How plan delegation contributes to systemic failure

Complex, engineered systems often require extensively planned behaviour on the part of operators and maintenance staff if such systems are to maintain their integrity. A study was undertaken to determine how the absence of planning on the part of operators imperilled such systems. The aim was to help future designers understand how, in effect, operators delegate planning to the system, and to help designers make systems robust to this delegation. An analysis was undertaken of 59 incidents in the offshore industry in an attempt to characterise both the aspect of system activity that operators failed to plan (for example its completeness) and the general processes they were engaged in at the time (for example system start-up). All the processes that were implicated in the failures were either changes in the state of the system, such as start-up and shut-down, or operations that could not be said to take place in a steady state: there were no cases involving routine, continual activity. This suggests that designers' risk analyses should concentrate on non steady-state behaviour in systems, and that these risk analyses would benefit from some kind of characterisation of how systems are vulnerable to plan delegation.