**The Deterministic and Stochastic Risk Assessment Techniques in the Work Sites: A FTA-TRF Case Study**

P.K. Marhavilas and D.E. Koulouriotis *Democritus University of Thrace, Xanthi, Greece* 

#### **1. Introduction**

50 Risk Management for the Future – Theory and Cases

Moran, M J.; Shapiro, Howard N. (1996). *Fundamentals of Engineering Thermodynamics* (3rd

Muniz, T. P. (2011). *Gerenciamento de riscos, uma ferramenta básica de segurança: estudo prático* 

Sa, T. S. (2008). *Análise Quantitativa de Risco Aplicada àIndústria de Gases,* Federal University of

Au, S. K., Wang, Z-H., & Lo, S-M. (2007). *Compartment fire risk analysis by advanced Monte* 

Tannehill, J. C., Anderson, D. A., & Pletcher, R. H. (1997). *Computational Fluid Mechanics and Heat Transfer* (2nd Edition), ISBN 1-56032-046-X, Taylor & Francis, USA. United Kingdom. (2002). A risk Management Standard, *Association Of Insurance And Risk* 

Krieger, G.R., Montgomery, J.F. (1997). *Accident Prevention Manual for Business and Industry,* 

Nfpa. (2002). *SFPE Handbook of Fire Protection Engineering*. National Fire Protection Association, - 3rd Edition. Quincy, Massachusetts. ISBN 087765-451-4, Vincoli, J. W. (2006). *Basic Guide to System Safety* (second edition), Titusville, John Wiley &

Urbanski, T. (1964). *Chemistry and Technology of Explosives,Volume 01,* Pergamon Press,

*em uma unidade marítima de exploração de hidrocarbonetos*. Federal University of Rio de

*Managers; National Forum For Risk Management In The Public Sector; Institute Of Risk* 

ed.), J. Wiley & Sons. ISBN 0-471-07681-3, New York; Toronto

*Management,* United Kingdom: AIRMIC, ALARM, IRM,

*Administration & Programs volume (11th edition),* Illinois, EUA United States. Mil-Std-882d: (2001). Standard Practice for system safety.

United States. Mil-Std-1629: (2000). Standard: Failure Mode and Effect Analysis.

Sons, Inc. ISBN-13: 978-0-471-72241-0, Titusville, Florida, USA

Department of Technology, Politechnika Warszawa, London.

Janeiro, Rio de Janeiro, Brazil.

*Carlo simulation*, Web of Science

Rio de Janeiro, Rio de Janeiro, Brazil

Occupational accidents have a major impact upon human integrity and they also create high costs for the social welfare system in a country. Furthermore, risk analysis is an essential process for the safety policy of a company, having as main aim the effacement of any potential of damage. The diversity in risk analysis approaches is such that there are many appropriate techniques for most circumstances and the choice has become more a matter of taste (Reniers *et al.*, 2005b). The risk assessment is an essential and systematic process for assessing the impact, occurrence and the consequences of human activities on systems with hazardous characteristics (Van Duijne *et al.*, 2008) and constitutes a needful tool for the safety policy of a company. We can consider risk as a quantity, which can be measured and expressed by a mathematical relation, under the help of real accidents' data. The risk assessment is generally achieved by a deterministic and/or a stochastic method. The first one is classified into three main categories; 1) the qualitative, 2) the quantitative, and 3) the hybrid techniques (qualitative-quantitative), while the second one includes the classic statistical approach and the accident forecasting modelling (Marhavilas, 2009a, 2009b; Marhavilas and Koulouriotis, 2007, 2008, 2011, 2012; Marhavilas *et al.*, 2011a, 2011b).

On the other side, few comparative studies have been performed on different stochastic and deterministic risk assessment methods. Thus, most researchers primarily focus on longitudinal surveys concerning an individual method (Zheng and Liu, 2009). However, an individual method cannot achieve the best risk-assessment result in the worksites, and future perspectives should focus on the parallel application of a deterministic (DET) and a stochastic (STO) process (Marhavilas and Koulouriotis, 2012).

In fact, the contribution of the development and elaboration of STODET processes, to the health and safety science, could be focused (Marhavilas and Koulouriotis, 2011) on:


The Deterministic and Stochastic Risk

A.3 Hybrid Techniques:

B.1 Classic statistic approach:

Event data-models

B. Stochastic Techniques:

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 53

Epistemic Models: The PEA (Predictive, Epistemic Approach) method


Fault tree analysis (FTA) is a deductive technique focusing on one particular accident event and providing a method for determining causes of that event. Fault trees are constructed from events and gates. Basic events can be used to represent technical failures that lead to accidents while intermediate events can represent operator errors that may exacerbate technical failures. The gates of the fault trees can be used to represent several ways in which machine and human failures combine to give rise to the accident. For instance, an AND-gate implies that both initial events need to occur in order to give rise to the intermediate event. Conversely, an OR-gate means that either of two initial events can give rise to the intermediate event. In the context of accident analysis, an OR-gate implies lack of evidence; as more evidence becomes available we can become more certain which of the two initial events were true (Vesely *et al.*, 1981 ; Kontogiannis *et al.*, 2000; Harms-Ringdahl, 2001;

On the other side, we present here basic elements referring to the study of the stochastic behavior of single-component Occupational Health and Safety System (OHSS) concerning the worksite of a company and being subjected to failures (breakdowns) by observing


Time-Series Stochastic Processes/Time-Series Method (TSM)

 Quantitative risk measures of societal risk The QRA (Quantitative Risk Assessment) tool

Human Error Analysis Techniques (HEAT)

Probability distributions of failure and reliability:


Reniers *et al.*, 2005a; Yuhua and Datao, 2005; Hong *et al.*, 2009).

 The ETA method (Event Tree Analysis) The RBM Method (Risk-based Maintenance)

The weighted risk analysis (WRA)



Markov chain analysis

 Grey model Scenario analysis Regression method Neural networks Bayesian Networks

Fault tree analysis (FTA)

 Quantitative assessment of domino scenarios (QADS) The CREA (Clinical Risk and Error Analysis) method

In two recent works, we presented the development and the application of two STODET risk assessment methods based on the combination of special stochastic (STO) and deterministic (DET) processes, like the PRAT-TRF technique (Marhavilas and Koulouriotis, 2011), and the PRAT-TSP-SRE technique (Marhavilas and Koulouriotis, 2012).

Taking into account the above reasons, we proceed to the development of a new STO-DET risk assessment framework by combining the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and apply it on the worksite of an industrial productive procedure. The objective of this work is there fore twofold;


This chapter consists further of three sections: 1) an overview of the main stochastic and deterministic risk analysis and assessment techniques, 2) the development of a new STODET risk assessment framework based on FTA-TRF combination, and 3) a case study for the simultaneous application of FTA and TRF techniques in industry.

#### **2. Risk analysis and assessment techniques**

There are various risk analysis and assessment techniques, which are included in the literature (e.g. Baker *et al.*, 1998; Kontogiannis *et al.*, 2000; Reiners *et al.*, 2005a, 2005b; Marhavilas and Koulouriotis, 2007, 2008, 2011; Marhavilas *et al.*, 2011a, 2011b; Doytchev and Szwillus, 2008; Marhavilas, 2009a, 2009b; Colli *et al.*, 2009; Johansson *et al.*; 2009; Lim and Zhang, 2009). A basic classification of the risk analysis and assessment methodologies based on the literature, includes the deterministic (DET) approach and the stochastic (STO) approach (Marhavilas and Koulouriotis, 2011). Furthermore, DET techniques are classified into three main categories: (a) the qualitative, (b) the quantitative, and (c) the hybrid techniques (qualitative-quantitative, semi-quantitative) (Marhavilas *et al.*, 2011a), while STO method includes the Classic Statistical Approach (CSA) and the Accident Forecasting Modelling (AFM) (Marhavilas and Koulouriotis, 2011). The reader could find a thorough presentation of the main deterministic and stochastic risk assessment and analysis techniques in the work of (Marhavilas and Koulouriotis 2011). Briefly stated, these approaches can be classified as follows:

	- A.1 Qualitative Techniques:
		- Checklists
		- What-if analysis
		- Safety audits
		- Task Analysis
		- STEP technique
		- Hazard and Operability (HAZOP) study

A.2 Quantitative Techniques:

	- Human Error Analysis Techniques (HEAT)
	- Fault tree analysis (FTA)
	- The ETA method (Event Tree Analysis)
	- The RBM Method (Risk-based Maintenance)

In two recent works, we presented the development and the application of two STODET risk assessment methods based on the combination of special stochastic (STO) and deterministic (DET) processes, like the PRAT-TRF technique (Marhavilas and Koulouriotis,

Taking into account the above reasons, we proceed to the development of a new STO-DET risk assessment framework by combining the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and apply it on the worksite of an industrial productive procedure. The objective of this work is there fore twofold;

a. We present a new risk assessment framework based on the combination of the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk

This chapter consists further of three sections: 1) an overview of the main stochastic and deterministic risk analysis and assessment techniques, 2) the development of a new STODET risk assessment framework based on FTA-TRF combination, and 3) a case study

There are various risk analysis and assessment techniques, which are included in the literature (e.g. Baker *et al.*, 1998; Kontogiannis *et al.*, 2000; Reiners *et al.*, 2005a, 2005b; Marhavilas and Koulouriotis, 2007, 2008, 2011; Marhavilas *et al.*, 2011a, 2011b; Doytchev and Szwillus, 2008; Marhavilas, 2009a, 2009b; Colli *et al.*, 2009; Johansson *et al.*; 2009; Lim and Zhang, 2009). A basic classification of the risk analysis and assessment methodologies based on the literature, includes the deterministic (DET) approach and the stochastic (STO) approach (Marhavilas and Koulouriotis, 2011). Furthermore, DET techniques are classified into three main categories: (a) the qualitative, (b) the quantitative, and (c) the hybrid techniques (qualitative-quantitative, semi-quantitative) (Marhavilas *et al.*, 2011a), while STO method includes the Classic Statistical Approach (CSA) and the Accident Forecasting Modelling (AFM) (Marhavilas and Koulouriotis, 2011). The reader could find a thorough presentation of the main deterministic and stochastic risk assessment and analysis techniques in the work of (Marhavilas and Koulouriotis 2011). Briefly stated, these

b. We apply this FTA-TRF process on an industrial worksite to test its usefulness

for the simultaneous application of FTA and TRF techniques in industry.

**2. Risk analysis and assessment techniques** 

approaches can be classified as follows:

A.1 Qualitative Techniques: Checklists What-if analysis Safety audits Task Analysis STEP technique

A.2 Quantitative Techniques:

Hazard and Operability (HAZOP) study

 The proportional risk assessment technique (PRAT) The decision matrix risk assessment (DMRA)

A. Deterministic Techniques:

2011), and the PRAT-TSP-SRE technique (Marhavilas and Koulouriotis, 2012).

failure)" model

	- Epistemic Models: The PEA (Predictive, Epistemic Approach) method
	- Probability distributions of failure and reliability:
		- Exponential distribution
		- Normal distribution
	- Event data-models
		- Constant Failure and Repair Rate Model (Rate Model)
		- Mean Time to Failure and Repair Model (MTTF/MTTR Model)
		- Time at Risk Failure (TRF) Model
		- Rate/MTTR Model
	- Time-Series Stochastic Processes/Time-Series Method (TSM)
	- Markov chain analysis
	- Grey model
	- Scenario analysis
	- Regression method
	- Neural networks
	- Bayesian Networks

Fault tree analysis (FTA) is a deductive technique focusing on one particular accident event and providing a method for determining causes of that event. Fault trees are constructed from events and gates. Basic events can be used to represent technical failures that lead to accidents while intermediate events can represent operator errors that may exacerbate technical failures. The gates of the fault trees can be used to represent several ways in which machine and human failures combine to give rise to the accident. For instance, an AND-gate implies that both initial events need to occur in order to give rise to the intermediate event. Conversely, an OR-gate means that either of two initial events can give rise to the intermediate event. In the context of accident analysis, an OR-gate implies lack of evidence; as more evidence becomes available we can become more certain which of the two initial events were true (Vesely *et al.*, 1981 ; Kontogiannis *et al.*, 2000; Harms-Ringdahl, 2001; Reniers *et al.*, 2005a; Yuhua and Datao, 2005; Hong *et al.*, 2009).

On the other side, we present here basic elements referring to the study of the stochastic behavior of single-component Occupational Health and Safety System (OHSS) concerning the worksite of a company and being subjected to failures (breakdowns) by observing

The Deterministic and Stochastic Risk

where 

procedure.

1 *MTTF*

, <sup>1</sup>

with this model are calculated using the expression

failure rate, *T* time at risk

process of FTA ("Fault Tree Analysis").

*potential for harm or damage* (Reniers *at al.* 2005a).

**3.1 Risk analysis** 

() 1 *<sup>T</sup> Qt e*

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 55

**Time at Risk Failure (TRF) Model:** This model allows users to specify a 'time at risk' that differs from the system lifetime. The model is useful for representing component failures that only contribute to system failure during certain phases of the lifetime of the system or duration of a mission. The unavailability of events (or the probability of failure) associated

It is worth noting that most researchers primarily focus on surveys concerning an individual method (Zheng and Liu, 2009). However, an individual method cannot achieve the best riskassessment result in the worksites, and future perspectives should focus on the parallel application of a deterministic and a stochastic process (Marhavilas and Koulouriotis, 2012). So, we proceed to the development of a new STODET risk assessment framework by combining the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and apply it on the worksite of an industrial productive

Below, we present a new risk assessment framework based on a stochastic-deterministic (STODET) quantified risk evaluation according to function of Figure 1. In addition, Figure 2 shows the flowchart of this risk assessment framework, as a part of the risk management process, using safety aspects–guidelines of ISO/IEC (1999, 2009), (Høj and Kröger 2002), (BS 8800 2004), (van Duijine *et al.* 2008), (Suddle 2009), (Marhavilas *et al.* 2011b) and (Marhavilas and Koulouriotis 2011). This framework consists of three distinct phases: (a) the risk analysis, (b) the quantified risk evaluation and c) the risk assessment and safety-related decision making. The first phase includes the hazard sources' identification and the risk consideration/calculation, while the second one includes the stochastic and deterministic processes. The module #B emphasizes the application of a STODET quantified riskevaluation, which is implemented by the simultaneous application and the jointly evaluation of the TRF ("Time at Risk Failure") stochastic model and the deterministic

Risk analysis or safety analysis is an approach to identify the factors that may lead to accidents, and constitutes a systematic use of available information to identify hazards ((ISO/IEC, 1999; Marhavilas *et al.*, 2011b). In general, ''danger'' should be defined *as an attribute of substances or processes, which may potentially cause harm*. Furthermore, "risk" has been defined as *the chance that someone or something that is valuated will be adversely affected by the hazard*, and also as *a measure under uncertainty for the severity of a hazard* (Høj and Kröger, 2002) while "hazard" is *any unsafe condition or potential source of an undesirable event with* 

**3. A risk assessment framework based on FTA-TRF combination** 

(component repair rate) (5)

(6)

*MTTR*

them over a period of time. Let us simplify things by assuming that the system is put to work at the instant t = 0 for the first time and that it presents a single mode of failure. The component, starting a lifetime period at the instant t = 0, is functioning for a certain period of time *X1* (random) at the end of which it breaks down. It remains in this state for a period of time *Y1* (random) during its replacement (or repair) and, at the end of this time, the component is again put to work and so on. In this case, the system is said to be repairable. In the contrary case, when the component breaks down and continues to remain in this state, the system is said to be non-repairable (Limnios, 2007; Haimes, 2009; Marhavilas and Koulouriotis, 2011). Let *X* be a random variable (r.v.) representing the lifetime of the system with *F* its cumulative distribution function (c.d.f.): *F*(t)=*P*(*X*t). If *F* is absolutely continuous, the random variable *X* has a probability density function (p.d.f.) *f* and can be written as:

$$f(t) = \frac{d}{dt}F(t) = \lim\_{\Delta t \to 0} \frac{P(t < X \le t + \Delta t)}{\Delta t} \tag{1}$$

*Reliability:* The complementary function of *F* , noted as *F* , is the reliability (or probability of success) of the system, noted as *R t*( ). That is to say:

$$R(t) = \overline{F} = 1 - F(t) = P(X > t) \tag{2}$$

Where:

$$R(t) = \bigcap\_{t}^{\circ} f(u) du \quad , \quad R(0) = 1 \quad , \ R(+\infty) = 0 \tag{3}$$

The exponential distribution is the most frequently used in relation to the reliability of systems. A system whose stochastic behavior is modeled by an exponential distribution is a system without memory, that is to say, for t>0, x>0, we have P(X>t+x| X>t)=P(X>x). For the exponential distribution we have for x≥0:

$$f(t) = \lambda e^{-\lambda t}, \; F(t) = 1 - e^{-\lambda t}, \; R(t) = e^{-\lambda t}, \lambda(t) = \lambda \quad \text{(the failure rate)}\tag{4}$$

Although, this distribution gives good modeling for the lifetime of electronic components, its use in other fields, such as in risk analysis for the modeling of OHSS in the worksites is justified.

