**2.2 Techniques for PRA**

The main techniques used for probabilistic risk assessment are fault tree analysis (FTA) and event tree analysis (ETA) [11].

FTA is a graphical relationship among events leading to a "top event" at the apex of the tree. Beginning with the top event, the intermediate events are hierarchically placed at different levels until the required level of detail is reached (the basic events at the bottom of the tree). The interactions between the top event and other events can be generally represented by "OR" or "AND" gates, as shown in **Figure 2(a)** and **(b)**, respectively.

Minimal cut sets (MCSs) of a fault tree are the combinations of basic events which are the shortest pathways that lead to the top event. MCSs are used for qualitative and quantitative assessments of fault trees and can be identified with support of Boolean algebra, specialized algorithms, or computer codes [12]. The probability of the top event can be assessed if the probability values or probability density functions (pdfs) of the basic events are available, using the identified MCSs. For instance, using the set theory concepts [13], the probability equations of the two FTs in **Figure 2(a)** and **(b)** can be expressed by Eqs. (2) and (3), respectively:

$$P(A \text{ or } B) = P(A \text{UB}) = P(A) + P(B) - P(A \cap B), \tag{2}$$

**Figure 3** shows an example of an event tree construction, starting with the initiating event of frequency of occurrence, λ, where *P1* and *P2* are the probabilities of subsequent events (event 1 and event 2) leading to the possible scenarios *S1*, *S2*, *S3*, and *S4*, with frequencies *F1*, *F2*, *F3*, and *F4*, respectively, each one with different consequences. If the success and the failure of each event are mutually exclusive (binary trees) and the probabilities of event occurrence are independent of each

Many types of data must be collected and treated for use in PRAs in order to quantify the accident scenarios and accident contributors. Data include, among others, component reliability and failure rates, repair times, initiating event probabilities, human error probabilities, and common cause failure (CCF) probabilities. These data are usually represented by uncertainty bounds or probability density functions, measuring the degree of knowledge or confidence in the available data. Uncertainties can be highly significant in risk-based decisions and are important for establishing research priorities after a PRA process. For well-understood basic events for which a substantial experience base exists, the uncertainties may be small. When data from experience are limited, the probability of basic events may be highly uncertain, and even knowing that a given probability is small, most of the

The development of scenarios in a PRA introduces uncertainties about both consequences and probabilities. Random changing of physical processes is an example of stochastic uncertainties, while the uncertainties due to lack of knowledge about these processes are the epistemic uncertainties. Component failure rates and reliability data are typically uncertain, sometimes because unavailability of information and sometimes because doubts about the applicability of available data. PRA of complex engineering systems such as those in nuclear power plants (NPPs) and chemical plants usually exhibits uncertainties arising from inadequate assumptions, incompleteness of modeling, CCF and human reliability issues, and lack of plant-specific data. For this type of facility, the major of sources of uncer-

• Uncertainties in input parameters—parameters of the models (e.g., FTs and ETs) for estimating event probabilities and assessing magnitude consequences

other, the frequency of each scenario is calculated as shown in **Figure 3**.

*Sequence of events in an event tree leading to different accident scenarios.*

*Treatment of Uncertainties in Probabilistic Risk Assessment*

*DOI: http://dx.doi.org/10.5772/intechopen.83541*

**2.3 Uncertainty sources in PRA**

**Figure 3.**

time one does not know how small it is.

tainties are [15]:

**129**

$$P(A \text{ and } B) = P(A \cap B) = P(A|B) \ P(B) = P(B|A) \ P(A),\tag{3}$$

where *P(A)* and *P(B)* are the independent probabilities of the basic events and *P(A|B)* and *P(B|A)* are the conditional (dependent) probabilities.

ETA is also a graphical logic model that identifies and quantifies possible outcomes (accident scenarios) following an undesired initiating event [14]. It provides systematic analysis of the time sequence of intermediate events (e.g., success or failure of defense-in-depth layers, as protective system or operator interventions), until an end state is reached. Consequences can be direct (e.g., fires, explosions) or indirect (e.g., domino effects on adjacent plants or environmental consequences).

