Two weeks ago we posted on NUREG-2165, a document that formalizes a “common language” for describing nuclear safety culture (SC). The NUREG contains a set of SC traits, attributes that define each trait and examples that would evidence each attribute. We expressed concern about how traits and attributes could and would be applied in practice to assess SC.
Well, we didn’t have to wait very long. This post reviews a recent International Nuclear Safety Journal article* that describes the SC oversight process developed by the Romanian nuclear regulatory agency (CNCAN). The CNCAN process uses the International Atomic Energy Agency (IAEA) SC definition and attributes and illustrates how attributes can be used to evaluate SC. Note that CNCAN is not attempting to directly regulate SC but they are taking comprehensive steps to evaluate and influence the licensee’s SC.
CNCAN started with the 37 IAEA attributes and decided that 20 were accessible via the normal review and inspection activities. Some of the 20 could be assessed using licensee and related documentation, others through interviews with licensee and contractor personnel, and others by direct observation of relevant activities.
CNCAN recognizes there are limitations to using this process, e.g., findings that reflect a reviewer’s subjective opinion, the quality of match (relevance) between an attribute and a specific technical or functional area, the quality of the information gathered and used, and over-reliance on one specific finding. Time is also an issue. “[A] large number of review and inspection activities are required, over a relatively long period of time, to gather sufficient data in order to make a judgement on the safety culture of an organisation as a whole.” (p. 4)
However, they are optimistic about longer-term effectiveness. “. . . evidence of certain attributes not being met for several functional areas and processes would provide a clear indication of a problem that would warrant increased regulatory surveillance.” In addition, “[t]he implementation of the [oversight process] proved that all the routine regulatory reviews and inspections reveal aspects that are of certain relevance to safety culture. Interaction with plant staff during the various inspection activities and meetings, as well as the daily observation by the resident inspectors, provide all the necessary elements for having an overall picture of the safety culture of the licensee.” (ibid., emphasis added)
Our Perspective
We reviewed a draft of the CNCAN SC oversight process on March 23, 2012. We found the treatment of issues we consider important to be generally good. For example, in the area of decision making, goal conflict is explicitly addressed, from production vs. safety to differing personal opinions. Corrective action (CA) gets appropriate attention, including CA prioritization based on safety significance and verification that fixes are implemented and effective. Backlogs in many areas, including maintenance and corrective actions, are addressed. In general, the treatment is more thorough than the examples included in the NUREG.
However, the treatment of management incentives is weak. We favor a detailed evaluation of the senior managers’ compensation scheme focusing on how much of their compensation is tied to achieving safety (vs. production or other) goals.
So, do we feel better about the qualms we expressed over the NUREG, viz., that it is a step on the road to the bureaucratization of SC evaluation, a rigid checklist approach that ultimately creates an incomplete and possibly inaccurate picture of a plant’s SC? Not really. Our concerns are described below.
Over-simplification
For starters, CNCAN decided to focus on 20 attributes because they believed it was possible to gather relevant information on them. What about the other 17? Are they unrelated to SC simply because it might be hard to access them?
A second simplification is limiting the information search to artifacts: documents, interviews and observations. One does not have to hold some esoteric belief, e.g., that SC is an emergent organizational property that results from the functioning of a socio-technical system, to see that focusing on the artifacts may be similar to the shadows in Plato’s cave. Early on, the article refers to this problem by quoting from a 1999 NEA report: “the regulator can evaluate the outward operational manifestations of safety culture as well as the quality of work processes, and not the safety culture itself.” (p. 2)
Limited applicability
Romania has a single nuclear plant and what is, at heart, a one-size-fits-all approach is much more practical when “all” equals one. This type of approach might even work in, say, France, where there are multiple plants but a single operator. On the other hand, the U.S. currently has 32 operators reporting to 81 owners.** Developing SC assessment techniques that are comprehensive, consistent and perceived as fair by such a large group is not a simple task. The U.S. approach will continue to subsume SC evaluation under the ROP, which arguably ties SC evaluation to “objective” safety-related performance but unfortunately leads to de facto regulation of SC, less transparency and incomprehensible results in specific cases.***
(It could be worse. For an example, just look at DOE where the recent “guidance” on conducting SC self-assessments led to unreliable self-assessment results that can’t be compared with each other. For more on DOE, see our March 31, 2014 post or click on the DOE label at the bottom of this post.)
Bottom line
Ultimately the article can be summarized as follows: It’s hard, maybe impossible to directly evaluate SC but here’s what we (CNCAN) are doing and we think it works. We say a CNCAN-style approach may be helpful but one should remain alert to important SC factors that may be overlooked.
* M. Tronea, “Trends and Challenges in Regulatory Assessment of Nuclear Safety Culture,” International Nuclear Safety Journal, vol. 3 no. 1 (2014), pp. 1-5. Retrieved April 14, 2014. Dr. Tronea works for the Romanian nuclear authority (CNCAN) and is the founder/moderator of the LinkedIn Nuclear Safety group.
