3. Department
of
Chemical
Engineering
Introduction
• Having identified a range of risks we now need to consider which are the
most serious risks in order to determine where to focus out attention and
resources.
• We need to understand both their relative priority and absolute
significance.
• People generally are not inherently good at analyzing risk.
• We tend to take decisions swayed by our emotional response to a situation
rather than an objective assessment of relative risk.
• We are similarly bad at looking at probability in a holistic way.
• People generally focus on risks that have occurred recently even though
another risk may have happened exactly the same number of times over
the last five years.
4. Department
of
Chemical
Engineering
Qualitative Vs. Quantitative
• We must accept that most of the risk analysis done in our environment will
be of a qualitative nature.
• Few of us have the skills, time or resources to undertake the kind of
quantitative modeling that goes on in major projects in the commercial
sector.
• It is possible to improve the objectivity of your analysis without getting into
complex calculations or needing specialist software tools.
• We have already said that it pays to involve a range of people in the
identification and analysis of risk.
• Each will of course bring their own bias to the analysis but if you
understand your organization and stakeholders it ought to be possible to
separate out the valuable experience from the personal agendas
5. Department
of
Chemical
Engineering
Probability & Impact
In deciding how serious a risk is we tend to look at two parameters:
1. Probability - the likelihood of the risk occurring
2. Impact - the consequences if the risk does occur Impact can
be assessed in terms of its effect on:
• Time
• Cost
• Quality
3. There is also a third parameter that needs to be considered:
Risk proximity - when will the risk occur?
6. Department
of
Chemical
Engineering
Proximity
• Proximity is an important factor yet it is one that is often ignored.
• Certain risks may have a window of time during which they will impact.
• A natural tendency is to focus on risks that are immediate when in reality it
is often too late to do anything about them and we remain in 'fire-fighting'
mode.
• By thinking now about risks that are 18 months away we may be able to
manage them at a fraction of the impact cost.
• Another critical factor relating to risk proximity is the point at which we
start to lose options.
• At the start of a project there may be a variety of approaches that could be
taken and as time goes on those options narrow down.
7. Department
of
Chemical
Engineering
Scaling Process
• Assessment of both probability and impact is subjective but your
definitions need to be at an appropriate level of detail for your project.
• The scale for measuring probability and impact can be numeric or
qualitative but either way you must understand what those definitions
mean.
• Very often the scale used is High, Medium and Low.
• This is probably too vague for most projects.
• On the other hand a percentage scale from 1-100 is probably too detailed.
• Use enough categories so that you can be specific but not so many that you
waste time arguing about details that won't actually affect your actions.
10. Department
of
Chemical
Engineering
Assigning Numeric Scales
• The next table doubles the numeric value each time
on the impact scale.
• This is perhaps a more useful model as it gives more
weight to risks with a high impact.
• A risk with a low probability but a high impact is thus
viewed as much more severe than a risk with a high
probability and a low impact.
• This avoids any 'averaging out' of serious risks.
11. Department
of
Chemical
Engineering
scale with double values for Impact
• A risk with a low probability
but a high impact is thus
viewed as much more
severe than a risk with a
high probability and a low
impact.
12. Department
of
Chemical
Engineering
Promote or Demote
• It is questionable whether the amber risks warrant separate
classification in terms of your response strategy and it is
suggested that you examine each in turn and either 'promote' or
'demote' them to red or green.
• This can be important in assessing the overall level of risk
especially if you opt for the straightforward linear scale in the first
table.
• This means particularly being clear about what you mean by a
'medium' level of probability.
13. Department
of
Chemical
Engineering
Promote or Demote
The diagram below shows the previous example with the amber risks demoted or promoted (here those risks
with a value of 10 or above have been promoted to red, below 10 demoted to green).
14. Department
of
Chemical
Engineering
Promote or Demote
• Cutting your risk categories down in this way leaves you with two
sets of risks requiring a response strategy:
• Red Risks = Unacceptable.
• We must spend time, money and effort on a response.
• This is likely to be at the level of the individual risk.
• Green Risks = Acceptable.
• This does not mean they can be ignored.
• We will cover them by means of contingency.
• This means setting aside a sum of money to cover this group of
risks.
16. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source Effect
Modelling
Concept Definitions
Hazard – An intrinsic chemical, physical, societal, economic or political condition
that has the potential for causing damage to a risk receptor (people,
property or the environment).
