This document discusses organizational factors that can contribute to failures and disasters. It provides examples like the Herald of Free Enterprise ferry accident, Deepwater Horizon oil spill, Space Shuttle disasters, and Bhopal gas tragedy. Common organizational issues identified include communication failures, lack of coordination, cost prioritization over safety, and failures of responsibility. The document also discusses definitions of organizations, how their structure can impact dependability, and relationships between organizational and software structures.

1. ORGANISATIONS
AND
DEPENDABILITY 2
DR JOHN ROOKSBY

2. IN THIS LECTURE…
This lecture will focus on organisations. This will be a high level
overview.
1. What are organisations?
2. Organisational structure
3. Change
4. Process, Practice and Management
5. Enterprises and Ecosystems

3. SOCIO-TECHNICAL SYSTEMS
ENGINEERING
Society
Organisations
People and Processes
Socio- Applications
Technical
Systems Software
Engineering Communications + Data Engineering
Management
Operating Systems
Equipment

4. Failures, accidents and disasters often have
underlying organisational causes and factors…

5. HERALD OF FREE ENTERPRISE

6. HERALD OF FREE ENTERPRISE
• A UK ferry capsizes shortly after departing Zeebrugge, killing
193 people. The bow doors remained open as it departed.
• UK Enquiry finds a disease of sloppiness and negligence at
every level of the corporation's hierarchy

7. HERALD OF FREE ENTERPRISE
• The disaster was a key event leading to
• The development of Corporate Manslaughter Laws in the
UK
• The Public Interest Disclosure act (protection for
whistleblowers)

8. MACONDO INCIDENT
DEEPWATER HORIZON
(DEEPWATER HORIZON)

9. MACONDO INCIDENT
DEEPWATER HORIZON
(DEEPWATER HORIZON)
A rig exploded and sank, killing 11 and leading to one of the largest oil
spills in history.
The US Government‟s investigation concluded:
• Better management of decision-making processes within BP and other
companies, better communication within and between BP and its
contractors and effective training of key engineering and rig personnel
would have prevented the Macondo incident.

10. MACONDO INCIDENT
DEEPWATER HORIZON
(DEEPWATER HORIZON)
The rig was operated within a complex organisational context:
• Commissioned by R&B Falcon which later became part of Transocean
• Leased to BP from 2001 until September 2013. BP had grown rapidly
through a series of acquisitions and mergers.
• Employees from several organisations were involved, inlcuding
Haliburton who were providing cement modelling services.
• The rig was registered in the Marshall Islands, and regulated by the
Minerals Management Service (MMS)
• During and after the incident, these organisations appeared to try to
shift blame to each other.

11. THE SHUTTLE
DISASTERS

12. THE SHUTTLE
DISASTERS
• The CAIB investigation into the Columbia shuttle disaster
focused on:
a wide range of historical and organisational issues, including
political and budgetary considerations, compromises, and
changing priorities over the life of the Space Shuttle
Programme

13. THE SHUTTLE
DISASTERS
• NASA is a large, complex organisation
• The Shuttle programme also involved external organisations
• Managerial failings including a failure to share information,
to take engineers seriously, to explore contingencies
• Communication problems and misunderstandings with
external organisations
• A “faster, better, cheaper” strategy
• Columbia disaster reminiscent of challenger.
• Other disasters such as the loss of the Mars Climate Obriter
also attributed to organisational problems.

14. BHOPAL GAS DISASTER

15. BHOPAL GAS DISASTER
In 1984, water was mixed with methyl isocyanate at a pesticide
plant in Bhopal, India, resulting in the release of toxic gas. There
were approximately 3000 deaths (in the short-term), and
hundreds of thousands of injuries including blindness, kidney and
liver failure.
According to Shrivastava [1] there were a series of organisational
antecedents to the accident including poor training, poor
motivation, poor manning, and low importance of the plant to its
parent organisation

16. BHOPAL GAS DISASTER
Ongoing controversies on the immediate cause: how did water
came to be mixed with methyl isocyanate?
But there were clearly wider problems:
• Storing chemicals in large tanks and filling beyond
recommended levels
• Poor maintenance leading to failure of several safety systems.
Other safety systems being switched off to save money
• Wider problems included growth of slums around the plant, a
lack of catastrophe plans, and lack of healthcare
Ongoing disputes over responsibility: a global organisation
operating under different jurisdictions. Complex issues over
ownership.

