POLITECNICO DI TORINO DIPARTIMENTO DI ENERGETICA

Risk Assessment
Risk Analysis / Safety and Risk Analysis

Methodologies
Andrea CARPIGNANO
andrea.carpignano@polito.it

Ed. 2008/09

APPROACH TO RISK ASSESSMENT

START
QUALITATIVE

System Description

Historical Analysis
Hazard Identification HAZID
HAZOP
FMECA

Not critical Selection of critical Risk Matrix

events

Critical

Selection and Grouping

of Initiating Events
QUANTITATIVE

Event Tree Analysis

Analysis of Accidental Fault Tree Analysis
Sequences Simulation Models
Data Banks

Probabilistic Analysis Accident Simulation

Risk Assessment Tolerability Criteria

Design and Management
review Not Tolerable
Tolerable

END

Ed. 2008/09

1
APPROACH TO RISK ASSESSMENT

START

QUALITATIVE
System Description

Historical Analysis
Hazard Identification HAZID
HAZOP
FMECA

Not critical Selection of critical Risk Matrix

events

Critical

Selection and Grouping

of Initiating Events

Event Tree Analysis

Analysis of Accidental

QUANTITATIVE
Fault Tree Analysis
Sequences Simulation Models
Data Banks

Probabilistic Analysis Accident Simulation

Risk Assessment Tolerability Criteria

Design and Management
review Not Tolerable
Tolerable

END

Ed. 2008/09

Plant data acquisition

In order to perform a risk analysis, the following info are necessary:
 Design and construction plan (Conceptual, Basic, Detail, Construction, Commissioning,
Operation, Decommissioning)
 Company organisation
 Battery limits of the analysis
 Plant description (structure, behaviour, functions)
 Plant drawings (PFD, P&ID, layouts, sections, …)
 Cause/Effects diagrams
 Description of safety systems (LSD, ESD, fire&gas, firefighting, …)
 Amounts and type of dangerous substances (location, precautions, logistics)
 Description of operational and maintenance procedures, working phases
 Description of auxiliaries (water, compressed air, hydraulic systems, …)
 Feeds from outsides (pipelines, electric grid, …)
 Number of workers
 Site description:
 population density, land use (radius 5 km)
 transportation structures (by road, rail, water, air, pipelines, …)
 Presence of lakes, rivers, sea, …, aquifer depth
 meteo conditions (wind, atmosphere stability classes, rainfalls, )
 Seismic (DLgs 31-3-98), hydro geological hazards (maps from authorities)
 Presence of industrial plants in the neighbor

Ed. 2008/09

2
Plant layout

Ed. 2008/09

PLANT DESIGN DOCUMENTATION

PFD – Process Flow Diagram

Ed. 2008/09

3
PLANT DESIGN DOCUMENTATION

PFD – Process Flow Diagram

Ed. 2008/09

Introduction

P&ID – Pipe &

Instrumentation Diagram
Ed. 2008/09

4
 System definition
 Characterization of the systems
 Main System
 Control System
 Auxiliary Systems
 Safety/Protection System

 Operational steps, mission outline, management/maintenance

procedures
 Functions/Behavior/Structure
 Structures identification:
SERIES/PARALLEL MAJORITY VOTING STAND-BY
L3
P1
V1a V2a L2 Logica
2/3
L1
P2
V1b V2b
D

Ed. 2008/09

METEO INFO

Capability of the Wind speed and

atmosphere to dilute the directions allows to
pollutants: predict the
A high instability (day) direction of the
… flammable or toxic
F high stability (night) cloud
PASQUILL % COMING HOURS %
STABILITY FROM
CLASS
A 35
B 6
C 8
D 12
E 12
F 27
Total 100

Ed. 2008/09

5
Seismic characterisation

D.Lgs. 31-3-98

Ed. 2008/09

HAZARD IDENTIFICATION

Hazard identification aims to identify all the hazards

related to the system operations, for all the
operational configuration of the plant/system

Hazard Identification must be:

 systematic
 complete

Techniques available
 Historical analysis (accident data banks, literature,
etc.)
 HAZID, HAZOP, Check List

Ed. 2008/09

6
HAZARD IDENTIFICATION

Techniques available:
 Historical analysis (accident data banks, literature,
etc.)
 Check lists
 SIRP (Systematic Identification of Release Points)
 Deductive methods
 FMECA
 HAZOP
 HAZID

Ed. 2008/09

Historical analysis

 Analysis of accidents occurred in the past

 …related to the same type of system/plant or the
same dangerous substance
 The analysis is based on international data banks,
internet, literature, etc.

