Use of decision criteria based on expected values to support decision-making in a production assurance and safety setting

We consider decision problems related to production assurance and safety. The issue is to what extent we should use decision criteria based on expected values, such as the expected net present value (E[NPV]) and the expected cost per expected number of saved lives (ICAF), to guide the decision. Such criteria are recognised as practical tools for supporting decision-making under uncertainty, but is uncertainty adequately taken into account by these criteria? Based on the prevailing practice and the existing literature, we conclude that there is a need for a clarification of the rationale of these criteria. Adjustments of the standard approaches have been suggested to reflect risks and uncertainties, but can cautionary and precautionary concerns be replaced by formulae and mechanical procedures? These issues are discussed in the present paper, particularly addressing the company level. We argue that the search for such formulae and procedures should be replaced by a more balanced perspective acknowledging that there will always be a need for management review and judgment beyond the realm of the analyses. Most of the suggested adjustments of the E[NPV] and ICAF approaches should be avoided. They add more confusion than value.     

The use of a basic safety investment model in a practical risk management context

We consider a basic model in economic safety analysis: a firm is willing to invest an amount x in safety measures to avoid an accident A, which in the case of occurrence, leads to a loss of size L. The probability of an accident is a function of x. The optimal value of x is determined by minimizing the expected costs. In the paper, we re-examine this model by adopting a practical risk/safety management perspective. We question how this model can be used for guiding the firm and regulators in determining the proper level of investment in safety. Attention is given to issues like how to determine the probability of an accident and how to take into account uncertainties that extend beyond the expected value. It is concluded that the model, with suitable extensions and if properly implemented, provides a valuable decision support tool. By focusing on investment levels and stimulating thereby the generation of alternative risk-reducing measures, the model is considered particularly useful in risk reduction (ALARP) processes.     

Equivalence between reliability and factor of safety

Traditionally, geotechnical engineers have been practicing design approaches based on safety factors to account for uncertainties due to their simplicity. More recently, reliability-based design approaches emerge as a more reasonable and rigorous way of handling uncertainties. This research raises a fundamental question: “Are reliability and safety factor equivalent?” or “Does there exist a one-to-one functional relationship between reliability and safety factor?”. This paper presents research that proves a sufficient condition for the existence of such a relationship. Moreover, a theorem is derived to determine the functional relationship between reliability and safety factor with stochastic simulations. The proposed framework is so general that it is applicable to arbitrarily complex geotechnical systems with arbitrarily high-dimensional uncertainties. Several simulated examples are used to verify the proposed approach. The results show that the proposed approach is quite promising.     

Variable delays and message losses: Influence on the reliability of a control loop

Today, new technologies (distributed systems, networks communication) are more and more integrated for applications needing to fit real-time and critical constraints. It means that we require more and more to integrate these new technology-based components in systems or sub-systems dedicated to safety or dealing with a high level of criticality.Control systems are generally evaluated as a function of required performances (overshoot, rising time, response time) under the condition to respect a stability condition. Reliability evaluation of such systems is not trivial, because generally classical methods do not take into account time and dynamic properties which are the bases of control systems.The methodology proposed in this paper deals with an approach for the dependability evaluation of control systems, based on Monte-Carlo simulation, giving a contribution to the integration of automatic control and dependability constraints.     

Uncertainty, probability and information-gaps

This paper discusses two main ideas. First, we focus on info-gap uncertainty, as distinct from probability. Info-gap theory is especially suited for modelling and managing uncertainty in system models: we invest all our knowledge in formulating the best possible model; this leaves the modeller with very faulty and fragmentary information about the variation of reality around that optimal model.Second, we examine the interdependence between uncertainty modelling and decision-making. Good uncertainty modelling requires contact with the end-use, namely, with the decision-making application of the uncertainty model. The most important avenue of uncertainty-propagation is from initial data- and model-uncertainties into uncertainty in the decision-domain. Two questions arise. Is the decision robust to the initial uncertainties? Is the decision prone to opportune windfall success?We apply info-gap robustness and opportunity functions to the analysis of representation and propagation of uncertainty in several of the Sandia Challenge Problems.     

