Wednesday, April 22, 2015

More Evidence of Weak Safety Culture in DOE

DNFSB Headquarters
We have posted many times about safety culture (SC) issues in the Department of Energy (DOE) empire.  Many of those issues have been raised by the Defense Nuclear Facilities Safety Board (DNFSB), an overseer of DOE activities.  Following is a recent example based on a DNFSB staff report.*

The Radcalc Imbroglio

Radcalc is a computer program used across the DOE complex (and beyond) to determine the transportation package classification for radioactive materials, including radioactive waste, based on the isotopic content.  Radcalc errors could lead to serious consequences, e.g., exposure to radiation or explosions, in the event of a transportation accident.  DOE classified Radcalc as safety software and assigned it the second highest level of rigor in DOE’s software quality assurance (SQA) procedures.

A DNFSB audit found multiple deficiencies with respect to Radcalc, most prominently DOE’s inability to provide any evidence of federal oversight of Radcalc during the software's lifetime (which dates back to the mid-1990s).  In addition, there was no evidence DOE contractors had any Radcalc-related QA plans or programs, or maintained software configuration management.  Neither DOE nor the contractors effectively used their corrective action program to identify and correct software problems.  DNFSB identified other problems but you get the idea.

DNFSB Analysis

As part of its analysis of problems and causes, the DNFSB identified multiple contributing factors including the following related to organization.  “There is an apparent lack of a systematic, structured, and documented approach to determine which organization within DOE is responsible to perform QA audits of contractor organizations.  During the review, different organizations within DOE stated that they thought another organization was responsible for performing Radcalc contractor QA audits.  DOE procedures do not clearly delineate which organization is responsible for QA/SQA audits and assessments.” (Report, p. 4)

Later, the report says “In addition, this review identified potentially significant systemic [emphasis added] concerns that could affect other safety software. These are: inadequate QA/SQA requirement specification in DOE contracts and the lack of policy identifying the DOE organizations in charge of performing QA assessments to ensure compliance; unqualified and/or inadequate numbers of qualified federal personnel to oversee contract work; . . . and additional instances of inadequate oversight of computer work within DOE (e.g., Radtran).” (Report, p. 5)

Our Perspective

Even without the DNFSB pointing out “systemic” concerns, this report practically shouts the question “What kind of SC would let this happen?”  We are talking about a large group of organizations where a significant, safety-related activity failed to take place and the primary reason (excuse) is “Not my group’s job.”  And no one took on the task to determine whose job it was.  This underlying cultural attitude could be as significant as the highly publicized SC problems at individual DOE facilities, e.g., the Hanford Waste Treatment Plant or the Waste Isolation Pilot Plant.

The DNFSB asked DOE to respond to the report within 90 days.  What will such a report say?  Let’s go out on a limb here and predict the report will call for “improved procedures, training and oversight.”  The probability of anyone facing discipline over this lapse: zero.  The probability of DOE investigating its own and/or contractor cultures for a possible systemic weakness: also zero.  Why?  Because there’s no money in it for DOE or the contractors and the DNFSB doesn’t have the organizational or moral authority to force it to happen.

We’ve always championed the DNFSB as the good guys, trying to do the right thing with few resources.  But the sad reality is they are a largely invisible backroom bureaucracy.  When a refinery catches fire, the Chemical Safety Board is front and center explaining what happened and what they’ll recommend to keep it from happening again.  When was the last time you saw the DNFSB on the news or testifying before Congress?  Their former chairman retired suddenly late last year, with zero fanfare; we think it’s highly likely the SC initiative he championed and attempted to promulgate throughout DOE went out the door with him.


*  J.H. Roberson (DNFSB) to D.M. Klaus (DOE), letter (Mar. 16, 2015) with enclosed Staff Issue Report “Review of Federal Oversight of Software Quality Assurance for Radcalc” (Dec. 17, 2014).  Thanks to Bill Mullins for bringing this document to our attention.

