REPLY Definition of root cause (SD6789)

Thu Mar 6 06:19:43 CST 2008

Posted by  "Ulrey, Michael L" <michael.l.ulrey at boeing.com>

This thread is of particular interest to me because "root cause" is a term 
which is very popular in the fields of system engineering in general, and 
reliability and safety engineering in particular. (And among other things, 
I work in system safety engineering at Boeing.)

Within the the reliability and safety organizations of the aerospace industry, 
there is a long tradition of processes and methods for identifying root causes 
and either eliminating them or mitigating against their operational 
consequences if elimination is not possible. Of course, other industries also 
have similar practices, most notably the nuclear and chemical industries. This 
kind of approach works well for systems or processes which have a certain (low) 
level of complexity. However, for much more complex socio-technical systems 
(such as air traffic management), such an approach may come up short. Ever 
since the Uberlingen tragedy (see 
http://www.dcs.gla.ac.uk/~johnson/Eurocontrol/Ueberlingen/Ueberlingen_Final_Report.PDF 
or a variety of other discussions on the Internet), the safety community is 
starting to realize that, as one prominent accident expert said, "the root 
cause is simply the last contributing factor that was found before the 
resources ran out". 

In short, there is a movement away from traditional static, linear models such 
as the domino model or the Swiss cheese model. See the first link below for 
the revised thinking on the Swiss cheese model as a result of the Uberlingen 
accident. Instead, more complex systemic models are needed that reveal how 
accidents can arise naturally from the internal dynamics of the system, not
 necessarily from outside causes, or even from internal failures, as is 
 traditionally supposed. This idea is well-expressed in the second link below, 
 in which the "functional resonance accident model" (FRAM) is described. 

http://www.eurocontrol.int/eec/gallery/content/public/documents/conferences/2006_Barcelona/Hollnagel%20(FRAM_Barcelona_Arial).pdf

http://www.eurocontrol.int/eec/gallery/content/public/documents/EEC_notes/2006/EEC_note_2006_13.pdf 

Finally, I would offer up the recent book by Hollnagel, Woods, and Leveson, called 
"Resilience Engineering", which contains a series of essays on these topics. The 
view is that some systems that affect our lives and safety must be designed to be 
resilient, that is, able to recover from inevitable surprising upsets, rather than 
attempting to make them totally free of defects, which is practically impossible. 
I think this is an area that may be unknown to many SD theorists, and provides a 
rich area for research. In fact, one of the authors, Nancy Leveson of MIT, has used 
SD to model the NASA organizational structure and processes to try and understand 
the Challenger and Columbia shuttle accidents.

http://books.google.com/books?id=S8VbgW9pZGUC&dq=resilience+engineering+hollnagel&pg=PP1&ots=qgx6J-0G-Q&sig=hHFqRd8Q8OwZv_s4CisXxO6l17o&hl=en&prev=http://www.google.com/search?hl=en&q=resilience+engineering+hollnagel&btnG=Search&sa=X&oi=print&ct=title&cad=one-book-with-thumbnail

On a personal note, I have recently learned how to model in Vensim, and have already 
produced a simple model having to do with air traffic management, and how to increase 
capacity while preserving an appropriate level of safety. I am hoping to continue with 
this work, having proposed a research project within my organization at Boeing. I 
think SD can make a real contribution in this important arena.

Mike

Dr. Michael L. Ulrey
Associate Technical Fellow
Air Traffic Management  
The Boeing Co.
Posted by  "Ulrey, Michael L" <michael.l.ulrey at boeing.com>
posting date  Wed, 5 Mar 2008 10:01:35 -0800