I was chatting on Facebook about engineers and our occasionally twisted sense of humor when I imagined the hallway at General Motors after the design review on the faulty ignition switch that has led to several fatalities. “How many soccer moms do you think we’ll kill, Bob?” “Oh, maybe a dozen — is that too many?” “Let's ask the corporate lawyer — he’s part of the design team. Don’t forget to ask the accountant. He’ll say an extra 10 cents a car is too much to spend.”
Whether you call this twisted humor or just perverse, it does bring us to our topic: ethics. I didn’t mention personal responsibility; we share that with our managers, superintendents, operators, customers, accountants, CEOs, government regulators and even the corporate lawyers.
Let’s start with a common problem. A rush turnaround project lacks sufficient physical data. The budget and schedule won’t allow a lengthy analysis and physical data are poor. The engineering firm doing the project is told to finish the work in a week so the pressure safety valve (PSV) can be ordered to meet the schedule. The plant won’t spend the money to hire additional engineers; it just wants the PSV ordered.
Now, consider three key points: 1) responsibility is diffused; 2) hasty decisions are far more likely to be wrong; and 3) hindsight bias always will get you.
Responsibility for the PSV is divided. If the valve causes an accident, the engineering firm can argue that it wasn’t given enough time, data or resources to do the job. The plant will counter that it hired experts because it just makes chemicals. The control principle says that people are responsible for situations they control. The plant is using inverse logic: “We are not experts so we are not responsible.” In our business, management often passes responsibility off to vendors, contractors, accountants, and even other departments.
Another tactic to diffuse responsibility is avoidance. This often takes the form of oversizing. For instance, instead of investing the effort to adequately grasp a process, engineers will specify — for no explainable reason — a control valve that normally operates at 30% open but occasionally runs at 100%.
A third tactic is substitution. We will replace a unit operation or a chemical because we don’t want to spend the time to understand the risk it poses. This opens up a golden opportunity for any competitor willing to figure out what we side-stepped.
We all understand the risk inherent in hasty decisions, although maybe not at the time. Many have learned to their regret that rectifying a design error during commissioning incurs a massive financial penalty.
Hindsight bias often afflicts people reviewing a mistake after the fact. They see the correct answer as obvious and call you an idiot. This, of course, infuriates you because they didn’t have to contend with all the pressures and uncertainties during the “fog of war” when the decision actually was made. However, regardless of diffusion, good excuses and the right intentions, you share the ultimate responsibility of failure. Wrong is wrong.
Here’s another moral dilemma to grapple with: A specialty chemical company stores a flammable liquid with an extremely low minimum ignition energy in enclosed tanks. It considers the tops of these tanks to be Class 1, Division 2, Group B. In its view, an explosion-proof instrument enclosure (NEMA 8) will suffice, although that will mean losing the instrument if the chemical leaks into the enclosure and explodes. According to the National Electrical Code, as recognized by OSHA, the company is correct. In fact, NEMA 8, i.e., explosion-proof, is acceptable for Division 1; following the standards, it’s overkill for Division 2. Sometimes codes are wrong. If you consider a fire triangle, containing the immediate hazard won’t avoid a potentially worse catastrophe when the instrument doesn’t work anymore. What should you do? Fight for Division 1 and try to exceed the OSHA specifications because these are poorly defined. Push for intrinsically safe instruments in nitrogen-purged boxes (NEMA4X). Purging keeps the chemical at a safe level, below 25% of its lower explosive limit, and an intrinsically safe instrument draws less current than that necessary to cause a spark. At least get an intrinsically safe device so that one side of the triangle isn’t complete. In this case, the company changed the area to Division 1 but kept the explosion-proof requirement. What if you fail to convince your firm? Document the error in judgment. However, you’re not free. You must live with the fact that you will share some of the blame if someone dies.
Remember there always will be uncertainty when relying on safety standards. So, don’t push the limits, no matter how right that seems at the time.
DIRK WILLARD is a Chemical Processing contributing editor. He recently won recognition for his Field Notes column from the ASBPE. Chemical Processing is proud to have him on board. You can e-mail him at firstname.lastname@example.org