fall within control limits what percent control limit does Petersen think might be more satisfactory? (Petersen, TSM, 276)

a. 2 percent

b. 5 percent

c. 8 percent

d. 10 percent

30. According to Petersen, there are easier methods to analyze data than the control chart. About 80 percent of all safety problems can be handled with each of the following, except: (Petersen, TSM, 277)

a. Pareto chart

b. fishbone diagram

c. process flow diagram

d. scatter diagram

31. The Occupational Injury and Illness Classification Manual (OI&ICM) provides a classification system for use in coding the case characteristics of injuries and illnesses in the Occupational Safety and Health (OSH) program and the Census of Fatal Occupational Injuries (CFOI) program. : (BLS)

a. Occupational Statistical Analysis Worksheet (OSAW)

b. Occupational Injury and Illness Classification Manual (OI&ICM)

c. Bureau of Labor Statistics Injury Classification System (BLSICS)

d. Bureau of Labor Injury and Illness Classification Manual (BLIICM)

Area II. Topic E. Safety in Design

1. Which of the following is the least effective method to control hazards in the workplace? (Hammer, 186)

a. design to eliminate the hazard

b. use protective safety devices

c. automatic warning devices

d. safe work procedures

2. Generally, hazards may be controlled most effectively in the workplace through: (Hammer, 186)

a. personal protective equipment

b. engineering controls

c. administrative controls

d. education

3. Which of the following is the most effective method to control hazards in the workplace? (Hammer, 186)

a. design to eliminate the hazard

b. use protective safety devices

c. automatic warning devices

d. safe work procedures

4. If it is infeasible to eliminate the hazard through design, which strategy should be considered next? (Hammer, 186)

a. design to eliminate the hazard

b. use protective safety devices

c. automatic warning devices

d. safe work procedures

5. If it is infeasible to eliminate the hazard through design or protective safety devices, which strategy should be considered next? (Hammer, 186)

a. design to eliminate the hazard

b. use protective safety devices

c. automatic warning devices

d. safe work procedures

6. According to Willie Hammer, the most effective method of avoiding accidents is with designs that are: (Hammer, 188)

a. extrinsically safe

b. intrinsically safe

c. automatically safe

d. intuitively safe

7. According to Willie Hammer, intrinsic safety can be achieved by which of the following methods? (Hammer, 188)

a. use fail-safe designs

b. use personal protective equipment

c. minimize failure through procedures

d. limit the hazard below which it can do no harm

8. According to Willie Hammer, intrinsic safety can be achieved by which of the following methods? (Hammer, 188)

a. eliminate the hazard entirely

b. use personal protective equipment

c. minimize failure through procedures

d. limit exposure to the hazard

9. Which of the following is true concerning intrinsic safety? (Hammer, 188)

a. any accident will be minor

b. there is minimum possibility of an accident

c. there is no possibility of an accident

d. any accident will not be due to design

10. Which is true concerning safety by design through the use of engineering controls? (OSHA)

a. They manage exposure through safe procedures

b. They eliminate or reduce the hazard, itself

c. They depend on hazard identification and correction

d. They always require a higher up-front expense

11. Which is true concerning safety by design through the use of engineering controls? (OSHA)

a. They manage exposure through safe procedures

b. They eliminate or reduce the hazard, itself

c. They depend on hazard identification and correction

d. They always require a higher up-front expense

12. All of the following are examples of sound engineering controls, EXCEPT (OSHA)

a. Replacing a toxic chemical with a non-toxic chemical

b. Conducting OJT prior to the start of work

c. Enclosing a noise source

d. Redesigning a conveyor built to eliminate reaching

13. Safety by design, or design-in safety, can be valuable because: (NSC, APME&T, 704)

a. safety planning relies on administrative controls

b. safety planning focuses on back-end safeguarding approaches

c. safety planning is geared toward specific work procedures

d. safety planning is geared toward a one-fits-all approach

14. All of the following are important safety by design approaches, EXCEPT: (NSC, APME&T, 705)

a. safeguards are designed to suit intended work

b. recognize that zero risk does not exist

c. depend on employees to take corrective action

d. determine feasible controls before awarding a contract

15. All of the following are important safety by design approaches, EXCEPT: (NSC, APME&T, 705)

a. guard pinch points

b. periodic safety meetings for engineers

c. eliminate pinch points

d. analyze injury statistics to determine specific problems

16. All of the following are important safety by design approaches, EXCEPT: (NSC, APME&T, 705)

a. design controls to isolate drive power

b. power is either on or off

c. use control circuits for isolating energy

d. where feasible, use automatic, passive controls

17. All of the following are important safety by design approaches, EXCEPT: (NSC, APME&T, 705)

a. guard to facilitate maintenance

b. use light screens and mats on many machines

c. design service points so safeguarding need not be interrupted

d. guard and interlocks that make maintenance difficult

18. All of the following are important safety by design approaches, EXCEPT: (NSC, APME&T, 705)

a. install multiple levels of safeguarding

b. provide for observation of operations where required

c. use perimeter guards and large guarded areas

d. guard close to the hazard

19. Isolation, lockouts, lockpins, and interlocks are predicated on all of the following principles, EXCEPT? (Hammer, 189)

a. preventing incompatible events

b. isolating a recognized hazard

c. controlling exposure

d. providing a release

20. Which of the following is considered an effective design measure to prevent accidents? (Hammer, 190)

a. signage

b. isolation

c. enforcement

d. education

21. Which control measure is used to separate incompatible conditions or materials that together would constitute a hazard? (Hammer, 190)

a. lockpins

b. lockouts

c. interlocks

d. isolation

22. Which control measure is used to limit the effects of controlled energy release? (Hammer, 190)

a. isolation

b. replacement

c. substitution

d. location

23. All of the following are common means for separating personnel, equipment, and operations, EXCEPT: (Hammer, 191)

a. lockpins

b. lockouts

c. interlocks

d. isolation

24. All of the following are common means for separating personnel, equipment, and operations, EXCEPT: (Hammer, 191)

a. lockpins

b. lockouts

c. interlocks

d. isolation

25. Fail-safe designs ensure all of the following EXCEPT: (Hammer, 194)

a. failures will leave the system unaffected

b. failures result in no equipment damage

c. failures are anticipated and prevented

d. failures result in no employee injury

26. Which of the following is not one of the three fail-safe designs strategies? (Hammer, 194)

a. fail-remote design

b. fail-passive design

c. fail-active design

d. fail-operational design

27. This failure design strategy reduces the system to its lowest energy level: (Hammer, 194)

a. fail-remote design

b. fail-passive design

c. fail-active design

d. fail-operational design

28. This failure design strategy allows system functions to continue safely until corrective action is possible: (Hammer, 194)

a. fail-remote design

b. fail-passive design

c. fail-active design

d. fail-operational design

29. This failure design strategy maintains an energized condition that keeps the system in a safe operating mode until corrective action occurs: (Hammer, 194)

a. fail-startup design

b. fail-passive design

c. fail-active design

d. fail-operational design

30. This failure design strategy shuts down the system until corrective action can be taken: (Hammer, 194)

a. fail-down design

b. fail-passive design

c. fail-active design

d. fail-operational design

31. This failure design strategy typically uses circuit breakers and fuses as fail-safe devices: (Hammer, 194)

a. fail-down design

b. fail-passive design

c. fail-active design

d. fail-operational design

32. This failure design strategy operates an alternate system until corrective action can be taken: (Hammer, 194)

a. fail-down design

b. fail-passive design

c. fail-active design

d. fail-operational design

33. This failure design strategy is most preferable since there is no loss of function: (Hammer, 195)

a. fail-down design

b. fail-passive design

c. fail-active design

d. fail-operational design

34. Which of the following is not one of the three principal design methods discussed by Willie Hammer to minimize system failure? (Hammer, 196)

a. Safety factors and margins

b. Criteria measurement

c. Failure rate reduction

d. Parameter monitoring

35. This design method to minimize failure, components and structures are designed with strengths far greater than those normally required: (Hammer, 196)

a. Safety factors and margins

b. Criteria measurement

c. Failure rate reduction

d. Parameter monitoring

36. This design method to minimize failure, components and design arrangements are used to produce expected lifetimes far beyond the proposed periods of use: (Hammer, 196)

a. Safety factors and margins

b. Criteria measurement

c. Failure rate reduction

d. Parameter monitoring

37. This design method to minimize failure, temperature, noise, gas concentration, vibration and other specific parameters are under surveillance to ensure they remain within specified limits: (Hammer, 196)