17. ORGANISATIONAL FAILINGS
In examples such as these we see factors including
• Communication failures
• Failures to coordinate and cooperate
• Failures in designing and maintaining equipment
• Failures to learn
• Prioritisation of cost over safety
• Failures of responsibility
• Regulatory failings
These are operational failures, but will have roots in
organisational design and strategy
When we say there are organisational problems we are not
talking specifically about the organisation as an entity but about
organisation-in-action

18. WHAT IS AN
ORGANISATION?
Organisations are groups of people who distribute tasks for a
collective goal.
• There are many definitions of organisation (including several
legal definitions).
• However, our interest is not to look at „types‟ of organisation,
but to examine how organisational practice can be
dependable.
• Our interest should be in how people work in an
organisational, or institutional context
• Organisation should be treated as both a noun and a verb
• Organisations should not be seen as entities but as arenas
for activity, and technologies not as artefacts but social
objects in this
• Critical systems engineering is often interested in
sociological and psychological views of work and
organisations

19. ORGANISATIONAL
STRUCTURE
Organisations are structured. They have a purposeful structure
• Contrast with unstructured collectives
• Contrast with self-structuring ecologies
There are many kinds of structure, but it is not my intention to
covers these here.
Structure is normative, an ideal rather than a mirror.
• Practices will be constrained by and orient to the structure
• Practices will be dynamic
• So ecologies and collectives may be apparent within and
across organisations (disorder will exist in order, and order
in disorder)

20. EXAMPLE: THE HOME OFFICE
Ministers and Home Office Board
Strategic Centre
HQ
Professional Services
Delivery Groups
Home Office
Office for Office for Crime Reduction
Shared Services
Criminal Justice Security and and Community
and Reform Counter Safety Group
Terrorism
Delivery Agencies
Criminal UK Borders Identity and
Records Agency Passport
Bureau Service
Delivery Partners
Counter NDPBs (e.g.
Terrorism Serious
Partners Organised
Crime Agency)
Local
Partnerships
43 Police Forces

21. STRUCTURE AND
DEPENDABILITY
Some evidence structure has an effect on dependability, e.g:
Complex and/or ambiguous structures
• Hinder decision making
• Can lead to an absence of responsibility
Control centric organisations
• Can lead to poor decision making (bottlenecks, remote)
• Have single point of failure
However, the problems do not lie purely in structure, but in the
relation between structure and practice.
• Eg. Can decision-making be effectively migrated in a
hierarchical organisation? Can decisions be negotiated in a
horizontal one?

22. ORGANISATIONAL AND
SOFTWARE STRUCTURE
The information technology used by an organisation often
has a close relation with organisational structure
• IT is often deployed as a part of re-structuring efforts
within organisations
• Many organisations seek to implement enterprise systems
• Enterprise does not necessarily mean organisation, but
can refer to distinctive parts of an organisation, and to
conglomerates of organisations.
• Generic, customisable systems are popular.
• These are not truly generic, but have an accrued
functionality – they do not represent an „ideal‟ organisation.
• Some evidence to show that the less customisation that
takes place, the more successful a deployment will be [6]

23. SOFTWARE STRUCTURE AND
ORGANISATIONAL STRUCTURE
Conway‟s law: organizations that design systems are constrained to
produce systems which are copies of the communication structures
of these organizations.
• “if you have four teams working on a compiler, you‟ll have a four
pass compiler” (Eric Raymond).
• The quality of systems interfaces reflects the quality of
organisational communication (e.g. Mars Orbiter crash)
• A study of Microsoft Vista [2] suggests organisational structure
is a better predictor of the failure proneness of software than
code-based metrics (churn, dependencies, test coverage, etc.).
• The more people who touch the code the lower the quality.
• A large loss of team members affects the knowledge retention and thus quality.
• The more edits to components the higher the instability and lower the quality.
• The lower level is the ownership the better is the quality.
• The more cohesive are the contributors (organizationally) the higher is the quality.
• The more cohesive is the contributions (edits) the higher is the quality.
• The more the diffused contribution to a binary the lower is the quality.
• The more diffused the different organizations contributing code, the lower is the
quality.

24. TESTING AND ORGANISATIONAL
STRUCTURE
Ahonen [3] suggests organisational structure has significant
influence on the quality of testing in an organisation.
Team based development models:
• A more pleasant working atmosphere, but leads to an uneven
and difficult-to-assure testing process.
Interdepartmental model:
• Teams can sometimes end up passing costs to each other,
but testing is easier to manage, and issues can be tracked.
Resource pool based model:
• This can have severe problems on working atmosphere, but
is the most suitable for supporting an effective testing
regime.

