sigmaThis is a reading list for anyone wanting to learn about technological risk. Any such list will necessarily be a work in progress and I will continue to add to it. Please email us at booklist@sigma-engineering.co.uk with your comments and suggestions.
The completed book list will be arranged under these headings. Apologies for the sections as yet incomplete.
Risk by John Adams: This is a very good primer on risk. It does not treat risk as a single concept but distinguishes between the sorts of risks that we manage in every day life and the risks that can only be grasped with the help of science. Adams stresses that humans indulge in risky behaviour because there are positive benefits for them. Most of us are willing to accept an increased risk of a motor accident to get home early. Adams analyses some of the complex systems of feedback networks that exist in society and our practical strategies for achieving a balance. Adams shows how the balance that we strike depends on our dominant cultural traits. Adams goes on to investigate some recent media debates, including BSE, within the framework that he proposes. This book is required reading for anyone planning to go on to make a more detailed study of risk analysis, especially through quantitative methods.
To buy Risk from amazon.co.uk click here
The Challenger Launch Decision by Diane Vaughan: Vaughan presents a detailed narrative of the decision to launch the space shuttle Challenger, giving a lucid account of all the technical, engineering and political issues. The story draws heavily on the words of those actually involved and on original documents. Vaughan dispels many myths that have grown up around the disaster and challenges the common view that NASA managers were amoral calculators, sacrificing the crew through expediency and negligence. Instead Vaughan unpacks the complex interplay of engineering issues, politically-driven production pressures and organisational learning. Vaughan exposes how engineering decisions are necessarily made on the basis of ambiguous and uncertain scientific knowledge. NASA engineers lacked the sort of management system that would have confronted the gradual erosion of the premises upon which shuttle safety was based. As an engineer who once worked in railway safety, the eve of launch conference reminded me of many late-night meetings before railway openings. I feel that I was fortunate always to be part of a team that never fell into approving a disaster.
To buy The Challenger Launch Decision from amazon.co.uk click here
Normal Accidents by Charles Perrow: Perrow, like Vaughan, comes from a background in sociology. This study of a wide variety of accidents, from Three Mile Island to the Grand Teton dam and the Bhopal disaster introduces a cautionary note about just how difficult it is to predict the behaviour of many sophisticated technologies. Perrow argues that complex systems typically manifest emergent behaviours that were unanticipated at the design stage and that, therefore conventional methods of risk analysis are prone to hopeless errors. Perrow defines a normal accident or system accident: The odd term normal accident is meant to signal that, given the system characteristics, multiple and unexpected interactions of failures are inevitable. In Perrow's model, the two characteristic features of a normal accident are:
To buy Normal Accidents from amazon.co.uk click here
To learn more about the concept of normal accidents, read Anthony Cutler's paper Normal Accidents: A Statistical Interpretation
Design Paradigms by Henry Petroski: Petroski is an engineer by training and brings an engineer's eye to studying failure. Petroski demonstrates how failure occurs when design principles that have been successful within a limited scope are extended into new and unfamiliar contexts. Petroski uses some examples from ancient history and the early development of modern science and then a brief history of bridge failures to illustrate his point. Petroski is confident that system failures will continue to occur in the future as new design principles and technologies are exploited then, based on an over-confident extrapolation of the experience base, extended beyond their valid domain. Petroski pertinently observes that no principle is ever established beyond question, no many how many successful designs have been founded upon it.
To buy Design Paradigms from amazon.co.uk click here
R101: The Airship Disaster, 1930 by Tim Coates: Between the world wars of the 20th century, the airship was already recognised to be technically inferior to heavier-than-air airplanes. The indistry in Britain realised that it could only continue to complete my making a step-change in performance. The investment necessary for such innovation and such an uncertain future was beyond the prudence of the capital markets and the British airship industry lobbied the government to fund the development. State aid imposed production pressures and political spin led a showcase maiden voyage to be programmed without suffiecient time for engineers to eliminate all sources of warranted doubt in the design assumptions. As a result, the R101 crashed into a hillside in France just seven and a half hours into its maiden voyage to India. All but 6 of the 54 crew and passengers, who included several high-ranking British officials, perished. This book is the text of the official British government enquiry. Another tale of the interaction between jumps in technology, production pressures and political spin.
