Basic Risk Analysis Methods

based on
Frequency Rates and Severity of
Accidents
The usual practice is to calculate the death rates and injury
rates on the basis of:

i. 1000 persons employed

ii. 3-lakh manshift worked

iii. Million ton of coal produced

To calculate the frequency rates per 1000 persons employed, it is necessary
to know the actual figures of average daily employment in mines.

Frequency rate (FR) for fatal, serious and reportable injuries

can be calculated as follows:
No of fatal injuries
FR/Fatal = ------------------------------------  1000
Average daily employment

No of serious injuries
FR/Serious = -------------------------------------  1000
Average daily employment
No of Reortable injuries
FR/Reportable = -------------------------------------  1000
Average daily employment
Frequency Rate (FR) per 3 lakh manshift worked can be
calculated as below:

No of injuries
FR/ 3 lakh Manshift worked = -------------------------------  3,00,000
Total Manshift worked

No of injuries
FR/ Million ton per of coal produced =--------------------------  106
Total coal produced
One basis of measurement of safety performance is the frequency of
accidents, another is their severity. Severity rate can be calculated as
follows:
Mandays lost  1000
Severity = ------------------------------------
Average daily employment

Mandays lost  300000

Or = -------------------------------------
Total Manshift worked

Mandays lost  106

Or = -------------------------------------
Million ton of coal produced
Severity Index:-----
Severity Index (SI) can be calculated based on following
formula:
(300F + 10S + R)  100,000
SI = ---------------------------------------
Man-shift worked
F = Number of deaths
S = Number of serious injuries
R = Number of Reportable injuries
The weightage of 300:10:1 for fatal, serious, and reportable injuries
was perhaps arrived at by estimating relative manshift lost by each
type of accidents. A modified approach has been established by the
DGMS and is as follows:

(50F + S )  105
SI = ----------------------------
Man-shift worked
 Accident Proneness:-----
Though FR and SI values can be taken to identify accident proneness of
mines; however, it is preferable to compute Arithmetic mean (AM) and Geometric
mean (GM) of SI usually for five years periods to identify accident prone mines.
The DGMS uses the arithmetic mean for identifying the accident proneness.
Accident proneness indices are defined as follows:
n
AM =  SI/n
i=1

n
AM = (  SI )1/n
i=1
Both frequency rate and severity rate indices are useful measures of safety
performances of mines.

These indices generally are used to identify the accident proneness of mines
and based on these indices accident proneness of the same mine may vary.

To incorporate both frequency and severity rate, a combined index (CI) has
been proposed, where CI is defined as:

FR  SI
CI = --------------------
1000

where, CI = Combined Index

FR = Frequency Rate Index
SI = Severity Index
Special Risk Analysis Methods
Fault Tree
Analysis
 Fault Tree Analysis
• Used in both reliability engineering and
system safety engineering
• Developed in 1961 for US ICBM program
• Guide published in 1981
• Used in almost every engineering discipline
• Not a model of all system or component
failures
 Applying Fault
Tree Analysis
• Postulate top event (fault)
• Branch down listing faults in the system
that must occur for the top event to occur
• Consider sequential and parallel or
combinations of faults
• Use Boolean algebra to quantify fault tree
with event probabilities
• Determine probability of top event
 Fault Tree Logic
• Use logic gates to show how top
event occurs
• Higher gates are the outputs from
lower gates in the tree
• Top event is output of all the input
faults or events that occur
 Terms

• Faults and failures

• System and subsystem faults
• Primary and secondary failure
• Command fault
 Fault Tree Symbols
Primary Event Symbols Gate Symbols
AND
Basic Event
OR
Conditioning Event
Exclusive OR
Undeveloped Event
Priority AND

External Event Inhibit

Intermediate Event Symbol Transfer Symbols

Transfer IN Transfer OUT
Fault Tree Symbols
Primary Event Symbols
Basic Event

Conditioning Event

Undeveloped Event

External Event
Fault Tree Symbols
Gate Symbols
AND

OR

Exclusive OR

Priority AND

Inhibit
Fault Tree Symbols
Intermediate Event Symbol

Transfer Symbols

Transfer IN Transfer OUT

 Union
No Current A=B + C
A
A=B Union C
B OR C must occur
for event A to occur

B C
Switch A Battery B
Open 0 Volts
 Intersection
Over-heated D=E * F
D Wire
D= E Intersection F
E AND F must occur
for D to occur

