Probabilistic risk assessment (PRA) is a systematic and
comprehensive methodology to evaluate risks associated with a complex
engineered technological entity (such as an airliner or nuclear power plant).
Risk in a PRA is defined as a feasible detrimental outcome of an activity or action. In a PRA, risk is characterized by two quantities:
Consequences are expressed numerically (e.g., the number of people potentially hurt or killed) and their likelihoods of occurrence are expressed as probabilities or frequencies (i.e., the number of occurrences or the probability of occurrence per unit time). The total risk is the expected loss: the sum of the products of the consequences multiplied by their probabilities.
The spectrum of risks across classes of events are also of concern, and are usually controlled in licensing processes – it would be of concern if rare but high consequence events were found to dominate the overall risk, particularly as these risk assessments are very sensitive to assumptions (how rare is a high consequence event?).
Probabilistic Risk Assessment usually answers three basic questions:
Two common methods of answering this last question are Event Tree Analysis and Fault Tree Analysis - for explanations of these, see safety engineering.
In addition to the above methods, PRA studies require special but often very important analysis tools like human reliability analysis (HRA) and common-cause-failure analysis (CCF). HRA deals with methods for modeling human error while CCF deals with methods for evaluating the effect of inter-system and intra-system dependencies which tend to cause simultaneous failures and thus significant increases in overall risk.
In 2007France
Theoretically, the probabilistic risk assessment method suffers from several problems:
In the case of many accidents, probabilistic risk assessment models do not account for unexpected failure modes:
When it comes to future safety, nuclear designers and operators often assume that they know what is likely to happen, which is what allows them to assert that they have planned for all possible contingencies. Yet there is one weakness of the probabilistic risk assessment method that has been emphatically demonstrated with theFukushima
However, a PRA analysis that assumed an initiating event of a beyond design basis tsunami of the magnitude that occurred would have identified most, if not all, of the above consequences. In this case, the challenge is not with the PRA method but with the selection of initiating events. For any given design, a low probability high magnitude initiating event can be assumed for which the design will fail. However, selecting an unrealistically severe initiator defeats the purpose of the analysis, as potential vulnerabilities to realistic scenarios will be masked.
Risk in a PRA is defined as a feasible detrimental outcome of an activity or action. In a PRA, risk is characterized by two quantities:
- the magnitude (severity) of the possible
adverse consequence(s), and
- the likelihood (probability) of occurrence of
each consequence.
Consequences are expressed numerically (e.g., the number of people potentially hurt or killed) and their likelihoods of occurrence are expressed as probabilities or frequencies (i.e., the number of occurrences or the probability of occurrence per unit time). The total risk is the expected loss: the sum of the products of the consequences multiplied by their probabilities.
The spectrum of risks across classes of events are also of concern, and are usually controlled in licensing processes – it would be of concern if rare but high consequence events were found to dominate the overall risk, particularly as these risk assessments are very sensitive to assumptions (how rare is a high consequence event?).
Probabilistic Risk Assessment usually answers three basic questions:
- What can go wrong with the studied
technological entity, or what are the initiators or initiating events
(undesirable starting events) that lead to adverse consequence(s)?
- What and how severe are the potential
detriments, or the adverse consequences that the technological entity may
be eventually subjected to as a result of the occurrence of the initiator?
- How likely to occur are these undesirable
consequences, or what are their probabilities or frequencies?
Two common methods of answering this last question are Event Tree Analysis and Fault Tree Analysis - for explanations of these, see safety engineering.
In addition to the above methods, PRA studies require special but often very important analysis tools like human reliability analysis (HRA) and common-cause-failure analysis (CCF). HRA deals with methods for modeling human error while CCF deals with methods for evaluating the effect of inter-system and intra-system dependencies which tend to cause simultaneous failures and thus significant increases in overall risk.
In 2007
Criticism
Theoretically, the probabilistic risk assessment method suffers from several problems:
Nancy Leveson of MIT and her
collaborators have argued that the chain-of-event conception of accidents
typically used for such risk assessments cannot account for the indirect,
non-linear, and feedback relationships that characterize many accidents in
complex systems. These risk assessments do a poor job of modeling human actions
and their impact on known, let alone unknown, failure modes. Also, as a 1978
Risk Assessment Review Group Report to the NRC pointed out, it is
"conceptually impossible to be complete in a mathematical sense in the
construction of event-trees and fault-trees … This inherent limitation means
that any calculation using this methodology is always subject to revision and
to doubt as to its completeness."
In the case of many accidents, probabilistic risk assessment models do not account for unexpected failure modes:
At Japan's Kashiwazaki Kariwa
reactors, for example, after the 2007 Chuetsu earthquake some radioactive
materials escaped into the sea when ground subsidence pulled underground
electric cables downward and created an opening in the reactor's basement wall.
As a Tokyo Electric Power Company official remarked then, "It was beyond
our imagination that a space could be made in the hole on the outer wall for
the electric cables."
When it comes to future safety, nuclear designers and operators often assume that they know what is likely to happen, which is what allows them to assert that they have planned for all possible contingencies. Yet there is one weakness of the probabilistic risk assessment method that has been emphatically demonstrated with the
From most reports it seems
clear that a single event, the tsunami, resulted in a number of failures that
set the stage for the accidents. These failures included the loss of offsite
electrical power to the reactor complex, the loss of oil tanks and replacement
fuel for diesel generators, the flooding of the electrical switchyard, and
perhaps damage to the inlets that brought in cooling water from the ocean. As a
result, even though there were multiple ways of removing heat from the core,
all of them failed.
However, a PRA analysis that assumed an initiating event of a beyond design basis tsunami of the magnitude that occurred would have identified most, if not all, of the above consequences. In this case, the challenge is not with the PRA method but with the selection of initiating events. For any given design, a low probability high magnitude initiating event can be assumed for which the design will fail. However, selecting an unrealistically severe initiator defeats the purpose of the analysis, as potential vulnerabilities to realistic scenarios will be masked.
No comments:
Post a Comment