Uploaded by ahmedit541

Risk and Safety

advertisement
RISK AND SAFETY
RISK
Risk is the potential that something unwanted and harmful (a hazard) may occur.
 It is the product of the probability of an undesirable event and the effect of that
event.
Risk can either be:
 Objective risk of an activity depends on how likely some negative event is to
actually occur.
 For instance, the objective risk of losing money if you bet on Arsenal on Betika is
50%?
 Subjective risk (perceived risk) depends on what you believe about the world.
 Example: In the 1990s, some people believed that radiation from cell phones
(i.e., ordinary electromagnetic radiation) could cause cancer. When scientists
tested this hypothesis scientifically, it turned out that the subjective risk was
much higher than the objective risk. We now know that ordinary
electromagnetic radiation from cell phones does not cause cancer.

HAZARDS


Hazards can be defined as damage or undesirable effects caused by a technology,
or its use.
Let us look at a few examples.
HAZARDS EXAMPLE
Coal Mining
Between 1900 and 1975, about 600 million tons of coal were mined in the province of
Limburg in the Netherlands (Pöttgens, 1988).
In an area of about 220 km2, the surface dropped an average of 2.5 m. In some
locations, there was a drop of more than 10 m. The coal mining operations were
damaging the houses. Hundreds of millions in damages were paid by the companies
mining the coal.
The risk of damage to the houses was known in advance, but it thought to balance
out against the benefits of the coal mining.
HAZARDS EXAMPLE
DC-10 Disaster
On March 3, 1974, the freight door of a DC-10 opened during flight. As a result, the
plane crashed killing 346 people. The risk was known beforehand, at least to some of
the people involved.
A similar accident had almost occurred on June 12, 1972 . This was after the possibility
of this type of accident had been anticipated as a result of Failure Mode and Effect
Analysis (FMEA) of the freight doors in the late 60s.
No action had been taken to reduce or avoid the risks because there was an ongoing
conflict between the supplier responsible for the door (Convair) and the plane
manufacturer (Douglas). Neither party wanted to weaken its legal position by taking
the first step in the direction of adapting the design, even though each was aware of
the shortcomings. (The company’s management ignored a memo written by a Convair
engineer in which the shortcomings of the door design were outlined.)
HAZARDS EXAMPLE
Tacoma Narrows Bridge Collapse
In 1940 in the United States, the Tacoma Narrows
Bridge collapsed. The bridge design was innovative,
however the bridge started to vibrate when it was
hit by side winds. The bridge finally collapsed when
it was closed for safety reasons.
The vibration of the bridge had not been
anticipated by the designers. From experience with
previous bridges, they had wrongly concluded that
narrower suspension bridges could be built.
HAZARDS EXAMPLE
Asbestos came into large scale use at the beginning of the 20th century due to its heat
resistance, durability, and good insulation properties.
However, in the course of time, asbestos proved to have some extremely harmful side
effects. Inhaling asbestos fibers can lead to asbestos-related diseases such as
asbestosis and mesothelioma (cancer of the lung and stomach lining), which can be
lethal. These diseases only become manifest after several decades.
It is estimated that as many as 10,000 people in the US and 4,000 people in the UK die
annually due to asbestos related diseases.
The use of asbestos has been banned in many countries.
HAZARDS

The previous examples reveal the following:




Hazards are inherent to technology.
Even with foreknowledge of hazards, risks can be taken because of expected
advantages, or other unreasonable human factors.
It is not possible to know all the hazards beforehand e.g failing in an unforeseen
manner; unforeseen side effects.
It may not be precisely clear how a hazard can be attributed to a specific
technology.
COMPLEXITY OF PREDICTING HAZARDS

It is not always possible to predict hazards beforehand in order to express them
reliably as risks for several reasons:




Ignorance – where we do not know what we do not know.
Ambiguity - different interpretations or meanings may be given to the
measurement, characterization and evaluation of hazards.
Complexity of causal relations between potential harmful agents and specific
undesirable effects e.g. interactions between substances and specific
environments and intervening variables.
Uncertainty - refers to situations in which the type of consequences are known, but
cannot meaningfully attribute probabilities to the occurrence of such consequences
ASSESSMENT OF RISK


Personal risk: Is assessed based on the individual.

