TECH 482/535
Risk Analysis Methodologies
Risk Analysis Methodologies Qualitative Methodologies Preliminary Risk Analysis Hazard and Operability studies (HA OP! "ailure Mode and #$$e%ts Analysis ("M#A & "M#'A! Tree Based Techniques "ault tree analysis #vent tree analysis 'ause('onse)uen%e Analysis Management Oversight Risk *ree +a$ety Management Organization Revie, *e%hni)ue Techniques for Dynamic system -o Method .igraph & "ault -raph Markov Modeling .ynami% #vent /ogi% Analyti%al Methodology .ynami% #vent *ree Analysis Method Qualitative Risk Analysis Methodologies 0n the this se%tion1 ,e ,ill deal ,ith the )ualitative methods used in risk analysis namely preliminary risk analysis (PHA!1 hazard and operability study (HA OP!1 and $ailure mode and e$$e%ts analysis ("M#A & "M#'A!2 Preliminary Risk Analysis Preliminary Risk Analysis Preliminary risk analysis or hazard analysis is a )ualitative te%hni)ue ,hi%h involves a dis%iplined analysis o$ the event se)uen%es ,hi%h %ould trans$orm a potential hazard into an a%%ident2 0n this te%hni)ue1 the possible undesirable events are identi$ied $irst and then analyzed separately2 "or ea%h undesirable events or hazards1 possible improvements1 or preventive measures are then $ormulated2 *he result $rom this methodology provides a basis $or determining ,hi%h %ategories o$ hazard should be looked into more %losely and ,hi%h analysis methods are most suitable2 +u%h an analysis also proved valuable in the ,orking environment to ,hi%h a%tivities la%king sa$ety measures %an be readily identi$ied2 3ith the aid o$ a $re)uen%y & %onse)uen%e diagram1 the identi$ied hazards %an then be ranked a%%ording to risk1 allo,ing measures to be prioritized to prevent a%%idents Hazard and !era"ility studies #HA$ P% *he HA OP te%hni)ue ,as developed in the early 4567s by 0mperial 'hemi%al 0ndustries /td2 HA OP %an be de$ined as the appli%ation o$ a $ormal systemati% %riti%al e8amination o$ the pro%ess and engineering intentions o$ ne, or e8isting
�TECH 482/535
Risk Analysis Methodologies
$a%ilities2 *o assess the hazard potential that arises $rom deviation in design spe%i$i%ations and the %onse)uential e$$e%ts on the $a%ilities as a ,hole2 *his te%hni)ue is usually per$ormed using a set o$ guide,ords9 :O & :O*1 MOR# & /#++ O"1 A+ 3#// A+1 PAR* O" R#;#R+#1 A:. O*H#R *HA:2 "rom these guide,ords1 s%enarios that may result in a hazard or an operational problem are identi$ied2 'onsider the possible $lo, problems in a pro%ess line1 the guide ,ord MOR# O" ,ill %orrespond to high $lo, rate1 ,hile that $or /#++ *HA:1 lo, $lo, rate2 *he %onse)uen%es o$ the hazard and measures to redu%e the $re)uen%y ,ith ,hi%h the hazard ,ill o%%ur are then dis%ussed2 *his te%hni)ue had gained ,ide a%%eptan%e in pro%ess industries as an e$$e%tive tool $or plant sa$ety and operability improvements2
&ailure Mode and 'ffects Analysis #&M'A ( &M')A% *his method ,as developed in the 45<7s by reliability engineers to determine problems that %ould arise $rom mal$un%tions o$ military system2 "ailure mode and e$$e%ts analysis is a pro%edure by ,hi%h ea%h potential $ailure mode in a system is analyzed to determine its e$$e%t on the system and to %lassi$y it a%%ording to its severity2 3hen the &M'A is e8tended by a %riti%ality analysis1 the te%hni)ue is then %alled failure mode and effects criticality analysis #&M')A%2 "ailure mode and e$$e%ts analysis has gained ,ide a%%eptan%e by the aerospa%e and the military industries2 0n $a%t1 the te%hni)ue has adapted itsel$ in other $orm su%h as misuse mode and e$$e%ts analysis2 Discussion and )onclusion *he three te%hni)ues outlined above re)uire only the employment o$ =hardware familiar= personnel2 Ho,ever1 "M#A tends to be more labor intensive1 as the $ailure o$ ea%h individual %omponent in the system has to be %onsidered2 A point to note