Wednesday, January 15, 2020
The Space Shuttle Challenger Disaster
RISK CASE STUDY ââ¬â ASSIGNEMENT 2 August 3, 20111 THE SPACE SHUTTLE CHALLENGER DISASTER Risk Management Plan 1. Risk management plan summarizes risk management approach, list methodologies and processes, defines everyoneââ¬â¢s role ââ¬â definition of risk management plan. NASA was using for the most part qualitative risk assessment process. Launch of the shuttle was allowed as long as aggregate risk remained acceptable. Quantitive method was applied for risk assessment because if the complex procedures (like data gathering) were in place NASA would be buried with paperwork.NASAââ¬â¢s culture was flying with acceptable risk. There was Risk Management Plan in place for NASA because there was risk assessment and protocols in place but due to excessive nature of most of NASAââ¬â¢ projects waivers became a way of conducting business. As described in the NASA Handbook, hazards (risks) were analyzed and overseen by the Senior Safety Review Board. Each identified risk was c lassified by an established system, based on both the riskââ¬â¢s level of criticality on a scale of one to three (C1, C1R, C2, C2R, and C3).However, their review process contended that no single risk or combination of risks would be enough to prevent a launch, as long as the aggregate risk remained at an acceptable level. 2. The Risk Management Plan was not followed. Methods used to gather data to assess risk were expensive and labour intensive and so were the procedures (Flight Readiness Reviews. To keep up with mission manifest schedule ââ¬â 16 flights per year any) issues had to be resolved fast (waivers).Once a risk was declared acceptable, it was overlooked during future mission planning sessions. Additionally, they didnââ¬â¢t have proper procedures for evaluating the impact of unknown risks (i. e. the ice problem). Lastly, protocol stated that one risk or one personââ¬â¢s concern was not enough to cancel the launch. A no launch recommendation by one party could ha ve been overruled by the launch director. 3. Differences: a. Risk Management Plan is the outcome of Plan Risk Management Process and describes how risk management is structured and performed.It includes methodology (approach, tools, data source), roles and responsibilities (lead, support), budget (resources, protocol for contingency resource), timing (when and how often process is performed), risk categories (RBS), definition of risk probability and impact (high, medium, low), probability and impact matrix, risk stakeholdersââ¬â¢ tolerance. b. Quality Assurance Plan describes how quality assurance will be performed within project to allow for reducing ââ¬Å"wasteâ⬠and eliminating processes that do not add value.It is meant to increase level of efficiency. c. Safety Plan A safety plan is an organized system of rules and guidelines used to maintain safe work environment. 4. Pressure to meet schedule ââ¬â sixteen flights a year in 1986 meant that all involved will have to face paperwork constraints related to flight readiness assessment. Personnel and contractors were working overtime already trying to fill out all necessary paperwork related to problem solving, investigations and last flight updates.Waivers were part of NASA protocols to bypass all of this plus they were a way to indicated that risk was acceptable. Number of flight per year was critical to designing risk management plan because of all similarities between flights like temperature; launch condition could become predictable factors to determine acceptable risk. Risk Identification 5. Risk is uncertain event associated with work, it is a loss multiplied by likelihood that may have impact on the project. There are three common categories of risks: controllable knowns, uncontrollable knowns, and unknowns.Anomaly is a deviation from the standard. Project manager and team define a baseline and decide the difference based on definition of anomaly provided by subject matter experts (enginee rs). 6. NASA had Flight Readiness Review few days prior to flight. Risk identification at NASA was conducted by Senior Safety Review Board. In majority of cases risk assessment process was qualitative. If aggregate risk remained acceptable launch should happen. Hazard were analyzed and subjected to formalized hazard reduction process I in NASA handbook.Quantitative method of risk assessment was not applied because they were expensive and time consuming. Technical experts were not involved enough in any of the discussions. 7. In order to resolve any differences we need to list them and quantify them first which never happened in case of Challenger. Customer is always right and ultimately his decision overrules but contactor must provide as accurate data as possible based on analysis. Every recognized risk has different weight and some of them thru brainstorming can be resolved or even eliminated. 8.Upper management needs to be committed to project of such a huge scale and support it. They should be informed about individual risks and it is up to project manager to provide true information about project. It seems that culture of NASA accepted waiver as a way to determine acceptable risk and considered then as a part of official protocol. 9. Risk associated with any chosen method should be classified based on cost (budget), safety and technology (design) and overall impact on the mission. Challenger did not have either solid political support or direction.Cost became the most critical component in decision making. Sold fuel systems were cheaper but also less safe. They require less research and development but were designed for reusability. 