Assess voluntary activities

Assess the degree of occupational hazard and effect on health
Public risk: To assess public risk, loss of assets and correction costs are estimated.



Loss of or reduction in future income or earning capacity due to loss of limbs or
their capability
Costs associated with accident, including transplants or reinforcement of body
parts/limbs and medical treatment
Cost of welfare, which includes rehabilitation, provision of less-demanding alternate
jobs and other disability benefits.
PERCEPTION OF RISK


Perception of risk varies from person to person, based on physical condition, age,
experience, expertise etc.
Various factors influence the perception of risk
a) Probability of risk (the statistical nature of occurrence of risk)
b) Consequence of risk: Quantitative measure (physical damage, economic loss,
environmental degradation, mental agony) and the possibility of controlling these
consequences
c) Perceived voluntariness of the risk: For thrill and amusement, or under compulsion
d) Magnitude i.e. number of people and extent of the area involved
e) Proximity: the closeness of relationship with those affected or the gap in time
scale. Close risks are usually experienced as being greater than risks further away.
f) Method of information dissemination on risk: The way risks are presented and the
risk measure that is used.
ASSESSING ACCEPTABILITY OF RISK
How do you assess risk acceptability (whether personal or public)
a) New or unfamiliar risks are more likely to be unacceptable to the public than familiar
risks.
b) Voluntarily assumed risks are more likely to be considered acceptable than
involuntarily imposed risks.


Voluntary risk is the involvement of people in risky actions, although they know
that these actions are unsafe. e.g., car racing, stunts etc
Jobs involving higher risks generally demand higher wages.
c) Free and informed consent, equity, and justice are important factors in acceptability
of risk.
DISCUSSION
Mention a technology of which the risks are acceptable while the technology itself is
unacceptable.
Can you also think of an example of a technology that is acceptable while its risks are
unacceptable?
SAFETY



Safety is a matter of how people would find risks acceptable or unacceptable, if they
knew the risks, and are basing their judgments on their most settled value
perspective.
Risk is acceptable when those affected are generally no longer (or not) apprehensive
about it.
This depends on:

Whether the risk is assumed voluntarily.

How the probabilities of harm (or benefit) is perceived

Job-related or other pressures


Whether defects of a risky activity or situation are immediately noticeable or close
at hand
Whether the potential victims are identifiable beforehand.
HOW TO ENSURE SAFETY





Inherently safe design: avoid hazards for example by replacing substances,
mechanisms, and reactions that are hazardous by less hazardous ones.
Safety factors: constructions are usually made stronger than the load they probably
have to bear by adding a safety factor.
Negative feedback mechanism: causes the device to shutdown for cases that a device
fails or an operator loses control. e.g. manual revert if there is a problem with
autopilot,
Redundancy in design: A chain of safety barriers designed to operate independently
so that if the first fails the others still help to prevent or minimize the effects. e.g.
Nuclear reactors have redundant systems to cool the reactor core; fuse in a plugcircuit breakers trip.
Safe exit: The product, when it fails, (1) should fail safely, (2) can be abandoned safely
and (3) the user can safely escape the product.
CASE STUDY: BHOPAL GAS TRAGEDY
Union Carbide India Limited was the subsidiary of Union Carbide Corporation with Indian
Government controlled banks and the Indian public holding a 49.1% stake.
 To manufacture: Phosgene, Monomethylamine, Methyl Isocyanate (MIC) and the pesticide
Carbaryl (Sevin)
 The Methyl Isocyanate (MIC) plant started production in 1979 since it was an intermediate
element in the pesticide Sevin.
 On December 3, 1984,
 Water entered the Tank E610 containing 40 tons of MIC
°
 The exothermic reaction increased the temperature inside of the tank to over 200 C and
raised the pressure.
 30 metric tons of MIC escaped from the tank into the atmosphere, which got added to a
weak wind which frequently changed direction, which in turn helped the gas to cover more
area in a shorter period of time (about one hour).
 In just 2 hours the chemicals escaped to form a deadly cloud over hundreds of thousands of
people including poor migrant labourers who stayed close to the plant

