Skip to main content Accessibility Help
Open menu
Dr Chris Elliott FREng

Dr Chris Elliott FREng

About the author

Dr Chris Elliott FREng is a system engineer and barrister. He has worked in transport, computing, defence, aerospace, energy, medical devices and construction, bringing a combination of technical skills and design thinking with regulatory and legal insights. He is a former visiting professor at University of Bristol and Imperial College, London, and is currently working with the nuclear industry and a software provider.

His background to the Govern project as Chair of this workstream and includes published research on safety engineering and its regulation, and extensive involvement with the interactions of government, academia and industry to deliver innovation and complex projects.

This is a personal reflection on the concepts and opportunities emerging from programme of investigation into how governance can contribute to safer complex systems. I am grateful for the helpful inputs by my colleagues but take full responsibility for the contents of this page. - Dr Chris Elliott FREng, July 2024

Why do we need governance?

The Govern project investigated that our lives, society, industry and commerce all depend on a range of systems that are becoming more complex, interconnected, and interdependent. The growth in complexity of designed systems and the emergent complexity of unplanned systems are going beyond our engineering methods and challenging our ability to manage those systems safely. Through the work detailed below it identifies the role of governance in addressing this. The following examples from the four Govern Reports highlight the issues.

Case studies

The programme to roll out electrification in rural Kenya reached the villages but had failed to take account of the shortage of qualified and affordable installers for the last hundred metres. Consumers turned to unapproved fitters who installed unsafe and unreliable wiring.

There is a lack of coordination and collaboration between the diverse actors working on and experiencing fire risk in informal settlements in Cape Town and Dhaka. This results in multiple and disconnected safety and governance practices which can increase fire risk through for example, de-contextualised and inappropriate technical guidance, provision of firefighting equipment, and emergency response.

These are sociotechnical systems that were defined by outputs that, without the rest of the system, cannot deliver the intended outcome.

Regulation and rules

We depend on regulations to ensure safety, but complex systems have unpredictable behaviour involving many players, often with conflicting interests.  Where there is no ‘duty holder’ to be held accountable for the different interactions in the system, relying solely on the use of hard powers, such as enforcement, is not enough. We need soft powers such as influence, communications and data/insight.

Failures offer important, and possibly even greater opportunities to learn but require an open mind and an appreciation of diverse perspectives. Rules are written to address past or existing failures and are just a ‘best guess’ as to the future. The rule maker must anticipate how the rule will be applied in the future, yet new situations will arise that were not foreseen.

Our regulatory structures are ill-equipped to assure the safety of complex sociotechnical systems.

These issues arise because of a lack of adequate governance of complex systems. This may be because the need for system-wide governance was not recognised or because the legal and regulatory system was not able to demand and enforce it. The result is a loss of safety and performance of the system.

Our work

The inception of the Govern project stemmed from reflections, conversations, and research about the relevance of governance in complex systems safety.

In 2019, the programme commissioned the York report from York University. This research allowed us to do an initial review of safety in the design, management, and governance of complex systems. This allowed us to define the scope and terminology of safety failures in complex systems.

In 2020, the programme commissioned 18 case studies. These case studies cover a wide variety of complex system successes and failures around the world. This provided insights into how the design, construction, operation, management, and governance of complex systems may result in safe or unsafe outcomes. Governance appeared as one of the major issues on systems safety.

Hence in 2022, the programme commissioned the four Govern Reports that, through multi-stakeholder workshops, would allow us to understand challenges in the governance of safer complex systems. Two of these reports describe examples of practice (Diversifying governance of fire risk and safety in informal settlements and Governance of safer electricity systems in Kenya) and two of which address topical perspectives (Regulation fit-for-complexity and learning from failures in complex systems: Embracing rules and principles in practice for effective governance). This was accompanied by deliberations and discussions by a wide range of people, including the project’s Advisory Board, the global system thinking community, webinars, and meetings, both formal and informal.

