The assessment of ‘estimated disabling injury frequency’ considers severity criteria such as: • Life risk—when the occurrence of critical functional failures can be expected to result in
Trang 1– the ‘estimated reportable hazard frequency’ arising from functional failure of the item,
– the ‘estimated physical condition’ of the item related to its safety
• The actual degree of safety This is measured according to the contribution of:
– the ‘actual disabling injury frequency’ arising from functional failure of the item,
– the ‘actual reportable hazard frequency’ arising from functional failure of the item,
– the ‘actual physical condition’ of the item related to its safety
The assessment of ‘estimated disabling injury frequency’ considers severity criteria
such as:
• Life risk—when the occurrence of critical functional failures can be expected to
result in a risk of loss of life every time
• Loss risk—when the occurrence of critical functional failures can be expected to
result in a risk of loss of limb every time
• Health risk—when the occurrence of critical functional failures is expected to
result in the risk of a health hazard every time
The assessment of ‘estimated reportable hazard frequency’ considers severity crite-ria such as:
• People risk—when the occurrence of critical functional failures can be expected
to result in the risk of an accident affecting people working in the area every time
• Environment risk—when the occurrence of critical functional failures can be
ex-pected to result in the risk of an accident affecting the environment every time
• Process risk—when the occurrence of critical functional failures can be expected
to result in the risk of an accident affecting the production process every time
• Product risk—when the occurrence of critical functional failures can be expected
to result in the risk of an accident affecting the related product every time The assessment of ‘estimated physical condition’ considers severity criteria such as:
• Loss risk—when the item’s physical condition can be expected to result in
pro-cess losses in the system that will result in critical functional failures becoming imminent
• Damage risk—when the item’s physical condition can be expected to result in
physical damage to related items that will result in critical functional failures becoming imminent
• Defects risk—when the item’s physical condition can be expected to result in
physical defects arising in the item or its parts that will result in critical functional failures becoming imminent
Trang 2The various severity criteria described above are rated by designating a probability value from 0.1 to 1.0, for each criterion relevant to each failure mode, according to
a risk assessment scale The severity criteria is designated a value ranging from 10
to 1 The most severe degree of safety (disabling injury—life risk) is valued at 10, and no safety risk is valued at 1
The probability value is assessed for different categories called ‘actual’, ‘proba-ble’ and ‘possi‘proba-ble’ These probability values range from:
0.95 to 1.00 for the category actual
0.50 to 0.95 for the category probable
0.01 to 0.50 for the category possible.
The estimated risk is thus rated according to the risk assessment scale shown in
Table 5.7, using the following probability qualifiers:
Actual occurrence: 0.95 to 1.00
Probable occurrence: 0.50 to 0.95
Possible occurrence: less than 0.50.
Table 5.7 Risk assessment scale
Risk assessment scale
Estimated degree of Risk assessment values:
safety: Degree of severity× Probability
Severity criteria Actual Probable Possible
0.95 to 1.00 0.50 to 0.95 0.01 to 0.05 (Disabling injury) Deg Prob Risk Deg Prob Risk Deg Prob Risk
(Reported accident)
(Physical condition)
Trang 3Table 5.8 Initial failure rate estimates
Qualification Failure rate (×10 −6)
Very low < 1
High 100 to 1,000
Very high > 1,000
Once an overall total and an overall average value of risk has been assessed,
a safety criticality rank can be defined as follows:
Criticality rank= Risk × Failure rate (5.7)
If the failure rate for the item cannot been determined, qualifying values for ini-tial failure rate estimates can be used (Table 5.8).
5.2.1.7 Summary of Safety and Risk Analysis in Engineering Design
Up to this point, the various conventional deductive and inductive analysis tech-niques for safety hazards and risk analysis have been considered without giving much attention to their specific application in each engineering design phase Some
of the more appropriate techniques that relate to the progressive phases in the engi-neering design process are the following:
• Design cost risk analysis.
Design cost risk analysis consists of identifying independent variables relating to the system or equipment attributes such as mass, size, volume, material thickness, etc plus the cost of ensuring the required reliability and safety relative to the se-lected attributes The independent variables, also called cost drivers, are sese-lected through statistical analysis, and form the basis of cost estimating relationships (CERs)
• Operational risk analysis.
Operational risk analysis considers risk in their operating environment As a re-sult, it is necessary and useful to develop a safety hypothesis, expressed as a risk equation, which relates system throughput capacity to risk Such a risk equation has its roots in financial risk management and has been expanded to measure the mean expected loss risk, which is more suitable for process systems in general Such a measure not only quantifies risk but also clarifies system safety principles during conceptual design Early identification of specific risk costs and safety benefits of different design alternatives enables avoidance or mitigation of haz-ards that could result in operational losses
Trang 4• Operability analysis—formally, hazards and operability (HAZOP) analysis.