CASE STUDY: BHOPAL GAS TRAGEDY
Workers made the following attempts to save the plant:
 They tried to turn on the plant refrigeration system to cool down the environment
and slow the reaction. (The refrigeration system had been drained of coolant weeks
before and never refilled - it cost too much.)
 They tried to route expanding gases to a neighboring tank. (The tank's pressure
gauge was broken and indicated the tank was full when it was really empty.)
 They tried to purge the gases through a scrubber. (The scrubber was designed for
flow rates, temperatures and pressures that were a fraction of what was by this time
escaping from the tank. The scrubber was as a result ineffective.)
 They tried to route the gases through a flare tower -- to burn them away. (The
supply line to the flare tower was broken and hadn't been replaced.)
 They tried to spray water on the gases and have them settle to the ground, by this
time the chemical reaction was nearly completed. (The gases were escaping at a
point 120 feet above ground; the hoses were designed to shoot water up to 100 feet
into the air.)
CASE STUDY: BHOPAL GAS TRAGEDY
The Methyl Isocyanate gas, being highly concentrated, burns parts of body with which
it comes into contact, even blinding eyes and destroying lungs.
CASE STUDY: BHOPAL GAS TRAGEDY
Factors







leading to the magnitude of gas leak:
Very high inventory of MIC, an extremely toxic material: > 75% capacity against Union
Carbide‘s specification that it should never be more than 60% full.
The company‘s West Virginia plant controlled the safety systems and detected
leakages but the Bhopal plant only used manual labour for control and leak detection.
Non-existent catastrophe management plans: Some safety systems were switched off
to save money which includes the MIC refrigeration tank which should have kept the
MIC tank at 4.5° as opposed to 20°C
There was only one manual back-up system, compared to a four-stage system used by
union carbide plant of USA
Lack of skilled operators: Plant was understaffed due to costs.
The accident occurred in the early morning: Most of the people killed lived in a shanty
(poorly built) town located very close to the plant fence.
Inadequate emergency action plans
DISCUSSION: NAIROBI PIPELINE FIRE
In
September 12, 2011, a fuel tank, located in the Lunga Lunga area of Nairobi and part of a
pipeline system operated by the state-owned Kenya Pipeline Company (KPC), had sprung a
leak. The pipeline valve failed under pressure allowing the oil to leak into the sewer.
The managing director of KPC, is reported to have said the spill occurred from two pipelines,
and that engineers had already depressurized the Sinai pipeline but not in time to prevent fuel
leaking into the sewer.
People in the adjacent densely populated shanty town of Sinai had started to collect leaking
fuel when at about 10 a.m., a massive explosion occurred at the scene. Fire spread to the Sinai
area.
Approximately 100 people were killed in the fire and at least 116 others were hospitalized with
varying degrees of burns.
Reports indicate that the fire might have started from a discarded cigarette or when the wind
changed, bringing embers from nearby garbage fires.
What lessons can you derive from this episode?
TO READ:
Chernobyl
Nuclear Power Plant
RISK ASSESSMENT

Risk assessment is a systematic investigation in which the risks of a
technology/activity are mapped and expressed quantitatively in a certain measure of
risk.

Risk assessments determine the acceptability of risks.

There are four ethical considerations in assessing risks:
a) The degree of informed consent with the risk
b) The degree to which the benefits of a risky activity weigh against the
disadvantages and risks
c) The availability of alternatives with a lower risk
d) The degree to which risks and advantages are justly distributed
RISK ASSESSMENT: INFORMED CONSENT
Informed consent
Risks are more acceptable if those who run the risk consent to the risk.
Those running the risk must have received complete information concerning the risk.
Challenges to informed consent:
 Consumers are often incompletely aware of the
risks e.g. People buy cell phones without being
aware of any possible health risks.
 Technical products may introduce risks that
affect people other than the buyers or sellers of
the products without their consent. e.g. paint
with organic solvents that contribute to
environmental problems such as smog
RISK ASSESSMENT: ADVANTAGES VS RISK
Do the advantages outweigh the risk?