** NEI website, retrieved April 15, 2014.
*** For an example, see our Jan. 30, 2013 post on Palisades.
Monday, April 21, 2014
Wednesday, April 16, 2014
GM’s CEO Revealing Revelation
GM CEO Mary Barra |
In a general sense this sounds all too familiar as the standard response to a significant safety issue. Launch an independent investigation to gather the facts and figure out what happened, who knew what, who decided what and why. The current estimate is that it will take almost two months for this process to be completed. Also familiar is that accountability inevitably starts (and often ends) at the engineering and low level management levels. To wit, GM has already announced that two engineers involved in the ignition switch issues have been suspended.
But somewhat buried in Barra’s Congressional testimony is an unusually revealing comment. According to the Wall Street Journal, Barra said “senior executives in the past were intentionally not involved in details of recalls so as to not influence them.”* Intentionally not involved in decisions regarding recalls - recalls which can involve safety defects and product liability issues and have significant public and financial liabilities. Why would you not want the corporation's executives to be involved? And if one is to believe the rest of Barra’s testimony, it appears executives were not even aware of these issues.
Well, what if executives were involved in these critical decisions - what influence could they have that GM would be afraid of? Certainly if executive involvement would assure that technical assessments of potential safety defects were rigorous and conservative - that would not be undue influence. So that leaves the other possibility - that involvement of executives could inhibit or constrain technical assessments from assuring an appropriate priority for safety. This would be tantamount to the chilling effect popularized in the nuclear industry. If management involvement creates an implicit pressure to minimize safety findings, there goes the safety conscious work environment and safety.
If keeping executives out of the decision process is believed to yield “better” decisions, it says some pretty bad things about either their competence or ethics. Having executives involved should at least ensure that they are aware and knowledgeable of potential product safety issues and in a position to proactively assure that decisions and actions are appropriate. What might be the most likely explanation is that executives don’t want the responsibility and accountability for these types of decisions. They might prefer to remain protected at the safety policy level but leave the messy reality of comporting those dictates with real world business considerations to lower levels of the organization. Inevitably accountability rolls downhill to somebody in the engineering or lower management ranks.
One thing that is certain. Whatever the substance and process of GM’s decision, it is not transparent, probably not well documented, and now requires a major forensic effort to reconstitute what happened and why. This is not unusual and it is the standard course in other industries including nuclear generation. Wouldn’t we be better off if decisions were routinely subject to the rigor of contemporaneous recording including how complex and uncertain safety issues are decided in the context of other business priorities, and by whom?
* J.B. White and J. Bennett, "Some at GM Brass Told of Cobalt Woe," Wall Street Journal online (Apr. 11, 2014)
Posted by
Bob Cudlin
2
comments. Click to view/add.
Labels:
Decision Making,
Decisions,
GM,
Management
Sunday, April 6, 2014
NRC Issues Safety Culture Common Language NUREG
Decision making, including the treatment of goal conflicts, is Good;
Corrective action, part of problem identification and resolution, is Satisfactory;
Management Incentives is Unsatisfactory because the associated attributes focuses on workers, not managers, and any senior management incentive program is not mentioned; and
Work Backlogs are mentioned in a couple of specific areas so the overall grade is Minimally Acceptable.
But we have one overarching concern that transcends our opinion of common language specifics.
Our Perspective
Our biggest issue with the traits, attributes and examples approach is our fear it will lead to the complete bureaucratization of SC evaluation, either consciously or unconsciously. The examples in particular can morph into soft requirements on a physical or mental checklist. Such an approach leads to numerous questions. How many of the 10 traits does a healthy or positive SC exhibit?*** How many of the 40 attributes? Are the traits equally important? How about the attributes? Could the weighting factors vary across plant sites? How many examples must be observed before an attribute is judged acceptably present?
We understand the value of effective communications among regulators, licensee personnel and other stakeholders. But we worry about possible unintended consequences as people attempt to apply the guidance in NUREG-2165, especially in the NRC’s Reactor Oversight Process (ROP).****
* NRC NUREG-2165, “Safety Culture Common Language” (Mar. 2014). ADAMS ML14083A200.
** Nuclear Safety Culture Common Language 4th Public Workshop January 29-31, 2013. ADAMS ML13031A343.
*** The NUREG-2165 text describes a “healthy” SC while the SCPS (published as NUREG/BR-0500, Rev. 1, ADAMS ML12355A122) refers to a “positive” SC. The correct answer to “how many traits?” may be “more than ten” because the authors note “There may also be traits not included in the SCPS that are important in a healthy safety culture.” (p. 2)
**** The common language “initiative is within the Commission-directed framework for enhancing the ROP treatment of cross-cutting areas to more fully address safety culture.” (p. 3) This may require a little linguistic jujitsu since the SCPS says “traits were not developed for inspection purposes.”