A hazardous event (undesirable event) requires an initiating event or failure and then either
failure of or lack of safeguards to prevent the realisation of the hazardous event.
Examples of intrinsic hazards:
• Toxicity and flammability – H2S in sour natural gas
• High pressure and temperature – steam drum
• Potential energy – walking a tight rope
16
34. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Effect
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source
Modelling
Liquid Release from a Pressurised Storage Tank
Pressurised storage tanks containing liquefied gas are of
particular interest as their temperature is between the
material’s boiling temperature at atmospheric pressure and
its critical temperature. A release will cause:
- A rapid flash-off of material.
-The formation of a two-phase jet which could create a liquid pool
around the tank. The pool will evaporate over time.
-Formation of small droplets which could form a cloud that is denser
and cooler than the surrounding air. This is a heavy gas cloud which
remains close to the ground and disperses slowly.
34
43. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
Flammability
Ignition – A flammable material may be ignited by the combination of a fuel and
oxidant in contact with an ignition source. OR, if a flammable gas is
sufficiently heated, the gas can ignite.
Minimum Ignition Energy (MIE) – Smallest energy input needed to start
combustion. Typical MIE of hydrocarbons is 0.25 mJ. To place this in
perspective, the static discharge from walking across a carpet is 22 mJ;
an automobile spark plug is 25 mJ!
Auto-Ignition Temperature – The temperature threshold above which enough
energy is available to act as an ignition source.
Flash Point of a Liquid – The lowest temperature at which a liquid gives off
sufficient vapour to form an ignitable mixture with air.
43
44. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
31
Combustion Definitions
Explosion – Rapid expansion of gases resulting in a rapidly moving pressure or
shock wave.
Physical Explosion – Results from the sudden failure of a vessel containing
high-pressure non-reactive gas.
Confined Explosion – Occurs within a vessel, a building, or a confined space.
Unconfined Explosion– Occurs in the open. Typically the result of a flammable
gas release in a congested area.
Boiling-Liquid Expanding-Vapour Explosions – Occurs if a vessel containing a
liquid above its atmospheric pressure boiling point suddenly ruptures.
Dust Explosion – Results from the rapid combustion of fine solid particles
suspended in air.
49. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
36
Modelling Major Fires
The goal of models is to…
o Assess the effects of thermal radiation on people, buildings and equipment – use
the empirical radiation fraction method
o Estimate thermal radiation distribution around the fire
o Relate the intensity of thermal radiation to the damage – this can be done using the
PROBIT technique or fixed-limit approach
Modelling methods
1. Determine the source term feeding the fire
2. Estimate the size of the fire as a function of time
3. Characterise the thermal radiation released from the combustion
4. Estimate thermal radiation levels at a receptor
5. Predict the consequence of the fire at a receptor
57. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
Classifying Hazards for Consequence Modelling
In general, hazard effects associated with releases can be classified in to the
following:
1. Thermal Radiation – Radiation could affect a receptor positioned at some distance from a
fire (pool, jet, fireball).
2. Blast Pressure Wave – A receptor could be affected by pressure waves initiated by an
explosion, vapour cloud explosion or boiling liquid expanding vapour explosion
3. Missile Trajectory – This could result from ‘tub rocketing’.
4. Gas Cloud Concentrations – Being physically present in the cloud would be the
primary hazard.
5. Surface/ Groundwater Contaminant Concentrations – Exposure to
contaminated drinking water or other food chain receptors could adversely effect health
57
58. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
Consequence Models
These models are used to estimate the extent of potential damage caused by a
hazardous event. These consist of 3 parts:
1. Source Term – The strength of source releases are estimated.
2. Hazard Levels or Effects –Hazard level at receptor points can be estimated
for an accident.
• Fire: A hazard model will estimate thermal radiation as a function of distance from the
source.
• Explosion: A hazard model will estimate the extent of overpressure. NO concentrations of
chemical are estimated.
1. Consequences – Potential damage is estimated. Consequence of interest will
be specific to each receptor type (humans, buildings, process equipment, glass).
58
59. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source Effect
Modelling
Source Term for Hazardous Material Events
Source models describe the physical and chemical processes occurring during the
release of a material. A release could be an outflow from a vessel, evaporation
from a liquid pool, etc.
The strength of a source is characterised by the amount of material released.
