Regulatory Creep

The NRC's assessment of safety culture (SC) is an example of regulatory creep.  It began with the requirement that licensees determine whether specific safety-related performance problems or cross-cutting issues were caused, in whole or in part, by SC deficiencies.  Then the 2011 SC Policy Statement attempted to put a benign face on NRC intrusiveness because a policy statement is not a regulation.  However, licensees are “expected” to comply with the policy statement's goals and guidance; the NRC “expectations” become de facto regulations.

We have griped about this many times.*  But why does regulatory creep occur?  Is it inevitable?  We'll start with some background then look at some causes.

In the U.S., Congress passes and the President approves major legislative acts.  These are top-level policy statements characterized by lofty goals and guiding principles.  Establishing the detailed rules (which have the force of law) for implementing these policies falls to government bureaucrats in regulatory agencies.  There are upwards of 50 such agencies in the federal government, some part of executive branch departments (headed by a Cabinet level officer), others functioning independently, i.e., reporting to Congress with the President appointing, subject to Congressional approval, their governing boards (commissioners).  The NRC is one of the independent federal regulatory agencies.

Regulatory rules are proposed and approved following a specified, public process.  But once they are in place, multiple forces can lead to the promulgation of new rules or an expanded interpretation or application of existing rules (creep).  The forces for change can arise internal or external to the agency.  Internal forces include the perceived need to address new real or imagined issues, a fear of losing control as the regulated entities adapt and evolve, or a generalized drive to expand regulatory authority.  Even bureaucrats can have a need for more power or a larger budget.

External sources include interest groups (and their lobbyists), members of Congress who serve on oversight committees, highly motivated members of the public or the agency's own commissioners.  We classify commissioners as external because they are not really part of an agency; they are political appointees of the President, who has a policy agenda.  In addition, a commissioner may owe a debt or allegiance to a Congressional sponsor who promoted the commissioner's appointment.

Given all the internal and external forces, it appears that new rules and  regulatory creep are inevitable absent the complete capture of the agency by its nominally regulated entities.  Creep means a shifting boundary of what is required, what is allowed, what is tolerated and what will be punished—without a formal rule making.  The impact of creep on the regulated entities is clear: increased uncertainty and cost.  They may not care for increased regulatory intrusiveness but they know the penalty may be high if they fail to comply.  When regulated entities perceive creep, they must make a business decision: comply or fight.  They often choose to comply simply because if they fight and lose, they risk even more punitive formal regulation and higher costs.  If they fight and win, they risk alienating career bureaucrats who will then wait for an opportunity to exact retribution.  A classic lose-lose situation.  

Our perspective

Years ago I took a poli-sci seminar where the professor said public policy forces could be boiled down to: Who's mad?  How mad?  And who's glad?  How glad?  I sometimes refer to that simple mental model when I watch the ongoing Kabuki between the regulator, its regulated entities and many, many political actors.  Regulatory creep is one of the outcomes of such dynamics.


*  For related posts, click the "Regulation of Safety Culture" label.

Regulatory creep is not confined to the NRC.  The motivation for this post was an item forwarded by a reader on reported Consumer Product Safety Commission (CPSC) activity.  Commenting on a recent settlement, a CPSC Commissioner “expressed concern that . . . the CPSC had insisted on a comprehensive compliance program absent evidence of widespread noncompliance and that “the compliance program language in [the] settlement is another step toward just such a de facto rule.””  C.G. Thompson, “Mandated Compliance Programs as the New Normal?” American Conference Institute blog.  Retrieved June 6, 2013.

The Incredible Shrinking Nuclear Industry

News last week that the San Onofre units would permanently shutdown - joining Crystal River 3 (CR3) and Kewaunee as the latest early retirees - and filling in the last leg of a nuclear bad news trifecta.  This is distressing on many fronts, not the least of which is the loss of jobs for thousands of highly qualified nuclear personnel, and perhaps the suggestion of a larger trend.  Almost as distressing is the characterization by NEI that San Onofre is a unique situation - as were CR3 and Kewaunee by the way - and placing primary blame on the NRC.*  Really?  The more useful question to ponder is what decisions led up to the need for plant closures and whether there is a common denominator? 

We can think of one: decisions that failed to adequately account for the “tail” of the risk distribution where outcomes, albeit of low probability, carry high consequences.  On this score checking in with Nick Taleb is always instructive.  He observes “This idea that in order to make a decision you need to focus on the consequences (which you can know) rather than the probability (which you can’t know) is the central idea of uncertainty.”**

• For Kewaunee the decision to purchase the plant with a power purchase agreement (PPA) that extended only for eight years;
• For CR3, the decision to undertake cutting the containment with in-house expertise;
• For SONGs the decision to purchase and install new design steam generators from a vendor working beyond its historical experience envelope.

Whether the decision makers understood this, or even imagined that their decisions included the potential to lose the plants, the results speak for themselves.  These people were in Black Swan and fat tail territory and didn’t realize it.  Let’s look at a few details.