Risks are acceptable if the benefits of the activities outweigh the costs.

Cost-benefit analysis is based on this supposition.

Limitations:


Fallacy of pricing: it is not always possible to express all the relevant costs, benefits,
and risks in money in a comparable fashion.
Little attention is paid to informed consent and to the just distribution of costs and
benefits, although these are important ethical considerations too.
RISK ASSESSMENT: AVAILABILITY OF ALTERNATIVES
The availability of alternatives:
 The acceptability of the risks of a technology depends on the availability of
alternatives with lower risks
Technology A
There is an alternative to this technology
with lower risk.
Technology B
Same risk as technology A
There is no other alternative available.
Risks of technology A are unacceptable (an alternative with lower risks exists)
Risks of technology B are acceptable (since no alternative is available).

Best available technology refers to an approach that does not prescribe a specific
technology but uses the best available technological alternative as yardstick for what
is acceptable.
RISK ASSESSMENT: DISTRIBUTION OF RISKS AND BENEFITS
Are risks and benefits justly distributed?
 Equal treatment concerning risks can be achieved by setting standards so that the
maximum permissible risk is equal for everybody in principle.

Objections: People do not get to choose which risks they find acceptable – the
regulator, often being the government, does that for them instead.
UNCERTAINITIES IN RISK ASSESSMENT

Certain aspects make the estimation of risk complex and unreliable.

Restricted access to knowledge in risk: legal restrictions

Uncertain behavior of materials: Manufacturers’ data is only statistical

Varying behavior of user environments e.g. thermal shock, fatigue, creep

Use or misuse of materials/products: e.g exposure to snowy or damp weather
leading to change of properties.

Newer applications of obsolete technologies remaining unpublished

Substitution of newer materials whose behavior are not disclosed.

Unexpected and unintended outcomes of the product/project
RISK ASSESSMENT: PRECAUTIONARY PRINCIPLE
The precautionary principle demands that if there is (1) a threat, which is (2)
uncertain, then (3) some kind of action (4) is mandatory.
 There are potential hazards that we are uncertain about with the advent of new
technologies.
 There is no need to determine the probability of a nuclear meltdown; However, we
must establish that some sufficiently bad outcome may occur if no precautionary
measures are taken.
 Nanotechnology
has a threat of behavior of synthetic non-biodegradable
nanoparticles which is uncertain
 The precautionary principle as stated in the Report of The United Nations Conference
on Environment and Development (the Rio Declaration)
“Where there are threats of serious or irreversible damage, lack of full scientific
certainty shall not be used as a reason for postponing cost-effective measures to
prevent environmental degradation.”

EXERCISE: HOW RISK IS COMMUNICATED

Consider the following situations: Two programs are to be deployed for the safety of
the 600 people:
Alternative 1:
 If Program A is followed, 200 people will be saved.
 If Program B is followed, 1/3 probability is that 600 people will be saved and 2/3
probability that nobody will be saved.
 Response: 72% of the target group chose option A and 28% option B
Alternative 2:
 If program A is followed, 400 people will die.
 If Program B is followed, 1/3 probability is that nobody will die and 2/3 probability
that 600 people will die.
 Response: Only 22% of the target group chose option A and 78% option B
COMMUNICATION OF RISK: MESSAGING
The
manner in which risks are presented can greatly influence how the audience
perceives the risk.




