Decision Making Using Human

Reliability Analysis
Fabio Kazuo Oshiro
Principal Risk, Safety and Reliability Engineer
Monaco Engineering Solutions Limited
United Kingdom
 As part of the Process Safety…
• Hazop
 As part of the Process Safety…
• LOPA
 As part of the Process Safety…
• Consequence Analysis
As part of the Process Safety…

Human Reliability

Human Reliability

Alarm Management
 Generic Human Error Probabilities
(Hunns & Daniels 1980)
ERROR HUMAN ERROR
TYPE OF BEHAVIOUR
TYPE PROBABILITY
Extraordinary errors: difficult to conceive how they could occur ( stress free,
1 10-5
powerful cues for success)
Error in regularly performed, commonplace simple tasks with minimum
2 10-4
stress.
Errors of commission such as operating wrong button or reading wrong
3 10-3
display. More complex task, less time available, some cues necessary.
Errors of omission where dependence is placed on situation cues and
4 memory. Complex, unfamiliar task with little feedback and some 10-2
distractions.
5 Highly complex task, considerable stress, little time to perform it. 10-1
Process involving creative thinking, unfamiliar complex operation where
6 10-1 to 1
time is short, stress is high.
 Human Error
1. Perception
2. Decision Making
3. Control Actions

Mental ability
ACCIDENT
Task Demand

Prevention:
DESIGN
STANDARDS
7
 Typical solution for Human Error
(Plant automatisation)
• Controller

CHANGING THE FUNCTION

• Monitor

8
 Cognitive Perspective of
the Human Error
External view vs. Cognitive view
Wrong identification
•Wrong action +
•Action omitted Comunication failure
•Tardly action +
•Etc. Wrong execution of the
action
+
Routine influence and
distraction
+
Violations + ...

Exhaustive evaluation
 Formosa Plastics Corporation Vinyl
Chloride Monomer Explosion
• 23rd of April 2004
• 5 fatalities
• 3 Injured
• Community Evacuated (1.6 km)

10
 Human Reliability Assessment
Methodology

Qualitative Analysis
•General analysis and the identification of
the critical human interactions
•Task Analysis
Reduce the number of required analysis looking
for the most critical accidental scenarios •Performance Influencing Factors
Analysis
•Systems for Predicting Human Error and •Predictive Human Error
Recovery (SPEAR) Analysis(PHEA) P
Human Reliability H
Assessment Methodology •Consequence Analysis E
A
•Error Reduction Analysis
•Representation
- Fault Tree Analysis
- Influence Diagram

