A proactive operational risk identification and analysis framework based on the integration of ACAT and FRAM

https://doi.org/10.1016/j.ress.2019.02.012Get rights and content

Highlights

  • A proactive risk identification and analysis approach for operational processes was developed.

  • A new risk analysis framework was proposed based on FRAM and ACAT model.

  • The conventional FRAM was enriched with a detailed and rigorous description of functions.

  • More functional constraints were identified with the hybrid approach.

Abstract

Risks in the industrial operation processes involve complex system elements such as human, machine, organization, information, as well as nonlinear coupling relationships among them. Traditional risk analysis methods focus on the cause-effect relationships between the system elements and accidents, while ignoring what the correct and proper relationships should be. For a proactive risk identification and analysis, learning from success is suggested instead of learning from post hoc accidents, which requires that risk analysis identifies the normal functions and their couplings. Therefore, system functioning has been a subject of interest in the field of risk analysis. The Functional Resonance Analysis Method (FRAM) has been an effective tool to reveal the couplings and dependent relationships among different functions. However, the functions identification and interaction analysis in the FRAM is limited because there is no consistent or explicit stop rule. For a detailed and rigorous description of functions, the Accident Causation Analysis and Taxonomy (ACAT) model is used to enrich the FRAM by generating functions based on a closed-loop control system. Two operation processes in the hazardous industries are used as illustrations. The results show that more functional constraints and deep contributing factors to accidents can be identified with the hybrid approach.

Introduction

To manage a system, one conventional common method is to decompose the system into elements such as human, machine, environment, etc. and manage these elements separately [1]. However, the dynamic characteristic of society leads to a high degree of complexity and coupling of these system elements [2]. Accidents occur no longer in simple linear cause-effect ways but in latent and more unpredictable ways.

In recent decades, risk identification and analysis have served as important methods to investigate accidents and manage safety. However, conventional risk analysis methods such as FTA, ETA, and FMEA, seem to be insufficient to explore these complex conditions. Risk identification requirements have evolved from studying linear cause and effect relationships to revealing nonlinear coupling relationships. On the other hand, traditional risk analysis methods focus on the cause and effect relationships between the system elements and accidents, while ignoring what the correct and proper relationships should be. In this case, traditional risk analysis methods can only provide negative experience about how the system fails rather than how to make a successful system. Therefore, the dynamic characteristic of society requires proactive risk identification and analysis by learning from success rather than from accidents and incidents [2]. Accordingly, new approaches such as Accimap, STAMP, and FRAM have been developed.

The Accimap [3] emphasized functional abstraction when conducting adaptive and systematic risk management. Rasmussen and Suedung [2] developed a proactive risk management approach for the modern dynamic society. Proactive risk management indicates that the system continues to operate when unpredictable disturbances occur. To this end, they considered risk management as a control problem and presented the concept of closed-loop feedback control. The approach focuses on normal work features and activities of actors instead of system deficiencies. Leveson [4] also indicated that safety can be well explained from the control perspective and developed the Systems-Theoretic Accident Model and Processes (STAMP) method. Accidents occur because of the control failure of functional constraints among system components. Inspired by Rasmussen's and Leveson's work, Li, et al. [5] proposed an accident causation analysis and taxonomy (ACAT) framework from both system and control theory perspectives. Specifically, the ACAT uses failure taxonomy (or subjects) defined from the system safety perspective to guide causation analysis and uses control theory to describe safety constraints (or functions) failure. Although the initial purpose of ACAT is to help accident causation analysis and statistics, it presents an important mechanism that risk comes from subjects’ functions failure. In ACAT, it is assumed that any complex system can be considered as a control system consisting of functions such as the actuator, sensor, controller, and communication. These four functions coordinate together to make the system work smoothly and continuously. Accidents occur when there are missing or ineffective functions in the control loop. Accordingly, each component in a system should follow a closed-loop control pattern to function properly. For instance, let's assume that a system's object is to make a valve on a gas pipeline open. The main component of the system is an operator, who can take actions to open the valve. However, the finish of this action does not mean the completion of the task. They lack additional functions like supervision, communication, checking, which makes the system vulnerable. Does the on-site operator follow appropriate operational procedures? Is there a site supervisor who can ensure no ignition source in the surrounding area? Does the on-site supervisor inform the board operator of the operation? With ACAT, these problems can be addressed effectively. Furthermore, compared with complex multilayer methods such as Accimap and STAMP, the ACAT framework is more suitable for operational risk analysis in workplaces by providing more descriptive details.