Operability analysis considers safety issues throughout an engineered installa-tion’s life cycle, from design, manufacture, installation, assembly and construc-tion, through to start-up and operation The later that hazardous operating modes are detected in this development process, the more serious and expensive they become to avoid or mitigate through the required plant modifications Extensive and systematic examination of safety aspects has to be carried out carefully and
at the earliest possible opportunity in the engineering design stage
• Point process analysis—formally, Markov chain point processes.
Point process analysis is intended to model a probabilistic situation that places points on a time axis For safety analysis, these points are termed accident or
incident events.
• Fault-tree analysis (FTA).
Fault-tree analysis is the most frequently used in the assessment of safety protec-tion systems for systems design For potentially hazardous process engineering systems, it is required statutory practice to conduct a quantitative assessment of the safety features at the engineering design stage The design is assessed by pre-dicting the probability that the safety systems might fail to perform their intended task of either preventing or reducing the consequences of hazardous events
• Root cause analysis (RCA).
Root cause analysis (RCA) considers multiple failures arising from a common cause This was first studied on a formal basis in the nuclear power industry In order to obtain sufficiently high levels of reliability and safety in critical risk con-trol circuits, redundancy was introduced In applying redundancy, several items can be used in parallel with only one required to be in working order
• Cause-consequence analysis (CCA)—failure modes and safety effects analysis.
Cause-consequence analysis for safety systems design explores the system’s re-sponses to an initiating deviation from pre-determined norms (such as the lim-its of safe operating parameters), and enables evaluation of the probabilities of unfavourable outcomes at each of a number of mutually exclusive loss levels, depending upon the extent of deviation from these norms
• Hazards analysis (HAZAN)—probabilistic risk analysis.
Hazards analysis considers identifying potential hazards that may be caused ei-ther by the nature of the process or the intended systems configuration A thor-ough safety and hazards analysis is compulsory during the engineering design and development stages, for official approval to commence with construction These techniques are considered in detail below, within the appropriate conceptual, preliminary or detail design phases of the engineering design process
Trang 55.2.2 Theoretical Overview of Safety and Risk Prediction
in Conceptual Design
Safety and risk prediction attempts to identify initial problems or preliminary
haz-ards, and to estimate the risks related to the severity of their consequences and re-lated probabilities of occurrence Safety and risk prediction is considered in the
conceptual design phase of the engineering design process, and includes concepts
of modelling such as:
i Cost risk models in designing for safety
ii Process operational risk modelling
iii Hazard and operability studies.
5.2.2.1 Cost Risk Models in Designing for Safety
Cost estimates during the early stages of engineering design are crucial They influ-ence the go, no-go decisions concerning the development of engineering projects
In many cases, from 70 to 80% of a design’s cost is committed during the concept phase (Mileham et al 1993)
Making a wrong decision concerning designing for reliability and safety can be extremely costly later in the development project System modifications and pro-cess alterations become more expensive as the project progresses into manufacture, installation and construction However, the difficulties of cost estimating at the con-ceptual design phase are well recognised (Meisl 1988) The two major obstacles that need to be addressed in estimating costs at the conceptual design phase are, first, working with a limited amount of available data concerning the new design and, second, identifying the requirements that determine how cost estimates are derived, including assumptions and risks The task in overcoming these obstacles, particu-larly in estimating risk costs for safety in engineering design, is concerned with the choice of cost estimating methods, some of which include the following:
• Traditional cost estimating.
• Parametric estimating.
• Feature-based costing.
• Qualitative cost estimating.