•Quatification of the human error

HEART
Hierarchical Task Analysis of Reactor Cleaning
 HTA Table for reactor cleaning
Output Second
Input Time and Task
Task Step Communication function, Comments
(registers) (action dependency
distraction
3.2 – Go to Identification Operator By voice, operator Delays in start- Other Residual VCM can
the of reactor tag must check on ground level shall up of next functions in be released if
reactor on reactor that the go to the other batch. Cleaning parallel with cleaning process is
that is in bottom and reactor tag operator to progress is cleaning inappropriate
cleaning control panel is in communicate. There sometimes not progress Hazards: operator
progress accordance is no intercom and appropriate injuries
with reactor radios are not part and should be
Operators must
cleaning of routine operation. re-done
use appropriate
progress
PPE
 Predictive Human Error Analysis(PHEA)
of the reactor cleaning activity (step 3.2)
Task Type of
Type of error Description Consequences Recovery Strategy to reduce the error1
Step task
Operator will be in Reactor identification at the Optimize layout of the
Action in the wrong Move in the wrong direction
Action the wrong group of bottom of reactor and control reactors in order to facilitate
direction of the right reactors
reactors panel identification
Large release of vinyl - Evacuation System
Operator performs bypass of - Study of protection layers
Right action on chloride monometer
Action interlock system and drains None - Historical analysis
wrong object (VCM) followed by - Improve procedures and
the reactor in operation
explosion and fire training
Action No action Absence Delay in drainage None
Action Omitted action Absence Delay in drainage None
Operator does not check the Impossibility to drain Include in checklist the
Indication of interlock activity
Checking Omission of checks reactor identification that reactor due to activity verification of reactor
3.2 – Go in the control panel
should be drained interlock activation to be drained
to the
Blaster operator confirms that
reactor Impossibility to drain Include in checklist the
Right check in the the reactor is in cleaning Indication of interlock activity
that is in Checking reactor due to activity verification of reactor
incorrect object process, but is on the wrong in the control panel
cleaning interlock activation to be drained
reactor
progress Blaster operator is in the Operator goes to
Wrong check in the correct reactor but confirms another reactor and Operator of the upper level Improving procedures and
Checking
correct object that another reactor is in will not drain it due will fix the blaster reactor training
cleaning process interlock activation
Blaster operator is in the Operator goes to
Wrong check in the wrong reactor and confirms another reactor and Operator of the upper level Improving procedures and
Checking
wrong object that another reactor is in will not drain it due will fix the blaster reactor training
cleaning process interlock activation
Blaster operator has no Operator will be in Operator will go to the upper
Recovery No information confirmation about which the wrong group of level and verify which reactor
reactor is in cleaning process reactors is in cleaning process
 Identification of the most critical PIFs during
cleaning reactor activity
Type of error
Action in the wrong direction
Right action in the wrong object
No action
Omitted action
Omission of checks
Right check in the wrong object
Wrong check in the right object
Wrong check in the wrong object
No information
Performance Influencing Factors (PIFs)
Distraction, practices with unfamiliar situations or poor identification
Distraction, poor identification, poor lighting, identification of displays
and controls or poor communication
Practices with unfamiliar situations or working hours and breaks
Practices with unfamiliar situations, working hours and breaks or
distraction
Distraction or poor communication
Distraction, poor identification, poor lighting, identification of displays
and controls or poor communication
Distraction, poor identification, poor lighting, identification of displays
and controls or poor communication
Distraction, poor identification, poor lighting, identification of displays
and controls or poor communication
Poor communication or poor authority and leadership
 Representation - Fault Tree Analysis
Fatalities and
Injuries

* P
G0

Presence of
operators in the Explosion
reactor building

* P * P
G2 G1

Operators executing
Operators failure to Large release of
reactor cleaning Ignition source
evacuate VCM
process

E4 E5 E1 * P
G3
P P P
Operator goes to the wrong Operator use
reactor and believe that is the incorrectly by-pass to
reactor in cleaning process drain the reactor

E2 E3

P P
 Representation - Fault Tree Analysis
• Basic Event E2 - Operator believes he went to the
reactor which required cleaning, when in fact he
went to the reactor in operation
• There is no status indicator in the reactor;
• Symmetrical layout of reactors;
• Similarity of reactors; and
• Overload of blaster operator.
 Representation - Fault Tree Analysis
• Basic Event E3 - Operator uses the bypass valve to open the bottom
valve of reactor in operation
• Bottom valve of the reactor does not open (interlock system - pressure
above 10 psi);
• Existing system bypass;
• No physical control of air injection hoses of emergency;
• No bypass procedure during normal operation; and
• Supervisor unavailable.

• Basic Event E4 - Employees fail to evacuate the area

• Ambiguous procedures about how to control large releases of VCM;
• Insufficient evacuation training; and
• No routine drills.
 Quantification Of Human Error
• Human Error Assessment and Reduction Technique (HEART)
Identify the Generic Task Descriptor

