From the perspective of society, the ultimate goal of accident investigation is to prevent future accidents. Since before the invention of the first steam engines, history has demonstrated that safety is often not considered absent government regulation or financial liability. Safety organizations analyze accidents to create recommendations to prevent future accidents, which are often incorporated into government regulations and standards. Financial liability is enforced through tort law.
It is important to recognize that if the findings of an accident investigation are superficial, or worse, incorrect, safety will not be improved. Unfortunately, the majority of popular accident investigation methods are simply not able to identify the factors that actually led to the accident – this is particularly true if there was any software involved. As most every modern system (automobiles, aircraft, many boats, trucks, industrial machines, powerplants, etc.) includes software, the implication is that we are missing key factors in a great many accidents that extend beyond simple workplace mishaps.
The majority of experts hired to analyze an accident are technically proficient and knowledgeable but lack any formal training in accident investigations. Looking at the subset of those that do have training in accident investigation, most of those are trained in methods that were developed prior to the advent of the implementation of software in these systems.
These methods are often portrayed as able to identify the root cause of an accident. The first problem here is that the operational definition of root cause already results in problems, as it virtually always stops at the first convenient stopping point in an identified linear chain of events. This is most often the operator of the machine, e.g., the pilot, or the driver. This may be convenient, but it is often simplistic and misses key factors. As Dr. Nancy Leveson (MIT) has stated, “human error is a symptom of a system that has to be redesigned.”
In modern systems the role of the operator is to manage those problems that are unanticipated in the design. This has become obvious in larger complex systems, such as power plants, the petro-chemical industry, commercial and military aircraft, spacecraft and weapon systems. It is less obvious, but still often the case in simpler systems, such as big-rig trucks and even many modern automobiles that feature more and more computer control. Inappropriate applications of automation can, and do, result in people relying on flawed systems. It can also be true in the medical profession, particularly for the expectations placed upon nurses, who often are given great responsibility little commensurate control – resulting in deflecting blame away from more powerful individuals in a hospital.
So, if the operator is not responsible, then who is? The answer can be found through using accident investigation methods that uses system theory. Currently, there is only one method that fully utilizes system theory, and that is system theoretic accident models and processes (STAMP). Other methods, particularly those created prior to the advent of software, simply are not up to the task. This includes methods that are often used even in engineering, such as Bow-Tie, Fault Tree, Fault Hazard Analysis, Failure Modes and Effects Analysis and many others.
Worse still are the somewhat ad hoc methods used to analyze the so-called chain of events leading up to an accident. I have personally observed these differences while teaching all these methods in my graduate courses, as well as through the analysis of numerous cases where others have applied the more simplistic methods. A representative of a major insurance company once stated at a conference that he pitied anyone using these older methods who finds themselves up against a person trained in STAMP.
Generally, during the investigation using STAMP, we find that the individual operators are not responsible, but instead the issues are found in the organizational structure itself. In some cases, this can result in the organization being found responsible, in other cases there are contextual factors that can explain why it made sense for the organization, or organizations, to have made the decisions that they did.
As might be expected with a powerful method, STAMP requires training and practice to use and apply. Still, in my experience, the results of the STAMP analysis are very compelling when explained to the average person. The fact is that findings using STAMP are traceable and supportable, grounded in system theory and system engineering.
The role of tort law in safety is well documented, but for it to be effective it is imperative that responsibility for injury is assigned to the responsible entity or person, and not just the individuals who are convenient but incorrectly identified through the application of overly simplistic or inappropriate accident analysis.