Monday, April 13, 2015

Safety-I and Safety-II: The Past and Future of Safety Management by Erik Hollnagel

This book* discusses two different ways of conceptualizing safety performance problems (e.g., near-misses, incidents and accidents) and safety management in socio-technical systems.  This post describes each approach and provides our perspective on Hollnagel’s efforts.  As usual, our interest lies in the potential value new ways of thinking can offer to the nuclear industry.

Safety-I

This is the common way of looking at safety performance problems.  It is reactive, i.e., it waits for problems to arise** and analytic, e.g., it uses specific methods to work back from the problem to its root causes.  The key assumption is that something in the system has failed or malfunctioned and the purpose of an investigation is to identify the causes and correct them so the problem will not recur.  A second assumption is that chains of causes and effects are linear, i.e., it is actually feasible to start with a problem and work back to its causes.  A third assumption is that a single solution (the “first story”) can be found. (pp. 86, 175-76)***  Underlying biases include the hindsight bias (p. 176) and the belief that the human is usually the weak link. (pp. 78-79)  The focus of safety management is minimizing the number of things that go wrong.

Our treatment of Safety-I is brief because we have reported on criticism of linear thinking/models elsewhere, primarily in the work of Dekker, Woods et al, and Leveson.  See our posts of Dec. 5, 2012; July 6, 2013; and Nov. 11, 2013 for details.

Safety-II

Safety-II is proposed as a different way to look at safety performance.  It is proactive, i.e., it looks at the ways work is actually performed on a day-to-day basis and tries to identify causes of performance variability and then manage them.  A key cause of variability is the regular adjustments people make in performing their jobs in order to keep the system running.  In Hollnagel’s view, “Finding out what these [performance] adjustments are and trying to learn from them can be more important than finding the causes of infrequent adverse outcomes!” (p. 149)  The focus of safety management is on increasing the likelihood that things will go right and developing “the ability to succeed under varying conditions, . . .” (p. 137).

Performance is variable because, among other reasons, people are always making trade-offs between thoroughness and efficiency.  They may use heuristics or have to compensate for something that is missing or take some steps today to avoid future problems.  The underlying assumption of Safety-II is that the same behaviors that almost always lead to successful outcomes can occasionally lead to problems because of performance variability that goes beyond the boundary of the control space.  A second assumption is that chains of causes and effects may be non-linear, i.e., a small variance may lead to a large problem, and may have an emergent aspect where a specific performance variability may occur then disappear or the Swiss cheese holes may momentarily line up exposing the system to latent hazards. (pp. 66, 131-32)  There may be multiple explanations (“second stories”) for why a particular problem occurred.  Finally, Safety-II accepts that there are often differences between Work-as-Imagined (esp. as imagined by folks at the blunt end) and Work-as-Done (by people at the sharp end). (pp. 40-41)***

The Two Approaches

Safety-I and Safety-II are not in some winner-take-all competitive struggle.  Hollnagel notes there are plenty of problems for which a Safety-I investigation is appropriate and adequate. (pp. 141, 146)

Safety-I expenditures are viewed as a cost (to reduce errors). (p. 57)  In contrast, Safety-II expenditures are viewed as bona fide investments to create more correct outcomes. (p. 166)

In all cases, organizational factors, such as safety culture, can impact safety performance and organizational learning. (p. 31)

Our Perspective

The more complex a socio-technical entity is, the more it exhibits emergent properties and the more appropriate Safety-II thinking is.  And nuclear has some elements of complexity.****  In addition, Hollnagel notes that a common explanation for failures that occur in a System-I world is “it was never imagined something like that could happen.” (p. 172)  To avoid being the one in front of the cameras saying that, it might be helpful for you to spend a little time reflecting on how System-II thinking might apply in your world.

Why do most things go right?  Is it due to strict compliance with procedures?  Does personal creativity or insight contribute to successful plant performance?  Do you talk with your colleagues about possible efficiency-thoroughness trade-offs (short cuts) that you or others make?  Can thinking about why things go right make one more alert to situations where things are heading south?  Does more automation (intended to reduce reliance on fallible humans) actually move performance closer to the control boundary because it removes the human’s ability to make useful adjustments?  Has any of your root cause evaluations appeared to miss other plausible explanations for why a problem occurred?

