What do you consider to be an event worthy of investigation? Do you look only at events that had serious consequences, or do you consider less serious events as well? What about near-misses?
I've recently been involved in the investigation of a near-miss event. By near-miss (or near-hit?), I mean an event that almost happened -- an event that terminated one step before a serious consequence was experienced. As is often the case, the event sequence was a seeming string of coincidences. It ended without consequence simply because there was nobody at the event location to be injured.
A near-miss event can basically be viewed from two basic perspectives. The first is that since nothing of consequence actually happened, there's no reason to get excited. The second perspective is that for an event to get to that point -- where only one last barrier remains between consequence or non-consequence -- several other barriers had to fail, or worse, there weren't any other barriers.
At this point, you're probably expecting me to say that the first perspective is totally wrong, and that every event deserves investigation. Well, I'm not going to say that. Actually, I'm going to go out on a limb and say that the first perspective -- "nothing happened, so don't worry" -- may in fact be the correct viewpoint, under certain circumstances.
So what is the dividing line? My opinion is that it should be defined on the basis of risk. The simplest definition of risk is "probability times consequences." For a near-miss event, I would say that the risk is defined by the probability of the last barrier breaking, multiplied by the worst potential consequence if that barrier breaks. Then, if that product (the risk) equals or exceeds the risk boundary for the organization, then a detailed investigation is warranted. Otherwise, don't worry about it... fix the problem and move on.
(Note that the above assumes you know where your risk boundary is. At the end of this article, I provide a handy link to a nice web resource on defining that boundary.)
So what do you do if the risk you calculate exceeds your risk boundary? Keep in mind that this means you have already been exposed to this risk at least once... otherwise, you wouldn't be going through this exercise. The answer is simple: investigate the near-miss as if it had been the real event, as if that last barrier had not held. You'll learn just as much as if it had been the real thing.
Treat a near-miss as a fortunate gift. You get an opportunity to learn about your organization's latent weaknesses, without first having to experience painful consequences. Just make sure that you investigate it as fully as a "real" event, and apply the same level of seriousness and resolve to the corrective actions.
Here's a nice introduction to defining and using a risk boundary: Concepts in Risk Management, by P.L. Clemens and R. R. Mohr.
by Bill Wilson