2. 146 SulaIman et al.
1.0 IntroductIon This paper discusses risk and reliability model
for the assessment and analysis of collision acci-
marine transportation services provide dent scenarios leading to design for the preven-
substantial support to various human activi- tion, control of collisions and protection of the
ties its importance has long been recognized. environment. The paper also discuss elements
ImO cross boundary activities in maritime of the process that address requirement to op-
regulation contain lessons learned that could timize design, existing practice, and facilitate
be a model for the quest for today’s environ- decision support for policy accommodation for
mental global regulatory bodies to meet cur- evolving coastal transportation regimes.
rent environmental challenges and advance-
ment of human civilization (SOlaS, 2004;
2.0 rIsk and relIabIlIty modellIng
Cahill R.a., 1983; Cooke, R.m. 1997). most
requIrement
ImO regulatory works are not mandatory
for coastal transportation. Except implemen-
tation issues that are directed through flag In order to build reliable inland water
states and port state control. The clear cut ad- transportation system, it is important to
vantage of inland water transportation system understand the need analysis through ex-
(IWTS) over other modes of transportation, amination of the components of system
short sea service and evolving deep sea activi- functionality capability and standards re-
ties are being driven by recent environmental quirement. These include major require-
problems and dialogues over alternative re- ments and classification of coastal water
newable ways of doing things. The criticality transportation system. also important is
of transportation operations within the coast- functionality capability like channel, ves-
line and the prohibitive nature of the occur- sel, terminal, and other support systems.
rence of accidents due to high consequence Environmental risk as well as ageing factors
and losses have equally made it imperative related to design, operation, construction,
and necessary to design sustainable, efficient maintenance, economic, social, and disposal
and reliable coastal transportation systems. requirement for sustainable marine system
This include consideration for holistic char- need to be critically analysed. Risk identifica-
acteristics that of environmental aspects of tion work should be followed by risk analysis
navigation channel, vessels and other water that include risk ranking, limit acceptability
resources issues since a sustainable inland and generation of best options towards de-
water system cannot stand alone. Waterway
accidents fall under the scenarios of collision,
fire and explosion, flooding, and grounding
(Bottelberghs P.H., 1995; murphy, D.m. &
m.E. Paté-Cornell, 1996). Collision is caused
by (see figure 1):
i) loss of propulsion.
ii) loss of navigation system. FIGuRE 1
iii) other accident from the ship or waterways. Waterways risk by accident categories [11].
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 146 2/19/2010 11:04:21 AM
3. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 147
velopment of safety and environmental risk assessments, which considered the relative
mitigation and goal based objective for evalu- risks of different conditions and events. In the
ation of the development of sustainable cost maritime industry, contemporary time risk as-
effective inland water transportation that sessment has been instrumental to make reli-
fall under new generation green technology able decisions related to prediction of flood,
(Report of marine accident, 2009). Weigh- structural reliability, intact stability, collision,
ing of deductive balancing work requirement grounding and fire safety. Probabilistic and
for reliable and safe inland water transpor- stochastic risk assessment and concurrent use
tation through iterative components of all of virtual reality simulation that consider the
elements involved should include social, eco- broader impacts of events, conditions, sce-
nomic, health, ecological and technological narios on geographical, temporal impacts,
considerations. Other concerns are related risks of conditions is important for continu-
to other uses of water resources and through ous system monitoring. additionally, sensitiv-
best practices of sediment disposal, mitiga- ity and contingency (what if) analyses can be
tion for environmental impact, continuous selectively used as tools to deal with remnant
management, monitoring, and compensation reliability and uncertainty that answer hidden
for uncertainty as well as preparation for fu- questions in dynamic and complex systems.
ture regulation beyond compliance policy or
principles should be addressed.
Risk assessment has been used by the 3.0 benefIts and lImItatIons of usIng
business community and government, and rIsk and relIabIlIty models
safety cases of risk assessment have been
used by united kingdom (uk) health safe-
ty and environment (HSE). In the maritime Rampant system failure and problems
industry, risk assessment has been used for related to system failure have brought the
vessel safety, marine structure, transportation need to adopt a new philosophy based on
of liquefied natural gas (lnG) and offshore top down risk and life cycle model to design,
platforms. In Europe maritime risk assess- operate and maintain systems based on risk
ment has been used for coastal port risk anal- and reliability. likewise, election of alterna-
yses and pilot fatigue. International mari- tive ways to mitigate challenges of safety and
time Organization (ImO) and united States environmental risk of system deserve holistic,
Coast Guard (uSCG) rule making have issued reliability analysis approaches that provide
guidelines and procedures for risk based deci- the following benefits:
sion making, analysis and management under
formal safety assessment (Report of marine i. flexibility and redundancy for innovative,
accident, 2009; Cooke, R.m. 1997; Det nor- alternative improvised design and concept
ske Veritas, 2004). Risk analysis when used development
for rulemaking is called Formal Safety assess- ii. evaluation of risk reduction measure and
ment (FSa), while when it is used for compli- transparency of decision making process
ance is addressed as Quantitative Risk analy- iii. systematic tool to study complex problem
sis (QRa). Contemporary time has seen risk iv. interaction between discipline
assessment optimization using scenario based v. risk and impact valuation of system
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 147 2/19/2010 11:04:21 AM
4. 148 SulaIman et al.