Some of the Safety-II material is not new.  Performance variability in Safety-II builds on Hollnagel’s earlier work on the efficiency-thoroughness trade-off (ETTO) principle.  (See our Jan. 3, 2013 post.)   His call for mindfulness and constant alertness to problems is straight out of the High Reliability Organization playbook. (pp. 36, 163-64)  (See our May 3, 2013 post.)

A definite shortcoming is the lack of concrete examples in the Safety-II discussion.  If someone has tried to do this, it would be nice to hear about it.

Bottom line, Hollnagel has some interesting observations although his Safety-II model is probably not the Next Big Thing for nuclear safety management.

 

*  E. Hollnagel, Safety-I and Safety-II: The Past and Future of Safety Management  (Burlington, VT: Ashgate , 2014)

**  In the author’s view, forward-looking risk analysis is not proactive because it is infrequently performed. (p. 57) 

***  There are other assumptions in the Safety-I approach (see pp. 97-104) but for the sake of efficiency, they are omitted from this post.

****  Nuclear power plants have some aspects of a complex socio-technical system but other aspects are merely complicated.   On the operations side, activities are tightly coupled (one attribute of complexity) but most of the internal organizational workings are complicated.  The lack of sudden environmental disrupters (excepting natural disasters) means they have time to adapt to changes in their financial or regulatory environment, reducing complexity.

Sunday, March 29, 2015

Nuclear Safety Assessment Principles in the United Kingdom

A reader sent us a copy of “Safety Assessment Principles for Nuclear Facilities” (SAPs) published by the United Kingdom’s Office for Nuclear Regulation (ONR).*  For documents like this, we usually jump right to the treatment of safety culture (SC).  However, in this case we were impressed with the document’s accessibility, organization and integrated (or holistic) approach so we want to provide a more general review.

ONR uses the SAPs during technical assessments of nuclear licensees’ safety submissions.  The total documentation package developed by a licensee to demonstrate high standards of nuclear safety is called the “safety case.”

Accessibility

The language is clear and intended for newbies as well as those already inside the nuclear tent.  For example, “The SAPs contain principles and guidance.  The principles form the underlying basis for regulatory judgements made by inspectors, and the guidance associated with the principles provides either further explanation of a principle, or their interpretation in actual applications and the measures against which judgements can be made.” (p. 11) 

Also furthering ease of use, the document is not strewn with acronyms.  As a consequence, one doesn’t have to sit with glossary in hand just to read the text.

Organization

ONR presents eight fundamental principles including responsibility for safety, limitation of risks to individuals and emergency planning.  We’ll focus on another fundamental principle, Leadership and Management (L&M) because (a) L&M activities create the context and momentum for a positive SC and (b) it illustrates holistic thinking.

L&M is comprised of four subordinate (but still high-level) inter-related principles: leadership, capable organization, decision making and learning.  “Because of their inter-connected nature there is some overlap between the principles. They should therefore be considered as a whole and an integrated approach will be necessary for their delivery.” (p. 18)

Drilling down further, the guidance for leadership includes many familiar attributes.  We want to acknowledge attributes we have been emphasizing on Safetymatters or reflect new thoughts.  Specifically, leaders must recognize and resolve conflict between safety and other goals, ensure that the reward systems promote the identification and management of risk, encourage safe behavior and discourage unsafe behavior or complacency; and establish a common purpose and collective social responsibility for safety. (p.19) 

Decision making (another Safetymatters hot button issue) receives a good treatment.  Topics covered include explicit recognition of goal conflict; appreciating the potential for error, uncertainty and the unexpected; and the essential functions of active challenges and a questioning attitude.

We do have one bone to pick under L&M: we would like to see words to the effect that safety performance and SC should be significant components of the senior management reward system.

