The recent and ongoing disaster in the Gulf of Mexico has raised some questions as to the preparedness of Big Oil to respond to an emergency spill. An examination of their emergency spill plans has garnered criticism but is it justified? How much effort should companies spend on risk identification and mitigation?
In the background of Obama’s showdown with British Petroleum’s executives occurred a congressional hearing on oil companies’ emergency spill plans. Lawmakers attacked five oil giants (BP, Exxon Mobil, Conoco Phillips, Chevron & Shell) for their “cookie-cutter” oil spill plans, all written by the same Texas subcontractor with 35 employees. Three of them listed the phone number for the same marine-science expert who died in ’05. Four of them listed walruses as needing protection in the Gulf. (Walruses do not live in the Gulf.) All of them used common assumptions despite the different types of exploration wells under scrutiny. Representative Waxman (D-Calif.) made this statement: “When you look at the details, it becomes evident these plans are just paper exercises.”
This comes as no surprise to me. Having worked as a Product Engineer in three different industries, I have seen my share of risk-taking (or risk-ignoring) and noted common trends from all. One trend is that once a risk-assessment procedure has been initiated and seemingly completed, management and the team considers the task done. One of the more popular risk-assessment tools out there is Failure Modes & Effects Analysis (FMEA). Any engineer that has been properly trained in the methodology should tell you that the FMEA is a “living document.” Meaning it continues to live and breathe with the attention of the engineers on a frequent and regular basis. Certainly, at the onset of a new development program or imminent launch, a lot of energy is and should be directed at identifying the inherent risks based on current knowledge. With team effort, the FMEA document provides a framework by which team members in a regular meeting identify the key risks and their impact, frequency, and ability to detect risks as they arise. Once the first pass is done, the team then examines and implements ways to minimize the risk.
A problem is, once the program has been launched or even after the first pass FMEA, management naturally ramps down the staffing to minimal levels and re-assigns the excess. The mental attitude is “we’ve done this, now it’s time to do something else.” Whoever is left has no time to revisit the FMEA. No longer is the FMEA a living document; it is stored for auditing or, even more deviously, to be recycled on another similar program. In my initial days working for an automotive supplier, I was appalled at the suggestion that we take an existing program’s FMEA, change the title to reflect our program and do nothing else. I believe Waxman’s “cookie-cutter” observation was spot-on.
No-one wants to reinvent the wheel. Manpower is precious and expensive and should be utilized to its maximum benefit. Even during a program’s heyday, engineers are reluctant to adjust a previous program’s risk assessment (in fear they appear to be correcting others), despite new data that says otherwise. It is in our nature to defend and fixate on a well-worn methodology while closing our minds to new thoughts. Quite frequently, the programs under scrutiny are behind schedule and extra effort to search out lesser-known risks is (correctly) perceived as a completion delay. No engineer wants to be the lone voice “crying wolf” when the rest of the team just wants to get the nightmare over with. (There could be other nightmares down the road but let us at least lay this one to rest.) This goes on at all firms, trying to find that right balance of social responsibility yet “optimizing” resource utilization for better profits.
Not that I am advocating reinventing the wheel. But what I am advocating is that the risk-assessment-mitigation procedure should continue to be looked at diplomatically with fresh eyes along with old ones, long after the initial flurry of activity ensues. My proposal would mandate a certain percentage of manpower continually look at and revise the risk mitigation plans of any product or process currently running. Of course, it is easy enough to say we need more manpower and yet another to commit those resources, especially in publicly-owned firms where this and future quarters must show ever-expanding cash flows. In that case, should we just quietly admit we are playing with fire and suffer the consequences like BP is doing now?
Then there are the governmental oversight agencies. The incestuous relationship between Mineral Management Service (MMS) and the oil companies they regulate is well documented. Not as well highlighted is the intertwining of National Highway Traffic Safety Administration (NHTSA) and automotive giants (Toyota, Ford, GM, etc). Many NHTSA employees are former workers of the industry. A lesser-known reality is that NHTSA does not automatically test all cars for safety but allows the OEMs to self-regulate themselves. The OEMs are responsible to test their products based on the Federal Motor Vehicle Safety Standards (FMVSS) requirements with the potential threat of NHTSA performing their own checks.
Where should we draw the line? Do we let the current incestuous relationships between government and industry mandate how much effort is spent on risk identification and mitigation along with “fresh eyes”? How would we track that? What would the required manpower percentage be (2%, 5%, 10%)? Do we require oversight agencies to maintain a maximum, not-to-be-exceeded percentage of “insider” staffers? (Couldn’t we say the same about allowing former lobbyists to work in government bureaucracies?) How do we do a better job of preventing disasters while maintaining healthy profits? How do we break up the party?