Normal Accident

Dave Kinnear 1-On Leadership

I’ve been thinking about the Toyota “sudden acceleration” problem. Back in 1984 Charles Perrow published a book entitled “Normal Accidents: Living With High Risk Technologies” (ISBN 0-691-00412-9). Few lay people seem to understand the theory. A system accident is an “unanticipated interaction of multiple failures”[1] in a complex system. This complexity can either be technological or organizational, and often has elements of both. In today’s world, we are seeing complexity increase exponentially: from the cars we drive to the devices we use to listen to music or view video, and to the way we gather information and news, our world has become incredibly complex. That complexity in itself creates more complexity for us.

The consequences of not understanding the Three Mile Island accident have been far reaching. Hysteria set in and well-intentioned but misguided people set this country on an economically and ecologically wrong path. Today, even the fervent environmentalists are questioning the decision to halt nuclear energy rather than address the real issues of complex systems and nuclear waste. Why were we willing to accept defeat? Why were we willing to accept that we could never solve or mitigate the risks? Why were we not willing to at least try to understand the consequences of the decision to stop nuclear power with respect to all the other social and environmental systems?

Back to Toyota. The cars we build today are jammed with complex systems. What was once a relatively straightforward mechanical system (I used to maintain my cars myself with a few simple tools) is now an extremely complex system comprising mechanical, electrical, electronic and software components. I am told that there could be north of 20 microcontrollers units (MCUs) in a car these days. They will be used in everything from breaking and stability systems, to engine control, to safety devices, to navigation systems, to cabin environment control to entertainment systems. It takes incredibly expensive (by my standards) and complex diagnostic systems to even begin to look at how a vehicle is performing or what might be wrong. And as we push for more “green” vehicles, the problems will grow. According to Gartner:

Rising fuel prices and environmental concerns are accelerating electronic innovations in automotives, with worldwide automotive microcontroller units (MCUs) expected to reach $6.3 billion in 2012 — 50 percent of which will be responsible for “green” optimizations, according to Gartner, Inc. In 2008, worldwide automotive MCUs are on pace to total $5.3 billion.

Many of the technologies used in “green” vehicles, such as hybrids, are managed through MCUs. The increase in sales for energy-efficient vehicles will fuel the MCU market.

So what’s causing the “sudden acceleration” at Toyota? At first, the evidence seemed to indicate that there was a problem with the floor mat creeping up under the pedal and the pedal got “stuck” on the mat and wouldn’t return to resting position when the driver removed his/her foot pressure. And that may well have been true in many of the cases reported back last year and earlier. So a “fix” was to anchor the mats or remove them. No big deal. Problem solved, right? No, and before we go further, let me make a couple of things clear: (1) I drive a Toyota Prius and (2) I’m definitely NOT defending Toyota; people have died. Rather, I am defending the concept of “Normal Accident” and pointing out why it’s important to us as business leaders.

Then more reports came in on the sudden acceleration. And floor mats were not implicated. It seems that wear on the pedal assembly itself was a problem. Keep in mind, this is an “electro-mechanical” assembly now, not the old fashioned cable to the carburetor kind I am used to. Instead, this is “drive by wire.” The position of the gas pedal is transmitted to the engine control system via electronics, not a cable and cam. A new design has been implemented and manufactured. As of this writing, it is available at dealers for the recall process to begin. It is supposed to make sure the pedal does return to rest when released.

However, the story doesn’t end there. People are reporting that “no my pedal didn’t stick” and “yes, I did get sudden unexpected acceleration,” and “I got the car under control by hitting the brakes.” Uh-oh. This profile doesn’t fit the gas pedal assembly fix. My friend, who loves to tweak me because I buy foreign cars and he supports the (failed I might point out) American manufacturers, wanted to know what I was going to do. Was I going to turn in my Toyota because of this problem? No way. I told him that I thought it was a software problem or an EMI (Electro-Magnetic Interference) problem. What I am going to do is make sure my floor mat is properly anchored, be alert for any sudden acceleration, and shut off my smart phone when in the car. At least until the good folks at Toyota get some more information. Maybe keeping the phone off is safer anyway! I know a little bit about the culture in a Japanese company. I put my faith in them to get to the root cause of these problems, even if there are multiple failures. False solutions lead to a false sense of security which will lead to more accidents.

Another point. This is a global economy. Guess what. Several suppliers are building common assemblies that are used by many and maybe all car manufacturers. Common systems and designs are the norm for these new drive by wire vehicles. So my advice to the smug “other manufacturer” friends – wait, your time will come because your car is also very complex and uses some of the same or very similar systems. This makes it even more important to get it right, and soon.

Bottom line for me is this: business leaders today better understand “normal accidents,” get a handle on the risks involved with organizational complexity and have a solid, well thought out crisis management plan in place. I have to also remind myself that excoriating others, especially after the fact, about “not connecting the dots,” or taking them to task for “jumping to conclusions” is most likely not a reasonable or defensible thing to do. Instead we must measure where we are (reality), analyze the situation and information (get to root cause), plan a thorough response, implement the necessary changes, and repeat the process continuously.

[1] Perrow, Charles (1984). Normal Accidents: Living with High-Risk Technologies, With a New Afterword and a Postscript on the Y2K Problem, Princeton, New Jersey: Princeton University Press, ISBN 0691004129, 1984, 1999 (first published by Basic Books 1984).