Kewaunee

Many commentators at this point are writing off the Kewaunee retirement based on the miracle of low gas prices.  Dominion cites gas prices and the inability to acquire additional nuclear units in the upper Midwest to achieve economies of scale.  But there is a far greater misstep in the story.  When Dominion purchased Kewaunee from Wisconsin Public Service in 2005, a PPA was included as part of the transaction.  This is an expected and necessary part of the transaction as it established set prices for the sale of the plant’s output for a period of time.  A key consideration in structuring deals such as this is not only the specific pricing terms for the asset and the PPA, but the duration of the PPA.  In the case of Kewaunee the PPA ran for only 8 years, through December 2013.  After 8 years Dominion would have to negotiate another PPA with the local utilities or others or sell into the market.  The question is - when buying an asset with a useful life of 28 years (with grant of the 20 year license extension), why would Dominion be OK with just an 8 year PPA?  Perhaps Dominion assumed that market prices would be higher in 8 years and wanted to capitalize on those higher prices.  Opponents to the transaction believed this to be the case.***  The prevailing expectation at the time was that demand would continue along with appropriate pricing necessary to accommodate current and planned generating units.  But the economic downturn capped demand and left a surplus of baseload.  Local utilities faced with the option of negotiating a PPA for Kewaunee - or thinning the field and protecting their own assets - did what was in their interest. 

The reality is that Dominion rolled the dice on future power prices.  Interestingly, in the same time frame, 2007, the Point Beach units were purchased by NextEra Energy Resources (formerly FPL Energy).  In this transaction PPAs were negotiated through the end of the extended license terms of the units, 2030 and 2033, providing the basis for a continuing and productive future.

Crystal River 3

In 2009 Progress Energy undertook a project to replace the steam generators in CR3.  As with some other nuclear plants this necessitated cutting into the containment to allow removal of the old generators and placement of the new. 

Apparently just two companies, Bechtel and SGT, had managed all the previous 34 steam generator replacement projects at U.S. nuclear power plants. Of those, at least 13 had involved cutting into the containment building. All 34 projects were successful.

For the management portion of the job, Progress got bids from both Bechtel and SGT. The lowest was from SGT but Progress opted to self-manage the project to save an estimated $15 million.  During the containment cutting process delamination of concrete occurred in several places.  Subsequently an outside engineering firm hired to do the failure analysis stated that cutting the steel tensioning bands in the sequence done by Progress Energy along with removing of the concrete had caused the containment building to crack.  Progress Energy disagreed stating the cracks “could not have been predicted”.  (See Taleb’s view on uncertainty above.)

“Last year, the PSC endorsed a settlement agreement that let Progress Energy refund $288 million to customers in exchange for ending a public investigation of how the utility broke the nuclear plant.”****

When it came time to assess how to fix the damage, Progress Energy took a far more conservative and comprehensive approach.  They engaged multiple outside consultants and evaluated numerous possible repair options.  After Duke Energy acquired Progress, Duke engaged an independent, third-party review of the engineering and construction plan developed by Progress.  The independent review suggested that the cost was likely to be almost $1.5 billion. However, in the worst-case scenario, it could cost almost $3.5 billion and take eight years to complete.   “...the [independent consultant] report concluded that the current repair plan ‘appears to be technically feasible, but significant risks and technical issues still need to be resolved, including the ultimate scope of any repair work.’"*****  Ultimately consideration of the potentially huge cost and schedule consequences caused Duke to pull the plug.  Taleb would approve.

San Onofre

Southern California Edison undertook a project to replace its steam generators almost 10 years ago.  It decided to contract with Mitsubishi Heavy Industries (MHI) to design and construct the generators.  This would be new territory for Mitsubishi in terms of the size of the generators and design complexity.  Following installation and operation for a period of time, tube leakage occurred due to excessive vibrations.  The NRC determined that the problems in the steam generators were associated with errors in MHI's computer modeling, which led to underestimation of thermal hydraulic conditions in the generators.

“Success in developing a new and larger steam generator design requires a full understanding of the risks inherent in this process and putting in place measures to manage these risks….Based upon these observations, I am concerned that there is the potential that design flaws could be inadvertently introduced into the steam generator design that will lead to unacceptable consequences (e.g., tube wear and eventually tube plugging). This would be a disastrous outcome for both of us and a result each of our companies desire to avoid. In evaluating this concern, it would appear that one way to avoid this outcome is to ensure that relevant experience in designing larger sized steam generators be utilized. It is my understanding the Mitsubishi Heavy Industries is considering the use of Westinghouse in several areas related to scaling up of your current steam generator design (as noted above). I applaud your effort in this regard and endorse your attempt to draw upon the expertise of other individuals and company's to improve the likelihood of a successful outcome for this project.”#

Unfortunately these concerns raised by SCE came after letting the contract to Mitsubishi.  SCE placed (all of) its hopes on improving the likelihood of a successful outcome at the same time stating that a design flaw would be “disastrous”.  They were right about the disaster part.

Take Away

These are cautionary tales on a significant scale.  Delving into how such high risk (technical and financial) decisions were made and turned out so badly could provide useful lessons learned.  That doesn’t appear likely given the interests of the parties and being inconsistent with the industry predicate of operational excellence.

With regard to our subject of interest, safety culture, the dynamics of safety decisions are subject to similar issues and bear directly on safety outcomes.  Recall that in our recent posts on implementing safety culture policy, we proposed a scoring system for decisions that includes the safety significance and uncertainty associated with the issue under consideration.  The analog to Taleb’s “central idea of uncertainty” is intentional and necessary.  Taleb argues you can’t know the probability of consequences.  We don’t disagree but as a “known unknown” we think it is useful for decision makers to recognize how uncertain the significance (consequences) may be and calibrate their decision accordingly.