a. Safety factors and margins

b. Criteria measurement

c. Failure rate reduction

d. Parameter monitoring

38. An item designed with a safety factor of 4 would be expected to fail _______ as an item with a safety factor of 2: (Hammer, 196)

a. twice as often

b. half as often

c. just as often

d. more often

39. Which of the following concepts is a refinement of the more inaccurate safety factor? (Hammer, 196)

a. margin of safety

b. safety element

c. safety marker

d. margin of error

40. This term expresses the ratio of strength to stress: (Hammer, 196)

a. margin of safety

b. safety factor

c. stress factor

d. strength-stress margin

41. The margin of safety may be expressed as the ratio of: (Hammer, 197)

a. maximum strength/minimum stress

b. maximum stress/minimum strength

c. minimum strength/maximum stress

d. minimum stress/maximum strength

42. Which of the following is not a method of failure rate reduction? (Hammer, 197)

a. Parallel movements

b. increased life expectancy

c. Timed replacements

d. Redundant arrangements

43. In this design strategy, conditions exist so that components work longer than expected: (Hammer, 197)

a. Screening

b. Derating

c. Timed replacements

d. Redundant arrangements

44. In this design strategy, closely monitors component quality: (Hammer, 198)

a. Screening

b. Derating

c. Timed replacements

d. Redundant arrangements

45. In this design strategy, components are replaced before they are expected to wear out: (Hammer, 198)

a. Screening

b. Derating

c. Timed replacements

d. Redundant arrangements

46. In this design strategy, components are placed in series or parallel to minimize the probability of operational failure: (Hammer, 199)

a. Screening

b. Derating

c. Timed replacements

d. Redundant arrangements

47. As a design strategy to minimize failure, this system is of no value unless it leads to suitable corrective action when necessary: (Hammer, 200)

a. Screening

b. Derating

c. Monitoring

d. Arranging

48. Which of the following is not one of a monitoring system process? (Hammer, 200)

a. Detection

b. Measurement

c. Interpretation

d. Reporting

49. Which of the following is not one of a monitoring system process? (Hammer, 200)

a. Screening

b. Measurement

c. Interpretation

d. Response

50. Designing and constructing tools, equipment, machines and workstations so that employees will be less likely to make errors resulting in accidents is called: (Petersen, HERSM, 81)

a. Safety engineering

b. Human factors engineering

c. Fail-safe design

d. Man-work-environment design

51. To help workers use various senses in the work environment, designers build informational displays that gather and translate needed information. What are the two classes of information displays generally designed? (Petersen, HERSM, 86)

a. Pictorial and symbolic

b. Internal and external

c. Visual and tactile

d. Kinetic and auditory

52. What are the two common types of symbolic informational displays: (Petersen, HERSM, 86)

a. Pictorial and symbolic

b. Internal and external

c. Visual and auditory

d. Kinetic and static

53. All of the following are general principles for effective symbolic information displays, EXCEPT: (Petersen, HERSM, 86)

a. Principle of simplicity

b. Principle of compatibility

c. Principle of arrangement

d. Principle of interpretation

54. Which of the following is not one of the general principles for effective symbolic information displays? (Petersen, HERSM, 86)

a. Principle of complexity

b. Principle of compatibility

c. Principle of arrangement

d. Principle of coding

55. According this symbolic display design principle, it's important to keep the design of the display so that it may be easily read: (Petersen, HERSM, 86)

a. Principle of simplicity

b. Principle of compatibility

c. Principle of arrangement

d. Principle of coding

56. According this symbolic display design principle, the location dials on a control panel is important to reduce check-reading time: (Petersen, HERSM, 86)

a. Principle of simplicity

b. Principle of compatibility

c. Principle of arrangement

d. Principle of coding

57. According this symbolic display design principle, the display should be labeled so that the operator can tell immediately to what mechanism the display refers, what units are measured, and what the critical range is: (Petersen, HERSM, 86)

a. Principle of simplicity

b. Principle of compatibility

c. Principle of arrangement

d. Principle of coding

58. The principle of coding states a display should clearly indicate all of the following, EXCEPT: (Petersen, HERSM, 86)

a. What mechanism the display refers

b. What steps to take if the reading is above UCL

c. What units are measured

d. What the critical range is

59. All of the following are described by Frank Vilardo as important principles in the design of effective auditory displays, EXCEPT: (Petersen, HERSM, 88-89)

a. Situationality - what is the environment like?

b. Compatibility - do signals explain and exploit learned associations?

c. Approximation - is a two-stage signal system used to convey complex information?

d. Associability - are signals associated with concrete responses?

60. All of the following are described by Frank Vilardo as important principles in the design of effective auditory displays, EXCEPT: (Petersen, HERSM, 88-89)

a. Parsimony - is the signal sending more information than is required?

b. Forced entry - does the signal prevent focus on only one aspect of the total signal?

c. Arrangement - is the signal arranged in a logical sequence?

d. Dissociability - are signals easily discernible from other sounds?

61. Which of the following is not one of the processes in the worker information-processing subsystem? (Petersen, HERSM, 89-90)

a. Information storage

b. Recognition or detection of signals

c. Recalling information

d. Information retrieval

62. Which of the following is not one of the processes in the worker information-processing subsystem? (Petersen, HERSM, 90)

a. Information deletion

b. Problem solving

c. Information categorizing

d. Information calculating

63. In the worker-responding subsystem, the employees performs as a: (Petersen, HERSM, 90)

a. monitor

b. controller

c. reviewer

d. retriever

Area II. Topic F. Benchmarking

1. What is the process of looking at other organizations to see what they are doing in safety called? (Petersen, ASSE, 29)

a. industry analysis

b. benchmarking

c. external analysis

d. competitor assessment

2. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 29-30)

a. Accountability must reflect requisite level of authority

b. Identify a top management corporate safety champion

c. Discipline must occur quickly and be significant

d. Visible senior management ownership of safety

3. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30)

a. Hold senior management accountable through operating budgets

b. Identify corporate 'islands of excellence' among worksites

c. Use leading indicators to help predict changes in performance

d. Establish incentive program based on accident records

4. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30)

a. Reset expectations based on accident rates

b. Use metrics that drive continuous improvement

c. Monitor safety performance versus program implementation

d. Safety performance expectations should harmonize with business objectives

5. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30)

a. Performance targets are well defined and clearly communicated

b. Bonuses and merit pay are tied to accident records and rates

c. Safety performance is rewarded and tied to compensation and budgets

d. Root cause analysis is performed in formulating disciplinary actions

6. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30)

a. Leading companies focus on a narrow range of media to communicate safety

b. Senior managers conduct employee surveys and communicate one-on-one

c. Safety programs and expectations are discussed with prospective employees

d. Safety successes are communicated with the same emphasis as accidents

7. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30)

a. Training requirements are tracked to determine the status of training

b. Feedback is solicited from employees and training sponsors

c. Inspections are used to determine retention of learning

d. Observations are used to modify training if needed

8. All of the following are important safety and health benchmarks, EXCEPT: (Petersen, ASSE, 30-31)

a. Training requirements are tracked to determine the status of training

b. Computer-based, self-paced training and other innovative training techniques are used

c. Observations of behavior are used to assess retention of learning

d. Traditional training techniques are used to maximize learning

9. Benchmarking is a strategy for: (Mears, 155)

a. determining useful criteria for short-term improvement

b. assessing engineering controls within a facility

c. evaluating competitor performance and tactics

d. copying best practices of companies that excel

10. Which of the following is not true concerning benchmarking? (Mears, 155)

a. look at internal and external business functions

b. limit evaluation to companies within the industry

c. wide, broad-based comparisons should be used

d. copy the best practice in a given business function

11. Which of the following is not one of the five types of benchmarking? (Mears, 155)

a. Internal

a. External

c. Competitive

d. World-class

12. Which of the following is not one of the five types of benchmarking? (Mears, 155)

a. Internal

b. Shadow

c. Department

d. World-class

13. Which of the following is not one of the five types of benchmarking? (Mears, 155)

a. Annual

b. Shadow

c. Industrial

d. World-class

14. This type of benchmarking occurs when a company looks at its own divisions and compares operational functions: (Mears, 155)

a. Internal

b. Shadow

c. Industrial

d. World-class

15. This type of benchmarking identifies and compares key competitive characteristics of a product or service: (Mears, 155)

