A version of this article first appeared in the October 2018 edition of our free newsletter, to subscribe click here
I would like to thank a trusted contact for asking me to review some paperwork as it provided a great teachable moment for myself and my class – and a good subject for the newsletter. I can’t mention them by name but you know who you are. Thanks.
As part of the course that I teach at UCCI we have just covered some engineering ‘disasters’. Events caused by insufficient understanding, inadequate assessment or generally bad engineering.
It is important for an engineer to understand that things do go wrong. Not often, but they do. Understanding the root cause of failure is the only way to consciously avoid the same situation.
Sometimes even the understanding and knowledge of what you should do cannot overcome the general sunny optimism that both bless and curse humans. The week that I was teaching this important element of engineering reality I was sent a perfect example of optimism overcoming common sense.
Over the years I have ended up with a large network of aircraft developers and operators. One of them called me because of a concern they had with an aircraft that was flown in to their facility to have some work done.
The small composite aircraft had a major change to one of the wing spars at the root (for those of you who are not in the know the spar is the element of the wing that carries the bending load created by the wing lift and the root of the spar – where it meets the fuselage- carries the highest bending load.)
This major modification (or repair, it was not clear what the reason for the change was) carried with it a one page qualification.
To put that in perspective, we are doing a small amount of work for a famous part 23 OEM – writing substantiation reports for equipment going into their flight test aircraft. The oxygen bottle installation report runs to 30 pages.
The one page qualification consisted of 3 paragraphs of prose and a diagram.
- The first paragraph was a description of the level of competence of the author. He is a professor emeritus at a university, he has written textbooks, he is a lifetime member of an industry body (I never understood that, was he inducted as he passed out of the birth canal?). In his own words he is experienced, competent and respected by his peers.
- The second paragraph was a verbal description of the change, it contained some vague terms but overall was ‘okay’ as far as it went.
- There was a diagram of the change.
- Then there came the all Important qualification: “I have done no analysis of this change but it is many times the strength of the original design. In my opinion this is adequate”. That was the start and the end of the substantive component of the qualification, and marked the end of the document apart from the signature of the author.
Even if it is your opinion that the change was adequate, you still do the analysis, even a simple one. You might even add some qualifications to your assessment. How about “assuming that good practice was followed with regard to material choice, material handling, surface preparation and curing during the implementation of change by the manufacturing team…….”.
There are several problems here:
- There is no numerical demonstration that the change is adequate and therefore there is no evidence that the aircraft is safe to fly
- The description of the change is inadequate, there is some geometric definition and some generic materials mentioned but nothing specific enough and it is incomplete.
- The engineer has used an argumentum ad verecundiam (an appeal to authority without evidence) in order to convince somebody else that the aircraft is safe to fly
- The engineer has exposed the occupants of the aircraft to unnecessary risk
- The language that the engineer has used demonstrates his own negligence and creates clear liability for the engineer.
Engineers have to be aware that not only are they responsible for the safety of others, but they also have a responsibility to give clear evidence that the appropriate level of safety has been achieved.
This is necessary to safeguard the public – even if the design appears to be strong enough, some level of analysis has to be done especially if the structure is one of the most critical components of the aircraft. The engineer has to be more than sure and has to prove to himself or herself (xerself?) that safety is proven.
It is also necessary to maintain your ethical standards as an engineer. Are you really that clever? Are you really that sure? Is your opinion so valuable that a quick calculation would somehow degrade your authority?
This is also necessary to achieve a level of personal protection against future claims of liability. You work hard for your money and your family. Do you really want to put all of that on the line because you can’t be bothered to spend an extra 15 minutes getting it right?
This was a particularly poor example and is similar in nature to the Hyatt Regency disaster of the mid 1980’s when over 100 people were killed because of a change in the design of a walkway that the engineer thought was strong enough and failed to do any analysis for.
The irony is, the engineering professor who wrote and signed the substantiation for the wing spar has probably used the Hyatt Regency incident as a subject in one of his classes.
It is also worth noting that on the sketchy substantiation of the wing spar, there was no checking signature. An engineer (or a good engineer) does not trust his own assessment without a second pair of qualified eyes to review, spot errors and validate the work.
Every step of the engineering has to be specific, accurate, comprehensive and clear. Failure to meet these minimum standards endangers people, your own well being and the well being of the organization you work for.
Do it right, do it once and get it checked.