A release may be:
- instantaneous: source strength is total mass released m [units: kg]
- continuous: source strength is rate of mass released [units: kg/s]
The physical state of the material (solid, liquid, gas) together with the
containment pressure and temperature will govern source strength.
59
66. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
Benzene
Pressurised in a
Pipeline
Liquid Flow Through a Hole - Example
Consider a leak of benzene from 0.63 cm orifice-like hole in
a pipeline. If the pressure in the pipe is 100 psig, how much
benzene would be spilled in 90 minutes? The density of
benzene is 879 kg/m3.
Area of Hole
Volume = 2.07 kg/s * (90 min * 60 sec/min * 1/879 m3/kg = 12.7 m3
Area = π/4 D2
Area = (π/4 * 0.0063)2
Area = 3.12 x 10-5 m2
Qm A Co 2 g Pg
m
Q (3.12 x 105
m2
)(0.61) 2 (879 kg / m3
)(9.81 m / s2
)(689 x103
kg / m2
s2
)
Qm 2.07 kg / s
66
Volume of Spill
76. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
Generation of Toxic Combustion Products
• Industrial fires can release toxic substances. Generation is
dependent on availability of combustion mixture and
oxygen supply.
• Combustion temperature determines the products
generated – more complete combustion occurs at higher
temperatures
• Toxic combustion products include:
Component in Burned Material Combustion Product
Halogen HCl, HF, Cl2, COCl2
Nitrogen NOx, HCN, NH3
Sulphur SO2, H2S, COS
Cyanide HCN
Polychlorinated aromatics and biphenyls HCl, PCDD, PCDF, Cl2 76
79. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Modelling
Consequence Source Hazard Effect
66
Fundamentals of Transport and Dispersion
Hazardous material releases (from containment) can occur into/on:
1. Moving media (water, air)
– Transport is dependent on speed of currents and turbulence level
2. Stationary media (soil)
- Release can be carried away by rain – potential surface water contamination
- Release can slowly diffuse through the soil for potential groundwater contamination.
- Diffusion in the soil mediates movement into groundwater
The hazardous material is the contaminent
and the moving media is the carrying medium.
Spread of the release in the environment can occur by advection (transport over
large scale), turbulence (dispersion over small scale) or diffusion. Diffusion is
negligible compared to other routes.
80. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Effect
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source
Modelling
67
Fundamentals of Transport and Dispersion
Releases into Air
- Spread dependent on winds and turbulence
- Relative density to air is critical
- Contaminants can travel very large distances in a short time (km/h)
- Difficult to contain or mitigate after release
Releases on Water
- Spread dependent on current speeds
- Miscibility/ solubility and evaporation is important
- Spill will be confined to the width of a small river – easy to estimate the spread of the release
- Spill likely not to reach sides of a large river
- Containment is possible after release
Releases on Soil
- Spread dependent on migration in soil
- Miscibility/ solubility and evaporation is important
- Contaminants travel VERY slowly [m/yr]
105. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Effect
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source
Modelling
Summary of Hazard Models
A hazardous release can be released into moving (air, water) or stationary (soil)
media.
Atmospheric releases are of greatest concern due to the challenges in containing
the release. These releases can occur into a stable, unstable or neutral
atmosphere. The plume of the hazardous material release will differ for each.
Heavy gases released into the atmosphere are also of concern. Heavy gas
behaviour, however, confines dispersion. When estimating downwind
concentrations of heavy gas release, it is important to note if the release is
continuous or instantaneous.
10
5
107. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source Effect
Modelling
Modelling the Consequences of a Hazardous Material Release
Consequence severity or potential damage, can be calculated at receptor locations. Recall
that receptors can be differentiated between individual and societal consequences.
INDIVIDUAL CONSEQUENCES
• Expressed in terms of a hazard or potential damage at a given receptor at a given
location in relation to the location of the undesirable event.
Human receptor – consequence of hazard exposure = fatality, injury, etc.
Building receptor – consequence of hazard exposure = destruction, glass breakage, etc.
SOCIETAL CONSEQUENCES
• Expressed as an aggregate of all the individual consequences for an event.
Add up all the individual receptors consequences (human, building, equipment) for total
exposed area.
10
7
108. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Effect
Modelling
Consequence Source Hazard
94
Modelling the EFFECT of a Hazardous Material Release
Receptors can be influenced by hazardous material through various transport media,
including atmospheric dispersion, groundwater contamination, soil erosion, etc.
Atmospheric transport is the most important in risk assessments.