*  “Of course, it’s regrettable...Crystal River is closing, the reasons are easy to grasp, and they are unique to the plant. Even San Onofre, which has also been closed for technical reasons (steam generator problems there), is quite different in specifics and probable outcome. So – unfortunate, yes; a dire pox upon the industry, not so much.”  M. Flanagan, "Crystal River: End Days of Nuclear Energy?" NEI Nuclear Notes (Feb. 7, 2013).  Retrieved June 17, 2013.  For the NEI/SCE perspective on regulatory foot-dragging and uncertainty, see W. Freebairn et al, "SoCal Ed to retire San Onofre nuclear units, blames NRC delays," Platts (June 7, 2013).  Retrieved June 17, 2013.  And "NEI's Peterson discusses politics surrounding NRC confirmation, San Onofre closure," Environment & Energy Publishing OnPoint (June 17, 2013).  Retrieved June 17, 2013.

**  N. Taleb, The Black Swan (New York: Random House, 2007), p. 211.  See also our post on Taleb dated Nov. 9, 2011.

***  The Customers First coalition that opposed the sale of the plant in 2004 argued: “Until 2013, a complex purchased-power agreement subject to federal jurisdiction will replace PSCW review. After 2013, the plant’s output will be sold at prices that are likely to substantially exceed cost.”  Customers First!, "Statement of Position: Proposed Sale of the Kewaunee Nuclear Power Plant April 2004" (April, 2004).  Retrieved June 17, 2013.

****  R. Trigaux, "Who's to blame for the early demise of Crystal River nuclear power plant?" Tampa Bay Times (Feb. 5, 2013).  Retrieved Jun 17, 2013.  We posted on CR3's blunder and unfolding financial mess on Nov. 11, 2011.

*****  "Costly estimates for Crystal River repairs," World Nuclear News (Oct. 2, 2012).  Retrieved June 17, 2013.

#  D.E. Nunn (SCE) to A. Sawa (Mitsubishi), "Replacement Steam Generators San Onofre Nuclear Generating Station, Units 2 & 3" (Nov. 30, 2004).  Copy retrieved June 17, 2013 from U.S. Senate Committee on Environment & Public Works, attachment to Sen. Boxer's May 28, 2013 press release.

Meanwhile, Back at the Vit Plant

Previous posts* have chronicled the safety culture (SC) issues raised at the Waste Treatment and Immobilization Plant (WTP aka the Vit plant) at the Department of Energy's (DOE's) Hanford site.  Both the DOE Office of River Protection (ORP) and the WTP contractor (Bechtel) have been under the gun to strengthen their SC.  On May 30, 2013 DOE submitted a progress report** to the Defense Nuclear Facilities Safety Board covering both DOE and Bechtel activities.

DOE ORP

Based on an assessment by an internal SC Integrated Project Team (IPT), ORP reported its progress on nine near-term SC improvement actions contained in the ORP SC Improvement Plan.  For each action, the IPT assessed degree of implementation (full, partial or none) and effectiveness (full, partial, or indeterminate).  The following table summarizes the actions and current status.

ORP has a lot of activities going on but only two are fully implemented and none is yet claimed to be fully effective.  In ORP's own words, “ORP made a substantial start toward improving its safety culture, but much remains to be done to demonstrate effective change. . . . Four of the nine actions were judged to be partially effective, and the other five were judged to be of indeterminate effectiveness at the time of evaluation due to the recent completion of some of the actions, and because of the difficulty in measuring safety culture change over a one-year time period.” (Smith, p. 1)

The top-level ORP actions look substantive but digging into the implementation details reveals many familiar tactics for addressing SC problems: lots of training (some yet to be implemented), new or updated processes and procedures, (incomplete) distribution of INPO booklets, and the creation of a new behavioral expectations poster (which is largely ignored).

SC elements have been added to senior management and supervisor performance plans.  That appears to mean these folks are supposed to periodically discuss SC with their people.  There's no indication whether such behavior will be included in performance review or compensation considerations.

ORP did attempt to address concerns with the Differing Professional Opinion (DPO) process.  DPO and Employee Concerns Program (ECP) training was conducted but some employees reported reservations about both programs.

A new issues management system has been well received by employees but needs greater promotion by senior managers to increase employees' willingness to raise issues and ask questions.  The revised ECP also needs increased senior management support.

The team pointed out that ORP does not have a SC management statement or policy.

Bechtel

There is much less detail available here.  The report says Bechtel's plan “contains 50 actions broken into six strategic improvement areas:

A. Realignment and Maintenance of Design and Safety Basis
B. Management Processes of the WTP NSQC
C. Timeliness of Issues Identification
D. Resolution. Roles. Responsibilities. Authorities, and Accountabilities
E. Management and Supervisory Behaviors
F.  Construction Site-Unique Issues

“The scheduled completion date for the last actions is December 2013. Twenty-seven actions were complete as of March 31, 2013, with an additional 12 planned to be complete by June 30, 2013.” (p. 19)

“ORP has completed surveillances on 19 of the 27 completed actions identifying 7 opportunities for improvement.  Because changing an organization's culture takes time, the current oversight efforts are focused on verifying actions have been completed.” (ibid.)  In other words, there has been no evaluation of the effectiveness of Bechtel's actions.