Ed. 2008/09

7
Historical analysis

Aims of Historical Analysis:

 The intention is to know the weak points of the
technologies and the problems related to the use of
a certain type of substance
 This analysis helps the analyst to complete the risk
analysis considering all the accidents that have been
already occurred.
 The historical analysis in general does not provide
statistical information since major accidents are
rare!

Ed. 2008/09

Historical analysis

Approaching Historical Analysis:

 Select the accidents of interest
 Classify accidents by causes (mech. failures, human
errors, external events, …), damages (deaths, injuries,
…), phenomena (releases, fires, explosions, toxic cloud,
…)
 Analyse the results in order to learn about the technology
and the substances involved:
 What are the more frequent causes of accident? We have to
focus on maintenance or on training?
 Are the results of our accident simulation realistic?
 Have all the accident phenomena been taken into account in
our risk analysis?
…

Ed. 2008/09

8
 Historical analysis

DATA BANKS:
 MHIDAS (HSE-UK)
 FACTS (TNO – The Nederlands)
 MARS (JRC – EU) available on the web
(http://mahbsrv.jrc.it)
 WOAD World Wide Offshore Accident Data(DNV- Norway)
 Many data banks for specific fields …
 EGIG for gas pipelines (http://www.egig.nl)
 Hydrogen (http://www.h2incidents.org/list.asp)
 Idustrial and natural events – Lovagno University BELGIUM
(http://www.em-dat.net/)
 …

Ed. 2008/09

Historical analysis

Metano-Gas naturale - Attività - MHIDAS 04/05

process plants
13.64%
piping storage
2.17% 5.74%
other
8.84%
loading/unloading
pipeline trasportation
2.02%
62.02%

small tanks
2.17%

bottles transp
naval transportation
0.16%
0.47%

rail transportation
river transportation 0.93%
road transportation
0.31%
1.55%
Accidents N. %
Release without consequences 249 38,66
Explosion 300 46,58
Fire 64 9,94
Jet fire 8 1,24
Vapour-flash fire 8 1,24
Fireball 15 2,33
TOT 644 100,00

Ed. 2008/09

9
Historical analysis
Metano - Gas naturale - Cause generali - MHIDAS 06/07

Ext events
Impact 16%
30%

Human factor
17%

other
19% Mechanical Rupture
18%

N. Date Country Location Activity Fatals Injures Chemical

304 1966 D REFINERY PROCESSING 3 75-83 LNG
1924 1978 ?? SEA NAVIGATION LNG
3911 1978 UAE TERMINAL STORAGE 4 LNG
1923 1979 MEDIT. SEA NAVIGATION LNG
807 1979 D PROCESSING LNG
1191 1979 ATLANT SEA NAVIGATION 1 LNG
4139 1979 USA LAKE PIPETRANSPORT 2 1 LNG
1925 1979 G. MEX. SEA NAVIGATION LNG

Ed. 2008/09

CHECK LISTS

Check lists:

A list of points/problems to be investigated to highlight hazards

Results expected:

a list of HAZARDS and preventive and mitigation actions

Ed. 2008/09

10
 CHECK LISTS
Table of contents Example

API Recommendation Practice 14J (1993)

Ed. 2008/09

CHECK LISTS

Check list
reference: System: Dated:
POINT/ Is it Causes Dama Existing FREQ DAMAGE RISK New
PROBLEM relevant ges Preventive Preventive or
in the and Mitigation
case Mitigation actions?
under measures
study?
High YES in line Injurie Safety 2 3 6 Periodical
pressures the XXX ruptures s for Relief Inspection
unit can operat Valves (every 6
provide ors months) of
injuries to pipes and
operators safety relief
valves

