Fault tree analysis (FTA) and event tree analysis (ETA) are probabilistic risk assessment techniques. [FTA] works backwards from an accident to identify causes, representing them in a logic diagram with gates and basic events. [ETA] works forwards from an initiating event through safety functions to outcomes. The document outlines the steps and uses of FTA and ETA, providing examples to illustrate fault tree and event tree construction and accident sequence description.
3. DEFINITION
• Fault Tree Analysis (FTA) is one of the most important
logic and probabilistic techniques used in Probabilistic
Risk Assessment (PRA) and system reliability assessment.
• Fault Trees are deductive method for identifying ways in
which hazards can lead to accident.
• The approach starts with a well defined accident ,or top
event, and works backwards towards the various
scenarios that can cause the accident.
4. STEPS IN CARRYING OUT A FAULT TREE ANALYSIS
• Identify the objective for the FTA.
2. Define the top event of the FT.
• Define the scope of the FTA.
4. Define the resolution of the FTA.
• Define ground rules for the FTA.
* The first five steps involve the problem formulation for an FTA.
6. Construct the FT.
7. Evaluate the FT.
• Interpret and present the results.
• The remaining steps involve the actual construction of the FT, the evaluation
of the FT, and the interpretation of the FT results.
5. SYMBOL REPRESENTATIONS
Circle – it means that basic failure
Diamond – it means that basic fault
Rectangle – it means that resultant event
Double diamond – represents an event
House – represents the basic event
6. FAULT TREE CONSTRUCTION`
Consider the following block diagram. Let I/P and O/P be the input
And output terminals. There are two sub-systems A and B that are connected in series.
X1 X3
INPUT OUTPUT
X2 X4
SUB - SYSTEM (A) SUB - SYSTEM (B)
For this the fault tree analysis diagram shown in next slide
7. F (S) Top event
OR
F (A) F (B) intermediate event
AND AND
F( X 1) F( X 2) F( X 3) F( X 4)
Basic event
8. CONTINUE…..
Here F(x1) , F(x2) , F(x3), F(x4) Are Events Fail…
F (A) = SUB – SYSTEM (A) FAILS
F(B) = SUB – SYSTEM (B) FAILS
THEN F(A) = F(X1) AND F(X2)
AND F(B) = F(X3) AND F(X4)
FINALLY THE FAILURE OF THE SYSTEM
F(S) = F(A) OR F(B)
9. CALCULATION OF RELIABILITY
FROM FAULT TREE
CONSIDER THE EARLIER BLOCK DIAGRAM
The probability of failure of sub – system (A) is indicated as shown in below,
P(A) = P (X 1 and X 2)
P(A) = P( X1) * P( X 2)
Similarly for sub – system (B)
P(B) = P( X 3 and X 4)
P(B) = P( X 3) * P( X 4)
FAILURE OCCURS WHEN SUB – SYSTEM (A) or (B) FAIL..,
F (S) = P(A) or P(B) THEN F(S) = P(A) + P(B) – ( P(A) * P(B) )
IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4
THEN
P( Xi ) = 1 – Ri
RELIABILITY OF SYSTEM R(S) = 1 - F(S)
10. • For an emergency operation theatre in a hospital, the power is obtained from
the main city supply through a transformer connected in series. To ensure an
uninterrupted supply, an auxiliary generator is also used with a suitable switch-
over. The probability of failure of the city supply is 0.01 and the transformer
reliability is 0.996. the auxiliary power generator has a reliability factor of 0.99.
draw the block diagram for the system. Construct the fault tree and, based on
this, calculate the reliability of the system.
mains
transformer Operation
theatre
generator
12. Fault tree for problem
F (S)
AND
OR
A Generator
B C
fails
Main fails Transformer fails
13. SOLUTION
FAILURE OF THE SYSTEM
F (S) = ( P ( X1 ) or P(X 2) ) and P( X 3 )
P ( X 1) = 0.01
P ( X 2) = 1 – 0.996 = 0.004
P ( X 3) = 1 – 0.99 = 0.001
F (S) = ( P (X 1) + P (X 2 ) – ( P (X1 ) * P(X2) ) ) * ( P (X 3 ) )
= ( 0.01 + 0.004 – ( 0.01 * 0.004) ) * (0.001)
F(S) = 0.0001396
FOR RELIABILITY
R(S) = 1- F(S)
= 1- 0.0001396
R(S) = 0.99986
14. USES
• Use of FTA to understand of the logic leading to the top event.
• Use of FTA to prioritize the contributors leading to the top event.
• Use of FTA as a proactive tool to prevent the top event.
• Use of FTA to monitor the performance of the system.
• Use of FTA to minimize and optimize resources.
• Use of FTA to assist in designing a system.
• Use of FTA as a diagnostic tool to identify and correct causes of the top event.
15. ADVANTAGES
• Begins with top event.
• Use to determine the minimal cut sets.
16. DISADVANTAGES
• Complicated process.
• Require considerable amount of time to complete.
18. DEFINITION
• Event trees begin with an initiating event & work
towards the final result.
• This method provides information on how a failure can
occur & the probability of occurrence.
19. STEPS INVOLVED IN AN ETA
1. Identify an initiating event of interest.
2. Identify the safety functions designed
to deal with the initiating event.
3. Construct the event tree.
4. Describe the resulting accident event
sequences
20. EXAMPLE
• Oxidation reactor high temp. Alarm alerts operator at
temp T1.