Our perspective

The ORP program is a traditional approach aimed at incremental organizational performance improvement.  There is no or scant mention of what we'd call strategic concerns, e.g., recognizing and addressing schedule/budget/safety goal conflicts; decision making in a complex, dynamic environment with many external pressures; riding herd on Bechtel; or creating a sense of urgency with respect to SC.

The most surprising thing to us was how unexpectedly candid the assessment was (for one produced by an employee team) in describing the program's impact to date.  For example, as the IPT performed its assessment, it tried to determine if employees were aware of the SC actions or their effects.  The results were mixed: some employees see changes but many don't, or they sense a general change but are unaware of specifics, e.g., new or changed procedures.  In general, organizational emphasis on SC declined over the year and was not very visible to the average employee.

The team's most poignant item was a direct appeal for personal involvement by the ORP manager in the SC program.  That tells you everything you need to know about SC's priority at ORP.


*  Click on Vit Plant under Labels to see previous posts.

**  M. Moury (DOE) to P.S. Winokur (DNFSB), DOE completes Action 1-9 of the Department's Implementation Plan for DNFSB Recommendation 2011-1, Safety Culture at the Waste Treatment and Immobilization Plant (May 30, 2013).  A status summary memo from ORP's K.W. Smith and the IPT report are attached to the Moury letter.  Our thanks to Bill Mullins for bringing these documents to our attention.

McKinsey Quarterly Report on Decision Making Styles

A brief article* in the April McKinsey Quarterly describes a piece of early-stage academic research into different individuals' decision making styles at work.

This is not rigorous social science.  The 5,000 survey participants were self-selected readers of the McKinsey Quarterly and Harvard Business Review.  Survey responses showed a range of decision making preferences, from largely intuitive to exhaustive deliberation.  Further analysis identified five different types of decision-makers.  Each type has exposure to certain decision making risks based on the decision-maker's preference for say, moving ahead quickly vs. lengthy analysis.  In other words, each type exhibits certain biases.

A practical application of this typology is to see which type best describes two very important people: you and your boss.  Self assessment is always valuable to identify current strengths and improvement opportunities.  Boss assessment may reveal why your boss sees things differently from you, and suggest ways you can support and complement your boss to help you both become more successful at work.


*  D. Lovallo and O. Sibony, “Early-stage research on decision-making styles,” McKinsey Quarterly (April 2013).  Retrieved June 11, 2013.  A pop-out button is on the right side of the text, about half-way down the article; pushing the button opens a slide show of the different decision making types.  A pdf of the article can be downloaded if one registers (free) at the site.

Implementing Safety Culture Policy Part 2

This post continues our discussion of the implementation of safety culture policy in day-to-day nuclear management decision making, started in our post dated April 9, 2013.   In that post we introduced several parameters for quantitatively scoring decisions: decision quality, safety significance and significance uncertainty.  At this time we want to update the decision quality label, using instead “decision balance”.

To illustrate the application of the scoring method we used a set of twenty decisions based on issues taken from actual U.S. nuclear operating experience, typically those that were reported in LERs.  As a baseline, we scored each issue for safety significance and uncertainty.  Each issue identified 3 to 4 decision options for addressing the problem - and each option was annotated with the potential impacts of the decision on budgets, generation (e.g. potential outage time) and the corrective action program.   We scored each decision option for its decision balance (how well the decision option balances safety priority) and then identified the preferred decision option for each issue.  This constitutes what we refer to as the “preferred decision set”.  A pdf file of one example issue with decision choices and scoring inputs is available here. 

Our assumption is that the preferred decision set would be established/approved by senior management based on their interpretation of the issues and their expectations for how organizational decisions should reflect safety culture.  The set of issues would then be used in a training environment for appropriate personnel.  For purposes of this example, we incorporated the preferred decision set into our NuclearSafetySim* simulator to illustrate the possible training experience.  The sim provides an overall operational context tracking performance for cost, plant generation and CAP program and incorporating performance goals and policies.

Chart 1

In the sim application a trainee would be tasked with assessing an issue every three months over a 60 month operational period.  The trainee would do this while attempting to manage performance results to achieve specified goals.  For each issue the trainee would review the issue facts, assign values for significance and uncertainty, and select a decision option.  Chart 1 compares the actual decisions (those by the trainee) to those in the preferred set for our prototype session.   Note that approximately 40% of the time the actual decision matched the preferred decision (orange data points).  For the remainder of the issues the trainee’s selected decisions differed.  Determining and understanding why the differences occurred is one way to gain insight into how culture manifests in management actions.

As we indicated in the April 9 post, each decision is evaluated for its safety significance and uncertainty in accordance with quantified scales.  These serve as key inputs to determining the appropriate balance to be achieved in the decision.  In prior work in this area, reported in our posts dated July 15, 2011 and October 14, 2011 we solicited readers to score two issues for safety significance.  The reported scores ranged from 2 to 10 (most scores between 4 to 6) for one issue and ranged 5 to 10 (most scores 6 to 8) for the other issue.  This reflects the reality that perceptions of safety significance are subject to individual differences.  In the current exercise, similar variations in scoring were expected and led to differences between the trainee’s scores and the preferred decision set.  The variation may be due to the inherent subjective nature of assessing these attributes and other factors such as experience, expertise, biases, and interpretations of the issue.  So this could be one source of difference in the trainee decision selections versus the preferred set, as the decision process attempts to match action to significance. 

