ETHICS IN DATA ANALYTICS

Unit –II

ETHICS EXPERIMENTS AND EXAMPLES

ENGINEERS AS RESPONSIBLE EXPERIMENTERS

The engineers have so many responsibilities for serving the society.

1. A primary duty is to protect the safety of human beings and respect their right of
consent. [A conscientious commitment to live by moral values].
2. Having a clear awareness of the experimental nature of any project, thoughtful
forecasting of its possible side effects, and an effort to monitor them reasonably. [A
comprehensive perspective or relative information].
3. Unrestricted free personal involvement in all the steps of a project. [Autonomy]
4. Being accountable for the results of a project [Accountability]
5. Exhibiting their technical competence and other characteristics of professionalism.

Conscientiousness

Conscientiousness implies consciousness (sense of awareness). As holding the

responsible profession with maintaining full range moral ethics and values which are
JIT/GE6075/PEE/R2013 Page 6
relevant to the situation. In order to understand the given situation, its implications, know-
how, person who is involved or affected, Engineers should have open eyes, open ears and
open mind.
The present working environment of engineers, narrow down their moral vision fully
with the obligations accompanied with the status of the employee. More number of
engineers are only salaried employees, so, they have to work within large bureaucracies
under great pressure to work smoothly within the company. They have to give importance
only to the obligations of their employers. Gradually, the small negative duties such as not
altering data by fraud, not violating patent right and not breaking confidentiality, may be
viewed as the full extent of moral desire.
As mentioned, engineering as social experimentation brings into light not only to the
person concerned but also to the public engineers as guardians of the public interest i.e.,
 to safeguard the welfare and safety of those affected by the engineering projects. This
view helps to ensure that this safety and welfare will not be affected by the search for new
knowledge, the hurry to get profits, a small and narrow follow up of rules or a concern
over benefits for the many and ignoring the harm to the few.
The social experimentation that involved in engineering should be restricted by the
participants consent.

Relevant Information

Without relevant factual information, conscientious is not possible. For showing moral
concern there should be an obligation to obtain and assess properly all the available
information related to the fulfillment of one‟s moral obligations. This can be explained as:

1) To understand and grasp the circumstance of a person‟s work, it is necessary

to know about how that work has a moral importance. For example, A person
is trying to design a good heat exchanger. There is nothing wrong in that. But
at the same time, if he forgets the fact that the heat exchanger will be used in
the

manufacture of an illegal product, then he is said to be showing a lack of moral

concern. So a person must be aware of the wider implication of his work that
makes participation in a project.

2) Blurring the circumstance of a person‟s work derived from his specialization

and division of labour is to put the responsibilities on someone else in the
organization. For example if a company produces items which are out of
fashion or the items which promotes unnecessary energy wastage, then it is
easy to blame sales department.
The above said means, neglecting the importance of a person‟s works also makes it
difficult in acquiring a full perspective along a second feature of factual information i.e.,
consequence of what one does.
So, while giving regard to engineering as social experimentation, points out the
importance of circumstances of a work and also encourage the engineers to view his
specialized activities in a project as a part of a large social impact.
Moral Autonomy
This refers to the personal involvement in one‟s activities. People are morally
autonomous only when their moral conduct and principles of actions are their own i.e.,
genuine in one‟s commitment to moral values.

Moral beliefs and attitudes must be integrated into an individual‟s personality which
leads to a committed action. They cannot be agreed formally and adhered to merely verbally.
So, the individual principles are not passively absorbed from others. When he is morally
autonomous and also his actions are not separated from himself.

When engineering have seen as a social experimentation, it helps to keep a sense of

autonomous participation in a person‟s work. An engineer, as an experimenter, is undergoing
training which helps to form his identity as a professional. It also results in unexpected
consequence which helps to inspire a critical and questioning attitudes about the current

economic and safety standards. This also motivates a greater sense of personal involvement in

a person‟s work.
Accountability
The people those who feel their responsibility, always accept moral responsibilities for
their actions. It is known as accountable. In short, „accountable‟ means being culpable and
hold responsible for faults. In general and to be proper, it means the general tendency of being
willing to consider one‟s actions to moral examinations and be open and respond to the
assessment of others. It comprises a desire to present morally convincing reasons for one‟s
conduct when called upon in specific circumstances.
The separation of causal influence and moral accountability is more common in all
business and professions and also in engineering. These differences arising from several
features of modern engineering practices are as follows:

1. Large – scale engineering projects always involve division of work. For each and
every piece of work, every person contributes a small portion of their work towards
the completion of the project. The final output us transmitted from one‟s immediate
work place to another causing a decrease in personal accountability.
2. Due to the fragmentation of work, the accountability will spread widely within an
organization. The personal accountability will spread over on the basis of hierarchies
of authority.
3. There is always a pressure to move on to a different project before finishing the
 current one. This always leads to a sense of being accountable only for fulfilling the
schedules.
4. There is always a weaker pre-occupation with legalities. In other words this refers to a
way a moral involvement beyond the laid down institutional role. To conclude,
engineers are being always blamed for all the harmful side effects of their projects.
Engineers cannot separate themselves from personal responsibilities for their work.
ENGINEERING AS EXPERIMENTATION
Experimentation plays an important role in the process of designing the product.
When it is decided to change a new engineering concept into its first rough design,
preliminary tests or simulation should be conducted. Using formal experimental methods, the
materials and methods of designing are tried out. These tests may be based on more detailed
designs. The test for designing should be evolved till the final product produced. With the
help of feedback of several tests, further modification can be made if necessary. Beyond these
tests and experiments, each engineering project has to be viewed as an experiment.