Hazard effects for materials are:
CONCENTRATION (C) – used for toxic and carcinogenic materials and materials
with systemic effects.
THERMAL RADIATION (I) – used for flammable materials.
OVERPRESSURE (P0) – used for determining blast wave consequences such as
deaths from lung haemorrhage or injuries from eardrum rupture.
114. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Effect
Modelling
Consequence Source Hazard
PROBITS for Various Hazardous Material Exposures
114
Type of Injury/Damage Causative Variable
(V)
k1 k2
FIRE
Burn death from flash fire
Burn death from pool fire
(te Ie)^( (4/3)/104)
(t I)^( (4/3)/104)
-14.9
-14.9
2.56
2.56
EXPLOSION
Death from lung haemorrhage
Eardrum rupture
Death from impact
Injuries from impact
Injuries from flying fragments
Structural Damage
P0
P0
J
J
J
P0
-77.1
-15.6
-46.1
-39.1
-27.1
-23.1
6.91
1.93
4.82
4.45
4.26
2.92
TOXIC RELEASE
Carbon Monoxide death
Chlorine death
Nitrogen Dioxide death
Sulphur Dioxide death
Toluene death
ΣC1T
ΣC2T
ΣC2T
ΣC1T
ΣC2.5T
-37.98
-8.29
-13.79
-15.67
-6.79
3.7
0.92
1.4
1.0
0.41
te – effective time duration [s]
Ie – effective radiation intensity [W m-2]
t – time duration of the pool fire [s]
I – radiation intensity from pool fire [W m-2]
P0 – overpressure [N m-2]
J – impact [N s m-2]
C – concentration [ppm]
T – time interval [min]
Y k1 k2 lnV
124. Department
of
Chemical
Engineering
Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Effect
Modelling
Consequence Source Hazard
Damage Effect Estimates – Radiation Intensity
Radiation Intensity (kW m-2) Observed Damage Effect
124
37.5 Sufficient to cause damage to process equipment
25 Minimum energy required to ignite wood at indefinitely long exposures
12.5 Minimum energy required for piloted ignition of wood, melting of plastic tubing
9.5 Pain threshold reached after 8 seconds; second degree burns after 20 seconds
4 Sufficient to cause pain to personnel if unable to reach cover within 20 seconds; however, blistering of the
skin is likely (second degree burn) ; 0% lethality
1.6 Will cause no discomfort for long exposure
125. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Hazard
Source Effect
Modelling
Observed Damage Effect
125
Overpressure
Psig kPa Damage Effect Estimates –
0.02 0.14 Annoying noise (137 dB if of low frequency, 10–15 Hz)
Overpressure
0.03 0.21 Occasional breaking of large glass windows already under
0.04 0.28 Loud noise (143 dB), sonic boom, glass failure
0.1 0.69 Breakage of small windows under strain
0.15 1.03 Typical pressure for glass breakage
0.3 2.07 “Safe distance” (probability 0.95 of no serious damage below this value); projectile limit; some damage to house ceilings; 10% window glass broken
0.4 2.76 Limited minor structural damage
0.5–1.0 3.4–6.9 Large and small windows usually shatter; occasional damage to window frames
0.7 4.8 Minor damage to house structures
1 6.9 Partial demolition of houses, made uninhabitable
1–2 6.9–13.8 Corrugated asbestos shatters; corrugated steel or aluminum panels, fastenings fail, followed by buckling; wood panels (standard housing), fastenings fail,
panels blow in
1.3 9 Steel frame of clad building slightly distorted
2 13.8 Partial collapse of walls and roofs of houses
2–3 13.8–20.7 Concrete or cinder block walls, not reinforced, shatter
2.3 15.8 Lower limit of serious structural damage
2.5 17.2 50% destruction of brickwork of houses
3 20.7 Heavy machines (3000 lb) in industrial buildings suffer little damage; steel frame buildings distort and pull away from foundations
3–4 20.7–27.6 Frameless, self-framing steel panel buildings demolished; rupture of oil storage tanks
4 27.6 Cladding of light industrial buildings ruptures
5 34.5 Wooden utility poles snap; tall hydraulic presses (40,000 lb) in buildings slightly damaged
5–7 34.5–48.2 Nearly complete destruction of houses
7 48.2 Loaded train wagons overturned
7–8 48.2–55.1 Brick panels, 8–12 in thick, not reinforced, fail by shearing or flexure
9 62 Loaded train boxcars completely demolished
10 68.9 Probable total destruction of buildings; heavy machine tools (7000 lb) moved and badly damaged, very heavy machine tools (12,000 lb) survive
300 2068 Limit of crater lip
136. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Fault Trees – Typical Steps
STEP 1 – Start with a major accident of hazardous event (release of toxic/
flammable material, vessel failure). This is called a TOP EVENT.