E F
5mA Current Power Applied
in System t >1ms
 Fault Tree Quantification
• Fault tree analysis - is not a quantitative
analysis but can be quantified
• How to
– Draw fault tree and derive Boolean equations
– Generate probability estimates
– Assign estimates to events
– Combine probabilities to determine top event
 Fault Tree Example
Outlet Valve
Relay
K1 Pressure
Switch
Relay S
K2 Pressure
Switch S1 Tank
Timer Relay

Motor
Pump
Risk Assessment Techniques

Problem 1: Assume that a windowless room

contains three light bulbs (i.e., A, B, and C)
and one switch. The switch can only fail to
close. Develop a fault tree for the undesired
or top fault event “dark room”.
• Risk Assessment Techniques

Problem 2: Assume that in Problem 1, the

occurrence of top fault event “dark room” is
hazardous or unsafe. The probabilities of occurrence
of fault events “fuse failure”, “switch fails to close”,
“power failure”, “bulb A burn out”, “bulb B burn
out”, “bulb C burn out” in figure 1 are
0.01,0.02,0.03,0.04,0.05, and 0.06, respectively.
Calculate the probability of occurrence of the unsafe
event “dark room” by using the Fault Tree Method.
 Risk Assessment Techniques

Quantitative Risk Assessment Techniques

Risk Assessment Techniques
Problem 3: Assume that a mine maintenance workers
can commit an error due to five factors and the error can
cause a serious accident. Five factors are poor
environment, inadequate tools, inadequate training,
carelessness, or poor instructions. Two principal reasons
for the poor instructions are poorly written instruction
procedures or poor verbal instructions.
Develop a fault tree for the top event “Mine maintenance
worker committed an error” by using the fault tree
symbols and calculate the probability of the occurrence
of the top the top event if the probabilities of occurrence
of independent events are 0.07, 0.06, 0.05, 0.04, 0.03 and
0.02, respectively.
Risk Assessment Techniques
 Common Mistakes in
Fault Trees
• Inputs with small probabilities
• Passive components
• Does quantified tree make sense
• Don’t fault tree everything
• Careful with Boolean expressions
• Independent Vs dependent failure modes
• Ensure top event is high priority
FMEA, FMECA, HAZOP,
JSA, Human Factors,
and Software Safety
 Non-Safety Tools
• Failure Modes and Effects Analysis
• Failure Modes, Effects, and Criticality
Analysis
• Hazards and Operability Analysis
• Job Safety Analysis
• Human Factors Analysis
• Software Safety Analysis
 FMEA
• Reliability engineering tool
• Originated in 1960s
• But, concept taking from “Failure Analysis”
which was established in 1950 by U.S. NBA
• OSHA recognized
• Limitation - failure does not have to occur
for a hazard to be present in system
• Used to investigate how a particular failure
can come about
 FMEA Process
• Define system & • List each component
analysis scope ‘s failure modes, the
• Construct block description, and
diagrams to list all identification
system, subsystems • Assign failure rate/
and components probability to each
• Assess each block for component failure
effect on system mode
 FMEA Process
• Assess failure effects
for each failure mode
• Identify single point
failures
• Determine corrective
actions
• Document results on
worksheet

35
 System Breakdown
Subsystem 1 Subsystem 2 Subsystem 3

Assembly 1 a
Assembly 1 b
Assembly 1 c
Subassembly 1c.1
Subassembly 1c.2
Subassembly 1c.3

Component 1c.3.1
Component 1c.3.2
Component 1c.3.3
Part 1c.3.3.a
Total System Part 1c.3.3.b
Part 1c.3.3.c
 FMEA Worksheet
• Component #, name, function
• Failure modes
• Mission phase
• Failure effects locally
• Failure propagation to the next level
• Single point failure
• Risk failure class
• Controls, recommendations
 Failure Modes
• Premature operation
• Failure to operate on time
• Intermittent operation super
• Failure to cease operation on time
• Loss of output or failure during operation
• Degraded output or operational capability
• Unique failure conditions
 Advantages of FMEA

• Simple
• Efficient
• Cost effective
• Has quantitative applications

39
 Disadvantages of FMEA
• Limited capability to address multiple
failures
• Human error examination is limited
• Missing components are not examined
• Common-cause vulnerability may be
missed

40
 Failure Modes, Effects, &
Criticality Analysis (FMECA)
• Virtually same as FMEA
• When FMEA is extended to group
each potential failure effect with
respect to its severity (this includes
documenting catastrophic and
critical failure), the technique is
called FMECA.
 FMECA

• The FMECA is composed of two

separate investigations, the FMEA and
the Criticality Analysis (CA).
• The FMEA must be completed prior
to performing the CA.

42
 FMECA

• It will provide the added benefit of

showing the analysis a quantitative
ranking of system and/or subsystem
failure modes.
• The Criticality Analysis allows the
analysis to identify reliability and
severity related concerns with
particular components or systems.
43
 FMECA
• Identifies criticality of components
• Emphasizes probability of failure
• Criticality components
– Failure effect probability
– Failure mode ratio
– Part failure rate
– Operating time
FMECA

45
FMECA

46
FMECA

47
 FMECA
Risk priority calculation (RPN)
• Calculation of Risk Priority Number (RPN) is a method
of criticality analysis. The RPN is a result of a
multiplication of detectability (D) x severity (S) x
occurrence (O).
• With each on a scale from 1 to 10, the highest RPN is
10x10x10 = 1000. This means that this failure is not
detectable by inspection, very severe and the
occurrence is almost sure.
• If the occurrence is very sparse, this would be 1 and the
RPN would decrease to 100. So, criticality analysis
enables to focus on the highest risks.
 HAZOP
• A HAZOP is an organized examination of
all possibilities to identify and processes
that can malfunction or be improperly
operated.
• HAZOP analyses are planned to identify
potential process hazards resulting from
system interactions or exceptional
operating conditions.
49
Steps of HAZOP Study
Established study objectives and
scope

Form HAZOP team

Collect relevant information

Perform analysis of all major pieces

of equipment and supporting teams

Document the study

50
 Features of HAZOP study
• It gives an idea of priorities basis for thorough risk
analysis,
• It provides main information on the potential
hazards, their causes and consequences,
• It indicates some ways to mitigate the hazards,
• It can be executed at the design stage as well as the
operational stage,
• It provides a foundation for subsequent steps in
the total risk management program.

51
 Advantages of HAZOP
• Offers a creative approach for identifying
hazards, predominantly those involving
reactive chemicals.
• Thoroughly evaluates potential consequences of
process failure to follow procedures.
• Recognises engineering and administrative
controls, and consequences of their failures.
• Provides a decent understanding of the system
to team members.

52
 Disadvantages of HAZOP

• Requires a distinct system of engineering

documentation and procedures.
• HAZOP is time consuming.
• Requires trained engineers to conduct the
study.
• HAZOP emphases on one event causes of
deviations or failures

53
 JOB SAFETY ANALYSIS (JSA)
• This is a useful method used to uncover and
rectify potential hazards which are intrinsic
to or inherent in the workplace.
• Usually the safety professional, workers,
management, and supervisor participate in
JSA.
• It is emphasized that the degree of success
depends on the rigor the JSA team exercise
during the analysis process.
54
Steps of JSA
Choose a job for analysis

Break down the job into a number

of steps or tasks

Highlight potential hazards and

determine appropriate measures for
controlling these hazards

Apply the measures for controlling

the hazards

Evaluate controls with care

55
MARKOV MODEL – A Reliability
Concept
MARKOV MODEL

This method is named after a Russian mathematician,

Andrei A Markov (1856-1992), and often used to perform
reliability analyses of engineering systems. This method
can also be used to perform safety analyses in the area of
mining.
The following assumptions are associated with the markov
method.

(i) All occurrences are independent of each other.

(ii) The probability of transition form one system state to

another in the finite time interval ∆t is given by θ∆t, where
the θ is the transition rate (i.e., failure repair rate) from one
system state to another.

