Human Error or a Bigger Problem? When to Dig Deeper

by Julius DeSilva

In the world of process improvement and problem-solving, human “user” error can often become the go-to explanation when things go wrong. A mis-entered data point, a forgotten step in a procedure, or a misconfigured setting—blaming the user is quick and easy. But how do you know when an issue is bigger than just user error?

Understanding when to dig deeper and identify systemic flaws is critical. By integrating structured approaches like Root Cause Analysis (RCA) and the PDCA (Plan-Do-Check-Act) cycle, organizations can shift from a reactive blame culture to a proactive, continual improvement mindset that eliminates recurring problems at their source.

The Prevalence of User Error in Different Industries

Human error has been identified as a significant contributor to operational failures across multiple sectors:

  • Cybersecurity: According to the World Economic Forum, 95% of cybersecurity breaches result from human error.
  • Manufacturing: A study by Vanson Bourne found that 23% of unplanned downtime in manufacturing is due to human error, making it a key contributor to production inefficiencies. The American Society for Quality (ASQ) reports that 33% of quality-related problems in manufacturing are due to human error.
  • Healthcare: The British Medical Journal (BMJ) estimates that medical errors—many due to human factors—cause approximately 250,000 deaths per year in the U.S. alone.
  • Aviation & Transportation: The Federal Aviation Administration (FAA) attributes 70-80% of aircraft incidents to human error, but deeper analysis often reveals process design issues, poor training, or missing safeguards.

These statistics reinforce a key point: Human error isn’t always the root cause—it’s often a symptom of a deeper, systemic issue.

Recognizing When to Look Beyond User Error

Here’s how to tell when an issue isn’t just a one-time mistake but a signal that the system itself needs improvement:

  1. Recurring Issues Across Multiple Users – If multiple employees are making the same mistake, the problem likely isn’t individual human error—it’s a flaw in the process, system design, or training. For example, if multiple operators incorrectly configure a machine setting, it might indicate confusing controls, inadequate training, or unclear documentation rather than simple user mistakes.
  2. Workarounds and Process Deviations – If employees consistently find alternative ways to complete a task, the system may not be designed for real-world conditions. If workers routinely bypass a safety feature because it “slows them down,” the process needs reevaluation; either through retraining, redesign, or better automation. At QMII, we always reinforce building a system for the users, built on the as-is of how work is done and then making incremental improvements.
  3. High Error Rates Despite Training – If errors persist even after proper training, the issue might be process complexity, unclear instructions, or a lack of intuitive system design. If employees consistently make minor mistakes, the system interface or workflow rules might need simplification rather than just retraining staff.
  4. Error Spikes in High-Stress Situations – Mistakes often increase under time pressure, fatigue, or stress. This suggests a workload or process issue rather than simple carelessness. In a maritime environment, high error rates during critical operations could signal staffing shortages, inefficient safety interlocks, or poor user interfaces on devices.

Instead of just fixing errors after they happen, organizations should use the PDCA (Plan-Do-Check-Act) cycle to continually improve processes and reduce the probability of recurring failures.

The PLAN-DO-CHECK-ACT Approach

PLAN – Identify the context and potential risks

  1. Identify the context of the process including the competence of personnel, user environment, complexity and influencing factors.
  2. Apply Failure Mode and Effects Analysis (FMEA) to predict where failures are likely to happen before they occur.
  3. Identify and involve representatives of users through the development of FMEAs and the process.
  4. When predicting controls and resources, determine the feasibility of implementing and providing them.
  5. Simplify procedures, redesign workflows, or introduce automation to eliminate failure points.

DO – Implement the Process and Improvements

  1. Implement the process and test it to check its effectiveness. In the initial stages more frequent monitoring and measurement will be required. The periodicity between checks can be reduced as the process matures.
  2. Provide user training and assess its effectiveness. When errors occur retrain personnel, but only if training is truly the issue—don’t use training as a Band-Aid for bad system design.
  3. Look beyond documented “standard-operating” procedures. As an example: The company implements a visual step-by-step guide near machines to ensure operators follow a standard calibration process.

CHECK – Evaluate the Results

  1. Track performance data to see if the changes have reduced errors.
  2. Get user feedback to ensure the new system is intuitive and efficient. For example, Error rates drop by 40%, but operators still struggle with a specific step—prompting another refinement.

ACT – Standardize & Scale

  1. If the improvement is successful, integrate it as the new standard process.
  2. Scale the change across other departments or sites where similar issues might exist. For example, the company implements the same calibration guide and training approach across all locations, preventing similar errors company-wide.

Conclusion: From Blame to Solutions

While human error is a reality, it’s often a symptom of a deeper process flaw, not the root cause. Those involved in conducting a root cause analysis process or investigation process, must ask “How did the system fail the individual” and “Why did the system fail the individual”. By shifting from a blame mindset to a continual improvement approach, organizations can:

  • Reduce costly errors and downtime
  • Improve employee engagement (less frustration = higher productivity)
  • Enhance conformity and compliance
  • Increase process reliability and efficiency

Monitoring the system will continue for as the context changes the controls implemented may not be as effective as before. A proactive system will not guarantee that things never go wrong. When they do, however, the key is to dig deeper. Using tools like PDCA, FMEA, and RCA will help in identifying long-term solutions to recurring problems. Because in most cases, fixing the system is better than blaming the human.

