Skip to content

Black Swans and Bow Ties

September 24, 2013

Bow Tie Risk Management

We started this blog a few weeks ago in order to provide thoughts and discussion points to do with the future of Process Safety Management – both onshore and offshore. The first set of discussions looked at the effect of looming world-wide petroleum shortages on the process safety profession. We will probably continue that discussion at a later date. But, for now, we thought that we would shift gears and write a few posts on the theme: Complex Systems Fail in Complex Ways.

The title of the first post in this series is entitled, “Black Swans and Bow Ties”.

Black Swans

Black Swan

Nicholas Taleb

Published in 2007 Nassim Nicholas Taleb’s book The Black Swan achieved almost overnight fame (a circumstance that is, in itself, something of a black swan). He defined a black swan event as having the following attributes.

  1. It is unpredictable;
  2. It has a massive impact; and
  3. After the fact we develop explanations to make the event appear less random, and more predictable, than it was.

(It should be noted that a black swan is not the same as bad luck – it does not justify lack of effort in reducing risk nor does it justify fatalism; it merely states that, no matter how good our risk management programs may be, bad events will occur.)

His book was written about financial markets, but its concepts can be applied to almost any type of system, including process facilities. For example, the three parameters listed above apply almost perfectly to the Deepwater Horizon/Macondo event: It was a surprise; its impact on the offshore oil and gas industry was profound; and, by now, pretty much everyone can explain what happened, thus removing the element of surprise from their thinking. We have all become experts.

Taleb attributes our inability to anticipate black swans to our tendency to focus on those things that we know, and to pay relatively less attention to what we don’t know. We cannot “think the unthinkable”. We are also too prone to categorize — a failing of most incident investigations as discussed by Dean Gano in his book Apollo Root Cause Analysis (we will discuss that insightful book in a future post).

In his web page Taleb notes that the Japanese Nuclear Commission had, in the year 2003, set the following goal:

The mean value of acute fatality risk by radiation exposure resultant from an accident of a nuclear installation to individuals of the public, who live in the vicinity of the site boundary of the nuclear installation, should not exceed the probability of about 1×10^6 per year (that is , at least 1 per million years)”.

The Fukushima-Daiichi nuclear power plant catastrophe occurred eight years later.

Taleb goes on to state,

I spent the last two decades explaining . . . why we should not talk about small probabilities in any domain. Science cannot deal with them. It is irresponsible to talk about small probabilities and make people rely on them, except for natural systems that have been standing for 3 billion years (not manmade ones for which the probabilities are derived theoretically, such as the nuclear field for which the effective track record is only 60 years).

He is equally scathing about estimates of consequence. He believes that the consequences of events such as Fukushima-Daiichi will usually be much more serious that estimated in the risk management models.

Basically, what he is saying is that, no matter how good our risk management systems may be, bad events are going to occur, and some of those events will be very bad.

Which takes us to the right hand side of the bow tie.

Bow Ties

Bow Tie Analysis Risk Management

Bow Tie analysis has gained widespread recognition in recent years as a means of identifying and then controlling hazardous events. On the left side of the bow tie diagram are the events or threats that could create an unsafe condition. A series of barriers or control measures are provided so as to reduce the likelihood of the event occurring. On the right side of the diagram are the barriers that reduce the severity of the event’s impact should the worst happen. (Basically, a bow time diagram is a fault tree followed by an event tree.)

Most process safety work tends to take place on the left side of the diagram, i.e., identifying how a hazardous event could occur and then putting in place barriers to prevent that occurrence. However, if it is accepted black swan events will occur then more attention should be given to the right hand side of the diagram.

Marine Well Containment System

MWCS

(An example of this can be seen in the response to the Macondo blowout. The offshore industry is now implementing  projects such as the Marine Well Containment System that will help control releases much more quickly that was done in 2010.)

Another, more subtle, reason for increasing the effort to do with the right side of the bow tie analysis is that many of the hazard identification methods are showing diminishing returns. For example, when the HAZOP technique was introduced 50 years ago it was instrumental in identifying many single-contingency, high consequence events that could be eliminated with modest expenditure. But we are now, to some extent, victims of our own success, and our analytical techniques are challenged in areas such as: 

  • Imprecision in defining terms;
  • Multiple contingencies;
  • Complexities and subtle interactions;
  • Dynamic conditions;
  • Common cause events;
  • Knowledge of safe operating limits;
  • Lack of quantification;
  • Team quality;
  • Personal experience;
  • Boredom;
  • Confusion with design reviews;
  • False confidence;
  • Equipment orientation;
  • Interfaces; and
  • Human error.

Difficulties such as those listed above emphasize the need for paying attention to the right hand side of the bow tie.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: