Accident Investigations and Analysis

Accident Investigation

It is always helpful to have an initial knowledge of the accident which could further help for investigation. Figure 1.1 provides a schematic diagram of a chain to be followed for investigation. Although accident investigation is a complicated process, it is necessary to pay particular attention to the following principles (Haddon 1972; Harms, 2004):

• Basic assumption: An investigation should be a fact-finding activity to learn from the experience of the accident, not an exercise designed to allocate blame or liability. The emphasis in conducting investigations should be on identifying the underlying causes in a chain of events leading to an accident, the lessons to be learned, and ways to prevent and mitigate similar accidents in the future.

Initial Knowledge and accident investigation (Reproduced © ESReDA. 2009)

FIGURE 1.1 Initial Knowledge and accident investigation (Reproduced © ESReDA. 2009).

  • Protocols: Protocols should be established for conducting investigations. These protocols should identify the roles and responsibilities of the individuals involved in the investigation, specify the steps to be taken in the investigative process and establish a common terminology to be used in preparing investigation reports in order to facilitate sharing information related to investigations. Caution should be taken regarding “anonymity” (e.g. persons interviewed, victims, organizations). The decision regarding this issue has to be made at a very early stage of the investigation process, and this decision has to be communicated to the participants and the stakeholders.
  • Coordination: As there can be more than one body with the authority to investigate an accident, efforts should be made to co-ordinate the investigations to avoid duplication, improve effectiveness and help ensure access to all relevant evidence.
  • Competence: A team should be established and should consist of participants from different disciplines, with different skills, including those with knowledge of the specific installation and work practices (operators, engineers, managers) subject to the investigation. All members of the investigation team should have the appropriate knowledge, competency and experience to carry out investigations. They should comply with the professional criteria of independence and objectivity.
  • Data and evidence: Investigations should take account of the various types of information/evidence that might be available, including testimony from people (e.g. witnesses, experts) collected by face-to-face interviews or by hearings, relevant data, documentation and physical evidence. Evidence should be protected in order to facilitate the investigation process. There should be clear identification of who has responsibility for evidence and who can release evidence. Caution should be taken to ensure that all involved parties agree about the correct procedure for handling all collected material.
  • Reporting: Investigation reports should include a factual chronology of the events leading up to the accident/near-miss, a statement of the underlying causes and contributing causes, and recommendations for follow-up actions. The recommendations should be specific, so that they can lead to adaptations (expected improvements) of technology and management systems. The objective should be to seek optimum solutions under the given circumstances, recognising that it might not be possible to achieve perfect solutions.
  • Follow-up of investigations: When following up an investigation, there should be a review of the investigative process to help ensure that it has been effective, that there has been appropriate communication of its findings and to learn for future investigations. Efforts should be made to improve sharing experience related to the methodologies and approaches used in investigations of incidents.
  • Communication: All communications concerning the investigation should be as transparent as possible without compromising the investigative process.

Phases of Accident Investigation and Background Knowledge

Phase I - Data collection: Data to be collected could be objective (chronological record of events, parameters and/or values, status of systems involved, written reports), subjective (feelings about a situation, explanation about relationships with other people) or mixed, i.e. “objective phenomena” described/rationalized by a person (such as an explanation of actions, description of situations).

Every fact that seems relevant to the analyst(s) for explanation and/or understanding of the event has to be collected. Data to be collected is not only “linked” with field personnel and/or line operators in the workplace, or only related to the direct (immediate) cause of an event. This means that, in particular, history-related data and managers’ actions (e.g. decision-making) also have to be taken into account.

Phase II - Hypotheses generation: First set of data collected allows to defining assumptions concerning causes of the accident. Hypotheses can reflect several standpoints: for example, technical, human, organizational and cultural causes. Assumptions shape analysis and lead to other data to be collected so that they may be challenged. At the end of the investigation, hypotheses can be either confirmed or denied.

Phase III - Analysis: Analysis is the stage during which assumptions can be challenged. This means that they can be proven - either as relevant or as non-pertinent - thus requiring some new hypotheses to be defined (and processed in the same manner as were earlier hypotheses).

Phase IV - Findings: At the end of the analysis phase, the analyst is left with a set of proven hypotheses. They represent causes (direct and root) of the accident. Findings are a synthesis of accident explanation, i.e. they mainly deal with the causes that led to the accident. Findings also deal with phenomena that did not contribute to the accident itself but are discovered during the process of the investigation.

Phase V - Recommendations: Once these causes (technical, human, organizational, societal and cultural) have been established, corrective measures must be defined, tested, implemented and validated in operation in order to ensure that this type of accident does not recur.

Analysis of Direct and Root Causes of Accident

For a good understanding of the investigative process, several phases and steps are delineated. Such phrasing (phases and steps) might suggest a linear process, but essentially the fact-finding and analysis phases are interconnected by the iterative processing of facts, findings and analysis. Figure 1.2 is a schematic diagram that locates the analysis phase throughout the overall investigative process.

There are two major goals that drive the steps to be taken in the analysis:

• To validate WHAT happened and HOW it happened: implies an assessment of the plausibility (proving or invalidating) of hypotheses generated based upon the sequence of events, to challenge the various scenarios with available evidence, to validate the most probable scenario taken from observed consequences and traced back to its direct causes;

Analytical phase positioning during investigation (Reproduced © ESReDA, 2009)

FIGURE 1.2 Analytical phase positioning during investigation (Reproduced © ESReDA, 2009).

• To answer WHY the accident could occur: requires identifying root causes, and asking WHY it was not prevented.

The question of WHAT happened should be answered in a structured manner and carefully guided in order to achieve credible and “objective” conclusions as a basis for consensus about an evidence-based explanation of the event.

Preliminary outcomes of this process could be. A decision:

  • • To collect more factual information;
  • • To generate additional hypotheses;
  • • To render the investigation as “inconclusive” due to the lack of a satisfactory explanation.

In general, the intermediate product of this investigative phase (challenging the hypotheses generated) can be one, or more, accident scenarios in which a consensus may be reached as an acceptable explanation of the event under investigation. As soon as the most probable scenario is identified, the analysis of root causes can start, on the basis of direct causes and a search for safety measures that could have prevented the accident.

The analysis lies at the heart of the investigative process: between the fact-finding phase and drawing up recommendations. Analysis is an iterative process, clarifying needs for collecting additional information as well as changing the content of the recommendations. Analysis has two aims: structuring what we know and structuring what we do not know. Analysis occurs throughout the investigative tasks and forms the basis for the investigation's management decisions on performance efficiency and resource allocation (Stoop, 2007; Gibson, 1961). Analysis has no prescriptive rules, but essentially relies on informed judgment under uncertainty. The use of formal tools may help to provide a more methodical approach, increased transparency and allow people to challenge the analyses or to have more confidence in the investigation's results because they can see how the conclusions were reached.

Models required

During the analysis phase, two types of models are required in order to link the event to the systems’ performance. First, accident models are required to structure the sequence of events to reflect their temporal and sequential nature and to allocate causal factors to the chain of events. Secondly, systems models are necessary to link accident causation factors to the systems in which the accidents occur. During this linkage process, a transition takes place from explanatory factors toward systems change factors, facilitating adaptation of the system to its new state and configuration.

Accident models'.

  • • Provide structure and transparency in the dynamics and complexity of the event;
  • • Allocate factors and actors to the sequence of events;
  • • Clarify relations and interactions between factors, actions and decisions.

These models, though, may contain generic pitfalls:

  • • They represent metaphors that should not be interpreted as depicting models of an accident (such as Heinrich, ‘Iceberg’ and Reason, ‘Swiss Cheese’ model);
  • • Only a very small number of models can be considered as systems-oriented (such as AcciMap or STEP).

Systems models:

  • • Should cover the overall systems architecture: its structure, culture, and context and including the life cycles for the design and operation of the primary systems;
  • • Should incorporate systems complexity and dynamics;
  • • Should facilitate identification of systems and knowledge deficiencies;
  • • Should facilitate the transition from explanation to systems change.

These models also may contain pitfalls, as they:

  • • May take a static, prescriptive form;
  • • May adopt a perspective from a specific discipline (such as technical, behavioral, cognitive, organizational or institutional);
  • • May be overly simplistic, focusing only on accident causation, explanatory variables, and not on systemic deficiencies and control variables.

Systems models should take into account the various dimensions that are characteristic of a systems approach:

  • • The various life cycle phases (such as design, development, construction and operations);
  • • The various systems levels (such as practice, management, policy-making and governance);
  • • The various design levels (such as the conceptual, functional and physical form levels).
  • • These types of systems models can be seen in Figure 1.3 of the Design, Control and Practice diagram. The diagram shows how the systems models facilitate the representation of possible accident scenarios and system adaptations.

These systems models can be depicted in the following Design, Control and Practice diagram (Figure 1.3) through w'hich accident scenarios and system adaptations can be related:

Pitfalls in analysis

Pitfalls in Systems Modelling

Several pitfalls exist in applying systems models for representing complex and dynamic socio-technical environments. Such systems may be decomposed in a structural manner and take static, prescriptive form (such as the ICAO Annex 13 investigation protocol from 1951, w'ith several updated editions since then). Such systems modelling may adopt the perspective of a specific discipline (technical, behavioral, cognitive, organizational or institutional). The modelling may be overly simplistic (such as the SHEL model - Software. Hardware, Environment, and Liveware), focusing only on accident causation and explanatory variables - not on systemic deficiencies and control variables. Thus, it is important to be aware of the perspective from which the modelling is being carried out and the assumptions made in order to

Design. Control and Practice diagram (Reproduced © ESReDA. 2009)

FIGURE 1.3 Design. Control and Practice diagram (Reproduced © ESReDA. 2009).

incorporate the desired aspects in the communication of results that lead to the decision-making process.

Fallacies in Analytic Reasoning

Analytical reasoning may contain several fallacies that may hamper the quality of the conclusions. The level of analysis may restrict itself to either technical failure or individual actions, thereby excluding higher systems levels. The arguments may consequently be based on assumptions instead of evidence, creating uncertainty in the likelihood of findings. The reasoning may contain fallacies of a suggestive, restrictive nature and may be based on ignorance of significant factors. The reasoning may not be representative, and rather based on exclusion and a false analogy, or may focus on correlation instead of cause. The reasoning may be ambiguous and appeal to popularity and focus on affirmation without denial (or false presumption) as an option.

Finally, biases may exist due to the manner in which groups process information (such as confirmation, groupthink, risky shift, tunnel vision, hindsight and pigeon holing).

Specificity of Root Causes Analysis

The problems of identifying root causes pose additional challenges to investigators. The first is to identify those remote causal factors and the second is to assess their causal influence to the event generation. The aim is to link general factors (such as human, organizational, cultural) to specific conditions that directly influenced decisions, actions and event sequence.

It must be acknowledged that identifying and qualifying root causes requires additional competencies from the human and social sciences. These last types of competencies are traditionally very rare in a world of technicians and engineers and even amongst managers of those socio-technical systems. Recent major accident investigations have explicitly involved researchers from the human and social sciences. This posture was then used as a reference by the US CSB when conducting the Texas City 2005 accident investigation. One way to identify and link the root causes to direct causes is to look for safety controls and barriers that have not or could have prevented the event. This implies that investigators should look for standards that are often applied in working procedures, but that may have not been met within the context of the accident. Such methodologies and tools were called “Norms, Novelties and Deviations" by Frei et al. (2003). Therefore, there is a need to question whether or not the controls or barriers should have been in place (as an industry standard), or perhaps they might have been imagined.

Root cause analysis tools exist (such as MORT, Cause Control Change Analysis, Tripod, etc.) that help to structure the questioning process (WHY did it happen?) in a systematic way. They rely on models of risk management that have their own limitations. This point implies a normative vision of what should have been the risk management practices and is helpful for systematic recommendations. But, as a reminder, tools are ‘servants’ not ‘masters.’

In addition, these tools do have limits in highlighting the rationale behind actions, decisions, beliefs, and strategies of actions. Comprehensive approaches are therefore required to address these particular dimensions of human and social systems.

Descriptive approaches (based on social sciences models and theories) provide alternative perspectives (but are also complementary to normative models) given the complexity of systems involved.

Various Other Analysis Techniques Cross Hazard Analysis

Perform a gross hazard analysis (GHA) to get a rough assessment of the risks involved in performing a task. It is "gross" because it requires further study. It is particularly useful in the early stages of an accident investigation in developing hypotheses. A GHA will usually take the form of a logic diagram or table. In either case, it will contain a brief description of the problem or accident and a list of the situations that can lead to the problem. In some cases, analysis goes a step further to determine how the problem could occur. A GHA diagram or table thus shows at a glance the potential causes of an accident. One of the following analysis techniques can then expand upon a GHA.

Gross Hazard Analysis

Job safety analysis (JSA) is part of many existing accident prevention programs. In general. JSA breaks a job into basic steps, and identifies the hazards associated with each step. The JSA also prescribes controls for each hazard. A JSA is a chart listing these steps, hazards, and controls. Review the JSA during the investigation if a JSA has been conducted for the job involved in an accident. Perform a JSA if one is not available. Perform a JSA as a part of the investigation to determine the events and conditions that led to the accident.

Failure Mode and Effect Analysis

Failure mode and effect analysis (FMEA) determines where failures occurred. Consider all items used in the task involved in the accident. These items include people, equipment, machine parts, materials, etc. In the usual procedure, FMEA lists each item on a chart. The chart lists the manner or mode in which each item can fail and determines the effects of each failure. Included in the analysis are the effects on other items and on overall task performance. In addition, make evaluations about the risks associated with each failure. That is, project the chance of each failure and the severity of its effects. Determine the most likely failures that led to the accident. This is done by comparing these projected effects and risks with actual accident results.

Job Safety Analysis

Fault tree analysis (FTA) is a logic diagram. It shows all the potential causes of an accident or other undesired event. The undesired event is at the top of a "tree." Reasoning backward from this event, determine the circumstances that can lead to the problem. These circumstances are then broken down into the events that can lead to them, and so on. Continue the process until the identification of all events can produce the undesired event. Use a logic tree to describe each of these events and the manner in which they combine. This information determines the most probable sequence of events that led to the accident.

Hazard Control for Safety Provisions

Hazardous control can be thought of in three ways. Each describes how and where the controls are placed on the path between the worker and the hazard (Gordon, 1949; Groeneweg 1998). Such controls are discussed below:

Control at the Source: The best way to control a hazard is to eliminate it. If this is not possible, the next step is the substitution of a non-hazardous or less-hazardous material or process. If there is no acceptable substitution, then the hazard is enclosed or isolated from workers. An example of this may be enclosing a high-voltage electrical panel and sealing it off from workers in an office. This w'ould be controlling the hazard ‘at the source.’

Control Along the Path: Some hazards, and the work processes that they are part of, cannot be enclosed or isolated. Placing a control ‘along the path" means different protective measures are put in place between the hazard and workers. In the electrical panel example, office workers have been sealed off from the hazard but electricians will still have to be able to safely work on the panel. To protect the electricians, controls ‘along the path’ would probably include using energy lockout procedures and devices and non-conductive tools.

Control at the Worker: If controls ‘at the source’ and ‘along the path’ may not be enough to prevent injury, then placing controls ‘at the worker’ will be necessary. Control at the worker often consists of personal protective clothing and equipment that must be worn while performing certain tasks. Common types of this control are wearing gloves to protect the hands, hearing protection, or masks or respirators to protect airways. ‘At the worker’ is often the first type of hazard control that businesses put into place. Employers also always need to consider controlling hazards ‘at the source’ and ‘along the path’.


  • • A chemical manufacturing process is described as inherently safer if it reduces or eliminates hazards associated with materials and operations used in the process.
  • • A permit-to-work system is a formal written system used to control certain types of work that are potentially hazardous.
  • • The permit-to-w'ork form must help communication between the parties involved. The company issuing the permit, taking into account dividable site conditions and requirements, should design it.
  • • Risk analysis in chemical process industries is an elaborate exercise involving several steps from preliminary hazard identification to the development of credible accident scenarios, to preparation of strategies for prevention or control of damage.
  • • Operating pressures above atmospheric pressure requires extensive carefulness and expert operation which would rather create serious risk.
  • • Gaskets, sealing of joints or shafts and packing can be sources of leaks, particularly w'here thermal of pressure cycling occurs.
  • • When toxic chemicals are present in the workplace, an individual exposure can be determined by measuring the concentration of a given chemical in the air and the duration of exposure.
  • • Investigation and analysis of a specific industrial hazard should be followed for tackling future accidents. Various investigation process and analysis techniques are discussed in this chapter which would help any process unit to obtain safety measure to prevent any disastrous accident.


Alaimo, R.J. (2001). Handbook of Chemical Health and Safety, Washington: An American Chemical Society Publication.

Allen. Nick (7 February. 2010). “Connecticut gas explosion at power plant 'leaves up to 50 dead”'. London: Telegraph Media Group Limited.

Center for Chemical Process Safety (CCPS). (2003). Guidelines for Investigating Chemical Process Incidents, 2nd ed., New York: Wiley-AIChE.