vi. facilitate proactive approach for system, ed that most human product or waste ends
safety, current design practice and man- their ways in the estuarine, seas and finally to
agement the ocean. Chemical contamination and litter
vii. facilitate holistic touching on contributing can be observed from the tropics to the poles
factor in system work and from beaches to abyssal depths. But the
viii. systematic rule making, limit acceptability conditions in the marine environment vary
and policy making development widely. The open sea is still considerably clean
ix. analysis of transportation system in contrast to inland waters. However, time
continue to see that the sea is being affected
The dynamic distributive condition, long in- by man almost everywhere and encroach-
cumbent period and complexity of marine sys- ment on coastal areas continues worldwide,
tem comes with limited oversight that make the if unchecked. This trend will lead to global
process of identification and addressing human deterioration in the quality and productivity
as well as organizational error difficult. This of the marine environment (murphy, D.m. &
includes checks and balances, redundancy, and m.E. Paté-Cornell, 1996).
training more complicated. Inherit drawbacks This shows the extent and various ways hu-
associated with risk and reliability model are man activities and uses water resources affect
(SOlaS, 2006; SOlaS, 2006): the ecological and chemical status of water-
ways system. Occurrence of accident within
i. lacks of historical data (frequency, proba-
the coastline is quite prohibitive due to unim-
bility, expert judgment)
aginable consequences and effects to coastal
ii. linking system functionality with standards
habitats. Recent environmental performance
requirement during analysis (total safety
studies on transportation mode has revealed
level vs. individual risk level, calculation of
that transportation by water provides wide
current safety level)
advantages in term of less, low Green House
iii. risk indices and evaluation criteria (indi-
Gas (GHG) release, large capacity, congestion,
vidual risk acceptance criteria and sustain-
development initiative etc. These advantages
ability balance)
tells about high prospect for potential modal
iv. quantification of human error and uncer-
shift of transportation and future extensive
tainty
use of inland water marine transportation
The complexity associated with human and where risk based system will be necessary to
organization factors requires human reliability provide efficient, sustainable and reliability
assessment and uncertainty analysis to be mod- safe clean waterways as well as conservation
elled independently. of environment.
This equally shows that increase in human
activities will have potential effects in coastal
and marine environment, from population
4.0 marIne pollutIon rIsk
pressure, increasing demands for space, com-
petition over resources, and poor economic
a group of experts on the scientific aspects performances that can reciprocally undermine
of marine pollution comment on the condi- the sustainable use of our ocean and coastal
tion of the marine environment in 1989, stat- areas. Different forms of pollutants and ac-
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 148 2/19/2010 11:04:21 AM
5. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 149
tivities that affect the quality of water, air and rine systems are dynamic system that have
soil as well as coastal ecosystems are: potential for high impact accidents which
are predominately associated with equip-
i. Water: pollution release directly or washed ment failure, external events, human error,
down through ground water; economic, system complexity, environmen-
ii. air pollution: noise population, vibration; tal and reliability issues. This call for inno-
iii. Soil: dredge disposal and contaminated vative methods, tools to assess operational
sediments. issue, extreme accidental and catastrophic
iv. Flood risk: biochemical reaction of pollu- scenarios. Such method should be extensive
tion elements with water; use to integration assessment of human ele-
v. Collision: operational; ment, technology, policy, science and agen-
vi. Bio diversification: endangered and threat- cies to minimise damage to the environment.
ened species, and habitat; Risk based design entails the systematic risk
analysis in the design process targeting risk
main sources of marine pollution: prevention and reduction as a design objec-
tive. They should be integrated with design
i. Point form pollution: toxic contaminants, environment to facilitate and support sustain-
marine debris and dumping. able approach to ship and waterways design
ii. nonpoint form pollution: sewage, alien need. Thus, enabling appropriate trade offs
species, and watershed Issues. on advance decision making that consider
size, speed, novelty, type and technology lead-
main sources from ships are in form of: ing to optimal design solutions (Det norske
Veritas, 2004) (see figure 2).
i. Operational: operational activities along Integrated risk based system design re-
the shipping routes discharging waters quires the availability of tools to predict the
contaminated with chemicals (whether safety performance and system components
intentionally or unintentionally). as well as integration and hybridization of
ii. accidental risk: Collision due to loss of safety and environmental factors, lifecycle
propulsion or control. phases and methods. It is important to de-
velop, refine, verify, validate through effec-
Risk associated with environmental issue in the
tive methods and tools. Such integrative and
context of ship, design has impacts related to
shipping trends, channel design criteria, ship
manoeuvrability and ship controllability. Risk based regulation
risk based operation
risk based design
5.0 modellIng the rIsk and relIabIlIty Total risk
concept
Risk based
method
components of complex and dynamIc
system
Technolohgy element
Environmetal elements
Human element
The consequence of maritime accident FIGuRE 2
comes with environmental problem. ma- Risk modelling process.
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 149 2/19/2010 11:04:21 AM
6. 150 SulaIman et al.
total risk tools require logical process with Frequency at which a potential undesirable
holistic linkage between data, individual risk, event occurs is expressed as events per unit
societal, organizational, system description, time, often per year. upon establishing under-
conventional laws, principle for system design standing of whole system from baseline data
and operation need to be incorporated in the that include elements of channel and vessel
risk process. Verification and employment of dimensioning shown in figure 3, the frequency
system based approach in risk analysis should can be determined from historical data. How-
be followed with creation of database and ever, it is quite inherent that event that does
identification of novel technologies required not happen often attracts severe consequence
for implementation. unwanted event which and lack data. Such event is better analysed
remain the central front of risk fight is an through probabilistic and stochastic model
occurrence that has associated undesirable hybrid with first principle and use whatever
outcome which range from trivial to cata- data is available (kite-Powell, H.l., D. Jin, n.
strophic. Depending on conditions and solu- m. Patrikalis, J. Jebsen, V. Papakonstantinou,
tion based technique in risk and reliability 1996). Incidents are unwanted events that
work, the model should be designed to pro- may or may not result to accidents if necessary
tect investment, properties, citizens, natural measure is taken according to magnitude of
resources and the institution which has to event and required speed of response. While,
function in sustainable manner within ac- accidents are unwanted events that have either
ceptable risk. immediate or delayed consequences. Immedi-
The risk and reliability modeling process ate consequences variables include injuries,
begins with definition of risk which stands loss of life, property damage and persons in
for the measure of the frequency and sever- peril. Point form consequences variables in-
ity of consequence of an unwanted event. clude further loss of life, environmental dam-
FIGuRE 3
Channel and vessel dimension.
