Section 4 Risk assessment techniques

4.1.1 Failure Modes and Effects Analysis (FMEA) is a qualitative inductive reasoning (as different from deductive reasoning), structured, systematic, and proactive method for evaluating a process (or components) to identify where and how components might fail. Based upon this analysis, an assessment of the relative impact of different failures on interrelated components as well as the technology, can be undertaken.

4.1.2 FMEA is not a substitute for good engineering design, but rather an assessment conducted after engineering design by a cross-disciplined and cross-functional team that applies their knowledge and experience to the design, with the view to understanding how the technology will function in the intended environment.

4.1.3 Extensions of FMEA are often used as the basis for quantitative studies such as FMECA (see IEC 60812) and FMEDA (see IEC 61508).

4.2.1 Based upon ISO 17776 (Annex C), a HAZID is a qualitative hazard identification process. It represents a structured and systematic approach for developing a list of hazards related to a technology down to the sub-component level. Each of these identified hazards is then reviewed to determine whether they are significant, and if so, the appropriate technique for further analysis.

4.2.2 When adopted as part of a TQ risk assessment, it is important to record all identified hazard in a formal register with the view to ensure traceability through subsequent qualification activities. As the objective of a HAZID is to provide input to subsequent risk analysis techniques, aspects covered by a HAZID should include operating environment, process integrity, health and safety, asset integrity, environmental and reputational damage, etc.

4.3.1 A HAZOP is a systematic examination of deviations from operational boundary conditions. It is performed by using a series of guidewords and parameters to identify if any of the combinations can occur; and if so, the possible consequences.

4.3.2 Additionally, existing measures to minimise causes and consequences are listed together, with any recommendations to eliminate deviation or improve upon existing measures. Based upon the IEC 61882 standard, it provides guidance on the study procedure, including definition, preparation, examination sessions, resulting documentation and follow-up.

4.3.3 A HAZOP is usually conducted in the context of a dedicated workshop, which is separate from the technology appraisal workshop. This is led by a chair, experienced in understanding the standard, the underpinning of the technology as well as the intended application. There is also a host of software available to assist with these studies.

4.4.1 This is a prospective hazard analysis method, like a HAZID, that uses structured brainstorming with guidewords to identify risks. The objective is to present a quicker and less intensive alternative to a FMEA.

4.4.2 Based upon ISO 31010, this qualitative analysis is a thorough, systematic analytical technique completed by a multi-disciplinary team. In contrast to a HAZOP which examines a technology item-by-item or procedure-by-procedure by applying guidewords, this technique is system-orientated, examining each of the systems and sub-systems.

4.5.1 Also known as a Fault Hazard Analysis, this process follows an inductive reasoning approach to problem solving by focussing on the specific and then moving onto the general. It is an expansion of a FMEA where the data obtained forms an input into this analysis technique.

4.5.2 The FHA technique is defined in SAE ARP4761 and begins with the establishment of a list of system and subsystem functions. Adopting a predictive technique, it then attempts to explore the effects of functional failures of parts of a system.

4.6.1 In contrast to SWIFT or FMEA, an FTA is a qualitative top-down, deductive fault analysis technique in which an undesired state of a system is analysed using Boolean logic to combine a series of lower-level events. This analysis method is mainly used in safety and reliability engineering to understand how systems can fail, identify the best ways to reduce risk, and determine event rates for a safety incident or system-level functional failure.

4.6.2 The process is based upon IEC 61025, while IEC 60300-3-9 offers guidelines on the dependability management required to develop the fault-tree of the system. There is a host of software-based templates that incorporate the dependability management algorithm to construct the fault-tree.

4.7.1 Like FTA, ETA is a logical modelling technique for understanding success and failure by exploring the responses through singular incidents. This lays a path for assessing the probabilities of the outcomes and the overall system analysis.

4.7.2 The difference between the two is that the general direction of an event tree is from left to right or along a horizontal axis, while fault tree graphs are displayed as top-down designs. The layout of FTA is based on the traditional diagram structure of sciences, engineering, or some other related subjects, where causes are determined. In contrast, the structural design of an ETA display categories with long titles and texts, where the consequences of an event are determined.

4.7.3 The ETA process is based on IEC 62502, which suggests different ways to map an initiating event, the consequences of an escalation, and the effectiveness of the control measures at each juncture.