Another source could be in the decision options themselves.   The decision choice by a trainee could have focused on what the trainee felt was the “best” (i.e., most efficacious) decision versus an explicit consideration of safety priority commensurate with safety significance.  Additionally decision choices may have been influenced by their potential impacts, particularly under conditions where performance was not on track to meet goals. 

Chart 2

Taking this analysis a bit further, we looked at how decision balance varied over the course of the simulation.  As discussed in our April 9 post we use decision balance to create a quantitative measure of how well the goal of safety culture is being incorporated in a specific decision - the extent to which the decision accords the priority for safety commensurate with its safety significance.  In the instant exercise, each decision option for each issue has been assigned a balance value as part of the preferred scoresheet.**  Chart 2 shows a timeline of decision balances - one for the preferred decision set and the other for the actual decisions made by the trainee.  A smoothing function has been applied to the discrete values of balance to provide a continuous track. 

The plots illustrate how decision balance may vary over time, with specific decisions reflecting greater or lesser emphasis on safety.  During the first half of the sim the decision balances are in fairly close agreement, reflecting in part that in 5 of 8 cases the actual decisions matched the preferred decisions.  However in the second half of the sim significant differences emerge, primarily in the direction of weaker balances associated with the trainee decisions.  Again, understanding why these differences emerge could provide insight into how safety culture is actually being practiced within the organization. Chart 3 adds in some additional context.

Chart 3

The yellow line is a plot of “goal pressure” which is simply a sum of the differences in actual performance in the sim to goals for cost, generation and CAP program.  Higher values of pressure are associated with performance lagging the goals.  Inspection of the plot indicates that goal pressure was mostly modest in the first half of the sim before an initial spike up and further increases with time.  The blue line, the decision balance of the trainee, does not show any response to the initial spike, but later in the sim the high goal pressure could be seen as a possible contributor to decisions trending to lower balances.  A final note is that over the course of the entire sim, the average values of preferred and actual balance are fairly close for this player, perhaps suggesting reasonable overall alignment in safety priorities notwithstanding decision to decision variations. 

A variety of training benefits can flow from the decision simulation.  Comparisons of actual to preferred decisions provide a baseline indication of how well expected safety balances are being achieved in realistic decisions.  Consideration of contributing factors such as goal pressure may illustrate challenges for decision makers.  Comparisons of results among and across groups of trainees could provide further insights.  In all cases the results would provide material for discussion, team building and alignment on safety culture.

In our post dated November 4, 2011 we quoted the work of Kahneman, that organizations are “factories for producing decisions”.  In nuclear safety, the decision factory is the mechanism to actualize safety culture into specific priorities and actions.  A critical element of achieving strong safety culture is to be able to identify differences between espoused values for safety (i.e., the traits typically associated with safety culture) and de facto values as revealed in actual decisions. We believe this can be achieved by capturing decision data explicitly, including the judgments on significance and uncertainty, and the operational context of the decisions.

The next step is synthesizing the decision and situational parameters to develop a useful systems-based measure of safety culture.  A quantity that could be tracked in a simulation environment to illustrate safety culture response and provide feedback and/or during nuclear operations to provide a real time pulse of the organization’s culture.


* For more information on using system dynamics to model safety culture, please visit our companion website, nuclearsafetysim.com.

** It is possible for some decision options to have the same value of balance even though they incorporate different responses to the issue and different operational impacts. 

When the Big Dogs Refuse to Learn New Tricks

A regular reader asks: The middle managers at my facility think learning is great—for their subordinates.  How can I get them to accept that learning new ideas, viz., contemporary safety culture (SC) concepts or approaches, is also good for them?

This is a tough nut to crack but we'll give it a shot.  We'll take a brief look at why these managers resist changing their own behavior, i.e., find it hard to learn.  Then we'll present some strategies for engaging them in an effort to modify their attitudes and behavior.

Why managers resist learning 

Management theorists and practical experience provide some reasons why this problem arises.  We'll start with the individual and then look at the work group.

A classic article by management theorist Chris Argyris* provides a good starting point (although it's not a perfect fit with the question at hand).  Argyris' basic argument is as follows: Many highly skilled “professionals are almost always successful at what they do, . . . because they have rarely failed, they have never learned how to learn from failure. . . . they become defensive, screen out criticism, and the put the “blame” on anyone and everyone but themselves.” (p. 100)  In practice, they engage in defensive reasoning, guided by their true (as opposed to espoused) values: maintain control; maximize winning and minimize losing; suppress negative feelings and avoid open conflicts; and be as “rational” as possible, i.e., define clear objectives but allow limited freedom of choice in strategy selection. 

In other words, past successes breed confidence in managers to continue doing what they've been doing and construct defenses against unwelcome, potentially threatening changes.