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 150 2/19/2010 11:04:21 AM
7. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 151
age, and financial costs. System risk can be c. Situation causal factor: number of
estimated through equation 1. participants time/planning, volatility
environmental factors, congestion,
Risk (R) = Probability (P) time of day risk associated with sys-
X Consequence (C) (1) tem can be based on.
d. Organization causal factor: Organi-
The earlier stage of the risk and reliability proc- zation type, regulatory environment,
ess involves finding cause of risk, level of impact, organizational age management type/
destination and putting a barrier by all means changes, system redundancy, system
in the pathway of source, cause and victim. Risk incident/accident history, individual,
and reliability process targets the following: team training and safety management
system.
i. Risk analysis and reduction process: This
involves analytic work through selective To deal with difficulties of risk migration marine
deterministic and probabilistic method system (complex and dynamic by nature), reli-
that assures reliability in the system. Reduc- ability assessment models can be used to capture
tion process will target initial risk reduc- the system complex issues as well as patterns of
tion at design stage, risk reduction after risk migration. Historical analyses of system
design in operation and separate analysis performance is important to establish perform-
for residual risk for uncertainty and human ance benchmarks in the system and to identify
reliability. Risk in complex systems can patterns of triggering events which may require
have its roots in a number of factors rang- long periods of time to develop and detect (Emi
ing from performance, technology, human H., et al., 1997). likewise, assessments of the
error as well as organizational cultures, all role of human/organizational error and their
of which may support risk taking or fail to impact on levels of risk in the system are critical
sufficiently encourage risk aversion. in distributed, large-scale systems. This however
ii. Cause of risk and risk assessment: this imposes associated physical oversight linked to
involve system description, identifying the uncertainty during system design. Effective risk
risk associated with the system, assessing assessments required three elements:
them and organizing them according to
degree of occurrence and impact in matrix i. Framework
form. Causes of risk can take many ways ii. models
including the following: iii. Process
a. Root cause: Inadequate operator
knowledge, skills or abilities, or the 5.1 Risk Framework
lack of a safety management system
in an organization. Risk framework provides system descrip-
b. Immediate cause: Failure to apply tion, risk identification, criticality, ranking,
basic knowledge, skills, or abilities, impact, possible mitigation and high level
or an operator impaired by drugs or objective to provide system with what will
alcohol. make it reliable. The framework development
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 151 2/19/2010 11:04:22 AM
8. 152 SulaIman et al.
involves risk identification which requires analysis, reassessment of machinery, equip-
developing a structure for understanding the ment, and personnel can be helpful in as-
manner in which accidents, their initiating sessing the utility of different risk reduction
events and their consequences occur. This measures. Figures 4 and 5 show the risk com-
includes assessment of representative system ponents, system functionality and regulatory
and all linkages that are associated to the requirement for reliability model that can be
system functionality and regulatory impact. followed for each risk scenario.
5.2 Models 5.3 Processes
The challenges of risk and reliability meth- The process should be developed to provide
od for complex and dynamic systems like ship effective and sound risk analysis where ac-
motion at sea require reliable risk models. curacy, balance information that meets high
Risk mitigation measures can be tested and scientific standards of measurement can be
the trade off between different measures or used as input. This requires getting the science
combinations of measures can be evaluated. right and getting the right science by target-
Changes in the levels of risk in the system ing interests of stakeholders including port,
can be assessed under different scenarios and waterway community, public officials, regula-
incorporating “what if” analyses in different tors and scientists. Transparency, community
risk mitigation measures. Performance trend participation is additional input to the risk
FIGuRE 4
Risk model.
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 152 2/19/2010 11:04:22 AM
9. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 153
High level Goal Assessment / Safety and environmental
protection objective Tier
-Standards Requirement 1&2
- Functional Requirement
Goal Analysis
criteria
compliance
of
verification
Goal based
Tier 3
IMO instruments/ Classification rules, industrial standards Tier 4
Class guides, technical procedure
process
Design
process
Approval
Secondary standards for company or individual ships
- Code of practice, safety and quality systems Tier 5
shipbuilding, operation maintenance and manning
FIGuRE 5
High level goal based assessment.
process; checks the plausibility of assump- al analysis (system linkage), expert analysis
tions could help ask the right questions of the (expert rating) and organizational analysis
science. Figure 6 and 7 show the risk process (Community participation).
diagram. (See appendix 1 for process log) Table 1 shows models that have been used
Total integrated risk can be represented by: in the design system based on risks. ImO and
Sirkar et al (1997) methods lack assessment
Rt = f (Re, Rs, Rh) (2) of the likelihood of the event. Other mod-
els lack employment of stochastic method
Where: Re (environment) = f (sensitivity, advert whose result may cover uncertainties associ-
weather…), Rs (ship) = f (structural and system ated with dynamic and complex components
reliability, ship layout and cargo arrangement…), of channel, ship failure and causal factors
Rh (crew) = f (qualification, fatigue, etc. ) like navigational equipment, better training
Holistic and integrated risk based method and traffic control (Guedes Soares, C., a.P.
combined various techniques in a process Teixeira, 2001; Emi, H. et al., 1997). There-
as depicted in Figure 8, this can be applied fore, combination of stochastic, statistical,
for each level of risk for system in question. reliability and probabilistic together with
Each level is complimented by applying caus- hybrid employment of goal based, formal
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 153 2/19/2010 11:04:22 AM
10. 154 SulaIman et al.
