1. Toru Nakata
National Institute of Advanced
Industrial Science and Technology
(4th CCPS Global Summit on Process Safety, pp.37-38, September, 2017)
Segmentation of Workflow
for Secure Human Check
1
2. Why do we fail in checking?
Common causes of the failures, which
I have found so many times in
industry scenes.
2
3. Common Defects on Check
3
1. Check about actions (not about
results)
2. Triggering by completion of the
previous operation
3. “Double check” as an identical repeat
4. “Closed question” (Yes/No
questioning)
4. 1) Check about Actions
4
“Do A. Then, check whether you have
done A.”
Almost meaningless!
Tautology. Very boring.
Able to neglect by answering “yes”
Not verified from different viewpoints
nor independent information.
But, this is very popular among actual
operations of the industry.
5. 2) Triggering by completion of
the previous operation
"Do A. After that, check B.“
Vulnerable against omission
If you forget to do A, the check will
be forgotten too.
Actions and checks must be
triggered independently.
5
Action A Check BTrigger
6. 3) “Double check” as an identical
repeat
6
Can identical multiplexing make
operation more reliable?
Success rate = (1-Pfail^N)?
“Yes” for mechanical equipment
“?” for human operators
Every operators may commit the same
mistake.
“Even worse”, if each operator rely on
others do check correctly and do own
check vague.
Criticism among people is required.
7. 4) “Closed question”
(Yes/No questioning)
Closed question is simple, but it can be used
for easy quick checks with low risk.
We usually have prejudice answering “Yes” is
OK, so closed question is less reliable.
We normally face many “yes” than “no” in
workplace.
Better solution: to make the checker answer
something varies each time: i.e. “when”, “how
many”, “who”, etc.
7
8. How to improve check:
Segmentation of Workflow
and
Interruption for check
8
9. Ope 1Aroused Ope 2 CheckOpe 3 Done
Ope 1Aroused Ope 2 Check Done
Time
OpeAroused Check DoneTask1
Task 2
Task 3
Bad Design:
Asynchronous, dependent-triggered
Two Defects
Who does check? : Same person may undertake both
of operation and check. (Sectionalism)
Vulnerable against Omission. If operation is forgotten,
check will be forgotten too.
9
10. Ope 1
Arou
sed
Ope 2 Ope 3 Done
Ope 1
Arou
sed
Ope 2 Done
Time
Ope
Arou
sed
DoneTask1
Task2
Task3
Good Design:
Simultaneous, independent-triggered
Trans-sectional checking. Same timing allows
swap of workers for checks.
Triggered by
Particular time or Particular phase10
Check
Check
11. Case 1: Checkpoint at 4 PM
A company has a rule that stops all
employees' operation at 4PM to make
them concentrate on checking situation
of their tasks.
Swap works among the workers. Check
by different person.
If they find mistakes at 4PM, they can
correct them before the end of working
hours.
11
12. Case 2: Checkpoint of a Tray
In a food factory,
Novice operators put each material
into the machine at different timing
as soon as the material is ready.
Skillful operators place a tray in
front of the intake of the machine,
put each material on it,
and wait until all materials are
prepared,
then they check aligned
composition of the materials in
stillness.
12
13. Case 3: Shepherding Tourists
A tour conductor guides the group
of his customers, he usually
appoints some meeting places
before the final goal.
Appointing the final goal is weak
against disturbances, since it is
rather difficult to remember long
way to the goal and to reach
there without trouble.
Appointing near place as a
rendezvous point is much easier
and robust.
13
15. Points
Ordinary styles of check are often wrong.
1. Check on actions (not on results)
2. Triggering by completion of the
previous operation
3. “Double check” as an identical repeat
4. Yes/No questioning (“Closed
question”)
Segmentation / Interruption style can
eliminate the defeats.
15