a. Internal

b. Shadow

c. Industrial

d. Competitive

16. This type of benchmarking monitoring key product and service attributes of a successful competitor and meeting changes they occur: (Mears, 155)

a. Internal

b. Shadow

c. Industrial

d. Competitive

17. This type of benchmarking is also called functional benchmarking: (Mears, 156)

a. Internal

b. Shadow

c. Industrial

d. Competitive

18. This type of benchmarking may be conducted through the use of shared information among industrial associations: (Mears, 156)

a. Internal

b. Shadow

c. Industrial

d. Competitive

19. This type of benchmarking, also called general-process benchmarking, compares processes across diverse industrial groups: (Mears, 156)

a. World-class

b. Cross-functional

c. Industrial

d. Competitive

20. The beginner in the benchmarking process should concentrate on: (Mears, 156)

a. investment results

b. cycle time reduction

c. product innovation

d. resource utilization

21. According to Mears, what two teams are required to conduct the benchmarking process? (Mears, 157)

a. problem identification team, problem resolution team

b. needs assessment team, benchmarking team

c. external assessment team, internal solution team

d. development team, solution team

22. The purpose of this team is to identify internal and external needs: (Mears, 157)

a. problem identification team

b. needs and wants team

c. needs development team

d. needs assessment team

23. This team is to concentrates on the firm's critical success factors: (Mears, 157)

a. problem solving team

b. needs and wants team

c. benchmarking team

d. needs assessment team

24. Which of the following is not one of the steps the benchmarking team's process? (Mears, 157-158)

a. Write operational definitions of critical success factors

b. Develop a baseline as an internal reference point

c. Determine team roles and responsibilities

d. Brainstorm ideas to identify best in class

25. It's important for the needs assessment team to identify the needs of all of the following groups, EXCEPT: (Mears, 157)

a. internal customer

b. key customer

c. external customer

d. primary customer

26. This benchmarking team must first write a clear definition of each identified critical success factor: (Mears, 157)

a. problem solving team

b. needs and wants team

c. benchmarking team

d. needs assessment team

27. Which of the following is not one of the steps the benchmarking team's process? (Mears, 157-158)

a. Write operational objectives

b. Baseline your own process

c. Gather data on best practices

d. Analyze and communicate findings

28. This benchmarking team must first write a clear operational definition of each critical success factor: (Mears, 157)

a. problem solving team

b. needs and wants team

c. benchmarking team

d. needs assessment team

29. Which of the following is not one of the steps the benchmarking team's process? (Mears, 157-158)

a. Write operational definitions of critical success factors

b. Evaluate the benchmarking process, itself

c. Develop implementation strategies

d. Identify best in class

30. Which of the following is not one of the steps the benchmarking team's process? (Mears, 157-158)

a. Write operational definitions of critical success factors

b. Develop a baseline as an internal reference point

c. Determine team roles and responsibilities

d. Identify best in class

31. Benchmarking may actually be quite complicated due to: (Mears, 157-158)

a. the potential for unexpected, unwanted results

b. the vast number of different potential outcomes

c. the lack of time to conduct a thorough assessment

d. the lack of cooperation among competitors

32. According to Mears, benchmarking may actually be quite complicated due to all of the following, EXCEPT: (Mears, 158-159)

a. the potential for unexpected, unwanted results

b. the vast number of different potential outcomes

c. the lack of time to conduct a thorough assessment

d. the lack of cooperation among competitors

Area II. Topic G. Behavior Safety Processes

1. According to Petersen's New Principles of Safety Management, all of the following are symptoms indicating something wrong in the safety management system, EXCEPT: (Petersen, SM, 15)

a. unsafe condition

b. unsafe act

c. an accident

d. low morale

2. According to Petersen's New Principles of Safety Management, the key to effective line safety performance is management procedures that: (Petersen, SM, 15)

a. fix accountability

b. encourage safe behaviors

c. are formal

d. apply to everyone

3. According to Petersen's New Principles of Safety Management, in most cases, unsafe behavior is: (Petersen, SM, 15)

a. normal behavior

b. normal reaction to the environment

c. can be classified

d. all of the above

4. According to Petersen's New Principles of Safety Management, what should management do to change unsafe behavior? (Petersen, SM, 15)

a. fix accountability

b. encourage safe behaviors

c. change the environment

d. rely on positive reinforcement

5. Which of the following subsystems, According to Petersen's New Principles of Safety Management, is not key in building an effective safety management system? (Petersen, SM, 15)

a. the physical

b. the psychosocial

c. the managerial

d. the behavioral

6. Which of the following, According to Petersen's New Principles of Safety Management, is one of the six criteria that must be met for a safety management system to be effective? (Petersen, SM, 15)

a. be inflexible in enforcement

b. involve external experts

c. force supervisor performance

d. balance punishment and reward

7. Which of the following, According to Petersen's New Principles of Safety Management, is one of the six criteria that must be met for a safety management system to be effective? (Petersen, SM, 15)

a. be inflexible in enforcement

b. involve middle management

c. encourage supervisor performance

d. balance punishment and reward

8. Which of the following, According to Petersen's New Principles of Safety Management, is one of the six criteria that must be met for a safety management system to be effective? (Petersen, SM, 15)

a. be flexible

b. involve the union

c. encourage supervisor performance

d. balance punishment and reward

9. Which of the following, According to Petersen's New Principles of Safety Management, is one of the six criteria that must be met for a safety management system to be effective? (Petersen, SM, 15)

a. don't ignore

b. involve the union

c. encourage supervisor performance

d. be perceived as positive

10. Which of the following, According to Petersen's New Principles of Safety Management, is one of the six criteria that must be met for a safety management system to be effective? (Petersen, SM, 15)

a. don't ignore

b. involve employees

c. encourage top management commitment

d. be perceived as positive

11. It's generally understood that employees will comply with safety rules only if they are:

a. formal

b. posted

c. enforced

d. supervised

12. According to Petersen, manuals do not driver performance, it is driven by: (Petersen, TSM, 91)

a. manpower

b. measurement

c. motivation

d. meaning

13. According to the National Safety Management Society, a prime method of accomplishing safety objectives is to: (Petersen, SM, 19)

a. manage human behavior

b. comply with OSHA mandates

c. correct workplace conditions and practices

d. establish and operate systems

14. According to McGregor and Petersen, safety programs that rely primarily on rules and regulations reflect this management theory: (Petersen, SM, 20)

a. Theory W

b. Theory X

c. Theory Y

d. Theory Z

15. More recently, participative safety management programs that reflect this management style have appeared: (Petersen, SM, 20)

a. Theory W

b. Theory X

c. Theory Y

d. Theory Z

16. Blake and Mouton devised the Managerial Grid which categorized management styles along two axes. Which two management orientations are described on the Managerial Grid? (Petersen, SM, 20)

a. Theory X and Theory Y

b. Relationship and task

c. Superior and subordinate

d. Caring and controlling

17. According to Petersen, when this manager faces a safety problem, it is seen as a threat to production: (Petersen, SM, 20)

a. Theory X

b. Theory Y

c. Task oriented

d. Relationship oriented

18. According to Petersen, when this manager faces a safety problem, it is seen as a threat to employee welfare: (Petersen, SM, 20)

a. Theory X

b. Theory Y

c. Task oriented

d. Relationship oriented

19. According to Petersen, when this manager is more likely to trust employees because they view work as natural: (Petersen, SM, 20)

a. Theory X

b. Theory Y

c. Task oriented

d. Relationship oriented

20. According to Petersen, when this manager is more likely not to trust employees because they dislike work: (Petersen, SM, 20)

a. Theory X

b. Theory Y

c. Task oriented

d. Relationship oriented

21. This management principle states that the number of subordinates should be small: (Petersen, SM, 21)

a. unity of command

b. span of control

c. unity of command

d. specialization

22. This theory describes why management tends to use more control, specialization, and pressure to overcome a lack of motivation, high turnover, and apathy: (Petersen, SM, 21)

a. Herzberg's Motivation-Hygiene Theory

b. Chris Argyris' Incongruency Theory

c. Douglas McGregor's Theory X Theory Y

d. Blake and Mouton's Managerial Grid

23. This management principle states that there should be only one boss: (Petersen, SM, 21)

a. chain of command

b. span of control

c. unity of command

d. specialization

24. This management principle states that work should be broken down into small simple tasks: (Petersen, SM, 21)

a. chain of command

b. span of control

c. unity of command

d. specialization

25. This management principle creates a superior-subordinate relationship: (Petersen, SM, 21)

a. chain of command

b. span of control

c. unity of command

d. specialization

26. Chris Argyris' Incongruency Theory states there is a basic incongruency between the characteristics of the organization and: (Petersen, SM, 21)