Similarities to Standard Experiments

There are so many aspects, which are of virtual for combining every type of
engineering works to make it suitable to look at engineering projects as experiments. The
main three important aspects are:

1) Any engineering project or plan is put into practice with partial ignorance because
while designing a model there are several uncertainities occurred. The reason to the
fact that engineers don‟t have all the needed facts available well in advance before
starting the project. At some point, both the theoretical examining and the laboratory
testing must be by-passed for the sake of completing the project. Really, the success of
an engineer is based on the his talent which is exactly being the ability to succeed in
achieving jobs with only a partial knowledge of scientific laws about the nature and
society.

2) The final outcomes of engineering projects are generally uncertain like that of
experiments what we do.
In engineering, in most of the cases, the possible outcomes may not be known and
even small and mild projects itself involve greater risks.
The following uncertainities occur in the model designs

1. Model used for the design calculations

2. Exact characteristics of the material purchased.

 3. Constancies of materials used for processing and fabrication.

4. About the nature of the pressure the finished product will encounter.

For instance, a reservoir may cause damage to the surroundings and affect the eco-
system. If it leaks or breaks, the purpose will not be served. A special purpose fingerprint
reader may find its application in the identification and close observation on the disagreeing
persons with the government. A nuclear reactor may cause unexpected problems to the
surrounding population leading to a great loss to the owners. A hair dryer may give damage to
the unknowing or wrong users from asbestos insulation from its barrel.

3) Good and effective engineering depends upon the knowledge possessed about
the products at the initial and end stages.

This knowledge is very useful for increasing the effectiveness of the current products
as well as for producing better products in future. This can be achieved by keenly observing
on the engineering jobs by the way of experimentation. This monitoring is done by making
periodic observations and tests by looking at for the successful performance and the side
effects of the jobs. The tests of the product‟s efficiency, safety, cost-effectiveness,
environmental impact and its value that depends upon the utility to the society should also be
monitored. It also extends to the stage of client use.

Learning from the past

It has been expected that the engineers have to learn not only form their own design
and the production system but also the results of others. Due to lack of communication,
prejudiced in not asking for clarification, fear of law and also mere negligence, these things
can happen to the continuation of past mistakes. The following are some of the examples:

1. The tragedy of “Titanic” happened because of the sufficient number of life boats. The
same disaster took place in the steamship “the Arctic” some years before, because of
the same problem.
2. The fall down of “the Sunshine Skyline Bridge” in the bay of Thamba at Sweden in
1980, on a moving ship due to improper matching of horizontal impact forces in mind.
This could have been avoided of the engineers had known about the striking of the
ships with the Maracaibo Bridge at Venezulea in 1964 and the Tasman Bridge of
Australia in 1975.
 3. The nuclear reactor accident at Three Mile Island on March 1979, was due to
malfunctioning of the valves. Valves though minute items, are being among the least
reliable components of hydraulic systems. It was a pressure relief valve and lack of
information about its opening or closing state contributed to a nuclear reactor accident
at Three Mile Island.
4. The disaster of Tettron Dam in Los Angles was due to rapid flow of water and sudden
break down. The builder didn‟t consider the case of the Fontenelle Dam, which was
also collapsed due to the same problem.
So, to say that engineers should not fully depend on handbooks and they should
have some review of the past cases relating to their current task.

Comparisons with standard Experiments

Engineering is entirely different from standard experiments in few aspects. Those
differences are very much helpful to find out the special responsibilities of engineers and also
help them in knowing about the moral irresponsibilities which are involved in engineering.
1. Experimental Control
Members for two groups should be selected in a standard experimental control, i.e
Group A and Group B. The members of the group „A‟ should be given the special
experimental treatment. The group „B‟ do not receive the same though they are in the same
environment. This group is called the ‘control group’
Though it is not possible in engineering but for the projects which are confirmed to
laboratory experiments. Because, in engineering the experimental subjects are human beings
who are out of the control of the experimenters. In engineering, the consumers have more
control as they are the selecting authority of a project. So in engineering it is impossible to
follow a random selection. An engineer has to work only with the past data available with
various groups who use the products.
So engineering can be viewed as a natural experiment which uses human subjects. But
today, most of the engineers do not care for the above said Experimental Control.
2. Informed Consent
Engineering is closely related to the medical testing of new drugs and techniques on
human beings as it also concerned with human beings.
When new medicines have been tested, it should be informed to the persons who
undergo the test. They have moral and legal rights to know about the fact which is based on
“informed consent” before take part in the experiment. Engineering must also recognize these
rights. When a producer sells a new product to a firm which has its own engineering staff,
generally there will be an agreement regarding the risks and benefits form that testing.
JIT/GE6075/PEE/R2013 Page 4
Informed consent has two main principles such as knowledge and voluntariness.
First, the persons who are put under the experiment has to be given all the needed
information to make an appropriate decision. Second, they must enter into the experiment
without any force, fraud and deception. The experimenter has also to consider the
fundamental rights of the minorities and the compensation for the harmful effects of that
experiment.
In both medicine and engineering there may be a large gap between the experimenter
and his knowledge on the difficulties of an experiment. This gap can be filled only when it is
possible to give all the relevant information needed for drawing a responsible decision on
whether to participate in the experiment or not.
In medicine, before prescribing a medicine to the patient, a responsible physician must
search for relevant information on the side effects of the drug. The hospital management must
allow him to undergo different treatments to different patients and finally the patient must be
ready to receive that information from the physician. Similarly it is possible for an engineer to
give relevant information about a product only when there is a better co-operation by the
management and quick acceptance from the customers.