Monday, March 31, 2014
Our Gaze Returns to DOE and its Safety Culture
Background
The DNFSB report on the WTP was issued June 9, 2011; it said the WTP SC was “flawed.” Issues included discouraging technical dissent, goal conflicts between schedule/budget and safety, and intimidation of personnel. We posted on the DNFSB report June 15, 2011. The report’s recommendations included this one: that the Secretary of Energy “conduct an Extent of Condition Review to determine whether these safety culture weaknesses are limited to the WTP Project, . . .” (DNFSB, p. 6)
After some back-and-forth between DOE and DNFSB, DOE published their IP in December 2011. We reviewed the IP on Jan. 24, 2012. Although the IP contained multiple action items, our overall impression was “that DOE believes there is no fundamental safety culture issue. . . . While endlessly citing all the initiatives previously taken or underway, never does the DOE reflect on why these initiatives have not been effective to date.” So we were not exactly optimistic but DOE did say it would “conduct an Extent of Condition Review to find out whether similar safety culture weaknesses exist at other sites in addition to the WTP and whether there are barriers to strong safety culture at Headquarters and the Department as a whole (e.g., policies or implementation issues). The review will focus on the Safety Conscious Work Environment (SCWE) at each site examined.” (IP, p. 17) In other words, SC was reduced to SCWE from the get-go.****
Part of the DOE review was to assess SCWE at a group of selected DOE facilities. DOE submitted SC assessments covering five facilities to DNFSB on Dec. 12, 2012. We reviewed the package in our post Jan. 25, 2013 and observed “The DOE submittal contained no meta-analysis of the five assessments, and no comparison to Vit Plant concerns. As far as [we] can tell, the individual assessments made no attempt to focus on whether or not Vit Plant concerns existed at the reviewed facilities.” We called the submittal “foot dragging” by DOE.
Report on SCWE Self-Assessments
A related DOE commitment was to perform SCWE self-assessments at numerous DOE facilities and then evaluate the results to determine if SCWE issues similar to WTP’s existed elsewhere. It is important to understand that this latest report is really only the starting point for evaluating the self-assessments because it focuses on the processes used during the self-assessments and not the results obtained.
The evaluation of the self-assessments was a large undertaking. The evaluation team visited 22 DOE and contractor organizations and performed document reviews for 9 additional organizations, including the DOE Office of River Protection and Bechtel National, major players in the WTP drama.
Problems abounded. Self-assessment guidance was prepared but not distributed to all sites in a timely manner and there was no associated training. Each self-assessment team had a “subject matter expert” but the qualifications for that role were not specified. Data collection methods were not consistently applied and data analyses were of variable quality. As a consequence, the self-assessment approaches used varied widely and the results obtained had variable reliability.
The self-assessment reports exhibited varying quality. Some were satisfactory but “In many of the self-assessment reports, the overall conclusions did not accurately reflect the information in the data and analysis sections. In some cases, negative results were presented with a statement rationalizing or minimizing the issue, rather than indicating a need to find out more about the issue and resolve it. In other cases, although data and/or analysis reflected potential problems, those problems were not mentioned in the conclusions or executive summaries, which senior management is most likely to read.” (p. 7)
The evaluation team summarized as follows: “The overall approach ultimately used to self-assess SCWE across the complex did not provide for consistent application of assessment methodologies and was not designed to ensure validity and credibility. . . . The wide variation in the quality of methodologies and analysis of results significantly reduces the confidence in the conclusions of many of the self-assessments. Consequently, caution should be used in drawing firm conclusions about the state of SCWE or safety culture across the entire DOE complex based on a compilation of results from all the site self-assessments.” (p. iii)
“The Independent Oversight team concluded that DOE needs to take additional actions to ensure that future self-assessments provide a valid and accurate assessment of the status of the safety culture at DOE sites and organizations, . . .” (p. 8) This is followed by a series of totally predictable recommendations for process improvements: “enhance guidance and communications,” increase management “involvement in, support for, and monitoring of site self-assessments,” and “DOE sites . . . should increase their capabilities to perform self-assessments . . .” (pp. 9-10)
Our Perspective
The steps taken to date do not inspire confidence in the DOE’s interest in determining if and what SCWE (much less more general SC) issues exist in the DOE complex. For the facilities that were directly evaluated, we have some clues to the existence similar problems. For the facilities that conducted self-assessments, so far we have—almost nothing.
There is one big step remaining: DOE also said it would “develop a consolidated report from the results of the self-assessments and HSS independent reviews.” (IP, p. 20) We await that report with bated breath.
For our U.S. readers: This is your tax dollars at work.
* DOE Office of Enforcement and Oversight, “Independent Oversight Evaluation of Line Self-Assessments of Safety Conscious Work Environment” (Feb. 2014).
** U.S. Dept. of Energy, “Implementation Plan for Defense Nuclear Facilities Safety Board Recommendation 2011-1, Safety Culture at the Waste Treatment and Immobilization Plant” (Dec. 2011).
*** Defense Nuclear Facilities Safety Board, Recommendation 2011-1 to the Secretary of Energy "Safety Culture at the Waste Treatment and Immobilization Plant" (Jun 9, 2011).
**** DOE rationalized reducing the scope of investigation from SC to SCWE by saying “The safety culture issues identified at WTP are primarily SCWE issues. . .” (p. 17) We posted a lecturette about SC being much more than SCWE here.
Posted by
Lewis Conner
1 comments. Click to view/add.
Labels:
Assessment,
DNFSB,
DOE,
SCWE,
Vit Plant
Wednesday, March 26, 2014
NRC "National Report" to IAEA
A March 25, 2014 NRC press release* announced that Chairman Macfarlane presented the Sixth National Report for the Convention on Nuclear Safety** to International Atomic Energy Agency (IAEA) member countries. The report mentions safety culture (SC) several times, as discussed below. There is no breaking news in a report like this. We’re posting about it only because it provides an encyclopedic review of NRC activities including a description of how SC fits into their grand scheme of things. We also tie the report’s contents to related posts on Safetymatters. The numbers shown below are section numbers in the report.
