Normalization of deviance

A year and a half ago, I wrote about disasters—and about how hard it can be to see them coming. I made the point that when we analyze a disaster retrospectively, we are likely to be led astray because we know how it's all going to turn out. Because of Hindsight Bias, in particular, we think it should have been obvious to everyone that a disaster was imminent, when in reality it might not have been clear at all. It is important to remember this bias when we try to understand a disaster, so we can look at events with the eyes of those who participated in them, to derive working lessons for the future.

But not all disasters are like this. Sometimes the risk of a disaster really is obvious to the people involved at the time, according to data they already have—they see the data, they understand the risk, and then somebody decides just to go ahead and do it anyway.

The Challenger disaster

"On January 28, 1986, Space Shuttle Challenger broke apart 73 seconds into its flight, killing all seven crew members aboard. The spacecraft disintegrated 46,000 feet (14 km) above the Atlantic Ocean, off the coast of Cape Canaveral, Florida, at 16:39:13 UTC (11:39:13 a.m. EST, local time at the launch site). It was the first fatal accident involving an American spacecraft while in flight."*

What happened? It was a cold day, and the rubber O-rings which sealed a joint in the right Space Shuttle Solid Rocket Booster were stiff. So they didn't seal the joint adequately. Shortly after liftoff, gases from within the rocket booster leaked out and started to burn through the larger structure. Now, the space shuttle and all its launch framework were made out of steel—of course. But the rocket boosters burned at 5600℉; and at that temperature, steel boils!** (Not melts—boils.) So naturally the whole assembly burst apart.

But how much of this could we have predicted ahead of time? It turns out the answer is, All of it. Recently I ran across a lecture on YouTube that breaks it down.*** (This lecture is saved in four parts, of which the first two discuss the Challenger disaster from a Quality perspective. The other two parts give valuable advice for managing your career and your life, but I won't focus on them here. You can scroll to the bottom of this post to find links to the lecture itself.)

In summary, the speaker (Mike Mullane) explains the sequence of events. 

• During the initial design reviews, the O-rings were designated at "Criticality 1," meaning that a failure could entail the destruction of the vehicle and the loss of life. "Criticality 1" also meant that any damage to the O-rings constituted adequate cause to abort the mission and redesign the shuttle. 
• Sure enough, after the shuttle's second flight (years before Challenger), the team recovered the parts and detected damage on the O-rings. 
• But for this and that reason the team decided to go ahead with a third launch, and the third flight was fine.
• In future flights, sometimes the O-rings were damaged and sometimes they weren't.
• After-action reports regularly called out the risk posed by damage to the O-rings. Multiple memos, over a period of two years or more, described the O-ring issue as "urgent." 
• But each flight was successful. So the project got the idea that the O-ring problem wasn't that big a deal. Every time the issue was raised, it was granted a standing waiver.
• Until, of course, one day it was a big deal after all ....  

What is the normalization of deviance?

Mullane explains that the "normalization of deviance" stems from nothing more than the natural human tendency to take shortcuts under pressure. We know what the "right" way to do a job is, and when we are relaxed we are happy to follow it. But then time runs short, or money runs short, or something else happens—it could be anything, really—and we get under pressure. So we take a shortcut, to make the job easier.

And most of the time, after we take that shortcut ... nothing happens! The job gets finished with no problem. So the next time we are under pressure, we remember that shortcut and do it again. And then again. Pretty soon, the "shortcut" has become the normal way of working. The "deviance" (a deviation from the defined and approved method) has become "normalized."

We've seen this before. Last year, when I was writing about Boeing, I explained how their cost-cutting drive led them to gut what used to be a robust safety management system. One of the factors at work was exactly this dynamic. I wrote:

They [Boeing management] found, empirically, that they could eliminate one Quality inspection, save a few dollars, and no planes fell out of the sky. OK, good. How about eliminating two inspections? Three? Four? Where do we stop? You can see how, in the absence of visible negative feedback (like an increased accident rate), this could get out of hand quickly.

That's what happened with Challenger. Word for word.

How do you protect against it?

Fine, how do we avoid this?

The short answer is almost too simple: Don't do that! But that sounds obvious, and yet this dynamic continues to afflict people every single day. So really, what do we do?