Moreover, for a quantitative analysis to be performed, event failure and repair data-models could be specified for the events in the study of the stochastic behavior of single-component occupational health and safety systems (OHSS) being subjected to failures over a period of time. Some of the usual event data-models (Limnios, 2007; Isograph, 2008) are:

**Mean Time to Failure and Repair Model (MTTF/MTTR Model):** This model is the same as the constant failure and repair rate model described above, except that the parameters entered by the user are the mean time to failure (MTTF) (or mean time between failures (MTBF)) and the mean time to repair (MTTR). These parameters are related to the failure and repair rates by the following expressions:

$$
\lambda = \frac{1}{\text{MTTF}}, \text{ } \mu = \frac{1}{\text{MTTR}} \text{ (component repair rate)} \tag{5}
$$

**Time at Risk Failure (TRF) Model:** This model allows users to specify a 'time at risk' that differs from the system lifetime. The model is useful for representing component failures that only contribute to system failure during certain phases of the lifetime of the system or duration of a mission. The unavailability of events (or the probability of failure) associated with this model are calculated using the expression

$$Q(t) = 1 - e^{-\lambda T} \tag{6}$$

where failure rate, *T* time at risk

54 Risk Management for the Future – Theory and Cases

them over a period of time. Let us simplify things by assuming that the system is put to work at the instant t = 0 for the first time and that it presents a single mode of failure. The component, starting a lifetime period at the instant t = 0, is functioning for a certain period of time *X1* (random) at the end of which it breaks down. It remains in this state for a period of time *Y1* (random) during its replacement (or repair) and, at the end of this time, the component is again put to work and so on. In this case, the system is said to be repairable. In the contrary case, when the component breaks down and continues to remain in this state, the system is said to be non-repairable (Limnios, 2007; Haimes, 2009; Marhavilas and Koulouriotis, 2011). Let *X* be a random variable (r.v.) representing the lifetime of the system with *F* its cumulative distribution function (c.d.f.): *F*(t)=*P*(*X*t). If *F* is absolutely continuous, the random variable *X* has a probability density function (p.d.f.)

> t 0 ( ) ( ) ( ) Lim *d Pt X t t f t Ft dt <sup>t</sup>*

*Reliability:* The complementary function of *F* , noted as *F* , is the reliability (or probability

( ) ( ) , (0) 1 , ( ) 0

The exponential distribution is the most frequently used in relation to the reliability of systems. A system whose stochastic behavior is modeled by an exponential distribution is a system without memory, that is to say, for t>0, x>0, we have P(X>t+x| X>t)=P(X>x). For the

*R t f u du R R*

time. Some of the usual event data-models (Limnios, 2007; Isograph, 2008) are:

, () , () *<sup>t</sup> Rt e t*

Although, this distribution gives good modeling for the lifetime of electronic components, its use in other fields, such as in risk analysis for the modeling of OHSS in the worksites is

Moreover, for a quantitative analysis to be performed, event failure and repair data-models could be specified for the events in the study of the stochastic behavior of single-component occupational health and safety systems (OHSS) being subjected to failures over a period of

**Mean Time to Failure and Repair Model (MTTF/MTTR Model):** This model is the same as the constant failure and repair rate model described above, except that the parameters entered by the user are the mean time to failure (MTTF) (or mean time between failures (MTBF)) and the mean time to repair (MTTR). These parameters are related to the failure

 

(1)

*Rt F Ft PX t* () 1 () ( ) (2)

(3)

(the failure rate) (4)

*f* and can be written as:

Where:

justified.

of success) of the system, noted as *R t*( ). That is to say:

exponential distribution we have for x≥0:

 

and repair rates by the following expressions:

, () 1 *<sup>t</sup> Ft e*

() *<sup>t</sup> f t e*

*t*

It is worth noting that most researchers primarily focus on surveys concerning an individual method (Zheng and Liu, 2009). However, an individual method cannot achieve the best riskassessment result in the worksites, and future perspectives should focus on the parallel application of a deterministic and a stochastic process (Marhavilas and Koulouriotis, 2012). So, we proceed to the development of a new STODET risk assessment framework by combining the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and apply it on the worksite of an industrial productive procedure.

#### **3. A risk assessment framework based on FTA-TRF combination**

Below, we present a new risk assessment framework based on a stochastic-deterministic (STODET) quantified risk evaluation according to function of Figure 1. In addition, Figure 2 shows the flowchart of this risk assessment framework, as a part of the risk management process, using safety aspects–guidelines of ISO/IEC (1999, 2009), (Høj and Kröger 2002), (BS 8800 2004), (van Duijine *et al.* 2008), (Suddle 2009), (Marhavilas *et al.* 2011b) and (Marhavilas and Koulouriotis 2011). This framework consists of three distinct phases: (a) the risk analysis, (b) the quantified risk evaluation and c) the risk assessment and safety-related decision making. The first phase includes the hazard sources' identification and the risk consideration/calculation, while the second one includes the stochastic and deterministic processes. The module #B emphasizes the application of a STODET quantified riskevaluation, which is implemented by the simultaneous application and the jointly evaluation of the TRF ("Time at Risk Failure") stochastic model and the deterministic process of FTA ("Fault Tree Analysis").

#### **3.1 Risk analysis**

Risk analysis or safety analysis is an approach to identify the factors that may lead to accidents, and constitutes a systematic use of available information to identify hazards ((ISO/IEC, 1999; Marhavilas *et al.*, 2011b). In general, ''danger'' should be defined *as an attribute of substances or processes, which may potentially cause harm*. Furthermore, "risk" has been defined as *the chance that someone or something that is valuated will be adversely affected by the hazard*, and also as *a measure under uncertainty for the severity of a hazard* (Høj and Kröger, 2002) while "hazard" is *any unsafe condition or potential source of an undesirable event with potential for harm or damage* (Reniers *at al.* 2005a).

The Deterministic and Stochastic Risk

.

*# A*

*# B*

**Risk reduction**

Koulouriotis 2011).

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 57

Start

 **Identification of Hazard Sources**

**Risk Consideration/Estimation/Calculation**

**F T A Technique**

**\* Frequency/Probability Analysis**

**\* Consequence Analysis**

End

Fig. 2. The flowchart of an alternative risk assessment framework by including a stochastic and a deterministic (STODET) approach, as a part of the risk management process, based on safety aspects–guidelines of (ISO/IEC 1999, 2009), (Høj and Kröger 2002), (BS 8800 2004), (van Duijine *et al.* 2008), (Suddle 2009), (Marhavilas *et al.* 2011b) and (Marhavilas and

**Ensure risk assessment and controls are effective and up-to-date**

**Is the risk tolerable ?**

**Jointly Evaluated**

No

**Time at Risk Failure Model**

Yes

*Risk Analysis*

*Quantified Risk Evaluation*

*Risk Assessment*

**Acceptance Criteria**

.