is that these )ualitative te%hni)ues %an be used in the design as ,ell as operational stage o$ a system2 All the te%hni)ues mentioned above have seen ,ide usage in the nu%lear and %hemi%al pro%essing plants2 0n $a%t1 "M#A1 one o$ the most do%umented te%hni)ues in use> it has been used by =0ntel= and =:ational +emi%ondu%tor= to improve the reliability o$ their produ%ts2 "or the %ase o$ preliminary risk analysis1 it has seen appli%ation in sa$ety analysis in both industry and on o$$shore plat$orms2 HA OP1 on the other hand1 has been ,idely used in the %hemi%al industries $or detailed $ailure and e$$e%t study on the piping and instrumentation layout2 Tree Based Techniques 0n this se%tion1 $ault(tree analysis ("*A!1 event(tree analysis (#*A!1 %ause ( %onse)uen%e analysis (''A!1 management oversight risk tree (MOR*! and sa$ety management organization revie, te%hni)ue (+MOR*! ,ill be dis%ussed2
�TECH 482/535
Risk Analysis Methodologies
&ault Tree Analysis *he %on%ept o$ $ault tree analysis ("*A! ,as originated by =?ell *elephone /aboratories= in 45@A as a te%hni)ue ,ith ,hi%h to per$orm a sa$ety evaluation o$ the Minutemen 0nter%ontinental ?allisti% Missile /aun%h 'ontrol +ystem2 A $ault tree is a logi%al diagram ,hi%h sho,s the relation bet,een system $ailure1 i2e2 a spe%i$i% undesirable event in the system1 and $ailures o$ the %omponents o$ the system2 0t is a te%hni)ue based on dedu%tive logi%2 An undesirable event is $irst de$ined and %ausal relationships o$ the $ailures leading to that event are then identi$ied "ault tree %an be used in )ualitative or )uantitative risk analysis2 *he di$$eren%e in them is that the )ualitative $ault tree is looser in stru%ture and does not re)uire use o$ the same rigorous logi% as the $ormal $ault tree2 Figure 1 sho,s a $ault tree ,ith top event ="ire breaks out=2 *his method is used in a ,ide range o$ industries and there is e8tensive support in the $orm o$ published literature and so$t,are pa%kages1 su%h as 'ARA2 'vent Tree Analysis #vent tree analysis ( %onsists o$ an analysis o$ possible %auses starting at a system level and ,orking do,n through the system1 sub(system1 e)uipment and %omponent1 identi$ying all possible %auses2 (3hat $aults might ,e e8pe%tB Ho, may they be arrived atB! Assessment methods ,hi%h allo, )uanti$ying the probability o$ an a%%ident and the risk asso%iated ,ith plant operation based on the graphi% des%ription o$ a%%ident se)uen%es employ the $ault tree or event tree analysis ("*A or #*A! te%hni)ues #vent *ree Analysis is a logi%al method o$ analyzing ho, and ,hy a disaster %ould o%%ur2 0t is a great te%hni)ue $or ,orking out the overall probability o$ a %atastrophi% event o%%urring1 su%h as a melt(do,n in a nu%lear po,er plant ,here the substantial %ost involved is obviously ne%essary2 *hese methods are used to %arry out a mathemati%al analysis o$ the a%%ident se)uen%es and have been used to determine the reliability o$ ele%troni% systems2 *hey are also ,idely used in the nu%lear industry but may not be suitable $or general assessment o$ maCor hazard be%ause it involves substantial e$$ort and %ost )ause*)onsequence Analysis 'ause(%onse)uen%e analysis (''A! is a blend o$ $ault tree and event tree analysis2 *his te%hni)ue %ombines %ause analysis (des%ribed by $ault trees! and %onse)uen%e analysis (des%ribed by event trees!1 and hen%e dedu%tive and indu%tive analysis is used2 *he purpose o$ ''A is to identi$y %hains o$ events that %an result in undesirable %onse)uen%es2 3ith the probabilities o$ the various events in the ''A diagram1 the probabilities o$ the various %onse)uen%es %an be %al%ulated1 thus establishing the risk level o$ the system2
�TECH 482/535
Risk Analysis Methodologies
