Dynamic vs. Traditional Probabilistic
Risk Assessment Methodologies
动态与传统概率风险评估方法
Huairui Gup
ASQ Reliability Division
Chinese Webinar Series
One of the monthly webinars
on topics of interest to
reliability engineers...
3
Dynamic vs. Traditional Probabilistic Risk
Assessment Methodologies
动态与传统概率风险评估方法
4
• Determine potential undesirable consequences
associated with use of systems and processes.
• Identify ways that such c...
5
• Risk is usually associated with the uncertainty and
undesirability of a potential situation or event.
• In order to ha...
6
 Key metrics of risk are embedded in its definition. Risk
can be measured in terms of
 the frequency or likelihood of ...
7
• Risk assessment is the process of providing answer to
four basic questions:
1. What can go wrong?
2. What are the cons...
8
Managing risk requires answers to the following questions:
1. What can be done:
- to prevent/avoid risk?
- to mitigate r...
9
Mission Time
Success of Mission
Risk Senario
(e.g, loss of mission)
Risk Senario
( e.g., Abort)
Risk Senario
( e.g., Deg...
10
Input to Decision Maker
11
LIKELIHOOD
S
E
V
E
R
I
T
Y
L
H
M
MH
L
Risk in Qualitative Measures
12
• Traditional Methodologies
– Fault Tree
– Event Sequence Diagram
– FMECA
– Etc
• Dynamic Methodologies
– Monte Carlo S...
13
• Traditional Methodology is a list of methodologies for identifying and
assessing the probability of situations leadin...
14
• Inductive Method: Induction involves reasoning from individual
cases to a general conclusion.
– Event Sequence Diagra...
15
Examples
16
• The protection system is designed to operate in the following manner. If a
runaway reaction takes place the pressure ...
17
• Identify the objective
• Define the Initiator/Top Event.
• Define the scope.
• Define the resolution.
• Define ground...
18
Examples – Inductive Methods
19
Examples – Deductive Methods
20
Examples – Deductive Methods
21
Examples – Deductive Methods
22
– Build Model
• Common Cause Failure
– Quantify Basic Events
• Hardware Failures
• Software/Human Failures
– Results
• ...
23
– Demand Based Models: Events which occur
at the specific time (absolute mission time or
time relative to the occurrenc...
24
• Models specify a distribution over probability of
occurrence of an event
• Distribution consists of a parametric dist...
25
Event Probability0 1
Distribution
Lognormal
Beta
Normal
Uniform
Etc.
Point Estimate
(Mean)
Point Estimation / Demand Ba...
26
• Models specify a distribution over time-to-failure
distribution model
– Example: failure rate for Exponential model
•...
27
Human / Software Failures
1& 2
3
ROOT CAUSES
RISK METRI CS
- Li kelihood & Severi ty
- Hazard Ranking
- ...
LI KELI HOO...
28
Pr(x) = f(l1
,l2
,l3
,l4
)
l1
l2
l3
l4
Uncertain
Variables
Model
Pr(e)
Model
Outcome
  π(l1) π(l4)
π(p)
Uncertainty ...
29
• The risk associated with a system is computed as the
sum of many different combinations of events that
would bring th...
30
• A risk scenario is defined as a combination of
events anticipated to bring the system in an
undesirable state.
• Scen...
31
• Cut-set: a set of events whose occurrence causes
the system failure to occur
• A cut-set is minimal if after removal ...
32
• Ranking scenarios provides limited insight regarding the contribution
of individual components
• Many occurrences in ...
33
Cut Set Results for Example System
34
• Dynamic methodology is a set of methods and techniques in which
executable models that represent the behavior of the ...
35
• Dynamic Probabilistic Risk Assessment
– Discrete Dynamic Event Tree
• Systematically explore all scenarios
– Continuo...
36
Discrete Dynamic Event Tree
37
Continuous Event Tree Simulation
High Probability
Medium Probability
Low Probability
Time
r
x
(xo, ro)
(xt, rt)
38
• Approach to Solve State Explosion Issue
– Reduce the number of risk scenarios
• Combine system and operator states th...
39
Guided Simulation
40
Dynamic Methodologies
41
• The scheduler that manages the exploration process
– Save the system states, and restarting the simulation
• Guide th...
42
• Scheduling rules constitute a dynamic adjustment of
event biasing factors with the objective to favor
simulation of h...
43
Temperature
Pressure
Pump Control Software
Life Support System
Temperature, Pressure, Time
Low Level:
Detail Equation
H...
44
Human IDAC Model
45
Dynamic Methodologies - Example
Upcoming SlideShare
Loading in …5
×

