Human Reliability

Assessment
Human Reliability Assessment

• A structured approach used to identify potential human

failure events (HFEs) and to systematically estimate the
probability of those errors using data, models, or expert
judgment
• HRA provides the followings:
– Identified and defined human failure events (HFEs)
– Qualitative evaluation of factors influencing human
errors and successes
– Human error probabilities (HEPs) for each HFE
Objectives of Human Reliability Analysis

• To ensure that the key human interactions are

systematically identified, analyzed, and incorporated into
the risk analysis in a traceable manner.
• To quantify the probabilities of their success and failure.
• To provide insights that may improve human performance.
Examples include improvements in the man-machine
interface, procedures and training, better match between
task demands and human capabilities, increasing prospects
for successful recovery, minimizing the impact of
dependencies between human errors, and so on.
Phases of HRA

1. Modeling of the potential contributors to human error.

This phase typically enlists some variety of task analysis to
decompose an overall sequence of events into smaller
units suitable for analysis.
2. Identification of the potential contributors to human error.
At this phase, relevant performance shaping factors are
selected
3. Quantification of human errors.
At this phase, a human error probability (HEP) is
calculated.
 What is HRA?

Process Risk Assessment Techniques

Understanding
Accident Analyses Psychology Prediction

Human Error
Environment HCI Design
Human Reliability Assessment Process

General HRA Process – Kirwan, 1994

 Human Reliability Assessment Process

• Problem Definition • Impact Assessment

• Task Analysis – Effect of errors
– Describe what is done – Risk contribution
– Improve analyst’s knowledge • Error Reduction
• Error Identification – Re-design tasks
– Taxonomy – Add engineered features
– Failure criteria – Procedures / training
• Representation • Quality Assurance
– Fault tree/event tree – Appropriate techniques
– Risk model – Technical checking
• Quantification • Documentation
– e.g. HEART
 Definitions of Terms

• Process: The overall HRA process

• Method: The steps in a process
– e.g. Task Analysis, Quantification, etc
• Technique: The specific implementation of a
method(s)
– e.g. HEART, THERP, etc
• Tool: A software tool to record and guide the use of a
technique
– e.g. Fault Tree +
 HRA Techniques

• Many HRA techniques available

• Working to different levels of detail on different
concepts
• From expert judgement techniques (e.g. PC)
• Hazard identification techniques (e.g. HAZOPS)
• To quantitative techniques (e.g. THERP)
• To second generation techniques (e.g. CREAM)
Human Reliability Assessment Process

TASK ANALYSIS

General HRA Process – Kirwan, 1994

 Task Analysis

• Range of techniques to understand what humans are

required to do in order to achieve a system goal

– Collect and organise information

– Improve the analyst’s understanding

– Structured approach

– Support to design and assessment

 Hierarchical Task Analysis

• Expresses a job or function in terms of goals, operations

and plans
– Goals Objectives to be achieved

– Operations Actions required to achieve the goals

– Plans Conditions under which the actions are

carried out
HTA Example
Making Tea
 Making Tea

• Goals Objectives to be achieved (e.g. Make Tea)

• Operations Actions required to achieve the goals

(e.g. Boil water, Add milk / sugar)

• Plans Conditions under which the actions are

carried out
(e.g. boil the water before adding it to the cup)
Making Tea (1 of 5)

Plan describes the logic

Bar beneath the Stub beneath the activity

activity shows no shows further development
further development has taken place
Making Tea (2 of 5)
Making Tea (3 of 5)
Making Tea (4 of 5)
Making Tea (5 of 5)
HTA Example
Electric Plug
Fitting an Electric Plug

• Goals Objectives to be achieved (e.g. Fit plug)

• Operations Actions required to achieve the goals

(e.g. Strip outer casing, Twist exposed wires)

• Plans Conditions under which the actions are

carried out

(e.g. fit the fuse before closing up the plug to the cup)
Fitting an Electric Plug
Human Reliability Assessment Process

ERROR
IDENTIFICATION

General HRA Process – Kirwan, 1994

 Error Identification - General

• Task Analysis describes the activities necessary to achieve a

goal
• An Error Taxonomy (classification scheme) can be used to
identify specific errors
• Many errors will be possible, so need to understand
– Error effects (relating to the task goal)
– Failure criteria (goal failure)
• Produce a list of identified errors, which lead to goal failure
• Organise the information in a Tabular Task Analysis
 Error Identification - Tabular Task Analysis