(iii) The probability of more than one transition occurrence

in the finite time interval ∆t from one system state to
another is very small or negligible (i.e., (θ∆t)( θ∆t) → 0).
Mining System State Space Diagram
Application of Markov modeling in Mine Safety

A mining system can fail either safely or unsafely and its

safe and unsafe failure rates are λ1 and λ2 respectively.
The state space diagram of the mining system is shown in
figure 5. The numerals in the boxes denote the mining
system states. Develop expressions for the mining system
state probabilities and mean time to failure using the
Markov method. Assume that the mining system is
subjected to the assumptions that system failures occur
independently and the system safe and unsafe failure rates
are constant.
By using the Markov method, we write down the
following equations for states 0, 1, and 2, respectively,
shown in figure 6.

P0(t+∆t) = P0(t)(1- λ1∆t)(1- λ2∆t) --- (1)

P1(t+∆t) = P1(t)(1- 0∆t)+ P0(t)λ1∆t --- (2)
P2(t+∆t) = P2(t)(1- 0∆t) P0(t)λ2∆t --- (3)
where,
t is time.
P0(t+∆t) is the probability of the mining system being in operating state 0 at
time (t+∆t).
P1(t+∆t) is the probability of the mining system being in safe failed state 1
at time (t+∆t).
P2(t+∆t) is the probability of the mining system being in unsafe failed state 2
at time (t+∆t).
Pj(t) is the probability that the mining system is in state j at t, for j=0
(operating normally), j=1 (failed safely), and j=2 (failed unsafely).
λ1∆t is the probability of safe mining system failure in finite time
interval ∆t.
λ2∆t is the probability of unsafe mining system failure in finite time
interval ∆t.
(1- λ1∆t) is the probability of no safe mining system failure in finite time
interval ∆t.
(1- λ1∆t) is the probability of no unsafe mining system failure in finite time
interval ∆t.
Using Equation 1, we get

P0(t+∆t) = P0(t)[1- λ1∆t- λ2∆t+( λ1∆t)( λ2∆t)] --- (4)

Since ( λ1∆t)( λ2∆t) → 0, equation 4 reduces to

P0(t+∆t) = P0(t)[1- λ1∆t- λ2∆t] --- (5)

Using Equation 5, we write

= λ1 P0(t ) – λ2 P0(t) --- (6)

Thus, from equation 6, we get

--- (7)
Similarly, using Equations 2 and 3, we get the following equations:

--- (8)

--- (9)

At time t = 0, P0(0) = 1, P1(0) = 0, and P2(0) = 0.

By solving Equations 7-9, we obtain

] --- (10)

] --- (11)

] --- (12)
By integrating Equation 10 over the time interval [0, ∞], we obtain the
following equation for the mining system mean time to failure [2]:

--- (13)

where, MTTFms is the mining system mean time to failure.

Problem 1: Assume that a mining system’s safe and unsafe failure rates are
0.009 failures/hr and 0.001 failures/hr, respectively. Calculate the mining
system probability of failure due to an unsafe failure during a 20-hr mission
and the mean time to failure.

Soultion:
By substracting the given data values into Equations 12 & 13, we get
]

= 0.0181
And

= 100 hr

Thus, the mining system’s probability of failure due to an unsafe failure and
the mean time to failure are 0.0181 and 100 hr, respectively.
THANK YOU
Human Factors Safety Analysis
• Many different techniques
• Human element must be considered in
engineering design
• The merging of three fields:
– Human factors
– Ergonomics
– Human reliability
 Performance & Human Error
• Why do people make mistakes?
• Combination of causes - internal/external
• Performance shaping factors (factors
that influence how people act)
– External PSF
– Internal PSF
– Stressor PSF
 Human Error
• Out of tolerance action within human/machine
system
• Mismatch of task and person
• Significant contributor to many accidents
• False assumptions
– Human error is inevitable
– People are careless
• More complex systems must be less dependent
on how well people operate them
 Human Error Categories
• Omission - leaving out a task
• Commission
– Selection error
– Error of sequence
– Time error
– Qualitative error
 HF Safety Analysis
The Process
• Describe system goals and functions
• List & analyze related human operations
• Analyze human errors
• Screen errors & select
• Quantify errors & affect on system
• Recommend changes to reduce impact of
human error
 Software Safety
• Newest member of system safety field
• Software controls millions of systems
• Treat software like any system component
– Determine the hazards
– If software is involved in hazard - deal with it
• Common tools
– Software Hazard Analysis
– Software Fault Tree Analysis
– Software Failure Modes & Effects
 Software Facts
• Software is not a hazard
• Software doesn’t fail
• Health monitoring of software only assures it
performs as intended
• Every line of code cannot be reviewed
• Fault tolerant is not the same as safe
• Shutting down a computer may aggravate a an
already dangerous situation
Software Safety Analysis (SSA)
Flow Process
• Software Requirements Development
• Top-level System Hazards Analysis
• Detailed Design Hazard Analysis
• Code Hazard Analysis
• Software Safety Testing
• Software User Interface Analysis
• Software Change Analysis
 SSA
Required when software is used to:
• Identify a hazard
• Control a hazard
• Verify a control is in place
• Provide safety-critical information or
safety related system status
• Recovery from a hazardous condition
 Safety Tool Categories
• Software safety requirements analysis
– Flowdown analysis
– Criticality analysis
• Architectural design analysis
• Detailed design analysis
– Soft tree analysis
– Petri-Net
• Code analysis
 Software Testing

