Transcript Technological Risk Assessment

Technological Risk Methods
Fault Trees
and
Event Trees
© 2003, David M. Hassenzahl
The Mundane
“The mundane will kill you before the
exotic”
(Source unknown)
© 2003, David M. Hassenzahl
Purpose of Lecture
• Develop some technological risk
methods
– Fault tree analysis
– Event tree analysis
• Explore statistics
– Probability theory
– Boolean algebra ( “and/or”)
© 2003, David M. Hassenzahl
Fault Trees
•
•
•
•
Long history in engineering
Look at possible FAILURE
Trace back possible CAUSES
Applicable to many other risks
– Carcinogenesis
– Species loss
© 2003, David M. Hassenzahl
Event Trees
• Looks at system, beginning with an
event
• Identifies (all) possible outcomes
• Useful for decision analysis (more later)
• Again, historically engineering, but
broadly applicable
© 2003, David M. Hassenzahl
Remember Uncertainty!
• Think through typology (see uncertainty
lecture)
• Common Mode Failures
• Missing Components
• The Human Element
– Can’t leave this out
– “Nuclear power is safe…operator error is to
blame” is internally contradictory
© 2003, David M. Hassenzahl
Fault Trees
• Potential adverse outcome
• And/or gates
• Excellent reading: Haimes, Yacov
(1998) Risk Modeling, Assessment and
Management Wiley Interscience, NY NY
– Chapters 4, 9 and 14
© 2003, David M. Hassenzahl
Car Accident Fault Tree
Car
Accident
Non-deer
accidents
Car fails to
stop
Deer in
Road
Driver
distracted
Brakes Fail
Brakes
applied
© 2003, David M. Hassenzahl
Top Event
• Primary undesired event of interest
• Denoted by a rectangle
Car Accident
© 2003, David M. Hassenzahl
Haimes, Page 544
Intermediate Event
• Fault event that is further developed
• Denoted by a rectangle
Brakes Fail
© 2003, David M. Hassenzahl
Haimes, Page 544
Basic Event
• Event requiring no further development
• Denoted by a circle
Deer in
Roadway
© 2003, David M. Hassenzahl
Haimes, Page 544
Undeveloped Event
• Low consequence event
• Information not available
• Denoted by a diamond
All nonDeer
Causes
© 2003, David M. Hassenzahl
Haimes, Page 544
“OR” Gate
• Output event occurs only if one or more
input event occurs
• Systems in series
• + ,  , union
© 2003, David M. Hassenzahl
Haimes, Page 544
“AND” Gate
• Output event occurs only if all input
events occur
• Systems in parallel
•  ,  , intersection
© 2003, David M. Hassenzahl
Haimes, Page 544
Reliability
• Probability that the system operates
correctly
• Boolean algebra
• Minimal set
– Smallest combination of component
failures leading to top event
© 2003, David M. Hassenzahl
Haimes, Page 544 - 5
Car Accident Fault Tree
Car
Accident
Non-deer
accidents
Car fails to
stop
Deer in
Road
Driver
distracted
Brakes Fail
Brakes
applied
© 2003, David M. Hassenzahl
Boolean Algebra
Operation
Probability
Union of A
and B
A or B
AB
A+B
Intersection
of A and B
A and B
AB
AB
Complement
of A
Not A
A'
A'
© 2003, David M. Hassenzahl
Mathematics Engineering
Haimes, Page 549
Intersections and Unions
Graphical Representation
AB=
AB=0
(A  B)  C =
© 2003, David M. Hassenzahl
Driver
Distracted
(A)
Brakes
applied, fail
(B)
Deer in
Road
(C)
Probability Possibilities
• If S = F + G
P(S) = P(F) + P(G) – P(FG)
= P(F) + P(G) – P(F)P(G|F)
= P(F) + P(G) – P(F)P(G) if independent
= P(F) +P(G) if rare events
• If S = F  G
P(S) = P(F)P(G) if independent
© 2003, David M. Hassenzahl
Haimes, Page 546 - 8
Deer Accident Equations
• Car Accident (S) if
– Deer in roadway (C) AND
– Driver distracted (A) OR brakes fail (B)
•
•
•
•
S = (A  B)  C
S = (A + B)  C
S = (A union B) intersect C
S = (A intersect C) union (B intersect C)
© 2003, David M. Hassenzahl
Probabilities
Event
Probability, f(time)
Deer in roadway
0.0026
Distracted driver
0.001
Brakes applied
0.999
Brake failure
0.0002
© 2003, David M. Hassenzahl
Deer Accident Probability
S = (A + B)  C
P(S) = [P(A) + P(B) – P(A)P(B|A)]  P(C)
Note: A and B are dependent (why?)
P(S) = [P(A) +P(B)]  P(C)
P(S) = (0.001 + 0.0002  0.999)  0.0026
P(S) = 3  10-6
© 2003, David M. Hassenzahl
Event Tree: Car Accident
• Given potential initiating event, what
possible outcomes?
• Deer runs into road
• Brakes applied?
• Brakes function?
• Braking effectiveness?
© 2003, David M. Hassenzahl
Deer in Road Event Tree
abrupt
Brakes
Function
late
Brakes
Applied
Brakes
Fail
Deer runs
into road
effective
partial
complete
Brakes not
Applied
© 2003, David M. Hassenzahl
Glancing blow
Safe stop
Glancing blow
Glancing blow
Collision at speed
Collision at speed
Deer in Road Event Tree
Probabilities
(P = 0.25)
Glancing
abrupt
(P = 0.8)
Brakes
Applied
Deer runs
into road
(P = 1)
(P = 0.2)
Brakes not
Applied
© 2003, David M. Hassenzahl
(P = 0.99)
Brakes
Function
effective
Safe
(P = 0.60)
late (P = 0.15)
(P = 0.01)
partial (P = 0.60)
Brakes
Fail
complete (P = 0.40)
Glancing
Glancing
Collision
Collision
Probabilities
Outcome
Suboutcome
Safe Stop (none)
Collision
Calculation
Probability
0.8  0.99  0.6
0.4752
Glancing 0.8  (0.99  0.15 +
0.01  0.6)
0.3216
At speed 0.2 + 0.8  0.1  0.4
0.2032
© 2003, David M. Hassenzahl
Complexity
• Inputs can be distributional
– More than simple probabilities
– Monte Carlo analysis
• Can take entire engineering courses on
this
• Theoretical and empirical inputs
© 2003, David M. Hassenzahl
The Exotic
Low
Probability,
High
Consequence
© 2003, David M. Hassenzahl
The Mundane
“The mundane will kill you before the
exotic”
(Source unknown)
But the exotic fascinates us!
© 2003, David M. Hassenzahl
Purpose of Lecture
• Methods
– A bit more probability (digging out of a
hole)
– Poisson method
• Extreme events
• “Normal Accidents”
© 2003, David M. Hassenzahl
Poisson method
• Has nothing to do with fish
• Has nothing to do with gambling!
• Method for calculating the probability of rare
events!
• Late 1800’s, a number of Prussian cavalry
officers were kicked to death by their horses
– New Problem?
– Statistical anomaly?
– M. Poisson came up with a method
© 2003, David M. Hassenzahl
Military Flight Risk
•
•
•
•
90,000 flight hours per week
About 1 accident per 80,000 flight hours
6 accidents in one week
Is this a problem?
© 2003, David M. Hassenzahl
Poisson Calculation
λ
e λ
Px  
x!
•
•
•
•
x
 = expected frequency
x = frequency of concern
P(6|  = 1) = 0.0005, or 1:2000
Is this a problem?
© 2003, David M. Hassenzahl
Exercise
• You are the Chairman of the Joint
Chiefs of Staff
• You’re before Congress
• I’m sitting next to you with my Poisson
calculation
• What do you tell Congress?
• Think for 5, then discuss
© 2003, David M. Hassenzahl
Extreme Events and Expected
Values
• We seldom make extreme event decisions
based on expected values
• Decision makers rewarded for avoiding failure
– They choose rationally
– Expected value choice is not rational for extreme
events
• Minimax: minimize the worst case
– Common decision rule
© 2003, David M. Hassenzahl
After Haimes, Chapter 8
Options for YMP
Stance For
Stance Against
No Problems
OK-
OK+
Problems
---
+++
© 2003, David M. Hassenzahl
Cost and Extreme Events
• Unfortunately we may not be fulfilling
our preferences when we make
decisions
• NOT simply a case of “irrationality” or
“ignorance”
• Can’t be solved by giving decisions to
risk analysts!
© 2003, David M. Hassenzahl
“Average” Decisions?
•
•
•
•
Average load on a bridge?
Average electricity supply?
Average drivers?
Sometimes there’s an enormous cost!
© 2003, David M. Hassenzahl
Individual Decisions: Alar
• Alar: growth inhibitor on apples
– You know the story
•
•
•
•
Data from a few animal studies
Low probability of causing cancer
High consequence (cancer!)
Focal argument “children are at risk!”
© 2003, David M. Hassenzahl
Individual Decisions:
Saccharine
• Saccharine: sugar substitute, no-cal, no
risk for diabetics
• Data from a few animal studies
• Low probability of causing cancer
• High consequence (cancer!)
• Focal argument “100 sodas a day”
© 2003, David M. Hassenzahl
What’s the difference?
• Can children and diabetes account for it
all?
• In which case did people focus on
consequence?
• In which case did people focus on
probability?
• Is there a general lesson?
• Can we make predictions?
© 2003, David M. Hassenzahl
Normal Accidents
(Discussion)
© 2003, David M. Hassenzahl