Bab

2
Risiko:
Persepsi, Penilaian
dan Pengelolaan

Tim K3LL FT UI
Is it a risky place to work ?
3
Tim K3LL FT UI 2019
4
Tim K3LL FT UI 2019
 Outline of talk

• Introduction
• Risk perception
• Risk assessment
• Risk analysis and management
• Fault tree analysis
• Event tree analysis
• Problems

Reference :
Charles A. Wentz, Safety, Health and Environmental Protection, MGH, 1998.

5
Tim K3LL FT UI 2019
 Introduction
There is some risk in every decision or
action. This risk is present in all
industrial, government, public, and
personal situations.

In order to appraise risk and safety,

quantitative methods are preferred
because they are more disciplined and
objective than purely subjective
conclusions.

Even quantitative methods often

involve some degree of subjectivity
that introduce uncertainty.

6
6 Tim K3LL FT UI 2019
 Risk perception
The perception of risk depends a great deal
on our personal situation. We take numerous
risks daily with little, if any concern. Yet we
become highly concerned about other less
serious risks because of our personal
perception of an activity, chemical
substance, or process operation.
Everyone would like to live in a risk free
environment, but is this really an attainable
goal?
What about the risk of :
• Drinking a glass of tap water
• Having a chest x-ray for cancer
detection
• Cosmic radiation hazards during an air
trip
7
7
• The chemicals in the soap or shampoo
Tim K3LL FT UI 2019
 Risk perception (cont)
The public perception of
risk is often different from
the risk perception of
industry and statisticians.

8
8 Tim K3LL FT UI 2019
 Risk perception (cont)
The identification of the precise risk or risks causes for health-
related problems is a complex problem because the severity and
length of exposure to a wide variety of risks during a lifetime.
The incidence rate is commonly used to measure and compare
industrial occupational injuries and illnesses

The incidence rate =

(total injuries and illnesses * 200.000) or (total lost workdays * 200.000)

total hours worked by all employees during period

The 200.000 constant is based on 100 full-time equivalent workers

working 40 hours a week, 50 weeks a year.

9
Tim K3LL FT UI 2019
 Risk perception (cont)
Factors affecting the acceptability of risk based on
the perception of people
Greater acceptability Lower acceptability
Voluntary Involuntary
Natural Synthetic
Controllable Uncontrollable
Delayed effect Immediate effect
Essential Nonessential
Major benefits Minor benefits
Experienced Inexperienced
Understandable Not understandable
Known Unknown
Common Uncommon
Routine Special
Low media coverage High media coverage
Low controversy Controversial

1
0 Tim K3LL FT UI 2019
 Risk perception (cont)
The basis for negative risk perception by communities
for industrial facilities
The basis for negative risk perception
Risks are unfamiliar
Involuntary risks
Risks are controlled by outsiders
Undetectable risks
Risks are unfair
Individual protective action are not permitted
Dramatic and memorable risks
Uncertain risks
Unrelated hazards comparisons
Risk estimation, not reduction, emphasized
Routine

1
1 Tim K3LL FT UI 2019
 Risk assessment
Since no activity or technology can be absolutely safe, the
question arises,

“ How safe is safe enough ?”

A safety risk is defined as possible consequences for human
death, disease, injury and for property destruction or damage to
the environment.
Risk equals the probability of the occurrence times the severity of
the harmful effects

Risk = Probability * Consequences

12
Tim K3LL FT UI 2019
 Risk assessment (cont)
Interdependent steps in determining an acceptable risk
Specify the objectives and measures of effectiveness to be achieved
Define the possible alternatives that could achieve the objectives ands their associated risks
Identify all possible consequences of each alternative
Quantify the various consequences, using consistent assumptions
Analyse the results and prioritise the alternative
Select and implement the best choise for an acceptable risk
Obtain feedback and iterate the process as neccesary

