Once the incident pathway has been identified, the investigation turns to identifying the status of those controls at the time of the event. Controls must fail partially or fully for an incident to occur (Categories 1 and 2 above) but failed controls may also be identified through audits or verification (Category 3 above). If those controls are important or critical an investigation should be initiated.
Learnings about failed (and successful) important or critical controls usually affect multiple potential risks. As such, addressing those failures and their erosion factors can have a greater impact on improving priority risks then some current investigation outcomes.
For example, let’s consider a haul truck / light vehicle near hit. If a BTA has been done for that type of incident there should be defined Acts, Objects and Technological Systems for preventing a set of related Threats. Operations related Threats might include ‘operating to site requirements (practices, rules and procedures)’. The investigation may find that the light vehicle operator did not contact the haul truck operator before approaching to less than 50 meters (the site ‘rule’). The Act of getting clearance is a control on the BTA Threat line.
The truck may also be designed so the ground access is located on the driver side to increase the likelihood that the operator will see an approaching person or vehicle. In our example, this failed to warn the haul truck driver. This truck design feature is an Object control, also in the BTA. Finally, the vehicles proximity detection system warned the operator that the light vehicle was too close, which caused him to stop the truck and pg. 5 © Jim Joy & Assoc Pty Ltd (2014) investigate, finally seeing the light vehicle. In this case the proximity detection system worked; a Technological System control from the BTA.
The investigation can then examine each of the 3 controls to identify why they failed or succeeded (successes are worth communicating too!). Methods that identify ‘upstream contributors’ are fairly common in current investigation methods. Erosion factors for failed important and critical controls are upstream contributors to control failure. The identified contributors suggest improvements that should enhance the control’s effectiveness in future. Again, upstream erosion factors that may contribute to failures such as important or critical acts may be relevant to many other potential incidents. As such, they are very important learnings. Should the incident not have an existing Bowtie or not have a clear event path, then other investigation methods may be more appropriate. An Energy Control Trace is illustrated below. Note that the hazard is the energy source that has done or could do damage in an incident. This method is simply a more analytical version of the swiss cheese concept above.