In praise of roundabouts

The first time I ever noticed roundabouts, I was on vacation in the UK. This was many years ago, but they seemed to be everywhere. At first I thought it was just one more peculiar feature of local transportation, along with narrow roads, streets that changed their name with each new block, and driving on the left. In fact, I didn't realize how much they improved the flow of traffic until I found myself immobilized in a column of cars for what seemed a very long time, only to realize we were all stopped for a traffic light.

That afternoon I saw why roundabouts were so common in the UK, and I began to wonder why they aren't just as common everywhere else. Of course rebuilding an existing intersection is time-consuming and expensive. But the statistics comparing roundabouts to traditional intersections are remarkable.

• The Federal Highway Administration estimates that replacing a traditional intersection with a roundabout reduces the number of fatal and injury crashes by about 80%. (That's 82% for a two-way stop-controlled intersection, and 78% for a signal-controlled intersection.)*
• When collisions do occur, they are generally side-to-side collisions from merging or changing lanes, rather than head-on or right-angle collisions. On the whole, side-to-side collisions are less damaging and less often lethal than the other kind.
• Not only are they safer for cars, but roundabouts have 10-40% fewer pedestrian or bicycle crashes than traditional intersections.
• Since cars typically don't have to wait as long at roundabouts as at traditional intersections, they contribute to reducing air pollution from idling engines.    

And all these benefits stem from one root cause: Roundabouts are far simpler than traditional intersections. In this context, simplicity is measured by counting "conflict points." These are points in the intersection where a collision can be foreseen. A traditional intersection of two roads, each supporting two-way traffic and crossing at right angles, has 32 conflict points. If those same two roads meet in a roundabout, the number of conflict points drops to eight. No wonder the roundabout is safer!

Why am I writing about traffic this week? There's no special reason, except that it illustrates in a dramatic way another important Quality principle: when other things are equal, simplicity is better than complexity. In other words, if you have two solutions to a problem and they both solve it equally well, choose the simpler one. The complex tool has more parts; the complex procedure has more steps; the complex intersection has more conflict points. In all events, this means that the complex solution has more ways to go wrong: more parts that can break, more steps that can be mis-executed, more collisions that can happen. From the perspective of risk management, the complex solution is always—again, other things being equal—more fragile and more at risk of failure.

Years ago, a colleague at work was telling me about the cup holders in his cars. He owned two cars, and the cup holders were very different. One car had a sleek and elegant design. The cup holder was tucked discreetly out of sight until you pushed a button; then a little motor gently unfolded it for you. But at the time we talked, a tiny part had broken in the motor, so it had stopped working. He had contacted the dealership, but it would be several weeks before they could get the piece in stock.

The other car wasn't nearly so elegant. But it had a piece of plastic in arm's reach, molded to hold a cup. The overall look wasn't nearly as sleek and beautiful as the first car, but there was nothing that could break. From the perspective of customer satisfaction, the simpler solution clearly had the higher Quality. And it's often like that.

__________

* You can find more detailed numbers, for example, here.    

Quality in the checkout line

Writing this column once a week, I find myself looking for Quality aspects in many of the things I do each day. From one perspective, this makes sense: I have argued, after all, that Quality isn't really a set of rules or procedures (though it uses both those things), but rather is an awareness of what it takes here and now to do this task correctly. If that's the case, then Quality might just be applicable to anything you do.

Anything? Pretty close. 

The other evening I went out to get groceries. Everything was fine until I got home, when I found that they had failed to scan a dozen eggs and a package of butter. In effect, they undercharged me by $9.98. It was too late to go back that night, but I went back the next morning to tell them about the mistake and to make up the difference. They thanked me for letting them know, and said they would update their inventory; other than that, they sent me on my way. "Call it our gift to you." 

What does this story have to do with Quality? I see two principles that it is important to remember.

Don't disrupt a working process

Why did the mistake happen in the first place? The checker was in the middle of scanning my groceries when a second checker came up and offered to help. I think the second checker moved things in the cart; then the first checker concluded that if the eggs and butter were here instead of there, they must have already been scanned. It's a simple mistake to make, but the point is important: if somebody is in the middle of a procedure and it's working for them, don't interrupt without making very sure of what you are doing. It's easy to throw them off their count, or mix up their stacks, and then the procedure might be ruined. 

Of course if you are using formal, written procedures and interacting with machines that require fixed inputs, it's harder to get mixed up that way. But often you aren't, especially in small or medium-sized enterprises, or in service functions (as distinct from manufacturing). 

Keep corrective actions proportional to the problem

When I went back the next day, the store thanked me for my report but didn't take my money. Of course I appreciated their kindness, but they aren't in business to be kind. How can they afford this?

The answer is that it doesn't happen often, so they had no procedure or mechanism to make the correction. What's more, any method they tried to improvise to allow them to take my money would have cost them more than $9.98 to implement. It was—quite literally—not worth it to them to correct this particular shortfall.

Sometimes that happens, and it's good to recognize when it does. Focus your work where it matters.

So yes, there are Quality aspects even to a simple mistake in the checkout line. The awareness of the task—including awareness of what might go wrong, how to avoid it, and when not to bother—is always the most important part.  