Useful Points

Helpful nuggets pop up throughout the text.  A few examples follow.

“The process of analysing safety requires creativity, where people can envisage the variety of routes by which radiological risks can arise from the technology. . . . Safety is achieved when the people and physical systems together reliably control the radiological hazards inherent in the technology. Therefore the organizational systems (ie interactions between people) are just as important as the physical systems, . . . “ (pp. 25-26)

“[D]esigners and/or dutyholders may wish to put forward safety cases that differ from [SAP] expectations.   As in the past, ONR inspectors should consider such submissions on their individual merits. . . . ONR will need to be assured that such cases demonstrate equivalence to the outcomes associated with the use of the principles here,. . .” (p. 14)  The unstated principle here is equifinality; in more colorful words, there is more than one way to skin a cat.

There are echoes of other lessons we’ve been preaching on Safetymatters.  For example “The principle of continuous improvement is central to achieving sustained high standards of nuclear safety. . . . Seeking and applying lessons learned from events, new knowledge and experience, both nationally and internationally, must be a fundamental feature of the safety culture of the nuclear industry.” (p. 13)

And, in a nod to Nicholas Taleb, if a “hazard is particularly high, or knowledge of the risk is very uncertain, ONR may choose to concentrate primarily on the hazard.” (p. 8)

Our Perspective

Most of the content of the SAPs will be familiar to Safetymatters readers.  We suggest you skim the first 23 pages of the document covering introductory material and Leadership & Management.  SAPs is an excellent example of a regulator actually trying to provide useful information and guidance to current and would-be licensees and is far better than the simple-minded laundry lists promulgated by IAEA.


*  Office for Nuclear Regulation, “Safety Assessment Principles for Nuclear Facilities” Rev. 0 (2014).  We are grateful to Bill Mullins for forwarding this document to us.

Wednesday, March 18, 2015

Safety Culture at the 2015 NRC Regulatory Information Conference

NRC Public Meeting
The Nuclear Regulatory Commission (NRC) held its annual Regulatory Information Conference (RIC) on March 10-12, 2015.  As usual, safety culture (SC) played a minor supporting role: it was the topic of one technical session out of 37 total.  The SC session focused on assessing and/or measuring SC.  It featured a range of presentations—from NRC, Duke Energy, DOE and a SC consultant—which are summarized below.*

NRC

This presentation consisted of one (sic) slide recounting the NRC’s SC outreach program during the past year including the Trait Talk brochures, SC case studies and meetings with other nuclear regulatory bodies.

Duke Energy

The presenter provided a list of internal (CAP, Employee Concerns Program )and external (INPO, NRC) information, and management activities (Nuclear SC Monitoring Panel, Site Leadership team, Corporate Nuclear SC Monitoring Panel, Fleet Nuclear SC Monitoring Panel, Executive Nuclear Safety Council) that are used to assess equipment, processes and people across the Duke fleet.  There was no information on how these activities are integrated to describe plant or fleet SC, or if any SC issues have been identified or corrective actions taken; the slides were basically a laundry list.

Department of Energy (DOE)

The speaker was from DOE’s Office of Environment, Health, Safety and Security.  He reviewed the safety mission and goals related to DOE’s Integrated Safety Management program, DOE’s SC focus areas (leadership, employee/worker engagement and organizational learning) and SC-related activities (extent of condition reviews, self‐assessments, sustainment plans, independent assessments and the SC Improvement Panel.) 

The presentation covered the challenges in relating SC to safety management performance (mostly industrial safety metrics) and in implementing cultural changes.  Factors that make SC improvement difficult include production vs. safety goal conflict, fiscal pressures, leadership changes and internal inertia (resistance to change).

This presentation covered the basics of SC, as customized for DOE, but had no supporting details or any mention of the SC issues that have arisen at various DOE facilities, e.g., Hanford, Pantex and the Waste Isolation Pilot Plant.  We have posted many times on DOE SC; please click on the DOE label to retrieve these posts.