The option perceived from the perspective of gain will be preferred over those
from which gains are perceived as risky or only probable.
Options emphasizing firm losses will be avoided in favour of those whose
chances of success are perceived as probable.
It is even possible for people to take opposite decisions on the basis of the same
information framed differently.
The risk measure used can also influence how people interpret risks. Ethical
judgments are often hidden in the use of a certain risk measure.
ENGINEERS COMMUNICATING RISK AND PUBLIC POLICY






Engineers should be aware that the public’s approach to risk is not the same as
theirs. Engineers should not say ‘‘risk’’ when they mean ‘‘probability of harm.’’ They
should use the two terms independently.
Engineers should avoid saying, ‘‘There is no such thing as zero risk.’’ The public
definition of ‘‘zero risk’’ is a familiar risk that requires no further deliberation.
Engineers should recognize that the public does not always trust experts. Therefore,
they should acknowledge the possible limitations in their position.
Engineers should also be aware that people will rely on their own values in deciding
whether to base action on the expert’s prediction of probable outcomes.
Engineers should take into account regulatory obligations (from government
regulators) on top of the cost–benefit approach.
Professional engineering organizations, such as the professional societies, have a
special obligation to present information regarding probabilities of harm as
objectively as possible regarding.
RISK ASSESSMENT: SECONDARY COST OF PRODUCTS
Manufacturers’




To help reduce secondary costs
To know the possible risk for purposes of pricing, disclaimers, legal terms and conditions, etc.
To know the cost of reducing the risks
To take a decision before finalizing the design
Cost






understanding of the risk in a product is necessary:
of products is high if designed unsafely due to:
Returns and Warranty Expenses
Loss of Customer Goodwill
Cost of litigation
Loss of Customers due to injuries in using it
Cost of rework, lost time in attending to design problems
The buyer needs to understand the risk in a product:


To judge whether he/she wants to take the risks
To judge whether the “risk vs. costs‟ justifies taking the risk.
RISK ANALYSIS
Probability of Safety = 1 – Probability of risk
Risk = probability of occurrence X consequence in magnitude
Different methods are available to determine the risk (testing for safety)
1. Testing on the functions of the safety-system components.
2. Destructive testing: In this approach, testing is done till the component fails. It is too expensive, but very realistic
and useful.
3. Prototype testing: In this approach, the testing is done on a proportional scale model with all vital components
fixed in the system. Dimensional analysis could be used to project the results at the actual conditions.
4. Simulation testing: With the help of computer, the simulations are done. The safe boundary may be obtained.
The effects of some controlled input variables on the outcomes can be predicted in a better way.
RISK ANALYSIS: ANALYTICAL METHODS

Testing of the safety of a product or project can be done using several analytical
methods:
1. Scenario Analysis
2. Fault Tree Analysis
3. Event Tree Analysis
4. Failure Mode and Effect Analysis (FMEA)
SCENARIO ANALYSIS



A scenario is a synopsis of events or conditions leading to an accident and
subsequent loss.
Starting from an event, different consequence scenarios are constructed and the
means of facing the consequences are designed.
The steps for scenario building are:
1)
Identify the hazard of interest
2) Identification
to a hazard?
and characterization of risk: What can go wrong that could lead
3) Quantification
of risk, likelihood, and magnitude: Develop a planned scenario.
How likely is this to happen?
4) Develop
a scenario tree. If it happens, what are the consequences? Match the
probability and loss characteristics of various exposures to your intuition of risk
(through loss scenarios)
SCENARIO ANALYSIS: EXAMPLE
Consider 3 loss scenarios facing a transport and logistics company.
Scenario A: A truck carrying
dangerous cargo overturns
in a populated area. A spill
occurs resulting in an
explosion or release of toxic
chemicals.
Scenario B: The company is
found liable for an accident
involving bodily injury and
property
damage
from
relatively
“ordinary”
road
hazards. No spill or disruption
of cargo is involved.
Scenario C: Involves multiple
simultaneous catastrophes to
the company fleet.
Probability/Loss combinations:
Scenario A: (probability of
occurrence of 0.001 and loss
potential of Kes. 100M) –
deemed sufficiently possible
and significant - RISKY
Scenario B: More probable in
occurrence, but affordable to
the firm – NOT RISKY
Scenario C: The probability of
this occurrence is rare
(virtually impossible), though
the loss potential is great –
GRAY AREA
FAULT-TREE ANALYSIS

The failure (undesirable event) is initially defined, and the events (causal
relationships) leading to that failure are identified at different components level.

