Risk Assessment. Marvin Rausand
rel="nofollow" href="#fb3_img_img_de335db5-fb6b-5548-8ef6-0c74482ce564.jpg" alt="Illustration of the bow-tie model for risk analysis."/> Figure 2.2 An accident scenario and related concepts illustrated in a bow‐tie diagram.
2.3.5 End Event and End State
In the same way that we define initiating events as the start of the accident scenarios, we often use the term “end event” or “end state” to signify the end of the accident scenario. Defining this is not any easier than defining the initiating event.
Definition 2.10 (End event)
An identified event that represents the end of a defined accident scenario.
This definition does not specify what the end of the scenario is. In the same way as with initiating events, it is up to the analyst to decide where and when the scenario ends. When the end event occurs, the system enters a state that we call the end state. This end state is used as a basis for establishing the consequence spectrum for the accident scenario.
2.3.6 A Caveat
The initiating event, the hazardous event, and the end event are all problematic concerning where to locate them in an accident scenario. The initiating event may be the least problematic, but as seen from the comment after Definition 2.8 , it is not always obvious how and where to start an accident scenario.
The end event and the following end state may be the most important part of an accident scenario and is often used as a name for the scenario, such as “fire in process area 1” or “collision with train on same track.” As illustration, consider a potential fire in the process plant. Should we define the end state of the accident scenario as (i) a fire is ignited, (ii) a significant fire is ongoing, or (iii) the fire has been extinguished? In many risk analyses, the end state is set as soon as a state is initiated that inevitably – if not stopped – will cause harm to some assets. For the scenario above, this means that the end state is defined as “fire is ignited.” When this end state is present, a number of safeguards, or barriers, are usually activated to stop the development of the end state and/or to protect the assets. The consequences of the accident scenario are then determined by the capability and reliability of these barriers. Where to set the end state depends on the study object and on what is deemed by the risk analyst to be practical.
The hazardous event is purely an analytical concept and may be defined by the analyst as any event in an accident scenario between and including – the initiating event and the end event. There are no clear recommendations for the choice of hazardous events, but some choices may lead to an efficient risk analysis and some may not.
For the bow‐tie diagram in Figure 2.2 , observe that if the hazardous event is moved further to the left in the diagram (see Figure 2.3 a), the number of possible paths for the event sequence will typically increase. On the other hand, if we move the hazardous event to the right in the bow‐tie diagram (see Figure 2.3 b), the number of causes of the hazardous event increases and fewer possible paths follow from the hazardous event. The approach in Figure 2.3 a gives a more simple causal analysis and a more complicated consequence analysis, whereas the approach in Figure 2.3 b gives a more complicated causal analysis and a more simple causal analysis. Which of these approaches gives the best and most complete result depends on the system and the problem at hand.
2.3.7 Enabling Events and Conditions
Hazards are primary causes of initiating events, but specific events or conditions often need to be in place in addition for an initiating event to occur. The same applies for events later in the accident scenario. These events and conditions are called enabling events and conditions.
Definition 2.11 (Enabling events and conditions)
An event or a condition that on its own or in combination with other events or conditions can trigger an initiating event or enable an accident scenario to develop further toward an accident.
Enabling events and conditions are events and conditions that contribute to instigate the initiating event and to drive the accident scenario forward toward harm of an asset. Sometimes, it may be difficult to distinguish clearly between events that are in the accident scenario sequence and enabling events, but as a general rule, all events that are not on the “main path” toward the accident scenario end event are enabling events. It may seem unnecessary to distinguish between these two, but for the purpose of managing risk it may be quite important. If an initiating event or another event occurs that is defined as being part of the accident scenario, this means that the situation has moved one step closer to becoming an accident. Enabling events (and conditions) only change the probability that an event in the sequence occurs. In an earlier example, “Gas leak from flange A” was used as an initiating event. An enabling event could be “impact on flange” and an enabling condition could be “corrosion” because both increase the probability of failure of the flange.
Table 2.4 lists some hazards, enabling events and conditions, and initiating events to help clarify the concepts and illustrate the differences between them.
Table 2.4 Hazards, enabling events and conditions, and initiating events.
| Hazard | Enabling event/condition | Initiating event |
| A car on top of a hill | Handbrake is not on | Car starts rolling |
| Propane gas under pressure | Corrosion in tank | Gas is released |
| Water in a hydroelectric power dam | Extreme rain | Water flows over top of dam |
| A large crowd in a confined space | Excitement in crowd | Panic breaks out |
| Tension between tectonic plates | Build up over long period | Earthquake |
| Pressure differences in the atmosphere | Increasing pressure difference | Storm |
| Tension in an offshore structure | Crack growth in structure due to fatigue | Failure of a structural member |
2.3.7.1 Active Failures and Latent Conditions
Reason (1997) distinguishes between active failures and latent conditions.