Professional Documents
Culture Documents
The materials for this lecture note have been adopted from the following references:
1. Introduction
Probabilistic risk assessment (PRA) is a systematic procedure for investigating how
complex systems are built and operated
PRA model shows how human, software, and hardware elements of a system
interact with each other. It also, assesses the most significant contributors to the
risks of the system
Risk is expressed as a function of the frequency or probability of an accident and the
consequences f the accident
PRA for process systems use logic tree to model the causes and consequences for
an accident
Probabilistic Risk Assessment Page 2 of 39
Importance of PRA
The most important strengths of the PRA, as the formal engineering approach to risk
assessment are:
PRA provides an integrated and systematic examination of a broad set of design
and operational features of a complex system.
PRA incorporates the influence of system interactions and human-system interfaces.
PRA provides a model for incorporating operating experience with the complex
system and updating risk estimates.
PRA provides a process for the explicit consideration of uncertainties
PRA permits the analysis of competing risks (e.g., of one system versus another or
of possible modifications to an existing system).
PRA permits the analysis of (assumptions, data) issues via sensitivity studies.
PRA provides a measure of the absolute or relative importance of systems,
components to the calculated risk value.
PRA provides a quantitative measure of overall level of health and safety for the
engineered system.
The components of PRA and their interaction in a PRA process has been depicted in
Figure 2
Familiarize the general knowledge about the physical layout (e.g., facility, design,
process) of the overall system, administrative controls, barriers, subsystems, etc.
Following steps are recommended for this step:
1. Major critical barriers, structures, emergency, safety systems and human
interventions should be identified.
2. Physical interactions among all major subsystems (or parts of the system) should
be identified and explicitly described. The result should be summarized in a
dependency matrix.
3. Past major failures and abnormal events should be noted and studied.
Probabilistic Risk Assessment Page 4 of 39
4. A good filing system must be created at the outset and maintained throughout
the study.
With the help of the designers, operators, and owners, the information regarding the
ground rules for the analysis, the scope of the analysis, and the configuration and
phases of the operation of the overall system should be assembled.
2.3 Initiating Events (IEs) Identification:
Each failure (or its complement, success) of a pivotal event in an accident scenario
is usually modeled with deductive logic and probabilistic tools called fault trees (FTs)
or master logic diagrams (MLDs).
FT is most common and popular method to calculate the probability of subsystem
failure or occurrence of an accident scenario.
The flowing procedures are recommended as a part of developing FT:
1. Develop a FT for each event in the ET heading for which actual historical failure
data do not exist.
Probabilistic Risk Assessment Page 5 of 39
Various types of data must be collected and processed for use throughout the PRA
process.
This activity proceeds in parallel, or in conjunction, with some of the steps.
Data are assembled to quantify the accident scenarios and accident contributors.
Data include component failure rate data, repair time data, IE probabilities, structural
failure probabilities, human error probabilities (HEPs), process failure probabilities,
and common cause failure (CCF) probabilities.
Uncertainty bounds and uncertainty distributions also represent each datum.
2.7 Quantification and Integration:
The FTs and ET are integrated and their events are quantified to determine frequencies
of scenarios and associated uncertainties in the calculations of final risk values.
The following steps are recommended for Quantification and Integration in PRA:
Merge corresponding FTs associated with each failure or success event modeled in
the ET scenarios. Determine the truncated minimal cut sets.
Calculate the total frequency of each scenario, using the frequency of IEs, the
probability of barriers failure including contributions of test and maintenance
frequency, human error probabilities (HEPs), and common cause failure (CCF)
probabilities.
Group the scenarios according to the end state of the scenario defining the
consequence. All end states are then grouped, i.e., their frequencies are summed up
into the frequency of a representative end state.
Calculate the total frequency of all scenarios of all event trees.
2.8 Uncertainty Analysis:
1. Identify models and parameter that are uncertain and the methods of uncertainty
estimation to be used for each.