The following conditions are essential for a valid informed consent

a. The consent must be given voluntarily and not by any force.

b. The consent must be based on the relevant information needed by a rational person
and should be presented in a clear and easily understandable form.
c. The consenter must be capable of processing the information and to make rational
decisions in a quick manner.
d. The information needed by a rational person must be stated in a form to understand
without any difficulty and has to be spread widely.

e. The experimenter‟s consent has to be offered in absentia of the experimenter by a

group which represents many experiments.
Knowledge Gained
Scientific experiments have been conducted to acquire new knowledge. Whereas
engineering projects are conducted as experiments not for getting new knowledge. Suppose
the outcomes of the experiment is best, it tells us nothing new, but merely affirms that we are
right about something. Mean while, the unexpected outcomes put us search for new
knowledge.

CODES OF ETHICS

The codes of ethics have to be adopted by engineering societies as well as by

engineers. These codes exhibit the rights, duties, and obligations of the members of a
profession. Codes are the set of laws and standards.
A code of ethics provides a framework for ethical judgment for a professional. A code
cannot be said as totally comprehensive and cover all ethical situations that an engineer has to
face. It serves only as a starting point for ethical decision-making. A code expresses the
circumstances to ethical conduct shared by the members of a profession. It is also to be noted
that ethical codes do not establish the new ethical principles. They repeat only the principles
and standards that are already accepted as responsible engineering practice. A code defines
the roles and responsibilities of professionals.

Roles of codes and its functions

1. Inspiration and Guidance

Codes give a convinced motivation for ethical conduct and provide a helpful
guidance for achieving the obligations of engineers in their work. Codes contribute mostly
general guidance as they have to be brief. Specific directions may also be given to apply the
code in morally good ways. The following engineering societies have published codes of
ethics.
AAES - American Association of Engineering Societies
 ABET - Accreditation Board for Engineering and Technology (USA)
NSPE - National Society of Professional Engineer (USA)
IEEE - Institute of Electrical and Electronics Engineering (USA)
AICTE - All India Council for Technical Education (India)

Most of the technological companies have established their own codes such as
JIT/GE6075/PEE/R2013 Page 10
pentagon (USA), Microsoft etc. These codes are very much helpful to strengthen the moral
issues on the work of an engineer.
2. Support

Codes always support an engineer who follows the ethical principles. Codes
give engineers a positive, a possible good support for standing on moral issues. Codes
also serve as a legal support for engineers.
3. Deterrence and Discipline
Codes act as a deterrent because they never encourage to act immorally. They
also provide discipline among the Engineers to act morally on the basis of codes does
not overrule the rights of those being investigated.
4. Education and Mutual Understanding
Codes have to be circulated and approved officially by the professionals, the
public and government organizations which concern with the moral responsibilities of
engineers and organizations.
5. Contributing to the profession’s Public Image
Codes help to create a good image to the public of an ethically committed
profession. It helps the engineers in an effective manner to serve the public. They also
gives self-regulation for the profession itself.
6. Protecting the Status Quo
Codes determine ethical conventions which help to create an agreed upon
minimum level of ethical conduct. But they can also suppress the disagreement within
the profession.

7. Promoting Business Interests

Codes help to improve the business interests. They help to moralize the
business dealings to benefit those within the profession.
Limitations of Codes

1. Codes are restricted to general and vague wordings. Due to this limitation they cannot
be applicable to all situations directly. It is also impossible to analyze fully and predict
the full range of moral problems that arises in a complex profession.
2. Engineering codes often have internal conflicts. So they can‟t give a solution or

method for resolving the conflict.

3. They cannot be treated as the final moral authority for any professional conduct.
Codes represent a compromise between differing judgments and also developed
among heated committee disagreements.
4. Only a few practicing engineers are the members of Professional Societies and so they
can not be compelled to abide by their codes.
5. Many engineers who are the members of Professional Societies are not aware of the
existence of the codes of their societies and they never go through it.
6. Codes can be reproduced in a very rapid manner.
7. Codes are said to be coercive i.e., implemented by threat or force.

Research Ethics

Research ethics are a critical set of principles and standards that guide researchers in
conducting their work responsibly and ethically. These principles help ensure that research
is conducted with integrity, transparency, and respect for the rights and well-being of
participants, as well as for societal values. Here are some key aspects of research ethics:
Informed Consent: Researchers must obtain voluntary and informed consent from
participants before involving them in a study. This involves explaining the purpose,
procedures, risks, and benefits of the research in a clear and understandable manner.

Protection of Participants: Researchers have a duty to protect the rights, privacy, and
confidentiality of research participants. This includes minimizing risks and ensuring that
participants are not harmed physically, psychologically, or socially.
 Research Integrity: Researchers must conduct their work honestly and accurately,
avoiding fabrication, falsification, or plagiarism of data. Results should be reported
truthfully, regardless of whether they support the researcher's hypotheses or interests.

Transparency: Research findings, methodologies, and potential conflicts of interest should

be disclosed openly. This fosters trust and allows others to verify and replicate the study.

Respect for Participants: Researchers should respect the autonomy, dignity, and privacy of
individuals participating in their studies. They should also consider the cultural context
and potential impact of their research on communities.

Balancing Risks and Benefits: Researchers should carefully assess and justify the risks
and benefits of their research. They should strive to maximize the benefits while
minimizing any potential harm to participants and society.

Compliance with Regulations: Researchers must adhere to ethical guidelines and

regulations established by institutional review boards (IRBs), funding agencies, and
professional organizations.

Accountability: Researchers are accountable for their actions and decisions throughout the
research process. They should address any ethical concerns that arise and take
responsibility for the consequences of their research.

Publication and Dissemination: Researchers should ensure that their findings are
disseminated responsibly, accurately, and without bias. They should acknowledge
contributions from others appropriately and avoid conflicts of interest in publication.

A BALANCED OUTLOOK ON LAW

A balanced outlook on laws stresses the necessity of laws and regulations and their
limitations in directing engineering practice.