In the work group, these managers sit on top of their silos, controlling the careers and paychecks of those below them.  Recognized success in achieving assigned goals provides feedback that one's managerial approach is effective and correct.  Managers manage and subordinates comply.  If subordinates' performance is deficient, then progressive discipline is used to correct the situation.  Step one or two of a typical program is to require subordinates to learn (or relearn) applicable policies, programs, procedures, etc.  If the manager is dealing with such a situation, then he's OK and it's the subordinate who has a problem.  More success breeds more confidence.

What can the change agent do?

Maybe very little.  You can't fix stupid, but you can (occasionally) fix arrogance or over-confidence if the proper opportunity appears, or you can create it.  Opportunities may arise from the external environment, within the work group or internal to the manager.  Some candidate challenges include those confronting the entire organization (e.g. risk of shutdown), the work group (e.g., scoring significantly lower than other groups on the latest SC survey) or the individual manager (e.g., a new, unfamiliar boss, a top-down SC initiative or a review of his compensation plan).

What you're looking for is a teachable moment when the manager faces a significant challenge, preferably one that places him at existential risk in the organization.  Why?  Because comfortable people are only motivated to change when it's perceived as less dangerous than staying put.

You'll need an action plan to promote your value-add to the resolution of the particular challenge.  And an “elevator speech” to promote your plan when you bump into the boss coming out of the executive washroom. 

What if you don't have a crisis handy? 

Then you need to go hunting for a candidate to “help.”  We know that many middle managers are satisfied with their positions and content to remain at that level for the balance of their careers.  They are transactional not transformational characters.  But some are more ambitious, they may exhibit what psychologist David McClelland called a high nAch, the need for Achievement.  And, as Maslow taught us, unsatisfied needs motivate behavior.  So these managers seek to prove their superior worth to their bosses, perhaps by undertaking some new task or program initiative.  If you can identify one of these people, you can work on educating him on the value of SC to his career; the goal is to get him to champion, promote and model SC.  And you need to talk to the senior managers to help get your champion recognized, rewarded, promoted or at least made more promotable.

In short, you can wait in the bushes, biding your time, until opportunities come along or you can try to initiate change or act as a change catalyst.  You don't need Sigmund Freud or Margaret Mead to help you figure out what to do.  You need patience, an action plan and the will to jump on opportunities when they arise.


*  C. Argyris, “Teaching Smart People to Learn,” Harvard Business Review (May-June, 1991), pp. 99-109.  The same Safetymatters reader who asked the initial question also recommended this article.  Kudos to him.

Argyris is perhaps best known for his concepts of single-loop and double-loop learning.  In single loop learning, actions are designed to achieve specified goals and questions or conflicts about governing variables are suppressed.  In double loop learning, the governing variables are subjected to scrutiny and, if necessary, actions are taken to attempt to transform them.  This can broaden the range of strategic choices for achieving the original goals.  Single loop learning leads to defensive reasoning, double loop learning reflects productive reasoning.  Productive reasoning is characterized by dissemination and consideration of complete information, minimal defensiveness and open confrontation of difficult issues.

How the NRC Regulates Safety Culture

We have long griped about the back door regulation of safety culture (SC) in the U.S.  This post describes how the NRC gets to and through the back door.  (Readers familiar with the NRC regulatory process can skip this post.  If we get it wrong, please let us know.)

Oversight of Reactor Operations*

The Action Matrix

The NRC's Operating Reactor Assessment Program collects information from inspections (baseline and supplemental) and performance indicators (PIs) to develop conclusions about a licensee's safety performance.  Depending on the results of the NRC's assessment, a plant is assigned to a column in the Action Matrix, a table that categorizes various levels of plant performance and, for each level, identifies required and optional NRC and licensee actions.

The Action Matrix has five columns; the safety significance of plant problems increases as one goes from column 1 to column 5.  Plants in column 1 receive the NRC baseline inspection program, plants in columns 2-4 receive increasing NRC attention and licensee requirements and plants in column 5 have unacceptable performance and are not allowed to operate.

SC first becomes a consideration in column 2 when the NRC conducts a Supplemental Inspection using  IP 95001.  Licensees are expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's corrective action program (CAP).  NRC inspectors determine if the licensee's causal evaluations appropriately considered SC components and if any SC issues were identified that the corrective action is sufficient to address the SC issue(s).  If not, then the inspection report is kept open until the licensee takes sufficient corrective action.
   
For a plant in column 3, the licensee is again expected to identify the causes of identified problems, including the contribution of any SC-related components, and place the problems in the plant's CAP.  NRC inspectors independently determine if SC components caused or significantly contributed to the identified performance problems.  If inspectors cannot make an independent determination (e.g., the licensee does not perform a SC analysis) the inspection is kept open until the licensee takes sufficient corrective action.

If the NRC concludes SC deficiencies caused or significantly contributed to the performance issues, and the licensee did not recognize it, the NRC may request that the licensee complete an independent** SC assessment.  In other words, it is an NRC option.