2. Describe scope of PRA and significance and contributions of elements that are
not modeled or considered.
3. Estimate and assign probability distributions depicting model and parameter
uncertainties.
4. Propagate uncertainties associated with the barrier models and parameters to
find the uncertainty associated with the risk value.
5. Present the uncertainties associated with risks and contributors to risk.
2.9 Sensitivity Analysis:
Special techniques are used to identify the lead, or dominant, contributors to risk in
accident sequences or scenarios
The identification of lead contributors in decreasing order of importance is called
importance ranking
This process is generally performed first at the FT and then at the ET levels
Different types of risk importance measures are determined again usually using the
integrated PRA program
2.11 Risk Result Interpretation:
After calculating the risk values, they must be interpreted to determine whether any
revisions are necessary to refine the results and analysis.
The basic steps are:
1) Determine accuracy of the logic models and scenario structures, assumptions,
and scope of PRA.
2) Identify system elements for which better information would be need to reduce
uncertainties in failure probabilities and model used to calculate performance.
3) Revise the PRA and reinterpret the results until attaining stable and accurate
results.
Probabilistic Risk Assessment Page 7 of 39
An event is a meaningful statement that can be true or false. Thus, “it will rain today”
is an event, while the statement “it may rain today” is not an event, because it can
never be proven to be true or false.
An indicator variable, X. whose values are 1 or 0 depending on whether the event is
true or false, is useful to assign for an event E to perform Boolean operations.
Boolean operations:
a. The negation: For the event E, we define its complement E such that E is
false when E is true. The indicator variable expression is:
Figure 4 shows the Venn diagram for the NOT operation, as well as the logic
gate “not.”
Probabilistic Risk Assessment Page 8 of 39
b. The intersection: Given two events A and B, we form a third event C such that
C is true whenever both A and B are true. The Venn diagram and the logic
gate AND is shown in Figure 5. The Boolean and the indicator variable
expressions are:
Two events are said to be mutually exclusive if they cannot be true at the same time.
The union: Given two events, A and B, we form a third event C such that C is true
whenever either A or B is true. The logic gate OR is shown in Figure 6. The Boolean and
the indicator variable expressions are:
A series system is such that all its components are required for system success.
Equivalently, the system fails if any component fails. Figure 7 represents the block and
logic (failure) diagram for a series system.
A parallel system is a redundant system that is successful, if at least one of its elements is
successful. Equivalently, the system fails if all of its components fail. Figure 8 represents
the block and logic (Failure) diagram for a parallel system
The system indicator variable can be expressed in terms of the indicator variables of the
components. In general, the indicator variable of the top event is a function of the primary
inputs:
where S (X) is the structure or switching function and it maps an n-dimensional vector of 0s
F
The system fails if any two or all three components fail (OR gate). Thus, the structure
function for this system can be written as:
Consider,
Pr(failure to start on demand) ≡ q
Pr(successful start on demand) ≡ p
Clearly, q + p = 1
A distribution that is often used in connection with these probabilities is the binomial
distribution. It is defined with following Figure
Where,
Highest failure rate exhibits for a component at infant mortality stage and old age)
stage. Between these two the failure rate is reasonably constant.
On average, most component fails after a certain period of time which is called is
called the average failure rate and is represented by λ with units of faults/time.
Probabilistic Risk Assessment Page 13 of 39
Constant failure
Failure Rate λ
rate
Infant mortality
Burn in Old age
Wear out
Time
4. Probability distributions
4.1 Exponential model
It is used widely in reliability and risk assessment because it is the only one with a constant
failure rate. Its probability density function (pdf) is
The CDF is
𝑏
𝐹(𝑡) = 1 − 𝑒 −(𝜆𝑡) 𝑓𝑜𝑟 𝑡 > 0
And the reliability
𝑏
𝑅(𝑡) = 𝑏𝜆(𝜆𝑡)𝑏−1 𝑒 −(𝜆𝑡)
The hazard function is
ℎ(𝑡) = 𝑏𝜆(𝜆𝑡)𝑏−1
It can be observed that for b < 1, b = 1, and b > 1, this distribution can be used as a life
distribution for the infant mortality, useful life (Constant Failure rate), and wear-out periods,
respectively.