6.3.11 Public Participation
This section describes how the NRC engages with stakeholders and the broader public. As part of such engagement, the NRC says it expects employers to maintain an open environment where workers are free to raise safety concerns. “These expectations are communicated through the NRC’s Safety Culture Policy Statement” and other regulatory directives and tools. (p. 72) This is pretty straightforward and we have no comment.
8.1.6.2 Human Resources
Section 8 describes the NRC, from its position in the federal government to how it runs its internal activities. One such activity is the NRC Inspector General’s triennial General Safety Culture and Climate Survey for NRC employees. Reporting on the most recent (2012) survey, “the NRC scored above both Federal and private sector benchmarks, although in 2012 the agency did not perform as strongly as it had in the past.” (p. 96) We posted on the internal SC survey back on April 6, 2013; we felt the survey raised a few significant issues.
10.4 Safety Culture
Section 10 covers activities that ensure that safety receives its “due priority” from licensees and the NRC itself. Sub-section 10.4 provides an in-depth description of the NRC’s SC-related policies and practices so we excerpt from it at length.
The discussion begins with the SC policy statement and the traits of a positive (sic) SC, including Leadership, Problem identification and resolution, Personal accountability, etc.
The most interesting part is 10.4.1 NRC Monitoring of Licensee Safety Culture which covers “the policies, programs, and practices that apply to licensee safety culture.” (p. 118) It begins with the Reactor Oversight Process (ROP) and its SC-related enhancements. NRC staff identified 13 components as important to SC, including decision making, resources, work control, etc. “All 13 safety culture components are applied in selected baseline, event followup, and supplemental IPs [inspection procedures].” (p. 119)
“There are no regulatory requirements for licensees to perform safety culture assessments routinely. However, depending on the extent of deterioration of licensee performance, the NRC has a range of expectations [emphasis added] about regulatory actions and licensee safety culture assessments, . . .” (p. 119)
“In the routine or baseline inspection program, the inspector will develop an inspection finding and then identify whether an aspect of a safety culture component is a significant causal factor of the finding. The NRC communicates the inspection findings to the licensee along with the associated safety culture aspect.
“When performing the IP that focuses on problem identification and resolution, inspectors have the option to review licensee self-assessments of safety culture. The problem identification and resolution IP also instructs inspectors to be aware of safety culture components when selecting samples.” (p. 119)
“If, over three consecutive assessment periods (i.e., 18 months), a licensee has the same safety culture issue with the same common theme, the NRC may ask [emphasis added] the licensee to conduct a safety culture self-assessment.” (p. 120)
If the licensee performance degrades to Column 3 of the ROP Action Matrix and “the NRC determines that the licensee did not recognize that safety culture components caused or significantly contributed to the risk-significant performance issues, the NRC may request [emphasis added] the licensee to complete an independent assessment of its safety culture.” (p. 120)
For licensees in Column 4 of the ROP “the NRC will expect [emphasis added] the licensee to conduct a third-party independent assessment of its safety culture. The NRC will review the licensee’s assessment and will conduct an independent assessment of the licensee’s safety culture . . .” (p. 120)
ROP SC considerations “provide the NRC staff with (1) better opportunities to consider safety culture weaknesses . . . (2) a process to determine the need to specifically evaluate a licensee’s safety culture . . . and (3) a structured process to evaluate the licensee’s safety culture assessment and to independently conduct a safety culture assessment for a licensee . . . . By using the existing Reactor Oversight Process framework, the NRC’s safety culture oversight activities are based on a graded approach and remain transparent, understandable, objective, risk-informed, performance-based, and predictable.” (p. 120)
We described this hierarchy of NRC SC-related activities in a post on May 24, 2013. We called it de facto regulation of SC. Reading the above only confirms that conclusion. When the NRC asks, requests or expects the licensee to do something, it’s akin to a military commander’s “wishes,” i.e., they’re the same as orders.
10.4.2 The NRC Safety Culture
This section covers the NRC’s actions to strengthen its internal SC. This actions include appointing an SC Program Manager; integrating SC into the NRC’s Strategic Plan; developing training; evaluating the NRC’s problem identification, evaluation and resolution processes; and establishing clear expectations and accountability for maintaining current policies and procedures.
We would ask how SC affects (and is affected by) the NRC’s decision making and resource allocation processes, work practices, operating experience integration and establishing personal accountability for maintaining the agency’s SC. What’s good for the goose (licensee) is good for the gander (regulator).
Institute of Nuclear Power Operations (INPO)
INPO also provided content for the report. Interestingly, it is a 39-page Part 3 in the body of the report, not an appendix. Part 3 covers INPO’s mission, organization, etc. and includes a section on SC.
