Professional Documents
Culture Documents
Chapter 11 Risk Assessment
Chapter 11 Risk Assessment
RISK ASSESSMENT
Introduction
Risk Assessment Incident Identification How accident occurs (Analysis of probability) Consequence analysis Expected damage (loss of life, damage, days outage)
This chapter discusses 1. Review probability mathematics 2. How failure probability of individual components contribute to the failure of the entire process. 3. Describe two probabilistic methods Event tree Fault tree
Probability Theory
Failure in a process occurs as a result of interaction of the individual components The overall probability depends on nature of this interaction. Average failure rate as faults/time, On average the component fails after certain period of time . The probability that the component will NOT fail during the time interval (0,t) is given by poisson distribution
As t then R(t) goes to 0 and high means less R(t). The complement of the reliability is called probability and is given by
Probability Theory
Failure density function : derivative of failure probability
The failure density function is used to determine the probability P at least one failure in the time period t0 to t1
Probability Theory
MTBF : The time interval between two failures of the component is called the mean time between failures (MTBF) and is given by
Probability Theory
Interaction between Process units Parallel: Process failure requires simultaneous failure of a number of components in parallel. Failure probabilities for the individual components must be multiplied (Parallel Probability)
n is the total number of components and Pi is the failure probability of each
component.
Probability Theory
Interaction between Process units Series: Failure of any single component in the series of components will result in failure of the process. Represented by logical OR function. Overall process reliability is found by multiplying the reliabilities for the individual components.
Probability Theory
Interaction between Process units Series: For system composed of 2 components A and B
If the failure probabilities are small , then the product term can be neglected. For this special case
0+ r =MTBF
The time that the component is operational is called the period of operation and is denoted by 0. After a failure occurs, a period of time, called the period of inactivity or downtime (r), is required to repair the component.
Revealed Failure
Revealed Failure: For revealed failures the period of inactivity or downtime for a particular component is computed by averaging the inactive period for a number of failures
Where, n is the number of times the failure or inactivity occurred and r is the period for repair for a particular failure. Similarly, the time before failure or period of operation is given by So,
Revealed Failure
Availability Probability that component found functioning
Unrevealed Failure
For unrevealed failures if, u is the average period of unavailability during the inspection interval and if i is the inspection interval, then
Probability of coincidence
The dangerous process episode occurs when a process upset occurs and the emergency system is unavailable. This requires coincidence of events. Assume that a dangerous process episode occurs Pd times interval Ti. The frequency of this episode is given by
For an emergency system with unavailability U, a dangerous situation will occur when the process episode occurs and the emergency system is unavailable. This is every pdU episodes.
Probability of coincidence
The mean time between coincidences (MTBC) is the reciprocal of the average frequency of dangerous coincidences:
Guidelines
1. Identify an initiating event of interest. 2. Identify the safety functions designed to deal with the initiating event. 3. Construct the event tree. 4. Describe the resulting accident event sequences.
Step 2 Identify the Safety Functions Designed to Deal with the Initiating Event
Safety system that automatically respond to the initiating event. Alarms that alert the operator when the initiating event occurs and operator actions designed to be performed in response to alarms or required by procedures. Barriers or Containment methods that are intended to limit the effects of the initiating event.
Example
Oxidation reactor high temp. Alarm alerts operator at temp T1. Operator reestablish cooling water flow to the oxidation reactor. Automatic shutdown system stops reaction at temp. T2. T2 > T1 These safety functions are listed in the order in which they are intended to occur.
Step 3: Construct the Event Tree a. Enter the initiating event and safety functions.
Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2
SAFETY FUNCTION
INITIATING EVENT:
Loss of cooling water to oxidation reactor
Step 3: Construct the Event Tree b. Evaluate the safety functions. SAFETY FUNCTION
Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2
INITIATING EVENT:
Loss of cooling water to oxidation reactor
Success
Failure
Step 3: Construct the Event Tree b) Evaluate the safety functions. SAFETY FUNCTION
Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2
INITIATING EVENT:
Loss of cooling water to oxidation reactor
Success
Failure
If the safety function does not affect the course of the accident, the accident path proceeds with no branch pt to the next safety function.
INITIATING EVENT:
Loss of cooling water to oxidation reactor
Success
Completed !
Failure
ACD Unsafe condition, runaway reaction, operator aware of problem AB Unstable condition, process shutdown ABD Unsafe condition, runaway reaction, operator unaware of problem
Success
Failure
ACCIDENT SEQUENCES
Reactor Feed
Cooling Coils
Cooling Water In
Reactor TIC
Temperature Controller
Alarm at T > TA
TIA
Thermocouple High Temperature Alarm Figure 11-8 Reactor with high temperature alarm and temperature controller.
