Probability and Possibility‐Based Representations of Uncertainty in Fault Tree Analysis

Expert knowledge is an important source of input to risk analysis. In practice, experts might be reluctant to characterize their knowledge and the related (epistemic) uncertainty using precise probabilities. The theory of possibility allows for imprecision in probability assignments. The associated possibilistic representation of epistemic uncertainty can be combined with, and transformed into, a probabilistic representation; in this article, we show this with reference to a simple fault tree analysis. We apply an integrated (hybrid) probabilistic‐possibilistic computational framework for the joint propagation of the epistemic uncertainty on the values of the (limiting relative frequency) probabilities of the basic events of the fault tree, and we use possibility‐probability (probability‐possibility) transformations for propagating the epistemic uncertainty within purely probabilistic and possibilistic settings. The results of the different approaches (hybrid, probabilistic, and possibilistic) are compared with respect to the representation of uncertainty about the top event (limiting relative frequency) probability. Both the rationale underpinning the approaches and the computational efforts they require are critically examined. We conclude that the approaches relevant in a given setting depend on the purpose of the risk analysis, and that further research is required to make the possibilistic approaches operational in a risk analysis context.     

A review of FaultrEASE version 1.0

Many systems analysts will be surprised to encounter a program which is billed as a fault-tree development program "perform[ing] logical mathematical operations," but which does not perform Boolean reduction. The rather careful wording quoted in the introduction to this review can, in retrospect, be taken to refer to the fact that gates are quantified using formulas from the calculus of probabilities, and not to claim that Boolean reduction is performed. Since this program does not perform Boolean reduction, its use is limited to essentially graphical applications of the type illustrated in Fig. 1. For this limited application, the program has some features which make it attractive; it is easy to develop and print a passable drawing of a fault tree, and it is easy to do "what-if" analyses (looking at the effects of changing connections or statistics). However, for fault-tree analyses of even moderate complexity, a Boolean processor is necessary (a large fault tree for a real problem in which no events are repeated is arguably a pathological case). Many such algorithms exist on DOS machines, and most of them run within (and are limited to) the usual 640k memory limitation. To be fair, it has to be noted that some commercial algorithms of this type cost far, far more than FaultrEASE (their costs are measured in thousands of dollars rather than hundreds).(ABSTRACT TRUNCATED AT 250 WORDS)     

Lognormal Approximations of Fault Tree Uncertainty Distributions

Fault trees are used in reliability modeling to create logical models of fault combinations that can lead to undesirable events. The output of a fault tree analysis (the top event probability) is expressed in terms of the failure probabilities of basic events that are input to the model. Typically, the basic event probabilities are not known exactly, but are modeled as probability distributions: therefore, the top event probability is also represented as an uncertainty distribution. Monte Carlo methods are generally used for evaluating the uncertainty distribution, but such calculations are computationally intensive and do not readily reveal the dominant contributors to the uncertainty. In this article, a closed‐form approximation for the fault tree top event uncertainty distribution is developed, which is applicable when the uncertainties in the basic events of the model are lognormally distributed. The results of the approximate method are compared with results from two sampling‐based methods: namely, the Monte Carlo method and the Wilks method based on order statistics. It is shown that the closed‐form expression can provide a reasonable approximation to results obtained by Monte Carlo sampling, without incurring the computational expense. The Wilks method is found to be a useful means of providing an upper bound for the percentiles of the uncertainty distribution while being computationally inexpensive compared with full Monte Carlo sampling. The lognormal approximation method and Wilks’s method appear attractive, practical alternatives for the evaluation of uncertainty in the output of fault trees and similar multilinear models.     

油田开发污染源危险度评价模型及实证研究

针对油田开发污染源存在危险度,提出一种将灰关联度分析与故障树分析相结合的危险度评价模型.该模型运用灰关联度分析方法进行事故模式的识别,并根据某一具体的故障树,分析和导出顶事件发生的各种故障模式的可能性大小.然后,选取大庆油田工程有限公司典型案例进行实证研究,结果表明该方法对油田开发污染源危险度评价具备可行性和操作性.     

