15.6 Quantitative Risk Assessment

The performance of quantitative risk assessment is a more detailed process than the qualitative assessment process. Expert system/process knowledge is a prerequisite to begin the assessment process. This expert knowledge is gained through system knowledge, event/process knowledge, knowledge of normal and abnormal conditions and casualty operating procedures, and research on specific failure information. Failure information is not merely the rate at which the equipment fails. Other factors include modes of failure, the sample sizes (how many failures, how many of a particular component are utilized), environments that were utilized, operating time/cycles, repair time, frequency of periodic maintenance, or testing. Sources for information on the failure can come from a wide variety of sources including manufacturer and government testing, maintenance databases, and databases on existing or suspected failures from the Nuclear Regulatory Commission (NRC), NASA, and National Transportation Safety Board (NTSB), among others. Since these analyses are often performed on complex systems, this process is often costly and time consuming. Because of these factors, this type of assessment is only performed when required by regulation and liability management, or when an appreciable cost benefit is expected to be achieved.

The risk assessment process consists of determining possible events that could occur with detrimental consequences; for example, loss of coolant at a nuclear reactor, loss of insulation on the wing of the space shuttle, and a cyber attack on the infrastructure of the internet are some of the possibilities. Another possibility is to determine an adverse consequence and to reverse engineer (deductive reasoning), the events to determine possible causes of the event. After the initiating events are identified, the event is modeled to determine possible sequences and outcomes of the event. These processes are used to develop the flow path of the event or casualty. NASA uses the term master logic diagram for this process. At this point in the development, the process is still qualitative in nature. With the determination of the flow path, it is possible to determine the set of events, which will lead to the undesired or casualty event. This set of events is known as the cut set. The minimum cut set is defined as the set of events, which cannot be reduced in number, whose occurrence causes the casualty (or undesired event) to occur (2).

The first two parts of this process are utilized to develop failure modes and effect analysis (FMEA) and fault tree analysis (FTA). In these processes, the events are diagramed to show the logical sequences with possible outcomes. One key difference between the two methods is that FMEA is an inductive logic process, while FTA is primarily a deductive process. As part of the analysis of the fault tree or failure mode, the possible causes of event are introduced. During this process, Boolean algebra is utilized to refine the logic, enabling the event to be modeled mathematically. It is at this point the process begins to convert to a quantitative process. The application of Boolean algebra allows multiple probabilities to be combined into a total probability based on the interrelation of the events. For example, a final event can occur if a multiple set of events occur then the probability of that event occurring is the sum of the probability of the individual events. If in order for an event to occur, several events must occur. The probability is the product of the probabilities of the requisite events. Of course, this is a simple analysis, in that, time sequenced requirements are not accounted for. An additional benefit is the use of standardized symbols for the mathematical logic.

The next step in quantification of risk is determination of the probabilities of individual events happening. At this time, the uncertainty (often identified as error factor) associated with event probability will be required to be identified. Since all probability has a certain amount of uncertainty associated with its derivation due to measurement and calculation techniques, there should be uncertainty associated with all probability values. Factors that affect uncertainty include sample size, difference between laboratory determinations, and operating conditions in installed environments.

Another factor affecting equipment failure is reliability, availability, and maintenance. If operation of a certain piece of equipment is part of the analysis then factors that affect whether the component is available to respond form a valid part of the analysis. Answers to questions such as what percentage of time the equipment is available form a vital part of the analysis. If a fan belt fails once in a hundred attempts to start and requires several hours to repair, that could impact the analysis of risk. A system that is routinely maintained and restored will have different failure rates than one where the components are run to destruction (no maintenance other than corrective is performed).

The failure probability of many components analyzed will be a function as to whether it is a discrete or continuous function. The most commonly utilized discrete distributions are the binomial distribution and the Poisson distribution. For probabilities that may be determined with a continuous distribution, the gamma, log-normal exponential, and Weibull distributions are among the most common distributions. Trial-and-error analysis to develop curve fitting techniques has also been utilized. Also, the synthetic mixed distributions have been utilized to demonstrate mixed distributions of different distributions. These mixed distributions are achieved by combining the distribution curves for different failure curves. For example, a component with a high failure rate for a short period of time after initial installation may have an exponential distribution curve for that mode of failure and a gamma distribution for a longer term failure mode such as a belt or bearing failure. By combining the two distributions, an integrated curve can be developed.

Determination of the statistical method is dependent on the conditions of operation and failure. Generally, a continuous distribution determination is made based on comparing the underlying assumptions for the distribution with the physical nature of the problem.

Another factor introduced during this process is human performance or human reliability analysis (HRA). Since events leading to and subsequent to an event can be caused, mitigated, or exacerbated by the actions and nonactions of the operators, an analysis of human performance is necessary to adequately account for all possible outcomes and probability of occurrences. Human errors are classified as errors of commission, errors of omission, mistakes, lapses, and so on. Several sources of data are available based on industry studies. These studies address a wide variety of possible errors and need to be carefully considered for applicability to the given situation.

After identification and quantification of the individual events, the aggregation of the risk can occur. During this process, the risks and associated uncertainties are calculated for the cut sets. Because much of the information used to generate statistic input are from sources other than test data, often Bayesian analysis techniques are used. The use of Bayesian statistics is required because the probabilities utilized are considered variables rather than precise values. Because of this approach, confidence interval testing becomes essential in providing validity to the calculations.

Uncertainty can be calculated by several methods, the most common being Monte Carlo testing. This technique utilizes random number generation from numbers associated with the distribution of all the variables and follows them through the fault tree to find the value of all independent variables for the combination of dependent variables associated with the components. This method was developed during World War II to assist in modeling nuclear weapons design and is used today for many purposes.

Another factor that should be analyzed during the aggregation of risk is sensitivity. Sensitivity of the model is analyzed to ensure that uncertainties in the data do not lead to wide, and perhaps unacceptable, variations in the calculated result. This may lead the analyst to recommend certain parameters be constrained to preclude these results. These constraints may require implementation of operational and engineering controls in order for the risk assessment to be valid. If implementation of these constraints is beyond the assessor's control then any boundaries of the assessment should be clearly identified.

While this process may be performed on a simple problem, the complexity of most problems will drive most analysts to use a computer software program specifically written for that purpose. Software is available from governmental sources and private (proprietary) sources.