The process of risk assessments

Identification of the potentially harmful hazard

Measurements to estimate the consequences of the hazards
Estimation of the probability of the occurrence of each hazard consequence
Quantitative calculation of risks and comparison with potentially acceptable hazard levels
Characterisation of the hazard risks to be managed, along with the assumptions and uncertainties
Ranking of the risk hazards for management decision making

13
Tim K3LL FT UI 2019
 Risk assessment (cont)

Potential risk factors in the impact of hazards on people, facilities, and community
Type and length of hazard exposure
Number of people exposed inside and outside the facility
Demographics of the exposed people
Effectiveness of emergency response inside and outside the facility
Lost time of employee and outside people
Reduction in employee morale
Damage to public image
Property damage inside and outside the facility
Cost of cleanup, repairs, and lost production inside and outside the facility
Personal injury and damage lawsuits
Backlash legislation and additional regulatory constraints

14
Tim K3LL FT UI 2019
 Risk analysis and management
Effective risk management ensures an objective, consistent response to the
identified risks. This requires through planning, organizing, implementing,
and controlling to achieve a successful risk management program.
Elements of a risk management program
Hazard identification
Risk assessment
Administrative controls
Engineering controls
Emergency response planning
Operation and emergency training
Accident and incident investigation
Near-miss review
Internal and external audit
Feedback and iteration

15
Tim K3LL FT UI 2019
 Fault tree analysis

Methodologies to determine and evaluate process

safety hazards:
• What-if checklist
• Hazard and operability study (HAZOP)
• Failure mode and effects analysis (FMEA)
• Fault tree analysis
• An appropriate equivalent methodology

16
Tim K3LL FT UI 2019
17
Tim K3LL FT UI 2019
 Fault tree analysis (cont)

The examination of a process, operation, and facility for potential

hazards is a complex task. Generally it is best to begin with process
flow diagrams and an outline of the facility lay-out.
A more detailed piping and instrument diagram (P&ID) better identifies
all of the potential hazards.
18
Tim K3LL FT UI 2019
 Fault tree analysis (cont)

Typical fault tree analysis.

This includes the following steps :

• Define the top event
• Define the intermediate events
• Identify all gates and basic
events
• Resolve all duplication &
conflict.

19
19 Tim K3LL FT UI 2019
 Fault tree analysis (cont)

Fault tree analysis for the fluid flow example

20
Tim K3LL FT UI 2019
 Event tree analysis

Event tree analysis (ETA) is an inductive logic model that

identifies possible outcomes from given initiating event. An
initiating event will usually initiate an accident or incident. An
ETA considers the responses of operators and safety systems
to the initiating event. This technique is best suited for
analyzing complex process involving several layers of safety
systems and emergency procedures

21
Tim K3LL FT UI 2019
 Event tree analysis (cont)
The first step is to define an
initiating event that could lead to
failure of the system: equipment
failure, human error, utility
failure, or natural disaster.
The next steps is to identify
intermediate actions to eliminate
or reduce the effects of the
initiating event. The event tree
develops two branches for each
intermediate event, one for a
successful and the other for an
unsuccessful operation.
The top path represents success
and the bottom path failure.

22 22
Tim K3LL FT UI 2019
 Event tree analysis (cont)

The probability of any

branch of the event tree
occurring is the product of
the event probabilities on
the branch.

Fault tree analysis for the

fluid flow example

23
23 Tim K3LL FT UI 2019
 Event tree analysis (cont)

The event tree can be summarized

as follows:
• Identify initiating events that
could result in an accident
• Identify the safety functions to
mitigate the initiating event
• Construct the event tree
• Describe accident sequence
outcomes and their probability.

24
24 Tim K3LL FT UI 2019
General Description

• Fault Tree Analysis (FTA) is a deductive reasoning technique that focuses on one particular
accident event.
• The fault tree itself is a graphic model that displays the various combinations of equipment
faults and failures that can result in the accident event.
• The solution of the fault tree is a list of the sets of equipment failures and human/operator
errors that are sufficient to result in the accident event of interest.
• The strength of FTA as a qualitative tool is its ability to break down an accident into basic
equipment failures and human errors. This allows the safety analyst to focus preventive
measures on these basic causes to reduce the probability of an accident.