4.3 Event frequency: Poisson model
Events occur over a continuum (time, space) at an average constant rate, λ. The
occurrence of an event in a given interval is assumed to be independent of that in any other
non-overlapping interval. This distribution is used to describe the occurrence of initiating
events (IEs) in risk assessment.
The Poisson distribution gives the probability of exactly k events occurring in (0,t):
Probabilistic Risk Assessment Page 15 of 39
It is an inductive procedure which maps the all possible outcomes resulting from an
initiating event (any accidental release or occurrence), e.g. gas leakage, equipment
failure or human error.
Identifies possible accidents or consequences arises from an initiating event.
Identify the design and procedural weaknesses.
Determine the probability of various outcomes (final consequences) resulting from
the initiating event.
Steps in ET:
Identification of initiating event: Event Tree begins with an initiating event and
works forwards to its consequences. Examples: leak, gas release, loss of cooling
water in a reactor etc.
Identifications of Safety Functions or pivotal events: They are designed to
mitigate the effects of failure. The safety functions or pivotal events are listed
according to the order at which they are intended to occur.
Safety systems which automatically respond to the fault; trips, automatic
shutdown etc.
Alarms which alert the operator
Operator actions in response to alarms
Barriers or containment systems to limit the effects on the initiating event
Example:
High reactor output temperature.
Alarm alerts operator at high temp.
Operator reestablishes cooling water flow to the reactor.
Automatic shutdown system stops reaction
Event Tree Construction:
Probabilistic Risk Assessment Page 18 of 39
Initiating event
Safety Functions Pivotal events
Success
Initiating Event
Failure
If the safety function has no affect the accident path proceeds with no
branch pt to the next safety function.
Probabilistic Risk Assessment Page 19 of 39
Classify accident outcomes: All outcomes are identified according to the types of
consequence model.
Safe Condition,
Automatic shutdown
Success
Initiating Event Unsafe Condition,
Operator noticed
Runaway reaction
Failure Unstable condition,
Auto shutdown
Unsafe condition,
Operator unaware
about runaway reaction
Fault tree represent a graphical relationships among the events and an unwanted
event using logic gates.
Start with the top events and reveals the basic causes of top-events in deductive
way.
The relationship between the events are expressed using “AND” or “OR” logic gates.
Quantify the probability of occurrence of an accident using fault tree and basic failure
data.
Identifies system weakest links through cutsets.
Probabilistic Risk Assessment Page 20 of 39
Cut Set: A cut set is combinations of basic events; if all these basic events occur;
the top event is guaranteed to occur.
Minimal Cut Set: A minimal cut set is one with no unnecessary basic event is
removed from the set, the remaining events collectively are no longer a cut set.
Path Set: A path set is a collection of basic events; if none of the events in the sets
occur, the top event is guaranteed not to occur.
Minimal Path Set: A minimal path set is a path set such that if any basic event is
removed from the set, the remaining events collectively are no longer a path set.
Top-event
External event
AND gate
Undeveloped event
Does these
Yes events may No
be broken
down?