6. Priority to Safety (Safety Culture)
The industry and INPO have their own definition of SC: “An organization’s values and behaviors—modeled by its leaders and internalized by its members—that serve to make nuclear safety the overriding priority.” (p. 230)
“INPO activities reinforce the primary obligation of the operating organizations’ leadership to establish and foster a healthy safety culture, to periodically assess safety culture, to address shortfalls in an open and candid fashion, and to ensure that everyone from the board room to the shop floor understands his or her role in safety culture.” (p. 231)
We believe our view of SC is broader than INPO’s. As we said in our July 24, 2013 post “We believe culture, including SC, is an emergent organizational property created by the integration of top-down activities with organizational history, long-serving employees, and strongly held beliefs and values, including the organization's “real” priorities. In other words, SC is a result of the functioning over time of the socio-technical system. In our view, a CNO can heavily influence, but not unilaterally define, organizational culture including SC.”
Conclusion
This 341 page report appears to cover every aspect of the NRC’s operations but, as noted in our introduction, it does not present any new information. It’s a good reference document to cite if someone asks you what the NRC is or what it does.
We found it a bit odd that the definition of SC in the report is not the definition promulgated in the NRC SC Policy Statement. Specifically, the report says the NRC uses the 1991 INSAG definition of SC: “that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear safety issues receive the attention warranted by their significance.” (p. 118)
The Policy Statement says “Nuclear safety culture is the core values and behaviors resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment.”***
Of course, both definitions are different from the INPO definition provided above. We’ll leave it as an exercise for the reader to figure out what this means.
* NRC Press Release No: 14-021, “NRC Chairman Macfarlane Presents U.S. National Report to IAEA’s Convention on Nuclear Safety” (Mar. 25, 2014). ADAMS ML14084A303.
** NRC NUREG-1650 Rev. 5, “The United States of America Sixth National Report for the Convention on Nuclear Safety” (Oct. 2013). ADAMS ML13303B021.
*** NUREG/BR 0500 Rev 1, “Safety Culture Policy Statement” (Dec 2012). ADAMS ML12355A122. This definition comports with the one published in the Federal Register Vol. 76, No. 114 (June 14, 2011) p. 34777.
6.3.11 Public Participation
This section describes how the NRC engages with stakeholders and the broader public. As part of such engagement, the NRC says it expects employers to maintain an open environment where workers are free to raise safety concerns. “These expectations are communicated through the NRC’s Safety Culture Policy Statement” and other regulatory directives and tools. (p. 72) This is pretty straightforward and we have no comment.
8.1.6.2 Human Resources
Section 8 describes the NRC, from its position in the federal government to how it runs its internal activities. One such activity is the NRC Inspector General’s triennial General Safety Culture and Climate Survey for NRC employees. Reporting on the most recent (2012) survey, “the NRC scored above both Federal and private sector benchmarks, although in 2012 the agency did not perform as strongly as it had in the past.” (p. 96) We posted on the internal SC survey back on April 6, 2013; we felt the survey raised a few significant issues.
10.4 Safety Culture
Section 10 covers activities that ensure that safety receives its “due priority” from licensees and the NRC itself. Sub-section 10.4 provides an in-depth description of the NRC’s SC-related policies and practices so we excerpt from it at length.
The discussion begins with the SC policy statement and the traits of a positive (sic) SC, including Leadership, Problem identification and resolution, Personal accountability, etc.
The most interesting part is 10.4.1 NRC Monitoring of Licensee Safety Culture which covers “the policies, programs, and practices that apply to licensee safety culture.” (p. 118) It begins with the Reactor Oversight Process (ROP) and its SC-related enhancements. NRC staff identified 13 components as important to SC, including decision making, resources, work control, etc. “All 13 safety culture components are applied in selected baseline, event followup, and supplemental IPs [inspection procedures].” (p. 119)
“There are no regulatory requirements for licensees to perform safety culture assessments routinely. However, depending on the extent of deterioration of licensee performance, the NRC has a range of expectations [emphasis added] about regulatory actions and licensee safety culture assessments, . . .” (p. 119)
“In the routine or baseline inspection program, the inspector will develop an inspection finding and then identify whether an aspect of a safety culture component is a significant causal factor of the finding. The NRC communicates the inspection findings to the licensee along with the associated safety culture aspect.
“When performing the IP that focuses on problem identification and resolution, inspectors have the option to review licensee self-assessments of safety culture. The problem identification and resolution IP also instructs inspectors to be aware of safety culture components when selecting samples.” (p. 119)
“If, over three consecutive assessment periods (i.e., 18 months), a licensee has the same safety culture issue with the same common theme, the NRC may ask [emphasis added] the licensee to conduct a safety culture self-assessment.” (p. 120)
If the licensee performance degrades to Column 3 of the ROP Action Matrix and “the NRC determines that the licensee did not recognize that safety culture components caused or significantly contributed to the risk-significant performance issues, the NRC may request [emphasis added] the licensee to complete an independent assessment of its safety culture.” (p. 120)
For licensees in Column 4 of the ROP “the NRC will expect [emphasis added] the licensee to conduct a third-party independent assessment of its safety culture. The NRC will review the licensee’s assessment and will conduct an independent assessment of the licensee’s safety culture . . .” (p. 120)
ROP SC considerations “provide the NRC staff with (1) better opportunities to consider safety culture weaknesses . . . (2) a process to determine the need to specifically evaluate a licensee’s safety culture . . . and (3) a structured process to evaluate the licensee’s safety culture assessment and to independently conduct a safety culture assessment for a licensee . . . . By using the existing Reactor Oversight Process framework, the NRC’s safety culture oversight activities are based on a graded approach and remain transparent, understandable, objective, risk-informed, performance-based, and predictable.” (p. 120)
We described this hierarchy of NRC SC-related activities in a post on May 24, 2013. We called it de facto regulation of SC. Reading the above only confirms that conclusion. When the NRC asks, requests or expects the licensee to do something, it’s akin to a military commander’s “wishes,” i.e., they’re the same as orders.