SC Consultant

The presenter was Sonja Haber.  She reviewed the fundamentals of the linkage between culture, behavior and ultimate performance, and the Schein three-level model of culture.

She also covered the major considerations for conducting SC assessments including having a diversity of expertise in assessing culture, using multiple methods of data collection, understanding how cultural complexity impacts performance and considering the interaction of human, organizational and technological factors.

Our Perspective

This was thin gruel compared to the 2014 RIC SC session (which we reviewed April 25, 2014).  Based on the slides, there was not much “there” there at this session.  The speaker who offered the most was Dr. Haber, not a surprise given that she has been involved in SC evaluations at various DOE facilities and testified at a Defense Nuclear Facilities Safety Board hearing on SC (which we reviewed June 9, 2014).

If a webcast of the SC technical session becomes available, we will review it to see if any useful additional information was presented or arose during the discussion.


*  The SC technical session presentations are available on the NRC website.

Friday, March 6, 2015

More Safety Culture “Trait Talk” from the NRC

Typical NRC Trait Talk brochure
The NRC introduced a series of educational brochures, the Safety Culture Trait Talk, at the March 2014 Regulatory Information Conference.  Each brochure covers one of the nine safety culture (SC) traits in the NRC SC Policy Statement (SCPS), describing why the trait is important and providing examples of related attributes and an illustrative scenario.

At that time, only one Trait Talk was available, viz., Leadership Safety Values and Actions.  We thought the content was pretty good.  The “Why is this trait important?” portion was derived from an extensive review of SC-related social science literature, which we liked a lot and posted about Feb. 10, 2013.  The “What does this trait look like?” section (aka attributes) comes from the SC Common Language initiative, which we have reviewed multiple times, most recently on April 6, 2014.  The illustrative scenario is new content developed for each brochure.

During 2014 and early 2015, NRC published additional Trait Talk brochures and now has one for each trait in the SCPS.*  We reviewed them all and still believe they provide a useful introduction and overview for each trait.  Following is our take on each trait’s essence (based on the brochure contents), and each brochure’s strengths and weaknesses.  

Leadership Safety Values and Actions

This trait focuses on the responsibilities of leaders to set the tone for SC through their own visible actions.  There is a good discussion of how employees at all levels can face goal conflicts, e.g., safety vs. production.  The focus of the reward system is on the staff; unfortunately, there is no mention of management’s financial incentives.  Although leaders’ decisions set the priority for safety, there is no mention of the decision making process, arguably management’s most fundamental and important function.**

Work Processes

This trait focuses on controlling work.  It emphasizes limiting temporary modifications, minimizing backlogs and adhering to procedures, which is all good.  It also says “organizations may require strict adherence to normal and emergency operating procedures.   However, flexibility may be necessary when responding to off-normal conditions.”  This may give the purists heartburn but it reflects reality and is a major observation of the Fukushima disaster.

Questioning Attitude

This trait is about avoiding complacency, watching for abnormalities while going about one’s duties and stopping work if unexpected conditions or results are encountered.  The key is ensuring safety has its appropriate priority at all times, which is not easy if a plant is under significant financial or political pressure.

Problem Identification and Resolution

This trait is about identifying and permanently resolving current problems, and anticipating potential future challenges and dealing with them before they manifest.  In our view, this is one of the two most important areas (the other being decision making) where everyone sees what a plant’s real priorities are.  This Trait Talk covers the topic well.

Environment for Raising Concerns

The trait is about establishing and maintaining a safety conscious work environment (SCWE).  The Trait Talk lays out the theory but the truth is whistle-blowers in many industries, including nuclear, become pariahs.

Effective Safety Communication

This trait is about transparency (although the term does not appear in the brochure.)  All business communication should be clear, complete, understandable and respectful.  The Trait Talk’s discussion on the importance of first-level supervisors being a primary source of information for their employees is very good.

Respectful Work Environment

The title says it all about this trait which overlaps with others, including questioning attitude, SCWE and transparent communications.  The Trait Talk has a good discussion of trust, at both the individual and organizational level.  One aspect we would add to the trust “equation” is the perception of self-interest vs. concern for others.