FIGuRE 6
Holistic Risk analysis Process.
FIGuRE 7
Holistic Risk analysis Process.
safety assessment methods and fuzzy multi and reliable design product for complex and
criteria network method that use historical dynamic systems. The general hypothesis be-
data of waterways, vessel environmental and hind assessing physical risk model of ship
traffic data could yield efficient, sustainable in waterways is that the probability of an
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 154 2/19/2010 11:04:23 AM
11. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 155
FIGuRE 8
Total risk concept.
TaBlE 1
Previous risk work.
Model Application Drawback
Brown et al (1996) Environmental performance of tankers
(Sirkar et al (1997)) Consequences of collisions and groundings Difficulties on quantifying
consequence metrics
Brown and amrozowicz Hybrid use of risk assessment, probabilistic simulation Oil spill assessment limited to use
and oil spill consequence assessment model of fault tre
Sirkar et al (1997) monte Carlo technique to estimate damage + spill cost lack of cost data
analysis for environmental damage
ImO (ImO 13F 1995) Pollution prevention index from probability distributions lack (Sirkar et al (1997)). rational
damage and oil spill.
Research Council alternative rational approach to measuring impact of lack employment of stochastic
Committee (1999) oil spills probabilistic methods
Prince William Sound, The most complete risk assessment lack of logical risk assessment
alaska, (PWS (1996)) framework (nRC (1998))
(Volpe national accident probabilities using statistics and expert opinion. lack employment of stochastic
Transportation Centre methods
(1997)).
Puget Sound area Simulation or on expert opinion for cost Clean up cost and environmental
(uSCG (1999)). benefit analysis damage omission
accident on a particular transit depends on Risk and reliability modeling involves haz-
a set of risk variables which required to be ard identification, risk screening, broadly
analyzed for necessary conclusion of pro- focused, narrowly focused and detailed anal-
spective reliable design. ysis, Table 2 shows iterative method that can
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 155 2/19/2010 11:04:24 AM
12. 156 SulaIman et al.
TaBlE 2
Process table.
Process Suitable techniques
HaZID HaZOP, What if analysis, FmEa, FmECa
Risk analysis FTa, ETa
Risk evaluation Influence diagram, decision analysis
Risk control option Regulatory, economic, environmental and function elements matching
and iteration
Cost benefit analysis ICaF, net Benefit
Human reliability Simulation/ Probabilistic
uncertainty Simulation/probabilistic
Risk monitoring Simulation/ probabilistic
be incorporated for various needs and stages ii. Fact analysis for check of consistency of
of the process. accident history
iii. Conclusion on causation and contributing
factor
iv. Countermeasures and recommendations
6.0 accIdent analysIs
for prevention of accident
accident and incident need to be prevented The process is followed by probability and
as the consequence could result to compro- stochastic calculation analysis of cause and
mise to safety leading to unforgettable losses frequency model where value of each node
and environmental catastrophic. Past engi- extracted from data according to operational
neering work has involved dealing with acci- situation are used in system modeling. The
dent issues in reactive manner. System failure process is then followed by severity calcula-
and unbearable environmental problems call tion analysis of consequence model where the
for new proactive ways that account for eq- probability for each branch and the value of
uity requirement for human, technology and end state (severity) is fetched from modelled
environment interaction in the system. The database.
accidental categories and potential failure
in waterways is shown in figures 9. Figure
collision contributory factors modeled from 6.1 Collision Scenario
RElEX software.
The whole process starts with system de- Collision is the structural impact between
scription, functionality, regulatory determina- two ships or one ship and a floating or still
tion and this is followed with analysis of: objects that could result to damage. Collision
is considered infrequent accident occurrence
i. Fact gathering for understanding of con- whose consequence in economical, environ-
tribution factor mental and social terms can be significant.
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 156 2/19/2010 11:04:24 AM
13. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 157
FIGuRE 9
accident scenario.
FIGuRE 10
Collision contributing factors modelled from RElEX software.
Prevention of collision damages is likely to drifting towards objects also need to be ac-
be more cost-effective than mitigation of counted for. The collision model scenario
its consequences. Probabilistic predictions also involves data characteristic of hull ar-
can be enhanced by analysing operator ef- eas and environmental information; major
fects, drifting and loss of power or propulsor contributing factors to collision are shown
that take into account ship and waterway in Figure 11.
systems, people and environment into con- Outcome of analysis is followed by suitable
sideration. Other causative factors like the Risk Control Options (RCO), where itera-
probability of disabled ship as function of tion of factual functionality and regulatory
ship type, the probability of a disabled ship elements is checked with cost. The benefit
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 157 2/19/2010 11:04:24 AM
14. 158 SulaIman et al.