Concepts and definitions

Governance

Human-based mechanism by which a system is influenced, directed, overseen, and held accountable for achieving its defined purpose.

System

An arrangement of parts or elements that together exhibit behaviour or meaning that the individual constituents do not. Such behaviour or meaning is an emergent property.

Safe

Free from unacceptable risk. Who bears the risk? Who decides what is acceptable?

Complex

A system where significant emergent properties are not easily anticipated or understood by the people who govern it.

What does this mean in practice? The example below illustrates a relatively predictable complex system that lacks governance but where most of the issues could have been anticipated.

The button maker is responsible for the button working properly but who is accountable for the safety of the entire system? The emergency button is part of a system of systems that must interact to achieve the goal, which is to help the person in need. Who ensures that the user is safe?

Simple example

Many frail people wear an alarm button in case of emergency. To be effective, it needs:

  • the alarm button,
  • a battery in the unit that must be changed,
  • mains electricity to operate the auto dialler,
  • working telephone connection,
  • electricity in the care organisation office,
  • working mobile phones to alert the carer,
  • passable roads (for example, not flooded),
  • functional road fuel supply to allow the carer to get to the person in distress.

The button is the output of a task to design, build and distribute an electronic device but the users are seeking the outcome, a timely and safe emergency response.

A well-designed emergency call service would start by considering the outcome that it is intended to achieve and then consider each of the elements that must work to provide that service. Some will be out of the control of the planner of the system so there has to be a rational and evidenced trade-off whether to accept that risk or to invest in an alternative solution to mitigate it.

This is an example of a system in which many different elements need to cooperate to achieve a goal. Even though most of the elements are predictable and stable, it still requires strong and clear governance to make sure that it delivers the outcome. It is much more challenging to establish governance mechanisms in complex systems in which the elements are poorly understood or where their interaction leads to emergent properties that are not predicted or even predictable.

Evidence base research

The York Report Framework, as previously mentioned, provides a useful guide to thinking about how a lack of safety arises. The Framework breaks down the analysis of systemic failures using a multi-layered lens that includes governance, management and tasks and technical factors that can give rise to failure in different ways: causing complexity; resulting from complexity; amplifying causes of complexity; or limiting control strategies. The report explains that while not all of these will be present in all systems, each can contribute to the emergence of unintended and unanticipated behaviours that reduce the safety of the outcomes. The report identifies a few of the causes of complexity:

In the governance layer

  • Having multiple jurisdictions.
  • Diversity of needs and of risk perception.
  • Rapid technological change; and weak science base.

In the management layer

  • There is no single owner of the system.
  • Diversity of stakeholders in design and operation.

In the task and technical layer

  • The system evolves, adapts, and self-organises.

Failure can propagate between these different layers, with approaches such as design or operation time controls that can be applied to causes of system complexity and its consequences to reduce the chance of overall systematic failure.

For further details on the Framework, please read the full report.

Reports

After working with the authors of the Govern Reports and an advisory group that acted as critical friends to them, these are some of the main takeaways that the group has found most relevant. The full reports provide context and much more insight.

Diversifying governance of fire risk and safety in informal settlements

  • Governance of fire risk requires an understanding that it is an issue of injustice – failure is experienced by those who are not heard and who bear the brunt of risk.
  • Opportunities for failure emerge when there are no spaces to listen to, and act on, diverse voices.
  • There is a lack of coordination and collaboration between the range of formal and informal key actors living with and working on fire safety in informal settlements.
  • There are gaps in legislative policy, guidelines, and discourse.
  • Formal systems can exclude people – there is a need for co-development and informal governance.