a) Traditional Cost Estimating
In traditional costing, there are two main estimates: a ‘first sight’ or ‘first round’ estimate, which is done in the early design phases, and a detailed estimate, done later to calculate costs precisely The former of these cost estimating methods is based largely on the experience of the estimator For example, it is not uncommon for a ‘first round’ project estimate to be based upon a past similar project, or purely
Trang 6on costing experience Although useful for a rough order of magnitude estimate, this type of estimating is too subjective in engineering designs of large integrated systems, and more quantified and justified estimates are essential (Roy et al 1999) For detailed estimates, risk cost is based upon a knowledge of the cost of opera-tions and the cost of failure repair Typically, such a cost model would incorporate the following
where:
TC= total cost (safety life-cycle cost)
Ci = initial cost (design and manufacture)
Co = operating cost
Cr = risk cost
The risk cost component of this safety life-cycle (SLC) costing of a process engi-neering design can be expressed in terms of two cost components:
• the average cost of failure Cf, and
• the expected life of the system Lt
Cr= Cf· Lt
where:
MTBF= mean time between failures
The risk cost component of the average cost of failure, Cf, can in turn also be ex-pressed in terms of two cost components:
• the cost of failure loss, and
• the cost of failure repair
+ [Cm(MTTR+ Tm) +Cd+Cp] where:
Tm = repaired system response time
Cs = cost of loss of service
Cl = cost of incident/accident loss
Cm = cost of failure repair
Cd = cost of failure delay
Cp = cost of parts replacement
MTTR= mean time to repair
The expected life of the system Lt, expressed as a ratio against the mean time be-tween failures (MTBF), is in effect the expected number of failures over the life
span of the system, which is a measure of the system’s reliability, R This reasoning
Trang 7is based on the understanding that MTBF is a measure of the average time until the occurrence of failure
Thus
R= Lt
Because risk cost is based upon a detailed knowledge of the cost of system op-erations and repair, the method is not useful during the conceptual design phase of project development In order to estimate costs during this phase, other approaches are required
b) Parametric Estimating
A widely used method for estimating costs at the early stages of process
develop-ment is known as parametric estimating (PE) Typically, for most systems in
pro-cess engineering, mass relates to the cost of its manufacture That is, as the weight
of a pressure vessel increases, due to an increase in size (volume) or in thickness of material, so does the cost of manufacturing it Furthermore, this particular relation-ship is often described as linear
Using relatively simple algebra, it is possible to derive a formula to determine
a mathematical relationship for cost to mass (or size) The linear equation y = ax+b
is used to describe the line of best fit for points representing this relationship and, once described, it is then possible to use the formula to predict the cost of other similar pressure vessels, based on their size or weight alone Within the field of
cost estimating, this relationship is known as a cost estimating relationship (CER).
This is a rather simplistic illustration describing the main principles of paramet-ric estimating As CERs become more complex, involving several variables, more complex mathematical equations are used to describe the relationships When CERs become too complex for mathematical equations to solve, cost algorithms are
devel-oped, such as genetic algorithms (GAs) for determining the extent of the risk cost
associated with designing for reliability and safety An example of the use of such
an algorithm is in optimising a risk cost function in the allocation of component redundancy to a safety control system (Coit et al 1996)
Parametric estimating can be used throughout the life cycle of an engineered in-stallation However, it is used mainly during the early stages of development (i.e
conceptual design phase), and for design to cost (DTC) analyses, which is
consid-ered later The techniques are acceptable for both military and industrial application (PCEI 1999)
However, parametric estimating does have its disadvantages—for example, CERs
of many conceptual designs are too simplistic to forecast costs Furthermore, para-metric estimating is based primarily on statistical assumptions concerning cost driver relationships to cost, and estimations should not completely rely upon sta-tistical analysis Hypotheses based on experience, common sense and engineering
Trang 8knowledge should come first, and then the relationship should be tested with statisti-cal analysis Most CER studies apply parametric estimating for quantitative criteria
in design, but not for vague or unknown criteria requiring qualitative or expert judg-ment Current research in this area has demonstrated the validity of the approach (Roy et al 1999)
Design to cost The objective with design to cost (DTC) is to make the design
con-verge to an acceptable cost, rather than to let the cost concon-verge to design DTC activities, during the conceptual and early design phases, are those of determining the trade-offs between cost and performance for each of the concept alternatives DTC can produce massive savings on risk cost before system development be-gins The general approach is to set a cost goal, then allocate the goal to the elements
of the design, including designing for reliability and designing for safety The de-sign must then be confined to the alternatives that satisfy the cost constraint (Michael
et al 1989)
However, this is only possible once a risk cost algorithm has been developed that can be used to determine the impact of these elements of the design such as designing for reliability and safety These algorithms are used primarily to monitor the impact of design decisions on risk cost, rather than the converse, throughout the engineering design process It is thus the cost engineers who are responsible for es-tablishing sufficient information on cost in the early stages of systems development that will enable the design engineers to make meaningful decisions
c) Feature-Based Costing
A relatively new form of PE is that of feature-based costing (FBC) This has become
popular due to the rise and sophistication of computer aided tools in engineering design The growth of CAD/CAM technology and that of 3D modelling tools have largely influenced the development of feature-based costing Researchers have for some time investigated the integration of design, process planning and manufactur-ing for costmanufactur-ing usmanufactur-ing a feature-based modellmanufactur-ing approach (Wierda 1991)