Tim K3LL FT UI 2019

Purpose: Identify combinations of equipment failures
and human errors that can result in an accident event.

When to Use:

a. Design: FTA can be used in the design phase of

the plant to uncover hidden failure modes that
result from combinations of equipment failures.
b. Operation: FTA including operator and procedure
characteristics can be used to study an operating
plant to identify potential combinations of failures
for specific accidents.

Tim K3LL FT UI 2019

Type of Results: A listing of sets of equipment and/or
operator failures that can result in a specific accident.
These sets can be qualitatively ranked by importance.

Nature of Results: Qualitative, with quantitative

potential. The fault tree can be evaluated quantitatively
when probabilistic data are available.

Tim K3LL FT UI 2019

Data Requirements:

a. A complete understanding of how the plant/system

functions.
b. Knowledge of the plant/system equipment failure
modes and their effects on the plant/system.

Tim K3LL FT UI 2019

Staffing Requirements

One analyst should be responsible for a single fault tree, with frequent consultation with
the engineers, operators, and other personal who have experience with the
systems/equipment that are included in the analysis.
A team approach is desirable if multiple fault trees are needed, with each team member
concentrating on one individual fault tree. Interactions between team members and other
experienced personnel are necessary for completeness in the analysis process.

Tim K3LL FT UI 2019

Time and Cost Requirements: Time and cost
requirements for FTA are highly dependent on the
complexity of the systems involved. Modeling a
small process unit could require a day or less with an
experienced team. Large problems, with many potential
accident events and complex systems, could require
several weeks even with an experienced analysis team.

Tim K3LL FT UI 2019

 HIGH TEMP
EMERGENCY INTERLOCK
SHUT-OFF
VALVE
BURSTING
FLOW TIS DISC
CONTROLLER )

FRC

FLOW
CONTROL
VALVE

MATERIAL
B

MATERIAL
A

Figure 1 Batch reaction system

Tim K3LL FT UI 2019
 REACTOR EXPLOSION
3.6  10-4 F/YR

RUNAWAY BURSTING
REACTION DISC FAILS
0.02
Probability
of failure
Figure 2 Analysis of
1.8  10-2 F/YR
on demand explosion error tree in
FLOW CONTROL TEMPERATURE
batch reactor
LOOP FAILS INTERLOCK FAILS

0.3 F/YR 0.06

FLOW VALVE THERMO -

VALVE FAILS
CONTROLLER STICKS COUPLE &
TO CLOSE
FAILS OPEN RELAY FAIL
0.2 F/YR 0.1 F/YR 0.05 0.01
Probability Probability
of failure of failure
on demand on demand
Tim K3LL FT UI 2019
 Gate Symbol Gate Name Causal Relation

Output event occurs if all input events occur

1 AND gate
simultaneously.

Output event occurs if any one of the input events

2 OR gate
occurs.

Input produces output when conditional event

3 Inhibit gate
occurs.

Table 2.1 Gate Symbols

Tim K3LL FT UI 2019

 Gate Symbol Gate Name Causal Relation

Priority Output event occurs if all input events occur in the

4 AND gate order from left to right.

Exclusive Output event occurs if one,but not both, of the

5
OR gate input events occurs.

m
Out of
m
n gate Output event occurs if m out of n input events
6 (voting or occur.
sample gate)
n inputs

Table 2.1 Gate Symbols （續）

Tim K3LL FT UI 2019

 Event Symbol Meaning of Symbols

1 Basic event with sufficient data

Circle

2 Undeveloped event

Diamond

3 Event represented by a gate

Rectangle

Table 2.2 Event Symbols

Tim K3LL FT UI 2019

 Event Symbol Meaning of Symbols

4 Conditional event used with inhibit gate

Oval

5 House event. Either occurring or not occurring

House

6 Transfer symbol

Triangles

Table 2.2 Event Symbols

Tim K3LL FT UI 2019

Classification of Failures

Sudden versus gradual failures

Hidden versus evident failures
According to effects (critical, degraded or incipient)
According to severity (catastrophic, critical, marginal or negligible)
Primary failure, secondary failure and command fault

