September 14, 2017 JV

Whodunnit – a Safety and Reliability Share

Many of my current clients routinely begin their meetings with a “Safety Share.”  These brief stories of relevant incidents or near misses are used to inform and inspire people to take care and work safely.  Over the past few years I have been helping one of my more advanced clients to develop a Reliability Roadmap.  As part of this, we recognised the need to shape a reliability culture, something that is crucial to achieving high levels of asset performance.  To accelerate this, we discussed the idea of piggy-backing on “Safety Shares” to help employees to also focus on reliability.  After all, are not safety and reliability closely inter-related?

I’ve decided to kick off the next decade of working and blogging by sharing a personal Safety and Reliability incident.  I’ve written it as “whodunnit” because of the importance of “detective” maintenance to ensuring the integrity of critical safety systems.  It should be relevant to anyone intending to drive a car with cruise control, so please, pass this onto your loved ones.

At 4:45 am on Tuesday 22nd August I was heading south on the Bruce Highway from Caloundra towards the airport.  My work car is a six-year-old manual Ford Fiesta.  It is maintained regularly by a competent and experienced mechanic whom I’ve used and trusted for about 10 years.  I had awoken at 3:45 am to drive to the airport, as I’ve done almost every fortnight for the past three years or so.  I had cruise control set to 100 kph when I saw that the traffic was stopping about 200 – 300 metres ahead of me due to roadworks.  FYI, when I use cruise control, I generally cancel it by pressing the button on my steering wheel; probably 99 times out of 100.  This time I decided to simply use my brakes as stopping was inevitable.  That’s where things began to get interesting.

Have you ever thought about the power of behavioural conditioning?  Well, I did a back of the envelope calculation and reckon that I’ve pressed the brake pedal of a car about three hundred thousand times over my driving life.  I press the brake – the car slows down; repeat x 300,000.  That can be habit-forming!  For any young person reading this, an envelope is what we used to put letters in before sending them via snail mail.  I digress.  Well, THIS TIME when I pressed the brake pedal, the strangest thing happened.  The car DID NOT slow down.  Instead, it continued to travel fast.  I immediately thought that there must be something wrong with my brakes (remember, “I press the brake – the car slows down”).

Here’s a word for today – I was totally discombobulated.  It was as though my right brain said to my left brain “this is not happening!  Can you make sense of what’s going on?  The brake was pushed and we’re not stopping.”  After about a second, my analytical side coolly responded with “I’ve got nothing.”  “OK then” replied the right, “if that’s the best you can do, I’m taking over.  So, what’s it going to be – fight or flight???”

Back in the early 2000’s, I remember doing some defensive driver training.  The BHP Six Sigma team organised a team-building session with the Network team at Mt Cotton, south-east of Brisbane.  We had such a great time competing with each other in teams, doing a bunch of fun measurement and improvement activities, reversing, putting cars into slides with a handbrake and controlling our way out of them.  We had team names and team songs; ours was “Go F-E-R-R-A-R-I.  Vroom, Vroom.”  So many great memories and friendships were created, but again, I digress.  However, one valuable consequence of defensive driver training was the indelible imprinting of certain abnormal driving activities within the emotional mind.  Now, back to the Bruce…

After having pressed the brake initially and seeing the car continue at 100 kph for a couple of seconds, I pressed the brake again – harder this time.  The car still did not slow down.  “So, what’s it going to be – fight or flight?”  In a mild state of panic, I began looking for an escape route off the road, in the cutting.  I did not want to hit the stopped car in front of me at a frightful speed.   By this time, I’d travelled at least 100 m at full speed and was running out of stopping room.  Thankfully, I decided to pull the handbrake.  Whether it was a cognitive decision to do this or whether it was instinctual, I do not know.  Upon reflection, I think that having done it before at Mt. Cotton gave me the confidence to stay in the fight.  Immediately, the car began to slow down.  I think I must have also had my foot on the brake, but I can’t be sure.  However, I’d locked up the back wheels with the handbrake and began to slide.  I learned later that it had rained earlier that night, so that explains the slippery conditions.  I did try to correct the slide by steering with one hand, but I didn’t let go of the handbrake as I wasn’t sure why the car was stopping.  I eventually lost the back end of my car and it spun around within the centre lane.  Thankfully, I missed every other car around me and hit the guard rail in the centre of the road at about 15 kph.

I got out of my car in a real state of shock.  My legs were like jelly and I just sat on the guardrail looking at my car thinking “what do I do now?”  I was a mess, but thankfully the guy in front of me came to my aid.  Rob had seen everything happen in his rear vision mirror.  He saw me slide.  He saw me hit.  He came over to me and asked how I was, called a tow-truck, helped me push my car off the road and even drove me to the airport.  He was a godsend.   Thanks, Rob.

So, Sherlock, whodunnit?  What was the root cause of the incident?  I began to think deeply about the series of unfortunate incidents that led to my Fiesta enjoying a two-week siesta at the body shop.  I was keen to figure out what had happened; I hate not knowing the cause of something like that.  After speaking to my insurer, I called my mechanic and explained to him in minute detail, everything that I did and everything that the car did and didn’t do.  Pete did not hesitate; he immediately said that the foot brake switch must have failed.

What Pete said made sense.  It was the most plausible explanation for what had happened.  Every cruise control can be cancelled by a few inputs – the buttons on the steering wheel, the foot brake switch and apparently, the handbrake switch.  There may be others, but they may differ from car to car.  So, logic tells me that when I initially pressed the foot brake, cruise control did not cancel because the foot-brake switch did not function.  So even though I was pressing the brake and applying a stopping force, an equally powerful driving force was being applied to the wheels via the cruise control.  It was only when the handbrake switch was activated that I was actually able to stop.  Unfortunately, my handbrake had locked up my back wheels and nullified the ABS.