Changmai, M.. Das, P. P. Mondal. P, Paswan, M., Sinha. A.. Biswas. P, Sarkar. S.. Purkait, M.K. (2020b). Hybrid electrocoagulation-microfiltration technique for treatment of nanofiltration rejected steel industry effluent. Int. J. Environ. Anal. Client, doi: 10.1080/03067319.2020.1715381.

Changmai. M.. Mondal. P. Sinha, A., Biswas, P. Sarkar. S., Purkait. M.K. (2020a). Metal removal efficiency of novel LD slag incorporated ceramic membrane from steel plant wastewater. Int. J. Environ. Anal. Client doi: 10.1080/03067319.2020.1734198.

Egan, M. (22 July. 2019). “Philadelphia refinery goes bankrupt after fire”. CNN Business. 22 July 2019.

Frei. R., Kingston. J.. Koornneef, F., Schallier, P. (2003). Investigation Tools in Context, Proceedings of 24th ESReDA Seminar. Safety Investigation of Accidents, Petten, May 12-13.

Gibson. J.J. (1961). The Contribution of Experimental Psychology to the Formulation of the Problem of Safety - A Brief for Basic Research. In: Haddon. W., Suchman E.A., and Klein D. Edits. Accident Research: Methods and Approaches. New York: Harper and Row.

Gordon, J.E. (1949). The Epidemiology of Accidents. Am. J. Pub. Hea., Vol. 39 pp. 504-515.

Groeneweg. J. (1998). Controlling the Controllable. The Management of Safety. Netherlands: DSWO Press. Leiden University.

Guidelines for safety investigation of Accidents (2009). European Safety Reliability and Data Association (ESReDA). ISBN 978-82-51-50309-9.

Haddon, W. (1972), A Logical Framework for Categorizing Highway Safety Phenomena and Activity, J Trauma, Vol. 12, pp 193-207.

Harms. R. L. (2004). Relationships between Accident Investigations. Risk Analysis and Safety Management. Journal. Hazard. Mater., Vol. 111, pp. 13-19.

Kansas. H. (1998). Fire Investigation Summary, grain Elevator Explosion. National Fire Protection Association (NFPA), Fire Investigations Department. 1999.

Kharabanda. O.P. and Stallworthy. E.A. (1988). Safety in the Chemical Industry: Lessons from Major Disasters, London: Butterworth-Heinemann Ltd.

Mondal, P, Purkait, M.K. (2017). Green synthesized Iron nanoparticle embedded pH- responsive PVDF-co-HFP membranes: Optimization study for NPs preparation and Nitrobenzene reduction. Sep. Sci. Technol. 52 (14), 2338-2355.

Mondal, P, Purkait, M.K. (2018). Green synthesized Iron nanoparticles supported on pH- responsive polymeric membrane for Nitrobenzene reduction and fluoride rejection study: Optimization approach. J. Cleaner Prod. 170. 1111-1123.

Mondal. P.. Purkait. M.K. (2019). Preparation and characterization of novel green synthesized iron-aluminum nanocomposite and studying its efficiency in fluoride removal. Chemosphere 235, 391-402.

Mondal. P. Samanta, N.. Kumar, A.. Purkait, M.K. (2020). Recovery of H,S04 from waste- water in presence of NaCl and KHCO, through pH responsive polysulfone membrane: Optimization approach. Pol. Test.. 86, 106463.

Purkait, M. K.. Bhattacharya, P. K., De. S. (2005). Membrane filtration of leather plant effluent: Flux decline mechanism. J. Membr. Sci. 258. 85-96.

Sriharsha, E., Uppaluri, R.. Purkait. M. K. (2014). Microfiltration of oil-water emulsions using low cost ceramic membranes prepared with uniaxial dry compaction method. Ceramic hit. 40. 1155-1164.

Stoop. J. (2007). Are Safety Investigations Proactive? Proceedings of the 33rd ESReDA Seminar. Future Challenges of Accident Investigations, Ispra, November 13-14.

Volli, V.. Purkait. M.K. (2015). Selective preparation of zeolite X and A from flyash and its use as catalyst for biodiesel production. J. Hazard. Mat. 297. 101-111.

Walker. J. Samuel (2004). Three Mile Island: A Nuclear Crisis in Historical Perspective. Berkeley: University of California Press. ISBN 0-520-23940-7.

Washburn A Mill Explosion. (April. 1956). The Great Mill Explosion and Fire of 1878. Minnesota Historical Society. In Hennepin County History, vol. 16-2, no. 62: pp. 9-10.

< Prev   CONTENTS   Source   Next >