Result
Identifier: Failures/Demand:
B 0.01
C 0.25
D 0.25
E 0.1 A 0.7425 AD 0.2227 ADE 0.02475 AB 0.005625 ABD 0.001688 ABDE 0.0001875 ABC 0.001875 ABCD 0.0005625 ABCDE 0.0000625
Continue Operation Shut Down Runaway Continue Operation Shut Down Runaway Continue Operation Shut Down Runaway
0.99 0.2475 A 1 Initiating Event: Loss of Cooling 1 Occurrence/yr. 0.01 0.0025 0.000625
Shutdown = 0.2227 + 0.001688 + 0.005625 = 0.2250 occurrences/yr. Runaway = 0.02475 + 0.0001875 + 0.0000625 = 0.02500 occurrences/yr.
0.0075 0.001875
Figure 11-9 Event tree for a loss of coolant accident for the reactor of Figure 11-8.
Safety Function
0.01 Failures/Demand
Figure 11-10 The computational sequence across a safety function in an event tree.
Result
Identifier: Failures/Demand:
B 0.01
C 0.25
D 0.25
E 0.01
F 0.1
A 0.7425 AD 0.2450 ADE 0.002228 ADEF 0.002475 0.0002475 AB 0.005625 ABD 0.001856 ABDE 0.00001688 0.00001875 ABDEF 0.00000187 5 ABC 0.001875 ABCD 0.0006187 ABCDE 0.00000563 0.00000675 ABCDEF 0.00000062 5 Continue Operation Shut Down Shut Down Runaway Continue Operation Shut Down Shut Down Runaway Continue Operation Shut Down Shut Down Runaway
0.99 0.2475
A 1
0.00750 0.001875
0.0025 0.000625
Shutdown = 0.2450 + 0.001856 + 0.00001688 + 0.0006187 = 0.2475 occurrences/yr. Runaway = 0.0002475 + 0.000001875 + 0.000000625 = 0.0002500 occurrences/yr. Figure 11-11 Event tree for the reactor of Figure 11-8. This includes a high temperature shutdown system.
AND gate
An External Event
An Event / Fault
Inhibit gate
Basic Event
Procedure
Procedure for Fault Tree Analysis
Define TOP event Define overall structure. Explore each branch in successive level of detail.
Procedure
Use PHA, P&ID, Process description etc., to define the top event. If its too broad, overly large FTA will result. E.g. Fire in process. If its too narrow, the exercise will be costly. E.g. Leak in the valve. The boundaries for top event definition can be a System, Sub-system, Unit, Equipment (or) a Function. Some good examples are: Overpressure in vessel V1, Motor fails to start, Reactor high temperature safety function fails etc.,
Procedure
Procedure for Fault Tree Analysis
Procedure
Procedure for Fault Tree Analysis:
Define TOP event Define overall structure. Explore each branch in successive level of detail.
Procedure
Explore each branch in successive level of detail: Continue the top down process until the root cause for each branch is identified and/or until further decomposition is considered unnecessary. So each branch will end with a basic event or an undeveloped event. Consider Common cause failure & Systematic failures in the process of decomposition. A good guide to stop decomposing is to go no further than physical (or) functional bounds set by the top event.
Procedure
Procedure for Fault Tree Analysis:
Define TOP event Define overall structure. Explore each branch in successive level of detail.
Procedure
Solve the Fault Tree:
Assign probabilities of failure to the lowest level event in each branch of the tree.
From this data the intermediate event frequency and the top level event frequency can be determined using Boolean Algebra and Minimal Cut Set methods.
Procedure
Minimal Cut Set theory: The fault tree consists of many levels of basic and intermediate events linked together by AND and OR gates. Some basic events may appear in different places of the fault tree. The minimal cut set analysis provides a new fault tree, logically equivalent to the original, with an OR gate beneath the top event, whose inputs (bottom)are minimal cut sets. Each minimal cut set is an AND gate with a set of basic event inputs necessary and sufficient to cause the top event.
Procedure
Procedure for fault tree analysis:
Define TOP event Define overall structure. Explore each branch in successive level of detail.
Advantages of FTA
Plus points of FTA: Deals well with parallel, redundant or alternative fault paths. Searches for possible causes of an end effect which may not have been foreseen. The cut sets derived in FTA can give enormous insight into various ways top event occurs. Very useful tool for focused analysis where analysis is required for one or two major outcomes.
Disadvantages of FTA
Minus points of FTA: Requires a separate fault tree for each top event and makes it difficult to analyze complex systems. Fault trees developed by different individuals are usually different in structure, producing different cut set elements and results. The same event may appear in different parts of the tree, leading to some initial confusion.