This paper explains the concept of goof-proofing and its usefulness in engineering design. No standard design rules exist for engineers to follow in anticipation of human error. Human reliability analysis tools such as event trees and fault trees to model a human's contribution to events such as decreasing one's speed on an exit ramp. To minimize human error, engineering students color code wires and use specific prong configurations in the design of an automobile. It is observed that engineers follow failure modes and effects analysis procedures. The failure modes procedure isolates potential failures within a system or product. Effects analysis is the study of the consequences of those failures. The attitude on the part of designers is that they have the requisite knowledge, either from past projects or due to their expertise. The paper concludes that regardless of how engineers go about goof-proofing their designs, they must keep the end user in mind.


Is it your fault if you press the wrong button on your television remote control?

Of course not, according to George Delagrammatikas, assistant professor of mechanical engineering at the Albert Nerken School of Engineering at The Cooper Union.

"It seems like the channel up and down button should be across from each other, but that's not always the case, " he said. "The power button can be impossible to find."

Robert Beckmann, meanwhile, tells the story of an old car of his. The emergency brake lever was located rigp.t next to the trunk release. Guess what happened every time he wanted to set the brake? Beckmann- who's a project manager and engineer with the manufacturing consultancy Missouri Enterprise in St. Louis-finally sold the car

Of course these aren't stand-alone examples. Look around. You'll find abundant examples of product and equipment designs that lead to user error and mistakes, Delagrammatikas said.

While it's tempting to blame the user for mistakes, Delagrammatikas believes the designer has a significant role to play.

"In years past it was enough to design a product and leave it up to the user or the consumer to figure out how to use it," he said.

But no more. "The key to minimizing human error is to ensure that if a mistake is made it's not a catastrophic mistake," Delagrammatikas said. "So if you plug your fuel injector into the engine the wrong way, the engine doesn't blow up."

He and fellow Cooper Union instructors teach students how to incorporate human-factors and human-error information into product design.

But engineers today face an uphill battle when trying to design a product or a piece of equipment that doesn't lead to some type of user error. No standard design rules exist for engineers to follow in anticipation of human error.

And information about how the end-user will actually use the product can be scant. Also, designers may not even have a great deal of background in the application-for example, medical practice-for which they're designing the product, said Joseph Sharit, who specializes in humanfactors research. He's a research professor in the department of industrial engineering at the University of Miami in Coral Gables, Fla.

Unintentional consumer use can be hard to plan for, Beckmann said. He called designing with human error in mind mistake-proofing or goof-proofing engineering designs.

Of course engineers have to consider human error from another standpoint.

"We live in a litigious society," Beckmann said. "Engineers always have to be concerned about that."

Tools of the Trade

When designing a product or part to ensure it can be easily manufactured, engineers can rely on tools such as design for manufacturability software. No such products exist for engineers looking to goof-proof their designs, Beckmann said.

"I do wish there were more standardized methods out there we could follov.:," he said. "When engineers design something they put their time, effort, and heart into the design, and they know exactly how it's supposed to work.

"But as soon as it's released, the first person to use it will put it on backward," he added. "Designers spend a lot of time looking at design problems after the fact."

To design with the human end-user in mind, Missouri Enterprise begins with the basics, he said.

"We look for things like sharp corners or whether the thing will break if it's opened up improperly for one reason or another," he said.

Of course, as in many engineering organizations, engi- neers at Missouri Enterprise call upon a number of methods to help the goof-proofing process. To begin, engineers follow failure modes and effects analysis procedures. The failure modes procedure isolates potential failures within a system or product. Effects analysis is the study of the consequences of those failures.

Some Missouri Enterprise products must bear an Underwriters Laboratories or a CE mark to signify they meet consumer safety requirements. The CE mark certifies that a product has met European Union consumer safety, health, or environmental requirements. The UL mark means the product has met the safety standards and testing procedures of Underwriters Laboratories Inc.

For these products, the safety standards and procedures are helpful because they guide engineers as they design for safe end use, Beckmann said.

But what about products that don't call for safety marks and, thus, come with no protocols or regulations for design engineers to follow? Engineers rely on experience, feedback from users and from fellow engineers, and on common sense, Beckmann said.

"But each designer is a little different, so there's no standard answer," he added.

Most often, knowing how best to mistake-proof products simply comes with trial and error and engineering experience, Beckmann said. Over time, design engineers develop-and pass down-a bag of tricks and tools to help assure user safety.

It is the knowledge of these tricks and tools that Delagrammatikas hopes to pass on to his Cooper Union engineering students so it will eventually become for the students an intuitive part of the design process. By helping design a race car for the annual Formula SAE competition, his students pick up on some of those tricks and tools via hands-on learning.

Some automotive-industry standard safety techniques that students have incorporated on this year's car include designing electrical connectors to ensure that incompatible connectors can't be fit together.