10.4.2 The NRC Safety Culture
This section covers the NRC’s actions to strengthen its internal SC. This actions include appointing an SC Program Manager; integrating SC into the NRC’s Strategic Plan; developing training; evaluating the NRC’s problem identification, evaluation and resolution processes; and establishing clear expectations and accountability for maintaining current policies and procedures.
We would ask how SC affects (and is affected by) the NRC’s decision making and resource allocation processes, work practices, operating experience integration and establishing personal accountability for maintaining the agency’s SC. What’s good for the goose (licensee) is good for the gander (regulator).
Institute of Nuclear Power Operations (INPO)
INPO also provided content for the report. Interestingly, it is a 39-page Part 3 in the body of the report, not an appendix. Part 3 covers INPO’s mission, organization, etc. and includes a section on SC.
6. Priority to Safety (Safety Culture)
The industry and INPO have their own definition of SC: “An organization’s values and behaviors—modeled by its leaders and internalized by its members—that serve to make nuclear safety the overriding priority.” (p. 230)
“INPO activities reinforce the primary obligation of the operating organizations’ leadership to establish and foster a healthy safety culture, to periodically assess safety culture, to address shortfalls in an open and candid fashion, and to ensure that everyone from the board room to the shop floor understands his or her role in safety culture.” (p. 231)
We believe our view of SC is broader than INPO’s. As we said in our July 24, 2013 post “We believe culture, including SC, is an emergent organizational property created by the integration of top-down activities with organizational history, long-serving employees, and strongly held beliefs and values, including the organization's “real” priorities. In other words, SC is a result of the functioning over time of the socio-technical system. In our view, a CNO can heavily influence, but not unilaterally define, organizational culture including SC.”
Conclusion
This 341 page report appears to cover every aspect of the NRC’s operations but, as noted in our introduction, it does not present any new information. It’s a good reference document to cite if someone asks you what the NRC is or what it does.
We found it a bit odd that the definition of SC in the report is not the definition promulgated in the NRC SC Policy Statement. Specifically, the report says the NRC uses the 1991 INSAG definition of SC: “that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, nuclear safety issues receive the attention warranted by their significance.” (p. 118)
The Policy Statement says “Nuclear safety culture is the core values and behaviors resulting from a collective commitment by leaders and individuals to emphasize safety over competing goals to ensure protection of people and the environment.”***
Of course, both definitions are different from the INPO definition provided above. We’ll leave it as an exercise for the reader to figure out what this means.
* NRC Press Release No: 14-021, “NRC Chairman Macfarlane Presents U.S. National Report to IAEA’s Convention on Nuclear Safety” (Mar. 25, 2014). ADAMS ML14084A303.
** NRC NUREG-1650 Rev. 5, “The United States of America Sixth National Report for the Convention on Nuclear Safety” (Oct. 2013). ADAMS ML13303B021.
*** NUREG/BR 0500 Rev 1, “Safety Culture Policy Statement” (Dec 2012). ADAMS ML12355A122. This definition comports with the one published in the Federal Register Vol. 76, No. 114 (June 14, 2011) p. 34777.
Posted by
Lewis Conner
1 comments. Click to view/add.
Labels:
IAEA,
INPO,
NRC,
References,
Regulation of Safety Culture,
SC Policy Statement
Wednesday, March 19, 2014
Safety Culture at Tohoku Electric vs. Tokyo Electric Power Co. (TEPCO)
Fukushima No. 1 (Daiichi) |
Op-Ed Summary
According to the authors, Tohoku Electric had a stronger SC than TEPCO. Tohoku had a senior manager who strongly advocated safety, company personnel participated in seminars and panel discussions about earthquake and tsunami disaster prevention, and the company had strict disaster response protocols in which all workers were trained. Although their Onagawa plant was closer to the March 11, 2011 quake epicenter and experienced a higher tsunami, it managed to shut down safely.
SC-related initiatives like Tohoku’s were not part of TEPCO’s culture. Fukushima No. 1’s problems date back to its original siting and early construction. TEPCO removed 25 meters off the 35 meter natural seawall of the plant site and built its reactor buildings at a lower elevation of 10 meters (compared to 14.7m for Onagawa). Over the plant’s life, as research showed that tsunami levels had been underestimated, TEPCO “resorted to delaying tactics, such as presenting alternative scientific studies and lobbying”** rather than implementing countermeasures.
Background and Our Perspective
The op-ed is a condensed version of the authors’ longer paper***, which was adapted from a research paper for an engineering class, presumably written by Ms. Ryu. The op-ed is basically a student paper based on public materials. You should read the longer paper, review the references and judge for yourself if the authors have offered conclusions that go beyond the data they present.