    

Hierarchy of hazard controls

When I find that I've interrupted myself—twice in a row!—to make a disclaimer that's no part of the main post, maybe I need to pay attention. Maybe it's time for me to discuss the topic on its own, to get it settled, rather than pushing it off into footnotes.  

My last two posts—last week and three weeks ago—were about how to use written procedures. In both articles, I explained that written procedures should be regularly enhanced with the lessons learned from mistakes or disasters, so that the organization learns from those mistakes and doesn't repeat them. And both times I had to include a little caveat, to the effect that updating procedures is often not the best way to prevent safety problems.

Why did I bother to say this—especially twice? Also, what is the best way to prevent safety problems?

For the first question: I bothered to say it because updating procedures is probably the easiest way to address safety problems. Typically it costs less than any other approach, and it usually takes less time. But it is also one of the least effective ways to address safety problems, because people forget what they read, or decide to ignore it, or never get around to reading it in the first place.

For the second question, ... well, it depends. Classically there are five options, but they aren't always available in every case. So you have to see what you can do in each specific situation.

By Original version: NIOSHVector version: Michael Pittman
https://commons.wikimedia.org/w/index.php?curid=90190143

Elimination 

The most effective way to control a hazard is to eliminate it completely, but this isn't always possible. If your workplace has extension cords stretched across walking areas, those constitute a trip hazard. Get rid of the extension cords, perhaps by installing power outlets where you need them or by rearranging your workstations, and you have eliminated the trip hazard. If some work is being done high above the ground, there is a falling hazard. If you can relocate the work to ground level, you have eliminated the falling hazard. Again, this is the most effective approach—the hazard is gone, after all!—but sometimes it is not practical.

Substitution

The next-most-effective approach is to substitute something less dangerous for the original hazard. A common use-case for substitution involves the use of hazardous chemicals, because sometimes there is a less-hazardous chemical that will do the same job. Some operations have replaced the solvent benzene, a carcinogen, with toluene; others have replaced lead-based solder with lead-free solder. These substitutions generally cannot be done overnight: lead-free solder melts at a different temperature than the lead-based original, so converting a printed circuit board to lead-free solder requires sourcing new components and re-laying out the board. Still, it can be done. 

Engineering controls

Engineering controls do not remove the hazard, but isolate it. The easiest example is a guard rail or shielded enclosure to keep fingers out of machinery, or a ventilation hood to shield people from breathing noxious gases. Lockout-tagout mechanisms serve a similar purpose by ensuring that a machine cannot be serviced until it has been powered off and disconnected. In all these cases the hazard still exists, so if someone went out of his way to override the engineering controls there is a theoretical chance he could be injured. But he would have to go out of his way. In normal operation, engineering controls should keep people from getting hurt.  

Administrative controls

This is where we talk about updating your procedures! Administrative controls are all the measures that rely on telling people not to do things that can hurt them: they include written procedures, but also training, signs, and warning labels. Other administrative controls could include job rotation or work schedules, to reduce the exposure of each individual worker to a certain hazard; preventive maintenance programs, so that the equipment functions properly; scheduling certain tasks during off-peak hours, when fewer workers are present; or restricting access to hazardous areas. All of these measures are important, and they certainly have a place alongside more effective measures. It may also happen, because of special circumstances at your workplace, that sometimes these are the best you can do. But they all rely on human compliance. And as we have seen, human compliance is not always reliable. That's why administrative controls rank so low on the effectiveness scale.

Personal protective equipment (PPE)

Finally, sometimes you just have to walk in and grab the hazard in both hands. After analyzing it every possible way, you find that you can't eliminate the hazard and can't substitute it; and because the work requires direct human action at that point, engineering and administrative controls are beside the point (because both of those are designed to keep you away from the hazard). Fair enough. Do what you have to do. But at least wear gloves. Or a breathing filter. Or a hazmat suit. Or whatever the right PPE is for this particular hazard. PPE is rated as the least effective form of hazard abatement, because the only time you use it is when you are getting up close and personal with the hazard itself. But sometimes that's what you've got to do, and PPE is just what you need.

Once upon a time, years ago, I was talking to the management team for a mine. (They were mining diatomaceous earth, not coal or gold, but I bet the principles are the same.) I asked them if their employees tended to suffer from emphysema, or other lung ailments. They said that back before the 1950's, yes, that was a big problem. But in the 1950's someone invented a breathing filter which screened out the tiny particles of diatomaceous earth and other rock products, and after that they'd never had any trouble. I asked about enforcement, and they said: 

"Oh, that's easy. We painted a white stripe across the road into the mine. Then we announced that anybody who was found on the other side of the stripe without his breathing filter in place and working would be fired. On the spot. No questions asked. No excuses. No matter who.

"And you know? We haven't had a single problem since then."* 

PPE may be ranked as "least effective" but sometimes it's exactly what you need.

Anyway, that's the hierarchy of hazard controls. That's what's behind the little disclaimers in my last two articles. I hope it helps.

__________

* Technically this means they used PPE, reinforced by administrative controls (the white stripe).

