Semi Quantitative & Quantitative Risk Assessment

SEMI QUANTITATIVE
RISK ASSESMENT
RISK MANAGEMENT TEAM TEACHING 2018
Concept Definitions
Hazardous Modelling Quantitative
Risk Final
Review Material Frequency
Consequence Source Hazard Effect Estimation Thoughts
Release Analysis
Concept Definitions
Hazard – An intrinsic chemical, physical, societal, economic or political condition that
has the potential for causing damage to a risk receptor (people, property or
the environment).
A hazardous event (undesirable event) requires an initiating event or failure and then either failure
of or lack of safeguards to prevent the realisation of the hazardous event.
Examples of intrinsic hazards:

• Toxicity and flammability – H2S in sour natural gas
• High pressure and temperature – steam drum
• Potential energy – walking a tight rope
3
Risk Final
Release Analysis
Concept Definitions
Risk – A measure of human injury, environmental damage or economic loss in

terms of both the frequency and the magnitude of the loss or injury.
Risk = Consequence x Frequency
4
Risk Final
Release Analysis
Concept Definitions
Risk
Intrinsic Undesirable
Hazards Event
Consequences
Likelihood Likelihood of
of Event Consequences
Example
Storage Loss of life/ property,
Spill and Environmental
tank with
Fire damage,
flammable Damage to reputation
material of facility
5
Risk Final
Release Analysis
Concept Definitions
Risk
Hazards Event
Consequences
Causes of Event Consequences
6
Risk Final
Release Analysis
Concept Definitions Layers of Protection are used to

enhance the safe operation. Layers of
Protection Analysis (LOPA) is used to
Risk Layers of Layers of determine if there are sufficient layers of
Protection Protection protection for a predicted accident
scenario. Can the risk of this scenario
be tolerated?
Hazards Event
Consequences
Causes of Event Consequences
Causes are also known
as Initiating Events.
Preparedness,
Prevention Mitigation,
Land Use Planning,
Response, Recovery
7
Risk Final
Release Analysis
Quantifying Risk
Risk – A measure of human injury, environmental damage or economic loss in
terms of both the frequency and the magnitude of the loss or injury.
N
Riskh =å Consequencei,h * Frequencyi,h
i=1
Rh Consequencei, of Frequencyi, of
Risk from an undesirable event, h consequence i from
undesirable event h
event, h
where i is each consequence
8
Risk Final
Release Analysis
Quantifying Risk
If more than one type of receptor can be impacted by an event, then the
total risk from an undesirable event can be calculated as:
K N
Riskh =å å Consequencei,h,k * Frequencyi,h,k
Rh k=1 i=1
Risk from an Consequencei, of Frequencyi, of
undesirable undesirable event, h consequence i, from
event, h event h
where k is each receptor (ie. people, equipment, the

environment, production)
9
Risk Final
Release Analysis
Define the System

Overview of Risk Assessment
Risk
Hazard
1. Identify hazardous materials and process Analysis
conditions Identification
2. Identify hazardous events
3. Analyse the consequences and frequency of
events using:
i. Qualitative Risk Assessment Consequence Frequency
(Process Hazard Analysis using
Risk Matrix techniques) Analysis Analysis
- SLRA (screening level risk assessment)
- What-if
- HAZOP (Hazard & Operability study) Risk
- FMEA (failure modes and effects analysis)
Evaluation
Risk Assessment
10
Risk Final
Release Analysis
Define the System

Overview of Risk Assessment
Risk
Hazard
ii. Semi-Quantitative Risk Assessment Analysis
- Fault trees/ Event trees/ Bow-tie
Identification
iii. Quantitative Risk Assessment

- Mathematical models for hazard effents Consequence Frequency
include explosion overpressure levels, Analysis Analysis
thermal radiation levels
- The consequences are determined from
the hazardous effects
Risk
Evaluation
Risk Assessment
11
Perform Quantitative Risk Analysis
• The process of numerically analyzing the effect of identified risks
on overall Organization objectives
• Quantitative analysis is performed onrisks that have been
prioritized by the qualitative risk analysis process as potentially
and substantially impacting the competing demands.
Techniques Used in Quantitative Risk Analysis
Risk Final
Release Analysis
Risk Assessment requires QUANTITATIVE frequency analysis.
Quantifying risk enables estimation of:

• How often an undesirable initiating event may occur.
• The probability of a hazard outcome after the initiating event.
• The probability of a consequence severity level after the hazard outcome

(i.e. fatalities, injuries, severity of economic loss).
14
Risk Final
Release Analysis
Historical data can be used to calculate the frequency of

initiating events, hazard outcomes and the severity of the
consequence.
Analysis Techniques
1. Frequency modelling techniques
2. Common-cause failure analysis
3. Human reliability analysis
4. External events analysis
• Used
15
Risk Final
Release Analysis
Data can be used to calculate the frequency of initiating

events, hazard outcomes and the severity of the
consequence.
Analysis Techniques
1. Frequency modelling techniques Used to estimate frequencies or
2. Common-cause failure analysis probabilities from basic data.
3. Human reliability analysis Typically used when detailed
historical data is not available.
• Used
i. EVENT TREES
ii. FAULT TREES
16
Risk Final
Release Analysis

consequence.
Analysis Techniques
1. Frequency modelling techniques Used to identify and analyse
2. Common-cause failure analysis failures common to multiple
3. Human reliability analysis components found in systems
4. External events analysis that can lead to a hazardous
event.
• Used
17
Risk Final
Release Analysis

consequence.
Analysis Techniques
2. Common-cause failure analysis Used to provide quantitative
3. Human reliability analysis estimates of human error
4. External events analysis probabilities.
• Used
18
Risk Final
Release Analysis
Data can be used to calculate the frequency of initiating events,

hazard outcomes and the severity of the consequence.
Analysis Techniques
2. Common-cause failure analysis
3. Human reliability analysis
4. External events analysis Used to identify and assess
external events (i.e. plane crash,
• Used
terrorist activities, earthquakes)

to understand expected
frequency of occurrence and/or
consequence severity per
occurence. 19
Risk Final
Release Analysis

consequence.
Analysis Techniques
1. Frequency modelling techniques Used to estimate frequencies or
2. Common-cause failure analysis probabilities from basic data.
3. Human reliability analysis Typically used when detailed
historical data is not available.
• Used
i. EVENT TREES
ii. FAULT TREES
We will focus on event and fault trees as frequency modelling techniques.
20
Risk Final
Release Analysis
Fault Trees Event Trees Bow-Tie
Fault Trees
• Fault trees are logic diagrams using and/or combinations.
• They are a deductive method to identify how hazards culminate from
system failures.
• The analysis starts with a well-defined accident and works backwards
towards the causes of the accident.
21
Risk Final
Release Analysis
Fault Trees – Typical Steps

STEP 1 – Start with a major accident of hazardous event (release of toxic/
flammable material, vessel failure). This is called a TOP EVENT.
STEP 2 – Identify the necessary and sufficient causes for the top event to occur.
How can the top event happen?
What are the causes of this event?
STEP 3 – Continue working backwards and follow the series of events that
would lead to the top event. Go backwards until a basic event with a
known frequency is reached (pump failure, human error).
22
Risk Final
Release Analysis
Fault Trees – Simple Example

Car Flat Tire
(TOP EVENT)
Driving over Tire failure

debris on the
road
Defective Worn
Tire Tire
This is not an exhaustive list of failures.
Failures could also include software, human and environmental factors.
23
Risk Final
Release Analysis

Car Flat Tire
(TOP EVENT)
Driving over Tire failure INTERMEDIATE

debris on the EVENT
road
Defective Worn
Tire Tire
24
Risk Final
Release Analysis

Car Flat Tire
(TOP EVENT)
Driving over Tire failure

debris on the
road
BASIC Defective Worn

EVENTS Tire Tire
Let’s now format this tree as a fault tree logic diagram.