**Figure 2.** *Intermediate events connected by "OR" (a) and "AND" (b) gates in a fault tree.*

#### **Figure 3.**

decision-makers in meeting risk criteria of standards and guidelines, as well as in

The main techniques used for probabilistic risk assessment are fault tree analysis

FTA is a graphical relationship among events leading to a "top event" at the apex of the tree. Beginning with the top event, the intermediate events are hierarchically placed at different levels until the required level of detail is reached (the basic events at the bottom of the tree). The interactions between the top event and other events can be generally represented by "OR" or "AND" gates, as shown in

Minimal cut sets (MCSs) of a fault tree are the combinations of basic events which are the shortest pathways that lead to the top event. MCSs are used for qualitative and quantitative assessments of fault trees and can be identified with support of Boolean algebra, specialized algorithms, or computer codes [12]. The probability of the top event can be assessed if the probability values or probability density functions (pdfs) of the basic events are available, using the identified MCSs. For instance, using the set theory concepts [13], the probability equations of the two FTs in **Figure 2(a)** and **(b)** can be expressed by Eqs. (2) and (3), respectively:

where *P(A)* and *P(B)* are the independent probabilities of the basic events and

ETA is also a graphical logic model that identifies and quantifies possible outcomes (accident scenarios) following an undesired initiating event [14]. It provides systematic analysis of the time sequence of intermediate events (e.g., success or failure of defense-in-depth layers, as protective system or operator interventions), until an end state is reached. Consequences can be direct (e.g., fires, explosions) or indirect (e.g., domino effects on adjacent plants or environmental consequences).

*P(A|B)* and *P(B|A)* are the conditional (dependent) probabilities.

*Intermediate events connected by "OR" (a) and "AND" (b) gates in a fault tree.*

*P A or B* ð Þ¼ *P A*ð Þ¼ U*B P A*ð Þþ *P B*ð Þ� *P A*ð Þ ∩*B ,* (2) *P A and B* ð Þ¼ *P A*ð Þ¼ ∩*B P A*ð Þ j*B P B*ð Þ¼ *P B*ð Þ j*A P A*ð Þ*,* (3)

visualizing and communicating risks [10].

*Reliability and Maintenance - An Overview of Cases*

(FTA) and event tree analysis (ETA) [11].

**Figure 2(a)** and **(b)**, respectively.

**Figure 2.**

**128**

**2.2 Techniques for PRA**

*Sequence of events in an event tree leading to different accident scenarios.*

**Figure 3** shows an example of an event tree construction, starting with the initiating event of frequency of occurrence, λ, where *P1* and *P2* are the probabilities of subsequent events (event 1 and event 2) leading to the possible scenarios *S1*, *S2*, *S3*, and *S4*, with frequencies *F1*, *F2*, *F3*, and *F4*, respectively, each one with different consequences. If the success and the failure of each event are mutually exclusive (binary trees) and the probabilities of event occurrence are independent of each other, the frequency of each scenario is calculated as shown in **Figure 3**.

## **2.3 Uncertainty sources in PRA**

Many types of data must be collected and treated for use in PRAs in order to quantify the accident scenarios and accident contributors. Data include, among others, component reliability and failure rates, repair times, initiating event probabilities, human error probabilities, and common cause failure (CCF) probabilities. These data are usually represented by uncertainty bounds or probability density functions, measuring the degree of knowledge or confidence in the available data.

Uncertainties can be highly significant in risk-based decisions and are important for establishing research priorities after a PRA process. For well-understood basic events for which a substantial experience base exists, the uncertainties may be small. When data from experience are limited, the probability of basic events may be highly uncertain, and even knowing that a given probability is small, most of the time one does not know how small it is.

The development of scenarios in a PRA introduces uncertainties about both consequences and probabilities. Random changing of physical processes is an example of stochastic uncertainties, while the uncertainties due to lack of knowledge about these processes are the epistemic uncertainties. Component failure rates and reliability data are typically uncertain, sometimes because unavailability of information and sometimes because doubts about the applicability of available data.