I suggest you pay particular attention to the figure that supposedly compares Tohoku and TEPCO using INPO’s ten healthy nuclear SC traits. Not surprisingly, TEPCO doesn’t fare very well but note the ratings were based on “the author’s personal interpretations and assumptions” (p. 26)
Also note that the authors do not mention Fukushima No. 2 (Daini), a four-unit TEPCO plant about 15 km south of Fukushima No. 1. Fukushima No. 2 also experienced damage and significant challenges after being hit by a 9m tsunami but managed to reach shutdown by March 18, 2011. What could be inferred from that experience? Same corporate culture but better luck?
Bottom line, by now it’s generally agreed that TEPCO SC was unacceptably weak so the authors plow no new ground in that area. However, their description of Tohoku Electric’s behavior is illuminating and useful.
* A. Ryu and N. Meshkati, “Culture of safety can make or break nuclear power plants,” Japan Times (Mar. 14, 2014). Retrieved Mar. 19, 2014.
** Quoted in the op-ed but taken from “The official report of the Fukushima Nuclear Accident Independent Investigation Commission [NAIIC] Executive Summary” (The National Diet of Japan, 2012), p. 28. The NAIIC report has a longer Fukushima root cause explanation than the op-ed, viz, “the root causes were the organizational and regulatory systems that supported faulty rationales for decisions and actions, . . .” (p. 16) and “The underlying issue is the social structure that results in “regulatory capture,” and the organizational, institutional, and legal framework that allows individuals to justify their own actions, hide them when inconvenient, and leave no records in order to avoid responsibility.” (p. 21) IMHO, if this were boiled down, there wouldn’t be much SC left in the bottom of the pot.
*** A. Ryu and N. Meshkati, “Why You Haven’t Heard About Onagawa Nuclear Power Station after the Earthquake and Tsunami of March 11, 2011” (Rev. Feb. 26, 2014).
Posted by
Lewis Conner
1 comments. Click to view/add.
Labels:
Decisions,
Fukushima,
Regulatory Capture,
Safety Culture
Friday, March 14, 2014
Deficient Safety Culture at Metro-North Railroad
The proposed fixes are likewise familiar: “. . . senior leadership must prioritize safety above all else, and communicate and implement that priority throughout Metro-North. . . . submit to FRA a plan to improve the Safety Department’s mission and effectiveness. . . . [and] submit to FRA a plan to improve the training program. (p. 4)**
Our Perspective
This report is typical. It’s not bad, but it’s incomplete and a bit misguided.
The directive for senior management to establish safety as the highest priority and implement that priority is good but incomplete. There is no discussion of how safety is or should be appropriately considered in decision-making throughout the agency, from its day-to-day operations to strategic considerations. More importantly, Metro-North’s recognition, reward and compensation practices (keys to shaping behavior at all organizational levels) are not even mentioned.
The Safety Department discussion is also incomplete and may lead to incorrect inferences. The report says “Currently, no single department or office, including the Safety Department, proactively advocates for safety, and there is no effort to look for, identify, or take ownership of safety issues across the operating departments. An effective Safety Department working in close communication and collaboration with both management and employees is critical to building and maintaining a good safety culture on any railroad.” (p. 13) A competent Safety Department is certainly necessary to create a hub for safety-related problems but is not sufficient. In a strong SC, the “effort to look for, identify, or take ownership of safety issues” is everyone’s responsibility. In addition, the authors don’t appear to appreciate that SC is part of a loop—the deficiencies described in the report certainly influence SC, but SC provides the context for the decision-making that currently prioritizes on-time performance over safety.
Metro-North training is fragmented across many departments and the associated records system is problematic. The proposed fix focuses on better organization of the training effort. There is no mention of the need for training content to include any mention of safety or SC.
Not included in the report (but likely related to it) is that Metro-North’s president retired last January. His replacement says Metro-North is implementing “aggressive actions to affirm that safety is the most important factor in railroad operations.”***
We have often griped about SC assessments where the recommended corrective actions are limited to more training, closer oversight and selective punishment. How did the FRA do?
* Federal Railroad Administration, “Operation Deep Dive Metro-North Commuter Railroad Safety Assessment” (Mar. 2014). Retrieved Mar. 14, 2014. The FRA is an agency in the U.S. Department of Transportation.
** The report also includes a laundry list of negative findings and required/recommended corrective actions in several specific areas.
*** M. Flegenheimer, “Report Finds Punctuality Trumps Safety at Metro-North,” New York Times (Mar. 14, 2014). Retrieved Mar. 14, 2014)
Posted by
Lewis Conner
0
comments. Click to view/add.
Labels:
Assessment,
Safety Culture,
Training
Thursday, March 13, 2014
Eliminate the Bad Before Attempting the Good
An article* in the McKinsey Quarterly suggests executives work at rooting out destructive behaviors before attempting to institute best practices. The reason is simple: “research has found that negative interactions with bosses and coworkers [emphasis added] have five times more impact than positive ones.” (p. 81) In other words, a relatively small amount of bad behavior can keep good behavior, i.e., improvements, from taking root.** The authors describe methods for removing bad behavior and warning signs that such behavior exists. This post focuses on their observations that might be useful for nuclear managers and their organizations.
