You are on page 1of 7

# Fault Tree Analysis

This technique employs a combination of relatively simple logic gates to synthesize a failure model of the plant. The analysis can be both qualitative and quantitative. The method is often used in process industry for: 1) estimation of the frequency of occurrence of the incident (or reliability of the system); 2) determination of the combinations of equipment failures, operating conditions, environmental conditions, and human errors that contribute to the incident; and 3) identification of remedial measures for the improvement of reliability or safety and the determination of their impact.

Method Description A complete Fault Tree Analysis (FTA) consists following five steps. 1. System description and choice of system boundary Knowledge of how the system under study functions and definition of system boundary consistent with the risk assessment objective are essential for a successful FTA. 2. Selection of the top event Top Events are selected during hazard identification process. They are usually major events with serious undesirable outcomes, such as loss of containment of large quantity of toxic or flammable material, runaway reaction, etc. The list of Top Events shall be kept to a manageable size of no more than 20 top events. 3. Construction of fault tree Fault tree construction is an art rather than a science. Beginning with the Top Event, the necessary and sufficient causes of the Top Event are identified together with their logical relationship. This process of deductive reasoning is continued until the analyst judges that sufficient resolution has been obtained to allow for the later assignment of probabilities or frequencies to the basic events or the study boundary has been reached. 4. Qualitative examination of structure The process of Minimal Cut Set Analysis is performed after the fault tree is constructed. This exercise essentially examines the structure of the tree to understand the mechanisms of failure to reveal the effectiveness of safeguards, the qualitative importance of various subevents, and the susceptibility to common-mode failures. For simple fault tree, this can be done by inspection. Whereas for complex fault tree, Boolean analysis shall be used. The

fault tree is converted to Boolean expression defining the Top Event in term of a combination of all lower events. This expression is then simplified by Boolean algebra till it expresses the Top Event as the sum of all the minimal cut sets. Sometime this qualitative analysis reveals alternative outcomes of those root causes or common causes of failure. In this way, FTA can be an supplementary technique for hazard identification. 5. Quantitative evaluation of the fault tree With the final structure of the fault tree expressed as the sum of all minimal cut sets, it is possible to calculate the Top Event frequency or probability by applying each basic event a frequency or probability. Other quantitative studies such as sensitivity, uncertainty, and importance analyses can also be performed at this stage. For a complex system, specialist and computer package are required. Understanding of process, management, operation and maintenance of the unit as well as component failure rates, protective system unavailability, and external events frequency must be available to the analyst.

Strengths and Limitations Fault Tree Analysis is a very important and widely used risk assessment technique. The qualitative and quantitative analysis provides complementary information which give the analyst a much better and deeper understanding of the failure mechanism. The methodology demands the analysis to be structured and documented. However the detailed analysis of components and operations limits its use to mainly identification of special hazard and quantitative risk assessment. The inexplicit assumption of binary failure, poor treatment of explicit time dependence and demand AND gate may cause major error in some cases.

## Event Tree Analysis

Event Tree is widely used in Chemical industries as an important risk assessment technique. It starts with an initiating event which often corresponding to a release of hazardous material. Each event following the initiating event is conditional on the occurrence of its precursor event. The method can be used to uncover weakness in safeguard system, or to identify possible incident outcomes and their possibilities.