Continuous Learning

This trait is about identifying, obtaining, sharing, applying and retaining new knowledge that can lead to improved individual or organizational performance.  This trait overlaps with others, including questioning attitude and a respectful work environment.

Personal Accountability

This trait is mostly about everyone’s willingness to accept responsibility for safety but it also encompasses assigned individuals’ obligation for specific safety responsibilities.  For the latter case, the brochure’s statement that “Personal accountability is not finger pointing, blame, or punishment” is simply not true. 

Our Perspective 


The brochures provide a useful introduction and overview for each trait in the SCPS.  The content is generally good, with some weak spots and missing items.  These are, after all, four-page brochures and roughly 45 percent of the content is the same in every brochure.


*  All the Trait Talk brochures can be downloaded from the SC education materials page on the NRC website.

**  Interestingly, Decision Making is included as a tenth trait in NRC NUREG-2165, “Safety Culture Common Language” (Mar. 2014).  ADAMS ML14083A200.

Friday, February 20, 2015

NRC Office of Investigations 2014 Annual Report: From Cases to Culture

The Nuclear Regulatory Commission (NRC) Office of Investigations (OI) recently released its FY2014 annual report.*  The OI investigates alleged wrongdoing by entities regulated by the NRC; OI’s focus is on willful and deliberate actions that violate NRC regulations and/or criminal statutes.

The OI report showed a definite downward trend in the number of new cases being opened, overall a 41% drop between FY2010 and FY2014.  Only one of the four categories of cases increased over that time frame, viz., material false statements, which held fairly steady through FY2013 but popped in FY2014 to 67% over FY2010.  We find this disappointing because false statements can often be linked to cultural attributes that prioritize getting a job done over compliance with regulations.

The report includes a chapter on “Significant Investigations.”  There were eight such investigations, four involving nuclear power plants.  We have previously reported on two of these cases, the Indian Point chemistry manager who falsified test results (see our May 12, 2014 post) and the Palisades security manager who assigned a supervisor to an armed responder role for which he was not currently qualified (see our July 24, 2014 post).  The other two, summarized below, occurred at River Bend and Salem.

In the River Bend case, a security officer deliberately falsified training records by taking a plant access authorization test for her son, a contractor employed by a plant supplier.  Similar to the Palisades case, Entergy elected alternative dispute resolution (ADR) and ended up with multiple corrective actions including revising its security procedures, establishing new controls for security-related information (SRI), evaluating SRI storage, developing a document highlighting the special responsibilities of nuclear security personnel, establishing decorum protocols for certain security posts, preparing and delivering a lessons learned presentation, conducting an independent third party safety culture (SC) assessment of the River Bend security organization [emphasis added], and delivering refresher training on 10 CFR 50.5 and 50.9.  Most of these requirements are to be implemented fleet-wide, i.e., at all Entergy nuclear plants, not just River Bend.**

The Salem case involved a senior reactor operator who used an illegal substance then performed duties while under its influence.  The NRC issued a Level III Notice of Violation (NOV) to the operator.  The operator’s NRC license was terminated at PSE&G’s request.***  PSE&G was not cited in this case.

Our Perspective

You probably noticed that three of the “significant” cases involved Entergy plants.  Entergy is no stranger to issues with a possible cultural component including the following:****

In 2013, Arkansas Nuclear One received a NOV after an employee deliberately falsified documents regarding the performance of Emergency Preparedness drills and communication surveillances.

In 2012, Fitzpatrick received a Confirmatory Order (Order) after the NRC discovered violations, the majority of which were willful, related to adherence to site radiation protection procedures.

During 2006-08, Indian Point received two Orders and three NOVs for its failure to install backup power for the plant’s emergency notification system.

In 2012, Palisades received an Order after an operator left the control room without permission and without performing a turnover to another operator.  Entergy went to ADR and ended up with multiple corrective actions, some fleet-wide.  We have posted many times about the long-running SC saga at Palisades—click on the Palisades label to pull up the posts. 