Management versight Risk Tree #M RT% Management oversight risk tree (MOR*! ,as developed in the early 4567s1 $or the D2+2 #nergy Resear%h and .evelopment Administration as sa$ety analysis method that ,ould be %ompatible ,ith %omple81 goal(oriented management systems2 MOR* is a diagram ,hi%h arranges sa$ety program elements in an orderly and logi%al manner2 0ts analysis is %arried out by means o$ $ault tree1 ,here the top event is =.amage1 destru%tion1 other %osts1 lost produ%tion or redu%ed %redibility o$ the enterprise in the eyes o$ so%iety=2 *he tree gives an overvie, o$ the %auses o$ the top event $rom management oversights and omissions or $rom assumed risks or both2 *he MOR* tree has more than 4<77 possible basi% events %ompressed to 477 generi% events ,hi%h have been identi$ied in the $ields o$ a%%ident prevention1 administration and management2 A generi% MOR* diagram is in%luded at the end o$ this report2 MOR* is used in the analysis or investigation o$ a%%idents and events1 and evaluation o$ sa$ety programs2 0ts use$ulness ,as revealed in literature E46F1 Gnormal investigations revealed an average o$ 4H problems (and re%ommendations!2 'omplementary investigations ,ith MOR* analysis revealed additional A7 %ontributions per %ase2I +afety Management rganization Revie, Technique +a$ety management organization revie, te%hni)ue (+MOR*! is a simpli$ied modi$i%ation o$ MOR* developed in +%andinavia2 *his te%hni)ue is stru%tured by means o$ analysis levels ,ith asso%iated %he%klists1 ,hile MOR* is based on a %omprehensive tree stru%ture2 O,ing to its stru%tured analyti%al pro%ess1 +MOR* is %lassi$ied as one o$ the tree based methodologies2 *he +MOR* analysis in%ludes data %olle%tion based on the %he%klists and their asso%iated )uestions1 in addition to evaluation o$ results2 *he in$ormation %an be %olle%ted $rom intervie,s1 studies o$ do%uments and investigations2 *his te%hni)ue %an be used to per$orm detailed investigation o$ a%%idents and near misses2 0t also served ,ell as a method $or sa$ety audits and planning o$ sa$ety measures Discussion and )onclusion *he tree(based methods are mainly used to $ind %ut(sets leading to the undesired events2 0n $a%t1 event tree and $ault tree have been ,idely used to )uanti$y the probabilities o$ o%%urren%e o$ a%%idents and other undesired events leading to the loss o$ li$e or e%onomi% losses in probabilisti% risk assessment2 Ho,ever1 the usage o$ $ault tree and event tree are %on$ined to stati%1 logi% modeling o$ a%%ident s%enarios2 0n giving the same treatment to hard,are $ailures and human errors in $ault tree and event tree analysis1 the %onditions a$$e%ting human behavior %an not be modeled e8pli%itly2 *his a$$e%ts the assessed level o$ dependen%y bet,een events2 :o doubt1 there e8ists te%hni)ues su%h as human %ognitive reliability to re%on%ile su%h de$i%ien%ies in the $ault tree analysis> ne, methodologies that model su%h responses have emerged2
�TECH 482/535
Risk Analysis Methodologies
Methodologies for Analysis of Dynamic +ystem 0n this se%tion1 -O method1 digraph & $ault graph1 event se)uen%e diagrams1 Markov modeling1 dynami% event logi% analyti%al methodology and dynami% event tree analysis method ,ill be dis%ussed Method *he -O method is a su%%ess(oriented system analysis that uses seventeen operators to aid in model %onstru%tion2 0t ,as developed by =Jaman +%ien%es 'orporation= during the 45@7s $or reliability analysis o$ ele%troni%s $or the .epartment o$ .e$ense in D2+ *he -O model %an be %onstru%ted $rom engineering dra,ings by repla%ing system elements ,ith one or more -O operators2 +u%h operators are o$ three basi% types9 (.! independent1 (/! dependent1 and (0! logi%2 0ndependent operators are used to model %omponents re)uiring no input and the independent operators1 re)uire at least one input in order to have an output2 /ogi% operators1 on the other hand1 %ombine the operators into the su%%ess logi% o$ the system being