Ed. 2008/09

11
 CHECK LISTS

Index method in DPCM 31-3-89

 The goal of the method is the selection of the most
critical unit of a plant
 A sort of check list providing values for each point
of the list
 At the end of the analysis a global risk index can be
estimated for each unit
 In a second phase (compensation) a different
check is used to check the safety measures, in
order to compensate the risk index and determine
the final value (Compensated Risk Value)
 The Risk Index method for LPG storages and toxic
or flammable storages are reported in DM 15/5/96
and 20/10/98

Ed. 2008/09

Failure modes
An equipment FAILURE MODE is the loss of one of its FUNCTIONS
FAILURE MODES depend on the OPERATIONAL PHASE of the
system
The OPERATIONAL PHASE describe the different configurations
taken from the system during his life (Starting, Regime, Shutdown,
Maintenance, …)
The failure mode analysis needs the identification of all the possible
failure modes for the system. The analysis is made identifying the
failure modes of each component in each one of its operational
pahses.

The main difficulty of the RCM was founded on the recognition that:
the Maintenance Engineer has to think about FUNCTIONS while
the Maintainer has to think about COMPONENTS

Ed. 2008/09

12
 FAILURE MODE , EFFECTS and
CRITICALITY ANALYSIS - FEMCA

Goals:
 Identification of system failure modes
 Qualitative estimation of damages vs. safety,
environment, economics, reputation
 Highlight existing preventive and mitigation measures
 Highlight diagnostics
 Define new actions (prevention or mitigation)

Analysis must be systematic and complete

The failure mode identification must be exhaustive and cannot be
reduced to the listing of the failures already occurred!

Ed. 2008/09

FMECA

FMECA – Failure Mode, Effects & Criticality Analysis

SYSTEM OPERATIONE PHASE

COMP. FAILURE LOCAL SYSTEM PLANT FREQ DAMAGE DETECTION NEW NOTES
MDOE EFFECT EFFECT EFFECT PREVENTION ACTIONS
MITIGATION

S EN EC R
……. …… …….. …….. ……… ……… … ………. ……. …….
…
…
.
.

S: Damage on safety
EN: Damage on environment
EC: Damage on economics (loss of production, maintenance costs)
R: Damage on reputation

Ed. 2008/09

13
 FMECA

 The approach is “single failure”: we cannot

investigate multiple failure to avoid the explosion
of the analysis
 Estimation of frequency and damage must be
performed taking into account the existing
preventive and mitigation measures.

Some references:
 IEC 60812
 MIL STD 1629/A
 http://www.weibull.com/basics/fmea.htm

Ed. 2008/09

FMECA

FAILURE MODE EFFECTS AND CRITICALITY ANALYSIS

Project: EMU X61 System: brake system and AGTU Author: Elisa Ruscello
Failure
Line Id. Ref. Operating Failure effects Criticality categorisat
X60 Line Id. scheme Component (LRU) Function mode Failure mode Failure cause Detection Failrate ion Remark

on component on system on Service on Safety (fpmh)

1 1 CABIN EQUIPMENT
DOUBLE AIR GAUGE Ø 80 periodic check, cross check
mm 0÷12 bar monitors the pressure in no or wrong BP no/wrong BP indication to with BP pressure transducer,
2 2 01.02 BP and MP all pressure indication fatigue driver none immediate by driver N N 0.24 1
periodic check, cross check
no/wrong MP no/wrong MP indication to with MP pressure switches,
3 3 01.02 all pressure indication fatigue driver none immediate by driver N N 0.24 1
ISOLATING COCK 1/2" TYPE by-pass of magnet valve none, slightly increased air
4 4 01.03 RDN/3S ref. 01.15 all leakages fatigue local air leakage consumption periodic maintenance/check N N 0.12 1
loss of magnet valve ref. 01.15
function: isolation of pilotaire loss of protection against accidental BP
5 5 01.03 all cock unduly opened human error from MP recharging periodic maintenance/check N N N.A. 1
EP VALVE E/RP-2 TYPE activation/deactivation continuous local air release continuous horn signal, MP exhaustion. immediate acoustic, MP isolate the magnet valve through the
6 6 01.04 of horn all stuck open mechanic fault, fatigue, fracture, short circuit from MP Isolation needed pressure switch and gauge N N 0.59 2 respective cut-out cock ref. 01.05