Governance of safer electricity systems in Kenya

  • Electricity access emerges from technologies, governance, and economics – the planners did not consider all actors and economic constraints.
  • Governance should have addressed formal and informal institutions; enforcement of quality and safety; involvement of users, especially women; and moral and ethical considerations.
  • Numbers of connections far outnumbers the available staff to inspect and the Regulator’s enforcement officers.
  • Safety is determined by end-user decisions and technicians’ capacity to design and install. End-user decisions need to prioritise lifespan as much as affordability.
  • Laws lag continually evolving challenges.
  • The goal of a complex system emerges from the interaction of skills and knowledge, institutional design, economic conditions, and physical infrastructure.

Regulation fit-for-complexity

  • Emergent behaviours cannot be controlled or predicted by normal laws and regulatory practices, creating a new reality that presents a profound challenge for policymakers, and a powerful catalyst for regulatory innovation.
  • There is a need to think in terms of regulatory systems and to use the full breadth of regulatory tools (hard and soft powers, and insight).
  • A new mindset that is fit-for-complexity is needed that accepts that complexity will be navigated (as opposed to controlled) with regulatory systems explicitly designed to anticipate and adapt.
  • Navigating societal uncertainties and disruption also places an even greater premium on inclusiveness, perceived fairness, and trust as essential lubricants of regulation that is fit-for-complexity.

Learning from failures in complex systems: Embracing rules and principles in practice for effective governance

  • Effective governance of safety practices to prevent future failures requires both rules-based and principles-based practices:
    • rules encourage standardisation, offer certainty, and enable monitoring and compliance
    • principles-based approaches are flexible and adaptive to navigate dynamic challenges.
  • Governance using lessons from failures can give safer and more resilient operations.
  • Cultural norms, diversity, values, and historical factors influence meaning and reality, resulting in diverse interpretations, different responses, and locally appropriate solutions.

Wider deliberations

The programme has benefited from the wisdom and contributions of a wide range of people, including its Advisory Board, the global system thinking community, webinars, and meetings, both formal and informal. Many of their inputs, some applicable to predicable systems and others responding to emergence, resonate with the Govern Reports. Broadly these fall under three headings: Complexity and governance issues, Adaptive governance and systems learning, and Safety and risk management.

Complexity and governance issues

  • Management is not governance – management addresses how to do it and delivers outputs, governance is concerned with what to do and delivers outcomes.
  • The system engineering tools that we know, such as the V diagram, address management, not governance.
  • Assumptions undermine safety and reality is often different when operating within the system. In complex sociotechnical systems, failures do not necessarily have distinct, identifiable causes, and assumptions based on this can lead to failure.
  • Most sociotechnical systems are not designed. They start by defining outputs (for example, a new hospital) and not the goal, purpose, or intended outcome (‘better health’) and the rest of the system emerges as it stumbles along.
  • Accountability is not the same as responsibility, often no-one is accountable for outcomes.
  • Accountability is not easily regulated or codified.
  • Governance failures arise at four levels:
    • failure to recognise that the outcome emerges from a system
    • failure to design the system, taking account of human and technical contributions and interactions
    • failure to establish an effective process of governance, integrating formal and informal structures with authority and legitimacy
    • failure of the process of governance to deal with unplanned emergent properties.

Adaptive governance and systems learning

  • Systems learn, adapt, and change so governance must respond and ensure that the outputs are adjusted.
  • Good governance is of little value if the outputs do not work – it needs to rehearse, prepare, codify, and ‘sweat the small stuff’.
  • Optimisation may result in fragility against unexpected emergent properties, and we should accept a degree of inefficiency.

Safety and risk management

  • Safety is an emergent property, not an intrinsic feature of any part of the system so we need to take a proactive rather than a reactive stance to communicating it.
  • Perfect safety is not possible, governance has to make the trade-offs between safety, cost, and performance to determine what risk is acceptable.

Pervasive message

There is a pervasive message running through the evidence – system failures arise from a lack of what some authors call “systems leadership”. Governance allows leaders to lead, by providing the legal and institutional framework in which to hear from all of those who affect or are affected by the system, determine the best course of action, and share it with the people who must deliver it.

