Safety- and risk analysis of complex designs.

(see also Egil Borse-Svensen red. "Sikkerhet og Miljø i 30 år", Bics 2009 (in norwegian).

---------------------------------------------------------------------------------------

 By Egil Borse-Svensen, Researchfoundation Bics, Porsgrunn. Norway (bics.no)

 Technology are becoming more complex. The meaning of design is changing. Safety and risk evaluation consists in this research of two separate, but consistent evaluations: one related to the design, and one related to regulations. Together they form a complete risk evaluation of the design in question. Problems occur due to the state regulations being basic, but the engineering practices being the most important, design requirements. In additions are  requirements from the customer, either in terms of minimum values, maximum values or based on evaluation and definition of cost/effective designs.

Today we have in addition new security requirements, danger of environmental changes and corporate social responsibility as elements that requires new research into new methods.

Time is therefore mature to change somewhat the content of risk and thus update methods for risk analyses. One such change is to include vulnerability as a separate element to probability and consequence in concept of risk. A method called Risk Analyses in Design(RAID) is discussed, and en method called Function and Operability Study(FOS) is outlined.

 Traditional concept of risk

 The traditional concept of risk is ”risk equal probability of occurrence and consequence”.  Now consider the Italian concept of risk;

 Risk equal vulnerability, probability and consequence

 Vulnerability is in the research here described related to the design that correspond to risk in the rules and regulations. In regulations, or included other requirements, are from historic data probabilities and consequences described in various forms according to databanks and data-systems used. These often give data for simpler designs and from earlier designs. Some of these data give a fatalistic view, accident happens independent of what design you have. Vulnerability, as a measure for the designs ability to withstand problems or accidents, are excluded. In this paper it is proposed to include this element of engineering capability.

 Rules and regulations are set according to the knowledge we have of the type og design in question. These can be detailed for some parts that is well known, but non-existent for other parts that is new and unknown. In many ways rules and regulations is similar to mathematics, a safety language build upon some basic elements or axioms, but tautological, or free from the actual design. Rules and regulations are made for all designs, for all components and systems set together, independent of the choices you make. A car can be produced in many shapes and forms, but the car his produced to correspond to rules and regulations. The car producer are free to chose requirements, according to what he imagine the public will have. Some want a cheep car, others a safe car and others again a luxury car.

 Behind every regulation is an evaluation of safety, home safety is one problem, hotel safety is another. Regulations have implicit other risk levels for home design, construction and appliances than for hotel equipment and design/construction.

 This is here called the ”Italian concept” since they have a more positive approach to risk than the traditional Norwegian, who consider the apparent ”risk free” and not ”risk taking” as the approach to design. And as we know, nothing is ”risk free” and development and responsibility are to be found in ”risk taking”.  The author has been working on this concept since attending a seminar in Como, Italy over 25 years ago and experienced the Italian look at risk, as something you could gain from. Lately the concept can be found in Wikipedia as definition of risk in Italian.

 Early risk analyses in Norwegian oil and gas, petrochemical and offshore, design.

 Borse et all (1) defines one of the first risk analyses in Norway, that lead to the redesign of Statfjord B, from the concept of the platform Statfjord A and laid the basics for nearly all the designs thereafter, the totally integrated platform was considered as separate, main parts with separate risk levels, according to design basis defined and a 10 (to -4) criteria, and split in basic design elements as living-quarter, production, drilling, storage and contingency(evacuation). This concept came partly from the Norwegian Petroleum Directorate to the operator Mobile, who went to Veritas in hope for a design evaluation of its old concept and the new requirements. A new design was defined based on a series of new principles that lead to the use of risk analysis as a popular tool.

 The question is what next? There are two new elements in design, one related to security and one related to changes in environmental conditions. This requires new ways of considering the actual design and its vulnerability. One such approach is to be found in Hogstad and Steiro(2) from the authority point of view. However, this is not feasible for choice of design without new methodologies.

 The ”design base accident” concept are not unknown in design of nuclear power-plants but are often confidential. The ”Accident analysis”- concept (1) is thus more an analytical approach to the design in early design phases used with different names frequently in design of petrochemical plants, evaluation of platform design and subsea-installations.

 Risk analysis in design(RAID).

 The design establish one set of vulnerability, rules and regulations the other. If we consider the complete project one method of representing the risk level is related to:

 P= P(XF) where P(X) =Pf(X1,,,,Xn) and P(F) = Pf(F1......Fn)

 or risk is related to design and regulative and/or best practice, procedures. This can be split as shown i figure 1 from the overall level and down to simpler stages. Here we let the ”R” of risk be represented with ”P” probability, to avoid the discussion of levels of risk to set of consequence groups. ”X” define the design, which at this point is unknown, and ”F” relates to functional design requirements. To what extent ”F” relates to the companies requirements as they evaluate the customer, or the official state regulations, is a choice of the analyst and the job-specification. For a specific design or a governmental requirements, this is not, and can not be, identical. Today, most of the design requirements in safety alone, is related to industrial standards and ”best practices”, and not to regulations (broadly speaking).

 Fig 1: Risk Analyses in Design, here represented with a Value-analyses primer to FOS and then in this final diagram for end analysis. In a value analysis we can choose in this mode the content of f(K.X) as safety, environmental values, CSR or only use one of them.