Methods
Nip Bad Behavior in the Bud — Bosses and coworkers should establish zero tolerance for bad behavior but feedback or criticism should be delivered while treating the target employee with respect. This is not about creating a climate of fear, it’s about seeing and responding to a “broken window” before others are also broken. We spoke a bit about the broken window theory here.
Put Mundane Improvements Before Inspirational Ones/Seek Adequacy Before Excellence — Start off with one or more meaningful objectives that the organization can achieve in the short term without transforming itself. Recognize and reward positive behavior, then build on successes to introduce new values and strategies. Because people are more than twice as likely to complain about bad customer service as to mention good customer service, management intervention should initially aim at getting the service level high enough to staunch complaints, then work on delighting customers.
Use Well-Respected Staff to Squelch Bad Behavior — Identify the real (as opposed to nominal or official) group leaders and opinion shapers, teach them what bad looks like and recruit them to model good behavior. Sounds like co-opting (a legitimate management tool) to me.
Warning Signs
Fear of Responsibility — This can be exhibited by employees doing nothing rather than doing the right thing, or their ubiquitous silence. It is related to bystander behavior, which we posted on here.
Feelings of Injustice or Helplessness — Employees who believe they are getting a raw deal from their boss or employer may act out, in a bad way. Employees who believe they cannot change anything may shirk responsibility.
Feelings of Anonymity — This basically means employees will do what they want because no one is watching. This could lead to big problems in nuclear plants because they depend heavily on self-management and self-reporting of problems at all organizational levels. Most of the time things work well but incidents, e.g., falsification of inspection reports or test results, do occur.
Our Perspective
The McKinsey Quarterly is a forum for McKinsey people and academics whose work has some practical application. This article is not rocket science but sometimes a simple approach can help us appreciate basic lessons. The key takeaway is that an overconfident new manager can sometimes reach too far, and end up accomplishing very little. The thoughtful manager might spend some time figuring out what’s wrong (the “bad” behavior) and develop a strategy for eliminating it and not simply pave over it with a “get better” program that ignores underlying, systemic issues. Better to hit a few singles and get the bad juju out of the locker room before swinging for the fences.
* H. Rao and R.I. Sutton, “Bad to great: The path to scaling up excellence,” McKinsey Quarterly, no. 1 (Feb. 2014), pp. 81-91. Retrieved Mar. 13, 2014.
** Even Machiavelli recognized the disproportionate impact of negative interactions. “For injuries should be done all together so that being less tasted they will give less offence. Benefits should be granted little by little so that they may be better enjoyed.” The Prince, ch. VIII.
Methods
Nip Bad Behavior in the Bud — Bosses and coworkers should establish zero tolerance for bad behavior but feedback or criticism should be delivered while treating the target employee with respect. This is not about creating a climate of fear, it’s about seeing and responding to a “broken window” before others are also broken. We spoke a bit about the broken window theory here.
Put Mundane Improvements Before Inspirational Ones/Seek Adequacy Before Excellence — Start off with one or more meaningful objectives that the organization can achieve in the short term without transforming itself. Recognize and reward positive behavior, then build on successes to introduce new values and strategies. Because people are more than twice as likely to complain about bad customer service as to mention good customer service, management intervention should initially aim at getting the service level high enough to staunch complaints, then work on delighting customers.
Use Well-Respected Staff to Squelch Bad Behavior — Identify the real (as opposed to nominal or official) group leaders and opinion shapers, teach them what bad looks like and recruit them to model good behavior. Sounds like co-opting (a legitimate management tool) to me.
Warning Signs
Fear of Responsibility — This can be exhibited by employees doing nothing rather than doing the right thing, or their ubiquitous silence. It is related to bystander behavior, which we posted on here.
Feelings of Injustice or Helplessness — Employees who believe they are getting a raw deal from their boss or employer may act out, in a bad way. Employees who believe they cannot change anything may shirk responsibility.
Feelings of Anonymity — This basically means employees will do what they want because no one is watching. This could lead to big problems in nuclear plants because they depend heavily on self-management and self-reporting of problems at all organizational levels. Most of the time things work well but incidents, e.g., falsification of inspection reports or test results, do occur.
Our Perspective
The McKinsey Quarterly is a forum for McKinsey people and academics whose work has some practical application. This article is not rocket science but sometimes a simple approach can help us appreciate basic lessons. The key takeaway is that an overconfident new manager can sometimes reach too far, and end up accomplishing very little. The thoughtful manager might spend some time figuring out what’s wrong (the “bad” behavior) and develop a strategy for eliminating it and not simply pave over it with a “get better” program that ignores underlying, systemic issues. Better to hit a few singles and get the bad juju out of the locker room before swinging for the fences.
* H. Rao and R.I. Sutton, “Bad to great: The path to scaling up excellence,” McKinsey Quarterly, no. 1 (Feb. 2014), pp. 81-91. Retrieved Mar. 13, 2014.
** Even Machiavelli recognized the disproportionate impact of negative interactions. “For injuries should be done all together so that being less tasted they will give less offence. Benefits should be granted little by little so that they may be better enjoyed.” The Prince, ch. VIII.
Posted by
Lewis Conner
0
comments. Click to view/add.
Labels:
Management
Subscribe to:
Posts (Atom)