In order to live, work and play together in harmony as a society, there must be a
balance between individual needs and desires against collective needs and desires. Only
ethical conduct can provide such a balance. This ethical conduct can be applied only with the
help of laws. Laws are important as the people are not fully responsible and because of the
competitive nature of the free enterprise system which does not encourage moral initiative.
The model of engineering as social experimentation allows for the importance of clear
laws to be effectively enforced.
Engineers ought to play an effective role in promoting or changing enforceable rules
of engineering as well as in enforcing them. So the codes must be enforced with the help of
laws. The following are the two best examples.

1. Babylon’s Building Code: (1758 B.C.)

This code was made by Hammurabi, king of Babylon. He formed a code for
builders of his time and all the builders were forced to follow the code by law. He
ordered“If a builder has built a house for a man and has not made his work sound, and
the house which he has built was fallen down and so caused the death of the
householder, that builder shall be put to death. If it causes the death of the house
holder’s son, they shall put that builder’s son to death. If it causes the death of the
house holder’s slave, he shall give slave to the householder. If it destroys property he
shall replace anything it has destroyed; and because he has not made the house sound
which he has built and it has fallen down, he shall rebuild the house which has fallen
down from his own property. If a builder has built a house for a man and does not
make his work perfect and the wall bulges, that builder shall put that wall in to sound
condition at his own cost”.

The above portion of Babylon‟s building code was respected duly. But the
aspects find only little approval today. This code gives a powerful incentive for self-
regulation.

2. The United States Steamboat Code: [1852 A.D]

Steam engines in the past were very large and heavy. James Watt, Oliver
Evans and Richard Trevethik modified the old steam engines by removing condensers
and made them compact. Beyond careful calculations and guidelines, explosions of
boiler happened on steam boats, because of the high speed of the boats. The safety
 valves were unable to keep steam pressure up causing explosion. During that period in
th18century, more than 2500 people were killed and 2000 people were injured
because of the explosion of boilers in steam boats.

Due to this, the ruling congress in USA passed a law which provided for
inspection of the safety aspects of ships and their boilers and engines. But his law
turned out to be ineffective due to the corruptions of the inspectors and also their
inadequate training regarding the safety checking. Then Alfred Guthiro, an engineer of
Illinoise had inspected about 200 steam boats on his own cost and found out the
reasons for the boiler explosions and made a report. His recommendations were
published by a Senator Shields of Illinoise and incorporated in senate documents. With
the help of this, another law was passed. Now it is in the hands of the American
Society of Mechanical Engineers who formulated the standards for producing steam
boats.

THE CHALLENGER CASE STUDY

The world has known about many number of accidents. Among them the explosion of
the space shuttle „Challenger‟ is the very familiar one. In those days this case had been
reviewed vigorously by media coverage, government reports and transcripts of hearings. This
case deals with many ethical issues which engineers faced. It poses many questions before us.
What is the exact role of the engineer when safety issues are concern? Who should have the
ultimate authority for decision making to order for a launch? Whether the ordering of a launch
be an engineering or a managerial decision?

Challenger space shuttle was designed to be a reusable one. The shuttle mainly
consisted of an orbiter, two solid propellant boosters and a single liquid-propeller booster. All
the boosters was ignited and the orbiter was lifted out the earth. The solid rocket booster was
of reusable type. The liquid propellant booster was used to finish the lifting of the shuttle in to
the orbit. This was only a part of the shuttle which has been reused.
 The accident took place on 28 January 1986, due to the failure of one of the solid

boosters. In the design of the space shuttle, the main parts which needed careful design of the
fields joints where the individual cylinders were placed together. The assembly mainly
consists of tang and clevis joints which are sealed by two O-rings made up of synthetic rubber
only, not specifically hat resistant. The function of the O-rings are to prevent the combustion
gases of the solid propellant from escaping. The O-rings were eroded by hot gases, but this
was not a serious problem, as the solid rocket boosters were only for reuse initially for the few
minutes of the flight. If the erosion of the O-rings could be in a controlled manner, and they
would not completely burnt through, then the design of the joint would be acceptable,
however the design of the O-rings in this shuttle was not so.

In the post flight experiment in 1985, the Thiokol engineers noticed black soot and
grease on the outside of the boosters due to leak of hot gases blown through the O-rings. This
raised a doubt on the resiliency of the materials used for the O-rings. Thiokol engineers
redesigned the rings with steel billets to withstand the hot gases. But unfortunately this new
design was not ready by that time of flight in 1986.

Before launching, it was necessary to discuss the political environment under which
NASA was operating at that time. Because the budget of NASA has decided by Congress.
These factors played the main cause for unavoidable delay in the decision to be taken for the
shuttle performance, the pressures placed for urgency in launching in 1986 itself, before the
launch of RUSSIAN probe to prove to the congress that the program was on processing. The
launching date had already been postponed for the availability of vice president GEORGE
BUSH, the space NASA supporter. Later further delayed due to a problem in micro switch in
the hatch-locking mechanism. The cold weather problem and long discussions went on among
the engineers. The number of tele-conferences further delayed the previous testing in 1985
itself. The lowest temperature was 53 F but O-ring temperature during the proposed launch
period happened to be only 29 F, which was far below the environment temperature at which