       

Chesterton's fence

For the last couple of weeks (well, with one brief exception) we've been talking about written procedures: how they help avoid failure, and how to use them to capture the right lessons in case failure comes anyway. Specifically, I argued two weeks ago that when something goes badly wrong with one of your processes, it's good to analyze the failure to find a root cause; then, if the root cause was that someone acted a certain way, update your procedure so that he won't do the same thing next time.*   

But wait—what if you inherit a procedure, instead of writing it yourself? I spent a lot of my career working for small companies acquired by large ones, so that's the case I have in mind. The Home Office says to follow a procedure, but that procedure calls out forms you've never seen, and involves roles you've never heard of. 

Let's make this concrete. The Whizzbang Project is running late, but finally they think they can start testing. The team has met for a review. You have the official Test Readiness questionnaire from headquarters. The first few questions are easy. Then suddenly you read:

Question 17. Has the Whitzinframmer Report been duly refrangulated by the Junior Executive Pooh-Bah?

What are you supposed to do with that? Your office doesn't use that report. In fact you've never seen one. And the nearest person executing that role is across the ocean. Everyone in the meeting is staring at you. Now what?

The temptation is enormous just to skip it. But after all the discussion two weeks and three weeks ago about "procedures written in blood," you know that's not the best answer. On the other hand, you can't answer it as-written. What you need to find out is, What risk was this question written in order to avoid?

The key is that there aren't that many different ways to manage a project, or to fly a plane. Project managers around the world face exactly the same risks, and mostly use the same pool of solutions. Pilots around the world face the same laws of physics to keep their airplanes aloft. I guarantee that if modern project managers and civil engineers could sit down with the people who built the Pyramids, they'd be fast friends before they ran out of beer.**

So when you call somebody at the Home Office to ask about the Whitzinframmer Report,*** you don't need to reproduce every single field. But make sure you understand its purpose. Once you get past the window-dressing, it's sure to be a tool they use in the Home Office to handle some very normal project management risk. Getting that report "duly refrangulated" is how they check that you have enough budget for the next phase of the project ... or maybe it verifies that the test equipment is all working correctly, or something like that. In all events it will be something very normal. Then instead of asking the question literally, as written, ask whether the risk has been addressed. 

This means you say, "Question 17. Do we know if all our test equipment works?"

As a quick aside, I am not a pilot. If you are flying an unfamiliar plane, and if you find that you don't understand some of the instructions in the flight manual, I do not advise you to substitute free interpretations instead. The laws of physics are unforgiving. Also, it is a consistent theme in this blog that your level of effort should be proportional to the risk you face, and flying an unfamiliar plane involves a lot of risk. So it is worth the effort to know what you are doing.

But in more forgiving environments, there is more latitude to apply procedures in ways that make them useful. And the key is always to understand that the procedure itself is a tool for minimizing risk. So if you find that the procedure cannot be implemented as written, make sure you understand the risk that has to be managed. If you can neutralize the risk, that's ultimately the goal you are trying to achieve anyway.   

By the way, the approach that I recommend here is a special case of a principle called Chesterton's fence. Briefly, the idea is that if you find someone has put up a fence in an unlikely place, and you can't for the life of you think why, don't tear it down! They must have had a reason. It might have been a bad reason, or the reason might no longer apply. But until you know what the reason was, you had better leave the fence in place. "Written in blood" is a more dramatic way to say it, but the idea is the same.****

__________

* The current article is mostly about procedures and not safety, but note that procedural controls are not always the best way to address safety problems. I'll talk about this more next week. 

** The ancient Egyptians did brew beer, and each worker on the Pyramids got a daily ration of four to five liters, for both nutrition and refreshment. See Wikipedia, "History of beer" for more information. 

*** You should do this before the meeting!  

**** The full description of this principle comes from the author G. K. Chesterton, and is much more colorful: "In the matter of reforming things, as distinct from deforming them, there is one plain and simple principle; a principle which will probably be called a paradox. There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, 'I don’t see the use of this; let us clear it away.' To which the more intelligent type of reformer will do well to answer: 'Tf you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.'" From G. K. Chesterton, The Thing (London: Sheed & Ward, 1946), p. 29.         

      

Podcast with Quality Magazine!

We've been talking lately about how formal processes can avoid catastrophic mistakes and I've got more to say on the subject. But this is a timely interruption. 

A while ago, I sat down with Michelle Bangert of Quality Magazine, when they published my article about the Seven Quality Management Principles. Originally, we were just going to talk about the article itself, and maybe to recap it for people who prefer podcasts to blog posts. But the conversation unwound itself according to its own internal rules, the way any good conversation does. After forty minutes we had discussed at least a dozen topics; in some ways it felt like we had been talking all day, and in other ways it felt like we were just beginning to scratch the surface. Among other things, our conversation touched on topics like the following:

• How I came to write the article on the Seven Quality Management Principles.
• When to expect the upcoming changes to ISO 9000 and ISO 9001.
• How blogging is different from kvetching.
• How to use blogging as a branding tool.
• Why I am delighted when people argue with things I've written. 
• (As a bonus, I describe two different times I've had to retract something I'd written because feedback from readers showed me I was wrong: I mean here and here.)
• How lessons from parenting also apply to Quality.
• How my career in Quality started, and why you shouldn't imitate me.
• Career highlights and stories for audit nerds.
• Comparing Stuttgart with Santa Barbara as wine countries.
• The hidden message of German architecture.
• Why do I anonymize my stories, and when do I not?
• Where is the other column that I write, and what is it about?
• What is the difference between rules in young/small organizations, and rules in old/large ones?

