Handbook of Reliability, Availability, Maintainability and Safety in Engineering Design - Part 70 ppsx

676 5 Safety and Risk in Engineering Design5.3 Analytic Development of Safety and Risk in Engineering Design A significant factor in considering analytic development of safety and risk i

Table 5.22 FMSE for process criticality using residual life

Component Failure

description

Failure mode

Failure consequences

(1) (2) (3) (4) (5) Criticality

rating

Cost criticality rating

Maintenance frequency

Control valve Fails to open TLF Production 75% 6 4.50 0.083 0.37 Low

criticality

Medium cost

6 monthly Control valve Fails to open TLF Production 75% 6 4.50 0.167 0.75 Low

criticality

Medium cost

6 monthly Control valve Fails to

seal/close

TLF Production 100% 6 6.00 0.167 3.0 Medium

criticality

Medium cost

6 monthly Control valve Fails to

seal/close

TLF Production 100% 6 6.00 0.5 1.5 HIGH

criticality

Medium cost

6 monthly Instrument

loop (press 1)

Fails to

provide

accurate

pressure

indication

TLF Maint 100% 2 2.00 0.67 1.34 Medium

criticality

Low cost 6 monthly

Instrument

loop (press 2)

Fails to detect

low pressure

condition

TLF Maint 100% 2 2.00 0.67 1.34 Medium

criticality

Low cost 6 monthly

Instrument

loop (press 2)

Fails to detect

low pressure

condition

criticality

Low cost 6 monthly

Instrument

loop (press 2)

Fails to

provide output

signal for alarm

criticality

Low cost 6 monthly

Condition (likelihood of failure)

Positive True positive False positive

(type I error,

P-value)

Positive predicted value Negative False negative

(type II error)

True negative Negative

predicted value

determined Using decision trees and influence diagrams details all the possible op-tions for a decision model Decision trees provide a more formal structure in which decisions and chance events are linked from left to right in the order they would occur Probabilities of the likelihood of failure events are added to each node in the tree A decision analysis generates a risk profile The risk profile compares the sensitivity of different decision options Such sensitivity analysis is best conducted with the aid of specialised application software such as @RISKc, in which the outcome is expressed as a probability distribution, as illustrated in the insert below (Fig 5.44)

Fig 5.44 Probability distribution definition with @RISK (Palisade Corp., Newfield, NY)

676 5 Safety and Risk in Engineering Design

5.3 Analytic Development of Safety and Risk

in Engineering Design

A significant factor in considering analytic development of safety and risk in

engi-neering design is the extent to which probabilistic analysis and deterministic analy-sis can complement each other in safety and risk prediction, assessment and

evalu-ation of engineered installevalu-ations at each respective phase of the engineering design process This requires an understanding of the advantages of each specific approach

taken in the analysis of safety, and the basic concepts of potential risk and residual risk (de Gelder 1997).

Concepts of risk The prediction, assessment and evaluation of risk in the

con-ceptual, preliminary/schematic or detail design stages respectively of engineered installations have to distinguish between:

• potential risk, which can lead to accidents or incidents if no protection measures

are considered or taken,

• residual risk, which remains after having considered all measures taken to

pre-vent accidents or incidents, and to mitigate their consequences

The main contributions to residual risk stem from events that are not considered

in the design, such as vessel rupture; an accident/incident progression worse than the assumptions considered in the design basis, such as multiple failures, common mode failures (resulting in complete failure of a safety system) and operator errors; cumulative occurrence of initiating events that are considered in the design but not accounted for, since cumulative occurrence is not considered to be a design basis event

As considered previously, the assessment of risk requires two measures—speci-fically, the frequency of occurrence of potential accidents, and the severity of their consequences During the analysis of safety, both these measures are considered with the objective that accidents with the most significant consequences should have the lowest frequencies of occurrence The main objective of safety analysis is to verify that measures taken at the design stage, as well as during construction and operation of the engineered installation are adequate in achieving the prescribed safety requirements

The probabilistic safety analysis approach The probabilistic approach enables

the prediction or assessment of the major contributors to potential risk, and evalu-ation of the most significant contributors for further reduction of residual risk The major steps in a probabilistic safety analysis are as follows:

• Identification of the initiating events and the plant operational states to be

con-sidered

• Analysis of the possible accident scenarios, by means of event trees.

• Reliability analysis, by means of fault trees, of the systems considered in the

event trees

• Collection of probabilistic data (failure probability or unavailability for test and

maintenance, initiating event frequencies)

• Use of analytic techniques such as sneak analysis, genetic algorithms and neural

nets

• Event sequence quantification, resulting in a frequency for each event.

• Interpretation of results (including sensitivity and importance analyses).