#### **3.1.1 Identification of hazard sources**

Danger can be separated in two major categories: "Direct" and "indirect". Direct danger includes the apparent accidents (fractures, scratches, tool injuries etc) and indirect, the danger which is not apparent and devious and comes from the exposure in sources of hazard, such as electromagnetic radiation, noise, weather conditions and raising weights, that cause hard-hearing, cancer, dizziness, respiratory problems and cardiac problems. The identification of hazard sources is usually comprised of specifying one or more scenarios of risks. A risk scenario describes an interaction between a person and a system or product that possesses hazardous characteristics. It describes the activity of the person(s) involved, the hazard(s), the external factors of the situation and the potential injury. Injury (real accidents') data are the primary source of evidence to establish risk scenarios that describe critical pathways to injury. Furthermore, expert opinions are a significant source for creating risk scenarios. Experts rely on their technical knowledge about the system (with its intrinsic hazards) and the productive process, but they also need to apply their knowledge in order to identify relevant and plausible scenarios, for more information see (BS8800:1996, 1996; ILO-OSH, 2001; BS8800:2004, 2004; BS18004:2008, 2008; BS OHSAS18001:2007, 2007; OHSAS 18002:2008, 2008; Marhavilas *et al.* 2011b).

Fig. 1. The combination of a stochastic and a deterministic (STODET) approach in the quantified risk evaluation

The method used to analyze occupational risk follows the algorithm in Figure 2, and in that respect the following must be taken into account: a) gathering of information on the system (by using questionnaires, interviews and checklists) provides the basis for analysis and must be carried out systematically, b) the entire system and its activities should be included in the analysis, which must be designed systematically so as not to overlook important elements, c) the risks to which these hazards give rise must be assessed in a consistent manner, and d) a systematic approach is required even when safety proposals are to be generated and evaluated (Harms-Ringdahl, 2001; Marhavilas *et al.* 2011b; Marhavilas and Koulouriotis, 2012).

Danger can be separated in two major categories: "Direct" and "indirect". Direct danger includes the apparent accidents (fractures, scratches, tool injuries etc) and indirect, the danger which is not apparent and devious and comes from the exposure in sources of hazard, such as electromagnetic radiation, noise, weather conditions and raising weights, that cause hard-hearing, cancer, dizziness, respiratory problems and cardiac problems. The identification of hazard sources is usually comprised of specifying one or more scenarios of risks. A risk scenario describes an interaction between a person and a system or product that possesses hazardous characteristics. It describes the activity of the person(s) involved, the hazard(s), the external factors of the situation and the potential injury. Injury (real accidents') data are the primary source of evidence to establish risk scenarios that describe critical pathways to injury. Furthermore, expert opinions are a significant source for creating risk scenarios. Experts rely on their technical knowledge about the system (with its intrinsic hazards) and the productive process, but they also need to apply their knowledge in order to identify relevant and plausible scenarios, for more information see (BS8800:1996, 1996; ILO-OSH, 2001; BS8800:2004, 2004; BS18004:2008, 2008; BS OHSAS18001:2007, 2007; OHSAS

> **Deterministic Approach**

**Stochastic Approach**

*Quantified Risk Evaluation*

Fig. 1. The combination of a stochastic and a deterministic (STODET) approach in the

(Harms-Ringdahl, 2001; Marhavilas *et al.* 2011b; Marhavilas and Koulouriotis, 2012).

The method used to analyze occupational risk follows the algorithm in Figure 2, and in that respect the following must be taken into account: a) gathering of information on the system (by using questionnaires, interviews and checklists) provides the basis for analysis and must be carried out systematically, b) the entire system and its activities should be included in the analysis, which must be designed systematically so as not to overlook important elements, c) the risks to which these hazards give rise must be assessed in a consistent manner, and d) a systematic approach is required even when safety proposals are to be generated and evaluated

**J o i n t l y E v a l u a t e d**

**3.1.1 Identification of hazard sources** 

18002:2008, 2008; Marhavilas *et al.* 2011b).

**Work site**

Real Data

quantified risk evaluation

Fig. 2. The flowchart of an alternative risk assessment framework by including a stochastic and a deterministic (STODET) approach, as a part of the risk management process, based on safety aspects–guidelines of (ISO/IEC 1999, 2009), (Høj and Kröger 2002), (BS 8800 2004), (van Duijine *et al.* 2008), (Suddle 2009), (Marhavilas *et al.* 2011b) and (Marhavilas and Koulouriotis 2011).

The Deterministic and Stochastic Risk

**3.3 The decision making** 

**3.2.2 A deterministic model: "FTA" model** 

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 59

"FTA" is constructed from events and gates. Basic events can be used to represent technical failures that lead to accidents while intermediate events can represent operator errors that may exacerbate technical failures. The gates of the fault trees can be used to represent several ways in which machine and human failures combine to give rise to the accident.

In the risk management, it is fundamental to distinguish between the risk assessment process and the decision-making process (ISO/IEC Guide-73, 2009; Marhavilas *et al.*, 2011b). In particular, the risk assessment is a part of the risk management process, ending up with the decision making (Salvi and Gaston, 2004). In addition, the risk assessment is a tool used to measure the risk, characterized by the likelihood and severity of specific events, and can further be a basis for decision-making (Høj and Kröger, 2002). Risk-based decision-making processes are naturally based on the risk assessment criteria, but could integrate also other

We will now present a case study in order to illustrate our approach, i.e. the simultaneous

In the following passages, we proceed to the application of FTA-TRF process on the

Figure 3 shows the FTA construction concerning one of the more important hazard-sources that exist in a tobacco-industry chemical-laboratory i.e. the "*EMPLOYEES AMBUSTION/BURN*". This hazard-source has been determined by the application of Figure's 2 risk-analysis phase on the worksite of the chemical-laboratory. In particular, we use in the FTA chart two types of graphic symbols (Limnios, 2007): (i) the OR/AND logic gates/operators, and (ii) the fundamental events (circle for an elementary basic event and rectangle for a top or intermediate event). We have designated the set of basic events of the fault tree by the word "*EVENT*", that is, *EVENT*= {*EVENT-1, ..., EVENT-n*}. The numbers assigned to the basic events on the fault tree correspond to the indices of the events. The OR operator describes the failure of a series system, while the AND one the failure of a parallel system. Similar FTA charts can be constructed for all

In this section, we apply the "*TRF*" model by using the methodological background of Sections 2 and 3.2.1. As an example, on a single-component OHSS of TICL, like the "*EMPLOYEES AMBUSTION/BURN*", the occurrence frequency of E1-event is estimated to be *f*=2400 yr-1 and the estimated likelihood of accidents is *P*=10-4, which means that the estimated number of accidents (per year) is N=0.24, implying that MTBF=36500 hr and =2.73973E-05 hr-1. By using as exposure time (T) the duration of 8760 working hours (w.hrs) i.e. one full-time working year

criteria that can be cultural, economical, ethical etc (Salvi and Gaston, 2004).

**4. Case study: Application of FTA-TRF on an Industrial worksite** 

**4.2 Stochastic approach: Application of the "time at risk failure" model** 

application of FTA and TRF techniques, in industry.

**4.1 Deterministic approach: Application of FTA** 

hazard-sources exist in the industry's worksite.

worksite of a tobacco-industry's chemical-laboratory (TICL).

#### **3.1.2 Risk consideration**

The risk consideration is achieved by the following steps (Marhavilas *et al.* 2011b; Marhavilas and Koulouriotis, 2011):


#### **3.2 Quantified risk evaluation**

Quantified risk evaluation techniques enable risk assessors to scale their appreciation of the severity of the short and long term consequences of accidents and the factors that influence the occurrence of an accident scenario. The methods of quantified risk evaluation need to be as precise as possible to differentiate the risk level of various activities (Marhavilas *et al.*, 2011b). Below, we explain (in association with module #B of Figure 2) the usage and implementation of the STO-DET quantified risk-evaluation process, by the combination and the jointly evaluation of the *TRF* stochastic model and the *FTA* deterministic process.