Method Description

There are seven steps in a complete Event Tree Analysis. 1. Identify the initiating event The initiating event is a general equipment failure or process upset. This failure event will be identified in Hazard Identification process. 2. Identify safety function/hazard promoting factor and determine outcomes All the factors that can materially affect the outcome of the initiating event much be carefully listed. These factors including safety functions, which are device, action, or barrier that can interrupt the sequence from initiating event to a hazardous outcome, and hazard promoting factors, which may change the final outcome of the accident. However the number of the factors shall be limited to 7 or 8 for a manageable degree of complexity of the event tree. 3. Construct event tree to all important outcomes The factors identified in step 2 are listed across the top of the sheet from left to right in chronological order of occurrence. Starting from the initiating event, the event tree is constructed from left to right. At each factors (or called node), two or more alternatives are analyzed / branches are drawn until a final outcome is obtained for each node. 4. Classify the outcomes in categories of similar consequence The final event tree outcomes can be classified according to type of consequence model that must be employed to complete the risk assessment. 5. Estimate probability of each branch in the event tree The branches at each node correspond to a conditional probability of some outcome if the preceding event has occurred and each is assigned a probability. The probability data may be taken from the historical data, plant and process date, chemical data, meteorological data, etc. 6. Quantify the outcomes The frequency of each outcome can be determined by multiplying the initiating event frequency with the conditional probabilities along each path leading to that outcome. The frequencies of those outcomes with similar consequence are added together to give the frequency of that category of consequence. 7. Test the outcomes Major error may be uncovered by comparing the calculated result with common sense and historical record. Complete understanding of the system and of the mechanisms that lead to all the hazardous outcomes is required. The conditional probabilities at every node require data sources such as historical record, reliability data, expert opinion or fault tree modeling.

Strengths and Limitations The analysis is in a systematic, logic, self-documenting form, which made it easily auditable. The quantification process is simpler than Fault Tree Analysis. The result highlights potential weakness of protective system (single failure leading to incident) and displays ranges of outcomes possible from a given incident. None binary failure and time factors can be accounted in this method. The error caused by common cause failure or mutually exclusive events in an event tree is hard to be detected. This weakness is solved automatically in Fault Tree Analysis by Boolean algebra.

## Discharge Rate Models

Discharge models are the first stage in developing the majority of consequence estimates used in QRA. The applications of interest are those relating to two categories of process release: emergency engineered releases (e.g., relief valves) and emergency unplanned releases (e.g., containment failures). Continuous releases (e.g., process vents) and fugitive emissions (e.g., routine storage tank breathing losses) are not considered under QRA. The underlying technology for gas and liquid discharges is well developed in chemical engineering theory and full descriptions are available in standard references such as Perrys Handbook. The treatment of a two-phase flashing discharge is more empirical.

Method Description There are two steps in calculating discharge rate of an specific scenario. 1. Determine the Phase of Discharge Determining the correct phase of the discharge is important because it affects the flow rate estimated for a given hole in a vessel, pipe, or other containment device. The phase of the discharge is dependent on the release scenario and can be determined by examining the phase diagram for the process material, and the path traveled on this diagram during the course of the release. 2. Apply Appropriate Discharge Rate Model According to the Phase of Discharge The discharge rate models are divided into three groups: gas discharges, liquid discharges and two-phase discharges. Gas Discharges Gas discharges may arise from several sources: from a hole at or near a vessel, from a long pipeline, or from relief valves or process vents. Different calculation procedures apply for each of these sources. There are two flow regimes corresponding to sonic (or choked) flow for higher pressure drops and subsonic flow

for lower pressure drops. The majority of gas discharges from process plant leaks will be initially sonic. Liquid Discharges Discharge of pure (i.e. nonflashing) liquids through a sharp edged orifice is well described by the classical work of Bernoulli and Torricelli. Two Phase Discharges The significance of two-phase flow through restrictions and piping has been recognized for some time. When released to atmospheric pressure, any pressurized liquid above its normal boiling point will start to flash and two-phase flow will result. Two-phase flow is also likely to occur from depressurization of the vapor space above a mass of a volatile liquid, especially if the liquid is viscous (e.g., greater than 500cP) or has a tendency to foam. Fauske and Epstein have provided some practical calculation guidelines for two-phase flashing flows where the discharge rate is determined by three factors: the effect of sub-cooling, the effect of vapor-liquid equilibrium and non-equilibrium effect.