The deterministic safety analysis approach This approach has constituted a basis

for the design of most high-risk engineered installations The deterministic approach

is based on regulations and guides established by the appropriate regulatory author-ity The major steps in a deterministic safety analysis are the following:

• Identification and categorisation of events considered in the design basis:

At the beginning of the design stage, a list of initiating events to be covered in the

design is established and constitutes the so-called design basis events These are

then grouped into categories, based on their estimated frequency of occurrence This categorisation of the initiating events is basically into classes, depending

on the significance of the overall risk posed by the engineered installation For example, the categorisation of initiating events into classes was established by the US Nuclear Regulatory Commission for high-risk engineered installations such as nuclear power plants (NUREG 75/014 1975; NUREG/CF-1401 1980) The following categorisation is of initiating events into classes:

– Class 1: normal operation,

– Class 2: incidents of moderate frequency,

– Class 3: incidents/accidents of low frequency,

– Class 4: hypothetical accidents

• Analysis of enveloping scenarios:

For each category, a number of enveloping scenarios are identified in such a way that their analysis covers all events to be considered in that category Each en-veloping scenario is then analysed by using conservative assumptions in the ini-tial conditions of plant, such as:

– power, flows, pressures, temperatures,

– most unfavourable moment in the process cycle,

– instrumentation uncertainties,

– hypotheses concerning the accident/incident progression

• Evaluation of consequences:

The potential consequences of these enveloping scenarios are analysed using conservative assumptions, such as:

– the initial activity of a primary circuit is supposed to be equal to the maximum activity allowed by the technical specifications,

– unfavourable climatic conditions

678 5 Safety and Risk in Engineering Design

• Verification with respect to acceptance criteria:

The results of the analysis of the enveloping scenarios are finally compared with predefined acceptance criteria These acceptance criteria can be expressed in re-lation to parameters of the engineered instalre-lation, and to the protection of people and the environment When all analyses show that acceptance criteria are met, the proposed design is accepted in the deterministic safety approach

Below, various methodologies for the analytic development of safety and risk in the

design of engineered installations are considered, incorporating probabilistic anal-ysis in the respective prediction, assessment and evaluation of safety and risk

prob-lems at each phase of the engineering design process Various AI analytic techniques

presented, such as evolutionary algorithms, genetic algorithms and neural networks,

are basically stochastic search and optimisation heuristics derived from classic evo-lution theory and implemented in intelligent computer automated methodology in the prediction, assessment and evaluation of engineering design safety and risk

5.3.1 Analytic Development of Safety and Risk Prediction

in Conceptual Design

In this section, the development of a design space is considered in which methods

of design preferences and scenarios are integrated with analytic techniques such

as evolutionary algorithms, genetic algorithms and/or artificial neural networks to

perform multi-objective optimisation in designing for safety In Sect 5.4, computer automated methodology is presented in which optimisation algorithms have been

developed for knowledge-based expert systems within a blackboard model that is

applied in determining the integrity of engineering design Certain approaches are therefore adopted for the prediction of risk in the conceptual design stage, specifi-cally in:

i Establishing an analytic basis for developing an intelligent computer automated system;

ii Evolutionary computing and evolutionary design.

5.3.1.1 Establishing an Analytic Basis for Developing an Intelligent Computer Automated System

The goal is to establish an analytic basis for developing an intelligent computer automated system that will be able to work together with the designer during the different phases of the engineering design process—especially during the concep-tual design phase when interaction and designer knowledge are sometimes more important than accuracy

a) A Computer Automated Design Space

The core of a computer/human design space consists of four parts:

• The designer/design team.

• Fuzzy preference handling (for objective importance specification).

• Dynamic constraints handling (scenarios, etc.).

• Analytic module for multi-objective optimisation.

Furthermore, such a design space must be suited to applied concurrent engineer-ing design in an integrated collaborative design environment in which automated

continual design reviews may be conducted throughout the engineering design pro-cess by remotely located design groups Therefore, interaction with the designer (or design team) is very important The goal is to provide the designer with a multi-ple criteria decision aid for multimulti-ple criteria decision-making during the conceptual phase of the engineering design process

The methodology is generic and could be easily integrated with other conceptual

design problems Such a computer/human design space is illustrated in Fig 5.45.

b) Preferences and Fuzzy Rules

The problem of qualitative versus quantitative characterisation of the relative impor-tance of objectives in a multi-objective optimisation framework is usually encoun-tered during the conceptual design phase At this initial stage of the engineering

design process, it is much easier for the designer to give qualitative definition to the

objectives (i.e ‘objective A is much more important than objective B’) than to set

a weighted value of objective A to, say, 0.1 or to 0.09 The method of fuzzy prefer-ences and induced preference order is used for information transformation in which predicates are introduced (Fodor et al 1994).

Table 5.23 shows the relation and intended meaning of some predicates These predicates, together with the complementary relations of> and , can help build the relationship matrix R necessary for ‘words to numbers’ transfor-mation, and the induced order for the relation R Integrated preferences in

multi-objective optimisation techniques basically include two methods: one that uses

Fig 5.45 Schema of a

con-ceptual design space

Designer (engineer)

Optimisation module

Fuzzy rules module Constraint

module

680 5 Safety and Risk in Engineering Design

Table 5.23 Fuzzy and induced preference predicates

Relation Intended meaning

≈ Is equally important

< Is less important

 Is much less important

¬ Is not important

weighted sums, and one that uses a modified Pareto method that computes the

ob-jective weights

c) Dynamic Constraints and Scenarios

The other second tier module from Fig 5.45 handles dynamic constraints and sce-narios Each scenario is a set of additional constraints or objectives that the designer

can change, add and/or delete interactively More formally, a scenario is represented

as conjunctions of relations (constraints) in a fairly precise mathematical/modelling language Each scenario is a function of variables, objectives and possible additional parameters In an optimisation framework, these scenarios could return a value as

a percentage of the relations satisfied for given input values The concept behind the scenarios is that the designer can specify conditions that are not part of the

mathe-matical model (such as ‘set y5 ∈ [0,4] or, if not possible, then set y1 + y3 > 100’).