a. immature worker

b. the motivated employee

c. the mature worker

d. the unmotivated employee

27. Chris Argyris believes incongruency causes all of the following, EXCEPT: (Petersen, SM, 21)

a. fewer accidents due to poor work attitudes

b. higher turnover rate

c. unmotivated workforce

d. workers cling to the group, not organizational norms

28. According to Chris Argyris, management reacts to incongruency in all of the following ways, EXCEPT: (Petersen, SM, 21)

a. more control

b. more specialization

c. more pressure

d. more pay

29. According to Herzberg's theory, an employee's attitude about work is influenced by which two paradigms or factors? (Petersen, SM, 22)

a. relationship, task

b. supervision, motivation

c. motivation, hygiene

d. hygiene, task

30. Herzberg's hygiene factors include all of the following, EXCEPT: (Petersen, SM, 22)

a. working conditions

b. supervision

c. policies

d. responsibility

31. Herzberg's motivation factors include all of the following, EXCEPT: (Petersen, SM, 22)

a. the work itself

b. supervision

c. achievement

d. recognition

32. Herzberg considers this strategy as the answer to motivating employees: (Petersen, SM, 22)

a. the work itself

b. salary

c. job enrichment

d. recognition

33. McGregor, Argyris, and Herzberg all agree that this management strategy does not get the results wanted and poses major problems in attitudes or relationships: (Petersen, SM, 22)

a. involvement

b. customer-supplier

c. job enrichment

d. close control

34. Petersen considers the model developed by these two researchers as perhaps the best in explaining manager and supervisor motivation: (Petersen, SM, 23)

a. Herzberg and Heinrich

b. Argyris and Petersen

c. Porter and Lawler

d. Blake and Mouton

35. Rensis Likert's study on the relationship between organizational climate and bottom line indicators of success discovered all of the following as important to highly successful organizations, EXCEPT: (Petersen, SM, 26)

a. High levels of two-way trust between employees and managers

b. Teaching employees how to solve their own problems

c. A high degree of 'us vs. them' competition among departments

d. Employee soliciting ideas is extremely important

36. Rensis Likert's study on the relationship between organizational climate and bottom line indicators of success included all of the following as import highly successful organizations, EXCEPT: (Petersen, SM, 26)

a. High levels of two-way trust between employees and managers

b. Teaching employees how to solve their own problems

c. A high degree of 'us vs. them' competition among departments

d. Employee soliciting ideas is extremely important

Area II. Topic H. Root Cause Analysis

1. If a workplace fatality occurs, the affected employer must notify OSHA within _____: (29 CFR Part 1904)

a. 48 hours

b. 24 hours

c. 16 hours

d. 8 hours

2. A catastrophe is considered ______or more fatalities or _____ or more serious injuries: (29 CFR Part 1904)

a. 1,2

b. 2,3

c. 3,4

d. 4,5

3. When documenting the scene, one of the biggest challenges facing the investigator is to:

a. determine who is to blame

b. determine what is relevant

c. determine who is in charge

d. determine who is liable

4. Safety managers should do which of the following when it becomes clear that an accident investigation is necessary?

a. make sure the investigator submits an investigation report

b. try to get the investigation finished quickly

c. bring together a cross-functional team to investigate

d. use the OSHA Form 301 as the primary investigation report

5. The most effective documentation strategy is to:

a. document material evidence

b. document obviously relevant material

c. document it, even if relevancy is in question

d. document evidence to establish relevancy

6. When making personal observations, the accident investigator should consider which of the following:

a. What is not present

b. Condition of objects

c. What is present

d. All of the above

7. Photos are better at documenting the accident scene for all the reasons below except:

a. Photos more effectively show motion through time

b. Photos are better at displaying details

c. Photos best show size relationships

d. Photos are easier to produce

8. All of the following are ineffective interview techniques except:

a. Ask why-you questions

b. Ask open-ended questions

c. Try to intimidate the person being interviewed

d. Encourage fault-finding

9. What is the primary purpose of an accident investigation?

a. determine who is to blame

b. comply with insurer requirements

c. prevent future accidents

d. comply with OSHA requirements

10. Which of the following locations might be best for conducting the interview?

a. The scene of the accident

b. Your office

c. The lunch room

d. At a restaurant

11. The purpose of effective root cause analysis is to:

a. fix the system

b. fix the blame

c. fix the problem

d. At a restaurant

12. Which of the following is false regarding accident investigation? (Grimaldi & Simonds, 140-141)

a. Never accept anything as fact until it has been proven.

b. Asking 'why' may appear to reflect a lack of knowledge.

c. Someone's head has always got to role.

d. Delving into the causes may be considered a personal affront.

13. No matter who conducts the investigation, the key person is:

a. the department head

b. the supervisor

c. the OSHA compliance officer

d. the safety engineer

14. When documenting the scene, one of the biggest challenges facing the investigator is to:

a. determine who is to blame

b. determine what is relevant

c. determine who is in charge

d. determine who is liable

15. According to the National Safety Council's Accident Prevention Manual for Industrial Operations, the principal purposes of an accident investigation are to do all of the following, EXCEPT: (Petersen, TSM, 169-170)

a. determine facts hearing on legal liability.

b. learn accident causes so that similar accidents may be prevented.

c. publicize the particular hazard among employees and their supervisors.

d. determine the scope and nature of discipline

16. This process breaks down the whole into parts, steps, or events to see how they each relate to the whole:

a. Evaluation

b. Synthesis

c. Identification

d. Analysis

17. Failing to effectively enforce safety policies and rules is an example of a:

a. seminal root cause

b. personal root cause

c. system design root cause

d. system performance root cause

18. This process makes a judgment about the quality of something:

a. Evaluation

b. Synthesis

c. Identification

d. Analysis

19. Which theory below states that an accident is the result of a series related events: If you eliminate any one event, you prevent a future accident?

a. Single event theory

b. Domino theory

c. Multiple cause theory

d. System weakness theory

20. In event analysis, given the statement, 'Robert pounds a nail with a wrench,' ________ is the actor and ________ is the action: (Hendrick, Benner, 69)

a. wrench, pounds a nail

b. nail, with a wrench

c. Robert, pounds a nail

d. Robert, with a wrench

21. All of the following are examples of possible surface causes of accidents, EXCEPT:

a. a tool

b. a process

c. a machine

d. a person

22. Which of the following is an example of a possible root cause of an accident?

a. a tool

b. a process

c. a machine

d. a person

23. Surface causes describe hazardous _________ and unsafe _________. Root causes describe inadequate ________:

a. Systems, behaviors, conditions

b. Behaviors, activities, policies

c. Conditions, behaviors, systems

d. Conditions, systems, accountability

24. To be thorough in getting the facts, Grimaldi and Simonds believe the investigator should do all of the following, EXCEPT: (Grimaldi & Simonds, 141)

a. Begin as far back in history as you can.

b. Don't get tunnel vision by using a checklist.

c. Secure as many pertinent facts as possible.

d. Examine the physical environment closely.

25. If similar accidents occur repeatedly after accident investigations, what weaknesses in the analysis process is most likely the cause?

a. It focuses on placing blame

b. It focuses on root causes

c. It identifies only surface causes

d. It identifies both surface and root causes

26. If discipline occurs immediately after an accident occurs, what basic process flaw exists?

a. Blame is based on fact, not feeling

b. The process places blame before considering safety program weaknesses

c. The process determines system flaws before considering personal liability

d. The process neglects to place initial blame.

27. If an employer does not have a lockout/tagout program when required, what type of root cause best describes the condition?

a. lateral root cause

b. personal root cause

c. system design root cause

d. system performance root cause

28. Engineering controls include all of the following except:

a. Substitution

b. Enclosure

c. Rescheduling

d. Redesign

29. Solving safety problems usually involves finding solutions to all of the following except:

a. Hazardous conditions

b. Who was to blame

c. Unsafe work practices

d. Weaknesses in the safety program

30. Examples of root causes include all of the following except:

a. Machine not properly guarded.

b. Safety rules are not written.

c. The process used to investigate accidents is flawed.

d. Lockout/tagout procedures are inadequate.