Selective critique of risk assessments with recommendations for improving methodology and practise

Risk assessments are often criticised for defending activities that could harm the environment and human health. The risk assessments produce numbers which are used to prove that the risk associated with the activity is acceptable. In this way, risk assessments seem to be a tool generally serving business. Government agencies have based their regulations on the use of risk assessment and the prevailing practise is supported by the regulations. In this paper, we look more closely into this critique. Are risk assessments being misused or are risk assessments simply not a suitable tool for guiding decision-making in the face of risks and uncertainties? Is the use of risk assessments not servicing public interests? We argue that risk assessments may provide useful decision support but the quality of the risk assessments and the associated risk assessment processes need to be improved. In this paper, three main improvement areas (success factors) are identified and discussed: (1) the scientific basis of the risk assessments needs to be strengthened, (2) the risk assessments need to provide a much broader risk picture than what is typically the case today. Separate uncertainty analyses should be carried out, extending the traditional probabilistic-based analyses and (3) the cautionary and precautionary principles need to be seen as rational risk management approaches, and their application would, to a large extent, be based on risk and uncertainty assessments.     

Maintenance: organizational modes,activities and health and safety. Use of a French national survey and in-situ analyses

Maintenance activities are identified as critical both to operator safety and to systems safety and reliability. However, it is still difficult to identify maintenance workers in French occupational accident and disease statistics. Moreover, few analyses of these activities and of organizational changes in this field have been conducted. This paper presents two different approaches to this same issue. Analyses were aimed firstly at identifying the occupational exposures of these operators and at comparing them with occupational exposures of production staff and, secondly at developing understanding of normal real maintenance activities, i.e. maintenance activities that are normally actually carried out, while taking into account the socio-technical system and maintenance organization within which they lie.     

UO2芯块运输容器核临界安全分析

目的 在开展二氧化铀（UO₂）芯块运输容器设计时,应进行临界安全分析,优化容器设计,并通过得出的临界安全指数（CSI）限定可运输货包的数量,确保在任何可信的运输情景下的核临界安全。方法 文中采用蒙特卡罗软件SuperMC对符合要求的国际临界安全手册中6类49个基准实验案例进行建模计算,获得本案例的次临界上限值,再基于运输容器经受正常运输条件与运输事故条件试验的结果,计算得出正常运输条件与运输事故条件下的单货包与货包阵列的最大中子增殖系数keff值。结果 该案例的次临界限值（USL）为0.91974;UO₂芯块运输容器在正常运输条件与运输事故条件下单货包的最大keff值分别为0.286 08,无限阵列货包的最大keff值为0.798 34。结论 UO₂芯块运输容器在正常运输条件与运输事故条件下的最大keff值均小于0.919 74,临界安全指数为0,容器设计临界安全性能可确保可运输安全。     

A Framework for Systematic Classification of Assets for Security Testing

Over the last decade, a significant increase has been observed in the use of web-based Information systems that process sensitive information, e.g., personal, financial, medical. With this increased use, the security of such systems became a crucial aspect to ensure safety, integrity and authenticity of the data. To achieve the objectives of data safety, security testing is performed. However, with growth and diversity of information systems, it is challenging to apply security testing for each and every system. Therefore, it is important to classify the assets based on their required level of security using an appropriate technique. In this paper, we propose an asset security classification technique to classify the System Under Test (SUT) based on various factors such as system exposure, data criticality and security requirements. We perform an extensive evaluation of our technique on a sample of 451 information systems. Further, we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of vulnerabilities. Our technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.     