Identify the relationship
Identify the causes that of these events to top
may lead these events event
Identify relationship
events and their basic Transform these
causes relationships in fault
tree using gates
Transform these
relationships in fault
tree using gates
Probabilistic Risk Assessment Page 23 of 39
Commutative rule
P1∙P2= P2∙P1 P1+ P2= P2+P1
Associative rule
P1∙ (P2 ∙P3) = (P1∙ P2 ) ∙P3 P1+ (P2 +P3) = (P1+ P2 )+ P3
Distributive rule
P1∙ (P2 +P3) = (P1∙ P2 )+( P1∙P3) P1+ (P2 ∙P3) = (P1+ P2 ) ∙ ( P1+P3)
Idempotent rule
P1∙ P1= P1 P1∙ P1= P1
Rule of absorption
P1∙ (P1 +P2) = P1 P1 + (P1∙P2) = P1
G1 Top-gate
“AND” is replaced by
G2,G3
vertical arrangement
A,G3 Gates are replaced with
G1
G4,G3 input events
A,C
A,G5 “OR” is replaced by
B, G3 vertical arrangement
G2 G3 C, G3
A,C
A,B
According to Boolean
B,C
algebra
B,G5
A×A≡ A
G4 G5 C,C
C,E4
A,C
A,B
B,C
A,B
C
C,A,B
The minimal cutsets for the tree are:
G5 (A,B)
G4 (B),(C)
G2 (A),(G4)
G2 (A),(B),(C)
G3 (C),(G5)
G3 (C),(A,B)
G1 (G2,G3)
G1 (A,C),(B,C),(C),(A,B),(A,B),(A,B,C)
Where, P (A) and P (B) are failure probability of components A and B respectively
Cutsets approach: Quickest method. Applicable when the fault tree is large and the
failure rate/failure probability of basic events are small.
n
PTOP C j
j1
n
C j Pi
i 1
Where, PTOP is the probability for the top event and Cj is the probability of minimal cutsets.
And, i=1, 2, 3 .n, denotes the failure probability of corresponding components or basic
events.
Probabilistic Risk Assessment Page 26 of 39
Sensitivity analysis
C j
PTop
The symbol ∑ in the equation denote a sum of all those probability of cutsets
containing basic-event i as one of its basic-events.
Cutsets importance (CIj): It is the ratio of cutsets characteristic over the system
characteristic.
Cj
CI j Fractionof systemunavailability contributed by cutsets j
PTOP
6. Data Modeling
Development of PRA database includes two main phases:
1. Information Collection and Classification
2. Parameter Estimation
Typical quantitative information of interest are:
Internal initiating events (IEs) Frequencies
Component Failure Frequencies
Component Test and Maintenance Unavailability
Common Cause Failure (CCF) Probabilities
Human Error Rates
Software Failure Probabilities
Data modeling for a PRA database involves the following steps:
Model-Data Correlation (identification of the data needed to correspond to the level
of detail in the PRA models, determination of component boundaries, failure modes,
and parameters to be estimated, e.g., failure rates, MTTR)
Probabilistic Risk Assessment Page 27 of 39
Data Collection (determination of what is needed, such as failure and success data
to estimate a failure rate, and where to get it, i.e., identification of data sources, and
collection and classification of the data)
Parameter Estimation (use of statistical methods to develop uncertainty distribution
for the model parameters)
Documentation (how parameter uncertainty distributions were estimated, data
sources used, and assumptions made)
Example of data requirement
The following Table shows the data needed to estimate the various parameters.
Number of events k
Initiating event
in time t
Number of failure
Binomial model: Constant
Standby component fails on events kin total
probability of failure on
demand number of demands
demand, or q
N
Component in operation fails Number of events k
Constant failure rate
to run, or component in total exposure time
changes T (total time standby
state during mission (state of component is
Tm: Mission time
component continuously operating, or time the
λO : Operating failure rate
monitored) component is on line)
Probability of failure: Number of failures
Basic events Pf 1 e t occurs in time t
Sources of information
Another aspect of reliability data classification is the identification of the failure cause. A
method of classifying causes of failure events is to progressively unravel the layers of
contributing factors to identify how and why the failure occurred.
Figure 16 shows the event classification process highlighting the part that deals with failure
cause classification.
Failure Mode: The particular way the Failure Mechanism: The physical
function of the component is affected change (e.g., oxidation, crack) in the
by the failure event (e.g., fails to start, component or affected item that has
fail to run) resulted in the functional failure mode
Incorporates degree of belief and information beyond that contained in the data
sample forming the practical difference from classical estimation.