Mullane lists four points that he thinks are critical:

1. Recognize your vulnerability: Everybody thinks, It won't happen to me. I know all about this problem, so that makes me immune. I watched a video on YouTube. I read a blog post in Pragmatic Quality. I know better than to fall into this trap. Nice try. But the other people, those ones who did fall into this trap? They were plenty smart too. All of them "knew better." But when they felt pressured, their brains reacted automatically. It can happen to you too, exactly the same way. So watch for it.
2. Execute to meet standards: This is the core of it. Plan the work, and then work the plan. Mullane explains the Air Force has a saying, "The flight manual is written in blood." In other words, every instruction in the flight manual was put there because one day somebody did something different and it turned out badly. Don't let the next one be you. If the manual says, "Abort the mission when the red light flashes," and then the red light flashes, ... abort the mission. Simple as that. 
3. Trust your instincts: Mullane makes a big point of saying that we often know more than we understand consciously, and that our instincts are there to keep us alive. So if something just feels ... off, somehow ... wrong, but you can't put your finger on quite why ... trust that feeling. Probably the thing really is wrong, and at some level you even know why. It just hasn't percolated up into your consciousness yet, but it will.
4. Archive and review near-misses and disasters: Learn from other people's experience, so you don't have to go through the same thing. Look at the disasters—or the near-misses, where things came out fine but almost didn't—that your own team has experienced. But then try to find out about other teams as well. Look for the big disasters (or near-misses) in your industry, the ones that make the news. Read everything you can, and then flow down to your team what you have learned.

And then, if we do those four things, are we home free?

I'm pretty sure nobody can promise that. But if you do these things you'll be miles ahead. And you will have reduced the odds of normalizing deviance as far as you can.

If you want more details, Mullane's lecture is a good one.

Mike Mullane's lecture, part 1/4: What is normalization of deviance?

Mike Mullane's lecture, part 2/4: How do you protect against normalization of deviance?

Mike Mullane's lecture, part 3/4: Responsibility: https://www.youtube.com/watch?v=Wuk_DoX-rz8

Mike Mullane's lecture, part 4/4: Courageous self-leadership: https://www.youtube.com/watch?v=DABsxJtNcYg

__________

* Quoted from Wikipedia, "Space Shuttle Challenger disaster." I have used this article for basic information about the disaster.  

** For specifics see this flyer from Northrop-Grumman on the Five-Segment Booster, especially the "Booster facts" on page 1. 

*** The lecture was posted to YouTube about ten years ago, but I don't know when it was given. The speaker is Mike Mullane (website, Wikipedia), an engineer, weapon systems officer, retired USAF officer, and former astronaut. He was talking to the International Association of Firefighters (IAFF) about the "Normalization of deviance."      

        

Why logistics matter

If you are in the business of making and selling things—I mean physical objects, like shoes or handbags or computers or cars—what part of your organization needs Quality? We all know that we are supposed to say "All of it," but in practice where does the attention go? I spent most of my career working with design engineers, so I know there's a lot of Quality attention on design. And many of the basic Quality tools were first developed in the manufacturing environment, so clearly there's a focus on manufacturing. But after you've designed and built the product, what's left? Toss it in a box and call UPS? How hard can that be?

Not so fast.

Last week, on September 9 at about 8:45 am, the container ship Mississippi docked at Pier G of the port of Long Beach, sailing under a Portuguese flag, two weeks after departing from the Yantian port in Shenzhen, China.* Everything seemed fine until the crew started to release the straps holding the containers down. But at that point some of the containers began to slide, crashing into others like a row of dominoes and falling into the water. No injuries were reported at the time, though the next day one worker reported a sprained ankle. But sixty-seven containers fell, into the water or onto the dock.

So far, I have not been able to find any story that identifies a root cause for the failure. But it might have been something very small. I can imagine that one container wasn't aligned quite right, or that a piece of debris kept it from settling snugly into position. Then the containers stacked atop it would have been similarly out of kilter. I'm certain that the port where the ship was loaded has strict procedures to prevent misalignment of containers; but I also know that when the forces are that large—each of these containers weighs from two to four metric tons even when empty—it doesn't take much. The slightest mismatch or error can bring about catastrophic collapse.

And the consequences are out of all proportion to what must have been a small, subtle root cause.** 

• Sixty-seven containers fell into the water or on the deck. Presumably the goods inside those containers—goods bound for retail stores across America—are all ruined. 
• But the ship isn't empty. There are still plenty of other containers on-board, only many of them are now leaning at a funny angle so that they can't be offloaded with the normal equipment. 
• A 500-yard safety zone has been secured around the Mississippi by the Coast Guard, so that other ships don't collide with it, or with any of the floating containers. 
• And Pier G can't be used for any new vessels as long as the Mississippi is docked there. How long will that be? Officials say it could take weeks to finish clearing up the site. So this accident has a follow-on effect on the operation of all Long Beach Harbor.