This allows the designer to focus on certain regions of the design space An ad-ditional advantage is that scenarios are dynamic and are interpreted ad hoc without any change to the program or model, and can be added, modified or deleted ‘online’ Integrating scenarios in the design space provides the ability to assign a different level of importance to each scenario, and to calculate the value of a set of scenarios

in different ways:

• Using weights or preferences for specifying scenario importance.

• Calculating multiple scenario values.

• Considering only one scenario at a time.

The third approach is adopted in the automated methodology presented in Sect 5.4,

as it enables the use of various imbedded software programs (analytic methods) that can analyse the various scenarios and signal any possibility or impossibility of satisfying the design constraints

In the application of optimisation algorithms in artificial intelligence-based (AIB) modelling within a blackboard model, such as presented in Sect 5.4, there

is no need for specifying, quantitatively or qualitatively, the importance (as in the first method) or order (as in the second method) of the various scenarios.

d) The Optimisation Module

Optimisation in the early phases of engineering design represents a rather insignifi-cant part of the overall design problem The fuzzy nature of initial design concepts, and efficient exploration across the many different variants that the designer needs

to assess are of greater interest The methods of design preferences and scenarios

are integrated with analytic techniques such as evolutionary algorithms, genetic al-gorithms and/or artificial neural networks to perform multi-objective optimisation

in designing for safety

Evolutionary computing (including evolutionary algorithms, genetic algorithms,

and related models such as artificial neural networks) is based on a continuous and probabilistic representation of algorithmic optimisation (e.g weight matrices) that would likely be able to provide the best scenario for design optimisation, in the sense that it achieves a better design with respect to performance, depending on the design problem (Cvetkovic et al 1998)

5.3.1.2 Evolutionary Computing and Evolutionary Design

Design optimisation is a fairly common computational approach that attempts to utilise design requirements as an integral part of the design space Design optimisa-tion views requirements as a fixed set of criteria, and creates an evaluaoptimisa-tion funcoptimisa-tion (referred to as the fitness function in artificial intelligence literature) against which the design solutions are weighed However, design is seldom a static activity in time, especially during conceptual design Requirements as well as design solutions change as the search for the best design progresses This places a significant demand

on the development of a suitable computational environment for interdisciplinary design collaboration in which various techniques for design concept generation as well as the evolution of design requirements and solutions are established, prompt-ing a need for evolutionary techniques for design optimisation (Tang 1997) The integration of evolutionary computing with artificial intelligence-based (AIB) design methodology allows for the development and integration of the ba-sic building blocks of design (or examples of past or existing designs) that are

rep-resented in a design knowledge base Several general-purpose design knowledge sources (or support systems) are similarly developed to support the design

knowl-edge base The design knowlknowl-edge sources (or support systems) are developed to support the following design activities (Tang 1997):

• synthesis of conceptual design solutions from building blocks of design models and design requirements, using inductive learning,

• transferring conceptual design solutions into detailed design models containing spatial, geometric and structural knowledge,

• manipulation and partition of detailed design models into smaller design problem

spaces containing suitably constrained design variables and constraints,

• searching for solutions in the partitioned design problem spaces using

evolution-ary computing techniques,

682 5 Safety and Risk in Engineering Design

Fig 5.46 Selecting design objects in the design knowledge base

• exploration of alternative design solutions when considering different design

is-sues,

• documentation and explanation of design results.

The design knowledge base and design knowledge sources form the core of an

in-tegrated design support system An artificial intelligence-based blackboard system

is used to control the design knowledge sources and integrate the knowledge-based design applications The design knowledge base contains design objects, constraints

in terms of intended function and interfaces, as well as detailed information in terms

of materials and geometry, etc

The design knowledge base is developed by a knowledge engineer or by the

var-ious design teams The design objects in the design knowledge base can be selected and synthesised to generate conceptual design solutions, as graphically indicated

in Figs 5.46 and 5.47 At an abstract level, a conceptual design solution identifies

the basic components and their topological arrangement to the satisfaction of initial design requirements At the early stages of the design process, many alternative con-ceptual design solutions must be analysed, evaluated and selected before confirming

a design concept that can progressively evolve in detail for further investigation

Once a conceptual design solution is selected, it is transformed into a schematic design model using the knowledge stored in advance in the design knowledge base.

A schematic design model contains design variables and constraints describing the

Fig 5.47 Conceptual design solution of the layout of a gas cleaning plant

Fig 5.48 Schematic design model of the layout of a gas cleaning plant