Human errors
Failure on propulsion machinery and steering failure
Causes of
Ship Collision Environment
Factor related to the ship
Other factors related to accident
FIGuRE 11
Cause of collision.
realised from safety, environmental protec- preceded by related events that can be detected
tion and effect of the probability of high level and corrected by having underlying root causes
of uncertainty associated with human and ranging from human errors, equipment fail-
organizational contributing factor to risk ures, or external events. The result of frequency
of collision are also important. The risk and consequence analysis is checked with risk
process functions to determine and deduce acceptability index for industry of concerned.
the idea for modest, efficient, sustainable Tables 3 and 4 show risk acceptability criteria
and reliable system requirement and arrange- for maritime industry. The analysed influence
ment (Parry, G., 1996; Pate Cornell, m.E., diagram deduced from the comparison can be
1996). Collision carried the highest statistic followed with cost control option using cost of
in respect to ship accident and associated cau- averting fatality index or Imply Cost of avert-
sality. The consequences of collision are: ing Fatality (ICaF) and as low as Reasonable
Possible (alaRP) principle.
i. The loss of human life, impacts on the
economy, safety and health, or the envi-
ronment; 6.2 Failure Modes Effect Analysis (FMEA)
ii. The environmental impact, especially in
the case where large tankers are involved. a Failure modes Effect analysis (FmEa)
However, even minor spills from any kind is a powerful bottom up tool for total risk
of merchant ship can form a threat to the
environment; TaBlE 3
iii. Financial consequences to local communi- Frequency risk acceptability criteria for maritime industry.
ties close to the accident, the financial con- Frequency
sequence to ship-owners, due to ship loss classes Quantification
or penalties;
Very unlikely once per 1000 year or more likely
iv. Damage to coastal or off shore infrastruc-
Remote once per 100- 100 year
ture, for example collision with bridges.
Occasional once per 10- 100 year
Probable once per 1- 10 years
Collision events are unplanned, always possi-
Frequent more often than once per year
ble, but effectively manageable and frequently
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 158 2/19/2010 11:04:24 AM
15. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 159
Table 4
Consequence risk acceptability criteria for maritime industry.
Quantification Serenity Occurrence Detection RPN
Current failure that can result to death failure, performance catastrophic 1 2 10
of mission
Failure leading to degradation beyond accountable limit and critical 3 4 7
causing hazard
Controllable failure leading to degradation beyond major 4 6 5
acceptable limit
nuisance failure that do not degrade system overall minor 7 8 2
performance beyond acceptable limit
analysis. FmEa is probably the most com- iii. listing the effects of the failure mode:
monly used for qualitative analysis and is also what does the failure mode mean to stake-
the least complex. FmEa has been employed holders.
in the following areas: iv. Rating severity of the effect : 1 being not
severe at all and 10 being extremely
i. The aerospace industry during the apollo severe.
missions in the 1960s. v. Identifying the causes of the failure mode
ii. The uS navy in 1974 developed a tool effect and rank the effects in the occur-
which discussed the proper use of the tech- rence column: the scoring denotes how
nique. likely this cause will occur. Score of 1
means it is highly unlikely to ever occur
Today, FmEa is universally used by many dif- and 10 means we expect it to happen all
ferent industries. There are three main types of the time.
FmEa in use today: vi. Identifying the controls in place to detect the
issue and rank its effectiveness in the detec-
i. System FmEa: concept stage design sys- tion column: 1 would mean there are excel-
tem and sub-system analysis. lent controls and 10 would mean there are
ii. Design FmEa: product design analysis no controls or extremely weak controls.
before release to manufacturers.
iii. Process FmEa: manufacturing assembly It is strongly recommended that Serenity, Oc-
process analysis. currence and Detection (SOD)for weak control
should be noted. SOD numbers is multiplied
analyzing FmEa involves: and the value is stored in RPn (risk priority
number) column. This is the key number that
i. listing key process steps in firm column will be used to identify where the team should
for the highest ranked items risk matrix. focus first. If, for example, there is case with
ii. listing the potential failure mode for each severity of 10 (very severe), occurrence of 10
process step: how the process input could (happens all the time), and detection of 10 (can-
go wrong. not detect it) RPn is 1000. This indicates a seri-
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 159 2/19/2010 11:04:24 AM
16. 160 SulaIman et al.
ous situation that requires immediate attention. where the graph falls, step for risk control
The consequence could further be broken down option and sustainability balancing, cost ben-
into effect for ship, human safety, oil spill, dam- efit effectiveness towards recommendation
age, ecology, emission and other environmetal for efficient, reliable, sustainable decision
impacts. number 1–10 are assigned according can be taken. The frequency (F) of accidents
to level of serenity. Risk priority number (RPn) involving consequence (n) or more fatali-
for total serenity is determining as follows: ties may be established in similar ways as
individual or societal risk criteria. For risks
RPn = S X O X D (3) in the unacceptable/intolerable risk region,
the risks should be reduced at any cost. Risk
matrix constructed from system and sub sys-
6.3 ALARP principal, risk acceptability tem level analysis can be deduced according
criteria and risk control option to acceptability index defined according to
table 5 and figure 12 to deduced measure
Consequence thresholds priority of value of alaRP. Within alaRP range, Cost Ef-
choice is awarded. The highest Consequence fectiveness assessment (CEa) or Cost Ben-
tripped in order of priority give the overall efit analysis (CBa) shown in Figure 13 may
consequence. Catastrophic: Descriptors of be used to select reasonably practicable risk
catastrophic consequences for 1. People; 2. reduction measures.
Infrastructure; 3. Values. Major: Descriptors
of major consequences for 1. People; 2. In-
frastructure; 3. Values. Moderate: Descriptors
7.0 rIsk analysIs consIderatIons
of moderate consequences for 1. People; 2.
