In an effort to facilitate rule interpretation and code writing, Taiebat et al。 (2012) – who found most available DfS tools passive, partially automated and limited to visualization concepts –  formal-

http://dx。doi。org/10。1016/j。ssci。2015。11。002

0925-7535/© 2015 Elsevier Ltd。 All rights reserved。

446 H。 Malekitabar et al。 / Safety Science 82 (2016) 445–455

ized several scenarios of fall accidents into different flowcharts, after they reviewed a database of past incidents (Taiebat et al。, 2012)。 Developing such flowcharts or rules assessable by a model checking platform improves the chance of detecting safety issues and thus making it possible to avoid them, on condition that an acceptable degree of generality is   retained。

In general, most DfS tools involve more or less manual interven- tions, ignore considerable temporal and environmental factors, and concentrate only on certain aspects。 However, far more  important is the fact that the aim of safety analysis is not restricted to exam- ining the present, but consists of exploring the future。 Safety defi- ciencies must be seen as potential causes of future  uncertain events, i。e。 safety risks, yet, many existing DfS tools tend to use vio- lations of safety codes just as criteria for scoring purposes。 It is crit- ical to intensify the risk aspect of the    context。

1。2。Capturing safety risk signals

Approaches to safety management have become proactive, rather than reactive (Zhou et al。, 2015)。 Even though no project confronts its safety issues before the construction phase starts (Piperca and Floricel, 2012), it has been shown that most accidents could have been predicted, if the project manager tried to do so (Ramasesh and Browning, 2014), and if there were appropriate risk identification measures at  hand。

From an epistemological viewpoint, the uncertainties that a project will face over time can be categorized into either ‘‘known unknowns” which are the risks that are already identified, or ‘‘un- known unknowns” which are unidentified risks that can be sources of surprise (Roberts, 2012) and can be further pided into ‘‘know- able” and ‘‘unknowable” unknown unknowns (Kim, 2014)。

Normal risk management tools have been introduced on how to treat identified risks that are ‘‘known unknowns”, but little does the literature deal with risk identification, specifically, how to uncover knowable ‘‘unknown unknowns”, and how to convert them to ‘‘known unknowns”  (Radujkovic  and  Car,  2004; Ramasesh and Browning, 2014)。 Accompanied by a weak signal, a knowable ‘‘unknown unknown”, which can potentially lead to a massive failure, may be easily neglected and remain unknown, as the signal is either lost within the information sharing mechanism (Piperca and Floricel, 2012; Ramasesh and Browning, 2014), or thought not to be worth spending valuable resources that are nec- essary to be  spent  on  the  better-known  shortcomings  (Graham et al。, 2010b)。 Extensive efforts are hence required to determine which signals have to be captured, while the others are safe to be left alone。

1。3。Safety risk drivers

Signals conveying the message that a certain risk is likely to arise, come from special events  or  conditions  that  trigger, drive up or down, or just indicate the possibility of that risk。 The lessons learned from past experiences can help the project team receive and interpret the signals, if they are documented in an easy to retrieve format (Perminova et al。, 2008)。 Since the signals from ‘‘triggering events” and ‘‘risk indicators” will usually show up  only a few minutes before the catastrophe takes place, only the signal from those ‘‘risk drivers” that are already present in the design phase can be exploited for risk identification purposes。 Still, only a few risk drivers are introduced in  the  literature  (Radujkovic and Car, 2004), and questions about how they are to be determined and managed remain to be explored。 Complexity, for example, is often mentioned as a key risk driver (Cooper et al。, 2005), but more details on how to adjudge a system complex, or any idea about the number or the pattern of the elements and their relations in a com- plex system is not usually   provided。