#### **3.2.1 A stochastic model: "Time at risk failure model"**

According to this model the probability of failure is expressed using the relation () 1 *<sup>T</sup> Qt e* ( is the failure rate, *T* is the time of exposure). It is worth to note that there is a magnitude (called as "mean time"), that plays a very important role in connection with the reliability and the probability of failure of the occupational health and safety systems (OHSS). One significant "mean time" is the "*mean time between failures*" (MTBF), which is expressed by the relation: 1 / *MTBF*

#### **3.2.2 A deterministic model: "FTA" model**

"FTA" is constructed from events and gates. Basic events can be used to represent technical failures that lead to accidents while intermediate events can represent operator errors that may exacerbate technical failures. The gates of the fault trees can be used to represent several ways in which machine and human failures combine to give rise to the accident.

#### **3.3 The decision making**

58 Risk Management for the Future – Theory and Cases

The risk consideration is achieved by the following steps (Marhavilas *et al.* 2011b;

 **Estimation of the likelihood of hazard sources occurrence (P):** The occurrence of injury/damage (or the likelihood of hazard-sources occurrence) may depend on several factors related to the actual interaction of the employee with a hazard source and also to the energy transferred during this interaction. This likelihood depends on the (hidden) potential energy that may become active during unsafe behaviour, the energy absorbing capacity, resilience and other qualities of the human body (Marhavilas *et al.*, 2011b). **Estimation of the consequences' severity (S):** The risk assessment techniques require the estimation of the injury's seriousness gradation (i.e. the consequences' severity). Of course, severity is a subjective issue, because some events, such as cuts, possibly have non-serious effects, while others, such as injuring due to slips, may become more significant. To solve this problem, we can gradate the severity of injury (or damage) by specifying the **level** of employee's **inability** in association with the **duration** that the employee is absent from his work according to the obligations of Law 3850/2010 of the

 **Estimation of the frequency-level of exposure to hazard sources (f)**: The probability that a dangerous scenario may occur, depends on the frequency of exposure to the hazard sources. It is worth to note that we can estimate the gradation of the frequencylevel by using information about workers' activities which may give an indication about the frequency of a risky activity (Marhavilas *et al.* 2011b). Furthermore, the gradation of the frequency-level can be illustrated by the *Frequency (or Exposure) Factor* in association with the frequency of appearance of a potential hazard source (or an undesirable event), and according to the results of the work of Marhavilas and

Quantified risk evaluation techniques enable risk assessors to scale their appreciation of the severity of the short and long term consequences of accidents and the factors that influence the occurrence of an accident scenario. The methods of quantified risk evaluation need to be as precise as possible to differentiate the risk level of various activities (Marhavilas *et al.*, 2011b). Below, we explain (in association with module #B of Figure 2) the usage and implementation of the STO-DET quantified risk-evaluation process, by the combination and

According to this model the probability of failure is expressed using the relation

a magnitude (called as "mean time"), that plays a very important role in connection with the reliability and the probability of failure of the occupational health and safety systems (OHSS). One significant "mean time" is the "*mean time between failures*" (MTBF), which is

is the failure rate, *T* is the time of exposure). It is worth to note that there is

the jointly evaluation of the *TRF* stochastic model and the *FTA* deterministic process.

**3.1.2 Risk consideration** 

Marhavilas and Koulouriotis, 2011):

Greek State (HR, 2010; Marhavilas *et al.* 2011b).

**3.2.1 A stochastic model: "Time at risk failure model"** 

1 / *MTBF*

Koulouriotis (2008, their Table 3).

**3.2 Quantified risk evaluation** 

() 1 *<sup>T</sup> Qt e*

(

expressed by the relation:

In the risk management, it is fundamental to distinguish between the risk assessment process and the decision-making process (ISO/IEC Guide-73, 2009; Marhavilas *et al.*, 2011b). In particular, the risk assessment is a part of the risk management process, ending up with the decision making (Salvi and Gaston, 2004). In addition, the risk assessment is a tool used to measure the risk, characterized by the likelihood and severity of specific events, and can further be a basis for decision-making (Høj and Kröger, 2002). Risk-based decision-making processes are naturally based on the risk assessment criteria, but could integrate also other criteria that can be cultural, economical, ethical etc (Salvi and Gaston, 2004).

We will now present a case study in order to illustrate our approach, i.e. the simultaneous application of FTA and TRF techniques, in industry.

#### **4. Case study: Application of FTA-TRF on an Industrial worksite**

In the following passages, we proceed to the application of FTA-TRF process on the worksite of a tobacco-industry's chemical-laboratory (TICL).

#### **4.1 Deterministic approach: Application of FTA**

Figure 3 shows the FTA construction concerning one of the more important hazard-sources that exist in a tobacco-industry chemical-laboratory i.e. the "*EMPLOYEES AMBUSTION/BURN*". This hazard-source has been determined by the application of Figure's 2 risk-analysis phase on the worksite of the chemical-laboratory. In particular, we use in the FTA chart two types of graphic symbols (Limnios, 2007): (i) the OR/AND logic gates/operators, and (ii) the fundamental events (circle for an elementary basic event and rectangle for a top or intermediate event). We have designated the set of basic events of the fault tree by the word "*EVENT*", that is, *EVENT*= {*EVENT-1, ..., EVENT-n*}. The numbers assigned to the basic events on the fault tree correspond to the indices of the events. The OR operator describes the failure of a series system, while the AND one the failure of a parallel system. Similar FTA charts can be constructed for all hazard-sources exist in the industry's worksite.

#### **4.2 Stochastic approach: Application of the "time at risk failure" model**

In this section, we apply the "*TRF*" model by using the methodological background of Sections 2 and 3.2.1. As an example, on a single-component OHSS of TICL, like the "*EMPLOYEES AMBUSTION/BURN*", the occurrence frequency of E1-event is estimated to be *f*=2400 yr-1 and the estimated likelihood of accidents is *P*=10-4, which means that the estimated number of accidents (per year) is N=0.24, implying that MTBF=36500 hr and =2.73973E-05 hr-1. By using as exposure time (T) the duration of 8760 working hours (w.hrs) i.e. one full-time working year

The Deterministic and Stochastic Risk

**4.3 Joint evaluation of FTA-TRF combination** 

algebra (algebra of events) (Haimes, 2009).

Q (TOP1) = Q(G1)+Q(G6)-Q(G1)\*Q(G6)

Q(G7)=0.21+0.11-0.21\*0.11=0.2969 Q(G8)=0.21+0.11-0.21\*0.11=0.2969 Q(G6)=0.2969\*0.2969=0.08815 Q(G5)=0.0+0.12- 0.0\*0.12=0.12 Q(G4)=0.12+0.21-0.12\*0.21=0.3048 Q(G3)=0.0\*0.0=0.0

Q(G1)=0.7\*0.3048=0.213

"*EMPLOYEES AMBUSTION/BURN*" hazard source is

in the work of (Marhavilas and Koulouriotis 2011) as follows:

the work of (Marhavilas and Koulouriotis 2011).

*High-risky sources* (Q50%)

*Low-risky sources* (Q10%)

*Medium-risky sources* (10%<Q<50%)

Q(G1)=Q(G2)\* Q(G4)

Q(G6)=Q(G7)\*Q(G8)

Thus, we define the following set of equations:



Q(G2)=0.21+0.11+0.0+0.38-0.21\*0.11\*0.0\*0.38=0.7

 Q(G7)=Q(E9)+Q(E10)- Q(E9)\*Q(E10) Q(G8)=Q(Ε11)+Q(Ε12)-Q(Ε11)\*Q(Ε12) By using the numbers of Table 1 we take the following results:

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 61

We proceed to the joint evaluation of FTA-TRF combination. More specifically, the probabilistic assessment of the FTA consists of calculating the probability of the top event TOP-1 (Figure 3) starting from the probabilities Qi (i=1, …, 12) of the basic events (E1-E12) which are illustrated in Table 1. This can be done directly because the FTA construction of Figure 3 does not possess any repeated event (according to the rules of Limnios' (2007) work), and it is carried out with a simple approach, which consists of climbing back up the FTA by starting from its primary operators up to the top event and using the Boolean

Q(G2)=Q(E1)+Q(E2)+Q(G3)+Q(E5)- Q(E1)\*Q(E2)\*Q(G3)\*Q(E5)

So the probability of failure Q of the single-component TICL's OHSS due to the

**Q(TOP1)**=0.213+0.08815-0.213\*0.08815=**0.282374** or **28.2%**  This means that this is a *medium-risky hazard source* because 10%<Q<50% , according to

The same process for the calculation of Q can be applied in all hazard-sources determined by the risk-analysis on the TICL's OHSS, which could classify them into three categories like

(w.yr), we find that the reliability of TICL OHSS due to E1 is R79% and the probability of failure is Q21%. Furthermore, Table 1 illustrates the calculated results of the TRF application on the TICL OHSS, concerning all basic events E1-E12 of the FTA construction of Figure 3.

