Home      Log In      Contacts      FAQs      INSTICC Portal


The role of the tutorials is to provide a platform for a more intensive scientific exchange amongst researchers interested in a particular topic and as a meeting point for the community. Tutorials complement the depth-oriented technical sessions by providing participants with broad overviews of emerging fields. A tutorial can be scheduled for 1.5 or 3 hours.

Tutorial on
A Methodology for Managing Systems Operational Risk


Avi Harel
Brief Bio
Avi Harel received his B.Sc. (1970) and M.Sc. (1972) degrees in mathematics from the Technion, the Israeli Institute of Technology, in Haifa, Israel. Between the years 1985 and 1989 Avi studied Behavioral and Management Sciences at the faculty of Industrial Engineering of the Technion. Between 1975-1992 Avi worked for Rafael, the Armament Development Authority of Israel, during which he gained experience in working with a wide range of applications, platforms, operating systems, programming languages and development environments. His work experience includes software engineering, system engineering and ergonomics in Rafael, Nortel, IBM, Attunity and Ergolight. Ergolight Since 1983, Avi developed a methodology for developing user interfaces, based on human factors. In 1997 Avi Harel founded ErgoLight Usability Software and initiated the design of the ErgoLight tools for testing the user activity when using Windows applications.

Operational risks are key sources for accidents, productivity loss, and frustration in daily operation of engineered systems. The challenge is to eliminate operational risks by design. The tutorial will teach how to employ a new methodology for preventing operational risks.
Barriers to effective operation include problems of operating in exceptional situations: hidden triggers, latent detection, and insufficient protection from inadequate activity. The students will be introduced to a theory of errors, exception-centered models, and practices for avoiding the risks.


Integration engineering, operation, errors, seamless operation, error proofing, safety, productivity, usability

Aims and Learning Objectives

The students will learn how to design operational procedures, which enable seamless operation, and which are not subject to operational risks.

Target Audience

Theoreticians in system design and development.

Prerequisite Knowledge of Audience

Experience in root cause analysis methods (HAZOP, FMEA...), in project management, in design and test requirements specification, basic human factors.

Detailed Outline

Case studies
The tutorial will present case studies of accidents in transportation, energy production, medical, office and home automation, and frustration in daily technology employment. The case studies will teach common sources of operational errors, comprising:
• Inadequate integration design
• Inter unit coordination failure
• Problems to detect and perceive exceptions
• Insufficient decision support
• In sufficient integration testing
The tutorial will introduce a theory of failure-oriented root-cause analysis (RCA) and will discuss the essentials of acceleration of learning from incidents.

The theory is about model-based system integration, comprising to key models of operational failure:
• System integration
• I/O of human, AI, and technological components
• System operation
• Inter-system coordination: situational vs. activity
• Situational and operational complexity and behavior
• Operational failure.

Operational risks
The operational risks are classified based on a model of operational failure, comprising:
• Human and technical triggers
• Spontaneous mode change
• Conflicting multi-controller mode settings
• Synchronization failure
• Interlock failure

The key challenge is to change the concept of integration from testing activity to engineering, including design and test for preventing and coping with risks.
• The concept of errors, biases and debiasing
• A multi-layer model of protection
• Affordability of protecting form complex coordination challenges
• Model-based design of the system operation
• Rule based modeling of the system behavior
• Language and tools for rule specification and validation
• Testing tools for model verification
• Testability support
• Tools, practices, and standards required to capture exceptions.

Secretariat Contacts