Risk Assessment. Marvin Rausand
defining initiating event, we give a general definition of the term “event”:
Definition 2.7 (Event)
Incident or situation that occurs in a particular place during a particular interval of time.
In risk analysis, the term “event” refers to a future occurrence. The duration of the event may range from very short (e.g. an instantaneous shock) to a rather long period. An initiating event is defined as follows:
Definition 2.8 (Initiating event)
An identified event that represents the beginning of an accident scenario. (Adapted from IAEA 2002 .)
This definition states that the initiating event represents the beginning of an accident scenario, but it is not clearly specified where and when the beginning is. In Example 2.1 , we said that “gas leak from flange A” was the beginning of the accident scenario, that is the initiating event, but we do not say anything about why the leak occurred. If this was because of an impact against the flange, we could have said that “impact against flange A” was the initiating event. In practice, it is up to the risk analyst to decide what she wants to define as the beginning. This depends on what the focus of the analysis is, the limitations of the analysis, limitations in our knowledge about the system or the accident scenarios, and so on. Among the causes of initiating events are hazards.
2.3.3.1 Hazardous Event
Another commonly used term is hazardous event, sometimes used more or less synonymously with initiating event. We have chosen to distinguish these two, although it is not easy to give a precise definition of hazardous event. A possible definition is:
Definition 2.9 (Hazardous event)
An event that has the potential to cause harm.
From this definition, any event that is part of an accident scenario, including the initiating event, may be classified as a hazardous event. The practical use of this term is discussed under methods for hazard identification in Chapter 10.
Observe that both initiating event and hazardous event are terms that are difficult to give a precise physical meaning. Instead, both can be regarded as analytical terms that are used to identify starting points for the analysis. Because the starting point of our analysis may be chosen more or less freely, it is not possible to pinpoint specific events in a sequence that are initiating and hazardous events, respectively. As a guideline, it may be useful to specify the hazardous event as the first event in the sequence when the situation moves from a normal situation to an abnormal situation. This is not necessarily very precise, but may still be a help in performing risk analyses in practice.
The hazardous event is a central concept in the bow‐tie model of risk analysis, which is described in Section 2.3.4 (i.e. after the examples).
Example 2.3 (Hazardous events)
A hazardous event was defined as an event that may cause harm, and it was suggested to use the first abnormal event as the hazardous event. The following examples illustrate this:
1 (1) An object dropping from a crane. The process of lifting itself is completely normal and is not considered a hazardous event. If, on the other hand, the object that is lifted starts falling, it is definitely an abnormal situation.
2 (2) A car driver losing control of the car. Driving is a very common and normal activity, but if the driver loses control of the car while driving, the situation may develop into a serious accident with severe consequences.
3 (3) An aircraft engine stopping during flight. It should be fairly obvious that this is an abnormal situation. Most commercial planes have two engines and are able to land without problems with one engine not working. It is still reasonable to classify this as a hazardous event in a risk analysis.
4 (4) A person slipping when climbing a ladder. Climbing a ladder is normal, but if the climbing person slips, she may lose her balance and fall off the ladder, with potentially serious consequences. On the other hand, she may be able to regain her hold and balance again, avoiding an accident. A hazardous event will therefore not necessarily always lead to an accident.
In all these examples, some prerequisites need to be in place for the event to occur. In the case of the car, control can only be lost if the car is driving, dropped objects are only possible if something has been lifted, the aircraft engine stopping is critical only during flight, not on the ground. This is an indication that hazardous events on their own not necessarily are critical but need to occur in a context where a hazard is present.
Example 2.4 (Crane operation)
A crane is used to lift heavy elements on a construction site. The lifting operation has several hazards. One of these is the potential energy of a lifted element. This hazard is an intrinsic hazard of the lifting operation because it is not possible to lift anything without creating potential energy. The potential energy can be released, for example, if the hazardous event “chain breaks” occurs. This event leads to “uncontrolled fall of the element.” The consequence of the fall depends on where the element falls down – if there are people or important equipment (i.e. assets) in the area. The concepts used in this example are shown in Figure 2.1 .
2.3.4 The Bow‐tie Model
The bow‐tie model for risk analysis is shown in Figure 2.2 . An identified hazardous event is placed in the middle of the figure, with the causes shown on the left side and the consequences on the right side. The figure indicates that various hazards and/or threats may lead to the hazardous event and that the hazardous event may in turn lead to many different consequences. Various barriers are usually available between the hazards/threats and the hazardous event, and between the hazardous event and the consequences. The model in Figure 2.2 is called a bow‐tie model because it resembles the bow tie that men sometimes use in place of a necktie with a formal suit. The bow‐tie model is a useful illustration of both conception and analysis of risk.
Many of the concepts that are introduced in this section can be illustrated in the bow‐tie diagram. An accident scenario, involving the identified hazardous event, is shown as a path from left to right. The sequence of events is started by an initiating event and is terminated by a specific end event that causes an end state. The end state will lead to consequences for one or more assets. The path of the accident scenario is diverted (i.e. changes state) by the action of barriers and hence, the steps of the path indicate the presence of barriers. All the possible accident scenarios involving the specified hazardous event can, in principle, be represented in the same bow‐tie diagram. If we are able to identify all relevant hazardous events, we can, in principle, identify and describe all relevant accident scenarios by using bow‐tie diagrams. This makes the bow‐tie model a practical and efficient tool for risk analysis.