Infrastructure; 3. Values. Minor: Descriptors
of minor consequences for 1. People; 2. Infra- In addition to a sound process, robust
structure; 3. Values. Insignificant: Descriptors risk framework and eventual deductive risk
of insignificant consequences for 1. People; model, there are other considerations that
2. Infrastructure; and 3. Values. should be factored into the design of an ef-
Risk acceptability criteria establishment is fective risk model. These items include the use
dynamic because of differences in environ- of available data, the need to address human
ment, diversity in industries and choice of factors, areas of interest, stakeholder interest
regulations requirement to limit the risk. Risk and approaches to treating uncertainty in risk
is never acceptable, but the activity implying analysis. Data required for risk work should
the risk may be acceptable due to benefits of involve information on traffic patterns, the
safety reduced, fatality, injury, individual risk, environment (weather, sea conditions, and
societal risk, environment and economy. Per- visibility), historical, current operational
ception regarding acceptability is described performance data, and human performance
by Green et al (1998). The rationality may data. The models intentions are highly de-
be debated, societal risk criteria are used by pendent on appropriately selected databases
increasing number of regulators. that accurately represent the local situation
Figure 12 shows prescribed illustrative in- and the effectiveness of the models. However,
fluence diagram by ImO. Based on region there is always issue of missing data or data
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 160 2/19/2010 11:04:25 AM
17. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 161
FIGuRE 12
Influence diagram, alaRP = as low as Reasonably Practicable: Risk level boundaries (negligible/alaRP/Intolerable).
TaBlE 5
Risk matrix.
costt Diferent between cost of polution
control and environmetal damage
Minimum sum of cost Cost of polution control
High damage cost with
no control
No economic gain from
polusion control
Cost of damage from
polution
Minimum sum of cost
FIGuRE 13
Risk cost benefit and sustainability analysis curve.
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 161 2/19/2010 11:04:25 AM
18. 162 SulaIman et al.
limitations especially for complex system and scale systems with limited physical oversight.
their low frequency, high consequence nature. assessing the role of human and organiza-
Therefore creative procedures are required tional performance on levels of risk in the
to develop compensation for data relation- system is important, such error is often cited
ships. The model could use probabilistic, as a primary contributor to accident, which
stochastic, simulation and expert judgments end up leaving system with many more un-
couple existing deterministic and historical known. Expert judgments and visual real-
method for a reliable system analysis of de- ity simulation can be used to fill such un-
sired design (m. kok, H.l. Stipdonk, W.a. de certainty gaps and others like weather data.
Vries, 1995; Stiehl, G.l., 1977). Even when attempts are made to minimize
When insufficient local data is available, errors from expert judgments, the data are
world wide data from other areas may be inherently subject to distortion and bias. With
referred to (e.g., Europe, south and north an extensive list of required data, there are
america). However, ones need to make as- limits that available data can place on the ac-
sumptions about the similarity of operations curacy, completeness and uncertainty in the
in the concerned area or elsewhere. This is to risk assessment results. Expert judgments give
ensure how behaviour in one aspect of opera- prediction about the likelihood that failures
tional (e.g., company management quality) that would occur in specific situations can
parameter (e.g., loss of crew time) correlates be used to quantify human reliability input
with another area (e.g., operations safety). in risk process.
The data from other areas can be used as uncertainty is always part of system behav-
long as major parameters and environmen- iour. Two common uncertainties are: aleatory
tal factors are compared and well matched. uncertainty (the randomness of the system
Care is required with the use of worldwide itself) and epistemic uncertainty (the lack of
data as much of those data are influenced knowledge about the system). aleatory un-
by locations or local environmental condi- certainty is represented by probability mod-
tions (Skjong, R., 2002). Electronic access els while epistemic uncertainty is represented
to worldwide casualty data such as the Paris by lack of knowledge concerning the param-
mOu, u.k., marine accident Investigation eters of the model (Pate Cornell, m.E., 1996).
Board (maIB) and ImO Port State detention aleatory uncertainty is critical, it can be ad-
databases makes possible access to worldwide dressed through probabilistic risk analysis
casualty statistics. Diligence should also be while epistemic uncertainty is critical to al-
observed about the large number of small low meaningful decision making. Simulation
scale, localized incidents that occur that are offers one of the best options to cover extreme
not tracked by marine safety authorities, e.g case uncertainty besides probability. Evalua-
small craft (not always registered or being tion and comparison of baseline scenario to
able to be detected by VTS, aIS) accidents a set of scenarios of interest (tug escort) and
in waterways. american Bureau of shipping operational circumstance including timelines
(aBS) has begun an effort to identify precur- and roles can also be incorporated. Response
sors or leading indicators of safety in marine Scenarios can also be analysed for things
transportation. Human Factors modelling that can not be imagined or modeled to be
should be considered for distributive, large accounted for in the simulator (especially real
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 162 2/19/2010 11:04:25 AM
19. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 163
time). a flexible critical path and slack analysis iv. Comparing the model behaviour applica-
can be performed as input to the system simu- tion to other rivers of relative profile and
lation and uncertainty analysis (Cahill (1983) vessel particular or comparison of improve-
and Emi et al., (1997)). a safety culture ques- ment plan implemented like traffic separa-
tionnaire which assesses organizational, vessel tion scheme (TSS).
safety culture and climate can be administered v. Triangulating analysis of sum of probabil-
to provide quantitative and qualitative input to ity of failure from subsystem level failure
the safety culture and environmental percep- analysis.
tion analysis for sustainable system design. vi. Plotting of lognormal, probability density
cumulative and density function.