An empirical factor in these equations is the discharge coefficient, Cd, which is less than 1.0 to account for viscosity and turbulence losses. It is function of the Reynolds number and the diameter of the hole. For sharp-edged orifices with subsonic flow, a constant discharge coefficient of 0.61 is indicated. For these conditions, the exit velocity of the fluid is independent of the size of the hole. For a well-rounded nozzle the discharge coefficient approaches 1. For short sections of pipe attached to a vessel (with a length-diameter ratio not less than 3), the discharge coefficient is about 0.81. However, for cases where the discharge coefficient is unknown or uncertain, such as in sonic flows, where the discharge coefficient increases as the downstream pressure decreases, a conservative value of 1.0 is recommended. Input data required for gas and liquid discharge models are readily available from a number of sources. Estimating two-phase flow usually requires experimental data for the specific fluid system or computer program. Vapor-liquid disengagement data are the most difficult to acquire.

Strengths and Limitations Gas and liquid phase discharge calculation methods are well founded and are readily available from many standard references. However, many real releases of pressurized liquids will give rise to two-phase discharges. Computer program is available for vigorous two-phase discharges calculation. Simplified approximate methods have also been developed. The use of a single value of 0.61 for liquids may underestimate the lower velocity discharges through larger diameter holes. Similarly, the value of 1.0 may overestimate gas discharges. All discharge rates will be time dependent due to changing composition,

## Flash and Evaporation

If the liquid is superheated, it will flash upon release. Spilled cryogenic liquid will boil and produce a large amount of gas. And liquid pool will give off vapors. Flash and evaporation models are used to estimate the fraction of a liquid release that forms a cloud. The results are important inputs to dispersion models and later calculations. Flash calculation has sound theoretical base in thermodynamics. Evaporation models are normally based on the thermodynamic properties of the liquid and on the thermal properties of the substrate. Both empirical and pseudomechanistic models based on heat and mass transfer concepts are available.

Method Description 1. Flash Calculation For pure material, the fraction of liquid that vaporized can be calculated based on a Mollier pressure-enthalpy diagram. For Multi-component mixture the computation is very demanding for manual calculation and is mostly carried out by computer program. Aerosol prediction is important part of flash calculation and is relatively weak compare to the calculation of fraction vaporized. Usually a significant fraction of liquid may remain suspended in the vapor cloud as a fine aerosol. This renders the fraction vaporized as calculated by classic thermodynamics a poor predictor of the total mass of material in the vapor cloud. The most common means to estimate the aerosol content is to predict droplet size and from this the settling dynamics in the atmosphere. The maximum droplet size may be predicted from observed, critical droplet Weber numbers. The settling velocity of such a droplet may be estimated form Stokes Law or turbulent settling approximation. Given the elevation and orientation of the release and the jet velocity, the amount of rainout of aerosol and the resultant cloud mass can be predicted using the settling velocity. 2. Evaporation Models Spills on land are better defined as many spills occur into a dike or other retention system that allows the pool size to be well estimated. On the contrary, spills on water are unbounded and calculation are more empirical. The diffusional evaporation from a nonboiling pool is controlled by the mass transfer at the interface of pool and atmosphere. The vaporization rate is proportional to the difference between the saturation vapor pressure and the partial pressure of the vapor in the stagnant air. For boiling pool, the boiling rate is a function of the heat transfer from the surroundings to the liquid in the pool. The heat input is initially controlled by heart conduction from ground, in the later stage, the heat conduction and convection from atmosphere and solar radiation are also significant contributor of the total heat input. The heat transfer from ground may be modeled by semi-

## infinite heat conduction equation available in standard heat transfer reference.

Strengths and Limitations Flash models, as applied to superheated liquid releases, have a theoretical basis in equilibrium thermodynamics. However, the process is governed by non-equilibrium thermodynamics. Aerosol fraction estimation is poorly represented by all existing models. Pool evaporation models are based on fundamental thermodynamic principles. Often some of the required data and coefficients are not known, and engineering judgment is used for their specification. An important weakness of the existing flash or evaporation models is that they do not provide the full definition of initial cloud dimensions and density that many existing dense gas models require. In flash calculation, the major uncertainty lies in the aerosol prediction. At present time, no theoretically sound or experimentally validated models are available, so estimation must be used. Evaporation models are subject to large potential error from poorly validated coefficients (e.g., ground thermal conductivity and pool reflectivity) used in the heat and mass transfer equations.