daily brk test at system power manual activation of horn available through
7 7 01.04 run stuck closed mechanic fault, fatigue, fracture, open circuit no air flow towards horn loss of horn signal on, immediate upon request N N 0.07 2 cut-out cock ref. 01.17
ISOLATING COCK 1/4" TYPE isolation of horn magnet none, slightly increased air
8 8 01.05 RDN/1 valve from BP all leakage fatigue local air leakage consumption periodic check N N 0.07 1
9 9 01.05 all cock unduly closed human error no flow towards horn loss of horn signal immediate at system start up N N N.A. 2 as soon as possible open the cock
PILOTAIRE WITH BP filling, pneumatic
REMOVABLE HANDLE control of train BP cannot be fed by MP, pneumatic braking
brake/release through stuck in coasting possible pressure decrease in impossible,emergency brake application
10 10 01.07 pressure level in BP backup position seizure, breakage the BP time via push button slightly degraded immediate by driver Y N 0.27 3 double failure scenario
backup,
service
mission stuck in brake
11 11 01.07 start position seizure, breakage BP continuously exhausted train permanently braked immediate by driver Y N 0.27 3 double failure scenario

stuck in pneumatic back-up braking not

backup, release/charge continuous air flow from MP available, emergency brake application
12 12 01.07 emergency position seizure, breakage towards BP time via push button degraded immediate by driver Y N 0.18 3 double failure scenario

Ed. 2008/09

14
 HAZOP

HAZOP – HAZard and OPerability Studies

SYSTEM OPERATIONAL PHASE

DAMAGE

PROCESS DEVIA- CAUSES LOCAL FREQ. S EN EC R DETECTION NECESSARY NOTES

PARAMETER TION EFFECTS PREVENTION ACTIONS
SYSTEM MITIGATION
PLANT METHODS

S: Damage on safety
EN: Damage on environment
EC: Damage on economics (loss of production, maintenance costs)
R: Damage on reputation

Ed. 2008/09

HAZOP – Steps of the analysis

Steps of the analysis:

 Team organization
 Definition of the system
 Identification of operative phases
 Selection of process lines
 Choice of the keywords

 Implementation of the analysis

Ed. 2008/09

15
 HAZOP – Definition of the system

Definition of the system

smoke
Operational phases:
• Use
• Summer shut down
Hot H2O

T Cold H2O

T
gas
D

Ed. 2008/09

HAZOP – Selection of process lines

Selection of process lines

Combustion P Control
smoke

Hot H2O prod.

T Control

Hot H2O
Gas supply
T Cold H2O

Cold H2O supply

T
gas
D

Ed. 2008/09

16
 HAZOP – Process parameters
Process parameters:
 Gas supply
 Gas flow rate, pressure
 T Control
 Water temperature
 P Control
 Tank pressure
 Combustion
 Gas flow rate, pressure
 Air flow rate
 Smoke flow rate
 Heat flux
 Cold H2O supply
 Cold water flow rate, pressure, temperature
 Hot H2O production
 Hot water flow rate, pressure, temperature

Ed. 2008/09

HAZOP – Choice of the keywords

Choice of the keywords

Operational
GUIDEWORD DEVIATION
phases/conditions
FLOW NO/LESS
MORE
NORMAL REVERSE
OPERATIONS
TEMPERATURE MORE
START-UP
LESS
NORMAL SHUT PRESSURE MORE
DOWN
LESS
EMERGENCY SHUT
DOWN LEVEL MORE
MAINTENANCE LESS
COMPOSITION AS WELL AS
OTHER THAN
Ed. 2008/09

17
HAZOP

HAZOP – HAZard and OPerability Studies

SYSTEM OPERATIONAL PHASE

DAMAGE

PROCESS DEVIA- CAUSES LOCAL FREQ. S EN EC R DETECTION NECESSARY NOTES

PARAMETER TION EFFECTS PREVENTION ACTIONS
SYSTEM MITIGATION
PLANT METHODS

Ed. 2008/09

HAZOP

Ed. 2008/09

18
 Criticality Analysis

Criticality Analysis
 The criticality analysis is based on risk analysis
 The critical failure modes are those characterized by an
higher value of risk
 The risk is the given making the product of frequency and
damage
R=FxD
 R, F and D are estimated by qualitative indexes
 In the criticality analysis we analyse the risks vs. safety,
environment, productivity and infrastructure damage or
maintenance costs, reputation
 The maintainability analysis allows the estimation of the
costs in terms of productivity and costs of maintenance
 The Criticality analysis is performed by Risk Matrixes
Ed. 2008/09