7.1 Between Reliability and Validation
8.0 conclusIon
Further reliability work and validation of
the risk analysis could be activated through
the following: Following irreparable and economic loses
from traditional reactive action against ac-
i. accident means, variance and standard cident and incessant system failure, institu-
deviation from normal distribution tions are evolving with hybrid proactive top
down and bottom up system based approach
For 10 years = > mean (µ) = 10 × Fc (4) that account for total risk associated with
system lifecycle to protect the environment
Variance (σ) = 10 × Fc × (1 - Fc), and prevent accident. Those that cannot be
Standard deviation = σ , Z = (X - µ)/σ (5) prevented and protected need or must be con-
trolled under risk and reliability based design
ii. year for system to fail from binomial, mean / operability platform.
time to failure and poison distribution. Development of novel method to address
Poison distribution probability at n trial is each contributing factor to accident is very
represented by: important. The potential for inland water is
great and there is a need to implement ImO
N
Fr (N / γ, Τ) = e γ,Τ ( ) γ , ( γ ⋅ T) N! (6) rules model to mitigate accident risk. Colli-
sion risk is much common and propulsion
where y = Fc, T = time to fail failure, loss of navigation control and hu-
man error are the sub system contributing
iii. Binomial distribution – for event that factors. Preceding total risk qualitative sys-
occurs with constant probability P on each tem description and hazard identification,
trail, the likelihood of observing k event in probabilistic and stochastic process quanti-
n trail is binomial distribution. tative analysis can be performed for system
level analysis, while fault tree and event tree
N
L(K / N, P) = P K (1 - P)
N,K
P (7) quantitative analysis can be utilized to de-
termine risk index of the subsystem factors.
average number of occurrence is nP Interpretation of risk index into alaRP in-
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 163 2/19/2010 11:04:25 AM
20. 164 SulaIman et al.
fluence diagram can provide decision support of Experts on the Scientific aspects of marine Pollution.
Blackwell Scientific Publications. london.
information necessary for cost control option
Cahill, R.a., 1983. Collisions and Their Causes. london,
towards sustainable, reliable, efficient tech- England: Fairplay Publications.
nology choice for system design and opera- Cooke, R.m., 1997. uncertainty modeling: Examples and Issues.
tion. The cumulative results from qualitative Safety Science. 26:1, 49–60.
analysis can be made more reliable through Det norske Veritas, 2004. Thematic network for Safety
assessment of Waterborne Transportation. norway.
iterative quantitative, scientific, stochastic
Guedes Soares. C., a.P. Teixeira., 2001. Risk assessment in
and reliability analysis. These methods pro-
maritime Transportation. Reliability Engineering and
vide valuable and effective decision support System Safety. 74:3, 299–309.
tool for application of automated system kite-Powell, H.l., D. Jin, n.m. Patrikalis, J. Jebsen, V.
engineering analysis that facilitate inclusion Papakonstantinou, 1996. Formulation of a model for Ship
Transit Risk. mIT Sea Grant Technical Report. Cambridge
of reliability, environmental protection and ma. 96–19.
safety as part of the iterative design proc- Emi, H. et al., 1997. an approach to Safety assessment for Ship
esses for new and innovative marine system Structures, ETa analysis of engineroom fire, Proceedings
of ESREl ’97. International Conference on Safety and
designs. Intelligently adoption of those proc-
Reliability. Vol. 2.
esses eventually can result to safer, efficient,
Parry, G., 1996. The Characterization of uncertainty in
more reliable and sustainable system. Probabilistic Risk assessments of Complex Systems
Reliability Engineering and System Safety. 54:2-3. 119–126.
Roeleven, D., m. kok, H.l. Stipdonk, W.a. de Vries, 1995.
Inland Waterway Transport: modeling the Probabilities of
references accidents. Safety Science. 19:2-3. 191–202.
Skjong, R., 2002. Risk acceptance Criteria: Current Proposals
and ImO Position. Proceedings of the conference on Surface
International Convention for the Safety of life at Sea (SOlaS), Transport Technologies for Sustainable Development.
2004. International maritime Organization (ImO). Edition, Valencia. Spain.
Consolidated london.
Stiehl, G.l., 1977. Prospects for Shipping liquefied natural Gas.
Bottelberghs P.H., 1995. QRa in the netherlands. Conference on marine Technology. 14:4. 351–378.
Safety Cases. IBC/DnV. london.
n. Soares, C., a.P. Teixeira 2001. Risk assessment in maritime
Report of marine accident, 2009. https://www.mlit.go.jp/12english/ Transportation. Reliability Engineering and System Safety.
maia/publications/report2003/causes.pdf, accessed in march. 74:3. 299–309.
Skjong, R., Vanem, E. & Endersen, O., 2005. Risk Evaluation Pate Cornell, m.E., 1996. uncertainties in Risk analysis: 6 levels
Criteria. SaFEDOR. 2005. Deliverable D.4.5.2 (Submitted of Treatment. Reliability Engineering and System Safety.
to mSC 81 by Denmark). 54:2-3. 95–111.
International maritime Organisation (ImO). International
Convention for the Safety of life at Sea (SOlaS), 2006.
(1974). amendments. Chapter II-2, Part D, Reg. 13. means
of Escape.
International maritime Organisation (ImO). amendments to the
Guidelines for Formal Safety assessment (FSa), 2006 for
use in the ImO Rule making Process. mSC/ mEPC.2 / Circ
5 (mSC/Circ.1023 – mEPC/Circ.392).
murphy, D.m. & m.E. Paté-Cornell., 1996. The Sam Framework.
a Systems analysis approach to modeling the Effects of
management on Human Behavior in Risk analysis. Risk
analysis. 16:4. 501–515.