A Fuzzy Cognitive Maps Tool for Developing a RBI&M Model

A proper maintenance plan is directly related to the definition of critical indexes for ensuring a high level of safety and high level in service quality for all equipments in the plants. The traditional approach, according to risk‐based inspection and maintenance (RBI&M), requires that each parameter considered in the definition of critical indexes shall be divided into intervals in order to assign it a score. By the elaboration of these scores, the critical indexes are calculated. However, what are the rules that allow the company the definition of the range and the assignment of the relative score? Are these rules subjective or objectives? Literature in the field highlights that these decisions are often carried out by maintenance managers. In order to overcome this approach, in this paper, a method based on Fuzzy Cognitive Maps (FCMs) is presented. FCMs have been used for structuring and supporting decisional processes. The criticality of equipments is described in terms of concepts affecting its functioning. No ranges or scores are defined, but only structural and functional features are considered in order to define a criticality index. The resulting fuzzy model can be used to analyse, simulate, test the influence of concepts and predict the behaviour of the system. The RBI&M model, proposed in this work, has been analysed through a case study of an Italian refinery Copyright © 2014 John Wiley & Sons, Ltd.     

Cost and safety optimization of structural design specifications

The design of buildings, bridges, offshore platforms and other civil infrastructure systems is controlled by specifications whose purpose is to provide the engineering principles and procedures required for evaluating the safety of structural systems. The calibration of these codes and specifications is a continuous process necessary to maintain a safe national and global infrastructure system while keeping abreast of new developments in engineering principles, and data on new materials, and applied loads. The common approach to specification calibration is to use probabilistic tools to deal with the random behavior of materials and to account for the uncertainties associated with determining environmental and other load effects. This paper presents a procedure to calibrate load factors for a structural design specification based on cost and safety optimization. The procedure is illustrated by determining load factors that may be applicable for incorporation in a bridge design specification. Traditional code calibration procedures require a set of pre-determined safety levels that should be used as target values that each load combination case should satisfy. The procedure in this paper deduces the failure cost implied in present designs, and provides consistent safety levels for all load combination cases. For greater accuracy, load effects showing variance in time have been modeled by separating them into two random variables; time dependent r.v. (wind speed, vehicular loads, etc.) and time independent r.v. (modeling uncertainties). The total expected lifetime cost is used in the optimization to account for both initial construction cost and future equivalent failure costs.     

Mixed interval–fuzzy two-stage integer programming and its application to flood-diversion planning

Innovative prevention, adaptation, and mitigation approaches as well as policies for sustainable flood management continue to be challenges faced by decision-makers. In this study, a mixed interval–fuzzy two-stage integer programming (IFTIP) method is developed for flood-diversion planning under uncertainty. This method improves upon the existing interval, fuzzy, and two-stage programming approaches by allowing uncertainties expressed as probability distributions, fuzzy sets, and discrete intervals to be directly incorporated within the optimization framework. In its modelling formulation, economic penalties as corrective measures against any infeasibilities arising because of a particular realization of the uncertainties are taken into account. The method can also be used for analysing a variety of policy scenarios that are associated with different levels of economic penalties. A management problem in terms of flood control is studied to illustrate the applicability of the proposed approach. The results indicate that reasonable solutions have been generated. They can provide desired flood-diversion alternatives and capacity-expansion schemes with a minimized system cost and a maximized safety level. The developed IFTIP is also applicable to other management problems that involve uncertainties presented in multiple formats as well as complexities in policy dynamics.     

A unified framework for risk and vulnerability analysis covering both safety and security

Recently, we have seen several attempts to establish adequate risk and vulnerability analyses tools and related management frameworks dealing not only with accidental events but also security problems. These attempts have been based on different analysis approaches and using alternative building blocks. In this paper, we discuss some of these and show how a unified framework for such analyses and management tasks can be developed. The framework is based on the use of probability as a measure of uncertainty, as seen through the eyes of the assessor, and define risk as the combination of possible consequences and related uncertainties. Risk and vulnerability characterizations are introduced incorporating ideas both from vulnerability analyses literature as well as from the risk classification scheme introduced by Renn and Klinke.     