• Use the information from the HTA

• Create a Tabular Task Analysis (TTA)
• Error taxonomy (classification scheme) to identify errors
• Understand
– Error effects
– Failure criteria
• List of identified errors
ID Task Plan
0 Wire an electric plug do in sequence 1-5
0.1 Collect tools
0.2 Unscrew plug cover
0.3 Prepare lead do in sequence 1-6
0.3.1 Estimate length of stripped wire required to reach earth terminal
0.3.2 Strip outer casing according to estimate
Check yellow/green wire reaches earth terminal whilst outer casing
0.3.3 exceeds holder by 5 mm
0.3.4 Cut blue and brown wires to reach their terminals
0.3.5 Strip each of the coloured leads to leave exposed wire
0.3.6 Twist exposed wires on each coloured lead
do in sequence 1-3; If mismatch
between required and in-situ
0.4 Ensure correct fuse is in place fuse then do ( 4)
0.4.1 Locate appropriate instructions for equipment
0.4.2 Read fuse requirement
0.4.3 Compare fuse requirement with given fuse
0.4.4 Change the fuse do in sequence 1-3
0.4.4.1 Select the correct fuse
0.4.4.2 Extract fuse from plug
0.4.4.3 Insert correct fuse
0.5 Attach plug to lead do in sequence 1-4
0.5.1 Thread lead through holder
0.5.2 Fit each twisted wire to correct terminal
0.5.2.1 Select one coloured lead
0.5.2.2 Identify lead based on colour (earth, live, neutral)
0.5.2.3 Locate correct terminal for selected lead
0.5.2.4 Unscrew terminal
0.5.2.5 Place exposed twisted wire through terminal hole
0.5.2.6 Tighten terminal screw
0.5.3 Secure main lead holder
0.5.4 Replace plug cover
 Tabular Task Analysis
ID Task Plan Error Error Type Immediate Detection of Recovery of
ID effects of error error error
0.4 Ensure correct fuse is in place do in sequence
1-3; If mismatch
between
required and in-
situ fuse then
do ( 4)

0.4.1 Locate appropriate instructions for

equipment

0.4.2 Read fuse requirement

0.4.3 Compare fuse requirement with

given fuse

0.4.4 Change the fuse do in sequence

1-3
0.4.4.1 Select the correct fuse

0.4.4.2 Extract fuse from plug

0.4.4.3 Insert correct fuse

 Error Taxonomy

• Classification scheme
• Generic error types
• Similar to HAZOP guidewords
• Taxonomy can be made domain specific
 Tabular Task Analysis
ID Task Plan Error Error Type Immediate Detection of Recovery of
ID effects of error error error

0.4 Ensure correct fuse is in place do in sequence

1-3; If mismatch
between
0.4.1 Locate appropriate instructions for required and in- E3 Action omitted Instructions not Unable to Re-start task
equipment obtained confirm fuse with
type instructions
E16 Wrong Instructions for May not Re-start task
information another device detect with
obtained obtained instructions
0.4.2 Read fuse requirement

0.4.3 Compare fuse requirement with

given fuse

0.4.4 Change the fuse do in sequence

1-3

0.4.4.1 Select the correct fuse

0.4.4.2 Extract fuse from plug

0.4.4.3 Insert correct fuse

Human Reliability Assessment Process

Representation

General HRA Process – Kirwan, 1994

Human Reliability Assessment and Risk Models

• Risk models will usually include human errors for

quantification (human as mitigation)
• Human Reliability Assessor will collaborate with the Risk
Modeller
– Further investigation may be needed in order to carry out Human
Reliability Assessment
– Additional errors may be identified for inclusion in the risk model
– Changes to models may be necessary to represent human error
 Risk Assessment - General

• Risk = Frequency x Consequence/Severity

• Assessment of a complex system requires a structured
process (Probabilistic Safety Assessment)
• Operation of the system is represented by a model (risk
model)
• Risk model represents features in the system that prevent
or mitigate against serious consequences (e.g. safety
systems, intervention from human operators)
 Risk Models