The Role of Management Systems in the Tragic Collision Over the Potomac

by Dr. IJ Arora


A significant tragedy occurred in Washington D.C. on January 29, 2025, with the deadly collision between a U.S. military Black Hawk helicopter and a regional jet flying for American Airlines. The resulting crash caused the loss of 67 precious lives and pointed to a multilayered failure of safety mechanisms.

In a short article like this it is not my intent to explore the reasons for this event, and I have neither the expertise nor the authority to investigate, anyway. The U.S. National Transportation Safety Board (NTSB) and other relevant agencies will do that in a most professional manner. However, I do have a degree of experience relating to the systems approach for managing processes at large and complex organizations. I feel called to share my perspective on this disaster with a systems approach in mind.

Proactive appreciation for risk

Hindsight, it has been said, is 20/20. I am aware that I’m writing this after the tragedy has already occurred. However, management systems should be proactive, where data drives the understanding and mitigation of risk. As a practitioner and advocate of process-based management systems, I believe that well-implemented procedures give an organization the best chance to produce conforming products and services.

A systems approach, based on ISO 9001’s subclause 4.4., which relates to quality management system processes, could have played a role in preventing an incident of this type. Subclause 4.4.1 states, in part, “The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions….”

Following this requirement is no guarantee of safe and successful outcomes, but it is surely the best bet. I had similar thoughts on the tragedy of the implosion of the Titan submersible and the Baltimore Bridge collapse. The core principles of ISO 9001, especially risk-based thinking, continual improvement, and process interaction, align well with safety imperatives, particularly safety management for the aviation industry. The systems approach is a fundamental that organizations often neglect at their (and their customers’) peril.

ISO 9001—and for that matter, the aerospace standard AS9100—is built on risk-based thinking. A structured process aligned with the risk management standard ISO 31000 and aviation safety management systems are required by ISO 9001 subclause 6.1, regarding actions for addressing risks and opportunities, and subclause 8.1 concerning operation planning and controls. Conformance with these requirements can help identify and mitigate collision risks between civil and military aircraft.

Process interaction and communication are vital in such situations.  A failure in communication between air traffic control, military operations, and civilian aviation may have contributed to the crash. Of course, we will wait for the full report from the NTSB investigation. However, it is never too late (or for that matter, too early) to be proactive and implement a process approach to ensure that all stakeholders follow well-defined communication and coordination protocols.

PDCA, SWOT, and FMEA

Being proactive requires an appreciation of risk at the Plan stage of the Plan-Do-Check-Act (PDCA) cycle. Note that preventive actions and continual improvement are integral to the system approach.

The media have reported on the details of numerous previous aviation incidents. Analyzing near-miss incidents and integrating lessons learned into improved procedures could enhance safety protocols. Human factors and process redundancy must be considered in a systematic manner. Human errors (e.g., miscommunication, misinterpretation of airspace usage, etc.) can be minimized with automated systems and via decision-making redundancy checks.

In principle, the process approach found in ISO 9001 emphasizes addressing process issues as opposed to blaming individuals. However, in the aviation field, the human factor is important; clause 10.2.1 b2 of AS9100 expresses the importance of this concept. The industry-specific interpretation of requirements as seen in this standard provides a robust framework (via a clause structure) to design an efficient management system. This, together with auditing and compliance requirements, gives leadership confidence that their system can and will produce conforming products and services.

Further to this point, regular audits of flight coordination between civilian and military aviation could highlight gaps before they lead to accidents. As such, integrating ISO 9001 with AS9100 and AS9110 (the aerospace quality standard specifically designed for maintenance, repair, and operations) as well as ISO 45001 covering the management of operational health and safety will provide a solution to proactively address risks in the context of the aviation industry. This would cover all interested parties, as per clauses 4.1 and 4.2 of ISO 9001. Although aviation already has strict regulatory frameworks (e.g., FAA, ICAO, etc.), the structured process management systems required by ISO 9001 and AS9100 can complement these frameworks by embedding the statutory and legal requirements into the management system.

If the organizations involved focus on how specific elements of ISO 9001 can be applied to aviation safety, particularly in preventing collisions, I would first recommend that they look at risk-based thinking as seen in clause 6.1, addressing actions related to risks and opportunities. This can partially be accomplished by undergoing a strengths, weaknesses, opportunities, and threats (SWOT) analysis. ISO 9001 emphasizes risk assessment and mitigation throughout processes.

In aviation, a structured risk-based approach would identify potential hazards (e.g., conflicting flight paths, miscommunication, system failures, etc.). The system would also assess risk severity and likelihood of occurrence and probability of detection, using tools like a failure modes and effects analysis (FMEA). Controls could be implemented (e.g., enhanced air traffic control coordination, better radar tracking, AI-driven airspace monitoring, etc.). For example, aviation safety bodies could require all civilian and military flights to undergo a real-time risk assessment check before takeoff, considering airspace congestion, weather, and military training exercises.

Potential solutions

Process interaction and communication (as seen in ISO 9001’s clause 4.4.1 b regarding understanding process interactions) would systematically improve the system. Aviation operations involve multiple stakeholders, such as airlines, air traffic controllers, military operations, ground crews, etc. A process approach would ensure defined standard operating procedures for communication between civilian and military aviation. These could include real-time data sharing using standardized digital platforms and/or automated conflict-resolution systems that detect and alert pilots and controllers regarding possible mid-air conflicts. An integrated civil-military coordination dashboard could be established, where both parties have real-time visibility on flight plans, airspace restrictions, and emergency deviations.