modeled2 3ith the probability data $or ea%h independent and dependent operator1 the probability o$ su%%ess$ul operation %an then be %al%ulated2 *he -O method is used in pra%ti%al appli%ation ,here the boundary %onditions $or the system to be modeled are ,ell de$ined by a system s%hemati% or other design do%uments2 Ho,ever1 the $ailure modes are impli%itly modeled1 making it unsuitable $or detailed analysis o$ $ailure modes beyond the level o$ %omponent events sho,n in the system dra,ing2 "urthermore1 it does not treat %ommon %ause $ailures nor provide stru%tural in$ormation (i2e2 the minimum %ut sets! regarding the system
Digra!h(&ault -ra!h *he $ault graph method & digraph matri8 analysisF uses the mathemati%s and language o$ graph theory su%h as Gpath setI (a set o$ models traveled on a path! and Grea%h abilityI (the %omplete set o$ all possible paths bet,een any t,o nodes!2 *his method is similar to a -O %hart but uses A:. & OR gates instead2 *he %onne%tivity matri81 derived $rom adCa%en%y matri8 $or the system1 sho,s ,hether a $ault node ,ill lead to the top event2 *hese matri%es are then %omputer analyzed to give singletons (single %omponents that %an %ause system $ailure! or doubletons (pairs o$ %omponents that %an %ause system $ailure!2 .igraph method allo,s %y%les and $eed ba%k loops ,hi%h make it attra%tive $or dynami% system2 "igure K sho,s a su%%ess oriented system digraph o$ simpli$ied emergen%y %ore %ooling system2 Markov Modeling Markov modeling is a %lassi%al modeling te%hni)ue used $or assessing the time( dependent behavior o$ many dynami% systems2 0n a LMarkov %hainM pro%esses1 transitions bet,een states are assumed to o%%ur only at dis%rete points in time2 On the other hand1 in a Ldis%rete Markov pro%essM1 transitions bet,een states are
�TECH 482/535
Risk Analysis Methodologies
allo,ed to o%%ur at any point in time2 "or pro%ess system1 the dis%rete system states %an be de$ined in terms o$ ranges o$ pro%ess variables as ,ell as %omponent status2 *his methodology also in%orporates time e8pli%itly1 and %an be e8tended to %over situations ,here problem parameters are time independent2 *he state probabilities o$ the system P(t! in a %ontinuous Markov system analysis are obtained by the solution o$ a %oupled set o$ $irst order1 %onstant %oe$$i%ient di$$erential e)uations 9 dP/dt N M.P(t!1 ,here M is the matri8 o$ %oe$$i%ients ,hose o$$(diagonal elements are the transition rate and ,hose diagonal elements are su%h that the matri8 %olumns sum to zero2 An appli%ation o$ Markov modeling to a hold(up tank problem is dis%ussed in literature1 ,hile Pate('ornell (455K! used the te%hni)ue to study the $ire propagation $or a subsystem on board an o$$(shore plat$orm in E4OF2
Dynamic 'vent 1ogic Analytical Methodology *he dynami% event logi% analyti%al methodology (.P/AM! provides an integrated $rame,ork to e8pli%itly treat time1 pro%ess variables and system behaviors E4KF2 A .P/AM is usually %omprised o$ the $ollo,ing pro%edures9 (a! %omponent modeling1 (b! system e)uation resolution algorithms1 (%! setting o$ *OP %onditions and (d! event se)uen%e generation and analysis2 .P/AM is use$ul $or the des%ription o$ dynami% in%ident s%enarios and $or reliability assessment o$ systems ,hose mission is de$ined in terms o$ values o$ pro%ess variables to be kept ,ithin %ertain limits in timeE45F2 *his te%hni)ue %an also be used $or identi$i%ation o$ system behavior and thus1 as a design tool $or implementing prote%tions and operator pro%edures2 0t is important to note that system spe%i$i% .P/AM simulator must be %reated to analyze ea%h parti%ular problem2 "urthermore1 input data su%h as probabilities o$ a %omponent being in %ertain state at transient initiation1 independen%y o$ su%h probabilities1 transition rates bet,een di$$erent states1 and %onditional probability matri%es $or dependen%ies among states and pro%ess variables need to be provided to run the .P/AM pa%kage2 An appli%ation o$ .P/AM on a reservoir problem is given in literature Dynamic 'vent Tree Analysis Method .ynami% event tree analysis method (.