• Hazard identification process used to establish a set of

initiating events (what can happen to the system)
• Frequency of each initiator is assessed
• Consider the effects of each initiator on the system
• Typically use event trees to model accident sequences
• System features are ‘modelled’ as events in an Event Tree
(ask success/failure questions as top events)
• Fault trees used to investigate detailed causes of
equipment/system/human failure
 An Event Tree

Respond Shut Start

to Alarm Valve Pump

Success
S
Success (recovered)
1-x
Initiating
event –
system
Failure 1
leak
F
x
Failure 2

Failure probability = x Success probability = 1 -x

 An Event Tree - Quantified

Respond Shut Start

to Alarm Valve Pump

S1
S 0.99
S2
0.999 0.01 0.99
Initiating
event –
system 0.01
F1
leak
F
0.001
F2

P(F) = F1 + F2 = (0.999 x 0.01 x 0.01) + 0.001 = 0.0011

P(S) = 1 – Failure = 1 – 0.0011 = 0.9989

 A Fault Tree

Failure probability = A + B + C – AB – AC – BC + ABC For OR use A U B U C

For AND use A n B n C

Valve Fails
to Shut
A

B C
OR

Electrical Mechanical Operator fails to

signal to valve failure demand valve to
valve fails shut

A B C
 Fault Tree

• Two types of boolean operators

1. OR OR

Occurrence of ANY event below causes failure above

2. AND AND

Only the occurrence of ALL events below causes failure above

 Fault Tree - A Solution
Incorrect fuse is in place

OR

Appropriate Fuse requirements Fuse requirement Fuse not changed

instructions not not read not compared with
found given fuse

OR

Correct fuse not Fuse not extracted Correct fuse not

selected from plug inserted
Human Reliability Assessment Process

QUANTIFICATION

General HRA Process – Kirwan, 1994

 Human Error Probabilities - Quantification

• Human Reliability Assessment exists to provide

quantification of the probability of human error
• Human Error Probabilities are used in Probabilistic Safety
Assessment (risk models)
• Obtaining or generating Human Error Probabilities requires
a range of techniques
 Ways to get Quantitative Data

• Historical records / Collected data (direct or simulated)

• Estimation techniques (constructive, comparative)
• Judgement and experience
 Historical Records / Collected Data
• Number of recorded events of interest over time provides frequency of
error
• Number of recorded events of interest over number of chances for event
to occur provides the probability of error
• Strengths
– specific to the error of interest
– data validity (true values)
• Weaknesses
– may not have recorded all instances of error (under estimate)
– may need a lot of data to get a fair answer
– hard to identify root of some errors
– collection method may affect reliability
– collection in simulators may not be realistic for actual errors
– design changes over time may affect reliability
 Estimation Techniques

• Technique for Human Error Rate Prediction (THERP)

• Human Error Assessment and Reduction Technique (HEART)
• Success Likelihood Index Methodology (SLIM)
• Paired Comparisons (PC)
 Judgement / Experience
• Panel of experts to provide direct generation of HEPs
(subject experts and HRA expert)
• Assumes assessors are capable of making such estimates
of reliability
• Describe the tasks of interest
• Describe errors and estimate HEPs
– Individual estimates aggregated
– Group consensus of estimates
 Judgement / Experience
• Strengths
– Simple method, allows constructive qualitative
discussion
– Practical error reduction measures can be discussed
during the assessment
• Weaknesses
– Prone to biases, may have little face validity
– Needs experienced experts
Criteria for Quantification Technique Selection

• Availability of data
• Applicability of data
• Ease of use (time, cost, resources, information)
• Data validity (justification)
• Experience of assessor
• Level of assessment needed
 Quantification Summary

• A range of HRA techniques is available

• Technique selection depends on the nature of the
assessment
• Human Reliability Data can be difficult to obtain
• Human Reliability Data can be uncertain (range of
probabilities)
• Information from the task analysis can be organised to suit
the quantification technique
• Quantification must be based on detailed qualitative
understanding
Human Reliability Assessment Process