Risk appreciation and continual improvement (as seen in ISO 9001’s clause 10.2 regarding nonconformity and corrective action, clause 10.3 on continual improvement, and clause 5.1.2 regarding customer focus) require organizations to analyze failures, investigate causes, and take corrective actions. In aviation safety, this could mean automated reporting and analysis of near-miss incidents and regular safety audits to evaluate procedural weaknesses and machine learning-based predictive analytics to foresee and prevent future crashes.

When a near-miss incident occurs, such a system could automatically trigger a root cause analysis and recommend safety adjustments for all stakeholders. Human factors and redundancy (as seen in clause 7.1.6 regarding organizational knowledge) promote knowledge management and human reliability strategies. In aviation, this could mean mandatory cross-training for military and commercial pilots on shared airspace procedures. AI-assisted decision-making tools that provide secondary verification for pilots and controllers could be a positive outcome of data analysis.

Data drives risk and trends. A digital co-pilot system could use AI to continuously monitor air traffic conflicts and intervene if human errors are detected. Auditing and compliance (as seen in clause 9.2 regarding internal auditing) would provide objective and independent inputs by regular safety audits of flight coordination. Air traffic control systems could ensure compliance with standardized airspace usage protocols, identification of gaps in inter-agency communication, and implementation of best practices from previous incident investigations. A shared civil-military aviation audit framework could ensure uniform compliance with risk management policies, reducing the chance of airspace conflicts.

I am not a technical subject matter expert in the aviation industry. My expertise is in looking at systems. My 30 years of experience suggests the importance of strengthening the Plan stage of the PDCA cycle. Things go wrong at the Do stage (i.e., implementation), however, if the plan itself is deficient and not coordinated, the implementation can and perhaps will go wrong.

By integrating ISO 9001 principles into aviation safety proactively and appreciating the risks, management can prevent mid-air conflicts. Process-driven coordination ensures better civil-military collaboration. Automated monitoring and auditing could improve response times to emerging threats.

Sadly, this tragedy once again bears out the wisdom of W. Edwards Deming when he said that a bad system will beat a good person every time.

Note – The above article was recently featured in Exemplar Global’s publication ‘The Auditor”. Click here to read it.

Are Provider Audits Mandated through ISO 9001?

by- Dr. IJ Arora

In relation to outsourced processes, the query (to paraphrase William Shakespeare) is, “To audit or to not audit?”

Take, as an example, the necessities from the principle process-based control machine usual, ISO 9001:2015. One would possibly imagine the machine way as equipped in clauses 4.4.1a thru 4.4.1h and conclude that tracking and regulate are had to recognize the dangers of the inputs and make sure persistent growth. The usual is supposed to be interpreted, and so not anything prescriptive is predicted. But, the query stays as to how organizations would possibly regulate the processes and ensure they’re assembly goals. Clause 5.2, “Coverage,” resulting in clause 6.2, “Goals,” supplies a touch that proof will have to be amassed of measurable goals being met. But, how can we get the inputs to attract a conclusion? The inputs are essential, and due to this fact there’s a want to decide the to be had accumulate and regulate knowledge.

In all probability the solution may also be discovered within the auditing serve as. By means of enforcing a strong provider analysis activity, together with audits as wanted, organizations can beef up the standard control machine and construct sturdy, dependable relationships with providers. Notice that requirements similar to ISO 9001:2015 don’t particularly mandate audits, but the intent of registration to a typical is to regulate the group’s processes. if now not auditing, then what different mechanisms can organizations use to regulate an outsourced activity and decrease dangers to their finish consumers?

Exerting regulate

Clause 8.4.2 of ISO 9001:2015 offers with the sort and extent of controls that a company should practice to externally equipped processes, merchandise, and products and services. The important thing sides on this dialogue come with making sure conformity, the kinds of controls wanted, and the level of those controls. Conformity has at its core the main to make sure that those exterior provisions don’t negatively have an effect on the group’s skill to constantly ship conforming services to its consumers. This implies the group should have mechanisms in position to make sure that the standard of the exterior inputs meet the group’s necessities and in the end fulfill buyer necessities.

Kinds of controls might be interpreted as acting a point of regulate, in all probability through auditing, even supposing auditing isn’t a selected requirement. The choice and analysis of the controls can be according to organising standards for deciding on and comparing exterior suppliers (e.g., a strong high quality control machine of their very own, previous efficiency, registration, and many others.) and/or undertaking thorough checks of doable providers (e.g., audits, questionnaires, web site visits, and many others.). As well as, you will need to installed position sturdy contractual agreements with exterior providers that come with transparent and measurable necessities, explicit key efficiency signs (KPIs), and acceptance standards for the needs of tracking and size. This may come with monitoring provider efficiency towards agreed-upon KPIs, examining knowledge to spot tendencies and spaces for growth, undertaking common efficiency critiques and comments classes, acting root purpose research and corrective and preventive movements when problems are known, and appreciating dangers through being proactive and the use of preventive measures.

The level of this regulate would rely at the criticality of the externally equipped activity, product, or provider to the group’s general high quality. For top-risk pieces, extra stringent controls (e.g., extra common audits or extra rigorous inspections) could be essential as, as an example, within the aerospace trade. In essence, clause 8.4.2 emphasizes the significance of proactive measures to make sure that exterior inputs don’t compromise the group’s skill to ship high quality services to its consumers.