Fig. 3. The FTA construction concerning one of the more important hazard-sources exist in a tobacco-industry chemical-laboratory, the "*EMPLOYEE'S AMBUSTION/BURN*"

#### **4.3 Joint evaluation of FTA-TRF combination**

We proceed to the joint evaluation of FTA-TRF combination. More specifically, the probabilistic assessment of the FTA consists of calculating the probability of the top event TOP-1 (Figure 3) starting from the probabilities Qi (i=1, …, 12) of the basic events (E1-E12) which are illustrated in Table 1. This can be done directly because the FTA construction of Figure 3 does not possess any repeated event (according to the rules of Limnios' (2007) work), and it is carried out with a simple approach, which consists of climbing back up the FTA by starting from its primary operators up to the top event and using the Boolean algebra (algebra of events) (Haimes, 2009).

Thus, we define the following set of equations:

Q (TOP1) = Q(G1)+Q(G6)-Q(G1)\*Q(G6)

Q(G1)=Q(G2)\* Q(G4)

60 Risk Management for the Future – Theory and Cases

(w.yr), we find that the reliability of TICL OHSS due to E1 is R79% and the probability of failure is Q21%. Furthermore, Table 1 illustrates the calculated results of the TRF application on the TICL OHSS, concerning all basic events E1-E12 of the FTA construction of Figure 3.

> TOP 1

Employees Ambustion/Burn

GATE 1

Fire

> GATE 2

Fig. 3. The FTA construction concerning one of the more important hazard-sources exist in a

tobacco-industry chemical-laboratory, the "*EMPLOYEE'S AMBUSTION/BURN*"

Ignition Spark GATE 3

Electric spark

Flame-creation from the reactant due to the chemist's error Lighter usage

Employee's cigarette-smoking

Industrial pressure vessels or gas cylinders

> EVENT 3

Bad service of the machines

Existence of damaged or bare electric wires

Gas leakge due to false connection of the pressure vessel

EVENT 4

EVENT 6

EVENT 7

EVENT 5

GATE 5

EVENT 8

Leakage due to defective pressure vessel Existence or usage of chemical reactant

EVENT 9

Damage of protective equipment

Lack of protective equipment

Usage of a chemical/reactant in the workbench

Carriage of a chemical/reactant to the workbench

> EVENT 10

> EVENT 11

> EVENT 12

> EVENT 1

> EVENT 2

GATE 4

Combustible material

False usage of protective equipment Spillage of chemicals

GATE 7

GATE 8

GATE 6

Contact with chemicals and/or reactants

	- Q(G5)=Q(E6)+Q(Ε7)- Q(E6)\*Q(Ε7)

Q(G6)=Q(G7)\*Q(G8)


By using the numbers of Table 1 we take the following results:

```
Q(G7)=0.21+0.11-0.21*0.11=0.2969 
Q(G8)=0.21+0.11-0.21*0.11=0.2969 
Q(G6)=0.2969*0.2969=0.08815 
Q(G5)=0.0+0.12- 0.0*0.12=0.12 
Q(G4)=0.12+0.21-0.12*0.21=0.3048 
    Q(G3)=0.0*0.0=0.0 
    Q(G2)=0.21+0.11+0.0+0.38-0.21*0.11*0.0*0.38=0.7 
    Q(G1)=0.7*0.3048=0.213
```
So the probability of failure Q of the single-component TICL's OHSS due to the "*EMPLOYEES AMBUSTION/BURN*" hazard source is

**Q(TOP1)**=0.213+0.08815-0.213\*0.08815=**0.282374** or **28.2%** 

This means that this is a *medium-risky hazard source* because 10%<Q<50% , according to the work of (Marhavilas and Koulouriotis 2011).

The same process for the calculation of Q can be applied in all hazard-sources determined by the risk-analysis on the TICL's OHSS, which could classify them into three categories like in the work of (Marhavilas and Koulouriotis 2011) as follows:


The Deterministic and Stochastic Risk

**6. Future work and closure** 

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 63

evaluation and c) the risk assessment and safety-related decision making. The first phase includes the hazard sources' identification and the risk calculation, while the second one the stochastic and deterministic processes (Figure 2 illustrates its flowchart as a part of the risk management process). To continue, the STODET quantified risk-evaluation consists of the combined evaluation of the *TRF* ("Time at Risk Failure") stochastic model and the *FTA* ("Fault Tree Analysis") deterministic technique (module #B of Figure 3 emphasizes it).

Furthermore, in order to present a case study, we proceeded to the application of FTA-TRF on the worksite of a tobacco-industry's chemical-laboratory (which is situated in Thrace, Greece) by using real data of undesirable events and accidents. So, the probability of failure Q of the single-component TICL's OHSS due to the "*EMPLOYEES AMBUSTION/BURN*" hazard source was calculated to be Q=28.2%, which means it is a *medium-risky hazard source* because 10%<Q<50% (Marhavilas and Koulouriotis, 2011). The same process for the calculation of Q can be applied in all hazard-sources determined by the risk-analysis on the TICL's OHSS, which could classify them into three categories: (i) high-risky sources (Q50%), (ii) medium-risky sources (10%<Q<50%), and (iii) low-risky sources (Q10%).

In a future work, we are planning: (i) the development of another risk assessment framework including more stochastic and deterministic techniques, and (ii) the application on other industrial OHSS. This means that we have the ability to combine more different stochastic techniques like Markov chains, the grey model, neural networks, the scenario analysis, the regression method, Bayesian networks etc (Zheng and Liu, 2009; Marhavilas and Koulouriotis, 2011), with more deterministic techniques like DMRA (for more information: Marhavilas *et al.* 2011a, 2011b). In the work of (Marhavilas *et al.* 2011a; see their Table 8), there is a comparison of the various DET methodologies focusing on their advantages/disadvantages, and highlighting areas of future improvements, while in the work of (Zheng and Liu 2009; see their table 8), a comparison of different STO models, a fact

Apart from the exponential distribution, other usual probability distributions dealing with the reliability of health and safety systems which could be applied and tested are the

**Normal distribution**: It is used for modeling the duration and the lifetime of the

*t R t f y dy* 

> *t R t f y dy*

, ( ) ( ) ( )

*t*

, ( ) ( ) ( )

*t*

*f t*

(7)

(8)

*R t*

*f t*

*R t*

2 2 ( )

is the standard deviation.

2 2 (ln )

(t≥0), ( ) ( )

*t*

*t*

 , () ( )

which could help the reader to select the best STO-DET combination.

following (Limnios, 2007; Marhavilas and Koulouriotis 2011):

<sup>2</sup> <sup>1</sup> ( ) <sup>2</sup>

 **Log-Normal distribution**: It is expressed by the relations

*ft e*

<sup>2</sup> <sup>1</sup> ( ) <sup>2</sup>

*ft et*

systems and expressed by the relations

is the average and

Where 


(\*) From the technical specifications

Table 1. Depiction of the results of TRF application on the OHSS of a tobacco-industry's chemical-laboratory, concerning all basic events E1-E12 of the FTA construction of Figure 3

#### **5. Discussion**

We can consider the risk as a quantity, which can be estimated and expressed by a mathematical relation, under the help of real accidents' data. The risk assessment is generally achieved by a deterministic and/or a stochastic method. The diversity in risk analysis procedures is such that there are many appropriate techniques for any circumstance and the choice has become more a matter of taste. However, an individual method cannot achieve the best risk-assessment result in the worksites and future perspectives should focus on the parallel application of a deterministic technique with a stochastic one.