• Software testing
• System safety testing
• Software changes
• IV &V organization
Other Techniques
 MORT
• Qualitative tool used in 1970s
• Merges safety mgt & safety engineering
• Analyses mgt policy in relation to RA and
hazard analysis process
• Uses a predefined graphical tree
• Analyze from top event down
• Too large and doesn’t tailor well to
smaller problem
 Energy Trace Barrier
Analysis (ETBA)
• Qualitative tool for hazard analysis
• Developed as part of MORT
• Traces energy flow into, through, & out of
system
• Four typical energy sources
• Energy transfer points & barriers analyzed
• Advantages
 ETBA Procedure
• Examine system / identify energy sources
• Trace each energy source through system
• Identify vulnerable targets to energy
• Identify all barriers in energy path
• Determine if controls are adequate
 Sneak Circuit Analysis
• Standardized by Boeing in 1967
• Formal analysis of all paths that a
process could take
• Find sneak paths, timing, or procedures
that could yield an undesired effect
• Review engineer drawings, translate, &
identify patterns
• Disadvantages
 Cause-Consequence Analysis
• Uses symbolic logic trees
• Determine accident or failure scenario
that challenges the system
• Develop a bottom-up analysis
• Failure probabilities calculated
• Consequences identified from top event
• Consequence may have variety of
outcomes
 Dispersion Modeling
• Quantitative tool for environmental and
system safety engineering
• Used in chemical process plants, can
determine seriousness of chemical release
• Internationally recognized model -
CAMEO
• Features of the system
• Advantages
 Test Safety
• Not an analysis technique
• Assures safe environment during testing
• Must integrate system safety process into
test process
• Three layers of test environment
• Safety analysis needed at each level
• Test readiness review
 Comparing Techniques
• Complex Vs simple
• Apply to different phases of system life
cycle
• Quantitative Vs qualitative
• Expense
• Time and personnel requirements
• Some are more accepted in certain
industries
 Selecting A Technique
• All techniques are good analyses
• Consider advantages and disadvantages
• Select technique most suited to the
problem, industry, or desired outcome
• Ask yourself a few questions
– What’s the purpose?
– What is the desired result?
– Does it fit your company and achieve goals?
– What are your resources and time available?
Data Sources
and Training
 Data Reliability
• Start with company historical data
• Analyses only as good as the data that is
used
• Caution about misunderstanding data
• Quantifiable data is not always the best
• Always cite sources and assumptions
 Data Limits
• Most failure data is generic
• Break large items into smaller parts
• Data may not consider environmental
changes
• Use expert judgement to convert generic
data into realistic values
 Government Data Banks
• Government Printing Office
– Books from DoD, NASA, EPA, & OSHA
• Government-Industry Data Exchange
Program
– Army, Navy, FAA, Dept of Labor, Dept of
Energy, National institute of Standards and
Technology
• Databases of other countries
 Industry Data Banks
• Corporations
• Insurance companies
• Electronics Industries Associations
• Consumer Product Commission
• System Safety Society
• Material Safety Data Sheets
Creating Your Own Databank
• Collect data on system
– Design
– Assessments
– Hazard identification
– Compliance verification
• Make the data easily accessible and
consolidated in one place
• Computers and new software make
collection easier
 Data Bank
Systems Info
• Hazardous materials
• MSDS
• System design info
• Safety critical systems
• Best design practices
• Testing history
• Failure history
System Safety Data
• Safety analyses
• Accident histories
• Safety Standards
• Identified hazards
• Causes of hazards
• Proven hazard controls
• Hazard consequences
• Hazard tracking system
 Safety Training
• Twofold approach
– Employee training
– Emergency response
• Types of training
– Initial training
– Refresher training
– New training for changes
 Employee Training
• Training needs assessment
• Purpose of training
• Assess current operations
• Review hazard analysis data
• Develop and implement training
• Record training
 Emergency Preparedness and
Response Training
• Train all personnel affected by possible
emergency
• Training subjects
– Evacuation procedures
– Shutdown of equipment
– Firefighting and first aid
– Crowd control and panic prevention
• Conduct exercises
 Certification for
Hazardous Operations
• Determine personnel that require
training
• Certification program elements
– Certification examination
– Physical examination
– Classroom and hands-on training
– Test of safe working practices
– Recertification schedule
 Safety Awareness
• Highlight safety in organization
• Positive incentives
• Establish safety representatives in each area
• Conduct meetings to discuss safety program
• Safety reps should be trained in workplace
safety inspections and program monitoring
Accident Reporting,
Investigation,
and Documentation
 Reporting the Accident