NASA had the previous trail. Somehow, the major factor that made the revised final decision
was that previous trial. Somehow, the major factor that made the revised final decision was
that with the available data at that time there seemed to be no correlation between the
temperature and the degree at which O-rings had eroded by the blow-by gas in the previous
launch. Assuming a safety concern due to cold weather, though the data were not concluded
satisfactorily, a decision was taken not to delay further for so many reasons, and the launch
was finally recommended.
But unexpectedly the overnight temperature at the time of launch was 8 F colder than

ever experienced. It was estimated that the temperature of the right hand booster would be
only at 28 F. The camera noticed a puff of smoke coming out from the field joints as soon as

the boosters were ignited. But the O-rings were not positioned properly on their seats due to
extreme cold temperature. The putty used as heat resistant material was also too cold that it
failed to protect the O-rings. All these effects made the hot gases to burn past both the O-
rings, leading to a blow-by over an arc around the O-rings. Though immediately further
sealing was made by the by-products of combustion in the rocket propulsion, a glassy oxide
formed on the joints. The oxides which were temporarily sealing the field joints at high
temperature, later were shattered by the stresses caused by the wind. Again the joints were
opened and the hot gases escaped from the solid boosters. But the boosters were attached to
the large liquid fuel boosters as per the design. This made the flames due to blow-by from the
solid fuel boosters quickly to burn through the external tank. This led to the ignition of the
liquid propellant making the shuttle exploded.
Later the accident was reviewed and investigations were carried out by the number of
committees involved and by various government bodies. President Regan appointed a
commission called Rogers Commission which constituted many distinguished scientists and
engineers. The eminent scientists in the commission after thorough examination and
investigations gave a report on the flexibility of the material and proved that the resiliency of
the material was not sufficient and drastically reduced during the cold launch.

SAFETY AND RISK

Risk is a key element in any engineering design.
Concept of Safety:

A thing is safe if its risks are judged to be acceptable. Safety are tactily
value judgments about what is acceptable risk to a given person or group.

Types of Risks:
Voluntary and Involuntary Risks
Short term and Long Term
Consequences Expected
Portability
Reversible
Effects
Threshold
levels for Risk
Delayed and
Immediate Risk

Risk is one of the most elaborate and extensive studies. The site is visited
and exhaustive discussions with site personnel are undertaken. The study usually
covers risk identification, risk analysis, risk assessment, risk rating, suggestions
on risk control and risk mitigation.
Interestingly, risk analysis can be expanded to full fledge risk management study. The risk
management study also includes residual risk transfer, risk financing etc.
Stepwise, Risk Analysis will include:
• Hazards identification

• Failure modes and frequencies evaluation from established sources and best practices.

• Selection of credible scenarios and risks.

• Fault and event trees for various scenarios.

• Consequences - effect calculations with work out from models.

• Individual and societal risks.

 • ISO risk contours superimposed on layouts for various scenarios.

• Probability and frequency analysis.

• Established risk criteria of countries, bodies, standards.

• Comparison of risk against defined risk criteria.

• Identification of risk beyond the location boundary, if any.

• Risk mitigation measures.

The steps followed are need based and all or some of these may be
required from the above depending upon the nature of site/plant.
Risk Analysis is undertaken after detailed site study and will reflect
Chilworth exposure to various situations. It may also include study on
frequency analysis, consequences analysis, risk acceptability analysis etc., if
required. Probability and frequency analysis covers failure modes and
frequencies from established sources and best practices for various scenarios
and probability estimation.

Consequences analysis deals with selection of credible scenarios and

consequences effect calculation including worked out scenarios and using
software package.

RISK BENEFIT ANALYSIS AND REDUCING RISK

Risk-benefit analysis is the comparison of the risk of a situation to its related benefits.
For research that involves more than minimal risk of harm to the
subjects, the investigator must assure that the amount of benefit clearly
outweighs the amount of risk. Only if there is favorable risk benefit ratio,
a study may be considered ethical.
Risk Benefit Analysis Example

Exposure to personal risk is recognized as a normal aspect of everyday

life. We accept a certain level of risk in our lives as necessary to achieve certain
 benefits. In most of these risks we feel as though we have some sort of control
over the situation. For example, driving an automobile is a risk most people take
daily. "The controlling factor appears to be their perception of their individual
ability to manage the risk-creating situation." Analyzing the risk of a situation is,
however, very dependent on the individual doing the analysis. When individuals
are exposed to involuntary risk, risk which they have no control, they make risk
aversion their primary goal. Under these circumstances individuals require the
probabilty of risk to be as much as one thousand times smaller then for the same
situation under their perceived control.

Evaluations of future risk:

• Real future risk as disclosed by the fully matured future

circumstances when they develop.

• Statistical risk, as determined by currently available data, as measured

actuarially for insurance premiums.

• Projected risk, as analytically based on system models structured

from historical studies.
• Perceived risk, as intuitively seen by individuals.

Air transportation as an example:

 Flight insurance company - statistical risk.

• Passenger - percieved risk.

• Federal Aviation Administration(FAA) - projected risks.

How to Reduce Risk?

1. Define the problem

2. Generate Several Solutions
 3. Analyse each solution to determine the pros and cons of each

4. Test the solutions

5. Select the test solution

6. Implement the chosen solution

7. Analyze the risk in the chosen solution

8. Try to solve it. Or move to next solution.

Risk-Benefit Analysis and Risk Management

Informative risk-benefit analysis and effective risk management are essential to the
ultimate commercial success of your product. We are a leader in developing
statistically rigorous, scientifically valid risk-benefit assessment studies that can be
used to demonstrate the level of risk patients and other decision makers are willing to
accept to achieve the benefits provided by your product.

Risk-Benefit Systematically quantify the relative importance of risks and

Modeling benefits to demonstrate the net benefits of treatment

Risk-Benefit Quantify patients‘ maximum acceptable risk for specific

Tradeoffs
therapeutic benefits

to the surface in an emergency. However, in the rush to get the submarine into

service, this safety system was never tested. After the accident, some of the survivors

attempted to rescue themselves by using this system, but it did not function properly.

It is essential that in any engineering design, all safety systems be tested to ensure

that they work as intended.

Designing for Safety

Wilcox [1990] summarized how safety should be incorporated into the engineering

design process as follows:

 Define the problem. This step includes determining the needs and requirements and

often involves determining the constraints.

 Generate several solutions. Multiple alternative designs are created.