Anyway, two days ago the podcast was published. You can find it here. (Here is an alternate link.)

So take a listen, and let me know what you think. 

• If you think I'm wrong about anything (or everything!), please let me know: like I say above, I'm always thrilled when someone argues with me.
• And if you like it, contact Michelle Bangert at Quality Magazine to ask her to have me on again! 😀

    

Procedures written in blood

Last week I wrote about the Challenger disaster, and about how to avoid the "normalization of deviance" that made it possible. One of the critical topics was to stick to the defined procedures, and I quoted the Air Force maxim that "The flight manual is written in blood." In other words, many of the flight regulations were created only after someone did something else one day, ... and then crashed.

Stories like these are a gruesome way to make the point, but wrapped inside this advice is an important principle on how to write and manage formal procedures:

• If something goes wrong—and especially if somebody gets hurt—analyze the accident to find the root cause. 
• Then if the root cause is something that could have been avoided if only the agent or operator had acted differently, update the written procedure to require future operators to do the safe thing. 

Way back in the first year of this blog, I wrote a post about how to write procedure documents which alluded to this issue but didn't go into details. What I said at the time was just, "If something is a safety guideline, spell it out." What I neglected to say was that often you learn the relevant safety guidelines by studying accidents and figuring out how to avoid them next time.

What is more, this advice isn't limited to safety risks. Any time you see a predictable failure mode that can be avoided by taking preventive action ahead of time, you should consider writing it into your procedures. Do you remember back when I wrote that all of Quality is built on the practice of Lessons Learned analysis? This is what I meant.

Don't go crazy, of course. Sometimes the risk is negligible, and it would take a lot of work to prevent it; in a case like that, maybe it's better to accept the risk and get on with things. But when the risk is substantial or even lethal, updating your procedures is a small price to pay for prevention.

I once worked in an office where we developed a checklist like this very organically. We were a small office that had recently been acquired by a much larger company, and the larger company had insisted we implement stage gate questionnaires to monitor and control our product development process. (I explain project stage gates in this post and this one.) But our administrative and IT landscapes were different from those in the home office, so we used some forms they didn't have, and vice versa. To account for our local forms, I created a local questionnaire with three or four questions on it.

To my surprise, the local questionnaire caught on. One of our projects did something ill-advised that set them months behind and wasted a bunch of money; we called a Lessons Learned meeting to figure out what went wrong. One of the outputs was that the Project Manager had failed to check for this-or-that condition at an early stage of the project. The PM's answer was, "How was I supposed to know we needed that?" And right away another team member said, "It's crazy that we forgot to check for that! Michael, can you put that on your checklist—that the Project Manager has to check for this point at that stage-gate review?"

Sure, I could do that. And over the years, the checklist grew.        

To be clear, updating procedures isn't the only way to prevent accidents. Depending on the risk, sometimes it's not the most effective. If you need to keep people from sticking their fingers into a dangerous machine while it's running, you'll have more success by installing a guard rail or a plastic shield than by writing a procedure that says "Don't stick your fingers in the machine."

But for other operations—flying an airplane, say, or managing a project—we depend on human action. And in those cases, regularly updated procedures are invaluable as a way to learn from the mistakes of the past. As one humorist wrote, "It's a wise man who profits by his own experience, but it's a good deal wiser one who lets the rattlesnake bite the other fellow."

      

Normalization of deviance

A year and a half ago, I wrote about disasters—and about how hard it can be to see them coming. I made the point that when we analyze a disaster retrospectively, we are likely to be led astray because we know how it's all going to turn out. Because of Hindsight Bias, in particular, we think it should have been obvious to everyone that a disaster was imminent, when in reality it might not have been clear at all. It is important to remember this bias when we try to understand a disaster, so we can look at events with the eyes of those who participated in them, to derive working lessons for the future.

But not all disasters are like this. Sometimes the risk of a disaster really is obvious to the people involved at the time, according to data they already have—they see the data, they understand the risk, and then somebody decides just to go ahead and do it anyway.

The Challenger disaster

"On January 28, 1986, Space Shuttle Challenger broke apart 73 seconds into its flight, killing all seven crew members aboard. The spacecraft disintegrated 46,000 feet (14 km) above the Atlantic Ocean, off the coast of Cape Canaveral, Florida, at 16:39:13 UTC (11:39:13 a.m. EST, local time at the launch site). It was the first fatal accident involving an American spacecraft while in flight."*

What happened? It was a cold day, and the rubber O-rings which sealed a joint in the right Space Shuttle Solid Rocket Booster were stiff. So they didn't seal the joint adequately. Shortly after liftoff, gases from within the rocket booster leaked out and started to burn through the larger structure. Now, the space shuttle and all its launch framework were made out of steel—of course. But the rocket boosters burned at 5600℉; and at that temperature, steel boils!** (Not melts—boils.) So naturally the whole assembly burst apart.