Tim K3LL FT UI 2019

Component Failure Characteristics

Primary failure: component within design envelope (natural aging)

Secondary failure: excessive stresses (neighboring components, environment, plant
personnel)
Command fault: inadvertent control signals or noises (neighboring components,
environment, plant personnel)

Tim K3LL FT UI 2019

COMPONENT FAILURE CHARACTERISTICS

Primary Faults and Failures

Primary faults and failures are equipment malfunctions that occur in the environment for
which the equipment was intended. These faults or failures are the responsibility of the
equipment that failed and cannot be attributed to some external force or condition.
• It is faulty • No load is exceeded • Repair is required
Secondary Faults and Failures
Secondary faults and Failures are equipment malfunctions that occur in an environment
for which the equipment was not intended. These faults or failures can be attributed to
some external force or condition.
• Not a problem • Over design load • Repair required

Tim K3LL FT UI 2019

COMPONENT FAILURE CHARACTERISTICS

Command Faults and Failures

Command faults and failures are equipment malfunctions in which the component
operates properly but at the wrong time or in the wrong place. These faults or
failures can be attributed to the source of the incorrect command.
• Not a problem • No design load exceeded • No repair required

when the exact failure mode for a primary or secondary failure is identified, and
failure data are obtained, primary and secondary failure events are the same as
basic failures and are shown as circles in a fault tree.

Tim K3LL FT UI 2019

[ EXAMPLE ]
1) Primary
• Tank rupture due to metal fatigue
2) Secondary

• Fuse is opened by excessive current

• Earth quake cracks storage tanks
• Pressure vessel rupture because some faults external to the vessel
causes the internal pressure to exceed the design limits.
3)Command

• Power is applied inadvertently to relay coil.

• Noisy input to safety monitor randomly generate spurious shutdown
signals.

Tim K3LL FT UI 2019

Boolean Algebra

A A
AND
AND
=
B C C B

AND: all the inputs are required to cause the output.

Tim K3LL FT UI 2019

 Boolean Algebra

A A
OR
OR
=
B C C B

Inclusive OR: any input or combination of inputs will cause the output.

Tim K3LL FT UI 2019

Boolean Algebra

A
EOR
Exclusive OR: B or C
B C
but not both cause the
the output A.

Tim K3LL FT UI 2019

Boolean Algebra

A A A

EOR = OR =

B B B

Tim K3LL FT UI 2019

Boolean Algebra

A A
AND
AND
=
B AND B C D

C D

Tim K3LL FT UI 2019

Boolean Algebra

A A
OR
OR
=
B OR B C D

C D

Tim K3LL FT UI 2019

Boolean Algebra

A A
“EOR”
EOR
=
B EOR B C D

C ODD COMBINATIONS
D

Tim K3LL FT UI 2019

Boolean Algebra

A A
OR
AND
=
B OR AND AND

B C B D
C D

Tim K3LL FT UI 2019

Boolean Algebra

A A
OR
OR
=
B L B

(very low
probability)

Tim K3LL FT UI 2019

Boolean Algebra

A (very low
A probability)
AND
AND
=
B L C L
(very low
(very low probability)
probability)

Tim K3LL FT UI 2019

Boolean Algebra

A A
OR
OR
=
B AND B

C L
(very low
probability)

Tim K3LL FT UI 2019

Boolean Algebra

A A

AND
=
B H B

(very high
probability)

Tim K3LL FT UI 2019

Boolean Algebra

A A (very high
probability)
OR
OR
=
B H C H
(very high
(very high probability)
probability)

Tim K3LL FT UI 2019

Boolean Algebra

A A

AND
=
B OR B

C H
(very high
probability)

Tim K3LL FT UI 2019