Auditing supplies most of these inputs if the audit is appropriately deliberate and done. For instance, with approval, this stage of regulate might be completed through far flung cameras or the presence of the group’s inspectors on the provider’s amenities. The purpose is to care for the client focal point (clause 5.1.2) and include a risk-based way. The level of regulate will have to be proportionate to the related dangers. Power growth includes that the group will have to often evaluation and reinforce its processes for exterior controls.

Subsequently, even if clause 8.4 (particularly subclauses 8.4.1, 8.4.2, and eight.4.3) does now not explicitly mandate provider audits, it strongly implies their significance. Subsequently, a robust focal point on regulate should be interpreted. Clause 8.4 emphasizes the want to regulate externally equipped processes, merchandise, and products and services. Auditing is a a very powerful instrument for comparing a provider’s skill to fulfill high quality necessities and care for regulate over their processes.

Mitigating menace

To verify ok menace control, one should imagine if the provider’s efficiency at once impacts the group’s skill to ship high quality merchandise or products and services. Audits assist establish and mitigate doable dangers related to the use of exterior suppliers. Power growth is the most important consequence of auditing and offers precious comments on provider efficiency. This allows the group to spot spaces for growth of their processes and their practices round provider variety and provider control. Subsequently, even if now not strictly mandated, provider audits are extremely really useful for organizations in the hunt for to successfully put into effect ISO 9001 and make sure the standard in their services. The important thing issues can be:

  • Chance-based way. Auditing efforts will have to be desirous about providers that pose the easiest menace to the group’s high quality goals.
  • Number of analysis strategies. Audits are only one manner of provider analysis. Different strategies come with efficiency tracking, comments research, and web site visits.
  • Documentation. Care for transparent documentation of all provider analysis actions, together with audit findings, corrective movements, and growth plans.

When taking into consideration the outsourcing of a activity, the group should assess and decide the factors through which providers are decided on. Via systematic analysis, a company can put into effect a rigorous provider variety activity that comes with:

  • Detailed questionnaires to collect knowledge at the provider’s high quality control machine, processes, and features
  • Reference exams made through contacting earlier consumers to evaluate the provider’s efficiency and reliability
  • On-site visits to watch the provider’s operations and assess their amenities, apparatus, and body of workers
  • A risk-based way matrix to prioritize providers according to the possible impact at the group’s high quality goals

In making plans bids, growing contractual agreements, or different processes involving outsourcing, the next will have to be regarded as:

  • Transparent specs. Outline transparent and measurable necessities for the outsourced services or products.
  • Efficiency metrics. Determine KPIs to trace provider efficiency, similar to on-time supply, defect charges, and buyer delight.
  • Contractual consequences. Come with clauses for non-compliance with contractual tasks, similar to past due deliveries or subpar high quality.

The procedures for tracking and measuring outsourced processes should be nicely idea out and will have to be carried out when tendering a freelance. Consider, including necessities due to this fact is continuously tricky. Imagine the next:

  • Common efficiency evaluation. Behavior common efficiency critiques with providers to trace their efficiency towards agreed-upon KPIs.
  • Knowledge research. Analyze knowledge on provider efficiency, similar to defect charges, supply instances, and buyer proceedings to spot tendencies and spaces for growth.
  • Comments mechanisms. Determine a machine for gathering and examining comments from interior and exterior consumers relating to provider efficiency.

Whether or not a company prefers to audit or use different way of controlling the outsourced activity, a well-thought-out collaboration and verbal exchange plan will have to be made, taking into consideration:

  • Open verbal exchange channels. Care for open and common verbal exchange channels with providers to deal with issues, percentage knowledge, and collaborate on growth tasks.
  • Joint drawback fixing. Paintings collaboratively with providers to spot and unravel problems associated with high quality, supply, or different efficiency issues.

Power growth is integral to any excellent control machine. As a abstract I’d recommend the next:

  • Common critiques and updates. Often evaluation and replace your provider control processes to verify they continue to be efficient and aligned with converting industry wishes.
  • Provider construction. Enforce methods to assist providers reinforce their high quality control programs and function.

By means of enforcing a mixture of those mechanisms, organizations can successfully regulate outsourced processes, decrease dangers, and make sure that they obtain fine quality services from their providers.

Clause 9.2.1 of ISO 9001 does certainly recommend that auditing outsourced processes is excellent follow. This clause states that organizations will have to habits interior audits to guage the effectiveness of the standard control machine. The scope of interior audits generally comprises all related processes and actions inside the group. How this pertains to outsourced processes is the place the requirement turns into open to interpretation. Despite the fact that it does now not explicitly state “provider audits,” the clause means that comparing the effectiveness of processes which might be outsourced is a part of assessing the total effectiveness of the QMS. If the outsourced processes considerably have an effect on the group’s skill to fulfill buyer necessities, then the ones processes will have to be integrated within the scope of interior audits.

Dr. IJ Arora’s article was published in the Exemplar Global Publication “The Auditor”. Click here to read the featured article.

The Baltimore Bridge Collapse : Another Case of a Failed Management System ISO 55001:2024

By – Dr. IJ Arora

Can good management systems make organizations immune to disasters? The Baltimore bridge or simply the Bay Bridge or more precisely the Francis Scott Key Bridge that collapsed in 2023 because of the allision with the container vessel MV Dali is a tragedy, perhaps caused by the failure of several management systems, the ship, the port, the state and whoever else was involved.   

