A proactive operational risk identification and analysis framework based on the integration of ACAT and FRAM
Graphical abstract
Introduction
To manage a system, one conventional common method is to decompose the system into elements such as human, machine, environment, etc. and manage these elements separately [1]. However, the dynamic characteristic of society leads to a high degree of complexity and coupling of these system elements [2]. Accidents occur no longer in simple linear cause-effect ways but in latent and more unpredictable ways.
In recent decades, risk identification and analysis have served as important methods to investigate accidents and manage safety. However, conventional risk analysis methods such as FTA, ETA, and FMEA, seem to be insufficient to explore these complex conditions. Risk identification requirements have evolved from studying linear cause and effect relationships to revealing nonlinear coupling relationships. On the other hand, traditional risk analysis methods focus on the cause and effect relationships between the system elements and accidents, while ignoring what the correct and proper relationships should be. In this case, traditional risk analysis methods can only provide negative experience about how the system fails rather than how to make a successful system. Therefore, the dynamic characteristic of society requires proactive risk identification and analysis by learning from success rather than from accidents and incidents [2]. Accordingly, new approaches such as Accimap, STAMP, and FRAM have been developed.
The Accimap [3] emphasized functional abstraction when conducting adaptive and systematic risk management. Rasmussen and Suedung [2] developed a proactive risk management approach for the modern dynamic society. Proactive risk management indicates that the system continues to operate when unpredictable disturbances occur. To this end, they considered risk management as a control problem and presented the concept of closed-loop feedback control. The approach focuses on normal work features and activities of actors instead of system deficiencies. Leveson [4] also indicated that safety can be well explained from the control perspective and developed the Systems-Theoretic Accident Model and Processes (STAMP) method. Accidents occur because of the control failure of functional constraints among system components. Inspired by Rasmussen's and Leveson's work, Li, et al. [5] proposed an accident causation analysis and taxonomy (ACAT) framework from both system and control theory perspectives. Specifically, the ACAT uses failure taxonomy (or subjects) defined from the system safety perspective to guide causation analysis and uses control theory to describe safety constraints (or functions) failure. Although the initial purpose of ACAT is to help accident causation analysis and statistics, it presents an important mechanism that risk comes from subjects’ functions failure. In ACAT, it is assumed that any complex system can be considered as a control system consisting of functions such as the actuator, sensor, controller, and communication. These four functions coordinate together to make the system work smoothly and continuously. Accidents occur when there are missing or ineffective functions in the control loop. Accordingly, each component in a system should follow a closed-loop control pattern to function properly. For instance, let's assume that a system's object is to make a valve on a gas pipeline open. The main component of the system is an operator, who can take actions to open the valve. However, the finish of this action does not mean the completion of the task. They lack additional functions like supervision, communication, checking, which makes the system vulnerable. Does the on-site operator follow appropriate operational procedures? Is there a site supervisor who can ensure no ignition source in the surrounding area? Does the on-site supervisor inform the board operator of the operation? With ACAT, these problems can be addressed effectively. Furthermore, compared with complex multilayer methods such as Accimap and STAMP, the ACAT framework is more suitable for operational risk analysis in workplaces by providing more descriptive details.
FRAM is another one of the most representative tools for the risk identification of modern complex systems [6]. Instead of decomposing a system into components, FRAM depicts a dynamic process or a system with different functions. Each function is a sub-object of the process. To represent how these functions interact, six aspects are defined, which separately are input, output, time, control, preconditions, and resources. FRAM has demonstrated its efficiencies in the domains like aviation [7], [8], [9], [10], flood defences [11], healthcare [12], [13], [14], [15], maritime [16], [17], [18], [19], manufacturing [20], nuclear [21], petroleum [22], etc. Apart from these numerous applications, extensive studies of improving FRAM are continuously going on, especially through combining FRAM with current methods. For example, Rosa et al. [23] applied the analytic hierarchy process to obtain the relative importance of the criteria in FRAM. Praetorius et al. [24] used FRAM to provide structured expert inputs for the Formal Safety Assessment (FSA) to obtain more hazard identification results. Patriarca et al. [25] discussed the compatibility of the FRAM with Abstraction Hierarchy (AH) and found that the united method can provide an enhanced knowledge representation with the multi-layer functional structure. To quantitatively define system functions, Patriarca et al. [26] further combined Monte Carlo simulation and FRAM. Yang et al. [27] used a verification tool SPIN to increase efficiency and accuracy of current FRAM. It can be seen that the integration of FRAM and other methods can help extend its use range. However, there still remains no universally accepted framework to ensure the consistency of establishing FRAM. For instance, the functions identification varies from different subjective judgments.
The aim of this paper is to combine ACAT with FRAM to generate a proactive operational risk identification and analysis framework, which provides perspectives to learn from success rather than from failure. The conventional methods and their integration will be discussed in Section 2. Then two cases are introduced for illustrative applications in Section 3. The differences between the integrated method with HTA (hierarchical task analysis) and Abstraction Hierarchy are discussed in Section 4. Section 5 concludes.