10. Politically motivated trade-offs are impossible to control by PM and his/her team. There is a pressure to for government to deliver promise or a need to see where all funding went. All PM has is data and measurements based on research, analysis and historical lessons. There should be a limit where safety becomes impossible to trade.This is where government agenda should not applied because risk of losing lives is too high to trade. 11. NASA was under pressure from government and by the same token pressured contractor (Thiokol). Funding was inconsistent, expectations were very high and there was no clear direction where space program was going and flying manifest was beyond capabilities of personnel should he chose to follow all procedures. Risk was calculated in every decision. 12. Risk Management plan is evolving document as project goes on. different phases should be recorded in Risk Register and 2 separated risk assessments conducted because each phase faces different risks. Identifying risk will help us analyze triple constraint factors. Both risk assessments are equally important. Risk Quantification 13. Given the complexity of Space Shuttle Program it is necessary to address individually each technical aspect of the risk. In some cases lesson learned from previous experience with shuttles can b e applied to other program given that conditions like weather, resistance to high temperature or fuel type.Certain measurements can be applied to all space shuttle programs. Qualitative risk evaluation could be used at the beginning of the project to sort out level of each risk. Quantitative risk would be possible if there full support from upper management (government), budget and methodologies were in place. Both methodologies are equally valuable in complex project like Challenger. 14. There were 3 separate ice inspections conducted on the site and ice team responsibility was to remove any ice. First inspection delayed launch due to presence of ice on launch pad.Second inspection discovered still significant presence of ice on launch site and it was determined take off was unsafe. Falling ice could damage heat tiles on the Orbiter. Third inspection still found significant ice presences on the launch pad. 3 major concerns of the ice-on-the-pad issue: launch objection due to the we ather, ice on the pad was unknown effect on the ignition and debris were considered potential flight safety hazard, freeze protection plan for launch pad 39B was inadequate. Ice was considered a potential problem. 15.Risk quantification allows preparing better for potential risks. Contractors provide data but it is decision of the customer whether to take some of all data under consideration when making decision. To resolve a matter of dispute, the customer and contractor should collaborate. If there is no agreement customer decides what approach to take. 16. Senior management needs to be presented with information in easy to understand form ââ¬â in case of Shuttle short movie presenting what would happen on impact. Only potential problem made it all the way up to higher management not the critical ones.None of the recommendations from Thiokol were passed to upper management. There were no established procedures that all risk data cannot be modified by any member of the team wit hout proper access and expertise. 17. It was quantitative system but issuing waivers very often made it useless because they by-passed some of the recommendations. Lessons learned were not used by Thiokol regarding temperature at launch which was supposed to be 53 degrees Fahrenheit. Thiokol engineers tried to quantify some of the risks based on historical information regarding blow-bys and temperatures. 18.No, there were no probabilities assigned to risk like putty, temperature, rings although there was some historical data available. There were not enough details to develop probabilities and metrics to rely on. Engineers could not determine direct correlation between factors. Risk Response (Handling) 19. Size of the company, available budget, company culture and overall resource decide what constitutes acceptable risk. It depends on tolerance of individual company to determine if risk is acceptable. 20. Project manager is always responsible for success and/or failure of the projec t.If there is another body in the company responsible for handling risk on larger, company scale it should be consulted as well. 21. According to PMBOK there are 4 risk responses and all of them were used: acceptance (consequences were acceptable), avoidance (re-scheduling take off), control (type of aborts and their respective landing sites) and transfer (hiring Thiokol as contractor to transfer risks). 22. There was an abort due to bad weather and ice which was correct response. NASA decided to launch in spite of C1R which meant 2 components failure (both main and secondary ring booster are the same type).This is not a correct response to existing risk. This decision was made without any regard for possible consequences of component failure. 23. Subject matter experts and upper management and technical consultants with the knowledge of space technology. Astronauts should be consulted as well since they risk their lives and are in immediate danger. 24. Every project should have ris k response mechanism included in risk management plan. All data gathered from SME and specialist in the field should be taken under consideration when developing risk response mechanism.When team cannot agree on it senior management who is ultimately responsible has final saying. 