Just for perspective, Long Beach Harbor is one of the nation's busiest. Forty percent of all shipping containers that arrive in the United States travel through either Long Beach or the immediately adjacent port of Los Angeles (in San Pedro). Disrupting its scheduled operations even partially will trigger new delays on and on, far downstream.

So yes, Quality matters just as much for your logistics as for any other part of the operation—especially now, when supply chains reach around the world. After all, the products you make won't do much good if you can't get them to your customers. And even tiny errors can cost you dearly.

YouTube has multiple videos with news of the disaster. Here's one, as an example:  

__________

* I used the following news articles as source material for this post:

• Cargo containers toppled off ship in Long Beach port | AP News
• Clean up efforts continue at Port of Long Beach after cargo containers fell into water | FOX 11 Los Angeles
• Dozens of cargo containers tumble off vessel at Port of Long Beach - Los Angeles Times
• More than 60 shipping containers fall off cargo ship into water at Port of Long Beach - ABC7 Los Angeles
• Unified Command Responds to Fallen Containers at the Port of Long Beach - Port of Long Beach

** I say the cause "must have been" small because otherwise somebody would have caught it and corrected it!

            

Quality when you have no choices

Last week I argued that Quality has a role in determining the attitude management should take towards workers in the organization; because if management doesn't offer the rank-and-file such simple considerations as respect, truth, transparency, and justice, the organizational machinery is going to break down. In that sense, I said that showing your people respect and justice are just a form of preventive maintenance.

Was I wrong?

I got a reply telling me I was wrong. Specifically, this reader argued that sometimes people are trapped and can't walk away. She reminded me that I have written before about monopoly situations (like public utilities) where competition is absent, and that in such cases customer care often takes a back seat. 

As an aside, it is clear to everyone how these two cases are the same?

Under a monopoly, one party (the seller) provides a good, often a necessity (like gas, electricity, or water). So long as he continues to provide it, he can charge more or less whatever price he wants and can offer more or less whatever level of service he chooses. People who need the good in question will continue to buy from him because there are no alternatives.

By the same token, if membership in some organization offers benefits that some people can't do without—or if an employer hires people who can't afford to quit—those people will stick with the organization on (more or less) whatever terms the organization chooses to offer, because there are no alternatives.

The full comment introduces other examples as well, ranging from slaveholding to contracts with teaser rates. But in all cases the topology of the power relations is the same, even if the magnitudes are very different. 

Anyway my critic concluded—with respect to the discussion of ASQ's current controversies that started this whole thread—that "if there is a benefit to membership that’s (a) independent of the local programs, and (b) unavailable elsewhere, it seems to me that ASQ leadership can do whatever they darn like with your dues, and you members just have to lump it."

"We don't care. We don't have to."

It's a logical argument. We've already discussed that if the lines are too long when you go to renew your driver's license, you can't just patronize a competitor instead; so, perhaps unsurprisingly, there is usually a line. If a public utility messes up your service order, you may not have a lot of recourse short of contacting the regulatory entity that oversees them. And everyone remembers Lily Tomlin's famous line as Ernestine the telephone operator—even people who aren't old enough to remember Ernestine herself: "We don't care. We don't have to." (Ironically, she was spoofing the phone company, which is no longer a monopoly.)*

As for ASQ, whose management controversies, as I say, started this whole thread, there does seem to be a sense in some quarters that the membership are responsible to the management and not vice versa.

• On the one hand, there are regular exhortations from ASQ management encouraging the local sections to find new ways to attract and retain members.
• On the other hand, as noted in an earlier post, headquarters has cut off all the regular remittances of member dues to the local sections (notwithstanding that people are sensitive to loss).
• Nor was there discussion or consultation with the section leadership in advance of this decision (notwithstanding that people are sensitive to slights).
• Nor has there been any public discussion of these controversies inside ASQ. In fact, just last week there was an update to the Community Guidelines for the myASQ discussion forums, forbidding discussion of ASQ's Board of Directors or their decisions.** Nominally the update was to "ensure myASQ remains a welcoming, helpful space focused on our shared professional interests." But concretely that means, among other new provisions, that "Community members shall refrain from using myASQ for activities related to the ASQ Board of Directors or other Society elections, including posting discussions, blogs, and direct messages, unless explicitly authorized in writing." It is not clear to me whether ASQ hopes to keep members from finding out about the controversies, or just wants to push discussion to other locations. (There is extensive discussion on LinkedIn, for instance.) Either way, these developments have all taken place notwithstanding that people can judge independently of how you want them to.