31. Which of the following is not one of the three categories of analysis: (Petersen, TSM, 159)

a. behavioral

b. system or managerial

c. psychosocial

d. physical

32. Before 1931 which process was virtually the only analysis tool available to safety professionals? (Petersen, TSM, 159)

a. inspection

b. job hazard analysis

c. hazard identification

d. physical assessment

33. According to the National Safety Council's Accident Prevention Manual for Industrial Operations, the principal purposes of an accident investigation are to do all of the following, EXCEPT: (Petersen, TSM, 169-170)

a. gather data supporting supervisor and employee accountability

b. learn accident causes so that similar accidents may be prevented.

c. publicize the particular hazard among employees and their supervisors.

d. determine the change or deviation that produced an error.

34. Which of the following LEAST expresses the effect of root cause analysis? (Petersen, TSM, 25)

a. may prevent future operational problems

b. determine appropriate personal weaknesses

c. affects permanent results

d. might prevent other types of accidents

35. Failing to carry out effective safety training is an example of which type of root cause?

a. system performance root cause

b. personal root cause

c. system design root cause

d. management root cause

36. A poorly written safety training plan is a good example of this type of root cause:

a. lateral root cause

b. personal root cause

c. system design root cause

d. system performance root cause

37. If an employer does not have a lockout/tagout program when required, what type of root cause best describes the condition?

a. lateral root cause

b. personal root cause

c. system design root cause

d. system performance root cause

38. A systematic processes to investigate an accident should to all of the following, EXCEPT: (Handrick & Brenner, 7)

a. provide a rigorously tested description of what happened

b. disclose and define specific problems

c. define and permit assessment of proposed corrective actions

d. relate findings to determine liability

39. Which of the following is the most appropriate accident investigation strategy? (NSC, APM-AP, 283)

a. investigate all injury accidents

b. investigate property damage events as well as injury accidents

c. investigate loss-time injuries

d. investigate each domino in order

40. This theory states that an accident might result in production tie-ups, excessive costs and customer complaints: (Petersen, ASSE, 9)

a. domino theory

b. active causation theory

c. theory of multiple causation

d. theory of cause and effect

41. Which of the following is a fundamental rule regarding accident investigation? (Grimaldi & Simonds, 140)

a. Never accept anything as fact until it has been proven

b. If you remove one of the dominoes, the rest will fall

c. Someone's head has always got to role

d. It's all about fault-finding, not fact-finding

42. Which of the following is false regarding accident investigation? (Grimaldi & Simonds, 140-141)

a. Never accept anything as fact until it has been proven.

b. Asking 'why' may appear to reflect a lack of knowledge.

c. Someone's head has always got to role.

d. Delving into the causes may be considered a personal affront.

43. According to Grimaldi and Simonds, inspections by the unit safety specialist should be conducted: (Grimaldi & Simonds, 145)

a. in a random manner to ensure the element of surprise.

b. when a team inspection program is not established.

c. whether or not a team inspection program is established.

d. using a different route for each inspection.

44. To be thorough in getting the facts, Grimaldi and Simonds believe the investigator should do all of the following, EXCEPT: (Grimaldi & Simonds, 141)

a. Begin as far back in history as you can.

b. Don't get tunnel vision by using a checklist.

c. Secure as many pertinent facts as possible.

d. Examine the physical environment closely.

45. According to Petersen, this theory states we can trace all contributing factors to their underlying causes: (Petersen, ASSE, 9)

a. domino theory

b. active causation theory

c. theory of multiple causation

d. theory of cause and effect

46. This theory states that an accident might result in production tie-ups, excessive costs and customer complaints: (Petersen, ASSE, 9)

a. domino theory

b. active causation theory

c. theory of multiple causation

d. theory of cause and effect

47. Which of the following is not considered by the NSC as a fundamental activity in accident prevention? (NSC, APM-AP, 283)

a. study all work areas to detect and correct hazards

b. study all methods, practices and controls

c. strict adherence with regulatory standards

d. thorough investigation of at least lost-workday injuries

48. Which of the following is the most appropriate accident investigation strategy? (NSC, APM-AP, 283)

a. the investigation board should determine discipline

b. be concerned only with the facts

c. investigate to uncover those responsible

d. investigate to establish accountability as well as the facts

49. This standard was used for years to help categorize injuries and accidents? (NSC, APM-AP, 284)

a. ANSI Z16.2

b. ANSI Z490.1

c. ISO 9001

d. ISO 14001

50. This standard was used for years to help categorize injuries and accidents? (NSC, APM-AP, 284)

a. ANSI Z16.2

b. ANSI Z490.1

c. ISO 9001

d. ISO 14001

51. What is the first step in the accident investigation process?

a. call 911

b. document the accident scene

c. secure the accident scene

d. get witness statements

52. In an accident investigation, which of the following steps follows the development of the sequence of events?

a. Analyze each event to identify surface causes

b. Analyze each event to determine rule violations

c. Analyze each event to determine root causes

d. Analyze each event to determine solutions

53. A worker has slipped on a wet floor in the processing plant. What might be a surface cause?

a. the safety committee is not inspecting

b. housekeeping policy not usually enforced

c. leak in a pipe

d. hazards are not being reporting

54. A worker has slipped on a wet floor in the processing plant. What might be a system performance root cause for the accident?

a. the safety committee has no inspection plan

b. a housekeeping policy does not exist

c. leak in a pipe

d. hazards are not being reporting

55. A worker has slipped on a wet floor in the processing plant. What might be a system design root cause for the accident?

a. the mop used to clean spills is broken

b. housekeeping policy is not being enforced

c. leak in a pipe

d. there is no daily safety inspection plan

56. A worker has slipped on a wet floor in the processing plant. What might be a system design root cause for the accident?

a. the mop used to clean spills is broken

b. housekeeping policy is not being enforced

c. leak in a pipe

d. there is no daily safety inspection plan

57. Which of the following is not one of the requirements of an effective safety management system (Petersen, TSM, 37)

a. force supervisory performance

b. flexibility

c. employee conformance

d. positive perceptions

58. According to Petersen, in most cases, unsafe behavior is a normal behavior; it is the result of normal people reacting to:(Petersen, TSM, 35)

a. internal beliefs

b. perceived necessary risks

c. management pressures

d. their environment

59. Which of the following is not listed by Petersen as one of the management activities required after setting safety goals? (Petersen, TSM, 29)

a. controlling

b. planning

c. encouraging

d. organizing

60. According to Petersen, this theory states we can trace all contributing factors to their underlying causes (Petersen, ASSE, 9)

a. domino theory

b. active causation theory

c. theory of multiple causation

d. theory of cause and effect

61. Which of the following identify the two main types of accident investigations? (Brauer, 569)

a. preventable, non-preventable

b. Type I, Type II

c. Disciplinary, non-disciplinary

d. general, specific

62. This is the most frequency type of accident investigation in most workplaces: (Brauer, 570)

a. Specific

b. General

c. Audit

d. Technical

63. A facility fire would require which type of investigation? (Brauer, 570)

a. Specific

b. General

c. Audit

d. Technical

Area II. Topic I. Safety Management Theory

1. According to Grimaldi and Simons, what is a primary difference between the role of safety administrators and safety managers? (Grimaldi and Simons, p 86)

a. controlling

b. persuading

c. organizing

d. coordinating

2. According to Grimaldi and Simons, who is responsible no matter who is at fault when serious injuries occur? (Grimaldi and Simons, p.88)

a. the principles

b. safety managers

c. first-line supervisors

d. line employees

3. A manager who has inadequate knowledge, skills and abilities, is consequently not performing well in his position. This situation is an example of:

a. the glass-window

b. Pascal's Law

c. Peter Principle

d. Heinrich's Principle

4. All of the following concepts are generally accepted by today's safety management community, except:

a. accident proneness

b. domino theory

c. behavior reinforcement

d. multiple causation

5. There is evidence that occupational safety and health actually began with:

a. OSHA Act of 1970

b. the ancient Egyptians

c. initiation of agriculture

d. the industrial revolution

6. The original 'Three E's', developed early in the last century stood for:

a. Enlightenment, Enforcement, and Engineering

b. Engineering, Enlightenment, and Enforcement

c. Engineering, Education and Enforcement

d. Engineering, Enlightenment, and Education

7. It is generally understood that for each dollar an employer invests in safety, the ROI will be:

a. Five times investment

b. Four times investment

c. Three times investment

d. Two times investment

8. Traditionally, the safety function was considered separate from other functions. Now, however, it is generally thought that safety management should involve:

