Editor’s note: Michael Maddox, Ph.D., C.H.F.P., is Senior Scientist at HumanCentric Technologies, Inc.It should come as no surprise that human error is a major cause of injuries and death in all kinds of settings, such as automobiles, aviation, commercial ground and rail transportation, industrial accidents, law enforcement, and construction.
For over thirty years, research has indicated that human error contributes to between 60-95 percent of these incidents. In an effort to deal with this seemingly intractable problem, a number of techniques have been developed that attempt to identify the safety risks of human errors. This is an obvious and direct approach to reducing their effects.
With all the emphasis on the safety implications of human error is the applicability of risk analysis to other consequences, has been overlooked. The same techniques used to assess, and hopefully reduce; the effects of human error on safety can be directly applied to reduce business-centric hazards. Common examples include increased warranty costs, missed schedule deadlines, network outages, process bottlenecks, degraded functional capabilities, and reductions in brand loyalty.
This article describes some primary risk analysis methods and indicates how they can be used to assess business-centric risks.
Proactive vs. post hoc techniques
There are many ways to categorize human error risk analysis methods. For our purposes, we will separate them into two bins: “proactive” and “post hoc”. Proactive techniques examine products or systems to identify and prevent the effects of human error before such events actually occur. In fact, several proactive risk analysis methods analyze products or systems before they’re even built. Post hoc techniques examine negative outcomes stemming from human error and attempt to analyze and change the product or system to prevent a reoccurrence of the problem.
An excellent example of a post hoc risk analysis technique is Six Sigma that was developed and trademarked by Motorola. Usually referred to as a “quality improvement”, Six Sigma can be seen as a post hoc method for reducing the risk of damaging consequences, such as out-of-tolerance parts, dissatisfied customers, and personal injuries. Six Sigma is characterized by a trigger point (usually 3.4 bad outcomes per million opportunities) for taking action. As long as the process has fewer bad outcomes than the trigger point, then no action is required. If the bad outcomes exceed the trigger point, then the underlying processes are analyzed to figure out why they produced erroneous outcomes.
Two useful proactive methods
The goal of all proactive risk analysis methods is to identify and fix problems before they cause something bad to happen. Think of this as judging how thin the ice might be before you actually fall through it. I’ll describe two proactive techniques that can be applied directly to assessing the business risks associated with human errors.
This is a long name for a relatively simple technique that has been adapted from the mechanical and electronic domains, where it is used to identify the potential effects of component failures. The essence of UFMEA is to deconstruct a product or business process into the steps (tasks) required to accomplish some function. For each task, we ask, “What sorts of errors can cause this task to go wrong?” For example, if a customer service agent has to type in a part number, they might enter the number incorrectly,
For each error, known as a “failure mode”, we then ask three questions. First, what is the likelihood of this error happening? Second, what will be the effect if the error does occur? Third, what are the chances of the error being discovered and mitigated before it has any significant effect? To facilitate answering these questions, we typically devise a five-point scale for each, with “1” being the best thing that can happen and “5” being the worst. Each scale point is anchored with a description of the condition in which that rating is appropriate.
This process tends to be tedious, but not particularly complex. Some practitioners, including me, believe the process of decomposing functions and evaluating the consequences is just as valuable as the tabled values that emerge from the analysis. When the various ratings are combined in particular ways, we are left with a rank-ordered set of the human errors that have the most potential for causing bad outcomes. The idea is that we can then direct our resources towards addressing those issues.
Suppose we don’t understand enough about a particular business process to know where to expend our risk analysis resources. In these common instances, I recommend a “front-end” risk analysis using a method I term “topological analysis”.
This technique requires us to diagram and identify the inputs and outputs of each step in a process. We then examine the resulting information for structural locations at which either single failure (errors) causes the process to go awry or where a single type of error or external event can compromise multiple process parts.
The bottom line is that almost all popular “quality improvement” methods are post hoc. We have to wait for something bad to happen before trying to “repair” the underlying processes, products, and systems. If, instead of waiting for bad things to happen, we try to look forward to see what effects various types of human error might have, then we are beginning to think in terms of proactive methods. Keep in mind that the bad things don’t have to involve death or injury. Most companies don’t have processes that are likely to injure employees or customers. A consequence might be that your clients are so infuriated by their experience with customer service that they vow never to deal with you again — and ask their friends to do the same.
Michael Maddox received his doctorate in industrial engineering and human factors from Virginia Tech. He is a Senior Scientist for HumanCentric Technologies, with a focus on risk analysis and human error reduction, management and education. Dr. Maddox can be reached at 919-481-0565 or firstname.lastname@example.org.