#*AM! is an approa%h that treats time( dependent evolution o$ plant hard,are states1 pro%ess variable values1 and operator states over the %ourse o$ a s%enario2 0n general1 a dynami% event tree is an event tree in ,hi%h bran%hing are allo,ed at di$$erent points in time2 *his approa%h is de$ined by $ive %hara%teristi%s set9 (a! bran%hing set (b! set o$ variables de$ining the system state1 (%! bran%hing rules1 (d! se)uen%e e8pansion rule and (e! )uanti$i%ation tools2 *he bran%hing set re$ers to the set o$ variables that determine the spa%e o$ possible bran%hes at any node in the tree2 ?ran%hing rules1 on the other hand1 re$er to rules used to determine ,hen a bran%hing should take pla%e (a %onstant time step!2 *he se)uen%e e8pansion rules are used to limit the number o$ se)uen%es2
�TECH 482/535
Risk Analysis Methodologies
*his approa%h %an be used to represent a ,ide variety o$ operator behaviors1 model the %onse)uen%es o$ operator a%tions and also served as a $rame,ork $or the analyst to employ a %ausal model $or errors o$ %ommission2 *hus it allo,s the testing o$ emergen%y pro%edures and identi$y ,here and ho, %hanges %an be made to improve their e$$e%tiveness2 An analysis o$ the a%%ident se)uen%e $or a steam generator tube rupture is presented in literature2
Discussion and )onclusion *he te%hni)ues dis%ussed above address the de$i%ien%ies $ound in $ault&event tree methodologies ,hen analyzing dynami% s%enarios2 Ho,ever1 there are also limitations to their usage2 *he digraph and -O te%hni)ues model the system behavior and deal1 in limited e8tent1 ,ith %hanges in model stru%ture over time2 On the other hand1 Markov modeling re)uires the e8pli%it identi$i%ation o$ possible system states and the transitions bet,een these states2 *his is a problem as it is di$$i%ult to envision the entire set o$ possible states prior to s%enario development2 .P/AM and .#*AM %an solve the problem through the use o$ impli%it state(transition de$inition2 *he dra,ba%ks to these impli%it te%hni)ues are implementation( oriented2 3ith the large tree(stru%ture generated through the .P/AM and .#*AM approa%hes1 large %omputer resour%es are re)uired2 *he se%ond problem is that the impli%it methodologies may re)uire a %onsiderable amount o$ analyst e$$ort in data gathering and model %onstru%tion2 )onclusions A total o$ 4K risk analysis te%hni)ues ,ere revie,ed in the dis%ussion above2 Qualitative methodologies though la%king the ability to a%%ount the dependen%ies bet,een events are e$$e%tive in identi$ying potential hazards and $ailures ,ithin the system2 *he tree(based te%hni)ues addressed this de$i%ien%y by taking into %onsideration the dependen%ies bet,een ea%h event2 *he probabilities o$ o%%urren%e o$ the undesired event %an also be )uanti$ied ,ith the availability o$ operational data2 Ho,ever1 no one has yet attempted to )uanti$y the undesired top event in a MOR* tree2 'urrently1 resear%h has been made on .P/AM and .#*AM to study a%%ident s%enarios by treating time1 pro%ess variables1 system behavior and operators a%tion through an integrated $rame,ork2 *hese te%hni)ues address the problem o$ having less than ade)uate modeling o$ %onditions a$$e%ting %ontrol system a%tions and operator behavior ,hen using the $ault&event tree (e2g2 behavior o$ plant pro%ess variables1 previous de%isions by the operating %re,!2 Ho,ever1 the dra,ba%ks $or these te%hni)ues are the re)uirement $or large %omputer resour%es and e8tensive data %olle%tion2 3ith the development o$ more e$$i%ient algorithm and po,er$ul %omputer1 su%h methodologies ,ould be ,idely applied2