The National Transportation Safety Board (NTSB) investigation is ongoing, and will no doubt look at the part played by the MV Dali, its crew and operator. However, my thought is the MV Dali or other ships plying the waters by simple statistical probability were considered as a risk by the authorities. I mean there is the water channel, ships sailing in and out, and a bridge, there was likely to be an allision someday. Perhaps not a matter of if but when! Thus should the bridge have been safer and better designed, based on known and appreciated risks? After all, not all accidents can be completely avoided. However, each tragedy has lessons learnt as responsive action. The lessons become the data that drive risk identification and trends and, thus making the system proactive.  I am sure  the NTSB is considering all this. In the meantime, without going into the ongoing investigation, are there some basics which are common indications of failures of the system. Be it the Titan submersible, or the Boeing management system,  as an SME in  process-based process-based management systems I see a common cause; the failure of the system to  deliver conforming products and services. 

In this short article I want to discuss this bridge collapse in the context of the management system, considering ISO 9001:2015 generically and ISO 55001:2024 Asset Management System requirements specifically. Could simply designing a good system based on the standard have enabled the organization to better assess the associated risks? Perhaps they were assessed and justified as a low probability of occurrence. If that were the case, the discussion would be on prioritization of risks. ISO 55001 was first published in 2014. It was developed as a standalone standard for asset management, building upon the principles of ISO 9001 (quality management) and other relevant standards. 

I am aware that as of September 2024, the investigation into the Baltimore bridge collapse is still ongoing.  Therefore, while the exact cause of the collapse remains under investigation, we can consider several factors that could have contributed to the incident. MV Dali, experienced a series of electrical blackouts before the allision.  The vessel SMS (safety management system based on the ISM Code) implementation could be a factor. Bridge stability, its age and condition are I am sure are being investigated as a potential contributing factor. Then there is always human element.  There may have been errors on the part of the ship’s crew or bridge operators. Was the system designed to support them in such a scenario? What factors may have caused operators at all levels to perhaps not follow requirements, to justify the risks. The NTSB’s investigation will highlight a detailed analysis of the ship’s navigation systems, the bridge’s structural integrity, and the actions of the individuals involved in the reasons for this tragedy. Their final report will provide a comprehensive understanding of the incident and may include recommendations to prevent similar occurrences in the future. 

However, even at this stage we can agree that bridges in general are national assets. They are valuable infrastructure that provides essential services to communities. While it is not publicly known whether the State of Maryland specifically implemented ISO 55001 for its bridges, the principles and practices outlined in this standard could have been beneficial in managing the risks associated with the Baltimore bridge. The implementation of this standard and or even if the generic standard ISO 9001 were implemented the authorities could have performed: 

  • Risk Assessments: ISO 55001 requires organizations to conduct regular risk assessments to identify potential threats and vulnerabilities. A thorough assessment of the bridge’s condition, age, and traffic load could have helped identify potential risks and inform maintenance and repair decisions, as also change in procedures, protection of navigation channels and so on. 
  • Life Cycle Management: The standard emphasizes the importance of managing assets throughout their entire lifecycle, from planning and acquisition to maintenance and disposal. By following ISO 55001, the state could have developed a comprehensive plan for the bridge’s maintenance, upgrades, and eventual replacement. 
  • Performance Measurements: ISO 55001 requires organizations to establish measurable Objectives or Key Performance Indicators (KPIs) to measure the effectiveness of their asset management activities. This could have helped the state monitor the bridge’s condition and identify any signs of deterioration. 
  • Continual Improvement: The standard promotes a culture of continual improvement, encouraging organizations to learn from past experiences and make necessary adjustments to their asset management practices. 

I agree, it is impossible to say definitively whether ISO 55001 would have prevented the Baltimore bridge collapse. However, the principles and practices outlined in the standard could have helped to reduce the risk of such incidents. By adopting a systematic and proactive approach to asset management, organizations can improve the reliability and safety of their infrastructure. A systematic study must go beyond what the MV Dali contributed to the Baltimore bridge collapse, it is also important to consider the broader context and the potential contributions of other factors: 

  • Bridge Design and Maintenance: The age and condition of the bridge are likely to be factors in the investigation. Older infrastructure may be more susceptible to damage or failure, especially if it has not been adequately maintained or upgraded. 
  • Vessel Traffic: The frequency and intensity of vessel traffic in the area can also influence the risk of collisions. The bridge is in a busy shipping channel; therefore, the likelihood of incidents was higher. 
  • Safety Measures: The presence or absence of safety measures, such as buoys, warning systems, or restricted areas, can also impact the risk of collisions/allisions. This needs to be studied and are factors the authorities would know. 
  • Human Element and Factors: Errors on the part of both the ship’s crew and bridge operators can contribute to accidents. Factors such as fatigue, inexperience, or inadequate training may play a role. What led to these?  Error proofing, mistake proofing and FMEA (Failure Mode Effect & Analysis) are tools that could be part of the effective management system. 

Let us therefore consider ISO 55001 and the relevant clauses of the standard which could apply to the collapse of the Baltimore Bridge. 

Clause 4: Context of the Organization 

  • Clause 4.1: Understanding the external context, such as the age of the bridge, traffic volume, and environmental factors, is crucial for risk assessment. 
  • Clause 4.2: Identifying the needs and expectations of relevant interested parties, including the public, commuters, and regulatory bodies, is essential for effective asset management. 

Clause 6: Planning 

  • Clause 6.2.1: The bridge’s asset management plan should have included clear objectives for its maintenance, repair, and replacement. 
  • Clause 6.2.2: Specific objectives related to safety, reliability, and cost-effectiveness should have been established. 
  • Clause 6.2.3: Detailed planning for maintenance, inspections, and upgrades would have been necessary to ensure the bridge’s structural integrity. 