 Analyze each solution to determine the pros and cons of each. This step
involves

determining the consequences of each design solution and determining whether it

solves the problem.

 Test the solutions.

 Select the best solution.

 Implement the chosen solution.

 In step 1, it is appropriate to include issues of safety in the product definition

and specification.

 In steps 2 through 5, engineers typically consider issues of how well the solution

meets the specifications, how easy it will be to build, and how costly it will be.

Safety and risk should also be criteria considered during each of these steps.

 Safety is especially important in step 5, where the engineer attempts to assess all

of the trade-offs required to obtain a successful final design. In assessing these

trade-offs, it is important to remember that safety considerations should be

paramount and should have relatively higher weight than other issues.

 Minimizing risk is often easier said than done. For example, the design engineer

often must deal in uncertainties. Many of the risks can only be expressed as

probabilities and especially in a new and innovative design for which the

interaction of risks will be unknown.

 Risk is also increased by the rapid pace at which engineering designs must be

carried out. The practical approach to minimizing risk in a design is a “go slow”

approach, in which care is taken to ensure that all possibilities have been

adequately explored and that testing has been sufficiently thorough.

As the result of commission hearings, a lot of controversial arguments went on among

the Thiokol engineers. Thiokol and NASA investigated possible causes of the explosion.
Mr.Boisjoly, the main member in the investigation team, accused Thiokol and NASA of
intentionally downplaying the problems with the O-rings while looking for the other causes of
the accidents. The hot discussions hurted the feelings and status of the headed engineers like
Mr.Boisjoly, Mr.Curtis and Mr.Mellicam. Finally the management‟s atmosphere also became
intolerable. This event shows the responsibility, functions, morality, duties of the engineers
leading to ethical problems.

The Government’s Regulator Approach to Risk

The risk management has to be viewed in a wider angle at times when sudden disasters
occur due to lack of proper care and assessment. The government which has the responsibility
to take care of all the public needs to take some risk. The government’s approach towards the
public lies in saving as many lives as possible.

The two major approaches of the government are −

 • Lay person − Wants to protect himself or herself from risk.

• The government regulator − Wants as much assurance as possible that the public
is not being exposed to unexpected harm.

For example, at the times of flood or some fire accident, the government of any place
should aim at protecting as many lives as possible rather than looking for a benefit or protecting
some property. It will count as a successful attempt towards facing risk if the authority is able to
protect its people even after the destruction of property.

CHERNOBYL CASE STUDIES

What Happened?

At 1:24 AM on April 26, 1986, there was an explosion at the Soviet nuclear power
plant at Chernobyl. One of the reactors overheated, igniting a pocket of hydrogen
gas. The explosion blew the top off the containment building, and exposed the molten
reactor to the air. Thirty-one power plant workers were killed in the initial explosion,
and radioactive dust and debris spewed into the air.
It took several days to put out the fire. Helicopters dropped sand and chemicals on
the reactor rubble, finally extinguishing the blaze. Then the Soviets hastily buried the
reactor in a sarcophagus of concrete. Estimates of deaths among the clean-up
workers vary widely. Four thousand clean-up workers may have died in the
following weeks from the radiation.
The countries now known as Belarus and Ukraine were hit the hardest by the
radioactive fallout. Winds quickly blew the toxic cloud from Eastern Europe into
Sweden and Norway. Within a week, radioactive levels had jumped over all of
Europe, Asia, and Canada. It is estimated that seventy-thousand Ukrainians have
been disabled, and five million people were exposed to radiation. Estimates of total
deaths due to radioactive contamination range from 15,000 to 45,000 or more.

To give you an idea of the amount of radioactive material that escaped, the atomic
bomb dropped on Hiroshima had a radioactive mass of four and a half tons. The
exposed radioactive mass at Chernobyl was fifty tons.
In the months and years following, birth defects were common for animals and
 humans. Even the leaves on the trees became deformed.
Today, in Belarus and Ukraine, thyroid cancer and leukemia are still higher than
normal.
The towns of Pripyat and Chernobyl in the Ukraine are ghost towns. They will be
uninhabitable due to radioactive contamination for several hundred years. The worst
of the contaminated area is called―The Zone,‖ and it is fenced off. Plants, meat,
milk, and water in the area are still unsafe. Despite the contamination, millions of
people live in and near The Zone, too poor to move to safer surroundings.Further,
human genetic mutations created by the radiation exposure have been found in
children who have only recently been born. This suggests that there may be another
whole generation of Chernobyl victims.Recent reports say that there are some
indications that the concrete sarcophagus at Chernobyl is breaking down.

How a Nuclear Power Plant Works

The reactor at Chernobyl was composed of almost 200 tons of uranium. This giant
block of uranium generated heat and radiation. Water ran through the hot reactor,
turning to steam. The steam ran the turbines, thereby generating electricity. The
hotter the reactor, the more electricitywould be generated. Left to itself, the reactor
would become too reactive—it would become hotter and hotter and more and more
radioactive. If the reactor had nothing to cool it down, it would quickly meltdown—a
process where the reactor gets so hot that it melts—melting through the floor. So,
engineers needed a way to control the temperature of the reactor, to keep it from the
catastrophic meltdown. Further, the engineers needed to be able to regulate the
temperature of the reactor—so that it ran hotter when more electricity was needed,
and could run colder when less electricity was desired.
The method they used to regulate the temperature of the reactor was to insert
heat-absorbing rods, called control rods. These control rods absorb heat and
radiation. The rods hang above the reactor, and can be lowered into the reactor,
which will cool the reactor. When more electricity is needed, the rods can be
removed from the reactor, which will allow the reactor to heat up. The reactor
has hollow tubes, and the control rods are lowered into these reactor tubes, or
raised up out of the reactor tubes. At the Chernobyl-type reactors, there are 211
control rods. The more control rods that are inserted, the colder the reactor runs.
The more control rods that are removed, the hotter the reactor becomes.