In 2005, Pilgrim received a NOV after an on-duty supervisor was observed sleeping in the control room.  In 2013, Pilgrim received a NOV for submitting false medical documentation on operators.

In 2012, River Bend received a NOV for operators in the control room accessing the internet in violation of an Entergy procedure. 

These cases involve behavior that was (at least in hindsight) obviously wrong.  It’s not a stretch to suggest that a weak SC may have been a contributing factor.  So has Entergy received the message?  You be the judge.

“Think of how stupid the average person is, and realize half of them are stupider than that.” ― George Carlin (1937–2008)


*  NRC Office of Investigations, “2014 OI Annual Report,” NUREG-1830, Vol. 11 (Feb. 2015).  ADAMS ML15034A064.

**  M.L. Dapas (NRC) to E.W. Olson (River Bend), “Confirmatory Order, Notice of Violation, and Civil Penalty – NRC Special Inspection Report 05000458/2014407 and NRC Investigation Report 4-2012-022- River Bend Station” (Dec. 3, 2014).  ADAMS ML14339A167.

***  W.M. Dean (NRC) to G. Meekins (an individual), “Notice of Violation (Investigation Report No. 1-2014-013)” (July 9, 2014).  ADAMS ML14190A471.

****  All Entergy-related NRC enforcement actions were obtained from the NRC website.

Friday, February 13, 2015

Congressional Panel Slices and Dices Culture in Report on DOE/NNSA

A U.S. congressional panel recently released a report* detailing its recommendations for improving the performance of the National Nuclear Security Administration (NNSA).  NNSA is an agency within the Department of Energy responsible for maintaining the U.S. nuclear weapons stockpile, reducing danger from weapons of mass destruction, providing the Navy with nuclear propulsion, and responding to nuclear and radiological emergencies.**

The panel’s report has a host of recommendations and action items for making NNSA more effective, including changing the agency’s management culture to be more mission performance oriented.  The report’s key points would fit on one page but of course they aren’t presented that way; this is a 188 page government report with a 16 page executive summary.

What caught our eye was how many different types of culture were mentioned in the report.  While the report’s focus was putatively on management culture, the authors also referred to DOE, civilian, enterprise, risk management, risk aversion, safety, entitlement, non-inclusion, governance, corporate, compliance, security, professional, organizational, reliability and generic “culture.”  I am not making this up.

With so many types of culture, one might think there must have been a significant effort to define culture.  Well, no.  I saw only one definition of culture: “A common definition of management culture is, “This is how things are done here.”” (p. 39)  Could they have done better?  You be the judge.

Lots of insight into culture?  Not really.  I saw one systemic observation about culture: “In a healthy organization, management practices and culture are mutually reinforcing in creating productive behaviors: management practices shape the culture; the culture shapes behaviors and reinforces the management practices.” (ibid.)  We’ll award E for Effort here because this can be true although not always.

So it’s culture this and culture that but it’s left as an exercise for the reader to determine what exactly culture is and how the various sub-cultures contribute to an understanding of the larger picture.

Our Perspective

Every member of the panel has an opinion of what organizational culture is.  However, without a precise definition and a representation of how culture relates to other organizational factors (including hard ones like practices and soft ones like leadership and trust) there is no shared mental model.  And without that, there is no clear appreciation of how their proposed interventions might leverage (or antagonize) the existing culture or even work at all.  This lack of effort on culture is especially disappointing given that one member of the panel was the NRC Chairman back when that agency was agonizing endlessly over the proper definition of safety culture.

But let’s look at the larger reality here.  Most people (myself included) will never take the time to wade through a report like this and that’s probably the way the serious stakeholders (DOD, DOE and their contractors) want it; they are willing to play along with Congress rearranging the lounge car chairs as long as the money train keeps running.


*  Congressional Advisory Panel on the Governance of the Nuclear Security Enterprise, “A New Foundation for the Nuclear Enterprise” (Dec. 2014).  Thanks to Bill Mullins for recommending this report. 