Well, I called my insurer back and asked whether they were going to check the brakes, especially the foot brake switch.  The answer was no, initially.  I guess they’re really only interested in fixing symptoms, not root causes.  Anyway, to their credit, they did arrange for a mechanic to check my brakes.  Interestingly enough, he found that the foot brake switch was functioning at the time, but he did recommend that it should be changed.  I thought that we had found the root cause, but the physical evidence was not definitive.

Almost two weeks later I picked my car up from the body shop and drove it directly to my mechanic.  He put a scan tool on it and we discussed potential failure causes.  He, like the other mechanic confirmed that the foot brake switch was currently functioning.  However, Pete had no trouble in recommending that it be replaced.  An intermittent fault in a foot brake switch is something that he had some experience with and the evidence that I presented to him was convincing.  I had also googled “foot brake switch cruise control” and found that there were recalls on this device by some manufacturers.  Although I didn’t have a definitive result, I did believe that an intermittent failure of my foot brake switch was the most plausible answer.  Considering how rarely I cancel cruise control with my foot brake, this intermittent fault may have remained undetected for years.

When I first thought about telling this story, I was hoping to share with you all an open and shut case with a definitive root cause, but as you can see, this did not eventuate.  This twist in the tail of reality reminded me a great quote from G. K. Chesterton.  “The real trouble with this world of ours is not that it is an unreasonable world, nor even that it is a reasonable one.  The commonest kind of trouble is that it is nearly reasonable, but not quite.  Life is not an illogicality; yet it is a trap for logicians.  It looks just a little more mathematical and regular than it is; its exactitude is obvious, but its inexactitude is hidden; its wildness lies in wait.”  Indeed, the wildness of a hidden fault in my brake switch lie in wait for me, but by the grace of God I escaped with a bruised ego, a broken fender and a great story!

So, what lessons can be gleaned from this incident?  I’d like to offer a few and hear about any others you may have for me.

  1. If you are driving with a passenger, do what we all used to do back in the old days at BHP – some detective maintenance. One person should stand behind the car and make sure that the indicators work and that the brake lights come on when the pedal is pressed.  As an added bonus, the driver should press the foot brake an undisclosed number of times and then ask the checker if they got the same number.
  2. If you are going to drive with cruise control, you need to know all of the ways that you can cancel it. You need to know instinctively which button to use.  On my steering wheel, the CANCEL button has a sharper edge and is shaped raised above the others.  Know yours and practice using it.
  3. I’d recommend only using cruise control in light traffic and definitely not when it has been or is raining, as you will have less time to get out of a pickle if something fails.
  4. EVERY TIME you use cruise control, the first thing you should do is test to see that the CANCEL button will cancel it, then reset it and test to see whether the foot brake will cancel it.
  5. When cancelling cruise control, I plan to always use the CANCEL button first, then the brake. I’m going to do that just in case the particular brake switch model in my car has an inherent design fault.
  6. If you get the opportunity, do a defensive driving course.

It’s not hard to see that all of our technology is getting more and more sophisticated.  We will be confronted with more and more automated systems that are great when they work and deadly when they don’t.  Don’t become complacent.  You need to know how to cancel any automated system that has the potential to harm you.  Don’t rely on the designer to cover off every scenario.  You’ll never know when the holes in the swiss cheese may line up.

There’s one final lesson that I’d like to leave you all with.  It’s not always possible to prove something definitively; whether physical or meta-physical.  However, what we always need to do is:

  1. to look at all of the facts and data dispassionately (that is, with no bias or prejudice);
  2. to see whether the facts correspond to reality in the particular (each fact one by one) (Correspondence Theory);
  3. to see whether the facts cohere or make sense as a group (Coherence Theory) and then
  4. determine the solution that is more plausibly true than others.

Even though my foot brake switch appears to be functioning now, I firmly believe that it was faulty at 4:45 am on 22/08/2107 because of the evidence presented in this story.  An intermittent fault in the foot brake switch is more plausibly true than not because it conforms best to the reality that confronted me that fateful morning.  The body of evidence supports the intermittent foot brake switch hypothesis, both in correspondence and in coherence.  It also demonstrates rather elegantly, that faith is not blind, rather, it rests on the preponderance of evidence, despite what currently appears to be true.

Before I go, I’d again like to thank Rob Shephard, the man who selflessly helped me out after my crash.  Rob is the owner of Locom, a communications cable locating company.  If ever you need someone to help you locate communication cables so you can do excavation work or because they need to be rerouted, Rob’s your man.  He can be contacted on  Tell him that John sent you.

Comment (1)

  1. Wayne Strudwick

    A nice example of root cause analysis John , not all RCA will give you a definitive answer as you have shown, so likely causes must be fleshed out and addressed. I wonder how well the designer of such vehicle systems analysed the risk and corresponding design criteria, in industry we go to Safety Integrity Levels to reduce high risks in equipment design. I think in this case a parallel system to detect brake force should have been used to disengage the Cruise, always easy in hindsight. If someone dies from their equipment or system failures, I am sure that it would be recalled and upgraded. In an industry situation this would be a SIL 2 system design, which would call for a better control than a small switch.

    Not sure if you remember Readers digest, they always had a section called Wordpower that helped increase your vocabulary. Well reading your blogs you always seem to throw in a new word for me, today it is “discombobulated”. I will use it to amaze and confuse my friends.


Leave a Reply