The proposer of any initiative which is part of a complex sociotechnical system should:

  • understand and state in advance what the initiative is intended to achieve (its goal, purpose, or intended outcome), not just its outputs
    • What is the wider system within which it sits and what are its boundaries (if they are known)?
    • Who needs to contribute to the success of the initiative?
  • recognise that the initiative and system in which it sits must be able to evolve to respond to unexpected emergent properties
    • There must be a way to measure progress so the system can be adapted.
  • establish governance that listens to, and represents the views of, all the people who affect, or are affected by, the system to respond to its unanticipated behaviours and to ensure that it meets its goal.
    • There are many forms of governance body from a formal organisation such as a commissioner to an informal interest group.
    • The governance body must be empowered to deliver the outcome.
    • Solutions that draw on democratic decision-making, listening to the disempowered as well as experts, may be less efficient but more resilient and adaptive.

The governance body charged with leadership of a complex system should:

  • use its diverse membership to map all the actors in the system
    • Identifying how the actors contribute to the system’s outcome, their strengths and weaknesses, and how a failure can cause harm.
    • The map should be stress tested against credible external events and be adjusted in response to emerging outcomes.
  • act as convenor, coordinator, conductor, or facilitator to align the disparate actors
    • There is no single word that fully captures the role of owning the purpose, goal, or outcome.
    • The governance body is not the manager.
  • be accountable for the success of the system, including its safety.
    • An informal governance body is hard to hold formally to account but should still be subject to informal regulation.

The regulatory framework for complex systems should:

  • recognise that current regulatory approaches are inadequate for complex systems
    • Even relatively predictable systems with known system boundaries need governance that spans all their elements.
    • The emergent properties of more complex systems do not fit with a duty holder principle.
    • Complex systems, especially, but not exclusively, those using new technology, change on a timescale too short for formal regulation to respond.
    • Radically new approaches and mindset will be needed.
      • What is the regulatory intent? That is, what are we trying to regulate and why?
      • Does the regulatory system drive the right behaviours and have clear accountabilities?
      • Can it adapt to change and external events?
  • seek to navigate rather than control.
    • Use both the soft power of influence and the societal ‘licence to operate’ as well as the hard power of legal enforcement.
    • Operate between, as well as within, institutional silos.

Promote a change of mindset so that:

  • policymakers create initiatives that reflect the complexity of sociotechnical systems
    • Individual components of complex systems should be defined taking account of diversity and other complementary components.
    • This process could be formalised, by analogy with the UK legal duty to consider human rights in every piece of legislation.
    • In the UK, Treasury Green and Orange Books could demand such an analysis. Similar guidance in other countries could also be adapted.
  • governance, whether formal or informal, is explicitly included in the specification
    • Again, this could be mandated, with a set of templates illustrating ways of establishing effective governance.
    • Even if the initiative seems well-defined with clear system boundaries, governance must be able to adapt to unexpected emergent properties.
  • the necessary skills are developed at all levels in government and society.
    • This starts by those responsible understanding that they are dealing with systems, not just isolated initiatives.
    • Existing actions, such as the Academy Policy Fellowships, should promote governance of complex systems.
    • Examples of good governance should be identified and shared with international collaborations, national governments, local governments, contractors to governments, private operators of safety-critical infrastructure and the wider institutions of civil society (NGOs, charities).

Last words

The numerous, complex, nonlinear interdependencies, and interactions between people, places, politics, materials, and infrastructures that generate fire risk need to be looked at, going beyond traditional risk analysis by technical experts.

From the Govern Report Diversifying governance of fire risk and safety in informal settlements

Learn more about safer governance of complex systems

Safer governance of complex systems

Explore how governance must evolve in order to deal with complexity and promote safety.

Concepts and definitions in Systems

Learn concepts and definitions to understand how to navigate complexity.

Governance defintions

Learn about governance definitions and concepts for complex systems.

Govern reports and resources

Browse resources related to Govern Project, which supports innovative collaborations and research to test new ideas for…