For plants in column 4 or 5, the licensee is expected to have a third-party** SC assessment performed.  The NRC will evaluate the third-party SC assessment and independently perform a graded assessment of the licensee's SC.  Inspectors can use the results from the licensee's third party SC assessment to satisfy the inspection requirements if the staff has completed a validation of the third party SC methodology and related factors.  If the inspectors conduct their own assessment, the scope may range from focusing on functional groups or specific SC components to conducting a complete SC assessment 

Significant Cross-Cutting Issues

The NRC evaluates performance for seven cornerstones that reflect the essential safety aspects of plant operation.  Some issues arise that cross two or more cornerstones and result in a Significant Cross-Cutting Issue (SCCI) in the areas of Human Performance, Problem Identification and Resolution or Safety Conscious Work Environment.  Each SCCI has constituent components, e.g., the components of Human Performance are Decision-making, Resources, Work control and Work practices.  Each component is characterized, e.g., for Decision-making “Licensee decisions demonstrate that nuclear safety is an overriding priority” and has defining attributes, e.g., “The licensee makes safety-significant or risk-significant decisions using a systematic process, . . . uses conservative assumptions . . . [and] communicates decisions and the basis for decisions . . .” 

There are other components which are not associated with cross-cutting areas: Accountability, Continuous learning environment, Organizational change management and Safety policies.

Most important for our purpose, the NRC says the cross-cutting components and other components comprise the plant's SC components.

Thus, by definition analysis and remediation of SCCIs involve SC, sometimes directly.  For example, in the third consecutive assessment letter identifying the same SCCI, the NRC would typically request the licensee to perform an independent SC assessment.  (Such a request may be deferred if the licensee has made reasonable progress in addressing the issue but has not yet met the specific SCCI closure criteria.)

SCCIs are included with plants' annual and mid-cycle assessment letters.  Dana Cooley, a nuclear industry consultant, publishes a newsletter that summarizes new, continuing, closed and avoided SCCIs from the plant assessment letters.  The most recent report*** describes 15 new and continuing SCCIs, involving 6 plants.  Two plants (Browns Ferry and Susquehanna) have specific SC assessment requirements.

Our perspective

The NRC issued its SC Policy on June 14, 2011.  “The Policy Statement clearly communicates the Commission’s expectations that individuals at organizations performing or overseeing regulated activities establish and monitor a positive safety culture commensurate with the safety and security significance of their activities and the nature and complexity of their organizations and functions.”****

The SC Policy may be new to NRC licensees that do not operate nuclear reactors but as detailed above, the NRC's “expectations” have been codified in the operating reactor inspections for years.  (The SC language for the Action Matrix and SCCIs was added in 2006.)

Technically, there is no NRC regulation of SC because there are no applicable regulations.  As a practical matter, however, because the NRC can dig into (or force the licensees to dig into) possible SC contributions to safety-significant problems, then require licensees to fix any identified SC issues there is de facto regulation of SC.  SC is effectively regulated because licensees are forced to expend resources (time, money, personnel) on matters they might not otherwise pursue.

Because there is no direct, officially-recognized regulation of SC, it appears a weak SC alone will not get a plant moved to a more intrusive column of the Action Matrix.  However, failure to demonstrate a strong or strengthening SC can keep a plant from being promoted to a column with less regulatory attention.

Why does the industry go along with this system?  They probably fear that official regulation of SC might be even more onerous.  And it might be the camel's nose in the tent on NRC evaluation of licensee management competence, or looking at management compensation plans including performance incentives.  That's where the rubber meets the road on what is really important to a plant's corporate owners. 


*  This post is a high-level summary of material in the NRC Inspection Manual, Ch. 0305 “Operating Reactor Assessment Program” (Jun. 13, 2012), Ch. 0310 “Components Within the Cross-Cutting Areas” (Oct. 28, 2011) and NRC Inspection Procedures 95001 (Feb. 9, 2011), 95002 (Feb. 9, 2011) and 95003 (Feb. 9, 2011).  Many direct quotes are included but quotation marks have not been used in an effort to minimize clutter.

**  An independent SC assessment is performed by individuals who are members of licensee's organization but have no direct authority and have not been responsible for any of the areas being evaluated.  A third-party SC assessment is performed by individuals who are not members of the licensee's organization.  (IMC 0305, p. 4)

***  D.E. Cooley (SeaState Group), “NRC Reactor Oversight Program, Substantive Cross-Cutting Issues, 2012 Annual Assessment Letters, March 4, 2013 Data.” 

****  From the NRC website http://www.nrc.gov/about-nrc/regulatory/enforcement/safety-culture.html#programs

IAEA on Instituting Regulation of Licensee Safety Culture

The International Atomic Energy Agency (IAEA) has published a how-to report* for regulators who want to regulate their licensees' safety culture (SC).  This publication follows a series of meetings and workshops, some of which we have discussed (here and here).  The report is related to IAEA projects conducted “under the scope of the Regional Excellence Programme on Safe Nuclear Energy–Norwegian Cooperation Programme with Bulgaria and Romania. These projects have been implemented at the Bulgarian and Romanian regulatory bodies” (p. 1)

The report covers SC fundamentals, regulatory oversight features, SC assessment approaches, data collection and analysis.  We'll review the contents, highlighting IAEA's important points, then provide our perspective.

SC fundamentals

The report begins with the fundamentals of SC, starting with Schein's definition of SC and his tri-level model of artifacts, espoused values and basic assumptions.  Detail is added with a SC framework based on IAEA's five SC characteristics:

• Safety is a clearly recognized value
• Leadership for safety is clear
• Accountability for safety is clear
• Safety is integrated into all activities
• Safety is learning driven.