GESamP, 1990. The State of the Marine Environment, ImO/
FaO/unESCO/ WmO/WHO/IaEa/un/unEP Joint Group
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 164 2/19/2010 11:04:26 AM
21. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 165
Appendix 1: Risk analysis process flow chart and Process log
Step 1
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 165 2/19/2010 11:04:26 AM
22. 166 SulaIman et al.
Step 1
S/n activity Input Interacting sub- Critical issues Controls Controling Output
Comment
process measuremnet
output
1 Input from Scope & detail making checklist Scope of - - Scope of
problem from checklist research, relevant HaZaRD
definition according to rule IDEnTIFI-
& regulation CaTIOn process
Stake holder Profile - Contribution, Qualification, Team structure. HaZID
availability experience, facilitation
planning
round table
scheduling
Select recorder Data recording - ability to capture use of monitoring of Selected recorder
relevant inputs software, tape- records
recording
Obtain Casualty Root cause analysis Validity of the Input from Convergent character assimilated data
necessary statistic, data, of accident s and input data reputable of inputs
information, expert input incidents databases
data and relevant
&supporting experience
documents
Schedule & all- Time for Selection Time for round Schedule
organize meting engagement completion of of stand by table session
distribute HaZID process, alternative
material cost of meeting
Barnstorming to Casualty What If , checklist, Environmental Evaluation of Divergent of input Identify accident
identify accident statistic, data , FmEa, HaZOP, and stake holder inputs scenarios
scenario using expert input RCa, Task analysis attitude
e.g. DElPHI,
what- if /
checklist,
FmEa, HaZOP,
RCa, Task
analysis
Comprehensive? accident Divergent - Classification of Decision
scenario relevant of inputs inputs contribute of
process
Estimate Each accident FmEa, FTa (with Validity of result Validation with Variation from Frequency
frequency: select scenarios HRa) reported data reported data estimate (F)
appropriate experience
technique e.g.
FmEa, FTa
( with HRa)
Estimate Each accident ETa, HaZOP, Validity of result Validation with Variation from Consequence
consequence: scenarios WHaT-IF (with reported data reported data estimate (C)
select HRa) experience
appropriate
technique e.g.
ETa, HaZOP,
WHaT-IF (with
HRa)
Classify and accident - Establish Reported data % of generated Rank scenario
rank hazards scenario(F risk matrix, and experience scenarios
&C) elimination of members
of irrelevant
scenario
Summary / accident - Reasoning on Documents Step one summary Output from
result scenario(F ranking , clarity standards and presentation step 1
&C) (ImO, IaCS,
PIanC, luaS)
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 166 2/19/2010 11:04:26 AM
23. SaFETy anD EnVIROnmEnTal RISk anD RElIBIalITy mODElInG PROCESS 167
Step 2
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 167 2/19/2010 11:04:27 AM
24. 168 SulaIman et al.
Step 2
S/n activity Input Interacting sub- Critical issues Controls Controling Output
Comment
process measuremnet
output
1 Prioritize list Input from - assessment of -
of hazardous hazard most significant
scenarios identification accident scenario
2 Prioritize list Preparation making checklist Contribution, Qualification , Size , dates Step 2 tools,
of hazardous phase for step 2 for step 2 availability experience , planning team,
scenarios activities assessment of tools and and scheduling stakeholder
(Refer Indicative stakeholders planning
Checklist)
3 Identify hazard Select hazard ability to mapped result from - Selected
list scenario scenario capture relevant step 1 scenarios
inputs
4 Scenario data analysis of Root cause Validity of input Input from reputed Convergence assimilated
scenario data analysis(RCa) data data based , relevant characteristics of data
of incident and of accident s and experience of inputs
accident incidents members
5 Scenario data, Identifying Grouping initiators Correct sequence Drawing up avoidance of double Identify
experience , step initiative events of events preliminary event counting, number of initiating
1 details, RCa thre events events
6 Data experience, Developing ETa, What – if / Common Evaluation against Structure of event Event tree
igniting events events three checklist, FmEa, cause failures, HaZID three time to
HaZOP,RCa, Task correctness of construct
analysis models, domino
effects
7 Data experience, Developing FTa FmEa Correctness Evaluation of Structure of fault Fault trees
initiating events fault trees of model, minimal cut sets tree, time to with cuts –
assumption in construct sets
system definition
8 Events tree and Developing ETa & FTa Construct Validation with - Risk
fault tree of risk of FTa`s for reported data/ contribution
contribution initiative and experience three (RCT)
trees critical events
9 Historical data Calculation of Validation of Variation from -variation from Frequency
frequency of result reported data/ reported data estimate F
events experience
10 Historical data Calculation of Validation of Variation from Variation from Consequence
frequency of result reported data/ reported data estimate ,
events experience
11 Scenario , F&C Credibility Validation of Variation from Variation from Credibility
check result reported data/ reported data scenario
experience
12 RCT frequency Quantifying Risk matrix Fn Validation of Variation from Variation from
&consequences RCa, Risk Calculation result reported data/ reported data
matrix, Fn experience
CuRVE
13 Evaluation of - Reliability Validity with Variation from uncertainty
RCT frequency uncertainty estimates reported data reported data analysis’s
&consequences
`14 Risk assessment acceptance of Reference to application Validation with Risk evaluation Output from
uncertainties results acceptance of acceptance published data step 2
standard step 3 standards
and 4
15 Step 2 output documentation - Coverage clarity Documentation Contents Summary
standards (ImO, presentation
IaCS, PIanC)
Journal of marine Environmental Engineering
145-173 pp MB_37(Kader)2.indd 168 2/19/2010 11:04:27 AM