PRA of complex engineering systems such as those in nuclear power plants (NPPs) and chemical plants usually exhibits uncertainties arising from inadequate assumptions, incompleteness of modeling, CCF and human reliability issues, and lack of plant-specific data. For this type of facility, the major of sources of uncertainties are [15]:

• Uncertainties in input parameters—parameters of the models (e.g., FTs and ETs) for estimating event probabilities and assessing magnitude consequences are not exactly known because of the lack of data, variability of plants, processes or components, and inadequate assumptions.

• Modeling uncertainty—inadequacy of conceptual, mathematical, numerical, and computational models.

distribution. Order statistics are statistics based on the order of magnitudes and do not need assumptions about the shape of input or output distributions. According to the authors' knowledge, this method has been of little use in the field of reliability modeling and PRA, although it is used in other aspects of NPP safety, such as uncertainty in input parameters associated with the loss-of-coolant accident

The mentioned methods for uncertainty propagation have many differences and similarities, advantages and disadvantages, as well as benefits and limitations.

A brief discussion about the comparison of the mentioned methods is given as

The Monte Carlo simulation is computationally intensive for large and complex

The fuzzy set theory does not need detailed empirical information like the shape of distribution, dependencies, and correlations. Fuzzy numbers are a good representation of uncertainty when empirical information is very scarce. It is inherently

The Fenton-Wilkinson (FW) method improves the understanding of the contributions to the uncertainty distribution and reduces the computational costs involved, for instance, in conventional Monte Carlo simulation for uncertainty

**Benefits Limitations**

Difficult to apply for complex systems and large fault trees

It is inherently conservative because the inputs are treated in a

Closed form for top events is not easily obtained. Applicable only to log-normal distribution. Estimates are most accurate in the central

Low accuracy in low tails of the

fully correlated way

range

distributions

Computationally intensive for large and complex systems. Requires pdf of input data and does not reveal contributors to the uncertainty

Conceptually simple and does not require the specification of pdf of

solutions, especially for simple

It does not require detailed information of pdf. Suited when empirical information is very

Improves understanding of contributions to uncertainties and has low computational costs

computationally inexpensive

systems and requires pdf of input data. It has the disadvantage of not readily revealing the dominant contributors to the uncertainties. With current computer technology and availability of user-friendly software for Monte Carlo simulation,

The method of moments is an efficient technique that does not require the specification of the probabilistic distributions of the basic event probabilities. It is difficult to be applied to complex fault trees with many replicated events [23]. This can be solved with the use of computer codes that automatically get the minimal cut sets (MCSs) of the fault trees. It is a simple method, easily explainable and suited for

screening studies, due to inherent conservatism and simplicity [24].

conservative because the inputs are treated as fully correlated [25].

input data

Simulation Estimates are closes to exact

scarce

Order statistics Conservative and

and small systems

(LOCA) phenomena [22].

follows.

**Table 1** summarizes a comparison of these methods.

*Treatment of Uncertainties in Probabilistic Risk Assessment*

*DOI: http://dx.doi.org/10.5772/intechopen.83541*

computational cost is no longer a limitation.

**Method Propagation**

Method of moments

Monte Carlo simulation

Fuzzy set theory

Fenton-Wilkinson (FW) method

Wilks method

**Table 1.**

**131**

**technique**

Analytical (probability theory and statistics)

Fuzzy arithmetic

Analytical (closed-form approximation)

*Comparison of methods for uncertainty propagation.*

• Uncertainty about completeness—systematic expert reviewing can minimize the difficulties in assessing or quantifying this type of uncertainty.

The main focus of this work is the treatment of uncertainties regarding numerical values of the parameters used in fault and event trees in the scope of PRA and their propagation in these models. If a probability density function (pdf) is provided for the basic events (e.g., normal, log-normal, or triangular), a pdf or confidence bounds can be obtained for an FT top event or an ET scenario sequence.