a. a labor-management safety committee

b. left to top management

c. an integrated, cross-functional team

d. outside consultants

9. Safety managers will first attempt to use this control measure to eliminate or reduce a workplace hazard:

a. engineering

b. management-work practice

c. personal protective equipment

d. interim measures

10. Safety managers will use this control measure to eliminate or reduce exposure to a hazard:

a. engineering

b. management-work practice

c. personal protective equipment

d. interim measures

11. Safety managers will use this control measure in conjunction with work practice controls to eliminate or reduce exposure to a hazard:

a. engineering

b. management

c. personal protective equipment

d. interim measures

12. If the safety manager is unable to adequately eliminate or reduce a hazard, this control measure will be necessary in addition to engineering controls to reduce exposure:

a. education controls

b. management - work practice controls

c. personal protective equipment

d. interim measures

13. The three standard control measure strategies include all of the following, except:

a. engineering controls

b. management - work practice controls

c. educational controls

d. personal protective equipment

14. The safety manager best functions as:

a. the primary safety controller

b. the corporate safety cop

c. the safety mother

d. an internal safety consultant

15. Which of the following is not an appropriate function of the safety manager?

a. enforcer of safety rules

b. adviser to managers

c. consultant to the employer

d. consultant to the safety committee

16. All of the following are important activities of a safety manager, except:

a. enforce safety policies and rules

b. conduct safety audits and inspections

c. conduct safety management system evaluation

d. propose improvements to safety programs

17. Which of the following is an effective response by a supervisor when an employee violates a safety rule?

a. encourage the employee to obey the rules

b. tell the employee not to do that again

c. discipline the employee if justified

d. ignore the behavior one time only

18. When a supervisor ignores a safety rule violation, what does the employee think?

a. hey, I can get away with it

b. the supervisor doesn't care

c. looks like I've got permission to do it my way

d. all of the above

19. An effective safety culture balances positive and negative reinforcement. The safety manager can help ensure positive reinforcement by designing and implementing a/an:

a. install safety bingo and other games

b. incentive and recognition plan

c. effective accountability plan

d. ask for money to award for compliance

20. An effective safety culture balances positive and negative reinforcement. The safety manager can help ensure negative reinforcement by designing and implementing a/an:

a. install safety bingo and other games

b. incentive and recognition plan

c. effective accountability plan

d. ask for money to award for compliance

21. Every safety manager must understand that most accidents are the result of:

a. a lack of common sense

b. poor safety attitudes

c. hazardous conditions

d. unsafe behaviors

22. Which of the following is not considered a safety monitoring function?

a. analysis

b. observation

c. inspection

d. investigation

23. Which of the following is least likely to affect the probability of an accident?

a. gender of worker

b. duration of exposure

c. frequency of exposure

d. work at elevation

24. All of the following are important factors to consider when prioritizing job hazard analyses:

a. number of pieces of equipment or machinery

b. new or altered machinery or equipment

c. number of steps in the job

d. number of accidents associated with equipment, tools, equipment

25. All of the following are important factors to consider when prioritizing job hazard analyses:

a. number of pieces of equipment or machinery

b. new or altered machinery or equipment

c. number of steps in the job

d. number of accidents associated with equipment, tools, equipment

26. This person first promoted the domino theory of accident causation and is considered the father of safety management:

a. W. Edwards Deming

b. Bradley Henshaw

c. Henry W. Heinrich

d. William Pope

27. Which of the following are what W. H. Heinrich believed were factors that resulted in an accident?

a. environment, worker, unsafe act, accident, injury

b. design, performance, contributing surface, direct surface

c. management, root, surface, personal, condition

d. man, machine, accident, condition, injury

28. To combat hazardous conditions and unsafe behaviors, a hierarchy of controls as been developed. Each of the following is a control strategy, except:

a. engineering control

b. leadership control

c. work practice control

d. personal protective equipment

29. Why do OSHA standards require the employer to first consider engineering controls to correct workplace hazards?

a. Because safety is all about conditions, not behavior

b. They may completely eliminate the hazard

c. They may completely eliminate exposure

d. They cost more in the long run than enforcing safe work practices

30. Why do OSHA standards require the employer to first consider engineering controls to correct workplace hazards?

a. Because safety is all about conditions, not behavior

b. They may completely eliminate the hazard

c. They may completely eliminate exposure

d. They cost more in the long run than enforcing safe work practices

31. Which of the following strategies is not considered an engineering control?

a. design or redesign

b. removal or substitute

c. barriers or ventilation

d. personal protective equipment

32. Which of the engineering controls listed below is most likely to eliminate a toxic chemical hazard?

a. placing a barrier between the employee and chemical

b. placing the chemical in a container

c. replacing a toxic with a less/non toxic chemical

d. wearing appropriate personal protective equipment

33. Work practice controls are only as effective as:

a. the safety management system that supports them

b. the policies that implement them

c. the people that use them

d. as the engineering controls they control

34. Work practice controls are only as effective as:

a. the safety management system that supports them

b. the policies that implement them

c. the people that use them

d. as the engineering controls they control

35. Management controls should be used ______ engineering controls:

a. before

b. along with

c. instead of

d. in the absence of

36. This program help ensure equipment and machinery continues to operate safely and smoothly as designed:

a. corrective maintenance

b. emergency maintenance

c. programmed maintenance

d. preventive maintenance

37. Tracking hazards is important for all of the following reasons, except:

a. It keeps staff aware of the status

b. It provides timely and accurate information

c. It provides evidence for discipline

d. It provides a record of what occurred

38. Which of the following does not describe the possible scope of the problem in an organization?

a. Regulatory. Problem affects relations with OSHA

b. Corporate. Problem affects the entire company

c. Interpersonal. Problem affects another, or between two persons

d. Personal. Problem affects yourself, or yourself and another

39. Which of the following is achieved when everyone can agree with the problem, or can live with it?

a. unanimity

b. consensus

c. groupthink

d. cohesiveness

40. This problem solving technique can be used by individuals or groups quite successfully to quickly develop a large list of possible solutions to problems:

a. 5-W analysis

b. mind mapping

c. brainstorming

d. fishbone diagram

41. The primary communications goal of a safety recommendation is to:

a. inform

b. persuade

c. request

d. demand

42. Conditions and behaviors observed in the workplace are considered:

a. two components of safety management system structure

b. two examples of internal safety management system processes

c. examples of inputs to the safety management system

d. examples of outputs of the safety management system

43. What is the test for evaluating the effectiveness of a given consequence?

a. If the employee quits

b. The employee's behavior changes in the desired direction

c. The employee is happy about the consequence

d. The employee is sure the consequence was appropriate

44. Supervisors should be held accountable only for what they can control. They have the ability control all of the following, except:

a. The number of safety meetings conducted

b. The number of accidents that occur

c. The number of inspections conducted

d. The number of training sessions conducted

45. Employee involvement in developing safe procedures and practices increases:

a. unusual behavior

b. management headaches

c. employee ownership

d. cost of doing business

46. Which cause category is ultimately most responsible for accidents in the workplace?

a. Surface causes

b. Personal causes

c. Uncontrollable causes

d. Root causes

47. What is a major weakness inherent in the walkaround safety inspection process?

a. Only uncovers hidden behaviors

b. Does not take enough time

c. Does not uncover hazardous conditions

d. Only looks at observable, measurable behaviors

48. Which root causes below might indicate inadequate supervision in a work area?

a. Workers violating company safety rules

b. Workers using unsafe procedures

c. Hazards existing in the work area.

