1.2 Performing Risk Assessments
There is no absolute rule as to how a risk assessment should be performed and to what depth it should be performed. The NASA PRA guide (14) provides some recommendations and the Nuclear Regulatory Commission (NRC) provides numerous guideline documents on the topic (15). The Occupational Safety and Health Administration's (OSHA) “Process Safety Management of Highly Hazardous Chemicals” regulation (29CFR1910.119) (16) requires hazard analyses be performed for certain types of chemical operations, and the Department of Energy (DOE) specifies risk assessments for certain types of facilities (17). However, it is still up to the organization to decide how in depth the analysis should be. This book discusses tools that are effective for performing risk assessments, but the decision as to when to use the tools is up to the risk analyst. Table 1.1 provides a list of the risk assessment tools discussed in this book and at what point in an analysis they are traditionally used. In addition, this book provides other techniques that can be used to enhance a risk assessment, such as task analysis for determining human actions in a process, the Delphi process for eliciting human error probabilities, and the critical incident technique for developing risk scenarios.
Table 1.1 Risk Assessment Tools
| Tool | Traditional use | Book chapter |
| Preliminary hazard analysis (PHA) | This tool is used in the very beginning of a risk assessment and/or on a conceptual design of a new system, process, or operation. It is used to determine the potential hazards associated with or the potential threats poised to a system, process, or operation. This tool is also useful for organizations to evaluate processes that have been performed for years to determine the hazards associated with them. | 5 |
| Failure mode and effect analysis (FMEA) | This tool is used in system, process, or operations development to determine potential failure modes within the system and provides means to classify the failures by their severity and likelihood. It is usually performed after a PHA and before more detailed analyses. | 9 |
| Failure mode, effects, and criticality analysis (FMECA) | FMECA extends FMEA by including a criticality analysis that is used to chart the probability of failure modes against the severity of their consequences. FMECA can be used instead of an FMEA, in conjunction with an FMEA or after an FMEA has been performed. | 10 |
| Event trees | Event trees are very useful tools to begin to analyze the sequence of events in potential accident sequences. They also have utility in analyzing accidents themselves. Many variations of event trees have been developed. This book presents some of the more common ones. | 12 |
| Fault tree analysis (FTA) | FTA is a risk analysis tool that uses Boolean logic to combine events. The lower level events are called basic events, and they are combined with Boolean logic gates into a tree structure, with the undesired event of interest at the top. This event is called the top event. Although this analysis tool is used to quantitatively determine the overall probability of an undesired event, it is also useful from a qualitative perspective to graphically show how these events combine to lead to the undesired event of interest. FTA has a wide range of use from determining how one's checking account was overdrawn, to determine why a space shuttle crashed. | 14 |
| Human reliability analysis (HRA) | HRA is related to the field of human factors engineering and ergonomics and refers to the reliability of humans in complex operating environments such as aviation, transportation, the military, or medicine. HRA is used to determine the human operators' contribution to risk in a system. | 10 |
| Probabilistic risk assessment (PRA) | PRA is a systematic and comprehensive methodology to evaluate risks associated with complex engineered systems, processes, or operations such as space craft, airplanes, or nuclear power plant. PRA uses combinations of all the other risk assessment tools and techniques to build an integrated risk model of a system. A fully integrated PRA of a nuclear power plant, for instance, can take years to perform and can cost millions of dollars. It is reserved for the most complex of systems. | 15 |