Prof. Nancy Leveson is an expert in the safety of systems. She is Professor of Aeronautics and Astronautics at MIT. She created the STAMP approach (Systems Theoretic Accident Model) and has written a book on systems theory applied to safety, a draft of which is available here: Engineering a Safer World: Systems Thinking Applied to Safety.
Among her accomplishments are the application of her safety systems theory to the US Missile Defense Agency. Her approach was not to evaluate the reliability of the various individual systems, some of which were modern and some of which were cold war era systems, but to review the safety of the entire huge integrated system. Prof. Levenson wrote:
The analysis found so many scenarios for inadvertent launchings that the deployment and testing phase of the new US missile defense system was delayed for six months while they fixed them.
Thanks for taking care of that little safety hazard for us, Prof. Levenson.
One of the conclusions of Prof. Levenson’s study of why accidents happen helps us sheds light on the importance of certain lean management principles in maintaining what we might call “enterprise integrity” – the ability of our organizations to manage resources and fulfill their purpose year after year. The findings are that there are three common reasons accidents happen:
1. Operational degradation. Instead of making processes safer over time, processes become less safe either as a result of neglect, natural degradation or because people become complacent after years of no accidents and begin to cut corners.
2. Asynchronous improvement. When one part of a system is sped up, upgraded or otherwise improved, this can result in another part of the system being unable to keep up or operate properly and safely.
3. Uncoordinated and dysfunctional interactions. Individual system components may function properly but act on different sets of instructions, such as when the standards are loose and allow more than one choice to be taken. These choices harmless on their own but can result in the system to function unsafely.
This sounds exactly like the types of system dysfunction that lean management seeks to address.
First we see operational degradation anytime there is a lack continuous improvement and the pursuit of a loss-free condition within an organization. The lean principles that act as countermeasures to operational degradation include small-scale daily improvement activities such as suggestion schemes, autonomous maintenance activity on equipment, an abundance of visual controls, and daily check by leaders who go to see the real condition of the gemba with their own eyes. In a nut shell this is daily management.
Second, what we call local optimization in lean parlance Professor Levenson calls asynchronous improvement. The lean principles that act as countermeasures to this are value stream analysis and design, using system-level metrics such as end-to-end lead-time and total cost of ownership instead of utilization and piece price, as well as creating workflows based on one-piece lot sizes that allow for imbalances to become quickly visible.
The lean practice of customer focused, value stream improvement projects addresses asynchronous improvement.
We see uncoordinated and dysfunctional interactions at various levels within an organization, but the lean countermeasure is to engage the top management and apply hoshin kanri or policy deployment. This may require starting from purpose (mission), vision and values of the organization, identifying the vital few breakthrough activities to focus on, revising the key performance metrics or establishment of a balanced scorecard to align both results and process metrics, and communicating unambiguous standards and responsibilities. Coordinating interactions is fundamentally a leadership issue rather than a process level issue and must be addressed by first building the proper foundation and support for continuous improvement within an organization.
This systems theory of safety may be a useful alternative means to persuading highly intellectual leaders on the importance of lean, when the standard rhyme of “flow, pull, pursue perfection” is not getting through. After all, if the thought process behind STAMP is robust enough to stamp out the possibilities of accidental launches of nuclear warheads, it can certainly be applied to prevent the daily accidental launches of huge sums of money into the dust bin by well-intentioned enterprises worldwide.