d. All of the above

49. What approach does an investigator take to most effectively analyze an accident?

a. First determine if system weaknesses exist

b. First determine if personal weaknesses exist

c. First determine if the employee violated safety rules

d. First determine if the employee ignored instructions

50. What approach does an investigator take to most effectively analyze an accident?

a. Analyze the accident event, then evaluate the safety management system

b. Analyze the accident event, then evaluate the victim's behavior

c. Analyze the victim's performance, then evaluate the surface causes

d. Analyze the victim's performance, then evaluate the safety management system

51. Which of the following is not one of the requirements of an effective safety management system (Petersen, TSM, 37)

a. force supervisory performance

b. fixed plans

c. employee participation

d. visible top management commitment

52. Which one of the following is not considered by Petersen as one of the causes of unsafe behavior? (Petersen, TSM, 33)

a. poor attitude

b. worker decision to error

c. overload

d. traps

53. Safety should be managed like any other company function, it should be directed by: (Petersen, TSM, 29)

a. management

b. the safety committee

c. supervisors

d. employees

54. According to Petersen, there are three major subsystems that must be dealt with in building an effective safety system. Which of the below is not one of these three major subsystems? (Petersen, TSM, 35)

a. the physical

b. the managerial

c. the behavioral

d. the psychological

55. According to Petersen, the key to effective line safety performance is: (Petersen, TSM, 30)

a. tough-controlling safety supervision

b. effective safety training

c. management procedures that fix accountability

d. management by objectives

56. According to Petersen, the safety system should fit the: (Petersen, TSM, 36)

a. the individual

b. the culture

c. the community

d. the society

57. An unsafe act, condition or accident are all symptoms of something wrong in: (Petersen, TSM, 27)

a. regulatory compliance

b. supervision

c. the management system

d. negative reinforcement

58. Which of the following is not one of the requirements of an effective safety management system (Petersen, TSM, 37)

a. encourage supervisory performance

b. visible top management commitment

c. flexibility

d. middle management involvement

59. According to Petersen, the function of safety is to locate and define the operational errors that allow accidents to occur. This function can be carried out by: (Petersen, TSM, 30)

a. determining management flaws

b. searching for root causes

c. evaluating surface causes

d. close scrutiny of personal flaws

60. Which of the following is not one of the requirements of an effective safety management system (Petersen, TSM, 37)

a. force supervisory performance

b. delegated management support

c. flexibility

d. middle management involvement

61. According to Petersen, the function of safety is to locate and define the operational errors that allow accidents to occur. This function can be carried out by: (Petersen, TSM, 30)

a. determining management flaws

b. asking if effective controls are being used

c. evaluating surface causes

d. close scrutiny of personal flaws

62. Which of the following circumstances will not predictably produce sever injuries? (Petersen, TSM, 28)

a. high energy sources

b. unusual, non-routine activities

c. unproductive activities

d. certain general manufacturing situations

Answer Key

Area II. Topic A. SMBO and TQM Principles

1. d. Management by Objectives (MBO)

2. c. measure results using process indicators

3. d. all of the above

4. c. accident

5. c. give supervisors an opportunity to practice

6. b. give selected supervisors and opportunity to perform

7. c. withhold help until requested

8. d. reward once objectives are achieved

9. a. get agreement on results objectives only

10. b. provide feedback at least quarterly

11. d. a reward system emphasizes recognition of achieved objectives

12. b. Understand the root cause of the problem

13. d. a reward system emphasizes recognition of achieved objectives

14. b. assures viable accountability for achievement

15. a. brings process-directed behavior

16. d. taps human resources, particularly involvement of workers

17. b. uses established traditional techniques

18. c. uses the brains and energies of workers

19. d. Accountability Era

20. b. It converts system inputs into system outputs

11. a. fosters compliant goal-setting

12. b. SCRAPE

13. a. special variations

14. d. prevent accidents within a given period

15. a. determine specifically what line managers are to do

16. c. 1970's

17. d. writing safety policy

18. b. enforcing regulatory standards

19. c. measure safety activity before an accident occurs

20. c. makes management define what it wants from supervisors

21. c. 1950's

22. c. 1970's

Area II. Topic B. Systems Safety

1. d. have accident potential

2. d. all of the above

3. c. Occupancy

4. b. hazard analysis

5. a. is continued over the life cycle of a system

6. c. behavioral controls

7. c. aircraft and missile projects

8. d. toxicological study design

9. c. MIL-STD-882B

10. d. review

11. a. identify maximum acceptable system risk

12. c. protect critical components

13. c. compatible materials

14. c. Design for minimum risk

15. b. Develop procedures and training

16. a. Incorporate safety devices

17. b. Develop procedures and training

18. c. hazard severity

19. b. severity and probability

20. b. CATASTROPHIC AND CRITICAL

21. b. Fault tree analysis

22. b. Fault tree analysis

23. d. failure to identify all events that may lead to the top event

24. c. assigning valid probability to an event

25. b. fault event

26. d. basic event

27. a. normal event

28. c. undeveloped event

29. c. undeveloped event

30. b. logic gates

31. a. OR and AND gates

32. c. AND gate

33. a. OR gate

34. c. event

35. c. failure

36. b. The Triangle Shirtwaste Company fire

37. b. fault

38. b. fault

39. c. failure

40. c. primary

41. d. secondary

42. c. primary

43. d. secondary

44. a. qualitative and quantitative

45. b. Failure Mode and Effects Analysis (FMEA)

46. b. Failure Mode and Effects Analysis (FMEA)

47. d. Simultaneous Timed Events Plotting Analysis (STEP)

48. c. Management Oversight and Risk Tree (MORT)

49. a. specific surface causes

50. c. Management Oversight and Risk Tree (MORT)

51. b. Engineering, Science and Management Defense Training (ESMDT)

52. a. Federal Laws

53. c. management system weaknesses

54. d. regarded as a normal and integral feature

55. c. Bell Telephone Laboratories

56. a. Operational error

57. b. SMIS

58. a. Creation of a computerized information system

59. b. Business enterprises are social systems

60. a. Triadic Analysis of Flawed Systems

61. a. Triadic Analysis of Flawed Systems

62. c. Objective thinking about the direction and control of management

63. c. regulatory compliance

64. a. social, physical, biological

65. c. management defines safety performance in light of personal flaws

66. b. Participative management

67. a. warning signs

68. b. H.W. Heinrich

69. c. Proactive

70. d. NFPA

71. b. A near miss, or accident that results in personal injury or property damage

72. c. You will get meaningful data about the overall reliability of the system

73. d. A base event with no events below it

74. c. used to show a procedure or event

75. c. To improve the safety of missile systems

76. d. NFPA

77. c. 7

Area II. Topic C. Auditing

1. d. Evaluating the results

2. c. informal inspection

3. a. before-the-fact measure

4. c. informal inspection

5. d. failure measures

6. b. hazard, exposure

7. b. general audit

8. d. any of the above

9. a. it always looks at the same items

10. b. each part, step or event to determine its impact on the whole

11. b. allows for averaging several components to get a rating

12. b. unsafe behaviors

13. c. employee survey

14. b. results measures

15. a. location of procedures

16. b. they are not sensitive to change

17. d. all of the above

18. d. Observation

19. c. upgrade program components to standard

20. d. audit

21. a. accident investigation

22. c. Survey

23. d. poor housekeeping in administrative offices

24. c. performance measure

25. d. formal review

26. a. Inspection

27. d. audit

28. b. Does not adequately identify unsafe behaviors

29. d. erase the item

30. b. address policy and procedural problems

31. b. results measures

32. c. challenge existing policies, procedures, and practices

33. b. Does not adequately identify unsafe behaviors

34. c. Safety Performance Indicator (SPI)

35. d. all of the above

36. d. Change Analysis

37. b. what things need improvement and ways to improve them

38. c. frequency, severity

39. d. erase the item

40. b. do not become a tool for blame or ridicule

41. d. how discipline will be administered

42. b. Process Hazard Analysis

43. d. all of the above

44. b. another department's safety staff

45. c. none, minimal, adequate

46. b. a process of having outsiders evaluate management

47. d. they force compliance

48. a. with traditional procedural-engineering criteria

49. d. both a and b above

50. b. with surveys of employee perceptions

51. d. system compliance approaches

52. a. accident investigations

53. b. superb motivational tool

54. d. all of the above

55. a. companies requiring a great amount of safety equipment be worn

Area II. Topic D. Data Analysis and Applied Statistics

1. c. Maximum Control Limit (MCL)

2. a. identify root causes

3. a. Pareto diagram

4. a. identify root causes

5. a. special causes

6. c. stable

7. d. Fishbone diagram

8. d. Fishbone diagram

9. b. Scatter diagram

10. b. Scatter diagram

11. c. Run chart

12. c. Histogram

13. b. y axis

14. a. Loss Control Line (LCL)

15. b. Performance measures are within upper and lower control limits

16. b. Scatter diagram

17. c. Control chart

18. b. Track continuous data over time.