Design elements

 What is design? Design consist of a series of decisions, choices and a series of investigations into possible concepts and solutions to a defined problem in a series of more and more detailed and producible product. VDI in Germany used to define the product development in three stages:

      -          concept

-          design

-          production

 However in to days more complex designs, concept evaluation is an integrated part of the design and design is defined in several overall stages, and detailed stages. Production is not only production, but a lifespan design with the destruction process included in design.  

 At the same time, all of these stages can be divided in three lifelong nerve-treads:

-          market requirements and state regulations

-          traditional design process and redesign

-          production, maintenance and destruction requirements

 This is as far as Andreassen at NTNU in Trondheim and prof. K. Jacobsen  used to preach after 1982 (3).

 Imagine we add two nerve-treads,

- one related to administration, organization and logistics

- and one related to decision variables.

 And it is this last nerve-tread, decision variables, we find risk as one decisive factor. This is the 90-s approach(4)

 The problem is however the use of the variable concerned with risk. This is our challenge today.

 Fig 2. Load Response Approach(LRA) included in RAID, explains how, in early design phases, you can analyze expected load(As Design Basis Accidents(DBAs), or expected terrorist attempts) and use this information to set requirements or define design criteria.

 Quality Assurance

 One basic problem is statistics related to the industrial revolution:

 - 30- ties- from now on we sent products to the marked, got returns and redesigned the product later years. The firm introduced the experience in next year production. Once the product was off the conveyor-belt and sold, the firms had more responsibility, but paid repairs.

- 60- ties- now quality control stops the process when products fails, and off limit parts are taken out of the production line and discarded. For major errors, the production line stops and the work in the last phase is redone with the corrected dimensions set. The QA-loop is born.

- 90- ties- logistics require that designs are corrected in next product phase limiting the failure to repair and adjustments with limited loss. The process always goes forward, with corrections in next phase in the line production. Nor more QA-loop backwards, always forward without pause.  

- 2020- ties-  design and production, lifespan and destruction is one integrated process, with complexity that separate mans involvements and leave the company in charge of the product at all times.

Ethics separate mans own procedural responsibilities and risks.   

 This requires separate methodology for risk analysis in the 30-ties, 60-ties and 90-ties and now a completely new conceptual thinking in the years to come.

 Function and operability analyses.

 For the analysis we need a method of qualitative analysis that can develop as design develops and become some form of quantitative analysis.

 There are therefore three requirements:

 -          it must be developed in more details as the design develop(always forward)

-          it must have opening for a series of different values according to the demand

-          it must be both quantitative and qualitative with defined decision variables(numbers).

 Fig. 3 shows an example from a 50 million NOK development project employing this methodology with good results.

Fig 3. Function and Operability Study(FOS) Example 1.

- first define part with requirement and solution suggested,                                                                                                                              

-          then define functions and transfer                                                   

-          define function and problem,                                                         

-          suggest consequence and probabilities 

-          define actions for improvements .

The form gives an estimated conceptual documentation. X is a function of the solutions with numbers and actions. F is the requirement set by a group of specialists. The total answer gives a qualitative response for a report with actions, and a formula on a PC allows you to test dependencies, as a PC game your 14 year old child can have fun with.

Fig 4. Evaluation of results (Example 2, (3)) 

Conclusions

Bayes(4) came to NTNU early 1980s when the author completed the doctoral educational courses in two forms:

One was the classic statistics relations to Bayes formulas and method of using dependencies, and secondary was the subjective Bayes necessary to begin the re evaluation of the concept of risk in Norway. This discussion lead the author to believe that the theoretical accepted approach and the design approach disagreed. With financing from Statoil the primary concept of this paper was developed. Later BICS, Norway, financed the rest.

Fig 5: Risk analyses in design(RAID) set into a traditional framework for evaluation.

References:

1. E. Borse(Veritas/McGill University Canada): ” Design Basis accident and accident analyses with particular reference to offshore platforms), Journal of Occupational Accidents 2,1979 page 227-243.  Fra 2002 se:

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6X2X-469PPJS-K&_user=10&_coverDate=08%2F31%2F1979&_rdoc=1&_fmt=high&_orig=search&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=cff71908847b1fde3add3c3d50a2c378

2. P. Hogstad and T. Steiro: ”Overall strategy for risk evaluation and priority setting of risk regulations”, Reliability Engineering and System Safety, 91, 2006.

3. Professor K. Jacobsen, lecture notes 1984, ”Product development” and

Assistant. E. Borse: NTNUs first ”Risk Analyses” notes, 1980ies

4. E. Borse, ”Risk Analyses in Design” Tapir/Bics: ISBN 82-595-4502-0, 1990,

5. Bayes (Rev Bayes, F.R.S.): An essay towards solving a problem in the doctrine of chances”, with foreword of G.A. Barnard, Biomtrica, vol,45 parts 3 and 4 page 296-315, 1959( reprint of the original contribution)

6. Bics procedures for FOS (internal documents).

This paper is currently under consideration for publication in an International magazine. Reference can be made to Bics and VT research Bulletin.

___________________________________________________________________________________________________________________________