Criticality Analysis
SYSTEM OPERATIONAL PHASE

DAMAGE

PROCESS DEVIA- CAUSES LOCAL FREQ. S EN EC R DETECTION NECESSARY NOTES

PARAMETER TION EFFECTS PREVENTION ACTIONS
SYSTEM MITIGATION
PLANT METHODS

S: Damage on safety
EN: Damage on environment
EC: Damage on economics (loss of production, maintenance costs)
R: Damage on reputation

Ed. 2008/09

19
 Criticality Analysis

Estimation of the Frequency by qualitative indexes

FREQUENCY DESCRIPTION
index
1 The event is not expected in system life

2 The event could happen no more than one time in

system life
3 The event is expected few times in the system life
(i.e. no more than 1 time / 5 years)
4 The event is expected several in the system life
(more than 1 times /5 years)

Ed. 2008/09

Criticality Analysis

Estimation of the Consequences by qualitative indexes

DAMAGE DESCRIPTION DAMAGE DESCRIPTION
(Safety) (Economics)
1 Negligible effects
1 There aren’t significant
effects 2 The system is partially
degraded but there is not any
2 Temporary damage to stop of production or there is
people (curable up to 3 a reduction of the production
days) rate without interruptions
3 Temporary damage to 3 The system is degraded and
people (curable in more there is a stop of production
than 3 days) shorter than a week

4 Permanent damages or 4 There is the lost of the system

with the consequent loss of
deaths
production for a long period,
longer than a week

Ed. 2008/09

20
 Criticality Analysis
Risk Matrix
The criteria for
F 4 4 8 12 16
acceptability depends on
3 3 6 9 12 the type of risk (Safety,
Environment,
2 2 4 6 8 Productivity, etc.).

1 1 2 3 4 Every type of damage

has its Risk Matrix
1 2 3 4
Damage

R>8 High critical events on which to intervene with measures for prevention
and/or mitigation
4R8 Critical events that require an in-depth study

2R3 Reduced critical events on which to intervene in case there are preventive
measures or mitigation of low-cost (of project or management)

R=1 Non critical events

Ed. 2008/09

EXAMPLE of RISK MATRIX (for safety studies)

Ed. 2008/09

21
 Results of a real criticality analysis

Ed. 2008/09

Criticality Analysis

SYSTEM OPERATIVONAL PHASE

DAMAGES

PROCESS DEVIAT. CAUSES LOCAL FREQ. S EN EC R DETECTION NECESSARY NOTES

PARAMETER EFFECTS PREVENTION ACTIONS
SYSTEM MITIGATION
PLANT METHODS

Level More … … 2 4 … …

F 4 4 8 12 16

3 3 6 9 12

2 2 4 6 8

1 1 2 3 4

1 2 3 4

Danno

Ed. 2008/09

22
 Criticality Analysis

Expected Results:

 List of critical failure modes vs. each type of

consequence (Safety, Environment, Economics, etc.).
 Strategies to reduce Criticality (prevention/mitigation).
F 4 4 8 12 16

3 3 6 9 12
MITIGATION
2 2 4 6 8

1 1 2 3 4
PREVENTION
1 2 3 4

Danno
D

Ed. 2008/09

Exercise

DOMESTIC HEATER

smoke
Operational phases:
• Use PSV
• Summer shut down
Hot H2O

T2 Cold H2O

CKV

MV T1
gas SDV RV
GD

Ed. 2008/09

23
 FMECA EXERCISE

 Application of the qualitative analysis to the domestic heater:

1. Define the criteria (F and D levels) for the qualitative Criticality

Analysis (vs. safety of people, vs. production)
2. Define your tolerability of risk by drawing the related Risk Matrixes
(one for people and one for production)
3. Perform the FMECA for the following items:
1. T2
2. RV
3. CKV
4. PSV
5. GD
4. Perform the criticality analysis in order to highlight the most critical
items.
5. Select the risk compensating measures (form the design, maintenance
or procedural points of view)