So on the face of it, it does look like there is some point to my critic's argument.

Yes, but no

But I think "on the face of it" is the key qualifier. In general, exploitative monopolies can succeed in the short run, but they fail in the long run. Unless they offer benefits that are worth the cost, in the long run people figure out how to make other arrangements.

My critic talked about slavery. I am no expert in the economics of slaveholding, and I will leave any discussion to those who are. But if we look at a situation that was similar in some respects—I'm thinking of mandatory collective labor in the old Soviet Union—everyone knows that the private or black market economy was far more productive than the official, collective economy.*** It's true that most people couldn't run away. But they were often unmotivated. We've discussed before that the deepest source of Quality is love. For that very reason, though, if you don't care about what you are doing then your work will be no good. It will be at best transactional: Do this to get that. Pretty soon that becomes Do as little of this as you can get away with to get that. If everyone else is doing the same thing, the whole enterprise becomes a house of cards. The joke in the Soviet Union ran, "They pretend to pay us, and we pretend to work."

Think about it for a couple of minutes and you can come up with any number of other examples. It is true that sometimes the obstacle posed by this or that monopoly is very large. It may seem insuperable. But sooner or later, someone will find a way around it, if the monopoly doesn't fall apart first (like the Soviet Union) from its own internal inefficiencies. The only reason Christopher Columbus tried to reach Asia by sailing west was that the people who controlled the overland route were charging too much for spices.

What about ASQ? The society sells educational materials related to Quality, and it offers certification in the various Quality disciplines. These goods are professionally valuable to anyone in the field. In the terms posed by my critic above, they are "(a) independent of the local programs, and (b) unavailable elsewhere"—at least today. But strictly speaking you don't have to be a member to buy them. Members get a discount on classes and certifications, but non-members can buy them too. So is membership worth it? That's a personal decision, but it does give you the chance to make personal and professional connections with other members. And for some forty thousand people worldwide the answer is plainly Yes.

On the other hand, membership has been dropping. ASQ does not formally advertise membership totals, but Google estimates the following numbers overall:

• In the 1990’s: 136,000 members
• In the early 2000s: 100,000 members
• In 2010: 80,000 members
• In 2020: 52,456 members
• In 2024: 40,000+ members

Was this decline caused by the controversies over ASQ management? There is no way to know. All we can say is that it is consistent with what we might expect if members were unhappy with the direction the society's management had taken, but did not think they had the means to change it. But there could be any number of other causes as well. And, as Quality professionals, we know better than to jump to conclusions.

In the end, I stand by my argument that Quality matters in management. Yes, it is always possible for someone to mistreat his employees in the short run and still get some kind of results. But in the long run, such a system will get brittle and sluggish and fall apart. It's the same thing in the market: in the short term, a fast-talking shyster might fleece a few people out of their cash by selling them the Brooklyn Bridge, or gold-painted rocks. But it never lasts. 

__________

* Yes, this counts as "foreshadowing."

** By a remarkable coincidence, the update came shortly after I published this blog post here.

*** "Collective farmers were allowed to cultivate small plots of land and sell surplus produce in private markets. These private plots, though only about 3% of all farmland, produced a quarter of the country's agricultural output." See this article, "How Did the Soviet Economic System Affect Consumer Goods?" by Andrew Ancheta, Investopedia, September 09, 2023.     

      

The Seven Quality Management Principles (Quality Magazine)

Last week, Quality Magazine published my article, "The Seven Quality Management Principles." It's their article now so I won't post the text of it here, but you can find it by following the link. I hope you find it useful! 

Quality in management

Last week, I raised the question whether Quality has anything to say about how an organization manages its people and resources internally. To ground the discussion in a concrete example, I referenced a dispute that is currently under way inside the American Society for Quality (ASQ) about funding and budgetary priorities; but honestly I could have picked any number of other companies instead. There's nothing special about the ASQ controversy. From my point of view, really, there were only two benefits to writing about this example: first, I'm a member of ASQ so I happen to know about it (because the topic is unfolding around me in real time); and second, the critical details are already available in public so I could discuss them without violating anyone's confidentiality. (If you check last week's article, you will find footnotes with URL links for all of the substantive data.)

Remember the real question

On the other hand, it's never very useful just to write that "XYZ Corp. did a bad thing." What are the rest of us supposed to do with that? The useful thing is to write information that we can take back to improve our own work. And that brings us back to the original question: Does Quality have anything to say about how an organization manages its people and resources internally?