STEP 2 – Identify the necessary and sufficient causes for the top event to occur.
How can the top event happen?
What are the causes of this event?
STEP 3 – Continue working backwards and follow the series of events that
would lead to the top event. Go backwards until a basic event
with a known frequency is reached (pump failure, human error).
136
141. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
127
Inhibit
Condition
AND GATE
Output event requires simultaneous
occurrence of all input events
OR GATE
Output event requires the
occurrence of any individual input
event.
INHIBIT EVENT
Output event will not occur if
the input and the inhibit
condition occur
BASIC EVENT
This is fault event with a known frequency
and needs no further definition.
INTERMEDIATE EVENT
An event that results from the
interaction of other events.
UNDEVELOPED EVENT
An event that cannot be developed further
(lack of information), or for which no further
development is expected
EXTERNAL EVENT
An event that is a boundary condition
to the fault tree.
Fault Trees Event Trees
Fault Tree Logic Transfer Components
Bow-Tie
142. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Fault Trees – BEFORE YOU START DRAWING THE TREE, Preliminary Steps
142
STEP 1 – Precisely define the top event.
STEP 2 – Define pre-cursor events.
What conditions will be present when the top event occurs?
STEP 3 – Define unlikely events. What events are unlikely to occur and are not being considered? Wiring failures,
lightning, tornadoes, hurricanes.
STEP 4 – Define physical bounds of the process. What components are considered in the fault tree?
STEP 5 – Define the equipment configuration. What valves are open or closed? What are liquid levels in tanks?
Is there a normal operation state?
STEP 6 – Define the level of resolution. Will the analysis consider only a valve or is it necessary to consider all valve
components?
143. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Fault Trees – DRAWING THE TREE
STEP 1 – Draw the top event at the top of the page.
STEP 2 – Determine the major events (intermediate, basic, undeveloped or
external events) that contribute to the top event.
STEP 3 – Define these events using logic functions.
a. AND gate – all events must occur in order for the top event to occur
b. OR gate – any events can occur for the top event to occur
c. Unsure? If the events are not related with the OR or AND gate, the event
likely needs to be defined more precisely.
STEP 4 – Repeat step 3 for all intermediate, undeveloped and external events.
Continue until all branches end with a basic cause.
143
145. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Fault Trees – Chemical Reactor Shutdown Example
Define the Problem
TOP EVENT = Damage to the reactor by overpressure
EXISTING CONDITION = Abnormal high process pressure
IRRELEVANT EVENTS = Failure of mixer, electrical failures, wiring
failures, tornadoes, hurricanes, electrical storms
PHYSICAL BOUNDS = Process flow diagram (on left)
EQUIPMENT CONFIG = Reactor feed flowing when solenoid valve
open
RESOLUTION = Equipment shown in process flow diagram
145
150. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Chemical Reactor Shutdown Example – Determining Minimal Cuts
After drawing a fault tree, we can determine minimum cut sets which are sets of
various unique event/condition combinations, without unnecessary additional
events/conditions which can give rise to the top event.
Each minimal cut set will be associated with a probability of occurring – human
interaction is more likely to fail that hardware.
It is of interest to understand sets that are more likely to fail using failure probability.
Additional safety systems can then be installed at these points in the system.
Example: The combination of A and B and C can lead to the Top Event. However, A
and B alone can lead to the Top Event, and C is unnecesary
150
155. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
142
Time, t Time, t Time, t
R(t)
P(t)
µ 1-P(t)
Fault Trees Event Trees Bow-Tie
Quantifying the Probability of the Top Event
Process equipment failures occur following interactions of individual components in a
system. The type of component interaction dictates the probability of failure.
A component in a system, on average, will fail after a certain time. This is called the
average failure rate (µ, units: faults/time).
Using the failure rate of a component, we can determine its reliability and probability
of failure.
Failure Rate Probability Reliability
t0
t
P(t) f (t)dt
158. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Failure data for typical
process components can be
obtained from published
literature.
