for modelling complex socio-technical systems

THE STUDY and practice of safety tacitly assumes that we know how things are done or should be done. Since humans – and organisations – are supposed to follow procedures, rules, and guidelines, accident investigation and risk assessment alike assume that compliance is the norm. The purpose of safety analyses is consequently to understand why the outcome of an action or a series of actions (an activity, an operation) was unacceptable (adverse) rather than acceptable (successful) – as in event investigation – or how that could possibly happen in the future – as in risk assessment.


IN REALITY work is never completely regular or orderly, except in very special cases. It is therefore inadvisable to assume that work is as we imagine and that compliance guarantees success. Work-as-done will always be different from work-as-imagined because it is impossible to know in advance what the actual conditions of work will be, not least what the demands and the resources will be, which means that it is impossible to provide instructions that are detailed enough to be followed ‘mechanically.’ A safety analysis must therefore begin by establishing how work is actually done, how everyday performance takes place, and how things go right, as a prerequisite for understanding what has or could go wrong.


THE REASON why everyday performance nevertheless in most cases goes right is that people – and organisations – know or have learned to adjust what they do to match the actual conditions, resources, and constraints - for instance by trading off efficiency and thoroughness. The adjustments are ubiquitous and generally useful. But the very reasons that make them necessary also means that they will be approximate rather than precise. Approximate adjustments are the reason why things usually go right, but by the same token also the reason why things occasionally go wrong. Things do not generally go wrong because of outright failures, mistakes, or violations. They rather go wrong because the variability of everyday performance aggregates in an unexpected manner. This is captured by the principle functional resonance that is the basis for the FRAM.


THE FRAM is based on four principles: the equivalence of failures and successes, the central role of approximate adjustments, the reality of emergence, and functional resonance as a complement to causality. The FRAM does not imply that events happen in a specific way, or that any predefined components, entities, or relations must be part of the description. Instead it focuses on describing what happens in terms of the functions involved. These are derived from what is necessary to achieve an aim or perform an activity, hence from a description of work-as-done rather than work-as-imagined. But functions are not defined a priori nor necessarily ordered in a predefined way such as hierarchy. Instead they are described individually, and the relations between them are defined by empirically established functional dependencies.


© Copyright Erik Hollnagel 2016. All Rights Reserved.