Morals, Ethics and the Development Process

A version of this article first appeared in the April 2019 edition of our free newsletter, to subscribe click here

This is the article I intended to write for last months newsletter, until I got side tracked by a Forbes magazine article. You can read that article here.

This article is about the personal conflict of interest that occurs within Design Approval Organizations. This a conflict that arises from the dual loyalties of technical and certification and the company commercial side. It also occurs for consulting delegates to a lesser extent.

Any conscientious engineer will feel this conflict at some point in their career but delegated individuals in the DAO are definitely at the pointy end of the stick.

The balance between the commercial and the theoretically perfect product is ever present in engineering development.
As you refine your product further (it does not matter if it is an aircraft or a toaster) each successive improvement costs incrementally more. We all know this as ‘diminishing returns’

This can be applied at any level of the development process to any aspect of the process. Producing a perfect drawing or stress report, creating the perfect quality system that is 100% fool-proof, writing the perfect maintenance manual.

The good engineer has to have an instinctive feel for cost, or when you have hit the magical point of ‘good enough’. This is not taught in college (or at least it was not when I went to college) and it is hard to teach as a general sense – because it depends on the product, how it will be used, the warranty you offer and what the legal and social expectations are.

No one expects a toaster to last for 40 years but people do expect an aircraft to remain in service for that amount of time. The point of ‘good enough’ is very different when comparing a vacuum cleaner or pocket calculator to a transport category aircraft.

The regulations are our most important guidance for ‘good enough’, the regulations, or more importantly the interpretation of the regulations, are a direct driver on cost. Because of diminishing returns and how far up that curve the aircraft development process already is, if the regulatory goalposts move just a little bit there can be a very large increase in cost.

So the pressure falls upon the delegated individual who makes a finding of compliance or recommends a finding of compliance to the regulatory authority. Their decision of when the standard has been met and therefore when they can make a finding of compliance can have a disproportionate effect on the overall cost of a program.

This presents a potential conflict of interest with their employer.

Having said that, the view from the other side, the side of the employer is sympathetic. The aircraft developer wants the best product possible and seeks actively to avoid failure of their product in service so there is a large convergence of interest with their delegated individuals.

When using consulting delegates I have seen aircraft companies engage in the practice of delegate shopping. They will start a program and select a delegate or group of delegates to assist in the compliance side. If cost becomes an issue part way through the program, working with a delegate who has an inflexible standard (or not flexible enough standard) for a finding of compliance can be expensive. There are options when it comes to consulting delegates, so companies can shop around to find a delegate who will make a finding of compliance at a lower standard and cost. I have seen this happen – it is not always bad. Delegates can be unreasonable at times. Some companies regard any delegates signature as good as any others and this can lead to ethically questionable methods to get a finding of compliance.

The abuse of consulting delegates can be problematic, but each delegate is an independent checker and reporter to the regulatory body and if a delegate has been replaced, and is concerned about any airworthiness aspects, they have a direct route to the regulatory body and can voice their concerns. This limits the abuse of the system.

The best approved design organizations therefore must have delegates with compete technical and commercial freedom that live outside the regular organizational structure.

We work on a semi regular basis with a well known part 23 OEM. Their internal design approach organization arrangement is, in my opinion, ideal. The ODA unit member has compete autonomy and no commercial responsibility. He is allowed to be diligent and at times he can even be reasonable……and as difficult as getting our work approved can be I have no concerns that compliance standards have not been met. I do not agree with all of his decisions and that is just fine.

So this brings us around to the Boeing 737 max problem. Boeing are an approved design organization and to me it is inconceivable, considering all of the checks and balances that should be in place, that this could happen.
From what I have read and heard from my contacts in the industry it appears the following has now been established

  • The 737 max has software control in (at least) the pitch circuit of the flight control system.
  • The purpose of this software is to make the aircraft behave like the previous versions of the 737 to minimize pilot conversion training.
  • The level of criticality of this system was incorrectly classified at a lower criticality than was correct.
  • The incorrect classification of the final system design was due to the system being modified part way through development to give it greater authority than was originally envisioned.
  • The pilot training on the specifics of how they system operates was not adequate

If this is correct there are two specific failings:

  1. The impact of the change to the system was not assessed correctly and in the conduct of all subsequent qualification and compliance activities this change in criticality was not acknowledged or addressed
  2. The authority of the system as designed and the effect on the extent of pilot training was likewise not addressed at every stage between the design change the implementation of the training program.