Dynamic vs. Traditional Probabilistic Risk Assessment Methodologies - by Huairui Gup

1,248 views

Published on

Published in: Technology, Business

Dynamic vs. Traditional Probabilistic Risk Assessment Methodologies - by Huairui Gup

  1. 1. Dynamic vs. Traditional Probabilistic Risk Assessment Methodologies 动态与传统概率风险评估方法 Huairui Gup
  2. 2. ASQ Reliability Division Chinese Webinar Series One of the monthly webinars on topics of interest to reliability engineers To view upcoming or recorded webinars visit us today at www.asqrd.org
  3. 3. 3 Dynamic vs. Traditional Probabilistic Risk Assessment Methodologies 动态与传统概率风险评估方法
  4. 4. 4 • Determine potential undesirable consequences associated with use of systems and processes. • Identify ways that such consequences could materialize. • Estimate the likelihood (e.g., probability) of such events. • Provide input to decision makers on optimal strategies to reduce the levels of risk. Introduction to Risk Analysis
  5. 5. 5 • Risk is usually associated with the uncertainty and undesirability of a potential situation or event. • In order to have a risk situation, both elements must be present. Risk = Uncertainty and Undesirability Risk = Likelihood and Severity Definition of Risk
  6. 6. 6  Key metrics of risk are embedded in its definition. Risk can be measured in terms of  the frequency or likelihood of occurrence of events,  degree or magnitude of their direct and indirect consequences  Levels of risk need to be measured and compared with an acceptance or tolerance criterion. Risk Metrics
  7. 7. 7 • Risk assessment is the process of providing answer to four basic questions: 1. What can go wrong? 2. What are the consequences? 3. How frequently might they happen? 4. How confident are we about our answer to the above questions? • Answering these questions could be simple or require a significant amount of analysis and modeling. Risk Assessment
  8. 8. 8 Managing risk requires answers to the following questions: 1. What can be done: - to prevent/avoid risk? - to mitigate risk? - to detect/notify of risk? 2. How much will it cost? 3. How efficient is it? Risk Management
  9. 9. 9 Mission Time Success of Mission Risk Senario (e.g, loss of mission) Risk Senario ( e.g., Abort) Risk Senario ( e.g., Degraded Mission) Perturbation (Initiating Event) Branch Point (Pivotal Event) End State A path from the initiating event to an end state is called a scenario. Anatomy of a Risk Scenario
  10. 10. 10 Input to Decision Maker
  11. 11. 11 LIKELIHOOD S E V E R I T Y L H M MH L Risk in Qualitative Measures
  12. 12. 12 • Traditional Methodologies – Fault Tree – Event Sequence Diagram – FMECA – Etc • Dynamic Methodologies – Monte Carlo Simulation Risk Assessment Methodologies
  13. 13. 13 • Traditional Methodology is a list of methodologies for identifying and assessing the probability of situations leading to undesired state of a system. • Traditional methodologies require analyst to assess possible system failures • The quality of PRA using traditional methodologies is analyst dependent. Traditional Methodologies
  14. 14. 14 • Inductive Method: Induction involves reasoning from individual cases to a general conclusion. – Event Sequence Diagram – FMECA – Reliability Block Diagram – etc • Deductive Method: Deduction constitutes reasoning from the general to the specific. In a deductive system analysis, it is postulated that the system itself has failed in a certain way, and an attempt is made to find out what modes of system or subsystem (component) behavior contribute to this failure. – Fault Tree Traditional Methodologies
  15. 15. 15 Examples