Clause 7: Support 

  • Clause 7.1: Adequate resources, including funding, personnel, and expertise, should have been allocated for bridge maintenance and inspection. 
  • Clause 7.2: Ensuring that personnel involved in bridge management have the necessary competence and training is essential. 
  • Clause 7.3: Raising awareness among all relevant stakeholders about the importance of bridge maintenance and safety is crucial. 

Clause 8: Operation and Maintenance 

  • Clause 8.1: Regular inspections and monitoring of the bridge’s condition would have helped identify potential problems early on. 
  • Clause 8.2: A well-defined maintenance schedule, including preventive and corrective maintenance, would have been necessary to address issues before they escalated. 

Clause 9: Performance Evaluation 

  • Clause 9.1: Establishing key performance indicators (KPIs) to measure the bridge’s performance, such as safety records, traffic flow, and maintenance costs, would have provided valuable insights. 
  • Clause 9.2: Regular monitoring and evaluation of these KPIs would have helped identify areas for improvement. 

Clause 10: Improvement 

  • Clause 10.2: The bridge’s management should have implemented a system for monitoring and measurement, including data collection and analysis. 
  • Clause 10.3: Predictive maintenance techniques could have been used to identify potential failures before they occurred. 

My objective of writing this article is to awaken this basic thought in organizations that by applying the principles of a standard, be it generic ISO 9001 or an industry specific standard or as in this case the asset management system standard ISO 55001, the organization (State of Maryland) could have strengthened its asset management practices and potentially mitigated the risks associated with the Baltimore bridge collapse. 

The above article was recently published in the Exemplar Global publication – ‘The Auditor’.

Are Medical Audits Improving Systems Or Only Driving Fixes? 

Is there a potential downside to medical audits wherein the audits are focused on finding and fixing problems? A recent discussion with a medical professional piqued my interest in the value of Medical Audits given that QMII, a subject matter expert in auditing, has ventured into the medical auditing field. This led to a conversation with a few additional healthcare professionals to understand a little more about medical audits, their findings and how organizations address them. My additional reading outlined a lack of effective systemic corrective action. In this article, I discuss some aspects of the medical audit process and what organizations can do to improve the process of audits and of implement corrective action.  

There are various types of medical audits including clinical audits, billing/coding audits, financial audits, operational audits and compliance audits. While there are regulations, protocols and standards against which these audits are conducted, in many cases, industry-best practices are also used as audit criteria. This brings subjectivity into the audit as ‘best practices’ knowledge may vary from auditor to auditor based on their experience. Auditing to an auditor’s experience has a major drawback not just in the medical industry but in all industries. It takes the auditors away from requirements which then results in biased inputs to the leadership that may be inaccurate.  This also leaves the auditee (the organization being audited) on the receiving end of findings for which there are no certain requirements. That is, they may make changes to their system based on the finding of one auditor only to find that another auditor objects to the very actions they implemented based on the previous auditor. 

Medical Audits and Recommendations 

In medical audits, it is common practice for auditors to provide recommendations to address findings. These recommendations are based on experience and industry-best practices. In ISO audits this is not allowed. In most industries, including the healthcare industry, there is no obligation to act upon any of the recommendations of an auditor. However, if auditors are perceived to be in a position of authority, then there is an underlying implication that the audit recommendation must be implemented. This is for fear of the nonconformity occurring again only for someone to say, “the auditor told you what to do and no action was taken”. This then also implies, audits do not delve deeply enough to identify systemic weaknesses within the processes or the workflow. 

In speaking with the medical professionals within my professional circle of friends, it was surprising to hear that in many cases the personnel being asked to address the audit findings are unaware of any root cause analysis methodologies nor have they been given any formal training in the subject. Further, they are not clear about what a CAPA is but do know that they need to provide some action to close out the finding. In such cases, is it then fair to expect effective corrective action? Perhaps, the lack of effective corrective actions perpetuated the need for auditor recommendations! 

Without proper training, it is but natural for personnel responding to audit findings to default to the recommendations of the auditor and implement those actions prescribed by the auditor as the corrective action in and of itself. Sadly, in such cases the root cause of the issue goes unaddressed. Sometimes such cases may lie in inadequate resources, technology or even lack of guidance/policy from leaders. While the aim of the audits is to identify where the process may require additional controls, all for providing better healthcare for the patient, the outcome may only be a band-aid. 

What can be done to change this? 

While change may not come overnight, there are a few key steps that can be taken to improve the audit process overall right up until corrective action and meet the end goal of providing better healthcare.  

Auditor training – Auditors must be trained to remain objective through the audit process, to focus on the requirements (criteria) of their audit, to focus on factual evidence and objectively assess it (yes, no experience!). Further they must understand the implications of providing recommendations and thus not provide any recommendations. The auditors are but to focus on assessing the effectiveness of the corrective action plan submitted and verifying the effectiveness of actions taken.  

Root Cause Analysis Training – Healthcare organizations must invest in providing their personnel with training in the different root cause analysis methodologies and how to apply it to identify the root cause(s) of a problem.  

Reinforcing that Recommendations need not be accepted/addressed – Organizations must be professional to build the courage to stand up to auditors and not accept recommendations. Auditors do not know all facets of the process from the short sample of the organization they witness. If their “advice” in the recommendations is wrong/ineffective, who then pays the price? 