The objective of this work is twofold a) present of a new risk assessment framework based on the combination of the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and b) apply the FTA-TRF process on an industrial worksite.

In particular, the new alternative risk assessment framework we develop is achieved in Figure 1 by the combination of a stochastic and a deterministic process (STODET). This process consists of three distinct phases: (a) the risk analysis, (b) the quantified risk evaluation and c) the risk assessment and safety-related decision making. The first phase includes the hazard sources' identification and the risk calculation, while the second one the stochastic and deterministic processes (Figure 2 illustrates its flowchart as a part of the risk management process). To continue, the STODET quantified risk-evaluation consists of the combined evaluation of the *TRF* ("Time at Risk Failure") stochastic model and the *FTA* ("Fault Tree Analysis") deterministic technique (module #B of Figure 3 emphasizes it).

Furthermore, in order to present a case study, we proceeded to the application of FTA-TRF on the worksite of a tobacco-industry's chemical-laboratory (which is situated in Thrace, Greece) by using real data of undesirable events and accidents. So, the probability of failure Q of the single-component TICL's OHSS due to the "*EMPLOYEES AMBUSTION/BURN*" hazard source was calculated to be Q=28.2%, which means it is a *medium-risky hazard source* because 10%<Q<50% (Marhavilas and Koulouriotis, 2011). The same process for the calculation of Q can be applied in all hazard-sources determined by the risk-analysis on the TICL's OHSS, which could classify them into three categories: (i) high-risky sources (Q50%), (ii) medium-risky sources (10%<Q<50%), and (iii) low-risky sources (Q10%).

#### **6. Future work and closure**

62 Risk Management for the Future – Theory and Cases

**E1** 2,400 10-4 0.24 36,500 2.74E-05 8,760 0.240 0.79 0.21 **E2** 1,200 10-4 0.12 73,000 1.37E-05 8,760 0.120 0.89 0.11 **E3** 48 10-4 0.0048 1,825,000 5.48E-07 8,760 0.005 1.00 0.00 **E4** 48 10-4 0.0048 1,825,000 5.48E-07 8,760 0.005 1.00 0.00 **E5** 4,800 10-4 0.48 18,250 5.49E-05 8,760 0.480 0.62 0.38 **E6** 6 10-4 0.0006 14,600,000 6.85E-08 8,760 0.001 1.00 0.00 **E7** - - - 67,927 (\*) 1.47E-05 8,760 0.129 0.88 0.12 **E8** 2,400 10-4 0.24 36,500 2.74E-05 8,760 0.240 0.79 0.21 **E9** 240 10-4 0.024 365,000 2.74E-05 8,760 0.240 0.79 0.21 **E10** 1,200 10-4 0.12 73,000 1.37E-05 8,760 0.120 0.89 0.11 **E11** 2,400 10-4 0.24 36,500 2.74E-05 8,760 0.240 0.79 0.21 **E12** 1,200 10-4 0.12 73,000 1.37E-05 8,760 0.120 0.89 0.11

Table 1. Depiction of the results of TRF application on the OHSS of a tobacco-industry's chemical-laboratory, concerning all basic events E1-E12 of the FTA construction of Figure 3

We can consider the risk as a quantity, which can be estimated and expressed by a mathematical relation, under the help of real accidents' data. The risk assessment is generally achieved by a deterministic and/or a stochastic method. The diversity in risk analysis procedures is such that there are many appropriate techniques for any circumstance and the choice has become more a matter of taste. However, an individual method cannot achieve the best risk-assessment result in the worksites and future perspectives should focus

The objective of this work is twofold a) present of a new risk assessment framework based on the combination of the deterministic FTA ("fault-tree-analysis") technique and the stochastic TRF ("time at risk failure)" model, and b) apply the FTA-TRF process on an

In particular, the new alternative risk assessment framework we develop is achieved in Figure 1 by the combination of a stochastic and a deterministic process (STODET). This process consists of three distinct phases: (a) the risk analysis, (b) the quantified risk

on the parallel application of a deterministic technique with a stochastic one.

**λ=1/MTBF**

**T** 

**λ\*Τ**

**Reliability**  **Prob. of failure** 

*Q=1-R* 

*R=e-λ<sup>t</sup>*

*[w.hr]*

*[hr-1]* 

**MTBF** 

*[hr]*

**EVENT** 

**Occurrence Frequency**  *(f) [yr-1]*

(\*) From the technical specifications

**5. Discussion** 

industrial worksite.

**Likelihood**  *(P)* 

**Est. number of acc. per year**  *(N=P\*f) [acid./yr]*

> In a future work, we are planning: (i) the development of another risk assessment framework including more stochastic and deterministic techniques, and (ii) the application on other industrial OHSS. This means that we have the ability to combine more different stochastic techniques like Markov chains, the grey model, neural networks, the scenario analysis, the regression method, Bayesian networks etc (Zheng and Liu, 2009; Marhavilas and Koulouriotis, 2011), with more deterministic techniques like DMRA (for more information: Marhavilas *et al.* 2011a, 2011b). In the work of (Marhavilas *et al.* 2011a; see their Table 8), there is a comparison of the various DET methodologies focusing on their advantages/disadvantages, and highlighting areas of future improvements, while in the work of (Zheng and Liu 2009; see their table 8), a comparison of different STO models, a fact which could help the reader to select the best STO-DET combination.

> Apart from the exponential distribution, other usual probability distributions dealing with the reliability of health and safety systems which could be applied and tested are the following (Limnios, 2007; Marhavilas and Koulouriotis 2011):

> **Normal distribution**: It is used for modeling the duration and the lifetime of the systems and expressed by the relations

$$f(t) = \frac{1}{\sqrt{2\pi\sigma}}e^{-\frac{\left(t-\mu\right)^2}{2\sigma^2}} \quad R(t) = \bigcap\_{t}^{\infty} f(y)dy \quad \mathcal{A}(t) = \frac{f(t)}{R(t)}\tag{7}$$

Where is the average and is the standard deviation.

 **Log-Normal distribution**: It is expressed by the relations

$$f(t) = \frac{1}{\sqrt{2\pi}\sigma t} e^{-\frac{\left(\ln t - \mu\right)^2}{2\sigma^2}} \quad \text{(tè0)}, \ R(t) = \bigcap\_{t}^{\alpha} f(y) dy \; \; \; \; \lambda(t) = \frac{f(t)}{R(t)}\tag{8}$$

The Deterministic and Stochastic Risk

ISO/IEC (2nd ed.), Geneva.

doi:10.1016/j.aap.2009.04.003.

p.p. 51-55, ISSN 1791-2377.

Industrial Ergonomics, 25, 327-347.

ISO/IEC Guide 73:2009 (2009). Risk management-Vocabulary.

Assessment Techniques in the Work Sites: A FTA-TRF Case Study 65

ISO/IEC Guide 51 (1999). Safety Aspects – Guidelines for Their Inclusion in Standards.

Isograph (2008). Fault Tree+ for windows: Fault Tree Analysis-Event Tree Analysis-Markov Analysis. Isograph Limited FaultTree+V11.2 document, Version 11.2, p.1-325. Johansson, Ö., Wanvik, P.O., Elvik, R. (2009). A new method for assessing the risk of

Kontogiannis, T., Leopoulos, V., Marmaras, N. (2000). A comparison of accident analysis

Lim, H.J., Zhang, X. (2009). Semi-parametric additive risk models: Application to injury

Marhavilas P.K. (2009a). Health and Safety in the Work–Handling of the Occupational

Marhavilas P.K. (2009b). Risk Estimation in the Greek Constructions' Worksites by using a

Marhavilas, P.K., Koulouriotis, D.E. (2007). Risk Estimation in the Constructions' Worksites

Marhavilas P.K., Koulouriotis, D.E. (2008). A risk estimation methodological framework

Marhavilas P.K. and D.E. Koulouriotis (2011). Developing a new alternative risk assessment

Marhavilas P.K. and D.E. Koulouriotis (2012). A combined usage of stochastic and

Marhavilas P.K., D.E. Koulouriotis and V. Gemeni (2011a). Risk Analysis and Assessment

Marhavilas, P.K., D.E. Koulouriotis and C. Mitrakas (2011b). On the development of a new

Elsevier, doi:10.1016/j.jlp.2008.04.009, vol. 21, issue 6, p.p. 596-603.

duration study. Accident Analysis and Prevention 41, 211–216. Limnios, N. (2007). Fault Trees. ISTE Ltd, UK, ISBN 13: 978-1-905209-30-9.