  16. 16. 16 • The protection system is designed to operate in the following manner. If a runaway reaction takes place the pressure and temperature sensors will detect the increase in pressure and temperature above a threshold setting. The provision of sensors for both temperature and pressure provides redundancy into the shut-down system design as it only requires one of these sensors to indicate the threshold is exceeded in order to send a signal to the alarm unit and valve controller. The function of the valve controller is to signal both the electrical valves to close. Both input streams must be shut-down to ensure the runaway reaction is halted. The alarm unit indicates to the operator that a runaway reaction is taking place. If either of the two electrical valves fail then the operator may shut valves MV1 and MV2 manually. Both electrical valves are powered from the grid. • If the input stream valves do not close one of two possible hazardous events will occur. If the pressure relief valve NRV opens successfully then the runaway reaction will be halted with minor release of toxic chemicals. If the pressure relief valve NRV is stuck closed then the reactor vessel will rupture with a major release of toxic chemicals. Examples
  17. 17. 17 • Identify the objective • Define the Initiator/Top Event. • Define the scope. • Define the resolution. • Define ground rules. • Construct the Model. • Evaluate the Model. • Interpret and present the results. Procedures
  18. 18. 18 Examples – Inductive Methods
  19. 19. 19 Examples – Deductive Methods
  20. 20. 20 Examples – Deductive Methods
  21. 21. 21 Examples – Deductive Methods
  22. 22. 22 – Build Model • Common Cause Failure – Quantify Basic Events • Hardware Failures • Software/Human Failures – Results • Accident Probability • Cut Set / Importance Measure • Uncertainty Key Elements
  23. 23. 23 – Demand Based Models: Events which occur at the specific time (absolute mission time or time relative to the occurrence of a previous event) that an item is called upon (demanded) to function. – Time Distributed Models: Events which occur over an interval of time, for which the probability of failure over the length of the interval is expressed as a point estimate and an uncertainty distribution Failure Types
  24. 24. 24 • Models specify a distribution over probability of occurrence of an event • Distribution consists of a parametric distribution model, e.g., lognormal, Beta • Point estimate values are approximated using parametric distributions (e.g., uniform) with small standard deviations Demand Based Models
  25. 25. 25 Event Probability0 1 Distribution Lognormal Beta Normal Uniform Etc. Point Estimate (Mean) Point Estimation / Demand Based Models
  26. 26. 26 • Models specify a distribution over time-to-failure distribution model – Example: failure rate for Exponential model • In addition, the models specify a time interval • Distributions consist of a parametric distribution model, e.g., lognormal Time Based Model
  27. 27. 27 Human / Software Failures 1& 2 3 ROOT CAUSES RISK METRI CS - Li kelihood & Severi ty - Hazard Ranking - ... LI KELI HOOD S E V E R I T Y L H M MH L SSYSTEM1 Human Action SYSTEM2 S F Initiating Event F SY S TE M 1 FA I L UR E SU B SY S TE M 1 SU B SY S TE M 2 SU B SY S TE M 3 SU B SY S TE M 1A X Y ...... 1 SU B SY S TE M 1B ... SY S TE M2 FA I LU R E SU B SY S TE MA SU B SY S TE MB SU B SY S TE MA 1 SU B SY S TE MA 2 A B A CB H U MA N A CT I O N 3 2 SYSTEM ORGANIZIATION Maintenance Operation Physical Environment Socio-Economic Environment Regulatory Environment
  28. 28. 28 Pr(x) = f(l1 ,l2 ,l3 ,l4 ) l1 l2 l3 l4 Uncertain Variables Model Pr(e) Model Outcome   π(l1) π(l4) π(p) Uncertainty Analysis
  29. 29. 29 • The risk associated with a system is computed as the sum of many different combinations of events that would bring the system in an undesirable state. • Component failures leading to top events and risk scenarios can be thought of as contributors to the overall risk of the system. • The following questions are examples: • Which components or risk scenarios contribute most to the overall system risk? • Changes in the reliability of which components is the total risk most sensitive to? Results
  30. 30. 30 • A risk scenario is defined as a combination of events anticipated to bring the system in an undesirable state. • Scenarios can be described in different forms • Paths through an Event Tree • Event sequences in an Event Sequence Diagram • Cut-sets • Scenarios can be ranked for significance by sorting them according to their probabilities Results - Risk Scenario
