Risk Assessment

Dr. Salah E Selim

 Risk
• Risk is a possibility of danger or harm.

• Risk is the chance or probability that a person will be

harmed or experience an adverse health effect if exposed
to a hazard. It may also apply to situations with property
or equipment loss.
 Frequency and consequence estimation

• . Risk is a measure of both the likelihood and the consequences of a

hazards of an activity or condition. It is the chance of injury, damage, o
loss.

• A Simple Risk Assessment is shown in the next equation:

R = (P) x (S)

• Where: R = Risk,

P = Probability of occurrence / Likelihood, and

S = Severity of effect
 Hazards Consequences
An accidental event may lead to wide range of consequences,
ranging from negligible to catastrophic.

A fire may, for example, be extinguished very fast and give

minor consequences, or lead to a disaster.

In some applications the severity of an average consequence

of an accidental event is assessed.

In other applications we consider several possible

consequences, including the worst expected consequence of
the accidental event.
Severity classes
the severity of an event may be classified into rather
broad classes. an example of such a classification is:

Rank Severity class Description

4 Catastrophic Failure results in major injury or death of employee

3 Critical Failure results in minor injury to employee, employee

exposure to harmful chemicals or radiation, or fire or
a release of chemical to the environment.
2 Major Failure results in a low level of exposure to
personnel, or activates facility alarm system.
1 Minor Failure results in minor system damage but does not
cause injury to personnel, allow any kind of exposure
to operational or service personnel or allow any
release of chemicals into the environment.
 Frequency Estimation
When estimating the frequency of an event, we have to bear
in mind which consequences we consider.
In some applications we estimate the frequency of each
accidental event. To be used in risk ranking, this frequency
has to be related to the severity of an average consequence of
each particular accidental event. In other applications we
consider specific (e.g., worst case) consequences of an
accidental event.
We must then estimate the frequency that the accidental event
produces a specific consequence. This may involve a
combined assessment, for example, the frequency of the
accidental event, the probability that personnel are present,
the probability that the personnel are not able to escape, and
so on.
 Frequency Estimation
This means that for each accidental event, we may want
to present several consequences with associated
frequencies.
Consider an accidental event where an operator falls from
a work platform of low height. In most cases the
consequence of such a fall will be a minor injury (low
severity and rather high frequency). In a very seldom
case, the fall may result in a fatality (high severity and
very low frequency). Both consequences should be
recorded.
In some applications we may want to present both the
frequency of the accidental event and frequencies of
various consequences.
 Frequency Classes
The frequency of events may be classified into rather
broad classes. An example of such a classification is:

1 Very unlikely Once per 1000 years or more seldom

2 Remote Once per 100 years
3 Occasional Once per 10 years
4 Probable Once per year
5 Frequent Once per month or more often
 Accidents do happen!

When an accident or process deviation (i.e. an “event”)

occurs in a plant, various safety systems (both mechanical
and human) come into play to prevent the accident from
propagating.

These safety systems either fail or succeed.

 Event Trees

Event trees are used to follow the potential course of

events as the event moves through the various safety
systems.
The probability of success or failure of each safety
intervention is used to determine the overall
probability of each final outcome.
 Event Trees

An Event Tree is used to determine the frequency of

occurrence of process shutdowns or runaway systems.

Inductive approach
◦ Specify/Identify an initiating event and work forward.
◦ Identifies how a failure can occur and the probability of occurrence
Steps to Construct an Event Tree
Identify an initiating event of interest.
Identify the safety functions designed to deal with
the initiation followed by the impact of the safety
system
Construct the event tree
Describe the resulting accident event sequences.
 Identify an initiating event
May have been identified as a potential event that
could result in adverse consequences.

Usually involves a major piece of operating

equipment or processing step.
Identify safety functions
From process flow sheet, or procedures find what safety
systems are in place and what their functions are.
These can include things such as automatic controllers,
alarms, sensors, operator intervention, etc.
On you Event Tree write across the top of the page in
the sequence of the safety interventions that logically
occur.
Give each safety intervention an alphabetic letter
notation.
 Construct the Event Tree
 Horizontal lines are drawn between functions that apply
 Vertical lines are drawn at each safety function that applies
◦ Success – upward
◦ Failure – downward
 Indicate result of event
◦ Circle – acceptable result
◦ Cross-circle – unacceptable result
 Construct Event Tree (cont.)
Compute frequency of failures

B is the failure per demand or the unavailability of safety

function B
 Occurrence Frequency
Follow process through with each step to calculate the
frequency of each consequence occurring.
Typically three final results
◦ Continuous operation
◦ Shutdown (safely)
◦ Runaway or fail
Mean time between Shutdown
Mean Time Between Shutdown, MTBS is calculated from:
◦ MTBS=1/occurrences of shutdowns

Mean Time Between Runaway, MTBR is calculated from:

◦ MTBR=1/ occurrences of runaways
Example – Loss of coolant to reactor

Four safety interventions

◦ High temperature alarm
◦ Operator noticing the high
temperature during normal
inspection
◦ Operator re-establishes the
coolant flow
◦ Operator performs emergency
shutdown of reactor
 Example – Loss of coolant

Assume loss of coolant occurs once per year (occurrence

frequency 1/yr)
Alarm fails 1% of time placed in demand (failure rate of 0.01
failures/demand)
Operator will notice high reactor temperature 3 out of 4 times
(0.25 failures/demand)
Operator will successfully restart coolant flow 3 out of 4
times (0.25 failures/demand)
Operator successfully shuts down reactor 9 out of 10 times
(0.10 failures/demand)
Resulting Event Tree Analysis
Example – Possible outcomes
The lettering is used to identify each final outcome.
For instance, ABDE
◦ Indicates that after Initiating event A occurs, that safety system B
failed (high T alarm), that safety system D failed (the operator was
unable to re-start the coolant) and safety system E failed (the
operator was unable to successful shut down the reactor).
Example – Determination of MTBS
For Mean Time Between Shutdowns take the reciprocal of
the sum of all sequences that resulted in a shutdown.
(Example gives 1/.225 = 4.4yrs)

For Mean Time Between Runaway do the same thing with all
sequences that resulted in a runaway. (Example gives
1/0.0250 = 40yrs)
 Example (students’ activity)

Construct an Event Tree and determine the MTBS and

MTBR for a loss of coolant for the reactor shown in Figure.
◦ Assume loss of coolant occurs once every three years.
◦ Alarm fails 0.1% of time placed in demand
◦ Operator will notice high reactor temperature 3 out of 4 times
◦ Operator will successfully restart coolant flow 4 out of 5 times
◦ Operator successfully shuts down reactor 9 out of 10 times
Example (students’ activity)
Construct an event tree for assessing the consequences of loss of coolant
to a nuclear reactor and calculate MTBS and MTBR

 Assume loss of cooling water to oxidation reactor occurs once every

ten years.

 Oxidation reactor high temperature alarm alerts operator as

temperature increases 4 out of five times

 Operator reestablish cooling water flow 3 out of five times

 Automatic shutdown system stops the reactor 9 times of ten

Cooling system
 Assignment (5)
Construct an Event Tree and determine the MTBS and MTBR
for a loss of coolant for the reactor shown in Figure.
◦ Assume loss of coolant occurs once every five years.
◦ Alarm fails 0.2 % of time placed in demand
◦ Operator will notice high reactor temperature 3 out of 5 times
◦ Operator will successfully restart coolant flow 4 out of 5 times
◦ Operator successfully shuts down reactor 9 out of 10 times

P.S: It’s a hand writing assignment.