Ed. 2008/09

HAZOP EXERCISE

 Application of the qualitative analysis to the domestic heater:

1. Define the criteria (F and D levels) for the qualitative Criticality

Analysis (vs. safety of people, vs. production)
2. Define your tolerability of risk by drawing the related Risk Matrixes
(one for people and one for production)
3. Perform an HAZOP for the processes “Gas Supply” and “Combustion”
Perform the criticality analysis in order to highlight the most critical
causes.
4. Select the risk compensating measures (form the design, maintenance
or procedural points of view)

Ed. 2008/09

24
 HAZID EXERCISE

 Consider the operation procedure you have to follow to perform the

refueling of your car at the gasoline station:

1. Define the criteria (F and D levels) for the qualitative Criticality

Analysis (vs. safety of people)
2. Define your tolerability of risk by drawing the related Risk Matrixes
3. Define the correct procedure as a sequence of elementary activities
(6-7 activities)
4. Perform the HAZID for each elementary activity and select the most
critical ones.
5. Select the risk compensating measures (form the design, maintenance
or procedural points of view)

Ed. 2008/09

LOPA

 Layer Of Protection Analysis

 Used to perform a semi-quantitative risk
analysis HAZOP
 Highlights the need of further protections
in the system

Ed. 2008/09

25
 Tolerability criteria

• Semi quantitative approach

NOT
D ACCETTABLE

Extensive

ACCETTABLE
Serious

Minor

1.00E-06 1.00E-07 1.00E-08 1.00E-09 1.00E-10 F

Ed. 2008/09

LOPA
INDEPENDENT

from HAZOP Design preventive

actions Basic Process Passive
Control System protection
(DCS)

Ed. 2008/09

26
 LOPA

Ed. 2008/09

LOPA

BASIC PROCESS CONTROL SYSTEMS

IPL – INDEPENDENT PROTECTION LAYERS

• Specificity (dedicata ad un solo hazard)
• Independence
• Auditability - possibilità di testarne la disponibilità

Ed. 2008/09

27
 REMINDS ON PROBABILITY
THEORY
What is an “event”?

It is the result of an experiment!

An event can be a single output or the “union” of

more outputs

Example: events
Experiment: to throw a die
Event A: outcome is 5
Event B: outcome is a even number (2, 4, 6)
Event C: outcome is a odd number (1,3,5)

Ө: impossible event

Ed. 2008/09
Universo  : all the possible outcomes

REMINDS ON PROBABILITY
THEORY
We need operators to work with events (Boolean
Operators)
UNION or DISJUNCTION: C
A B
event C=A U B happens if A or B
or both happen 

INTERSECTION or CONJUNCTION: D
A B
event D=A∩B happens if A and

B happen together

NEGATION or COMPLEMENT: E
A
event E=-A happens if A does
not happen 

Ed. 2008/09

28
 REMINDS ON PROBABILITY
THEORY
Algebra for Events
commutative laws AB  BA
AB  BA

associative laws
A  B  C  A  B  C
A  B  C  A  B  C
AA  A
idempotenza laws
AA  A
A  A  B  A
absorption laws
A  A  B  A

AA 

complementarity laws AA 



A  B  A  B
De Morgan laws
A  B  A  B
Ed. 2008/09

REMINDS ON PROBABILITY
THEORY
What is the Probability of the event?

CLASSIC DEFINITION (from game theory)

Pr (A) probability is the ratio between the number of favour cases in

occurrence of event and the number of possible cases, if equally plausible.

Example: If a coin is tossed, the probability that event A = (coin lands head) happens is
equal to: Pr (A) = ½; if you run a die, the probability that event B = ( leaves an odd

number) happens is estimated by Pr (B) = 3 / 6 = ½.

Ed. 2008/09

29
 REMINDS ON PROBABILITY
THEORY
What is the Probability of the event?

EXPERIMENTAL DEFINITION

Repeat the experiment N times, in the same conditions, let n the

number of A outcome and N-n the number of different outcomes:
Pr (A) is the limit for N tending to infinite of n/N.

n
P( A)  lim N 
N

Ed. 2008/09

REMINDS ON PROBABILITY
THEORY
What is the Probability of an event?