25
Risk Final
Release Analysis
Fault Trees – Simple Example, Logic Diagram

TOP EVENT Car Flat Tire
OR
Tire failure
Driving over OR
debris on
the road
Defective Worn
Tire Tire
26
Risk Final
Release Analysis
Fault Tree Logic Transfer Components

BASIC EVENT
AND GATE This is fault event with a
Output event requires simultaneous known frequency and needs
occurrence of all input events no further definition.
INTERMEDIATE
EVENT
OR GATE An event that results from the
Output event requires the interaction of other events.
occurrence of any individual input UNDEVELOPED EVENT
event. An event that cannot be developed
further (lack of information), or for
INHIBIT EVENT which no further development is
needed.
Inhibit Output event will not occur if EXTERNAL EVENT
Condition the input and the inhibit An event that is a boundary
condition occur condition to the fault tree.
27
Risk Final
Release Analysis
Fault Trees – BEFORE YOU START DRAWING THE TREE, Preliminary Steps
STEP 1 – Precisely define the top event.

STEP 2 – Define pre-cursor events.
What conditions will be present when the top event occurs?
STEP 3 – Define unlikely events.
What events are unlikely to occur and are not being considered?
Wiring failures, lightning, tornadoes, hurricanes.
STEP 4 – Define physical bounds of the process.
What components are considered in the fault tree?
28
Risk Final
Release Analysis
Fault Trees – BEFORE YOU START DRAWING THE TREE, Preliminary Steps
STEP 5 – Define the equipment configuration.

What valves are open or closed?
What are liquid levels in tanks?
Is there a normal operation state?
STEP 6 – Define the level of resolution.
Will the analysis consider only a valve or is it necessary to
consider all valve components?
29
Risk Final
Release Analysis
Fault Trees – DRAWING THE TREE

STEP 1 – Draw the top event at the top of the page.
STEP 2 – Determine the major events (intermediate, basic, undeveloped or
external events) that contribute to the top event.
STEP 3 – Define these events using logic functions.
a. AND gate – all events must occur in order for the top event to occur
b. OR gate – any events can occur for the top event to occur
c. Unsure? If the events are not related with the OR or AND gate, the
event likely needs to be defined more precisely.
STEP 4 – Repeat step 3 for all intermediate, undeveloped and external
events. Continue until all branches end with a basic cause.
30
Risk Final
Release Analysis
Fault Trees – Chemical Reactor Shutdown Example

A chemical reactor is fitted with a
high pressure alarm to alert the
operator in the event of dangerous
reactor pressures. An reactor also
has an automatic high-pressure
shutoff system.
The high pressure shutoff system
also closes the reactor feed line
through a solenoid valve.
The alarm and feed shutdown
systems are installed in parallel.
31
Risk Final
Release Analysis
Fault Trees – Chemical Reactor Shutdown Example

Define the Problem
TOP EVENT = Damage to the reactor by overpressure
EXISTING CONDITION = Abnormal high process pressure
IRRELEVANT EVENTS = Failure of mixer, electrical failures,
wiring failures, tornadoes, hurricanes, electrical storms
PHYSICAL BOUNDS = Process flow diagram (on left)
EQUIPMENT CONFIG = Reactor feed flowing when solenoid
valve open
RESOLUTION = Equipment shown in process flow diagram
32
Risk Final
Release Analysis
TOP EVENT Reactor Overpressure

and Damage
1. Start by writing out the top event on

Note that you can only have the top of the page in the middle.
Reactor Overpressure, if
“Reactor Pressure Increasing” is
an intermediate or undefined
condition; the system passes
through pressure increasing to
overpressure
33
Risk Final
Release Analysis
AND A
High Pressure Emergency

Alarm Indicator Shutdown failure
Failure
2. The AND gate notes that two events must occur in

parallel. These two events are intermediate events.
34
Risk Final
Release Analysis

3. The OR gates
define one of two AND A
events can occur.
Alarm Indicator Failure Emergency Shutdown Failure
OR B OR C
Pressure Pressure Pressure Solenoid

Switch 1 Indicator Switch 2 Valve
Failure Light Failure Failure Failure
35
Risk Final
Release Analysis

4. We’ll give a
number to each of AND A
the basic causes &
basic events. Alarm Indicator Failure Emergency Shutdown Failure
OR B OR C
Pressure Pressure Pressure Solenoid

Switch 1 Indicator Switch 2 Valve
Failure Light Failure Failure Failure
1 2 3 4
36
Risk Final
Release Analysis
Chemical Reactor Shutdown Example – Determining Minimal Cuts

After drawing a fault tree, we can determine minimum cut sets which are sets of
various unique event/condition combinations, without unnecessary additional
events/conditions which can give rise to the top event.
Each minimal cut set will be associated with a probability of occurring – human
interaction is more likely to fail that hardware.
It is of interest to understand sets that are more likely to fail using failure
probability. Additional safety systems can then be installed at these points in the
system.
Example: The combination of A and B and C can lead to the Top Event. However,
A and B alone can lead to the Top Event, and C is unnecesary
37
Risk Final
Release Analysis

1. Write drop the first logic gate below the top
event.
2. AND gates increase the number of events in

the cut set. Gate A has two inputs: B and C. The
AND gate is replaced by its two inputs.
AB C
38
Risk Final
Release Analysis

3. OR gates increase the number of sets. Gate B
has inputs from events 1 and 2. Gate B is replaced by
one input and another row is added with the second
input.
AB1 C
2 C
4. Gate C has inputs from basic events 3 and 4.
Replace gate C with its first input and additional rows
are added with the second input.
39
Risk Final
Release Analysis

4. Gate C has inputs from basic events 3 and 4.
Replace gate C with its first input and additional rows
are added with the second input. The second input
from gate C are matched with gate B.
AB1 C 3
2 C 3
1 4
2 4
40
Risk Final
Release Analysis

5. The top event can occur following one
of these cut sets:
Events 1 and 3
Events 2 and 3
Events 1 and 4
Events 2 and 4
41
Risk Final
Release Analysis
Quantifying the Probability of the Top Event

Process equipment failures occur following interactions of individual components
in a system. The type of component interaction dictates the probability of failure.
A component in a system, on average, will fail after a certain time. This is called
the average failure rate (µ, units: faults/time).
Using the failure rate of a component, we can determine its reliability and
probability of failure.
Failure Rate Probability Reliability
µ P(t) t
R(t) 1-P(t)
P(t) = ò f (t)dt
t=0
Time, t Time, t Time, t 42

Risk Final
Release Analysis

Failure Rate Reliability Probability
t
µ R(t) 1-P(t) P(t) P(t) = òf (t)dt
t=0
Time, t Time, t Time, t
R(t) =exp(- m t) P(t) = 1- R(t)

P(t) =1 - exp(- m t)
43
Risk Final
Release Analysis
PFDavg – Probability of failure on Demand, averaged over time
1 t=T PFD at any given time, averaged

PFDavg =
T
ò t=0
PFD(t)dt over a period of time
Reliability, R(t), is the Probability of Success,

averaged over a specified period of time
44
Risk Final
Release Analysis

Component Failure Rate, µ R(t) P(t)
Failure data for typical (faults/year)
process components can be Control Valve 0.60 0.55 0.45
obtained from published Flow Measurement
Fluids 1.14 0.32 0.68
literature. Solids 3.75 0.02 0.98
Flow Switch 1.12 0.33 0.67
Hand Valve 0.13 0.88 0.12
Indicator Lamp 0.044 0.96 0.04
Level Measurement
Liquids 1.70 0.18 0.82
Solids 6.86 0.001 0.999
pH Meter 5.88 0.003 0.997
Pressure Measurement 1.41 0.24 0.76
Pressure Relief Valve 0.022 0.98 0.02
Pressure Switch 0.14 0.87 0.13
Solenoid Valve 0.42 0.66 0.34
Temperature Measurement
Thermocouple 0.52 0.59 0.41 45
Risk Final
Release Analysis

Component Failure Rate, µ R(t) P(t)
The failure probability and (faults/year)
reliability of a component Control Valve 0.60 0.55 0.45
can be calculated from its Flow Measurement
Fluids 1.14 0.32 0.68
known failure rate. Solids 3.75 0.02 0.98
Flow Switch 1.12 0.33 0.67
Hand Valve 0.13 0.88 0.12
Indicator Lamp 0.044 0.96 0.04
Level Measurement
Liquids 1.70 0.18 0.82
Solids 6.86 0.001 0.999
pH Meter 5.88 0.003 0.997
Pressure Measurement 1.41 0.24 0.76
Pressure Relief Valve 0.022 0.98 0.02
Pressure Switch 0.14 0.87 0.13
Solenoid Valve 0.42 0.66 0.34
Temperature Measurement
Thermocouple 0.52 0.59 0.41 46
Risk Final
Release Analysis

We’ve discussed the failure probability of individual components.Failures in chemical
plants, result from the interaction of multiple components.We need to calculate the
overall failure probability and reliability of these component interactions (R = 1 – P)
Components in Parallel - AND gates

Failure Probability P Reliability n
R
P =Õ P
n
P R =1 - Õ (1 - Ri ) R
i
P 2 i=1 R2
n is the totali=1number of components n is the total number of components
Pi is the failure probability of each component Ri is the reliability of each component
Components in Series – OR gates

Failure Probability Reliability
n
P n
R
P =1 - Õ (1 - P ) i P R =Õ Ri R
i=1
P2 i=1 R2 47
Risk Final
Release Analysis

Calculations for failure probability can be simplified for systems comprised of
only two components
n
P =1 - Õ (1 - Pi )
i=1
Can be expanded to:

P(A or B) = P(A) + P(B) – P(A and B) = P(A) + P(B) – P(A)*P(B)
or A A and B at the
& same time
A B
B
48
Risk Final
Release Analysis

Two methods are available:
1. The failure probability of all basic, external and undeveloped events are written on
the fault tree diagram.
2. The minimum cut sets can be used. As only the basic events are being
evaluated in this case, the computed probabilities for all events will be larger than
the actual probability.
49
Risk Final
Release Analysis
Reactor Example – Quantifying the Probability of the Top Event

Fault Tree Diagram Method
We must first compile the reliability
and failure probabilities of each basic
event from tables.
Remember P = 1 - R
Component Reliability, Failure Probability,
R P
Pressure Switch 1 0.87 0.13
Alarm Indicator 0.96 0.04
Pressure Switch 2 0.87 0.13
Solenoid Valve 0.66 0.34
System condition
“Reactor Pressure Increasing”
50
Risk Final
Release Analysis

Fault Tree Diagram Method AND 2gate A
R =1 - P
P =Õ Pi
i=1
P =1 - 0.0702
P =(0.135) * (0.426) P =0.93
OR gate B P =0.0702
2
R =Õ Ri OR gate C
i=1
R =(0.87)
R =(0.87) * (0.96) (0.66)=0.574
R =0.835 P = 1-0.574 =
0.426
P =1 - R =0.165
The total failure
probability is
P = 0.13 P = 0.04 P = 0.13 P = 0.34 0.0702.
R = 0.87 R = 0.96 R = 0.87 R = 0.66
51
Risk Final
Release Analysis

Direct Method
P(B) = P(1 or 2) =P(1) + P(2) - P(1) * P(2) =0.13 + 0.04 - 0.13 * 0.04 =0.1648
P(C) = P(3 or 4) =P(3) + P(4) - P(3) * P(4) =0.13 + 0.34 - 0.13 * 0.34 =0.4258
P(A) = P(B and C) =P(B) * P(C) =0.1648 * 0.4258 =0.0702
52
Risk Final
Release Analysis

Minimum Cut Set Method
Events 1 and 3 P(1 and 3) = (0.13)(0.13) = 0.0169

Events 2 and 3 P(2 and 3) = (0.04)(0.13) = 0.0052
Events 1 and 4 P(1 and 4) = (0.13)(0.34) = 0.0442
Events 2 and 4 P(2 and 4) = (0.04)(0.34) = 0.0136
TOTAL Failure Probability = 0.0799
Note that the failure probability calculated using
minimum cut sets is greater than using the
actual fault tree. 53
Risk Final
Release Analysis
Words of Caution with Fault Trees

• Fault trees can be very large if the process is complicated. A real-
world system can include thousands of gates and intermediate
events.
• Care must be taken when estimating failure modes – best to get

advice from experienced engineers when developing complicated
fault trees. It is important to remember that fault trees can differ
between engineers.
• Failures in fault trees are complete failures – a failure will or will

not failure, there cannot be a partial failure.
54
Risk Final
Release Analysis
Moving from Control Measures to Consequences

• We can move from thinking about the basic events that will lead to a
top event to the consequence that can follow the top event. This can
be done using Event Trees.
• Fault Tree Analysis starts with a top event and then works backward
to identify various basic causes using “and/or” logic
• Event Tree Analysis starts with an initiating event or cause and works
forward to identify possible various defined outcomes
55
Risk Final
Release Analysis
Event Trees
Failures and
Successes of Various
Initiating Various Defined
Event Intervening Final
(Cause) Safety
Outcomes
- these Systems/Actio
ns - These will
have an have
- These have
associated associated
an average
frequency Probability on frequencies
Demand
When an accident occurs, safety systems can fail or succeed.

Event trees provide information on how a failure can occur.
56
Risk Final
Release Analysis
Event Trees – Typical Steps

1. Identify an initiating event
2. Identify the safety functions designed to deal with the initiating event
3. Construct the event tree
4. Describe the resulting sequence of accident events.
The procedure can be used to determine probability of

certain event sequences. This can be use to decide if
improvement to the system should be made.
57
Risk Final
Release Analysis
Event Trees – Chemical Reactor Example
What happens if
there is a loss of
coolant?
High Temperature
Alarm
58
Risk Final
Release Analysis

Safety operations following the
loss of coolant (the initiating
event)
High temp alarm alerts operator
0.01 failures/demand
Operator acknowledges alarm
Operator restarts cooling system
Operator shuts down reactor
High Temperature 0.1 failures/demand
Alarm
59
Risk Final
Release Analysis

event)
High temp alarm alerts operator
We can note 0.01 failures/demand
the probability
of failure on Operator acknowledges alarm
demand of 0.25 failures/demand
each safety
function Operator restarts cooling system
Operator shuts down reactor
Alarm
60
Risk Final
Release Analysis

event)
High temp alarm alerts operator [B]
And assign an 0.01 failures/demand
ID to each
operation Operator acknowledges alarm [C]
Operator restarts cooling system [D]
Operator shuts down reactor [E]
Alarm
61
Risk Final
Release Analysis
1. Start by writing out the initiating

event on the left side of the page, in
the middle.
Loss of coolant
(initiating event)
62
Risk Final
Release Analysis
1. Start by writing out the

initiating event on the left side
of the page.
2. Note the frequency of this
event (occurrences per year)
Loss of coolant
(initiating event)
1 occurrence/year
63
Risk Final
Release Analysis

ID B (High Temp Alarm Alerts Operator) 3. We’ll call the initiating event A and
0.01 failures/demand also note the occurrence per year.
4. Draw a line from the initiating event
to the first safety function (ID B) – a
Success straight line up indicates the results for
of Safety a success in the safety function and a
A Function B failure is represented by a line drawn
down.
1
Failure 5. We can assume the high temp alarm
Loss of coolant will fail to alert the operator 1% of the
(initiating event) of Safety time when in demand OR 0.01
Function B failure/demand.(This is a probability of
1 occurrence/year
failure on demand)
64
Risk Final
Release Analysis

Safety Function 7. Consider Safety Function B (operator
ID B (High Temp Alarm Alerts Operator) alerted by temperature safety alarm).
0.01 failures/demand There are 0.01 failures/demand of this
function.
Success 0.99
of Safety
Function B
A Success of Safety Function B
= (1- 0.01)* 1 occurrence/year
1 = 0.99 occurrence/year
Failure
Loss of coolant of Safety
(initiating event) Function B Failure of Safety Function B
1 occurrence/year = 0.01 * 1 occurrence/year
0.01 = 0.01 occurrence/year
65
Risk Final
Release Analysis
ID C (Operator Acknowledges Alarm)

ID B Success Success of Safety Function C

= (1-0.25 failures/demand)*0.01
0.0075
occurrence/year
Success = 0.0075 occurrence/year
0.99 Failure
Failure of Safety Function C
0.0025 = 0.25 failures/demand *0.01
A
occurrence/year
1 = 0.0025 occurrence/year
Loss of coolant Failure

(initiating event) 0.01 8. If the safety function does not apply
1 occurrence/year for the scenario, the horizontal line
continues through the function.
66
Risk Final
Release Analysis
ID B ID C ID D (Cooling System Restarted)
Success of Safety Function D
0.7425 = (1- 0.25 failures/demand)* 0.99
= 0.0075 occurrence/year
0.0075 0.2475
Success Failure of Safety Function D
0.99 = 0.25 failures/demand* 0.99
= 0.0075 occurrence/year
Loss of A 0.0025
coolant
(initiating
event)
1
Failure Similar calculation for
1
occurrence/ remaining scenarios.
0.01
year
67
Risk Final
Release Analysis
ID B ID C ID D ID E (System Shutdown)
0.1 failures/demand
Continue
0.7425 Operation
0.0075 0.2227 Shutdown
Success 0.2475
0.99 0.02475
Runway
Runway
0.0025
A
1
Failure Runway
0.01
68
Risk Final
Release Analysis
ID B ID C ID D ID E (System Shutdown)
0.1 failures/demandSequence of Safety Function Failures
Continue A
0.7425 Operation
0.0075 0.2227 Shutdown AD
Success 0.2475
0.99 0.02475
Runway ADE
Runway AC
0.0025
A
1
Failure Runway AB
0.01
69
Risk Final
Release Analysis
Sequence of Safety Occurrences/year
Function Failures
Continue Operation A 0.7425
9. The initiating event is used to indicate
Shutdown AD 0.2227 by the first letter in the sequence (ie. A).
10. The sequence ABE indicates an the
Runway ADE 0.02475 initiating event A followed by failures in
safety functions B and E.
11. Using the data provided on the
Initiating Event frequency and the
Probability on Demand of Failure or
Runway AC 0.0025
Success for the safety functions, the
overall runway and shutdown
occurrences per year can be calculated.
Runway AB 0.01
70
Risk Final
Release Analysis
Sequence of Safety Occurrences/year
Function Failures
Continue Operation A 0.7425 Total Shutdown
Occurrences per year
Shutdown AD 0.2227
= 0.2227 occurrences/year
= Once every 4.5 years
Runway ADE 0.02475
Total Runway
Runway AC 0.0025 Occurrences per year
= 0.02475 + 0.0025 + 0.01
= 0.03725 occurrences/year
= Once every 26.8 years
Runway AB 0.01
71
Risk Final
Release Analysis

What is expected if there is an
accident due to a loss of coolant?
• A system shutdown will occur

one every 4.5 years.
• A runway will occur one every
28.6 years.
High Temperature
Alarm
72
Risk Final
Release Analysis

What happens if there is an accident
due to a loss of coolant?
• A system shutdown will occur one every

4.5 years.
• A runway will occur one every 28.6
years.
A runway reaction once every 30 years is
considered to high! Installation of a high
temperature automatic reactor shutdown
High Temperature function can decrease this occurrence rate.
Alarm
73
Risk Final
Release Analysis
Summary of Event Trees

• The objective is to identify important possible safety failures from an
initiating event that could have a bearing on risk assessment.
• Primary purpose is to modify the system design to improve safety.
• Real systems are complex which can result in large event trees.
• The risk analyst MUST know the order and magnitude of the potential
event consequences in order to complete the event tree analysis.
• The lack of certainty that a consequence will result from a selected

failure is the major disadvantage of event trees.
74
Risk Final
Release Analysis
Event Trees and Fault Trees
s
Con
trol a sure
Eve
M M e ce 6
ery
nt 1
ea s urr en
ure
s ec ov Occ
ce 5
Event
2 R Occurren
Initiating Event 3 Fault Critical Event Occurrence 4

Tree Event Tree Occurrence 3 Consequences
Events Event 4
Occur
rence
Event 5 Occ 2
ur r
e nc
nt 6 e1
Eve
Working Backwards Working Forwards

Deduction Process Induction Process 75
Risk Final
Release Analysis
Event Trees and Fault Trees = BOW-TIE
s
Con
trol a sure
Eve
M M e ce 6
ery
nt 1
ea s urr en
ure
s ec ov Occ
ce 5
Event
2 R Occurren
Initiating Event 3 Fault Critical Event Occurrence 4

Tree Event Tree Occurrence 3 Consequences
Events Event 4
Occur
rence
Event 5 Occ 2
ur r
e nc
nt 6 e1
Eve
Working Backwards Working Forwards

Deduction Process Induction Process 76
Sensitivity Expected Monetary Value (EMV)
Sensitivity Expected Monetary Value (EMV)

analysis is about coming up with possible scenarios to
deal with a risk and assessing how much each of those
paths will cost the project
Example : Expected Monetary Value (EMV)
Modelling And Simulation
• Modeling and simulation translate detailed
uncertainties of the project into their potential
impact on project objectives
• Monte Carlo simulation is used to arrive at a likelihood of
achieving specific cost or schedule targets
• This technique iteratively computes the model several times
from randomly selected input values.
Example : Modelling And Simulation (Monte Carlo Total
Project Cost )
Important Note : Quantitative Risk Analysis
Quantitative Risk Analysis may be skipped :

• For Risk With Low Priority
• For Risk Requiring Urgent Response
• When There is no Sufficient Data

Semi Quantitative &amp; Quantitative Risk Assessment

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Semi Quantitative &amp; Quantitative Risk Assessment

Uploaded by

Copyright:

Available Formats

SEMI QUANTITATIVE

Examples of intrinsic hazards:

Risk – A measure of human injury, environmental damage or economic loss in

Risk = Consequence x Frequency

Concept Definitions Layers of Protection are used to

where k is each receptor (ie. people, equipment, the

Define the System

Define the System

iii. Quantitative Risk Assessment

Risk Assessment requires QUANTITATIVE frequency analysis.

Quantifying risk enables estimation of:

• The probability of a hazard outcome after the initiating event.

• The probability of a consequence severity level after the hazard outcome

Historical data can be used to calculate the frequency of

Data can be used to calculate the frequency of initiating

Data can be used to calculate the frequency of initiating

Data can be used to calculate the frequency of initiating

Data can be used to calculate the frequency of initiating events,

terrorist activities, earthquakes)

Data can be used to calculate the frequency of initiating

Fault Trees – Typical Steps

Fault Trees – Simple Example

Driving over Tire failure

Fault Trees – Simple Example

Driving over Tire failure INTERMEDIATE

Fault Trees – Simple Example

Driving over Tire failure

BASIC Defective Worn

Let’s now format this tree as a fault tree logic diagram.

Fault Trees – Simple Example, Logic Diagram

Fault Tree Logic Transfer Components

STEP 1 – Precisely define the top event.

STEP 5 – Define the equipment configuration.

Fault Trees – DRAWING THE TREE

Fault Trees – Chemical Reactor Shutdown Example

Fault Trees – Chemical Reactor Shutdown Example

TOP EVENT Reactor Overpressure

1. Start by writing out the top event on

TOP EVENT Reactor Overpressure

High Pressure Emergency

2. The AND gate notes that two events must occur in

TOP EVENT Reactor Overpressure

Pressure Pressure Pressure Solenoid

TOP EVENT Reactor Overpressure

Pressure Pressure Pressure Solenoid

Chemical Reactor Shutdown Example – Determining Minimal Cuts

Chemical Reactor Shutdown Example – Determining Minimal Cuts

2. AND gates increase the number of events in

Chemical Reactor Shutdown Example – Determining Minimal Cuts

Chemical Reactor Shutdown Example – Determining Minimal Cuts

Chemical Reactor Shutdown Example – Determining Minimal Cuts

Quantifying the Probability of the Top Event

Time, t Time, t Time, t 42

Quantifying the Probability of the Top Event

Time, t Time, t Time, t

R(t) =exp(- m t) P(t) = 1- R(t)

PFDavg – Probability of failure on Demand, averaged over time

1 t=T PFD at any given time, averaged

Reliability, R(t), is the Probability of Success,

Quantifying the Probability of the Top Event

Quantifying the Probability of the Top Event

Quantifying the Probability of the Top Event

Components in Parallel - AND gates

Semi Quantitative & Quantitative Risk Assessment

Semi Quantitative & Quantitative Risk Assessment