  31. 31. 31 • Cut-set: a set of events whose occurrence causes the system failure to occur • A cut-set is minimal if after removal of any event from the set, the set is no longer a cut-set – All events are required AND OR A CB Minimal Cut-Sets: A BC Results - Cut Set
  32. 32. 32 • Ranking scenarios provides limited insight regarding the contribution of individual components • Many occurrences in low probability scenarios may be as significant as few occurrences in high probability scenarios. • Risk importance measures provide perspective on dominant contributions by individual components. • Quantitative measures indicating contribution to risk or sensitivity of risk • Function of component’s reliability and its role in the system • Common importance measures: – Birnbaum – Fussell-Vesely – Risk Reduction Worth – Risk Achievement Worth Results – Importance Measure
  33. 33. 33 Cut Set Results for Example System
  34. 34. 34 • Dynamic methodology is a set of methods and techniques in which executable models that represent the behavior of the elements of a system are exercised in order to identify risks and vulnerabilities of the system • The essence of this approach is the probabilistic simulation of the dynamic behavior of the system using the models of the system elements and rules of their internal and external interactions – A formal representation of the system behavior needs to be constructed for the hardware, software, and human components – A set of rules needs to be prescribed to systematically decompose the system – The executable model is used to simulate the behavior of the system and the physical processes taking place in the system, as a function of time – The event sequences are generated automatically by controlling the stochastic events in the model Dynamic Methodologies
  35. 35. 35 • Dynamic Probabilistic Risk Assessment – Discrete Dynamic Event Tree • Systematically explore all scenarios – Continuous Event Tree Simulation • Randomly selecting system states and the timing of events Dynamic Methodologies
  36. 36. 36 Discrete Dynamic Event Tree
  37. 37. 37 Continuous Event Tree Simulation High Probability Medium Probability Low Probability Time r x (xo, ro) (xt, rt)
  38. 38. 38 • Approach to Solve State Explosion Issue – Reduce the number of risk scenarios • Combine system and operator states that lead to similar end states – Bias the system and operator states toward interesting or risk significant events and end states • Reduces the computational effort expended on less important scenarios • Provides results for desired event sequences using less simulation effort State Explosion
  39. 39. 39 Guided Simulation
  40. 40. 40 Dynamic Methodologies
  41. 41. 41 • The scheduler that manages the exploration process – Save the system states, and restarting the simulation • Guide the simulation toward the plan generated by planner – Maintain sufficient coverage of important scenarios – Guide simulation toward areas where it is expected to gain more insight of the system vulnerabilities – Continuously adjust priorities based on simulated results – Simulation should be able to cover all the event sequence space Scheduling
  42. 42. 42 • Scheduling rules constitute a dynamic adjustment of event biasing factors with the objective to favor simulation of high importance scenarios – Learning value changes when a scenario is simulated – No absolute control over how often a scenario is simulated • Frequency at which a particular scenario is simulated depends among other factors on: – Total number of planned scenarios – Complexity of the scenario Scheduling
  43. 43. 43 Temperature Pressure Pump Control Software Life Support System Temperature, Pressure, Time Low Level: Detail Equation High Level: Lookup Table Software Scheduler Danger Safe Sensitive Level Adjustment
  44. 44. 44 Human IDAC Model
  45. 45. 45 Dynamic Methodologies - Example

×