• Accident reporting without retribution

• Posting of reportable accidents

• New-employee briefing

• Management involvement
Setting Up a Closed-Loop
Reporting System
• Pre-accident plan
• Report within 24 hours
– Pass data up the chain
– Initiate board
– Capture perishable information
• Investigate all accidents
 Forming a Board
• Company policy
– Accident classification
– Standing list of board candidates
• Selecting the Board members
– Various backgrounds
– Voting members and advisors
• Board responsibilities
Conducting the Investigation
• Preparing for investigation
• Gathering evidence and information
• Analyzing the data
• Discussion of analysis and conclusions
• Recommendations
 Investigation Report
• Abstract of report • Analysis results
• Summary of F & R • Conclusions
• Procedure used • Detailed F & R
• Background • Minority reports
• Sequence of events • Appendixes
• Analysis
methodology
 Accident Documentation
• Investigation Report
– Retained with supporting documents
– Corrective action implemented
– Available for future safety analysis
• Retain the records
• Public release of information
Risk Assessment
 What is Risk?
• Severity of consequences of an accident
times the probability of occurrence
• Risk perception may vary from actual risk
• Risk: realization of unwanted, negative
consequences of an event (Rowe)
• Risk: summation of three elements
– Event scenario
– Probability of occurrence
– Consequence
 Risk Perception
Factors concerning perception of risk
• Voluntary Vs nonvoluntary
• Chronic Vs catastrophic
• Dreaded Vs common
• Fatal Vs nonfatal
• Known Vs unknown risk
• Immediate or delayed danger
• Control over technology
Risk Assessment Methodology
Formal process of calculating risk and
making a decision on how to react

1 Define objectives 5 Quantify scenarios

2 Define system 6 Consequences
3 Develop scenarios 7 Risk evaluation
4 Develop event trees 8 Risk management
 Risk Assessment Methodology
Step 1 Step 2 Step 3 Step 4

Define Define Develop Develop

Objectives System Scenarios Event Trees

Step 5 Step 6 Step 7 Step 8

Quantify Consequences Risk Risk

Scenarios Determination Evaluation Management
 Identifying Risk in a System
• Risk identified through analysis techniques
• Use several techniques
• Construct fault tree
• Use analysis tools to focus on which
component is the trigger
 Risk Communication
• Communicating with public
– Acknowledge the community
– Do not imply irrationality or ignorance
• Methods to promote communication
– Community participation
– Approach “group” appropriately
– Consultation with community
– Involve community in negotiations
– Be open with information
Risk Evaluation
 A Probabilistic Approach
• Quantifying risk through probability of
failure
• Hard to quantify probability of some events
• Understand the data, the sources, & the
limitations
• Follow rules of probability
 Risk Analysis Model
• Developing accident scenarios & initiating
event
• Event Trees
• Consequences determination
• Uncertainty
• Risk evaluation - Risk profiles
 Calculating Safety Costs
• Tracking data costs
– System downtime (lost productivity)
– Equipment damage and replacement
– Accident clean-up
– Personnel injuries and death
• Expected value
• Cost-benefit analysis