In the framework of Bayesian approach, the parameters of interest are treated as
random variables, the true values of which are unknown. Thus, a distribution can be
assigned to represent the parameter, the mean (or for some cases the median) of
the distribution can be used as an estimate of the parameter of interest. Bayesian
parameter estimation is comprised of two main steps. The first step involves using
available information to fit a prior distribution to a parameter, such as a failure rate.
The second step of Bayesian estimation involves incorporating additional or new
data to update the prior distribution. This gives a posterior distribution, which better
represents the parameter of interest. This step is often referred to as “Bayesian
Updating.”
The Bayes’ Theorem for continuous PDF, estimates the parameter for posterior PDF
f(θ/t) using the following relationships:
h( )l (t / )
f ( / t )
h( )l (t / )d
Here θ be a parameter of interest, h(θ) be a continuous prior PDF and l(t/θ) be the
likelihood function based on sample data t.
For a discrete PMF, the Bayes’ Theorem can be written as:
Pr( / i )
Pr( i / ) Pr( i ) n
Pr( ) Pr( / )
i 1
i i
Pr( / i )
Pr ( i ) Pr( i ) n
Pr( ) Pr( / )
i 1
i i
Using the prior distribution of the parameter θ given by a PMF, the expected value of
the parameter can be computed as
n
E ( ) i Pr( i )
i 1
Based on the posterior distribution, the expected value of θ can be computed as:
n
E ( / ) i Pr ( i )
i 1
Hence the entire Bayesian inference includes the following three stages:
1. Constructing the likelihood function based on the distribution of interest and type of
data available
2. Quantification of the prior information about the parameter of interest in form of a
prior distribution.
3. Estimation of the posterior distribution of the parameter of interest.
The Bayes analog of the classical confidence interval is known as Bayes' probability
interval'. For constructing Bayes, probability interval, the following obvious relationship
based on the posterior distribution is used:
Pr( l u ) 1
Prior distributions
where μ and σ are the parameters of the distribution of 0 ≤ x < ∞. Lognormal distribution
can be truncated (Truncated Lognormal) so that the random variable is less than a
specified upper bound.
Gamma (α,β)
The form of the likelihood function depends on the nature of the assumed Model of the
World representing the way the new data/information is generated: Few selected likelihood
functions are discussed:
Poisson Process: The Poisson distribution is the proper likelihood function
The various combinations of prior and likelihood functions as well as the form of the
resulting posterior distributions are listed in following Table 1.
Table 1 Typical Prior and Likelihood Functions Used in PRAs
Few commonly used conjugate distributions are listed in Table 2. The formulas used to
calculate the mean and the variance of the resultant posterior in terms of the parameters of
prior and likelihood functions are provided.
Table 2: Commonly used Conjugate Priors in PRA
In Appendix I, some useful derivations using conjugate prior to calculate parameter for few
selected continuous PDFs are provided.
Probabilistic Risk Assessment Page 35 of 39
APPENDIX I
1. Binomial model
X is binomial random variable (the number of success n
Variate
Bernoulli trials) θ is the probability of success at each trial.
n
Likelihood function l(θ/x): Binomial model: x (1 ) x
x
1
Conjugate prior h(θ): Beta distribution: 1 (1 ) 1
B ( , )
1
Posterior PDF f((θ/x): x 1 (1 ) n x 1
B( x , n x )
Bayes theorem states:
f ( / x) h( )l ( / x)
x (1 ) x 1 (1 ) 1
x 1 (1 ) n x 1
The normalizing constant is therefore given by
1
1
x 1
(1 ) n x 1 d
0
2. Poisson model:
X is a Poisson random variable (the number of events within
Variate a specified time interval t), λ
events
Likelihood function ( ) x
Poisson model: exp(- )
l(λ /x): x!