"Our engine control unit has five bundles of wire coming out of it, but we make sure each one can only be connected to the socket it corresponds to. Color-coding or using plug or socket sets with different prong configurations are two standard methods," Delagrammatikas said. A number of parts cannot be physically over tightened by virtue of the way they've been designed or can only be tightened with specially designed tools. Loose nuts and bolts can be spied by visually inspecting the markings made once they've been tightened.

Once they understand the importance of industrystandard safety techniques, the students come up with their own safe practices, he added.


Human Involvement

Researchers at the Idaho National Laboratory in Idaho Falls take what David Gertman, the human-factors expert there, terms a traditional approach to assessing- with mistake-proofing in mind-how a user will interact with a not-yet-built system.

Engineers first conduct a functional analysis. That is, they study how a person using the system will interact with the hardware and software that make up that system. They next look at the job the person is expected to perform and the conditions under which the task might be performed.

Having this type of feedback in hand helps with initial design, Gertman said.

"Let's say a driver is responsible for turning off on an exit ramp and his speed should be at 65 to 75," he said. "So if we were designing the exit ramp, we'd look at speed; but we'd also look at the potential for bad weather and at human-reflex averages in all kinds of weather."

As Gertman put it: to be human is to make mistakes. "People always have a failure rate of some sort," he said. "If you dialed your home number 100 times you'd do it wrong two or three times. When we run experiments, we always find that that's the rate of failures that people have.

"There's nothing you can do to prevent that," he said. Human reliability analysis-the types of analyses Gertman and his team run to discover the rate of human failure- uses tools like event trees and fault trees to model a human's contribution to events such as decreasing one's speed on an exit ramp.

Of course designers can never fully insure against enduse human error.

"If you're designing a hammer you have to design the handle such that it can withstand impact, but can you accommodate for everything the person will do with that hammer? No." Beckmann said. "Someone could always drop a hammer off of a roof and hit someone on the ground. So is that the designer's fault for not putting a strap on the hammer that hoops around a person's hand or is it the fault of the person who w,as dangling a hammer over the roof?"

Human Involvement

Beneath all this talk of designing to eliminate human error as much as possible runs one inescapable irony. Design engineers are, of course, human too. Which, according to Sharit· of the University of Miami, means all the human reliability testing or product feedback in the world doesn't keep them from design mistakes.

Business issues compound the problem. Today, design engineers are often under pressure get their designs out the door as quickly as possible.

"So balancing thoroughness, in terms of trying to anticipate problems with design, against the need to push to get product out becomes very difficult," Sharit said.

Also, today's complex products aren't easy for even their designers to get a handle on. According to Sharit, designs can be complex and very particular to an application- an application with which the designer has little first-hand experience.

"With newer products and technologies, you run into situations where designers may not have a good idea of the context in which a human will use them," he said.

He offered the exanLple of engineers working on an instrument to be used for robotic surgery. Certainly an engineer untrained in the medical sciences won't be able to fully conceptualize the instrument's end use, much less contemplate errors and dangers that could come about from unexpected use.

"Designers are just as vulnerable as end users," Sharit said. "They face limited mental capacity, limited time. They're subject to the same constraints as the people who are trying to use the new product. They're just on the other end of it."

To deal with this, designers try their best to cover what they can.

As Sharit put it, "They say, I've got all the functions this product is supposed to have, and include all the information on the interface that needs to be provided to the practitioner. I've done my part.

"But they haven't done the part where they try to recognize human limitations in operating the systems under a range of scenarios," he added. "They likely don't even know the scenarios in which they'll be used."

There is help. Put a number of design engineers together for brainstorming sessions and for teamwork, and design can be improved significantly, from an end-user's safety standpoint, Sharit said.

Here, team members serve as backup for one another. It's the same idea as designing redundancy into systems to minimize mechanical failure or-in a work situ ation-ofhaving more than one nurse check on the same patient or of making sure a maintenance inspector has performed his job in a manufacturing plant.

Sharit offered an example of how design teams can help protect against a fatal error. The portholes through which flight instruments receive atmospheric data can become blocked. A maintenance crew cleaning the exterior of an airplane might mask the portholes to protect the instruments inside and forget to remove the masks. Or an accident can clog or damage them. In either case the readings of critical instruments can be compromised.

"If you're working in a group, you'd step through each part of the aircraft design and ask each other, how could the flight-system information possibly be undermined?" Sharit said. "And eventually you'd get to the porthole and say everything is driven through this porthole system and if it's blocked, you endanger crew and passengers.

"But it doesn't have to be masking tape," he said. "You could brainstorm around what happened if a flock of geese slammed against the porthole. This is what brainstorming is all about."

According to Sharit, though all too often factors like added cost keep the design-team approach from being adopted, designers themselves can be part of the problem here.

"The attitude on the part of designers is that they have the requisite knowledge, either from past projects o"r . because of their expertise," he said. "But this is where group dynamics are so crucial. What one person doesn't focus on, someone else does."

Regardless of how engineers go about goof-proofing their designs, they must keep the end user in mind.