How a Nuclear Power Plant Works

Soviet safety procedures demanded that at least 28 rods were inserted into the
Chernobyl reactor at all times. This was a way to make sure that the reactor
wouldn‘t overheat.
Water was another method to moderate the temperature of the reactor. When
more water ran through the reactor, the reactor cooled faster. When less water ran
through the reactor, the reactor stayed hot.

Chernobyl Background

The list of senior engineers at Chernobyl was as follows: Viktor Bryukhanov, the
plant director, was a pure physicist, with no nuclear experience.
Anatoly Dyatlov, the deputy chief engineer, served as the day-to-day supervisor.
He had worked with reactor cores but had never before worked in a nuclear
power plant. When he accepted the job as deputy chief engineer, he exclaimed,
―you don‘t have to be a genius to figure out a nuclear reactor.‖
The engineers were Aleksandr Akimov, serving his first position in this role;
Nikolai Fomin, an electrical engineer with little nuclear experience; Gennady
Metlenko, an electrical engineer; and Leonid Toptunov, a 26 year-old reactor
control engineer. The engineers were heavy in their experience of electric
technology, but had less experience with the uniqueness of neutron physics.

The confidence of these engineers was exaggerated. They believed they had
decades of problem-free nuclear work, so they believed that nuclear power was
very safe. The engineers believed that they could figure out any problem. In
reality, there had been many problems in the Soviet nuclear power industry. The
Soviet state tried to keep problems a secret because problems are bad PR.

Armyanskaya; In 1985, fourteen people were killed when a relief valve burst in Balakovo.
Had the engineers at Chernobyl had the information of the previous nuclear
accidents, perhaps they would have known to be more careful. It is often from
mistakes that we learn, and the engineers at Chernobyl had no opportunity to
learn.

As a footnote, don‘t think that the problems were just those mistake-laden
Soviets. Here is a partial list of American accidents before Chernobyl: In 1951,
the Detroit reactor overheated, and air was contaminated with radioactive gasses;
In 1959, there was a partial meltdown in Santa Susanna, California; In 1961,
three people were killed in an explosion at the nuclear power plant at Idaho Falls,
Idaho; In 1966, there was a partial meltdown at a reactor near Detroit; In 1971,
53,000 gallons of radioactive water were released into the Mississippi River from
the Monticello plant in Minnesota; In 1979, there was population evacuation and
a discharge of radioactive gas and water in a partial meltdown at Three Mile
Island; in 1979 there was a discharge of radiation in Irving Tennessee; In 1982,
there was a release of radioactive gas into the environment in Rochester, New
York; In 1982, there was a leak of radioactive gasses into the atmosphere at
Ontario, New York; In 1985, there was a leak of radioactive water near New
York City; In 1986, one person was killed in an explosion of a tank of radioactive
gas in Webbers Falls, Oklahoma.

The engineers at Chernobyl didn‘t know about these nuclear accidents. These
were secrets that the Soviets kept from the nuclear engineers. Consequently, no
one was able to learn from the mistakes of the past. The nuclear plant staff
believed that their experience with nuclear power was pretty much error-free, so
they developed overconfidence about their working style.

So, according to Gregori Medvedev (the Soviet investigator of Chernobyl), their

practice became lazy and their safety practices slipshod. Further, the heavy
bureaucracy and hierarchy of the Soviet system created an atmosphere where
every decision had to be approved at a variety of higher levels. Consequently, the
hierarchical system had quelled the operators' creativity and motivation for
problem-solving.

The dropping of the temperature is not only the result of lowering the reactivity,
but it is also a cause of lowering the reactivity. In other words, the coldness of
the reactor will make the reactor colder. This is called the self-damping effect.
Conversely, when the reactor heats up, the heat of the reactor will make itself
hotter (the self-amplifying effect).

So, when the control rods are dropped into the reactor, the reactivity goes down.
And the water running through the reactor also lessens reactivity. But the lower
reactivity also makes the reactor itself less reactive. So, the Chernobyl reactor
damped itself, even as the water and the control rods damped its reactivity.

It is typically hard for people to think in terms of exponential reduction or

exponential increase. We naturally think of a linear (straight-line) reduction or a
linear increase. We have trouble with self-damping and self-amplifying effects,
because they are nonlinear by definition.

So, the engineers oversteered the process, and hit the 50% mark, but they were
unable to keep it there. By 12:30 AM, the power generation had dropped to 1%
of capacity.

Chernobyl-type reactors are not meant to drop that low in their capacity. There
are two problems with the nuclear reactor running at 1% of capacity. When
reactivity drops that low, the reactor runs unevenly and unstably, like a bad diesel
engine. Small pockets of reactivity can begin that can spread hot reactivity
through the reactor. Secondly, the low running of the reactor creates unwanted
gasses and byproducts (xenon and iodine) that poison the reactor. Because of this,
they were strictly forbidden to run the reactor below 20% of capacity.

In the Chernobyl control room, Dyatlov (the chief engineer in charge of the
experiment), upon hearing the reactor was at 1%, flew into a rage. With the
reactor capacity was so low, he would not be able to conduct his safety
experiment. With the reactor at 1% capacity, Dyatlov had two options:

1. One option was to let the reactor go cold, which would have ended the
experiment, and then they would have to wait for two days for the
poisonous byproducts to dissipate before starting the reactor again. With
this option, Dyatlov would no doubt have been reprimanded, and possibly
lost his job.

2. The other option was to immediately increase the power. Safety rules
prohibited increasing the power if the reactor had fallen from 80%
 capacity. In this case, the power had fallen from 50% capacity—so they
were not technically governed by the safety protocols.

Dyatlov ordered the engineers to raise power.