Auditor Selection – ISO 19011 provides guidance on the behaviors and skills that an auditor should exhibit, and these are applicable to an auditor selected to conduct any type of audit. Auditors must be evaluated periodically to ensure they are remaining objective through an audit and working to identify the effectiveness of controls and adequacy of resources in assessing if the overall objectives have been met. To learn more about how QMII can support your organization’s audit process, click here

Julius DeSilva, Senior Vice-President

Excellence in Auditing Presented by Dr. IJ Arora for Exemplar Global

“How Auditing Helps Prevent Tragedy,” presented by Dr. IJ Arora with Wendy Edwards (Project Director of Exemplar Global) at the Exemplar Global’s Excellence in Auditing Expo!

Click the link here to understand the critical role auditing plays in averting potential disasters. Whether you’re in risk management, quality assurance, or simply interested in safety and security, this discussion offers valuable perspectives and actionable takeaways.

Link to the Presentation

Can Boeing Ship a Lengthy-Time Period Approach to their 737 MAX Issues?

Dr. IJ Arora

Boeing is within the highlight once more with its 737 MAX planes, that have already had a deeply bothered historical past. Buyer center of attention (which is clause 5.1.2 of ISO 9001 and AS9100) turns out to were misplaced someplace.

I’ve learn a number of contemporary articles on those incidents in addition to Peter Robison’s ebook Flying Blind: The 737 MAX Tragedy and the Fall of Boeing, all of which level to a worsening scenario for Boeing. The general public belief of this nice American corporate, which has all the time been dedicated to top-class engineering and depended on merchandise, is converting from one among admire to one among warning. Vacationers are questioning, “Must I fly in a 737 MAX?”

Boeing and the aerospace {industry} normally have excessive requirements for high quality and product protection. On this article, I postulate whether or not an organization’s high quality control machine can ensure that not anything is going fallacious for patrons. Can it make certain perfection? If no longer, what are the choices—and why have one in any respect?

What took place and who’s accountable?

For the ones no longer acquainted with the 737 MAX incident in January, in a while after an Alaska Airways flight departed from Portland, Oregon, a cabin door panel blew off. As investigations are nonetheless ongoing the reasons have no longer but been totally decided. Boeing additionally had a tool factor at the 737 MAX, ensuing within the crash of a Lion Air flight in 2018 and an Ethiopian Airlines flight in 2019.

Right here in the US, the Federal Aviation Management (FAA) performs a vital function in offering laws to make sure flight protection, and likewise supplies oversight of plane producers, airports, and upkeep suppliers. On the subject of the Alaska Airways flight, it kind of feels that the FAA didn’t uphold its depended on function. The FAA’s a large number of assessments and balances, maximum of that are meant to concentrate on buyer protection, had been like aligning holes in slices of Swiss cheese. It’ll be fascinating to peer what adjustments this incident brings about on the FAA. On the other hand, can regulatory oversight ensure protection of flight?

The AS9100 same old, which is restricted to the aerospace {industry}, isn’t the brainchild of a unmarried entity, however fairly a collaborative effort pushed by means of two key gamers:

  1. The World Aerospace High quality Staff (IAQG). This global group brings in combination representatives from aviation, house, and protection firms around the Americas, Asia/Pacific, and Europe. They actively take part in growing, keeping up, and updating the AS9100 same old.
  2. Standardization organizations. Those our bodies, such because the Society of Automobile Engineers (SAE) within the Americas and the Ecu Affiliation of Aerospace Industries (now the AeroSpace and Defence Industries Affiliation of Europe), formally submit and distribute the usual.

You will need to word that AS9100 builds upon the root of the extra normal ISO 9001 high quality control machine same old. Whilst ISO 9001 lays the fundamental framework, the IAQG provides industry-specific necessities a very powerful for making sure protection and high quality within the aerospace area.

Along with the producer and the FAA, the landlord/lessor of the plane additionally performs a task in making sure the aircraft is correctly maintained. This comprises settling on a reliable upkeep supplier, hiring competent engineers, and having powerful processes in position. With such a lot of other stakeholders, can blame be attributed to only one when injuries occur? Moreover, must blame be the secret? Possibly no longer! You will need to word that the machine is applied to toughen every consumer and that each one stakeholders within the worth chain play their phase as effectively.

Audits, inspections, and control methods: Are those the answer?

In the back of each tragedy, casualty, and mishap is a series of comparable occasions. The instant suspect when these kind of vital screw ups happen are deficient inspection protocols, possibly even the feared “human error.” On the other hand, this can be the low-hanging fruit and a deeper dive would possibly establish different causal elements, akin to asking if the standard audit failed.

What’s the distinction between an audit and an inspection? Can they change every different or are inspections by myself sufficient? The straightforward resolution is not any! Each are wanted because of elementary variations in method. Audits take a look at the processes to make sure the control machine produces conforming services and products. An effective control machine should come with the next, to call a couple of:

  • It should be well-defined, beginning with the “as-is” state of the machine.
  • Dangers should be known (clause 6.1) according to the context of the group (clauses 4.1 and four.2).
  • A transparent definition of the product should be known.
  • Efficient audits and periodic evaluation should be undertaken by means of control.
  • Outsourced processes should be managed.