If this is the case and this was a small company where maybe one or two truly qualified and experienced engineers would be responsible, this outcome may be conceivable, even probable. 

If a company the size of Boeing where many, many engineers would be involved it is almost impossible to conceive that multiple flags would not be raised during the development process.

How many engineers with quiet reservation signed off on design documents, system safety assessments, test plans, test reports, compliance reports? How many technical managers who could clearly see the impact of the system at the aircraft level bit their lips in meetings or deleted an email calling the approach into doubt before it could be sent?

All engineers know the pressure. The group dynamic is at times, irresistible. The ability to compromise your ethics is not black and white. There are more than 50 shades of grey. Morals are binary – there is good and bad. Ethics are a balance between what we know to be moral and the real-politik of commercial reality.

Ethics are the internal rules on a sliding scale between perfection and the compromises you make to continue and advance your career.

A good project manager I used to work with told me the following:

“It is ethical if you come out of a meeting and you are comfortable that everything you just discussed can appear on the front page of tomorrow’s newspaper”

What do you do when the project group you work within starts to drift off track? At what level of ethical discomfort do you speak up? Do you speak up at all? Do you stay? Do you leave?

I don’t know what the development environment was like for this project at Boeing but something happened. A group of professional, competent people delivered something that was flawed. We can all think that it could not happen if we were on the project, but given the right conditions, even the most diligent people can fall prey to a sophisticated ‘go along to get along’ mentality.

So keep your standards high and if the worst comes to worst sometimes you just have to walk away.

Comment On This Post

Your email address will not be published. Required fields are marked *

Morals, Ethics and the Development Process

A version of this article first appeared in the April 2019 edition of our free newsletter, to subscribe click here

This is the article I intended to write for last months newsletter, until I got side tracked by a Forbes magazine article. You can read that article here.

This article is about the personal conflict of interest that occurs within Design Approval Organizations. This a conflict that arises from the dual loyalties of technical and certification and the company commercial side. It also occurs for consulting delegates to a lesser extent.

Any conscientious engineer will feel this conflict at some point in their career but delegated individuals in the DAO are definitely at the pointy end of the stick.

The balance between the commercial and the theoretically perfect product is ever present in engineering development.
As you refine your product further (it does not matter if it is an aircraft or a toaster) each successive improvement costs incrementally more. We all know this as ‘diminishing returns’

This can be applied at any level of the development process to any aspect of the process. Producing a perfect drawing or stress report, creating the perfect quality system that is 100% fool-proof, writing the perfect maintenance manual.

The good engineer has to have an instinctive feel for cost, or when you have hit the magical point of ‘good enough’. This is not taught in college (or at least it was not when I went to college) and it is hard to teach as a general sense – because it depends on the product, how it will be used, the warranty you offer and what the legal and social expectations are.

No one expects a toaster to last for 40 years but people do expect an aircraft to remain in service for that amount of time. The point of ‘good enough’ is very different when comparing a vacuum cleaner or pocket calculator to a transport category aircraft.

The regulations are our most important guidance for ‘good enough’, the regulations, or more importantly the interpretation of the regulations, are a direct driver on cost. Because of diminishing returns and how far up that curve the aircraft development process already is, if the regulatory goalposts move just a little bit there can be a very large increase in cost.

So the pressure falls upon the delegated individual who makes a finding of compliance or recommends a finding of compliance to the regulatory authority. Their decision of when the standard has been met and therefore when they can make a finding of compliance can have a disproportionate effect on the overall cost of a program.

This presents a potential conflict of interest with their employer.