25. ORGANISATIONAL
CHANGE
Organisations are not static but change over time
• Organisations often go through periods of restructuring
The goal is not to find the perfect organisational form, but to
manage a changing organisation in a changing context.
Restructuring is necessary because of factors including:
• Growth, Mergers, Changing purpose, Changing
technology, Changing context.
Ciborra [4] argued there is a cycle in organistions between
control and drift.
• Change occurs naturally, and is punctuated by efforts to
regain control

26. From Ciborra [4]

27. ORGANISATIONAL
BOUNDARIES
Organisations have boundaries
• These are both internal and external and take different
forms
• Physical boundaries
• Unit boundaries
• Organisation-wide boundaries
• The boundaries may be different on paper than in practice
• Communication across boundaries is often problematic
• formalised either through reports or formal meetings
• “Boundary objects” need to be able to be transmit meaning
between different contexts.

28. ORGANISATIONAL
BOUNDARIES
Boundaries can lead to “silo working”.
• People working in proximity to each other but within
„closed‟ arenas
According to Page [5], Silos occur because of:
• Turf wars
• Budget protection
• Bureaucratic politics
• Ignorance
• Legal reasons
• Technology reasons

29. OPERATIONAL PROCESSES
There are three types of business process: Managerial,
operational, and support processes.
This area has generally been focused on efficiency rather
than quality
• Adam Smith found it was possible to increase productivity
in pin manufacturing by 2400% if production was
organised into a process
• This was taken to extremes under Scientific management
and Fordism where work was split into simple repetitive
tasks
• More recently the emphasis has been on business
process reengineering

30. OPERATIONAL PROCESSES
Proceduralisation and process reengineering is not
necessarily contrary to dependability
• Many industries rely upon correct procedure being
followed
• Regulation is also coming to rely heavily on the inspection
of procedure
Problems emerge when
• There is an accompanying diminishing of responsibility
• Efficiency is taken to extreme
• Problems also emerge when processes are impractical or
incomprehensible for people in the organisation

31. MANAGEMENT AND
GOVERNANCE
Management
• Management involves planning, organising and controlling work
in an organisation.
• Top level management: Develop goals, strategies, policies.
• Middle management: Develop organisational functions.
• Low level management: Assign and supervise tasks.
Governance
• Decisions that define expectations, grant power and
responsibilities and verify performance
Complex organisations require effective governance. An
overreliance on management is known as managerialism: where
management seeks to control all aspects of organisational working.

32. MANAGEMENT AND
GOVERNANCE
Leadership
• A distinction can be made between management and
leadership.
• Leaders show the way, but do not specify the means of
travel.
• Remember - Good leaders need good followers.
“Followership” is a skill too.
Responsibility
• Procedural responsibility
• Consequential responsibility

33. CULTURE
The idea of “Culture” is often invoked in characterising
workplaces, particularly where it comes to non-functional
aspects of this.
• “Organisational culture”
• “Safety culture“
• “Culture of trust”
This is a slippery term
• It is used to typify actions, rather than specify what does
happen
• It is used at varying granularities
• It is used in several senses

34. CULTURE
The most comprehensive framework for describing culture comes from
IBM. Hofstede's cultural dimensions theory was developed in the 1970s. It
was primarily aimed at working through cultural differences in a
multinational firm.
It covers the degree of:
• Subordination to power
• Collectivism
• Uncertainty avoidance
• Masculinity (competitiveness, assertiveness, etc)*
• Temporal orientation (long vs short-term)
• Indulgence and restraint
There are many other models and frameworks for culture – but often these
come from a managerial literature focused on instilling desirable values
rather than describing or explaining culture.
*This was the 70s!

35. CULTURE
Anthropology is the academic field that studies culture.
• The management literature on culture, including Hofstede,
is not taken seriously in this discipline!
In Anthropology, culture is largely a comparative concept.
• Over the last two decades, as anthropology has come to
focus on organisations
• Culture rediscovered as “communities of practice”
• Forms of understanding rediscovered as “distributed
cognition”
• Emphasis placed on the contextualisation of practice.
Particularly its physical and social “situatedness”

36. PROFESSIONALISM
An alternative source of power in work and organisations arises
through professional bodies
• Professional bodies develop around skilled areas of work,
what Abbot [7] describes as Jurisdictions
• Not all areas are able to professionalise. Software
development has had significant problems [7].
Professional bodies also seek to regulate the environments in
which their members work, to ensure they can work effectively.
• To become a member of a profession usually requires some
demonstration of skill
Trades Unions also seek to represent the interests of members
• Unions have been instrumental in the development of
participatory design, and socio-technical approaches

37. “LOCATEDNESS”

38. LOCAL VARIABILITY
There can be variance across ostensibly equivalent parts of an
organisation
• For example, there is large variation between NHS hospitals,
and even between wards on the same hospital.
• Work is contingent upon local resources and constraints.
• Practices are implemented, emerge and evolve locally.
Organisations will go through periods of standardisation, often
through the deployment of technology
• But at local levels standards will always be interpreted,
“gamed” or perhaps ignored.
• A classic study by Barley [8] found that the deployment of
the same technology in different hospitals led not to further
diversities in their practices.