A Methodology for Risk Analysis Based on Hybrid Bayesian Networks: Application to the Regasification System of Liquefied Natural Gas Onboard a Floating Storage and Regasification Unit

This article presents an iterative six‐step risk analysis methodology based on hybrid Bayesian networks (BNs). In typical risk analysis, systems are usually modeled as discrete and Boolean variables with constant failure rates via fault trees. Nevertheless, in many cases, it is not possible to perform an efficient analysis using only discrete and Boolean variables. The approach put forward by the proposed methodology makes use of BNs and incorporates recent developments that facilitate the use of continuous variables whose values may have any probability distributions. Thus, this approach makes the methodology particularly useful in cases where the available data for quantification of hazardous events probabilities are scarce or nonexistent, there is dependence among events, or when nonbinary events are involved. The methodology is applied to the risk analysis of a regasification system of liquefied natural gas (LNG) on board an FSRU (floating, storage, and regasification unit). LNG is becoming an important energy source option and the world's capacity to produce LNG is surging. Large reserves of natural gas exist worldwide, particularly in areas where the resources exceed the demand. Thus, this natural gas is liquefied for shipping and the storage and regasification process usually occurs at onshore plants. However, a new option for LNG storage and regasification has been proposed: the FSRU. As very few FSRUs have been put into operation, relevant failure data on FSRU systems are scarce. The results show the usefulness of the proposed methodology for cases where the risk analysis must be performed under considerable uncertainty.     

A Combined Monte Carlo and Possibilistic Approach to Uncertainty Propagation in Event Tree Analysis

In risk analysis, the treatment of the epistemic uncertainty associated to the probability of occurrence of an event is fundamental. Traditionally, probabilistic distributions have been used to characterize the epistemic uncertainty due to imprecise knowledge of the parameters in risk models. On the other hand, it has been argued that in certain instances such uncertainty may be best accounted for by fuzzy or possibilistic distributions. This seems the case in particular for parameters for which the information available is scarce and of qualitative nature. In practice, it is to be expected that a risk model contains some parameters affected by uncertainties that may be best represented by probability distributions and some other parameters that may be more properly described in terms of fuzzy or possibilistic distributions. In this article, a hybrid method that jointly propagates probabilistic and possibilistic uncertainties is considered and compared with pure probabilistic and pure fuzzy methods for uncertainty propagation. The analyses are carried out on a case study concerning the uncertainties in the probabilities of occurrence of accident sequences in an event tree analysis of a nuclear power plant.     

Fault and Event Tree Analyses for Process Systems Risk Analysis: Uncertainty Handling Formulations

Quantitative risk analysis (QRA) is a systematic approach for evaluating likelihood, consequences, and risk of adverse events. QRA based on event (ETA) and fault tree analyses (FTA) employs two basic assumptions. The first assumption is related to likelihood values of input events, and the second assumption is regarding interdependence among the events (for ETA) or basic events (for FTA). Traditionally, FTA and ETA both use crisp probabilities; however, to deal with uncertainties, the probability distributions of input event likelihoods are assumed. These probability distributions are often hard to come by and even if available, they are subject to incompleteness (partial ignorance) and imprecision. Furthermore, both FTA and ETA assume that events (or basic events) are independent. In practice, these two assumptions are often unrealistic. This article focuses on handling uncertainty in a QRA framework of a process system. Fuzzy set theory and evidence theory are used to describe the uncertainties in the input event likelihoods. A method based on a dependency coefficient is used to express interdependencies of events (or basic events) in ETA and FTA. To demonstrate the approach, two case studies are discussed.     

The Ocean Ranger Oil Rig Disaster: A Risk Analysis

This paper analyzes quantitatively the design of the Ocean Ranger off-shore oil drilling rig that capsized and sank on February 15, 1982 off the coast of Canada. A review of the actual disaster is also included based on evidence gathered by the Canadian Royal Commission. The risk analysis includes the construction of a failure modes and effects analysis (FMEA) table, a fault tree, and a quantitative evaluation including common cause failure of the rig components. In the case of the Ocean Ranger ballast control system, it was shown that the analysis was able both to successfully model the catastrophic system failure of the portholes, the actual system failure mode, and identify a common cause failure mode of the pump system. This study represents an application of reliability and risk techniques to the oil services industry.     