Component Failure Rate, µ (faults/year)
Control Valve 0.60
Flow Measurement
Fluids
Solids
1.14
3.75
Flow Switch 1.12
Hand Valve 0.13
Indicator Lamp 0.044
Level Measurement
Liquids 1.70
Solids 6.86
pH Meter 5.88
Pressure Measurement 1.41
Pressure Relief Valve 0.022
Pressure Switch 0.14
Solenoid Valve 0.42
TemperatureMeasurement
Thermocouple 0.52
Thermometer 0.027
R(t) P(t)
0.55 0.45
0.32 0.68
0.02 0.98
0.33 0.67
0.88 0.12
0.96 0.04
0.18 0.82
0.001 0.999
0.003 0.997
0.24 0.76
0.98 0.02
0.87 0.13
0.66 0.34
0.59 0.41
0.97 0.03
Fault Trees Event Trees
Quantifying the Probability of the Top Event
158
Bow-Tie
159. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
The failure probability and
reliability of a component
can be calculated from its
known failure rate.
Component Failure Rate, µ (faults/year) R(t) P(t)
Control Valve 0.60 0.55 0.45
Flow Measurement
Fluids
Solids
1.14
3.75
0.32
0.02
0.68
0.98
Flow Switch 1.12 0.33 0.67
Hand Valve 0.13 0.88 0.12
Indicator Lamp 0.044 0.96 0.04
LevelMeasurement
Liquids
Solids
1.70
6.86
0.18
0.001
0.82
0.999
pH Meter 5.88 0.003 0.997
Pressure Measurement 1.41 0.24 0.76
Pressure Relief Valve 0.022 0.98 0.02
Pressure Switch 0.14 0.87 0.13
Solenoid Valve 0.42 0.66 0.34
TemperatureMeasurement
Thermocouple
Thermometer
0.52
0.027
0.59
0.97
0.41
0.03
Fault Trees Event Trees
Quantifying the Probability of the Top Event
159
Bow-Tie
160. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
147
Components in Parallel - AND gates
Reliability
Components in Series – OR gates
Failure Probability Reliability
Pi is the failure probability of each component
P1
P2
P
R1
R2
R
R1
R2
R
P1
P2
P
Fault Trees Event Trees Bow-Tie
Quantifying the Probability of the Top Event
We’ve discussed the failure probability of individual components. Failures in chemical
plants, result from the interaction of multiple components. We need to
calculate the overall failure probability and reliability of these component
interactions (R = 1 – P)
n is the totail1number of components
n
Failure Probability
P Pi
n is the total
i
n
1
umberof components
Ri is the reliability of each component
n
R 1 (1 Ri)
n
R Ri
i1
n
P 1 (1 Pi)
i1
166. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
153
Events 1 and 3
Events 2 and 3
Events 1 and 4
Events 2 and 4
P(1 and 3) = (0.13)(0.13) = 0.0169
P(2 and 3) = (0.04)(0.13) = 0.0052
P(1 and 4) = (0.13)(0.34) = 0.0442
P(2 and 4) = (0.04)(0.34) = 0.0136
TOTAL Failure Probability = 0.0799
Note that the failure probability calculated using
minimum cut sets is greater than using the
actual fault tree.
Fault Trees Event Trees Bow-Tie
Reactor Example – Quantifying the Probability of the Top Event
Minimum Cut Set Method
167. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
• Fault trees can be very large if the process is complicated. A real-world
system can include thousands of gates and intermediate events.
• Care must be taken when estimating failure modes – best to get advice
from experienced engineers when developing complicated fault trees. It is
important to remember that fault trees can differ between engineers.
• Failures in fault trees are complete failures – a failure will or will not failure,
there cannot be a partial failure.
Fault Trees Event Trees
Words of Caution with Fault Trees
167
Bow-Tie
168. Review
Hazardous
Material
Release
Final
Thoughts
Quantitative
Frequency
Analysis
Risk
Estimation
Consequence Effect
Modelling
Source Hazard
Fault Trees Event Trees Bow-Tie
Moving from Control Measures to Consequences
• We can move from thinking about the basic events that will lead to a top
event to the consequence that can follow the top event. This can be done
using Event Trees.
• Fault Tree Analysis starts with a top event and then works backward to
identify various basic causes using “and/or” logic
• Event Tree Analysis starts with an initiating event or cause and works
forward to identify possible various defined outcomes
168