The SC characteristics can be described using specific attributes.

Features of regulatory oversight of SC 

This covers what the regulator should be trying to achieve.  It's the most important part of the report so we excerpt the IAEA's words.

“The objective of the regulatory oversight of safety culture, focused on a dynamic process, is to consider and address latent conditions that could lead to potential safety performance degradation at the licensees’ nuclear installations. . . . Regulatory oversight of safety culture complements compliance-based control [which is limited to looking at artifacts] with proactive control activities. . . . ” (p. 6, emphasis added)

“[R]egulatory oversight of safety culture is based on three pillars:

“Common understanding of safety culture. The nature of safety culture is distinct from, and needs to be dealt with in a different manner than a compliance-based control. . . .

“Dialogue. . . . dialogue is necessary to share information, ideas and knowledge that is often qualitative. . . .

“Continuousness. Safety culture improvement needs continuous engagement of the licensee. Regulatory oversight of safety culture therefore ideally relies on a process during which the regulator continuously influences the engagement of the licensee.” (p. 7)

“With regards to safety culture, the regulatory body should develop general requirements and enforce them in order to ensure the authorized parties have properly considered these requirements. On the other hand, the regulatory body should avoid prescribing detailed level requirements.” (p. 8)  The licensee always has the primary responsibility for safety.

Approaches for assessing SC

Various assessment approaches are currently being used or reviewed by regulatory bodies around the world. These approaches include: self-assessments, independent assessments, interaction with the licensee at a senior level, focused safety culture on-site reviews, oversight of management systems and integration into regulatory activities.  Most of these activities are familiar to our readers but a couple merit further definition.  The “management system” is the practices, procedures and people.**  “Integration into regulatory activities” means SC-related information is also collected during other regulatory actions, e.g., routine or special inspections.

The report includes a table (recreated below) summarizing, for each assessment approach, the accuracy of results and resources required.  Accuracy is judged as realistic, medium or limited and resource requirements as high, medium and low.  The table thus shows the relative strengths and weaknesses of each approach.

		Criteria
Approaches	Accuracy of SC picture	Effort	Management involvement	Human and Organizational Factors & SC skills
Self-assessment	Medium	Low (depending on	Low	Medium
Review		who initiates the		(to understand
(high experience and		self-assessment,		deliverables)
skills of the		regulator or
reviewers are		licensee)
assumed)
Independent	Medium	Low	Low	Medium
assessment Review				(to understand
(high experience and				deliverables)
skills of the
reviewers are
assumed)
Interaction with the	Limited (however	Medium	High	Medium
Licensee at Senior	can support a
Level	shared
	understanding)
Focused Safety	Realistic (gives	High	Medium	High
Culture On-Site	depth in a moment
Review	of time)
Oversight of	Medium (Reduced	Low	Low	Medium
Management System	if only formal
Implementation	aspects are
	considered)
Integration into	Medium (when	Medium (after an	Medium (with an	Medium (specific
Regulatory	properly trended	intensive initial	intensive initial	training
Activities	and analyzed)	introduction)	support)	requirement and
				experience sharing)

Data collection, analysis and presenting findings to the licensee

The report encourages regulators to use multiple assessment approaches and multiple data collection methods and data sources.  Data collection methods include observations; interviews; reviews of events, licensee documents and regulator documents; discussions with management; and other sources such as questionnaires, surveys, third-party documents and focus groups.  The goal is to approach the target from multiple angles.  “The aim of data analysis is to build a safety culture picture based on the inputs collected. . . . It is a set of interpreted data regarding the organizational practices and the priority of safety within these practices. (p. 17)

Robust data analysis “requires iterations [and] multi-disciplinary teams. A variety of expertise (technical, human and organizational factors, regulations) are necessary to build a reliable safety culture picture. . . . [and] protect against bias inherent to the multiple sources of data.” (p. 17)

The regulator's picture of SC is discussed with the licensee during periodic or ad hoc meetings.  The objective is to reach agreement on next steps, including the implementation of possible meeting actions and licensee commitments.

Our perspective

The SC content is pretty basic stuff, with zero new insight.  From our viewpoint, the far more interesting issue is the extension of regulatory authority into an admittedly soft, qualitative area.  This issue highlights the fact that the scope of regulatory authority is established by decisions that have socio-political, as well as technical, components.  SC is important, and certainly regulatable.  If a country wants to regulate nuclear SC, then have at it, but there is no hard science that says it is a necessary or even desirable thing to do.

Our big gripe is with the hypocrisy displayed by the NRC which has a SC policy, not a regulation, but in some cases implements all the steps associated with regulatory oversight discussed in this IAEA report (except evaluation of management personnel).  For evidence, look at how they have been pulling Fort Calhoun and Palisades through the wringer.


*  G. Rolina (IAEA), “Regulatory oversight of safety culture in nuclear installations” IAEA TECDOC 1707 (Vienna: International Atomic Energy Agency, 2013).

**  A management system is a “set of interrelated or interacting elements (system) for establishing policies and objectives and enabling the objectives to be achieved in an efficient and effective way. . . . These elements include the structure, resources and processes. Personnel, equipment and organizational culture as well as the documented policies and processes are parts of the management system.” (p. 30)