Today, we know the horrible outcome of this Chernobyl chronology. It is easy

for us to sit back in our armchairs, with the added benefit of hindsight, and say
Dyatlov made the wrong choice. Of course, he could have followed the spirit of
the protocols and shut the reactor down. However, Dyatlov did not have the
benefit of hindsight. He was faced with the choice of the surety of reprimand and
the harming of his career vs. the possibility of safety problems. And, we know
from engineers and technical operators everywhere, safety protocols are
routinely breached when faced with this kind of choice. Experts tend to believe
that they are experts, and that the safety rules are for amateurs.

Further, safety rules are not designed so that people are killed instantly when
the safety standard is broken. On a 55-mile per hour limit on a highway, cars
do not suddenly burst into flames at 56 miles per hour. In fact, there is an
advantage to going 56 miles an hour as opposed to 55 (you get to your
destination faster). In the same way, engineers frequently view safety rules
as troublesome, and there is an advantage to have the freedom to disregard
them.

In fact, we experience this psychologic every day, usually without thinking

about it. When you come toward an intersection, and the light turns yellow,
you reach a point where you either have to go through on a yellow light, or
come to a stop. Many people go through on the yellow, even though there is
a greater risk. So, in a split second, we decide between the surety of sitting
at a red light or the possibility, albeit slight, of a safety problem to go through
the yellow light. There is a clear advantage to take the risk (as long as you
aren't in an accident). While the stakes were higher at Chernobyl, the same
psychologic applies.
 At this point in the Chernobyl process, there were 28 control rods in the
reactor—the minimum required. Increasing power would mean that even
more control rods would have to be removed from the reactor. This would be

a breach of protocol--the minimum number of rods was 28. Dyatlov gave the
order to remove more control rods.
Toptunov, the reactor control engineer, refused to remove any more rods. He
believed it would be unsafe to increase the power. With the reactor operating
at 1%, and the minimum number of control rods in the reactor, he believed it
would be unsafe to remove more rods. He was abiding by a strict
interpretation of the safety protocols of 28 rods.

But Dyatlov continued to rage, swearing at the engineers and demanding they increase
power. Dyatlov threatened to fire Toptunov immediately if he didn‘t increase the power.

The 26-year-old Toptunov was faced with a choice. He believed he had two options:

1. He could refuse to increase power—but then Dyatlov would fire

him immediately, and his career would be over.
2. His other choice was to increase power, recognizing that something bad might
happen.

Bhopal’s Gas Tragedy

Bhopal’s Gas tragedy is the world’s worst industrial disaster that occurred in 1984, due to the gas
leakage from a pesticide production plant, The Union Carbide India Limited (UCIL) located
in Bhopal, Madhya Pradesh.

It was believed that slack management and deferred maintenance together created a situation
where routine pipe maintenance caused a backflow of water into the MIC tank, triggering the
disaster.

What Led to The Disaster?

In the early hours of December 3rd, 1984, a rolling wind carried a poisonous gray cloud from the
Union Carbide Plant in Bhopal, Madhya Pradesh of India. The poisonous gas released was
40tons of Methyl Iso Cyanate (MIC). This particular gas is very toxic that leaked and spread
throughout the city.

The following image shows how the plant got destroyed after the accident.

The residents of the city, woke up to the clouds of suffocating gas and struggled to breath. They
started running desperately through the dark streets. The victims arrived at hospitals, breathless
and blind.

The people who survived had their lungs, brain, eyes, muscles affected severely. Their gastro
intestinal system, neurological, reproductive and immune systems were also dangerously
affected. By the morning, when the sun rose clearly, the roads were all filled with dead bodies of
humans and animals, the trees turned black and the air filled with foul smell.

Cause of The Accident

The Union Carbide Corporation (UCC) team and also the CBI (Central Bureau of Investigation)
team conducted separate investigations on the cause of the incident and came to the same
conclusion. It was understood that a large volume of water had been released into the MIC
tank and this further caused a chemical reaction that forced the pressure release valve to
open and allowed the gas to leak.

UCC’s investigation proved with virtual certainty that the disaster was caused by the direct entry
of water into Tank 610 through a hose connected to the tank.

The documentary evidence gathered after the incident reveals that the valve near the plant’s
water-washing section was fully closed and leak-proof. Based on several investigations, the
safety system in place could not have prevented a chemical reaction of this magnitude from
causing a leak.

The safety systems are designed in such a way that water cannot enter unless it is deliberately
switched and the water flow is allowed forcefully. The causes and the persons responsible for
this deliberate operation are not known.
The Fatal Effects

As per government’s announcement, a total of 3,787 deaths occurred immediately.

Around 8,000 of the survivors died within two weeks and other 8,000 or more died from acute
diseases caused due to the gas later.

A government affidavit in 2006 stated that the gas leak incident caused 5,58,125 injuries,
including 38,478 temporary partial injuries and approximately 3,900 severely and permanently
disabling injuries. None can say if future generations will not be affected.

Initial effects of exposure were −

 Coughing
 Severe eye irritation
 Feeling of suffocation
 Burning sensation in the respiratory tract
 Blepharospasm
 Breathlessness
 Stomach pains
 Vomiting

The staff at the nearby hospitals lacked the knowhow required to treat the casualties in such
situations. To add to this, there is no antidote known for MIC. Hence, even after running to the
hospitals, the survivors could not be cured and most of them had to face death eventually.

Primary causes of deaths were −

 Choking
 Reflexogenic Circulatory Collapse
 Pulmonary Edema
 Cerebral Edema
 Tubular Necrosis
 Fatty Degeneration of the Liver
 Necrotizing Enteritis

As an after effect of this disaster, the rate of stillbirths increased by 300% and the neonatal
mortality rate by around 200%. This came to be known as the world’s worst disaster in the
industrial sector.