IMPACT
ASSESSMENT

General HRA Process – Kirwan, 1994

 Impact Assessment

• Once the human-error probabilities (HEPs) have been

assigned to the various events in the fault and/or event trees.
event-sequence-outcome likelihoods will be calculated.
• The relative contributions of individual human errors to
accident frequencies, as well as the contribution of human
error as a whole, are determined.
• The value is then compared to acceptable risk level
• High-impact or sensitive human errors will be targeted for
error reduction
• Residual risk is then recalculated until the required levels of
acceptable risk are achieved, or until the risk level is as low
as is reasonably practicable/achievable (ALARP)
Risk Assessment Matrix

L L L M M

L L M M MH

L M M MH H

M M MH H E

M MH H E E
Human Reliability Assessment Process

ERROR
REDUCTION

General HRA Process – Kirwan, 1994

 Socio-Technical System
Controllable Uncontrollable
factors factors

Human Task Performance

Knowledge Based Behaviour

Decision of
Identification Planning
task

Associated Stored rules

Recognition
state/task for tasks
Rule Based Behaviour

Automated
Sensory Feature Skill Based Behaviour
sensory-motor Actions
Input formation
patterns
Error Reduction

• First step in an error-reduction analysis (ERA) is sensitivity

analysis, to determines which scenarios are sensitive and, within
those scenarios, which human errors are important.
• If no such errors are found, then an ERA is unlikely to be required
since, in this case, human errors will ostensibly impact on the risk
level.
• However, it is possible for an element of human intervention to
be introduced into a sensitive scenario which previously had no
such element of human involvement (e.g. the introduction of a
human-fault-detection-and-recovery procedure into a previously
hardware-controlled, ‘closed’ system-control loop which is liable
to failure).
Human Reliability Assessment Process

QUALITY
ASSURANCE

General HRA Process – Kirwan, 1994

Quality Assurance

• Quality assurance in the HRA process is primarily aimed at

ensuring that the reduction measures remain effective and that
the error-reduction potential is realized and maintained.
• This is no easy task, and indeed is often difficult, especially for
external contractors who, having submitted the final draft of
their PSA, will no longer have access to, or involvement with, the
project.
Human Reliability Assessment Process

DOCUMENTATION

General HRA Process – Kirwan, 1994

Documentation
• Results and methods utilized are documented in a standard that
the rationale is clear, and the detailed methods and results can
be audited by an independent agency, and then repeated by an
independent assessment team.
• In addition, all assumptions made by the assessor(s) are
documented and then made clear to the project team who will
run, or who is running, the system.
Documentation
• This is particularly important if error reduction mechanisms are
proposed since reduction measures are not as effective as
envisaged, due to a number of reasons:
– inadequate implementation of these measures;
– a misinterpretation of the measures by the project-
design/support group;
– new problems arising related to side-effects of the measure;
– the acclimatization of the operators to the measure
(particularly if the measure is motivational in nature).
• Such problems will lead to an actual net decrease in risk, but to a
level less than that assumed by the PSA/HRA.
Studi Kasus
A. Problem Definition

• Data kecelakaan di suatu perusahaan menunjukan sebagian

besar kecelakaan pekerja workshop disebabkan oleh human
error.
• Pekerjaan dengan persentase kecelakaan terbesar dan memiliki
resiko potensi bahaya yang tinggi adalah pekerjaan menggerinda.
B. Task Analysis
Pekerjaan
Gerinda 1. Persiapan

Do in sequence 1-6 2. Pengecekan peralatan

3. Pemilihan batu gerinda

4. Proses Menggerinda

5. Penyelesaian

6. Penerapan 5R
B. Task Analysis
Pekerjaan
1. Persiapan 1.1 Memakai sepatu safety
Gerinda

Do in sequence 1-4
2. Pengecekan peralatan 1.2 Memakai sarung tangan
Do in sequence 1-6

3. Pemilihan batu gerinda 1.3 Memakai kacamata safety

4. Proses Menggerinda 1.4 Memakai masker

5. Penyelesaian

6. Penerapan 5R
B. Task Analysis
Pekerjaan
Gerinda 1. Persiapan
2.1 Memastikan jenis dan
2. Pengecekan peralatan ukuran material sudah sesuai
Do in sequence 1-6

