Page 535 - Corrosion Engineering Principles and Practice
P. 535

500   C h a p t e r   1 2                               C o r r o s i o n   a s   a   R i s k    501


                      event and develops the resulting sequence of events, normally over a
                      short  time  interval,  making  assumptions  about  the  availability  of
                      safeguards and backup systems [11].
                         Event  trees  are  valuable  for  examining  the  consequences  of
                      failure. However, they are less effective for the analysis of the causes
                      of  system  failure  and  the  short  timescale  over  which  events  are
                      considered may mask longer term consequences such as the gradual
                      deterioration of equipment due to faults elsewhere.
                         Construction starts with the initiating event and works through
                      each branch in turn. A branch is defined by a question (e.g., “Protective
                      device fails?”). The answers are usually binary (e.g., “yes” or “no”),
                      but there can also be multiple outcomes (e.g., 100, 20, or 0 percent in
                      the operation of a control valve). Each branch is conditional on the
                      appropriate answers to the previous ones in the tree.
                         Usually an event tree is presented with the initiating events on
                      the left and the outcomes on the right. The questions defining the
                      branches are placed across the top of the tree, with upward branches
                      signifying  “yes”  and  downward  ones  for  “no.”  A  probability  is
                      associated with each branch, being the conditional probability of the
                      branch (i.e., the answer “yes” or “no” to the branch question) given
                      the answers of all branches leading up to it. In each case, the sum of
                      the probabilities of each branch must be unity. The probabilities of
                      each  outcome  are  the  products  of  the  probabilities  at  each  branch
                      leading to them. The sum of the probabilities for all outcomes must
                      be unity as well. This provides a useful check on the analysis. The
                      strengths of event tree analysis are [10]
                          •  It is widely used and well accepted.
                          •  It  is  suitable  for  many  hazards  in  QRA  that  arise  from
                             sequences of successive failures.
                          •  It a clear and logical form of presentation.
                          •  It is simple and readily understood.

                         Its weaknesses are
                          •  It  is  not  efficient  where  many  events  must  occur  in
                             combination, as it results in many redundant branches.
                          •  All events are assumed to be independent.
                          •  It loses its clarity when applied to systems that do not fall into
                             simple failed or working states (e.g., human error, adverse
                             weather, and so forth).

                         Figure 12.13 shows an event tree analysis that was performed on
                      each process system of a fluid catalytic cracking unit (FCCU) gas plant
                      using actual probabilities and consequences that are particular to that
                      process system. In a span of seven months the refinery had experienced
   530   531   532   533   534   535   536   537   538   539   540