19. d. Control chart

20. d. Control chart

21. c. Separate the vital few from the trivial

22. d. Lower Control Limit (LCL)

23. c. not strictly by chance - something is wrong

24. a. stopped and corrected

25. a. a significant change for the better

26. b. common causes

27. b. .005

28. a. stopped and corrected

29. b. 5 percent

30. d. scatter diagram

31. b. Occupational Injury and Illness Classification Manual (OI&ICM)

Area II. Topic E. Safety in Design

1. d. safe work procedures

2. b. engineering controls

3. a. design to eliminate the hazard

4. b. use protective safety devices

5. c. automatic warning devices

6. b. intrinsically safe

7. d. limit the hazard below which it can do no harm

8. a. eliminate the hazard entirely

9. c. there is no possibility of an accident

10. b. They eliminate or reduce the hazard, itself

11. b. They eliminate or reduce the hazard, itself

12. b. Conducting OJT prior to the start of work

13. c. safety planning is geared toward specific work procedures

14. c. depend on employees to take corrective action

15. a. guard pinch points

16. b. power is either on or off

17. d. guard and interlocks that make maintenance difficult

18. c. use perimeter guards and large guarded areas

19. c. controlling exposure

20. b. isolation

21. d. isolation

22. a. isolation

23. d. isolation

24. d. isolation

25. c. failures are anticipated and prevented

26. a. fail-remote design

27. b. fail-passive design

28. d. fail-operational design

29. c. fail-active design

30. b. fail-passive design

31. b. fail-passive design

32. c. fail-active design

33. d. fail-operational design

34. b. Criteria measurement

35. a. Safety factors and margins

36. c. Failure rate reduction

37. d. Parameter monitoring

38. b. half as often

39. a. margin of safety

40. b. safety factor

41. c. minimum strength/maximum stress

42. a. Parallel movements

43. b. Derating

44. a. Screening

45. c. Timed replacements

46. d. Redundant arrangements

47. c. Monitoring

48. d. Reporting

49. a. Screening

50. b. Human factors engineering

51. a. Pictorial and symbolic

52. c. Visual and auditory

53. d. Principle of interpretation

54. a. Principle of complexity

55. a. Principle of simplicity

56. c. Principle of arrangement

57. d. Principle of coding

58. b. What steps to take if the reading is above UCL

59. d. Associability - are signals associated with concrete responses?

60. c. Arrangement - is the signal arranged in a logical sequence?

61. d. Information retrieval

62. a. Information deletion

63. b. controller

Area II. Topic F. Benchmarking

1. b. benchmarking

2. c. Discipline must occur quickly and be significant

3. d. Establish incentive program based on accident records

4. a. Reset expectations based on accident rates

5. b. Bonuses and merit pay are tied to accident records and rates

6. a. Leading companies focus on a narrow range of media to communicate safety

7. c. Inspections are used to determine retention of learning

8. d. Traditional training techniques are used to maximize learning

9. d. copying best practices of companies that excel

10. b. limit evaluation to companies within the industry

11. a. External

12. c. Department

13. a. Annual

14. a. Internal

15. d. Competitive

16. b. Shadow

17. c. Industrial

18. c. Industrial

19. a. World-class

20. b. cycle time reduction

21. b. needs assessment team, benchmarking team

22. d. needs assessment team

23. d. needs assessment team

24. c. Determine team roles and responsibilities

25. d. primary customer

26. c. benchmarking team

27. a. Write operational objectives

28. c. benchmarking team

29. b. Evaluate the benchmarking process, itself

30. c. Determine team roles and responsibilities

31. b. the vast number of different potential outcomes

32. a. the potential for unexpected, unwanted results

Area II. Topic G. Behavior Safety Processes

1. d. low morale

2. a. fix accountability

3. d. all of the above

4. c. change the environment

5. b. the psychosocial

6. c. force supervisor performance

7. b. involve middle management

8. a. be flexible

9. d. be perceived as positive

10. b. involve employees

11. c. enforced

12. b. measurement

13. d. establish and operate systems

14. b. Theory X

15. c. Theory Y

16. b. Relationship and task

17. c. Task oriented

18. d. Relationship oriented

19. b. Theory Y

20. a. Theory X

21. b. span of control

22. b. Chris Argyris' Incongruency Theory

23. c. unity of command

24. d. specialization

25. a. chain of command

26. c. the mature worker

27. a. fewer accidents due to poor work attitudes

28. d. more pay

29. c. motivation, hygiene

30. d. responsibility

31. b. supervision

32. c. job enrichment

33. d. close control

34. c. Porter and Lawler

35. c. A high degree of 'us vs. them' competition among departments

Area II. Topic H. Root Cause Analysis

1. d. 8 hours

2. b. 2,3

3. b. determine what is relevant

4. c. bring together a cross-functional team to investigate

5. c. document it, even if relevancy is in question

6. d. All of the above

7. a. Photos more effectively show motion through time

8. b. Ask open-ended questions

9. c. prevent future accidents

10. a. The scene of the accident

11. a. fix the system

12. c. Someone's head has always got to role.

13. b. the supervisor

14. b. determine what is relevant

15. d. determine the scope and nature of discipline

16. d. Analysis

17. d. system performance root cause

18. a. Evaluation

19. b. Domino theory

20. c. Robert, pounds a nail

21. b. a process

22. b. a process

23. c. Conditions, behaviors, systems

24. b. Don't get tunnel vision by using a checklist.

25. c. It identifies only surface causes

26. b. The process places blame before considering safety program weaknesses

27. c. system design root cause

28. c. Rescheduling

29. b. Who was to blame

30. a. Machine not properly guarded.

31. c. psychosocial

32. a. inspection

33. a. gather data supporting supervisor and employee accountability

34. b. determine appropriate personal weaknesses

35. a. system performance root cause

36. c. system design root cause

37. c. system design root cause

38. d. relate findings to determine liability

39. b. investigate property damage events as well as injury accidents

40. c. theory of multiple causation

41. a. Never accept anything as fact until it has been proven

42. c. Someone's head has always got to role.

43. c. whether or not a team inspection program is established.

44. b. Don't get tunnel vision by using a checklist.

45. c. theory of multiple causation

46. c. theory of multiple causation

47. c. strict adherence with regulatory standards

48. b. be concerned only with the facts

49. a. ANSI Z16.2

50. a. ANSI Z16.2

51. c. secure the accident scene

52. a. Analyze each event to identify surface causes

53. c. leak in a pipe

54. d. hazards are not being reporting

55. d. there is no daily safety inspection plan

56. d. there is no daily safety inspection plan

57. c. employee conformance

58. d. their environment

59. c. encouraging

60. c. theory of multiple causation

61. d. general, specific

62. b. General

63. a. Specific

Area II. Topic I. Safety Management Theory

1. b. persuading

2. a. the principles

3. c. Peter Principle

4. a. accident proneness

5. b. the ancient Egyptians

6. c. Engineering, Education and Enforcement

7. b. Four times investment

8. c. an integrated, cross-functional team

9. a. engineering

10. b. management-work practice

11. c. personal protective equipment

12. b. management - work practice controls

13. c. educational controls

14. d. an internal safety consultant

15. a. enforcer of safety rules

16. a. enforce safety policies and rules

17. c. discipline the employee if justified

18. d. all of the above

19. b. incentive and recognition plan

20. c. effective accountability plan

21. d. unsafe behaviors

22. d. investigation

23. a. gender of worker

24. c. number of steps in the job

25. c. number of steps in the job

26. c. Henry W. Heinrich

27. a. environment, worker, unsafe act, accident, injury

28. b. leadership control

29. b. They may completely eliminate the hazard

30. b. They may completely eliminate the hazard

31. d. personal protective equipment

32. c. replacing a toxic with a less/non toxic chemical

33. a. the safety management system that supports them

34. a. the safety management system that supports them

35. b. along with

36. d. preventive maintenance

37. c. It provides evidence for discipline

38. a. Regulatory. Problem affects relations with OSHA

39. b. consensus

40. c. brainstorming

41. b. persuade

42. d. examples of outputs of the safety management system

43. b. The employee's behavior changes in the desired direction

44. b. The number of accidents that occur

45. c. employee ownership

46. d. Root causes

47. b. Does not take enough time

48. d. All of the above

49. a. First determine if system weaknesses exist

50. a. Analyze the accident event, then evaluate the safety management system

51. b. fixed plans

52. a. poor attitude

53. a. management

54. d. the psychological

55. c. management procedures that fix accountability

56. b. the culture

57. d. negative reinforcement

58. a. encourage supervisory performance

59. b. searching for root causes

60. b. delegated management support

61. b. asking if effective controls are being used

62. d. certain general manufacturing situations

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches