Analyzing system safety and risks under uncertainty using a bow-tie diagram: An innovative approach
Highlights
► The developed approaches able to accommodate experts’ knowledge and facilitate the risk analysis process under data and model uncertainty. ► The approaches are able to address the subjective uncertainty and the uncertainty due to ignorance and inconsistency associated in the expert's knowledge. ► The dependency coefficient in the approaches can explore the different kinds of interdependence among the input events and addresses the model uncertainty for the bow-tie analysis. ► The sensitivity analysis for bow-tie analysis can identify the most contributing input events and provide an evaluation to mitigate the percentage of risk reduction for the industrial system.
Introduction
“Accident” is the term often used for the occurrence of a single event or a sequence of events that causes undesired consequences. These undesired consequences may be environmental damage, property damage, economic loss, sickness, injury or death. “Risk” is a function of a set of scenario (s), likelihood of occurrence (f) and the consequences (c) (Kaplan and Garrick, 1981, AIChE, 2000).
Risk analysis is a systematic approach that gathers and integrates qualitative and quantitative information of potential causes, consequences, and likelihoods of adverse events. Likelihood of an event refers to a quantitative measurement of occurrence, which is expressed either as frequency or probability of occurrence. Fault tree analysis (FTA) and event tree analysis (ETA) are two well established techniques in performing risk analysis for a system. From a risk analysis perspective, a fault tree develops a graphical model for a particular system through exploring the logical relationship between the causes and occurrence of an undesired event, typically termed as basic events, and a top event (Vesely et al., 1981, Hauptmanns, 1980, Hauptmanns, 1988). It uses the likelihoods of basic events as input event data and determines the likelihood of the top event. The event tree constructs a graphical model of consequences considering the undesired event as an initiating event and identifies possible outcome events at the end (Lees, 2005). The initiating event propagates through a number of intermediate consequences, which are termed as events. Each event represents a barrier to escalate the consequences of the initiating event until the final outcome events are identified (AIChE, 2000). Like FTA, ETA also considers the likelihoods of events and initiating event as input event data and estimates the likelihoods for the outcome events. Traditional FTA and ETA assume the input events (probability) data are “precisely” known and the independence of the input events (i.e., basic events and events) are independent (CMPT, 1999). However, these assumptions are often unrealistic and lead to erroneous conclusions and defy the purpose of risk analysis (Ferson et al., 2004, Sadiq et al., 2008, Ferdous et al., 2009b, Ferdous et al., 2010, Markowski et al., 2009).
FTA and ETA distinctly investigate the causes and consequences of an undesired event for a system. A bow-tie diagram is a combined concept of risk analysis that integrates a fault tree and an event tree on the left and right side of the diagram to represent the risk control parameters such as causes, threats (hazards) and consequences, on a common platform for mitigating an accident. The quantitative analysis of a bow-tie diagram determines the likelihoods of the undesired event as well as the outcome events. Cockshott (2005), Chevreau et al. (2006), Dianous and Fiévez (2006), and Duijm (2009) describe the procedure of bow-tie analysis in detail. However, they did not consider the associated uncertainties in quantitative evaluation. In the last few years, the bow-tie method has gained acceptance as a credible risk and safety management tool because of the following advantages:
- •
provides a graphical representation of accident scenarios,
- •
provides explicit linkages between the causes and the potential outcomes,
- •
connects possible outcome events with the undesired event and basic events,
- •
provides guidance throughout, stating from basic causes to the final consequences, and
- •
provides systematic help in performing comprehensive risk analysis and safety assessment.
The common objective of any safety assessment and risk analysis technique is to assure that a process or a system is designed and operated to meet “accepted risk” or a “threshold” criterion such as ALARP (Skelton, 1997, Markowski et al., 2009). These techniques follow several systematic steps: hazard analysis, consequence analysis, likelihood assessment and risk estimation (AIChE, 2000). In each step different approaches may be used, that collectively guide towards estimating the risk, safety and reliability of a system. FTA and ETA individually assist the risk and safety assessment by providing a qualitative hazard analysis and a detail quantitative assessment of likelihood (CMPT, 1999). However, uncertainties hinder FTA and ETA in performing meaningful quantitative analyses. Characterization, representation, and propagation of uncertainties are important and also vital for bow-tie analysis, since the credibility of the analysis fundamentally depends on the FTA and ETA.
Uncertainty is inherent and unavoidable in performing risk analysis since it belongs to the physical variability of a system response and also to the lack of knowledge about the system (Markowski et al., 2009). In general taxonomy, the uncertainty due to natural variation or random behavior of a system is named aleatory uncertainty, whereas the uncertainty due to lack of knowledge or incompleteness is termed epistemic uncertainty (Bae et al., 2004). These two types of uncertainty can be introduced from any of the three different sources represented in Fig. 1 (Henley and Kumamoto, 1996, AIChE, 2000, Ferdous, 2006). According to Fig. 1, the sources of uncertainty can be classified as data uncertainty, model uncertainty and quality uncertainty. Quality uncertainty refers to the complete and comprehensive evaluation of hazards, including the identification and description of their relationships in developing the fault and event tree. Recursive effort and the implementation of HAZOP, HAZID, and FMEA can reduce this kind of uncertainty for risk analysis (Skelton, 1997, AIChE, 2000, Crowl and Louvar, 2002). It should be noted that the current paper does not address this type of uncertainty while analyzing the bow-tie method. The main objective of this paper is to develop a generic framework for bow-tie analysis under uncertainties, which includes exploiting appropriate techniques to handle data uncertainty and introducing the interdependence of input events to explore model uncertainty. In addition, a method for sensitivity analysis has been proposed to identify the most important input events and measure the risk for the corresponding events in bow-tie analysis.
Section snippets
Bow-tie analysis
Bow-tie analysis is an integrated probabilistic technique that analyzes accident scenarios in terms of assessing the probability and pathways of occurrences (Duijm, 2009). It is intended to prevent, control and mitigate undesired events through development of a logical relationship between the causes and consequences of an undesired event (Dianous and Fiévez, 2006). The fundamentals of bow-tie analysis are described in the following sub-sections.
Bow-tie analysis under uncertainty
Data and model uncertainty are common and generally unavoidable. In a majority of cases, the likelihoods of input events are often missing or limited, and lead to data uncertainty (Sadiq et al., 2008, Ferdous et al., 2009a, Ferdous et al., 2009b, Ferdous et al., 2010). On the other hand, deficiencies in addressing the interdependence of input events in formulation of the conjunction and intersection operations introduce model uncertainty. Bow-tie analysis combines the operations of FTA and ETA
Explosion at BP Texas city refinery: an illustrative example
On March 23, 2005, a massive explosion and fire erupted in the BP refinery, located 30 miles southwest of Houston in Texas City, Texas. This accident caused fifteen fatalities and injured over 180 people (CSB, 2007, CSB, 2008). BP (2005) and CSB (2007) have published a detailed investigation report of the accident. The fire and explosion occurred in the refinery during restart of the ISOM unit, as shown in Fig. 7, and involved the Raffinate splitter, Blowdown drum and stack as a part of daily
Results and discussion
CSB (2007) investigated a number of causes and consequences for the BP accident at Texas City. In Table 4, some important causes and consequences have been identified as input events for the BP accident bow-tie analysis. The investigation report identified the interdependence relationships of the mechanical component failures and the operator failures as important factors causing the failure of the ISOM unit at BP. Since the likelihoods and the interdependence of most of the input events are
Conclusion
Bow-tie analysis is a relatively new tool for safety assessment and risk analysis of a system. Uncertainties in input data and model adequacy for bow-tie analysis are still a major concern and may mislead the decision-making process. To address the uncertainty as well as mitigate the risk, fuzzy-based and evidence theory-based approaches along with a sensitivity analysis technique were developed for bow-tie analysis. The proposed approaches accommodate the following features that permit
Acknowledgements
The authors gratefully acknowledge the financial support provided by the Natural Sciences and Engineering Research Council of Canada (NSERC), and Research and Development Corporation of Newfoundland and Labrador, and Atlantic Canada Opportunities Agencies (ACOA).
References (64)
- et al.
An approximation approach for uncertainty quantification using evidence theory
Reliability Engineering and System Safety
(2004) - et al.
Organizing learning processes on risks by using the bow-tie representation
Journal of Hazardous Materials
(2006) Safety-barrier diagrams as a safety management tool
Reliability Engineering and System Safety
(2009)- et al.
Methodology for computer aided fuzzy fault tree analysis
Process Safety and Environment Protection
(2009) - et al.
Handling data uncertainties in event tree analysis
Process Safety and Environment Protection
(2009) - et al.
A fuzzy set approach for event tree analysis
Fuzzy Sets and Systems
(2001) - et al.
Belief function combination and conflict management
Information Fusion
(2002) - et al.
Hybrid fault tree analysis using fuzzy sets
Reliability Engineering and System Safety
(1997) - et al.
Sensitivity analysis of mercury human exposure
The Science of the Total Environment
(2000) - et al.
Fuzzy logic for process safety analysis
Journal of Loss Prevention in the Process Industries
(2009)
Fault tree analysis with fuzzy gates
Computers Industrial Engineering
A fuzzy approach to fault tree and reliability analysis
Fuzzy Sets and Systems
On the Dempster–Shafer framework and new combination rules
Information Sciences
Application of Dempster–Shafer theory in fault diagnosis of induction motors using vibration and current signals
Mechanical Systems and Signal Processing
Uncertainty reduction for improved mishap probability prediction: application to level control of distillation unit
Journal of Loss Prevention in the Process Industries
Fuzzy sets
Information and Control
Uncertainty in Quantitative Risk Analysis—Characterization and Methods of Treatment. Department of Fire Safety Engineering
Guidelines for Chemical Process Quantitative Risk Analysis
Uncertainty Modeling and Analysis in Engineering and the Sciences
Uncertainties in Fault Tree Analysis
Tamkang Journal of Science and Engineering
A Guide to Quantitative Risk Assessment for Offshore Installation
Probability bow-ties: a transparent risk management tool
Process Safety and Environmental Protection
Sensitivity analysis for system design improvement
Chemical Process Safety, Fundamentals with Applications
Anatomy of a disaster
Safety Videos 2005–2008
Presentation of DSmT. Chapter 1 in Advances and Applications of DSmT for Information Fusion (Collected Works)
ARAMIS project: a more explicit demonstration of risk control through the use of bow–tie diagrams and the evaluation of safety barrier performance
Journal of Hazardous Materials
Fault and event tree analyses for process systems risk analysis: uncertainty handling formulations
Risk Analysis: An International Journal
Cited by (181)
Dynamic risk assessment model for third-party damage to buried gas pipelines in urban location class upgrading areas
2023, Engineering Failure AnalysisDynamic analysis of pilot transfer accidents
2023, Ocean EngineeringAn early warning method for tunneling-induced ground surface settlement considering accident precursors and consequences
2023, Tunnelling and Underground Space Technology