Last week I took the wrong approach, by checking what ISO 9000:2015 says in the Quality Management Principles. Oh, the information in there is sound enough! But it's all just recommendations, and it's mostly stuff we've heard before. So it's easy to imagine someone in an organization's management saying: 

Look, I believe in providing Quality to our customers. But when it comes to all that talk about "internal transparency" and "treating your employees with respect," I just don't have the time. I want to Ship Product and Make Money; and all that touchy-feely stuff about employee relations and being a Nice Guy—that's all a luxury. Get to work and get your job done. End of story!

Is he wrong?

Getting to work is fine, but he's wrong to call human relations a luxury. But ISO 9000 isn't the best place to see it. Let's back up and remember what Quality is about.

The Quality perspective

Quality means getting what you want, but there are a lot of ways to do that. Critically, Quality is not built in the abstract from a set of axioms or natural laws: there's no set of rules that unfailingly give you Quality. If anything, Quality is more like a giant Lessons Learned exercise, where we cobble together useful techniques by analyzing one failure after another and figuring out what it takes to make sure those failures never happen again. But since there are many different kinds of failures, there are many different Quality techniques—so many that it can be hard to summarize them all.

Still, there are general points that they all have in common. One of them is that if you want some assembly (like a tractor or a stamping machine) to continue to work well, you have to understand the components that go into it and how they are assembled. What kinds of failures are normal for these components? Does this material rust or corrode? Does that material bend or warp? Do these gears need regular cleaning and oiling, or is it better to leave them alone? All of these are normal questions that any Quality Technician responsible for a large machine would consider on a daily basis.

And here is the critical point. The organization itself is a kind of large machine, and its components are human beings! Quality requires that we understand the failure modes of our machines, to prevent breakdowns. Therefore Quality also requires that we understand the failure modes of our fellow human beings, to prevent organizational dysfunction. 

Failure modes

What do we know about human beings, that relates to their possible failure modes in organizations? We know a lot, and there's no way I can summarize it all in a single blog post. But let me list a few facts that I hope we can agree on.

• People are capable of free will.
• People are capable of independent judgement.
• People are capable of rational thought.
• People work together naturally in groups.
• People want to feel respected, and are sensitive to slights. (See research on disrespect, e.g. here.)
• People are, on the whole, more fearful of loss than covetous of gain. (See, e.g., the research on Loss aversion.)

Already, even these six points entail consequences for the management of any organization.

• Because people have free will, they must (at some level) want to be part of an organization, or they will simply walk away. (I discuss this point in more detail in this post back in the spring.)
• Because people have independent judgement, they choose whether to stay with your organization based on their own criteria, and not yours. In fact, different members of the organization might have different criteria from each other.
• Because people are capable of rational thought, you can give them reasons to stay with your organization and expect them to listen. But the reasons you give them should make sense. Also, because people can see with their own eyes, the reasons you give them should match what they can see for themselves—i.e., the reasons should be true. If you give your people reasons that are visibly false, the risk is that they will stop believing you even if you later tell the truth. Also, as I have discussed before, the easiest way to make people think that something is the case is to make sure it really is the case.
• 
  Because people work together naturally in groups—Aristotle called us "πολιτικὰ ζῷα" or "political animals" [Politics 1.1253a]—your people probably want to work for you, by default. And people regularly accept some kind of authority over their work, without chafing at it. But they will not accept just whatever authority you feel like exercising. While a willingness to work together is natural, so is the deep-seated expectation of justice. It is true that people sometimes disagree around the edges about what constitutes justice. But nobody who has a choice will remain part of a community without it.
• Because people are sensitive to loss, be careful before you take things away from them. Of course sometimes you have no choice. Sometimes there are good reasons. But in that case, it is important to counter-balance the loss by giving them something else in exchange. At the very least, you have to explain what you are doing and why. This shows them respect (and people want respect); it also offers them the truth (and people want the truth).

Notice what this means. I have not said one word about Being a Nice Guy. But a small collection of known facts about human behavior (and human failure modes) has already shown us that—if we want to prevent the organizational machine from breaking down—management has got to offer the rank and file respect, truth, transparency, and justice.

This isn't soft-heartedness or soft-headedness. This is just preventive maintenance. And preventive maintenance is one of the fundamental Quality disciplines.

If you are interested, I can use next week's post to review how ASQ has handled its current controversy, in light of these points. Let me know what you think.