Do in sequence 1-3
dengan gambar
3. Pemilihan batu gerinda
2.2 Memastikan mesin
berfungsi sebelum digunakan
4. Proses Menggerinda

5. Penyelesaian 2.3 Mengecek emergency

switch

6. Penerapan 5R
No Operasi No Elemen Kerja
Kerja Task
1 Persiapan 1.1 Memakai sepatu safety
1.2 Memakai sarung tangan
1.3 Memakai kacamata safety
1.4 Memakai masker
2 Pengecekan 2.1 Memastikan jenis dan ukuran material sudah sesuai dengan gambar
peralatan
2.2 Memastikan mesin berfungsi sebelum digunakan
2.3 Mengecek emergency switch
3 Pemilihan 3.1 Mengetahui jenis material yang akan digerinda
batu
3.2 Mengetahui jenis pekerjaan yang akan dilakukan
gerinda
3.3 Mengetahui fungsi batu gerinda untuk masing-masing pekerjaan
3.4 Memilih batu gerinda sesuai dengan jenis material yang akan digerinda dan
pekerjaan yang akan dilakukan
3.5 Memastikan batu gerinda dalam posisi baik dan tidak retak
3.6 Memastikan rpm batu gerinda lebih besar dari rpm mesin gerinda
3.7 Memasang batu gerinda dengan benar jangan sampai terbalik
3.8 Memastikan batu gerinda terikat oleh baut dengan kencang
No Operasi Kerja No Elemen Kerja
Task
4 Proses 4.1 Menyalakan mesin gerinda dengan menyambunkan ke stop kontak terlebih
Menggerinda dahulu kemudian menggeser tombol ke posisi “on”
4.2 Memegang gerinda dengan posisi yang benar
4.3 Posisi menggerinda jauh dari sumber potensi bahaya
4.4 Mengecek hasil menggerinda sudah sesuai gambar atau belum
5 Penyelesaian 5.1 Mematikan mesin gerinda terlebih dahulu mencabut saklar dari stop kontak
5.2 Membersihkan dan merapikan benda kerja
6 Penerapan 5R 3.1 Membersihkan area kerja dan peralatan kerja setelah selesai bekerja
3.2 Meletakkan peralatan pada tempatnya
3.3 Membuang material sisa yang tidak terpakai ke tempatnya
 C. Error Identification
ID Task Error Type Immediate Effect of Error
1.1 Memakai sepatu safety Slips of Action Tidak mengikat tali sepatu
dengan kencang
Lapses of Lupa mengikat tali sepatu
memory
Rule-based N/A
mistakes
Knowledge- Salah pilih jenis sepatu safety
based mistakes
1.2 Memakai sarung tangan
1.3 Memakai kacamata safety
1.4 Memakai masker
 C. Error Identification
ID Task Error Type Immediate Effect of Error
3.1 Mengetahui jenis material yang akan digerinda
3.2 Mengetahui jenis pekerjaan yang akan dilakukan
3.3 Mengetahui fungsi batu gerinda untuk masing-
masing pekerjaan
3.4 Memilih batu gerinda sesuai dengan jenis Slips of Action Salah ambil batu gerinda
material yang akan digerinda dan pekerjaan yang
Lapses of Salah ambil batu gerinda
akan dilakukan
memory karena diinterupsi teman
Rule-based Salah pilih batu gerinda
mistakes
Knowledge- Salah inteprestasi jenis
based mistakes material
3.5 Memastikan batu gerinda dalam posisi baik dan
tidak retak
3.6 Memastikan rpm batu gerinda lebih besar dari
rpm mesin gerinda
3.7 Memasang batu gerinda dengan benar jangan
sampai terbalik
3.8 Memastikan batu gerinda terikat oleh baut
dengan kencang
 C. Error Identification

Slips of action Not doing what you’re meant to do

Skill-based errors
Forgetting to do something,
Lapses of memory or losing your place midway
Human through a task
Error

Rule-based mistakes
Human
Failure Decision-making failures
Mistakes
we do the wrong thing, believing it to be right
Knowledge-based mistakes

Routine

Violations Exceptional

Situational
D. Quantification
• Nilai HEP dihitung berdasar:

dimana
: Probabilitas kegagalan akibat error i
: Probabilitas kegagalan akan terjadi bila error i terjadi
: Probabilitas terjadinya error I
• Nilai HEP untuk kombinasi error diberikan sebagai
D. Quantification
• Nilai dihitung berdasar data historis terjadinya kecelakaan
pekerjaan gerinda.
• Data historis menunjukan dalam kurun 5 tahun terjadi 3
kecelakaan terkait pekerjaan gerinda.
• Sementara jam kerja adalah 8 jam dengan hari kerja 250 hari per
tahun.
 C. Error Identification
ID Task Error Type Immediate Effect of Error

1.1 Memakai Slips of Tidak mengikat tali sepatu

0,02 0,000006 0,999994
sepatu Action dengan kencang
safety Lapses of Lupa mengikat tali sepatu
0,01 0,000003 0,999997
memory 0,0003
Knowledge
Salah pilih jenis sepatu
-based 0,01 0,000003 0,999997
safety
mistakes

Nilai HEP untuk kombinasi error Task 1.1 (Memakai sepatu safety)
diberikan sebagai
 C. Error Identification
ID Task Error Type Immediate Effect
of Error
3.4 Memilih batu Slips of Action Salah ambil batu
0,05 0,000015 0,999985
gerinda sesuai gerinda
dengan jenis Lapses of Salah ambil batu
material yang memory gerinda karena 0,02 0,000006 0,999994
akan digerinda diinterupsi teman
dan pekerjaan 0,0003
yang akan Rule-based Salah pilih batu
0,01 0,000003 0,999997
dilakukan mistakes gerinda
Knowledge- Salah inteprestasi
0,01 0,000003 0,999997
based mistakes jenis material

Nilai HEP untuk kombinasi error Task 3.4 (Memilih batu gerinda
sesuai dengan jenis material yang akan digerinda dan pekerjaan
yang akan dilakukan) diberikan sebagai
No Operasi Kerja No Elemen Kerja
Task
1 Persiapan 1.1 Memakai sepatu safety 0,000012

1.2 Memakai sarung tangan 0,000020

1.3 Memakai kacamata safety 0,000020

1.4 Memakai masker 0,000020

2 Pengecekan 2.1 Memastikan jenis dan ukuran material sudah sesuai dengan gambar 0,000012
peralatan
2.2 Memastikan mesin berfungsi sebelum digunakan 0,000052

2.3 Mengecek emergency switch 0,000052

3 Pemilihan 3.1 Mengetahui jenis material yang akan digerinda 0,000052

batu
gerinda 3.2 Mengetahui jenis pekerjaan yang akan dilakukan 0,000052

3.3 Mengetahui fungsi batu gerinda untuk masing-masing pekerjaan 0,000052

3.4 Memilih batu gerinda sesuai dengan jenis material yang akan 0,000052
digerinda dan pekerjaan yang akan dilakukan
3.5 Memastikan batu gerinda dalam posisi baik dan tidak retak 0,000052

3.6 Memastikan rpm batu gerinda lebih besar dari rpm mesin gerinda 0,000052

3.7 Memasang batu gerinda dengan benar jangan sampai terbalik 0,000052

3.8 Memastikan batu gerinda terikat oleh baut dengan kencang 0,000052
No Operasi Kerja No Elemen Kerja
Task
4 Proses 4.1 Menyalakan mesin gerinda dengan menyambunkan ke stop kontak 0,000052
Menggerinda terlebih dahulu kemudian menggeser tombol ke posisi “on”
4.2 Memegang gerinda dengan posisi yang benar 0,000052

4.3 Posisi menggerinda jauh dari sumber potensi bahaya 0,000052

4.4 Mengecek hasil menggerinda sudah sesuai gambar atau belum 0,000052

5 Penyelesaian 5.1 Mematikan mesin gerinda terlebih dahulu mencabut saklar dari stop 0,000052
kontak
5.2 Membersihkan dan merapikan benda kerja 0,000052

6 Penerapan 5R 3.1 Membersihkan area kerja dan peralatan kerja setelah selesai bekerja 0,000052

3.2 Meletakkan peralatan pada tempatnya 0,000052

3.3 Membuang material sisa yang tidak terpakai ke tempatnya 0,000052