Having said that, the view from the other side, the side of the employer is sympathetic. The aircraft developer wants the best product possible and seeks actively to avoid failure of their product in service so there is a large convergence of interest with their delegated individuals.

When using consulting delegates I have seen aircraft companies engage in the practice of delegate shopping. They will start a program and select a delegate or group of delegates to assist in the compliance side. If cost becomes an issue part way through the program, working with a delegate who has an inflexible standard (or not flexible enough standard) for a finding of compliance can be expensive. There are options when it comes to consulting delegates, so companies can shop around to find a delegate who will make a finding of compliance at a lower standard and cost. I have seen this happen – it is not always bad. Delegates can be unreasonable at times. Some companies regard any delegates signature as good as any others and this can lead to ethically questionable methods to get a finding of compliance.

The abuse of consulting delegates can be problematic, but each delegate is an independent checker and reporter to the regulatory body and if a delegate has been replaced, and is concerned about any airworthiness aspects, they have a direct route to the regulatory body and can voice their concerns. This limits the abuse of the system.

The best approved design organizations therefore must have delegates with compete technical and commercial freedom that live outside the regular organizational structure.

We work on a semi regular basis with a well known part 23 OEM. Their internal design approach organization arrangement is, in my opinion, ideal. The ODA unit member has compete autonomy and no commercial responsibility. He is allowed to be diligent and at times he can even be reasonable……and as difficult as getting our work approved can be I have no concerns that compliance standards have not been met. I do not agree with all of his decisions and that is just fine.

So this brings us around to the Boeing 737 max problem. Boeing are an approved design organization and to me it is inconceivable, considering all of the checks and balances that should be in place, that this could happen.
From what I have read and heard from my contacts in the industry it appears the following has now been established

  • The 737 max has software control in (at least) the pitch circuit of the flight control system.
  • The purpose of this software is to make the aircraft behave like the previous versions of the 737 to minimize pilot conversion training.
  • The level of criticality of this system was incorrectly classified at a lower criticality than was correct.
  • The incorrect classification of the final system design was due to the system being modified part way through development to give it greater authority than was originally envisioned.
  • The pilot training on the specifics of how they system operates was not adequate

If this is correct there are two specific failings:

  1. The impact of the change to the system was not assessed correctly and in the conduct of all subsequent qualification and compliance activities this change in criticality was not acknowledged or addressed
  2. The authority of the system as designed and the effect on the extent of pilot training was likewise not addressed at every stage between the design change the implementation of the training program.

If this is the case and this was a small company where maybe one or two truly qualified and experienced engineers would be responsible, this outcome may be conceivable, even probable. 

If a company the size of Boeing where many, many engineers would be involved it is almost impossible to conceive that multiple flags would not be raised during the development process.

How many engineers with quiet reservation signed off on design documents, system safety assessments, test plans, test reports, compliance reports? How many technical managers who could clearly see the impact of the system at the aircraft level bit their lips in meetings or deleted an email calling the approach into doubt before it could be sent?

All engineers know the pressure. The group dynamic is at times, irresistible. The ability to compromise your ethics is not black and white. There are more than 50 shades of grey. Morals are binary – there is good and bad. Ethics are a balance between what we know to be moral and the real-politik of commercial reality.

Ethics are the internal rules on a sliding scale between perfection and the compromises you make to continue and advance your career.

A good project manager I used to work with told me the following:

“It is ethical if you come out of a meeting and you are comfortable that everything you just discussed can appear on the front page of tomorrow’s newspaper”

What do you do when the project group you work within starts to drift off track? At what level of ethical discomfort do you speak up? Do you speak up at all? Do you stay? Do you leave?

I don’t know what the development environment was like for this project at Boeing but something happened. A group of professional, competent people delivered something that was flawed. We can all think that it could not happen if we were on the project, but given the right conditions, even the most diligent people can fall prey to a sophisticated ‘go along to get along’ mentality.

So keep your standards high and if the worst comes to worst sometimes you just have to walk away.

Comment On This Post

Your email address will not be published. Required fields are marked *