Identify applicable Error Producing

Conditions

Assess the strength of each Error

Producing Condition

Calculate the Error Probability for the

task element
1
9
 Quantification Of Human Error
Description of Basic
ID Details Probability
Event
The probability of ignition of a flammable fluid depends on parameters such as fluid
molecular weight, discharge rate of leakage, temperature of self-ignition, energy and
presence of an igniting source. It varies depending on the fluid and operational storage
1 Igniting source 30%
conditions which influence its rate of release. The calculation of ignition could be
determined using advanced software, but the value of 30% (Uijt de Haag, 1999) is
consistent for the purpose of this study.
Operator incorrectly goes The displacement of the operator to a reactor for cleaning process is considered part of
to reactor in operation the routine and occurs in a daily basis. The reactors have indicators at the bottom and
2 and believes to be in on the control panel. The probability of 7.6% relatively low compared to the others can 7.6%
reactor in cleaning be accepted, since the only deficiency evaluated is the identical arrangement of the
process reactors.
The probability of use of the by-pass valve to open the bottom of the reactor
Operator uses bypass to corresponds to 47% which is a high value for use of bypass security systems. Normal
3 open bottom valve of safety standards do not allow security systems to be shut down even during 47%
reactor in operation maintenance. Since this procedure of bypass of this safety valve was common in
company of Formosa – IL, the value is quite representative.
Normally the fault of operators during evacuation in major accidents should
Employees fail to
4 correspond to very low values; the calculated value of 27% that corresponds to almost 27%
evacuate the area
1 fault every 3 times is very representative.
Operators present for
It is considered that there are operators in the surrounding areas of the reactor during
5 the reactor cleaning 16.7%
the cleaning process for approximately 4 hours of the day.
process
2
0
 Quantification Of Human Error
Fatalities and
Injuries

* P=4,82E-4
G0

Presence of
operators in the Explosion
reactor building

* P=4,50E-2 * P=1,07E-2
G2 G1

Operators executing
Operators failure to Large release of
reactor cleaning Ignition source
evacuate VCM
process

E4 E5 E1 * P=3,57E-2
G3
P=2,70E-1 P=1,67E-1 P=3,00E-1
Operator goes to the wrong Operator use
reactor and believe that is the incorrectly by-pass to
reactor in cleaning process drain the reactor

E2 E3

P=7,60E-2 P=4,70E-1 2
1
 Recommendation Impact using FTA

22
 Representation –
IDA (Influence Diagram Analysis)
 Quantification Of Human Error
Weight of evidence Effective Ineffective

What is the weight of evidence of procedures for the use of by-pass in

0.3 0.7
normal operation to ensure bypass of the interlock with safety

What is the weight of evidence of the implementation of the

recommendations of the PHA 1992 to ensure bypass of the interlock 0.6 0.4
with safety

What is the weight of the evidence of implementing LOPA studies to

0.8 0.2
ensure bypass of the interlock with safety

What is the weight of evidence for increasing the availability of the

0.2 0.8
supervisor to ensure bypass of the interlock with safety

2
4
Weighted Score Method

2
5
 Management vs. Operational Focus
• The results of the two focuses are similar showing that if
implemented, recommendation B has higher potential
for reduction in the prevention of an accident. Although
recommendation A is not well qualified in management
focus, it is the second best option according to the
operational focus. This difference probably derives from
the management group’s choice to disregard this
recommendation. Recommendation C was most
prominent in terms of management than operation.
Recommendation D presented similar classification in
both focus.
2
6
 Conclusions
• Selection of analytical method depends on the availability of information and the viability of cognitive analysis.

• The human error probability was calculated based on both observable and cognitive focus following the structure of
the SPEAR method. The observables factors were obtained from the HTA and the cognitive factors were analyzed
with the application of PHEA. The most important step that ensured that both factors were considered in the
calculation of the probability of human error is the development of the FTA based on the causes and consequences
evidenced in PHEA.

• The development of IDA is also based on the results of the task analysis and the analysis of human errors, which
allows a visualization of variables and uncertainties of the decision process that, must be performed by managers.
The results of the management focus can be less transparent than the operational focus, as it is more subjective and
may be related to the interests of the decision makers.

• The results of the operational focus take more objective factors into consideration with more precise indicators as its
assessment is based on mental models of the plant process, which facilitates the evaluation. These different results
demonstrate the need to consider the operating environment in decision making and that they are essential for the
calculation of the probabilities of human errors.

• Cognitive studies are not simple and are not always feasible. The efforts to calculate the probability of human error
should be evaluated.

• Although the objective of this study was to assess the probability of human error, the results of this cognitive study
provide information and possible recommendations that may contribute to reducing risks at the industrial plant.

2
7
Thank you for listening

Monaco Engineering Solutions Ltd.

1 Pixham End, Dorking, Surrey RH4 1GB
UK Tel: +44 (0)1372 227 997
●mes.info@mes-international.com ●www.mes-international.com