FRAM is another one of the most representative tools for the risk identification of modern complex systems [6]. Instead of decomposing a system into components, FRAM depicts a dynamic process or a system with different functions. Each function is a sub-object of the process. To represent how these functions interact, six aspects are defined, which separately are input, output, time, control, preconditions, and resources. FRAM has demonstrated its efficiencies in the domains like aviation [7], [8], [9], [10], flood defences [11], healthcare [12], [13], [14], [15], maritime [16], [17], [18], [19], manufacturing [20], nuclear [21], petroleum [22], etc. Apart from these numerous applications, extensive studies of improving FRAM are continuously going on, especially through combining FRAM with current methods. For example, Rosa et al. [23] applied the analytic hierarchy process to obtain the relative importance of the criteria in FRAM. Praetorius et al. [24] used FRAM to provide structured expert inputs for the Formal Safety Assessment (FSA) to obtain more hazard identification results. Patriarca et al. [25] discussed the compatibility of the FRAM with Abstraction Hierarchy (AH) and found that the united method can provide an enhanced knowledge representation with the multi-layer functional structure. To quantitatively define system functions, Patriarca et al. [26] further combined Monte Carlo simulation and FRAM. Yang et al. [27] used a verification tool SPIN to increase efficiency and accuracy of current FRAM. It can be seen that the integration of FRAM and other methods can help extend its use range. However, there still remains no universally accepted framework to ensure the consistency of establishing FRAM. For instance, the functions identification varies from different subjective judgments.

The aim of this paper is to combine ACAT with FRAM to generate a proactive operational risk identification and analysis framework, which provides perspectives to learn from success rather than from failure. The conventional methods and their integration will be discussed in Section 2. Then two cases are introduced for illustrative applications in Section 3. The differences between the integrated method with HTA (hierarchical task analysis) and Abstraction Hierarchy are discussed in Section 4. Section 5 concludes.

Section snippets

ACAT

The Accident Causation Analysis and Taxonomy (ACAT) model was first proposed for accident investigation and analysis [5]. It can be viewed as a two-dimensional model which considering both structural decomposition and functional abstraction. The structural decomposition tackles the question of what is the failure, while the functional abstraction addresses how the failure happens.

Although the ACAT model is literally post hoc, it defines the conditions for successful and continuous system

Illustrative applications

To illustrate the application of the integration method, two cases in different domains are used. The simple case (case 1) is the risk analysis of opening a valve on a gas pipeline, whereas the complex case (case 2) is the process risk analysis of starting a coal shearer.

Discussions

In this paper, we show that the integrated ACAT/FRAM framework can help risk identification and analysis in an intuitive and rigorous way. It combines the ACAT's advantages of structural decomposition and the FRAM's advantages of describing complex functions and their functional interactions. Compared with traditional risk analysis methods such as FTA, ETA, and FMEA, it focuses on exploring the reasons for success rather than failure. Thus, some risk contributing factors we identified may have

Conclusions

The conventional risk analysis methods emphasize the cause-effect relationships by trying to figure out what could go wrong. They have played an important role in investigating and decreasing accidents. However, learning from accidents or failures can only generate reactive and passive risk countermeasures rather than positive ones. Therefore, a proactive method can generate risk scenarios from a successful operation process rather than a failed one. The aim of this paper is to present a

Acknowledgements

This paper is funded by the program of Scientific Research Foundation of Shandong University of Science and Technology for Recruited Talents (2017RCJJ002), and First-class Discipline of Mineral Engineering construction project of Shandong University of Science and Technology (Grant No. 01AQ01805). We are also grateful for the authors of the references and the anonymous reviewers.

References (35)

Cited by (31)

  • Risk evolution analysis of ship pilotage operation by an integrated model of FRAM and DBN

    2023, Reliability Engineering and System Safety
    Citation Excerpt :

    Using ACAT, each function in the FRAM model is regarded as a control loop, which is divided and functionally described from the actuator, sensor, controller, and communication perspectives. FRAM-ACAT [54] is a nested analysis method, with intra-level functions nested in each inter-level function. The inter-level function is constructed by the traditional FRAM method, while intra-level functions refer to the function modules in a closed-loop control structure using ACAT for each inter-level function.

View all citing articles on Scopus
View full text