But how much of this could we have predicted ahead of time? It turns out the answer is, All of it. Recently I ran across a lecture on YouTube that breaks it down.*** (This lecture is saved in four parts, of which the first two discuss the Challenger disaster from a Quality perspective. The other two parts give valuable advice for managing your career and your life, but I won't focus on them here. You can scroll to the bottom of this post to find links to the lecture itself.)

In summary, the speaker (Mike Mullane) explains the sequence of events. 

• During the initial design reviews, the O-rings were designated at "Criticality 1," meaning that a failure could entail the destruction of the vehicle and the loss of life. "Criticality 1" also meant that any damage to the O-rings constituted adequate cause to abort the mission and redesign the shuttle. 
• Sure enough, after the shuttle's second flight (years before Challenger), the team recovered the parts and detected damage on the O-rings. 
• But for this and that reason the team decided to go ahead with a third launch, and the third flight was fine.
• In future flights, sometimes the O-rings were damaged and sometimes they weren't.
• After-action reports regularly called out the risk posed by damage to the O-rings. Multiple memos, over a period of two years or more, described the O-ring issue as "urgent." 
• But each flight was successful. So the project got the idea that the O-ring problem wasn't that big a deal. Every time the issue was raised, it was granted a standing waiver.
• Until, of course, one day it was a big deal after all ....  

What is the normalization of deviance?

Mullane explains that the "normalization of deviance" stems from nothing more than the natural human tendency to take shortcuts under pressure. We know what the "right" way to do a job is, and when we are relaxed we are happy to follow it. But then time runs short, or money runs short, or something else happens—it could be anything, really—and we get under pressure. So we take a shortcut, to make the job easier.

And most of the time, after we take that shortcut ... nothing happens! The job gets finished with no problem. So the next time we are under pressure, we remember that shortcut and do it again. And then again. Pretty soon, the "shortcut" has become the normal way of working. The "deviance" (a deviation from the defined and approved method) has become "normalized."

We've seen this before. Last year, when I was writing about Boeing, I explained how their cost-cutting drive led them to gut what used to be a robust safety management system. One of the factors at work was exactly this dynamic. I wrote:

They [Boeing management] found, empirically, that they could eliminate one Quality inspection, save a few dollars, and no planes fell out of the sky. OK, good. How about eliminating two inspections? Three? Four? Where do we stop? You can see how, in the absence of visible negative feedback (like an increased accident rate), this could get out of hand quickly.

That's what happened with Challenger. Word for word.

How do you protect against it?

Fine, how do we avoid this?

The short answer is almost too simple: Don't do that! But that sounds obvious, and yet this dynamic continues to afflict people every single day. So really, what do we do?

Mullane lists four points that he thinks are critical:

1. Recognize your vulnerability: Everybody thinks, It won't happen to me. I know all about this problem, so that makes me immune. I watched a video on YouTube. I read a blog post in Pragmatic Quality. I know better than to fall into this trap. Nice try. But the other people, those ones who did fall into this trap? They were plenty smart too. All of them "knew better." But when they felt pressured, their brains reacted automatically. It can happen to you too, exactly the same way. So watch for it.
2. Execute to meet standards: This is the core of it. Plan the work, and then work the plan. Mullane explains the Air Force has a saying, "The flight manual is written in blood." In other words, every instruction in the flight manual was put there because one day somebody did something different and it turned out badly. Don't let the next one be you. If the manual says, "Abort the mission when the red light flashes," and then the red light flashes, ... abort the mission. Simple as that. 
3. Trust your instincts: Mullane makes a big point of saying that we often know more than we understand consciously, and that our instincts are there to keep us alive. So if something just feels ... off, somehow ... wrong, but you can't put your finger on quite why ... trust that feeling. Probably the thing really is wrong, and at some level you even know why. It just hasn't percolated up into your consciousness yet, but it will.
4. Archive and review near-misses and disasters: Learn from other people's experience, so you don't have to go through the same thing. Look at the disasters—or the near-misses, where things came out fine but almost didn't—that your own team has experienced. But then try to find out about other teams as well. Look for the big disasters (or near-misses) in your industry, the ones that make the news. Read everything you can, and then flow down to your team what you have learned.

And then, if we do those four things, are we home free?

I'm pretty sure nobody can promise that. But if you do these things you'll be miles ahead. And you will have reduced the odds of normalizing deviance as far as you can.

If you want more details, Mullane's lecture is a good one.

Mike Mullane's lecture, part 1/4: What is normalization of deviance?

Mike Mullane's lecture, part 2/4: How do you protect against normalization of deviance?

Mike Mullane's lecture, part 3/4: Responsibility: https://www.youtube.com/watch?v=Wuk_DoX-rz8

Mike Mullane's lecture, part 4/4: Courageous self-leadership: https://www.youtube.com/watch?v=DABsxJtNcYg

__________

* Quoted from Wikipedia, "Space Shuttle Challenger disaster." I have used this article for basic information about the disaster.  

** For specifics see this flyer from Northrop-Grumman on the Five-Segment Booster, especially the "Booster facts" on page 1. 

*** The lecture was posted to YouTube about ten years ago, but I don't know when it was given. The speaker is Mike Mullane (website, Wikipedia), an engineer, weapon systems officer, retired USAF officer, and former astronaut. He was talking to the International Association of Firefighters (IAFF) about the "Normalization of deviance."      