Danger. Tziolas Edition, ISBN 978-960-418-171-1, pages 289.

of Greece, Vol I, Issue 1-2, p. 47-60, ISSN 1106-4935.

Science, Elsevier, doi:10.1016/j.ssci.2011.10.0006.

pp.36-46, doi: 10.1016/j.ress.2011.09.006.

issue 5, pp. 477-523.

accident associated with darkness. Accident Analysis and Prevention,

techniques for safety-critical man-machine systems. International Journal of

Quantitative Assessment Technique and Statistical Information of Occupational Accidents. Journal of Engineering Science and Technology Research, Vol. 2, Issue 1,

by using a Quantitative Assessment Technique and Statistical Information of Accidents. Technika Chronika Sci. J.TCG, Scientific Journal of Technical Chamber

using quantitative assessment techniques and real accidents' data: application in an aluminum extrusion industry. Journal of Loss Prevention in the Process Industries,

framework in the work sites by including a stochastic and a deterministic process: a case study for the Greek Public Electric Power Provider. Article in press, Safety

quantitative risk assessment methods in the worksites: Application on an electric power provider. Reliability Engineering and System Safety, Elsevier, 97 (2012),

Methodologies in the Work Sites: On a Review, Classification and Comparative Study of the Scientific Literature of the Period 2000-2009. Journal of Loss Prevention in the Process Industries, Elsevier, DOI: 10.1016/j.jlp.2011.03.004, vol 24,

hybrid risk assessment process using occupational accidents' data: Application on the Greek Public Electric Power Provider. Journal of Loss Prevention in the Process Industries, Elsevier, DOI 10.1016/j.jlp.2011.05.010, vol 24, issue 5, pp. 671-687.

ISO/IEC 31000. (2009). Risk management-Principles and guideline, ISBN 0 7337 9289 8.

 **Weibull distribution**: Due to the vast variations of form that it can take up according to the values of its parameters, the Weibull distribution is used in many domains of reliability, particularly in those concerned with the reliability of mechanical components. It is expressed by the relations

$$f(t) = \frac{\beta}{\eta^{\beta}} (t - \gamma)^{\beta - 1} \cdot e^{-\frac{\left(t - \gamma\right)^{\beta}}{\eta}}, \ R(t) = e^{-\frac{\left(t - \gamma\right)^{\beta}}{\eta}}, \ \mathcal{A}(t) = \frac{\beta (t - \gamma)^{\beta - 1}}{\eta^{\beta}} \tag{9}$$

Where *β* is the parameter of form, *η* the parameter of scale and *γ* the parameter of localization. For *β*= 1 and *γ*= 0, we will obtain the exponential distribution.

As a general observation in the end, we believe that the usage of the new STODET alternative risk assessment scheme, presented here, would help industries achieve better occupational risk protection.

#### **7. References**


 **Weibull distribution**: Due to the vast variations of form that it can take up according to the values of its parameters, the Weibull distribution is used in many domains of reliability, particularly in those concerned with the reliability of mechanical

( )

Where *β* is the parameter of form, *η* the parameter of scale and *γ* the parameter of

As a general observation in the end, we believe that the usage of the new STODET alternative risk assessment scheme, presented here, would help industries achieve better

Baker, S., Ponniah, D., Smith, S. (1998). Techniques for the analysis of risks in major projects.

BS 18004:2008 (2008). Guide to achieving effective occupational health and safety

BS 8800:1996 (1996). Guide to occupational health and safety management systems. ISBN:0

BS 8800:2004 (2004). Guide to occupational health and safety management systems. ISBN:0

BS OHSAS 18001:2007 (2007). Occupational health and safety management systems.

Colli, A., Serbanescu, D., Ale, B.J.M. (2009). Indicators to compare risk expressions,

Haimes, Y.Y. (2009). Risk modeling, assessment, and management. A John Wiley & Sons Inc.

Harms-Ringdahl, L. (2001). Safety Analysis, Principles and Practice in Occupational Safety.

Hellenic Republic (HR) (2010). Law 3850/2010: Code of Health and Safety in the worksites,

Høj, N.P., Kröger, W. (2002). Risk analyses of transportation on road and railway from a

Hong, E-S., Lee, I-M., Shin, H-S., Nam, S-W., Kong, J-S. (2009). Quantitative risk evaluation

ILO-OSH (2001). Guidelines on occupational safety and health management systems. ISBN:

based on event tree analysis technique: Application to the design of shield TBM.

National Printing-House, Issue 1, Part 84/2.6.2010, pp. 1721-1750.

Tunnelling and Underground Space Technology, 24, 3, 269-277.

accidental events from fossil fuels. Safety Science, 47, 5, 2009, 591-607. Doytchev, D.E., Szwillus, G. (2008). Combining task analysis and fault tree analysis for

grouping, and relative ranking of risk for energy systems: Application with some

accident and incident analysis: A case study from Bulgaria. Accident Analysis and

*Rt e*

( )

 

<sup>1</sup> ( ) ( ) *<sup>t</sup> <sup>t</sup>*

  (9)

*t*

 ,

( )

 

*t*

localization. For *β*= 1 and *γ*= 0, we will obtain the exponential distribution.

Journal of the Operational Research Society, 49, 6, 567-572.

components. It is expressed by the relations

<sup>1</sup> () ( )

occupational risk protection.

580 25859 9.

580 43987 9.

9221116344.

**7. References** 

*ft t e*

performance. ISBN:978 0 580 529108.

Requirements. ISBN:978 0 580 59404 5, p.34.

Prevention, doi:10.1016/j.aap.2008.07.014.

publication, 3rd edition ISBN 978-0-470-28237-3.

2nd edition, ISBN: 9780415236553, p.302, CRC Press.

European Perspective. Safety Science, 40, 1-4, 337-357.

,


ISO/IEC Guide 73:2009 (2009). Risk management-Vocabulary.


**4** 

*Italy* 

**Health Technology Assessment: An Essential** 

*1Dept. of Preventive Medical Sciences, University of Naples "Federico II", Naples,* 

Risk management in this chapter is defined as the process of identifying, through the study of all possible sources of errors and problems, the required preventive and corrective actions to reduce risk and whose consequences that compromises the capacity of an organization to reach its own objectives (Del Vecchio and Cosmi, 2003). It has been extensively used in economics, engineering and recently has also been adopted in the fields of public and

Safety, however, is becoming an imposed target for any health care system so that recent provisions stimulate the application of risk management methodologies (i.e. health risk

Health Risk Management (HRM) aims to improve the quality of health care, ensure safety and security for patients and sanitary operators encompassing the comprehension of risks

New technologies are not simple objects/products, but like a social practice built within actions and relationships, they are strictly connected to the business setup and act as a basic

The knowledge of the risks associated with different technologies (risk assessment) is of extreme importance in the definition of programs and initiatives, at various levels of health care governance (public health authorities, regions government, Ministry of Health), to

Healthcare distinguishes itself from other industries in that patient's safety represents a

However, healthcare systems are affected by risks of different nature: risks associated to the personnel professionalism or to the environment appropriateness, risks related to specific equipment use (e.g. magnetic resonance or X-ray), risks related to therapeutic or diagnostic

management) also in clinical environments (Sanfilippo, 2001; Carroll, 2009).

associated to the introduction or use of a technology in a clinical environment.

part of the organization design especially in health care industry.

reduce the incidence of errors and failures.

quality dimension of greatest importance.

private health (Gorrod, 2004; Alexander and Sheedy, 2005).

**1. Introduction** 

**Approach to Guide Clinical Governance** 

Giovanni Improta1, Antonio Fratini2 and Maria Triassi1

*2Dept. of Biomedical, Electronic and Telecommunication Engineering* 

**Choices on Risk Management** 

*University of Naples "Federico II", Naples,* 