39. SOCIAL NETWORKS
An alternative way of viewing organisations is in terms of the
formal and informal social connections between people within
organisations
• Social networks do not mirror organisational structure,
although they will often have some correspondence to it
Strong networks improve
• Expertise finding (“know-who”)
• Social capital
• Awareness among workers
• Greater flows of information and innovation
• Loyalty
Email and electronic communication can be used to give an idea
of social networks exist, but do not constitute social networks

40. SOCIAL TECHNOLOGY
Many organisations are turning to social technology
• Many large organisations are deploying their own internal
social network sites
• Some are turning to „public‟ social network sites (such as
twitter), although many are restricting use of these - for
security reasons
There is also a broader class of “collective intelligence”
technologies – collaboration technologies that
• Enable sharing and structuring of information
• Enable adhoc communication
• Enable distribute problem solving

41. ORGANISATIONS
The problem of dependability does not usually sit in
individual organisations
• Organisations often work with others
• Eg. suppliers, service providers, partners.
• Technologies exist across organisations.
• The technology, or tasks such as maintenance may be
offered as a service
• Different components may be operated by different
organisations
• Organisations often operate in an “industry”
• Regulation will be at the industry level

42. http://blogs.telegraph.co.uk/news/files/2010/10/Organogram-of-government-small.jpg

43. INTER ORGANISATIONAL
RELATIONSHIPS
When organisations collaborate or provide services there will usually
be a formal agreement
• Eg. Contracts, SLAs
However, the ties between organisations need to be stronger than just
having written agreements
• Eg. emergency workers do not just need to fulfill their specified roles
but to work effectively together
• A well known example was Toyota‟s ability to restart production just
days after a supplier of a complex component suffered a catastrophic
fire. [9]
Organisations are sometimes conceptualised in terms of ecosystems
• Formal and informal relations and dependencies exist between
organisations
• Organistions can enter into strategic ecosystems, where they
cooperate with others to supply services or build a market

44. Failures, accidents and disasters often have
underlying organisational causes and factors…

45. KEY POINTS
• Many accidents and disasters have organisaional roots
• These problems lie in the working of the organisation, so
they cannot be resolved just by creating the correct „type‟ of
organisation but through ensuring organisations operate
effectively
• The organisational model is usually an aspiration rather than
a mirror, and even if the model is accurate, the organisation
itself will change. This does not mean the model is
unimportant!
• Organisational departments will not operate in uniform ways.
• Organisations often work closely with others. Cross
boundary communication can often be more formalised.
• Network views of organisations point to the importance of
connectedness over structure

46. REFERENCES
1. Shrivastava, P. (1986), Bhopal,New York: Basic Books
2. Nagappan et al (2008) The Influence of Organisational Structure on Software
Quality: An Empirical Case Study. In Proc. ICSE‟08: 521-530.
3. Ahonen et al (2004) Impacts of the Organizational Model on Testing: Three
Industrial Cases. Empirical Software Engineering, 9, 275–296, 2004.
4. Ciborra (2000) From control to drift : the dynamics of corporate information
infrastructures. Oxford University Press.
5. Page, E. C. (2005). Joined-up government and the civil service. In V. Bogdanor
(Ed.), Joined up government (pp. 139–155). Oxford: Oxford University Press.
6. N. Pollock, and R. Williams. Software and Organizations. The Biography of the
Enterprise-Wide System or How SAP Conquered the World. Routledge 2008
7. Abbott A (1988) The System of Professions. An Essay on the Division of Expert
Labour. University of Chicago Press.
8. Barley, S. R. (1986). “Technology as an occasion for structuring: Evidence from
observations of CT scanners and the social order of radiology departments.”
Administrative Science Quarterly 31(1): 78-108.9
9. Beaudet, and Nishiguchi,(1998) The Toyota Group and the Aisin Fire. Sloan
Management Review, 40,1 1998