        

Why logistics matter

If you are in the business of making and selling things—I mean physical objects, like shoes or handbags or computers or cars—what part of your organization needs Quality? We all know that we are supposed to say "All of it," but in practice where does the attention go? I spent most of my career working with design engineers, so I know there's a lot of Quality attention on design. And many of the basic Quality tools were first developed in the manufacturing environment, so clearly there's a focus on manufacturing. But after you've designed and built the product, what's left? Toss it in a box and call UPS? How hard can that be?

Not so fast.

Last week, on September 9 at about 8:45 am, the container ship Mississippi docked at Pier G of the port of Long Beach, sailing under a Portuguese flag, two weeks after departing from the Yantian port in Shenzhen, China.* Everything seemed fine until the crew started to release the straps holding the containers down. But at that point some of the containers began to slide, crashing into others like a row of dominoes and falling into the water. No injuries were reported at the time, though the next day one worker reported a sprained ankle. But sixty-seven containers fell, into the water or onto the dock.

So far, I have not been able to find any story that identifies a root cause for the failure. But it might have been something very small. I can imagine that one container wasn't aligned quite right, or that a piece of debris kept it from settling snugly into position. Then the containers stacked atop it would have been similarly out of kilter. I'm certain that the port where the ship was loaded has strict procedures to prevent misalignment of containers; but I also know that when the forces are that large—each of these containers weighs from two to four metric tons even when empty—it doesn't take much. The slightest mismatch or error can bring about catastrophic collapse.

And the consequences are out of all proportion to what must have been a small, subtle root cause.** 

• Sixty-seven containers fell into the water or on the deck. Presumably the goods inside those containers—goods bound for retail stores across America—are all ruined. 
• But the ship isn't empty. There are still plenty of other containers on-board, only many of them are now leaning at a funny angle so that they can't be offloaded with the normal equipment. 
• A 500-yard safety zone has been secured around the Mississippi by the Coast Guard, so that other ships don't collide with it, or with any of the floating containers. 
• And Pier G can't be used for any new vessels as long as the Mississippi is docked there. How long will that be? Officials say it could take weeks to finish clearing up the site. So this accident has a follow-on effect on the operation of all Long Beach Harbor.

Just for perspective, Long Beach Harbor is one of the nation's busiest. Forty percent of all shipping containers that arrive in the United States travel through either Long Beach or the immediately adjacent port of Los Angeles (in San Pedro). Disrupting its scheduled operations even partially will trigger new delays on and on, far downstream.

So yes, Quality matters just as much for your logistics as for any other part of the operation—especially now, when supply chains reach around the world. After all, the products you make won't do much good if you can't get them to your customers. And even tiny errors can cost you dearly.

YouTube has multiple videos with news of the disaster. Here's one, as an example:  

__________

* I used the following news articles as source material for this post:

• Cargo containers toppled off ship in Long Beach port | AP News
• Clean up efforts continue at Port of Long Beach after cargo containers fell into water | FOX 11 Los Angeles
• Dozens of cargo containers tumble off vessel at Port of Long Beach - Los Angeles Times
• More than 60 shipping containers fall off cargo ship into water at Port of Long Beach - ABC7 Los Angeles
• Unified Command Responds to Fallen Containers at the Port of Long Beach - Port of Long Beach

** I say the cause "must have been" small because otherwise somebody would have caught it and corrected it!

            

Quality when you have no choices

Last week I argued that Quality has a role in determining the attitude management should take towards workers in the organization; because if management doesn't offer the rank-and-file such simple considerations as respect, truth, transparency, and justice, the organizational machinery is going to break down. In that sense, I said that showing your people respect and justice are just a form of preventive maintenance.

Was I wrong?

I got a reply telling me I was wrong. Specifically, this reader argued that sometimes people are trapped and can't walk away. She reminded me that I have written before about monopoly situations (like public utilities) where competition is absent, and that in such cases customer care often takes a back seat. 

As an aside, it is clear to everyone how these two cases are the same?

Under a monopoly, one party (the seller) provides a good, often a necessity (like gas, electricity, or water). So long as he continues to provide it, he can charge more or less whatever price he wants and can offer more or less whatever level of service he chooses. People who need the good in question will continue to buy from him because there are no alternatives.

By the same token, if membership in some organization offers benefits that some people can't do without—or if an employer hires people who can't afford to quit—those people will stick with the organization on (more or less) whatever terms the organization chooses to offer, because there are no alternatives.

The full comment introduces other examples as well, ranging from slaveholding to contracts with teaser rates. But in all cases the topology of the power relations is the same, even if the magnitudes are very different. 

Anyway my critic concluded—with respect to the discussion of ASQ's current controversies that started this whole thread—that "if there is a benefit to membership that’s (a) independent of the local programs, and (b) unavailable elsewhere, it seems to me that ASQ leadership can do whatever they darn like with your dues, and you members just have to lump it."

"We don't care. We don't have to."