This method can combine hardware failures and human failures.

The main elements of a fault tree are:

Top event - the description of the critical system event

Basic events - the lowest level of identified causes

Logic gates, such as OR or AND gates - gives the logical relationship between the
TOP event and the basic events
FAULT TREE ANALYSIS
When
there’s an unexpected
breakdown, performing a fault
tree analysis helps to get to the
root cause.
Example: if the fire protection
system fails, there are two
possible failure modes: either
(hypothesis A) a failure occurred
in the fire detection
system or (hypothesis B) the fire
suppression system failed.
FAULT-TREE ANALYSIS
CRASH AT THE MAIN
ROAD JUNCTION
Consider the probability
of a crash at a main road
junction.
Car at main road junction
Side road car fails to stop
Side road driver
could not stop
Side road car
driver did not stop
Driving
too fast
Driver
too ill
Vision
obscured
Road too
slippery
Brake
failure
Tyres
won
EVENT-TREE ANALYSIS

The catastrophe is selected as the final event, then a tree is then constructed
relating the sequence of events which individually or in combination, could lead to
the final event.

Event trees are meant to show the path by which we get to the catastrophic event.

Distinction between FTA and ETA:



FTA is used for consequence analysis. FTA allows one to proceed back in time
from possible catastrophic accidents to examine the components of sequences with
probability of failure.
ETA allows the observer to proceed forward in time from potential component
failures to final accident.
ETA is a variant of FTA that can be used to explore both success and failure
alternatives at each level.
EVENT-TREE ANALYSIS
Example: Going late for duty
 Branching structure starts with the initiator (initiating event) and leads to the bad
event (final damaged state).
 Options: Drive own car, use public transport (express train), call colleague and carpool
FAILURE MODE AND EFFECT ANALYSIS (FMEA)
 FMEA
concept was introduced in 1960s by aerospace companies, and later extended
to automobile industries and other types of industries.
 Various
parts of the systems and their modes (patterns, propagation and nature) of
failure are studied.
 FMEA
requires relevant knowledge, insight and engineering judgment.
 Types
of FMEA:
1.
2.
Design FMEA: Analyzes product design (systems and subsystems) before release
to production, with a focus on product function.
Process FMEA: Used to analyze manufacturing and assembly processes before
they are implemented
FAILURE MODE AND EFFECT ANALYSIS (FMEA)
FMEA
is performed in several stages:
Stage
1: Identification of possibilities and defining the scope
1.
Understanding the product/process and its function: Involves creation of block
diagrams of product/process showing major components or process steps as
blocks.

2.
Identifies relations between the blocks, that is, input, function and output of
the design
Identify possible failure modes in the products/process


A failure mode is defined where a component, subsystem, system, and process
could potentially fail to meet the design intent.
Failure mode in one component can cause failure in another.
FAILURE MODE AND EFFECT ANALYSIS (FMEA)
Stage
3.
2: Measuring the volume of risk involved from the failure modes identified.
Description of effects of each risk/failure mode as perceived by both internal
and external customers.



The examples of risk/failure effect may include injury to the user, environment,
equipment, and degraded performance.
Numerical ranking is assigned to each risk or failure, depending on the severity
e.g. 1 for no effect and 10 for very severe failure, affecting system of operation
and user.
Failures are, thus, prioritized and real critical risks can be addressed first.
FAILURE MODE AND EFFECT ANALYSIS (FMEA)
4.
Causes of each failure mode are identified.

5.
6.
A cause is defined as a design weakness that results in a failure e.g. improper
torque, contamination, excessive loading, external vibration.
Determine the probability factor indicating the frequency of occurrence
(weighting from 1(not likely) to 10 (inevitable)).
Design or process mechanism is identified to prevent the cause of failure or
detect failure before it reaches the customer.