Inspections play the most important function by means of figuring out defects previous to unlock, thus protective no longer most effective the buyer/buyer/consumer/warfighter, and so forth., but in addition the recognition of the group itself. With that stated, inspections don’t give a contribution to power development as a result of they center of attention on fixes versus long-term answers. In impact, they don’t in reality upload worth for the reason that group has already incurred the price of generating the faulty phase or product. The creators of the Toyota Manufacturing Machine (i.e., lean) got here up with the Andon procedure to catch a defect as early within the procedure as imaginable as a way to repair it sooner than the issue went too a ways down the road.

Control methods aren’t only a choice of paperwork. To serve as correctly, they require dedication in any respect ranges of the group, together with height control offering the wanted assets. It takes time to construct a tradition of high quality wherein shortcuts are have shyed away from and there’s no worry of talking up. Buyer center of attention should no longer be compromised. As an example, unlock of conforming product must cross throughout the procedure particularly referred to as out by means of clause 8.6; any interference by means of height control to truncate this procedure would suggest the lack of buyer center of attention. Is that this an opportunity? Possibly, however the investigation should expose the reality. On this case of the Alaska Air incident each the Boeing consumers and Boeing as an organization have suffered. It’s my hope that investigators will establish all failed portions of the machine from every accountable birthday celebration. Those would possibly come with no longer most effective failed inspections, but in addition suboptimal processes. This may finally end up taking us again to an insufficient high quality control machine.

High quality control methods: Can they ship?

Given the above, can a correctly designed and well-audited control machine (supported by means of excellent inspection tactics to assist make certain conforming product) ensure that not anything is going fallacious with a company’s output? My opinion is that no person can ensure this utterly. On the other hand, possibility can indisputably be very much decreased when the entirety is applied effectively. This comprises the educational of team of workers, which correlates strongly to competence; sadly, that is ceaselessly the primary price range to get minimize when assets are scarce.

When high-visibility incidents like those happen, it can be forgotten that airplanes stay the statistically most secure mode of go back and forth on earth. That is essentially because of powerful high quality control methods, well-adopted regulatory frameworks, and common oversight. People play the most important function within the good fortune of the control machine, from the dedication on the height to the buy-in by means of the body of workers (clause 5 to clauses 7.1.3, 7.1.4, and 10.3). Taken in combination, this is helping create an atmosphere the place high quality can flourish inside the group.

Boeing could also be doing so much accurately, and but the consequences may well be unacceptable relying at the efficiency of outsourced processes (clauses 8.41/8.4.2/8.4.3). In spite of everything, the fuselages for the 737 MAX are made by means of Spirit AeroSystems Holdings Inc. Spirit AeroSystems is positioned in Wichita, Kansas; as soon as those fuselages are manufactured, they’re shipped by means of rail to Boeing’s facility in Renton, Washington. Due to this fact, no longer most effective is a significant part of the 737 MAX outsourced, however the delivery and preservation of product (clause 8.5.4) additionally may just give a contribution to the product’s nonconformity. General, Boeing stays chargeable for all the provide chain (clause 4.3), with their legal responsibility to “make certain conformity of its services and products and the enhancement of shopper delight.”

Even with a cast high quality control machine in position, this or identical screw ups can happen. There’s no technique to guarantee the general public of 100-percent acting (i.e., highest) output. The worry within the minds of air vacationers is legitimate and can stay so till an exhaustive root motive research of this factor is carried out and the ones root reasons are resolved. The present occasions beg the query: Did Boeing make stronger their control machine after the Ethiopian Airways 737 MAX crash? If that they had bent to the oars and long gone deep into their evaluation to discover and completely repair the holes of their control machine, this tournament would possibly by no means have happened. Floor corrections, or what some organizations name “repair -it” answers, most effective take away the indications. The foundation reasons should be addressed and resolved (clause 10.2.1). There aren’t any shortcuts to high quality.

In conclusion

It has taken years for air vacationers to really feel protected and unconcerned about air protection. I go back and forth so much the world over, and ceaselessly select an airline according to their carrier and luxury, however now I (in addition to the wider public, I might consider) want to imagine which plane will delivery us. This can be a new worry about product protection that has its genesis in Boeing no longer working its control machine successfully and shedding buyer center of attention. The worst is the erosion of public self assurance in federal oversight and its intent to stay the client protected.

I’ve spent my lifestyles learning identical complicated issues and main groups in serving to organizations in finding long-term sustainable answers. This calls for daring and dynamic management (clauses 5.3 and 5.1) for leaders to plot and enforce alternate. Appreciating and accepting dangers (i.e., protecting the client in center of attention) and transferring ahead is integral to true management. Ethics continues to be no longer a clause of ISO 9001 and AS9100, however moral management is ready doing the proper factor for all stakeholders.

In seminars at which I provide, I ceaselessly ask senior managers: “When you have a decision between following the process and/or doing the proper factor, what would you do as a pace-setter?” The solution—I’m hoping—is to do the proper factor always. However then, hope isn’t a plan. Air protection can’t be according to hope and religion. Boeing wishes the management to revamp their machine if they’re to carry the general public consider again for this nice American corporate.

Concerning the writer

Dr. IJ Arora, Ph.D., is the President and CEO of QMII. He serves as a workforce chief for consulting, advising, auditing, and coaching relating to control methods. He has carried out many lessons for the US Coast Guard and is a well-liked speaker at a number of universities and boards on control methods. Arora is a Grasp Mariner who holds a Ph.D., a grasp’s level, an MBA, and has a 34-year file of accomplishment within the army, mercantile marine, and civilian {industry}.

Hyperlink to the thing characteristic in Exemplar International e-newsletter – “The Auditor”