1
Conjugate prior h(λ ): Gama distribution:
1exp ( )
( )
Gamma (nx , n) distribution:
( n) nx ( nx 1)
exp ( n)
Posterior PDF f(λ /x):
( nx )
Suppose x = (x1...xn) is a set of n independent frequencies
each distributed as a Poisson distribution with mean λ
Then given x, the likelihood is
n
( ) xi
l ( / x ) exp(- )
i 1 xi !
( ) i
x
exp(-n )
x1! x 2 !...x n !
n
Using Bayes theorem :
f ( / x) h( )l ( / x)
Derivation of posterior 1exp ( ) nx exp(-n )
distribution
( nx 1)exp ( n)
The normalizing constant is therefore given by
1
( nx 1)
exp ( n) d
0
( n) nx
By integration it becomes:
( nx )
the posterior PDF becomes
( n) nx ( nx 1)
f ( / x ) exp ( n) d
( nx )
Which is a Gamma (nx , n) distribution.
Probabilistic Risk Assessment Page 37 of 39
3. Exponential model:
X is a exponential random variable (the waiting time between
Variate μ is
the mean waiting time between events
1 x
Likelihood function l(μ/x): Exponential model: exp(- )
1
1 1
Conjugate prior h(): Inverted Gama distribution: exp ( )
( )
Inverted Gamma ( n, nx ) distribution:
n 1
Posterior PDF f(/x): (nx ) n 1 1 1
(nx ) exp
(n )
Suppose x = (x1...xn) is a set of independent and identically
distributed observations on the waiting time T between
consecutive events in a Poisson process, where E(T) = μ
the mean waiting time, then
n
1 xi
l ( / x) exp(- )
i 1
n
1
n x i
exp(- i 1
)
x
n
1 nx
exp(- ) Here, x
i
n
Using Bayes theorem :
f ( / x) h( )l ( / x)
1 n
1 1 nx
Derivation of posterior exp ( ) exp(- )
distribution
n 1
1 1
exp (nx )
The normalizing constant is therefore given by
1
n 1
1 1
0
exp
(nx )
(n )
By integration it becomes:
(nx ) n
the posterior PDF becomes
n 1
(nx ) n 1 1 1
f ( / x) (nx )
exp
(n )
Which is a Inverted Gamma ( n, nx )
distribution
Probabilistic Risk Assessment Page 38 of 39
0
2
1
Conjugate prior h(): Normal model: exp
2 0
2
2 0
2
r r2
Normal distribution: exp 2
2 2
Posterior PDF f(/x):
x 1 1
Where, 2 02 r2 1 and r2 2 2
1 0 n 1 0
Suppose x = (x1...xn) is a set of n independent observations of a
normal random variate X with unknown mean but known
2
variance σ . Then given x, the likelihood is
x
2
n
1
l ( / x) exp i 2
i 1 2 2
2
n
1
exp 2
n
x
1
2
i
2
2
2
i 1
x x i x n x
2 2 2
But i
1
exp
1 n
2 2
xi x n x
2 i 1
2
2
2
Derivation of posterior Given the data x andτhevariance σ
distribution n
1
2
2
1 2
and exp x
x
2
2 i
i
are fixed constants independent of µ such that
n
l ( / x) exp x 2
2
2
1
exp x 2
2 1
2
The conjugate prior prob ab ility is N( 0 , 02 such that
Using Bayes theorem :
Probabilistic Risk Assessment Page 39 of 39
f ( / x) h( )l ( / x)
It follows
1 x
2
0 2
f ( / x) exp
2
2
1 02
Using the following identity
AB
A( z a) 2 B( z b) 2 ( A B)( z c) 2 ( a b) 2
( A B)
Aa Bb
Where, c ,it can be shown
( A B)
x 2 0 2 1 1
2 2 d
2
2
1 2
0 1 0
Where,
x 12 0 02
d
2
02 ( x 0 ) 2
12 02
1
and
12 02
2
the posterior PDF becomes
f ( / x)
12 02 2
1
1 1
exp 2 2
1
2
2 2 1 0
Which is a normal distribution wit mean and variance
2
1
02 .