However, feature-based costing has not yet been fully established or developed with respect to costing safety in engineering design Nonetheless, there are several good reasons for examining the use of features as a basis for risk costs during the early design phases where certain equipment (i.e assemblies, sub-assemblies and components) have already been identified Such equipment can essentially be de-scribed as a number of associated features, i.e holes, flat faces, edges, folds, etc
It follows that each equipment feature has cost implications, since the more fea-tures the equipment has, the more manufacturing it will require, and the greater its safety risk with respect to operational reliability, durability and robustness There-fore, choices regarding the inclusion or omission of a feature impact the risk costs
of equipment, especially process control equipment
Trang 9d) Qualitative Cost Estimating
Fuzzy logic, possibility theory and artificial neural networks present the next gen-eration in computerising the human thought processes Many researchers and
prac-titioners are fast developing and investigating the use of artificial intelligence (AI)
systems and applying these to cost estimating For risk cost estimating purposes, the basic idea of using neural networks is to provide data to a computer so that it can computationally learn which safety attributes mostly influence the cost This is achieved by training the system with data from past case examples with respect to the cost of losses due to hazardous failure, the estimated frequency of the initiating event, and the severity and probability of the consequences The neural network then approximates the functional relationship between the attribute values and the risk cost Safety attribute values such as estimate values of frequencies and/or probabili-ties are input to the network, which applies the approximated function obtained from the training data and computes a prospective risk cost Relatively recent work has demonstrated that, under certain conditions, neural networks produce better cost-ing predictions than do conventional regression costcost-ing methods However, in cases where appropriate CERs can be identified, regression models have significant ad-vantages in terms of accuracy, variability, model creation and model examination (Smith et al 1997)
Artificial neural networks (ANN) require a large case base in order to be effective,
which is not always the case with safety attributes of equipment in process engineer-ing systems In addition, the case base needs to be comprised of similar equipment
in common applications, and new designs need to be of a similar nature, in order for the cost estimate to be effective Thus, neural networks cannot cope easily with uniqueness or innovation in engineering design With regression analysis, safety and risk issues in the design can be argued logically, and an audit trail of the develop-ment of the risk cost estimate can be established This is because a CER equation
is developed that is based on common sense and logic In many cases, when con-sidering neural networks, the resultant equation does not appear logical even if it was extracted by examining the weights, architecture, and nodal transfer functions that are associated with the final trained model The artificial neural network truly becomes a ‘black box’ CER This is disadvantageous if a detailed list of the reasons and assumptions behind the risk cost estimate is required The black box CER also limits the use of risk analysis, which is a prime benefit of parametric estimating, and which will be considered now in greater detail
e) Parametric Costing and Risk Analysis
This sub-section provides fundamental knowledge concerning the tools and tech-niques currently used within the area of parametric costing and risk analysis within
the conceptual design phase The method of parametric cost estimating (PCE) is
commonly used to estimate the cost of new engineering designs It provides a tech-nique for predicting cost based on historical relationships between cost and one or
Trang 10more predictor variables such as cost estimating relationships (CERs) The method
uses a statistical approach, and is commonly used for risk cost estimation during the conceptual design phase (Rush et al 2000)
Cost Estimating Relationship (CER) Development
Cost estimating relationships (CERs) can range from simple heuristics (rules of thumb) to complex relationships involving multiple variables The principal func-tion of CERs is to provide equafunc-tions or graphs that summarise historical cost data from which future cost estimates can be made A general methodology for develop-ing CERs includes activities such as data collection, testdevelop-ing a CER’s logic, statisti-cal analysis, CER significance tests, and validation The collection of data is often
a very critical and time-consuming activity, requiring more effort to be devoted to assembling a quality database than to any other task in the CER development pro-cess After a database is developed, the next step is the mathematical formulation of
a hypothesis and then to test the mathematical form of the CER in order to determine its logic This involves identifying potential cost driving variables and identification
of cost relationships
In order to test and validate a CER, the statistical analysis technique of multiple regression is used to test the hypothesis Although widely accepted, PCE is based
on statistical assumptions concerning cost driver relationships to cost, particularly
risk cost, and should therefore not be completely reliant upon statistical analysis but based also on experience, common sense and engineering knowledge Because estimating is based on assumptions concerning the likely risk cost of an as yet un-developed design, the preferred approach is to combine the statistical techniques of parametric estimating with statistical risk analysis
The introduction of risk cost analysis ensures that the consequences of risks are
correctly taken into account to be able to quantify risk cost early in the design stage
of the life cycle of a system
f) Risk Cost Analysis
The first step in analysing risk cost is identification of the CER variables This is readily available from the results of the parametric cost estimating method The risk cost consists of independent variables relating to the system or equipment attributes such as mass, size, volume, material thickness, etc included in the CERs, plus the cost of ensuring the required reliability and safety relative to the selected attributes The independent variables, also called cost drivers, are selected through statistical analysis, and form the basis of the CER
The risk cost can be expressed in terms of the following principal cost compo-nents: the parametric cost estimates, and the cost of ensuring reliability and safety
RC= C + [C (mass)+C(material)] +C (5.13)