It's a logical argument. We've already discussed that if the lines are too long when you go to renew your driver's license, you can't just patronize a competitor instead; so, perhaps unsurprisingly, there is usually a line. If a public utility messes up your service order, you may not have a lot of recourse short of contacting the regulatory entity that oversees them. And everyone remembers Lily Tomlin's famous line as Ernestine the telephone operator—even people who aren't old enough to remember Ernestine herself: "We don't care. We don't have to." (Ironically, she was spoofing the phone company, which is no longer a monopoly.)*

As for ASQ, whose management controversies, as I say, started this whole thread, there does seem to be a sense in some quarters that the membership are responsible to the management and not vice versa.

• On the one hand, there are regular exhortations from ASQ management encouraging the local sections to find new ways to attract and retain members.
• On the other hand, as noted in an earlier post, headquarters has cut off all the regular remittances of member dues to the local sections (notwithstanding that people are sensitive to loss).
• Nor was there discussion or consultation with the section leadership in advance of this decision (notwithstanding that people are sensitive to slights).
• Nor has there been any public discussion of these controversies inside ASQ. In fact, just last week there was an update to the Community Guidelines for the myASQ discussion forums, forbidding discussion of ASQ's Board of Directors or their decisions.** Nominally the update was to "ensure myASQ remains a welcoming, helpful space focused on our shared professional interests." But concretely that means, among other new provisions, that "Community members shall refrain from using myASQ for activities related to the ASQ Board of Directors or other Society elections, including posting discussions, blogs, and direct messages, unless explicitly authorized in writing." It is not clear to me whether ASQ hopes to keep members from finding out about the controversies, or just wants to push discussion to other locations. (There is extensive discussion on LinkedIn, for instance.) Either way, these developments have all taken place notwithstanding that people can judge independently of how you want them to.

So on the face of it, it does look like there is some point to my critic's argument.

Yes, but no

But I think "on the face of it" is the key qualifier. In general, exploitative monopolies can succeed in the short run, but they fail in the long run. Unless they offer benefits that are worth the cost, in the long run people figure out how to make other arrangements.

My critic talked about slavery. I am no expert in the economics of slaveholding, and I will leave any discussion to those who are. But if we look at a situation that was similar in some respects—I'm thinking of mandatory collective labor in the old Soviet Union—everyone knows that the private or black market economy was far more productive than the official, collective economy.*** It's true that most people couldn't run away. But they were often unmotivated. We've discussed before that the deepest source of Quality is love. For that very reason, though, if you don't care about what you are doing then your work will be no good. It will be at best transactional: Do this to get that. Pretty soon that becomes Do as little of this as you can get away with to get that. If everyone else is doing the same thing, the whole enterprise becomes a house of cards. The joke in the Soviet Union ran, "They pretend to pay us, and we pretend to work."

Think about it for a couple of minutes and you can come up with any number of other examples. It is true that sometimes the obstacle posed by this or that monopoly is very large. It may seem insuperable. But sooner or later, someone will find a way around it, if the monopoly doesn't fall apart first (like the Soviet Union) from its own internal inefficiencies. The only reason Christopher Columbus tried to reach Asia by sailing west was that the people who controlled the overland route were charging too much for spices.

What about ASQ? The society sells educational materials related to Quality, and it offers certification in the various Quality disciplines. These goods are professionally valuable to anyone in the field. In the terms posed by my critic above, they are "(a) independent of the local programs, and (b) unavailable elsewhere"—at least today. But strictly speaking you don't have to be a member to buy them. Members get a discount on classes and certifications, but non-members can buy them too. So is membership worth it? That's a personal decision, but it does give you the chance to make personal and professional connections with other members. And for some forty thousand people worldwide the answer is plainly Yes.

On the other hand, membership has been dropping. ASQ does not formally advertise membership totals, but Google estimates the following numbers overall:

• In the 1990’s: 136,000 members
• In the early 2000s: 100,000 members
• In 2010: 80,000 members
• In 2020: 52,456 members
• In 2024: 40,000+ members

Was this decline caused by the controversies over ASQ management? There is no way to know. All we can say is that it is consistent with what we might expect if members were unhappy with the direction the society's management had taken, but did not think they had the means to change it. But there could be any number of other causes as well. And, as Quality professionals, we know better than to jump to conclusions.

In the end, I stand by my argument that Quality matters in management. Yes, it is always possible for someone to mistreat his employees in the short run and still get some kind of results. But in the long run, such a system will get brittle and sluggish and fall apart. It's the same thing in the market: in the short term, a fast-talking shyster might fleece a few people out of their cash by selling them the Brooklyn Bridge, or gold-painted rocks. But it never lasts. 

__________

* Yes, this counts as "foreshadowing."

** By a remarkable coincidence, the update came shortly after I published this blog post here.

*** "Collective farmers were allowed to cultivate small plots of land and sell surplus produce in private markets. These private plots, though only about 3% of all farmland, produced a quarter of the country's agricultural output." See this article, "How Did the Soviet Economic System Affect Consumer Goods?" by Andrew Ancheta, Investopedia, September 09, 2023.     

      

The Seven Quality Management Principles (Quality Magazine)

Last week, Quality Magazine published my article, "The Seven Quality Management Principles." It's their article now so I won't post the text of it here, but you can find it by following the link. I hope you find it useful! 