**  National Nuclear Security Administration website.

Friday, February 6, 2015

Corrosion in the Culture of the DNFSB?



We have posted many times on the Defense Nuclear Facilities Safety Board’s (DNFSB) efforts to get the Department of Defense (DOE) to confront and resolve its safety culture (SC) issues.  Now it appears the DNFSB has management and cultural issues of its own.  In a stinging report* by an outside consultant, DNFSB board members are said to have a “divisive and dysfunctional relationship” and the organizational culture is called “toxic.” (p. iii)  This post highlights the cultural aspects of selected issues and the proposed fixes.

Major issues that can affect culture are the board itself, the negative tone of oral and written communications, and the performance recognition system.

DNFSB is a small agency (100+ people) and most work in the same office.  There is no place to hide from the effects of troubles at the top.  The Board’s basic problem is that the members don’t have a shared mental model of the DNFSB’s mission and strategies.  And, because the members are political appointees representing both major parties, creating some kind of unity is a major challenge.  The report contains many recommendations related to improving board functioning but the reality is it’s mainly a political issue.  Board dysfunctionality is a cultural issue because hydra-headed leadership distracts, confuses and ultimately demoralizes the agency staff.  Most alarming to us, to the extent investigations are driven by board members’ interests rather than by science and safety considerations (a perception reported by some staff), the board’s shortcomings can impinge on the agency’s SC. 

Communications problems start at the board level and permeate the agency. Negative communications, e.g., condescending language and personal attacks, lead to a culture of disrespect.  The recommendations for communications include “Immediately ensure a professional tone in all communications, both among board members and throughout the Agency.  Consider use of an internal communication code of conduct.” (p. 3-2)  In our view, business communications should focus on the issues, be respectful and exhibit a modicum of integrity.

Performance recognition recommendations include “Assess staff sentiment with regard to priorities for nonmonetary incentives, and develop offerings accordingly.” (p. 3-5)  Nonmonetary recognition was mentioned by an employee committee tasked with identifying underlying causes for DNFSB’s declining scores on the periodic federal employee viewpoint survey.  We’re not sure why monetary recognition is off the table, perhaps because of perceived budget problems.  Our feeling is if some type of above-and-beyond behavior is worth recognizing, then an organization should be willing to pay something for it.

There are also a couple of more straightforward management issues: frequent disruptive organizational changes, and the lack of management and leadership competence.  If not addressed, such issues can certainly weaken culture but they are not as important as the ones described previously.

Change management recommendations include “Develop a change management organizational competency . . .  [and] a change management plan, . . .” (p. 3-3)  As an aside, the NRC Inspector General (IG) provides IG services to the DNFSB; an October 2014 IG report** identified change management as a serious challenge facing the agency.

Increasing competence corrective actions include “Institute tailored management and supervisory training for technical staff management and supervisors. . . .” (p. 3-3)  This is not controversial; it simply needs to be accomplished.

Our Perspective 

If the report accurately describes DNFSB’s reality, it looks like a bit of a mess.  The board’s chairman recently retired so the President has an opportunity to nominate someone who is willing and able to clean it up.  Absent competent leadership from the top, the report’s recommendations may make a dent in the problems but will not be a cure-all.

We wish them well.  If the DNFSB’s focus wanes, it bodes ill for efforts to spur DOE to increase its management competence and strengthen its SC.


*  J. O'Hara and P.M. Darmory, “Assessment of the Defense Nuclear Facilities Safety Board Workforce and Culture,” Report DNF40T1 (Dec. 2014).  Thanks to Bill Mullins for recommending this report.

**H.T. Bell (NRC) to Chairman Winokur (DNFSB), “Inspector General’s Assessment of the Most Serious Management and Performance Challenges Facing the Defense Nuclear Facilities Safety Board,” DNFSB-OIG-15-A-01 (Oct. 1, 2014).  ADAMS ML14274A247.