25. Astronauts with technical experience and knowledge should have been consulted. Christa McAuliffe as an example would not contribute anything valuable because her knowledge wasnââ¬â¢t in space shuttle design discipline and she did not have any previous experience flying either. They have accepted the risk already when they agreed to fly ââ¬â no need to re-assure it. Astronauts are all volunteers and understand that safety is space is never 100% guaranteed.In my opinion it is safety staff that should have been included primarily. No safety representative or quality assurance officer was included in any of the decisions (or during the take-off). 26. Waivers were a way of bypassing official protocols in order to maintain schedule. It was a form of acceptance. 27. Waivers were standard operating procedures ââ¬â they are type of active acceptance ââ¬â ââ¬Å"the wrong thing can be done to solve the problem because its solution was not clearly thought out under pressure in the heat of the momentâ⬠8. Yes! Schedule pressures made managers less willing to acknowledge possible risks. Despite the fact the temperature was not favourable (as required minimum of 50 degrees Fahrenheit), Thiokol & NASA decided to go ahead with the launch to meet their desired planned schedule. Political pressure affected all responsible parties. 29. The risk response mechanism utilized by managers at Thiokol and NASA was Acceptance. They were fully aware of the potential risk however they decided seat back and see what happens. 30.The Engineers did not do everything to convince the management to stop of the launch. After failing to convince the management they decided to take a passive app roach of ââ¬Å"wait and see what happens nextâ⬠while they knew the results will be catastrophic. To make matters worse, Engineer Boisjoly changed his expert professional opinion after was told put on his management hat. 31. Though NASA claims that its top priority is the safety of the crew and equipment, it did violate its responsibility to ensure safety of the crew in spite of the evidence that was presented to them by the engineers.They played Russian roulette with human lives. Final findings though confirmed that pressure caused rational men make irrational decisions. 32. YES! NASA was completely aware that the temperature was not favourable for launch (as required minimum of 40 degrees Fahrenheit) however still went ahead with the launch to meet their desired planned schedule. The O-Rings had never been tested below freezing temperatures before & did not meet the 40 degrees below qualification temperature. Risk Control 33.Documentation is crucial and must to be thorou gh as part of risk management in order to identify all potential risks, keep a historical record data , reveal relevant information to the project to ensure project process are in compliant with the companyââ¬â¢s goals. Depending on the complexity of the projects or programs company is involved quantity will differ. Excessive paperwork can be very discouraging to personnel. 34. There was no audit trail to the best of our knowledge. Thiokol had lessons learned regarding erosion, temperatures and blow-bys. 35.Thiokol noticed black soot and grease on the outside of the booster casing, caused by actual gas blow-by and had ordered new steel billets which would be used for a redesigned case field joint. This vital information should have been disclosed during the hour presentation granted to them which they mostly argued on the cold weather effects. 36. Hard facts speak to upper management better than anything. Presentation and SME opinions quoted within presentation would help to get upper management attention. 37. Again, facts, findings and lesson learned are powerful tools.Once team and upper management is aware that science doesnââ¬â¢t back up decision sole responsibility and pressure is taken off single person and transfer to the whole team. 38. There were 5 different communication and organization failures and 4 of them were directly related to safety program. Lack of problem reporting requirements, inadequate trend analysis, misinterpretation, lack of involvement in critical decisions. Safety organization should be better staffed and SUPPORTED. 39. Rockwell was prime contractor to build Orbiter. It was believed that Rockwell was not the best choice since it had not been involved in Apollo Program as others.Rockwell issued a ââ¬Å"concernâ⬠about possible Orbiter damage due to the ice problem but they never stated they did not want to launch. They never said to NASA launch should be aborted due to unknown nature of the ice. It was never formally re corded that Rockwell objected. By making objection official there is paper trail that can be traced back should situation call for it. 40. Risks levels must be maintained completely at minimal before launching of the spaceship; however loss of human life should be avoided at all cost. The overall risk should have been between C2 & C3. 41.It is best to execute a presentation to the higher-ranking Management with adequate evidence of potential risks & the overall impact. In addition, outsource experienced experts who will back you up with their input in order to win a favourable decision. 42. The liability should be placed on the people who made final decision to launch while they fully aware fully of potential risks. Though the Thiokol engineers ââ¬Å"cried for Helpâ⬠, they were thwarted from pleading their case and the management went ahead supported NASA proceeding with the launch. Both Thiokol management & NASA should share the blame.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.