7.
This includes identification of tests, monitoring and other techniques to detect
risk or failure.
Assessment of detection rating is done.
 Value
1 – design control will certainly detect the potential cause
 Value
10 – design control will not detect the cause or mechanism
FAILURE MODE AND EFFECT ANALYSIS (FMEA)

Stage 3: Classification of severity of effects and the solutions for the causes of high
risk
8.
9.
Risk priority number (RPN) is calculated to prioritize failure modes. It is a relative
measure of design risk.
RPN=Severity X Probability X Detection
Recommended actions are determined to address potential risks or failures with
high RPN
Stage
4: Revalidation of the procedure, after correction and preventive actions are
implemented.
10.
Revalidation of each action by reassessing severity, probability and detection and
review of the revised RPN.
 FMEA
has to be updated as and when the design or process is modified or
changed.
FMEA FORM
Identify failure modes and their
effects
Identify causes of the failure
modes
and controls
Prioritize
Determine and assess actions
FAILURE MODE AND EFFECT ANALYSIS (FMEA)
Identify failure modes at each process step!
Identify consequences of that failure!
Determine Severity of failure mode!
Identify potential root causes of failure mode!
Potential for occurrence!
Risk Priority Number (RPN).
Highest # equals Highest Risk!
Severity x Occurrence x Detectability = RPN
Use to identify what items to address first.
Document current process controls!
How capable are we of
detecting the failure mode
with our current controls?
RISK ASSESSMENT WITH FMEA
Severity
Occurrence
Detection
RISK ASSESSMENT WITH FMEA
CASTING ATTACH
TORQUE
OVER TORQUE
UNDER TORQUE
CROSS THREAD
CASTING
FRACTURE
10
CASTING
SEPARATION
9
CASTING
SEPARATION
9
TORQUE WRENCH
NOT CONTROLLED
TORQUE WRENCH
NOT USED/
CONTROLLED
NO LEAD IN ON
BOLT THREAD
4
DC TORQUE
WRENCH USED /
LINKED TO OMS
3
120
ADD TORQUE
ALARM AND
CALIBRATION AT
START UP.
JENNY TONE
10
2
1
20
COST ANALYSIS
A product involves primary cost and secondary
cost.
 P - Primary cost of products, including loss of
human lives, or property (assets), crops and
natural resources are estimated.
 S - Secondary costs including loss of human
capability or earning capacity, cost of
treatment and rehabilitation, damage to
property, warranty, loss of customer goodwill,
loss of customers
M: Point of Minimum total cost
H: Highest acceptable risk may fall
below risk at least cost M
High safety and low risk lead to high primary cost and low secondary cost
High risk low safety causes high secondary costs with low primary costs.
RISK BENEFIT ANALYSIS



Risk-benefit analysis is about the cost of risk-taking vs the benefit.
Project feasibility is first based on risk-benefit analysis, and only thereafter, costeffectiveness without increasing the risk visualized
It is done to find out:
a)
What are the risks involved?
b)
What are the benefits that would accrue?
c)
When would benefits be derived and when risks have to be faced?
d)
Who will benefit and who will be subjected to risk? Are they the same set of people
or different?
LIMITATIONS OF RISK BENEFIT ANALYSIS





Benefits may go to one group and risks may go to another group.
Sometimes, people who are exposed to maximum risks may get the minimum
benefits. Is an individual or government empowered to impose a risk on some one
else for supposed benefit to somebody else?
The units for comparison are not the same.
 Example: Commissioning the express highways may add a few highway deaths
versus faster and comfortable travel for several commuters. The benefits may be in
terms of fuel, money and time saved, but lives of human being sacrificed. How do
we then compare properly?
 Risks to known persons are also perceived differently from statistical risks!
Both risks and benefits lie in the future - Quantitative estimation of future benefits,
using the discounted present value may not be correct and sometime misleading.
Both risks and benefits may have uncertainties - Estimated probability may differ
from time to time, and region to region.
REDUCING RISK