Infrastructure Communication Sensitivity Analysis of Wireless Sensor Networks

Sensitivity or importance analysis has been widely used for identifying system weaknesses and supporting system improvement and maintenance activities. Despite the rich literature on the sensitivity analysis of many mission‐critical and safety‐critical systems, no existing work has been devoted to wireless sensor networks (WSN). In this paper, we first analyze link and node importance with respect to the infrastructure communication reliability of WSN systems. The binary decision diagrams based algorithms are implemented to evaluate and compare three importance measures: structural importance measure, Birnbaum's measure, and criticality importance measure. The effects of node degree, choice of the destination node, data delivery models, as well as mission time on the importance analysis results are investigated through examples. Results from this work can facilitate the design, deployment, and maintenance of reliable WSN for critical applications. Copyright © 2015 John Wiley & Sons, Ltd.     

Risk assessment techniques for civil aviation security

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures.Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it.The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk.RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.     

城市建筑群概率地震灾害风险评估研究

科学合理地考虑地震风险评估中各环节的不确定性是地震风险评估结果可靠的基础。该文利用某城市现有工程场地地震安全性评价数据,综合考虑城市地震危险性评估中的不确定性,以结构基本类作为城市建筑群模型,并考虑地震动不确定性对建筑群地震易损性的影响,建立了同时考虑地震危险性和地震易损性不确定性的地震风险评估模型,最终给出城市结构基本类不同极限破坏状态的年平均超越概率和50年内地震风险概率。基于结构不同极限破坏状态对应的损失比,获得每一种结构基本类的地震经济损失风险曲线。在此基础上,提出了采用地震风险一致概率为控制点,得到城市建筑群总的地震经济损失风险曲线组合的方法,该方法可为评估城市建筑群概率地震风险提供参考。     

Dynamic risk assessment of complex systems using FCM

Analysing risk of today’s complex systems is challenging due to the complex and dynamic nature of systems. The current risk analysis tools are not able to take the complex interactions among risks into account and therefore they can’t predict the behaviour of risks accurately. In an attempt to overcome this shortcoming, this paper proposes an integrated generalised decision support tool using fuzzy cognitive maps for dynamic risk assessment of complex systems. The proposed approach has the ability to prioritise risk factors and more importantly predict and analysis the influences of each individual risk factor/risk set on the other risks or on the outcomes of complex and critical systems by taking into account probability of occurrence and consequences of risks and also considering the complex dependencies between risk factors. These features could provide practitioners with realistic results in critical industries and able them to manage risks more efficiently.     

Multi-criteria risk analysis to improve safety in manufacturing systems

The drive to lower operating costs and improve manufacturing efficiency has led many manufacturing companies to implement different methodologies in order to identify a suitable risk assessment model. So, the concern for safety in industrial activities, both inside the establishments and in their surroundings, has a crucial role. As a result, many laws, regulations and risk analysis techniques are well adapted to industry needs since they were developed for its purpose. However increasing safety is often difficult, especially when you have already obtained good results, so the aim of our paper is the proposal of a new methodological approach called the safety improve risk assessment (SIRA) by integrating the conventional aspects of the popular failure mode, effects, and criticality analysis (FMECA) procedure with economic considerations in order to take into account the risk and to minimise the total safety costs by defining a specific index called total risk priority number (TRPN) index. The index proposed is based on the improved risk priority number (IRPN) and the analytic network process (ANP), a multi-criteria decision-making technique.     

A semi-quantitative approach to risk analysis, as an alternative to QRAs

In quantitative risk analysis (QRA) risk is quantified using probabilities and expected values, for example expressed by PLL values, FAR values, IR values and F–N curves. The calculations are tedious and include a strong element of arbitrariness. The value added by the quantification can certainly be questioned. In this paper, we argue that such analyses often are better replaced by semi-quantitative analyses, highlighting assessments of hazards and barriers, risk influencing factors (RIFs) and safety improvement measures. The assessments will be based on supporting information produced by risk analysts, including hard data and analyses of failure causes and mechanisms, barrier performance, scenario development, etc. The approach acknowledges that risk cannot be adequately described and evaluated simply by reference to summarising probabilities and expected values. There is a need for seeing beyond the standard probabilistic risk results of a QRA. Key aspects to include are related to uncertainties in phenomena and processes, and manageability factors. Such aspects are often ignored in standard QRAs.