Treatment of Uncertainty in Performance Assessments for Complex Systems

When viewed at a high level, performance assessments (PAs) for complex systems involve two types of uncertainty: stochastic uncertainty, which arises because the system under study can behave in many different ways, and subjective uncertainty, which arises from a lack of knowledge about quantities required within the computational implementation of the PA. Stochastic uncertainty is typically incorporated into a PA with an experimental design based on importance sampling and leads to the final results of the PA being expressed as a complementary cumulative distribution function (CCDF). Subjective uncertainty is usually treated with Monte Carlo techniques and leads to a distribution of CCDFs. This presentation discusses the use of the Kaplan/Garrick ordered triple representation for risk in maintaining a distinction between stochastic and subjective uncertainty in PAs for complex systems. The topics discussed include (1) the definition of scenarios and the calculation of scenario probabilities and consequences, (2) the separation of subjective and stochastic uncertainties, (3) the construction of CCDFs required in comparisons with regulatory standards (e.g., 40 CFR Part 191, Subpart B for the disposal of radioactive waste), and (4) the performance of uncertainty and sensitivity studies. Results obtained in a preliminary PA for the Waste Isolation Pilot Plant, an uncertainty and sensitivity analysis of the MACCS reactor accident consequence analysis model, and the NUREG-1150 probabilistic risk assessments are used for illustration.     

Competing Failure Risk Analysis Using Evidence Theory

Safety systems are important components of high-consequence systems that are intended to prevent the unintended operation of the system and thus the potentially significant negative consequences that could result from such an operation. This presentation investigates and illustrates formal procedures for assessing the uncertainty in the probability that a safety system will fail to operate as intended in an accident environment. Probability theory and evidence theory are introduced as possible mathematical structures for the representation of the epistemic uncertainty associated with the performance of safety systems, and a representation of this type is illustrated with a hypothetical safety system involving one weak link and one strong link that is exposed to a high temperature fire environment. Topics considered include (1) the nature of diffuse uncertainty information involving a system and its environment, (2) the conversion of diffuse uncertainty information into the mathematical structures associated with probability theory and evidence theory, and (3) the propagation of these uncertainty structures through a model for a safety system to obtain representations in the context of probability theory and evidence theory of the uncertainty in the probability that the safety system will fail to operate as intended. The results suggest that evidence theory provides a potentially valuable representational tool for the display of the implications of significant epistemic uncertainty in inputs to complex analyses.     

Distribution Analyzer and Risk Evaluator (DARE) Using Fault Trees

Risk and uncertainty are integral parts of modern technology, and they must be managed effectively to allow the development of reliable, high-quality products. Because so many facets of technology and society involve risk and uncertainty, it is essential that risk management be handled in a systematic manner. Fault-tree analysis is one of the principal methods used in the analysis of systems'safety. Its detailed and systematic deductive structure makes it a valuable tool for design and diagnostic purposes. Point probability and the minimization of the expected failure probability have, until recently, dominated fault-tree analysis. A methodology that incorporates uncertainty analysis, conditional expected risk, and multiple objectives with fault-tree analysis is presented. A computer software package termed the "Distribution Analyzer and Risk Evaluator (DARE) Using Fault Trees," which translates the new methodology into a working decision-support system, is developed. DARE Using Fault Trees is a flexible computer code that is capable of analyzing the risk of the overall system in terms of the probability density function of failure probability. Emphasis is placed on the uncertainty and risk of extreme events. A comparative study between existing codes for fault-tree analysis and DARE demonstrates the strengths of the methodology. A case study for NASA's solid rocket booster is used to perform the comparative analysis.     

Sensitivity Analysis Using Risk Measures

In a quantitative model with uncertain inputs, the uncertainty of the output can be summarized by a risk measure. We propose a sensitivity analysis method based on derivatives of the output risk measure, in the direction of model inputs. This produces a global sensitivity measure, explicitly linking sensitivity and uncertainty analyses. We focus on the case of distortion risk measures, defined as weighted averages of output percentiles, and prove a representation of the sensitivity measure that can be evaluated on a Monte Carlo sample, as a weighted average of gradients over the input space. When the analytical model is unknown or hard to work with, nonparametric techniques are used for gradient estimation. This process is demonstrated through the example of a nonlinear insurance loss model. Furthermore, the proposed framework is extended in order to measure sensitivity to constant model parameters, uncertain statistical parameters, and random factors driving dependence between model inputs.     