To buy R101: The Airship Disaster from amazon.co.uk click here
Red for Danger by LTC Rolt and Jack Simmons: Railways were one of the first industries that exposed the public at large to new technologies over whose operation they had no control. Such technologies offered great benefits in mobility but also raised new risks. As such, the history of railway signalling illustrates much of the development of safety engineering. This book looks at British railway accidents down to the 1960s and shows how railway-signalling engineers developed systems that recognised the fallibility of ordinary people and that robusness against normal carelessness was the key to passenger safety.
To buy Red for Danger from amazon.co.uk click here
Human Error by James Reason: This is an excellent overview of the modern academic theory of human error from the viewpoint of psychology and cognitive science. Reason reviews some of the scientific views about how humans handle and process knowledge and then describes in details various human failure modes, relating them to the cognitive models. One chapter in particular looks at human performance in error detection. A later chapter looks at some of the disasters analysed elsewhere in the literature (Challenger, Chernobyl) and relates the root cause of their respective disasters to his taxonomy of failure modes and to our cognitive processes. As such it provides an excellend background to the books by Vaughan, Perrow and Petroski. Unfortunately, the final chapter (Assessing and Reducing the Human Error Risk) is disappointing and offers little that would be very powerful in system design. Some of the ideas in the book, it seems to me, would have had a clearer expression in terms of chance- and special-causes of variation.
To buy Human Error from amazon.co.uk click here
Judgement under Uncertainty edited by Daniel Kahnman et al.: This is a collection of original papers by various authors that provides much of the detailed academic work that Reason summarises. There is much that is revealing and useful. The book particularly shows how humans are hypnotised by the way a problem is presented and seldom make balanced use of background information, either disregarding it or investing it with too great an importance. The editors themselves are perhaps too hypnotised by probabilistic approaches to risk but a careful reading of this book will help to explain why probabilistic risk analysis can only ever be part of balanced risk assessment and management.
To buy Judgement under Uncertainty from amazon.co.uk click here
Statistics and the Law edited by M H DeGroot et al.: This collection of papers serves as a further warning about what happens when probability and statistics are invoked in a naive way in order to attempt to resolve disputes or evaluate evidence. The case of Reynolds v. CSN has become quite notorious in the statistical literature. In this case, Canadian Reynolds Metals Company sued a trade union representing a group of its striking employees, claiming that their industrial action had led to the neglect and consequential early failure of several hundred aluminium-reduction cells. Some fine statistical analysis was needed demonstrate that the neglected cells has shorter lives than conventionally maintained cells and the case does not cast the statistical profession in a good light. Anyone interested in some of the subsequent debate about that case should consult some of the further discussion in:
To buy Statistics and the Law from amazon.co.uk click here
Understanding Statistical Process Control by D J Wheeler: If you haven't read and mastered this book then I really wouldn't want you doing any risk management on a system that I needed to depend on. This is just about the only book that explicitly explains how to manage prediction of the future. Wheeler clearly explains the difference between chance- and special-cause variation and the implications for classical statistics and for prediction and risk management. Prediction and managment can only be achieved through the use of the correct statistical methods, control charts also known as process-behaviour charts. This book challenges much of what is currently encouraged in probabilistic risk-analysis and emphasises the tendency of systems to manifest emergent and unanticipated behaviours. Continual monitoring and improvement is demanded. This book is accessible and Wheeler writes with wit and insight. This book really is compulsory reading.
To buy Understanding Statistical Process Control from SPC Press click here. Please let them know that you arrived via the sigma-engineering website.
On probability as a basis for action, by W Edwards Deming The American Statistician 29, pp146-152, 1975. This is Deming's classic statement of his philosophical thinking about prediction and the implications for statistics. It's not an easy read. You have to judge for yourself whether he's saying that probability is or is not a basis for action.
To learn more about the implications of Deming's insights for risk analysis, assessment and mangement, read Anthony Cutler's paper Deming's Insights Applied to Probabilistic Risk Analysis
Practical Methods for Reliability Data Analysis by J I Ansell and M J Phillips: This book should be read with enormous caution. This is a classical statistics book and ignores the fact that risk managers seek to make inferences about a future population of concern from an historical sampling frame. It discusses only sampling errors that are a minor source of uncertainty in such a prediction. Having said that, there is some stuff in here that will be of some use to the intelligent, mature, critical and informed reader. Again, you need to have mastered Understanding Statistical Process Control before you are allowed anywhere near this.
To buy Practical Methods for Reliability Data Analysis from amazon.co.uk click here
This page last updated 19th November 2000
copyright ©2000 by A N Cutler