Section snippets
ACAT
The Accident Causation Analysis and Taxonomy (ACAT) model was first proposed for accident investigation and analysis [5]. It can be viewed as a two-dimensional model which considering both structural decomposition and functional abstraction. The structural decomposition tackles the question of what is the failure, while the functional abstraction addresses how the failure happens.
Although the ACAT model is literally post hoc, it defines the conditions for successful and continuous system
Illustrative applications
To illustrate the application of the integration method, two cases in different domains are used. The simple case (case 1) is the risk analysis of opening a valve on a gas pipeline, whereas the complex case (case 2) is the process risk analysis of starting a coal shearer.
Discussions
In this paper, we show that the integrated ACAT/FRAM framework can help risk identification and analysis in an intuitive and rigorous way. It combines the ACAT's advantages of structural decomposition and the FRAM's advantages of describing complex functions and their functional interactions. Compared with traditional risk analysis methods such as FTA, ETA, and FMEA, it focuses on exploring the reasons for success rather than failure. Thus, some risk contributing factors we identified may have
Conclusions
The conventional risk analysis methods emphasize the cause-effect relationships by trying to figure out what could go wrong. They have played an important role in investigating and decreasing accidents. However, learning from accidents or failures can only generate reactive and passive risk countermeasures rather than positive ones. Therefore, a proactive method can generate risk scenarios from a successful operation process rather than a failed one. The aim of this paper is to present a
Acknowledgements
This paper is funded by the program of Scientific Research Foundation of Shandong University of Science and Technology for Recruited Talents (2017RCJJ002), and First-class Discipline of Mineral Engineering construction project of Shandong University of Science and Technology (Grant No. 01AQ01805). We are also grateful for the authors of the references and the anonymous reviewers.
References (35)
Risk management in a dynamic society: a modelling problem
Saf. Sci.
(1997)A new accident model for engineering safer systems
Saf. Sci.
(2004)- et al.
An Accident Causation Analysis and Taxonomy (ACAT) model of complex industrial system from both system safety and control theory perspectives
Saf. Sci.
(2017) - et al.
Comparing a multi-linear (step) and systemic (fram) method for accident analysis
Reliab. Eng. Syst. Saf.
(2010) - et al.
An application of the functional resonance analysis method (fram) to risk analysis of multifunctional flood defences in the netherlands
Reliab. Eng. Syst. Saf.
(2017) - et al.
Learn from what goes right: a demonstration of a new systematic method for identification of leading indicators in healthcare
Reliab. Eng. Syst. Saf.
(2018) - et al.
Application of a non-linear model to understand healthcare processes: using the functional resonance analysis method on a case study of the early detection of sepsis
Reliab. Eng. Syst. Saf.
(2018) - et al.
A systems approach using the functional resonance analysis method to support fluoride varnish application for children attending general dental practice
Appl. Ergon.
(2018) - et al.
A new methodology for accident analysis with human and system interaction based on FRAM: case studies in maritime domain
Saf. Sci.
(2018) - et al.
Frama: a safety assessment approach based on functional resonance analysis method
Saf. Sci.
(2016)
Advantages for risk assessment: evaluating learnings from question sets inspired by the FRAM and the risk matrix in a manufacturing environment
Saf. Sci.
Defining the functional resonance analysis space: combining abstraction hierarchy and fram
Reliab. Eng. Syst. Saf.
A monte carlo evolution of the functional resonance analysis method (FRAM) to assess performance variability in complex systems
Saf. Sci.
Safety is an emergent property: illustrating functional resonance in air traffic management with formal verification
Saf. Sci.
A novel acoustic emission detection module for leakage recognition in a gas pipeline valve
Process Saf. Environ.
Natural gas pipeline valve leakage rate estimation via factor and cluster analysis of acoustic emissions
Measurement
Preparation and characteristics of a multifunctional dust suppressant with agglomeration and wettability performance used in coal mine
Chem. Eng. Res. Des.
Cited by (31)
A novel methodology to quantify the impact of safety barriers on maritime operational risk based on a probabilistic network
2024, Reliability Engineering and System SafetyHGV fire risk assessment method in highway tunnel based on a Bayesian network
2023, Tunnelling and Underground Space TechnologyRisk evolution analysis of ship pilotage operation by an integrated model of FRAM and DBN
2023, Reliability Engineering and System SafetyCitation Excerpt :Using ACAT, each function in the FRAM model is regarded as a control loop, which is divided and functionally described from the actuator, sensor, controller, and communication perspectives. FRAM-ACAT [54] is a nested analysis method, with intra-level functions nested in each inter-level function. The inter-level function is constructed by the traditional FRAM method, while intra-level functions refer to the function modules in a closed-loop control structure using ACAT for each inter-level function.