• Operator reestablish cooling water flow to the oxidation
reactor.
• Automatic shutdown system stops reaction at temp. T2.
( T2 > T1)
These safety functions are listed in the order in which they
are intended to occur.
21. Reactor Feed Cooling Coils
Cooling Water Out
Cooling
Water In
Reactor
TIC
Temperature
Controller TIA
Alarm Figure 11-8 Reactor with
at Thermocouple high temperature alarm and
T > TA High Temperature Alarm temperature controller.
22. Step 1 - Identify the initiating event
• system or equipment failure
• human error
• process upset
[Example]
“Loss of Cooling Water”
to an Oxidation Reactor
23. Step 2 - Identify the Safety Functions Designed to Deal with
the Initiating Event
• Safety system that automatically respond to the initiating event.
• Alarms that alert the operator when the initiating event occurs and operator actions
designed to be performed in response to alarms or required by procedures.
• Barriers or Containment methods that are intended to limit the effects of the
initiating event.
24. Step 3: Construct the Event Tree
a. Enter the initiating event and safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Loss of cooling water
to oxidation reactor
FIRST STEP IN CONSTRUCTING EVENT TREE
25. Step 3: Construct the Event Tree
b. Evaluate the safety functions
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Loss of cooling water
to oxidation reactor
Succes
s
Failure
REPRESENTATION OF THE FIRST SAFETY FUNCTION
26. Step 3: Construct the Event Tree
b. Evaluate the safety functions
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Loss of cooling water
to oxidation reactor
Succes
s
If the safety function does not affect the course of the
accident, the accident path proceeds with no branch pt
Failure to the next safety function.
REPRESENTATION OF THE SECOND SAFETY FUNCTION
27. Step 3: b. Evaluate safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor
INITIATING EVENT:
Loss of cooling water
to oxidation reactor
Succes
s
Completed !
Failure
COMPLETED EVENT TREE
28. Step 4: Describe the Accident Sequence
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor
B C D
A Safe condition,
return to normal
operation
AC Safe condition,
process shutdown
INITIATING EVENT:
ACD Unsafe condition,
Loss of cooling water runaway reaction,
to oxidation reactor operator aware of
A problem
AB Unstable condition,
process shutdown
ABD Unsafe condition,
runaway reaction,
Succes operator unaware
s of problem
Failure
ACCIDENT SEQUENCES
29. High Temp Operator Operator Operator
Safety Function:
Alarm Alerts Notices Re-starts Shuts Down
Operator High Temp Cooling Reactor Result
Identifier: B C D E
Failures/Demand: 0.01 0.25 0.25 0.1
A Continue Operation
0.7425
AD
0.99 Shut Down
0.2227
0.247 ADE
Runaway
5 0.02475
A
AB
1 Continue Operation
0.00562
5
ABD
Initiating Event:
0.007 Shut Down
Loss of Cooling 0.00168
5 8
ABDE
0.00187
1 Occurrence/yr. Runaway
5 0.0001875
0.01 ABC
Continue Operation
0.00187
5
ABCD
0.002 Shut Down
0.000562
5 5
ABCDE
0.000625
Shutdown = 0.2227 + 0.001688 + 0.005625 = 0.2250 occurrences/yr. 0.0000625 Runaway
Runaway = 0.02475 + 0.0001875 + 0.0000625 = 0.02500 occurrences/yr.
Figure 11-9 Event tree for a loss of coolant accident for the reactor of Figure 11-8.
30. Safety Function
0.01 Failures/Demand
Initiating Success of Safety Function
Event (1-0.01)*0.5 = 0.495 Occurrence/yr.
0.5 Occurrences/yr.
Failure of Safety Function
0.01*0.5 = 0.005 Occurrence/yr.
Figure 11-10 The computational sequence across a safety function
in an event tree.
31. High Temp Operator Operator Operator Operator
Alarm Alerts
Safety Function: Notices Re-starts Shuts Down Shuts Down
Operator High Temp Cooling Reactor Result
Identifier: B C D E F
Failures/Demand: 0.01 0.25 0.25 0.01 0.1
A
0.7425 Continue Operation
AD
0.99 0.2450 Shut Down
ADE
0.2475 0.002228 Shut Down
ADEF
0.002475 0.0002475 Runaway
A AB
1 0.005625 Continue Operation
Initiating Event: ABD
0.001856 Shut Down
Loss of Cooling 0.00750
ABDE
1 Occurrence/yr. 0.001875 0.00001688 Shut Down
ABDEF
0.00001875 0.00000187 Runaway
5
0.01 ABC
0.001875 Continue Operation
ABCD
0.0006187 Shut Down
0.0025
ABCDE
0.000625 0.00000563 Shut Down
ABCDEF
0.00000675 0.00000062 Runaway
5
Shutdown = 0.2450 + 0.001856 + 0.00001688 + 0.0006187 = 0.2475 occurrences/yr.
Runaway = 0.0002475 + 0.000001875 + 0.000000625 = 0.0002500 occurrences/yr.
Figure 11-11 Event tree for the reactor of Figure 11-8. This includes a high temperature shutdown
32. ADVANTAGES
• Structured, rigorous, and methodical approach.
• Can be effectively performed on varying levels of design detail.
• Permits probability assessment.
33. DISADVANTAGES
• An ETA can only have one initiating event, therefore multiple ETAs will be
required to evaluate the consequence of multiple initiating events.
• Partial successes/failures are not distinguishable.
• Requires an analyst with some training and practical experience.