Quality in management

Last week, I raised the question whether Quality has anything to say about how an organization manages its people and resources internally. To ground the discussion in a concrete example, I referenced a dispute that is currently under way inside the American Society for Quality (ASQ) about funding and budgetary priorities; but honestly I could have picked any number of other companies instead. There's nothing special about the ASQ controversy. From my point of view, really, there were only two benefits to writing about this example: first, I'm a member of ASQ so I happen to know about it (because the topic is unfolding around me in real time); and second, the critical details are already available in public so I could discuss them without violating anyone's confidentiality. (If you check last week's article, you will find footnotes with URL links for all of the substantive data.)

Remember the real question

On the other hand, it's never very useful just to write that "XYZ Corp. did a bad thing." What are the rest of us supposed to do with that? The useful thing is to write information that we can take back to improve our own work. And that brings us back to the original question: Does Quality have anything to say about how an organization manages its people and resources internally?

Last week I took the wrong approach, by checking what ISO 9000:2015 says in the Quality Management Principles. Oh, the information in there is sound enough! But it's all just recommendations, and it's mostly stuff we've heard before. So it's easy to imagine someone in an organization's management saying: 

Look, I believe in providing Quality to our customers. But when it comes to all that talk about "internal transparency" and "treating your employees with respect," I just don't have the time. I want to Ship Product and Make Money; and all that touchy-feely stuff about employee relations and being a Nice Guy—that's all a luxury. Get to work and get your job done. End of story!

Is he wrong?

Getting to work is fine, but he's wrong to call human relations a luxury. But ISO 9000 isn't the best place to see it. Let's back up and remember what Quality is about.

The Quality perspective

Quality means getting what you want, but there are a lot of ways to do that. Critically, Quality is not built in the abstract from a set of axioms or natural laws: there's no set of rules that unfailingly give you Quality. If anything, Quality is more like a giant Lessons Learned exercise, where we cobble together useful techniques by analyzing one failure after another and figuring out what it takes to make sure those failures never happen again. But since there are many different kinds of failures, there are many different Quality techniques—so many that it can be hard to summarize them all.

Still, there are general points that they all have in common. One of them is that if you want some assembly (like a tractor or a stamping machine) to continue to work well, you have to understand the components that go into it and how they are assembled. What kinds of failures are normal for these components? Does this material rust or corrode? Does that material bend or warp? Do these gears need regular cleaning and oiling, or is it better to leave them alone? All of these are normal questions that any Quality Technician responsible for a large machine would consider on a daily basis.

And here is the critical point. The organization itself is a kind of large machine, and its components are human beings! Quality requires that we understand the failure modes of our machines, to prevent breakdowns. Therefore Quality also requires that we understand the failure modes of our fellow human beings, to prevent organizational dysfunction. 

Failure modes

What do we know about human beings, that relates to their possible failure modes in organizations? We know a lot, and there's no way I can summarize it all in a single blog post. But let me list a few facts that I hope we can agree on.

• People are capable of free will.
• People are capable of independent judgement.
• People are capable of rational thought.
• People work together naturally in groups.
• People want to feel respected, and are sensitive to slights. (See research on disrespect, e.g. here.)
• People are, on the whole, more fearful of loss than covetous of gain. (See, e.g., the research on Loss aversion.)

Already, even these six points entail consequences for the management of any organization.

• Because people have free will, they must (at some level) want to be part of an organization, or they will simply walk away. (I discuss this point in more detail in this post back in the spring.)
• Because people have independent judgement, they choose whether to stay with your organization based on their own criteria, and not yours. In fact, different members of the organization might have different criteria from each other.
• Because people are capable of rational thought, you can give them reasons to stay with your organization and expect them to listen. But the reasons you give them should make sense. Also, because people can see with their own eyes, the reasons you give them should match what they can see for themselves—i.e., the reasons should be true. If you give your people reasons that are visibly false, the risk is that they will stop believing you even if you later tell the truth. Also, as I have discussed before, the easiest way to make people think that something is the case is to make sure it really is the case.
• 
  Because people work together naturally in groups—Aristotle called us "πολιτικὰ ζῷα" or "political animals" [Politics 1.1253a]—your people probably want to work for you, by default. And people regularly accept some kind of authority over their work, without chafing at it. But they will not accept just whatever authority you feel like exercising. While a willingness to work together is natural, so is the deep-seated expectation of justice. It is true that people sometimes disagree around the edges about what constitutes justice. But nobody who has a choice will remain part of a community without it.
• Because people are sensitive to loss, be careful before you take things away from them. Of course sometimes you have no choice. Sometimes there are good reasons. But in that case, it is important to counter-balance the loss by giving them something else in exchange. At the very least, you have to explain what you are doing and why. This shows them respect (and people want respect); it also offers them the truth (and people want the truth).

Notice what this means. I have not said one word about Being a Nice Guy. But a small collection of known facts about human behavior (and human failure modes) has already shown us that—if we want to prevent the organizational machine from breaking down—management has got to offer the rank and file respect, truth, transparency, and justice.

This isn't soft-heartedness or soft-headedness. This is just preventive maintenance. And preventive maintenance is one of the fundamental Quality disciplines.

If you are interested, I can use next week's post to review how ASQ has handled its current controversy, in light of these points. Let me know what you think.