ASSIOMATIC DEFINITION

0 Pr(A) 1
Pr() =1
Pr(A1  A2) = Pr(A1) + Pr(A2) with A1∩A2=Ө

S ( A)
P( A)  A

S ( ) 
Ed. 2008/09

30
 REMINDS ON PROBABILITY
THEORY

Simple Theorems
P(Ø)=0

P(not A)= 1- P(A)

Ed. 2008/09

REMINDS ON PROBABILITY
THEORY
The probability of the union of events
U ∩
P(A + B) = P(A) + P(B) - P(A * B)
A  B surface is obteined:

A surface +
B
A
B surface -

For 3 events: A  B surface

P(A+B+C) = +P(A)+P(B)+P(C)+
-P(A*B)-P(A*C)-P(B*C)+
+P(A*B*C)
Ed. 2008/09

31
 REMINDS ON PROBABILITY
THEORY

For Mutually exclusive events P(A*B)=0:

P(A + B) = P(A) + P(B)

A and B are Mutually Exclusive if:

when A is occurred, B cannot occur or
viceversa

Rare events approx.

P(A + B) ⋍ ≤ P(A) + P(B)

P(A + B + C) ⋍ ≤ P(A) + P(B) + P(C)
Ed. 2008/09

REMINDS ON PROBABILITY
THEORY
The probability of the intersection of events
∩
A B
P(A*B) = P(A) * P(B/A)


Conditional probability: probability of B if A has

already occurred

For 3 or more events:

P(A1*A2*A3*…*An) = P(A1)*P(A2/A1)*P(A3/A1*A2)*…*P(An/A1*…An-1)

Ed. 2008/09

32
 REMINDS ON PROBABILITY
THEORY
What is the conditional probability?

P(B/A) = P(B*A) / P(A)

A B

It is the probability of B evaluated

using a smaller universe: the event A
instead of Ω

Ed. 2008/09

REMINDS ON PROBABILITY
THEORY

For independent events P(B)=P(B/A):

P(A * B) = P(A) * P(B)

A and B are independent

if the occurrence of A does not change the
probability of B!

Ed. 2008/09

33
 RUSSIAN ROULETTE

Consider a Revolver with only 1 bullet in the cylinder:

1° approach: the cylinder is moved randomly ONLY before the firs shot
 What is the probability to die at the 1° shot?
 What is the probability to die at the 2° shot?
 …

2° approach: the cylinder is moved randomly before EACH shot

 What is the probability to die at the 1° shot?
 What is the probability to die at the 2° shot?
 …

If you are the 2° in the game, which approach is better? 

Ed. 2008/09

EXERCISE

Consider a pipeline of natural gas and the following events:

 A: pipe rupture due to external impact
 B: correct intervention of the ESD
 C: ignition of the jet
 D: dispersion of the gas cloud and explosion

Indicate the events that are dependent:

Indicate the events that are mutually exclusive:

If you know P(A), P(B), P(C) and P(D), write the relationship for the calculation of
 P(A*B*C)= …………………………….
 P(A+B)=………………………………..
 P(C+D)=……………………………….

Ed. 2008/09

34
You must be able to …
 know the definition of risk, safety, hazard…
 recognise if a risk is individual or social
 decide if a risk value is acceptable or not
 know the difference between qualitative and quantitative analyses
 know how the risk perception can be modelled in the definition of risk
 have a look to an European law on risk (e.g Seveso Directive…) and
identify in it the role of system design, system management, maintenance
management, emergency planning, etc. to assure safety
 recognise from the label and datasheet if a chemical substance is
dangerous or not
 be able to read and interpret a Material Safety Data Sheet and a Label of
dangerous goods
 be able to read a P&ID of a plant
 know the list of info related to the plant and the site that are necessary to
approach a risk analysis
 be able to manage events by their algebra
 know the meaning of probability
 know how to assess the probability of the union or intersection of events
 understand if two events are dependent or independent and demonstrate it
by the probability theory
 understand if two events are mutually exclusive or not and demonstrate it
by the probability theory
 be able to make an example of dep/indep. Events, mutually exclusive/not
mutually exclusive events from your daily life
Ed. 2008/09

35