A Fuzzy Decision Tree for Fault Classification

In plant accident management, the control room operators are required to identify the causes of the accident, based on the different patterns of evolution of the monitored process variables thereby developing. This task is often quite challenging, given the large number of process parameters monitored and the intense emotional states under which it is performed. To aid the operators, various techniques of fault classification have been engineered. An important requirement for their practical application is the physical interpretability of the relationships among the process variables underpinning the fault classification. In this view, the present work propounds a fuzzy approach to fault classification, which relies on fuzzy if-then rules inferred from the clustering of available preclassified signal data, which are then organized in a logical and transparent decision tree structure. The advantages offered by the proposed approach are precisely that a transparent fault classification model is mined out of the signal data and that the underlying physical relationships among the process variables are easily interpretable as linguistic if-then rules that can be explicitly visualized in the decision tree structure. The approach is applied to a case study regarding the classification of simulated faults in the feedwater system of a boiling water reactor.     

Probabilistic Analysis of the Inadvertent Reentry of the Cassini Spacecraft''s Radioisotope Thermoelectric Generators

As part of the launch approval process, the Interagency Nuclear Safety Review Panel provides an independent safety assessment of space missions--such as the Cassini mission--that carry a significant amount of nuclear materials. This survey article describes potential accident scenarios that might lead to release of fuel from an accidental reentry during an Earth swingby maneuver, the probabilities of such scenarios, and their consequences. To illustrate the nature of calculations used in this area, examples are presented of probabilistic models to obtain both the probability of scenario events and the resultant source terms of such scenarios. Because of large extrapolations from the current knowledge base, the analysis emphasizes treatment of uncertainties.     

Probabilistic Risk Assessment of Wastes Buried in the Ground

The differences between probabilistic risk assessment (PRA) and safety analysis (SA) are discussed, and it is shown that PRA is more suitable than SA for determining the acceptability of a technology. Since a PRA by the fault tree-event tree analysis method used for reactor safety studies does not seem to be practical for buried waste, an alternative approach is suggested using geochemical analogs. This method is illustrated for the cases of high-level and low-level radioactive waste and for chemical carcinogens released in coal burning.     

Functional Approximation and Optimal Specification of the Mechanical Risk Index

The mechanical risk index (MRI) is a numerical measure that quantifies the complexity of drilling a well. The purpose of this article is to examine the role of the component factors of the MRI and its structural and parametric assumptions. A meta-modeling methodology is applied to derive functional expressions of the MRI, and it is shown that the MRI can be approximated in terms of a linear functional. The variation between the MRI measure and its functional specification is determined empirically, and for a reasonable design space, the functional specification is shown to a good approximating representation. A drilling risk index is introduced to quantify the uncertainty in the time and cost associated with drilling a well. A general methodology is outlined to create an optimal MRI specification.     

Correlation of Quantitative Risk Results for High Hazard Processes

A quantitative risk analysis was conducted to evaluate the design of the VX neutralization subsystem and related support facilities of the U.S. Army Newport Chemical Agent Disposal Facility. Three major incidents including agent release, personnel injury, and system loss were studied using fault tree analysis methodology. Each incident was assigned a risk assessment code based on the severity level and probability of occurrence of the incident. Safety mitigations or design changes were recommended to bring the "undesired" risk level (typical agent release events) to be "acceptable with controls" or "acceptable."     

A Flexible Hierarchical Bayesian Modeling Technique for Risk Analysis of Major Accidents

Safety analysis of rare events with potentially catastrophic consequences is challenged by data scarcity and uncertainty. Traditional causation‐based approaches, such as fault tree and event tree (used to model rare event), suffer from a number of weaknesses. These include the static structure of the event causation, lack of event occurrence data, and need for reliable prior information. In this study, a new hierarchical Bayesian modeling based technique is proposed to overcome these drawbacks. The proposed technique can be used as a flexible technique for risk analysis of major accidents. It enables both forward and backward analysis in quantitative reasoning and the treatment of interdependence among the model parameters. Source‐to‐source variability in data sources is also taken into account through a robust probabilistic safety analysis. The applicability of the proposed technique has been demonstrated through a case study in marine and offshore industry.     

研发项目过程风险管理方法综合集成问题研究

针对研发(R&D)项目过程风险特征,重点研究和提出了解决研发(R&D)项目过程风险的"模糊-事件树-故障树"综合集成定量方法,并采用算术平均数方法和加权几何平均数方法修正了"模糊-事件树"与"模糊-故障树"综合集成问题。通过实证研究表明,该定量方法能够有效地解决研发项目过程风险实际问题。