Application of inherent safety concepts in design e.g. LPG cylinder is provided with
frame to protect the valve while handling and facilitate cryogenic storage.
Use of redundancy principle in the instrument protection/design
Use of stand-by devices and back-up for computer storage
Periodic monitoring and testing of safety system to ensure reliability e.g. fire
extinguishers
Issue of operation manuals, training of the operating personnel and regular
audits are adopted to ensure that the procedures are understood, followed and the
systems are kept in working condition
Development of well-designed emergency evacuation plan and regular rehearsal
drills to ensure preparedness, in case of emergency.
CHERNOBYL NUCLEAR POWER PLANT
Built
at the banks of Pripyat river of Ukraine
Had four reactors, each capable of producing 1,000 MWs of electric power.
• Reactor unit 4 was to be shut down for routine maintenance on 25 April 1986.
• During the shutdown, they decided to perform a test to determine whether cooling of
the core could continue in the event of a loss of power.
CHERNOBYL NUCLEAR POWER PLANT
• At 1:23, on April 26th 1986, the engineers continued with their experiment and shut down the
turbine engine to see if its inertial spinning would power the reactor’s water pumps.
• To conduct the test, the power plant output was reduced to 700 MW. But due to a sudden
and unexpected demand, the power output had to be raised.
• To go ahead with the test, the reactor operators had already disconnected the emergency
core-cooling system, ignoring the raise in demand situation.
• Further, a control device was not properly reprogrammed to maintain power at 700-100
MW level. The test was conducted at 200 MW power output which is very low for the test.
• The operators blocked all emergency signals and automatic shut-down controls, thus all
safety systems were disconnected.
• The operators raised control rods to restore power output and tried to continue the test.
which made the power stabilize at 200 MW. This made the reactor unsafe and was a
violation of safety law. The temperature of RBMK reactor increased and the fission rate
increased.
• Later, the operator working in the night shift committed an error, by inserting the reactor
control rods so far. This caused the reactor to go into a near-shutdown state, dropping the
power output to around 30 MW.
CHERNOBYL NUCLEAR POWER PLANT








Boiling started at the bottom of the core.
Power level of the core increased to 530W.
Engineers inserted all the control rods as a temperature control measure, but they
got blocked half way because of the graphite tip design.
The absorbent cooling rod did not penetrate the core.
Cooling rod tips accelerated the reaction and caused an explosion
Steam was generated due to depressurization
Second explosion due to build-up of hydrogen after zirconium-steam reactions
Result:
 The
reactor core melted and due to the hydrogen accumulation, it caught fire and the
radioactive waste began to spread out in USSR and also Europe.
 More than 50 tons of radioactive material was released into the atmosphere, where it was
carried by air currents. This was 400 times to the amount of radioactive materials released
at the time of Hiroshima bombing.
FATAL EFFECTS
Two
workers died. One immediately got burnt to ashes after the accident, while the
other was declared dead at the hospital within few hours of admission.
28 emergency workers and staff died within 4 months of the accident due to the
thermal burns and the radiation effect on their bodies.
This accident created 7,000 cases of thyroid cancer.
Acute radiation syndrome (ARS) was diagnosed in 237 people, who were on-site and
involved in cleaning up.
The land, air and ground water were all contaminated to a great extent.
The direct and indirect exposure to radiation led to many severe health problems such
as Downs Syndrome, Chromosomal Aberrations, Mutations, Leukemia, Thyroid Cancer
and Congenital Malfunctions, etc.
A number of plants and animal faced destruction as after-effect.
SAFETY LESSONS
Decision
making on the test and increase in the load should have been coordinated
amongst all decision makers
Periodical mock drill of emergency for the operators (safe exit) should have been
arranged.
When the test began at low loads, the demand for increased out-power should have
been declined.
Tests should have been abandoned and all controls switched on. Then output should
have been increased.
The thickness of the containment should be more, to withstand the possible explosion
and further damage due to radiation and leakage over the surroundings.
Download