Page 24 - Pipeline Risk Management Manual Ideas, Techniques, and Resources
P. 24
Basic concepts 113
the same kind have that property; or we draw conclusions about As it is used here, the term model refers to a set of rules that are
causes of an illness based on observations of symptoms. used to describe a phenomenon. Models can range from very
Inductive inference permeates almost all fields, including edu- simple screening tools (Le., “ifA and not B, then risk = low”) to
cation, psychology, physics, chemistry, biology, and sociology enormously complex sets of algorithms involving hundreds of
1561. The role of induction is central to many of our processes of variables that employ concepts from expert systems, fuzzy
reasoning. logic, and other artificial intelligence constructs.
At least one application of inductive reasoning in pipeline Model construction enables us to better understand our phys-
risk assessment is obvious-using past failures to predict ical world and hence to create better engineered systems.
future performance. A more narrow example of inductive rea- Engineers actively apply such models in order to build more
soning for pipeline risk assessment would be: “Pipeline ABC is robust systems. Model building and model applicatiodevalua-
shallow and fails often, therefore all pipelines that are shallow tion are therefore the foundation of engineering. Similarly,
fail more often.” risk assessment is the application of models to increase the
Deduction on the other hand, reasons forward from estab- understanding of risk, as discussed later in this chapter.
lished rules: “All shallow pipelines fail more frequently; In addition to the classical models of logic. logic techniques
pipeline ABC is shallow; therefore pipeline ABC fails more are emerging that seek to better deal with uncertainty and incom-
frequently.” plete knowledge. Methods of measuring “partial truths”-when
As an interesting aside to inductive reasoning, philosophers a thing is neither completely true nor completely false-have
have struggled with the question of what justification we have been created based on fuuy logic originating in the 1960s from
to take for granted the common assumptions used with induc- the University of California at Berkley as techniques to model
tion: that the future will follow the same patterns as the past; the uncertainty of natural language. Fuzzy logic or fuzzy set the-
that a whole population will behave roughly like a randomly ory resembles human reasoning in the face of uncertainty and
chosen sample; that the laws of nature governing causes and approximate information. Questions such as “To what degree is1
effects are uniform; or that we can presume that a sufficiently safe?’ can be addressed through these techniques. They have
large number of observed objects gives us grounds to attribute found engineering application in many control systems ranging
something to another object we have not yet observed. In short, from “smart” clothes dryers to automatic trains.
what is the justification for induction itself? Although it is
tempting to try to justify induction by pointing out that induc- II. Basic concepts
tive reasoning is commonly used in both everyday life and sci-
ence. and its conclusions are. by and large, proven to be correct. Hazard
this justification is itself an induction and therefore it raises the
same problem: Nothing guarantees that simply because induc- Underlying the definition of risk is the concept of hazard. The
tion has worked in the past it will continue to work in the future. word hazard comes from a1 zahr: the Arabic word for “dice”
The problem of induction raises important questions for the that referred to an ancient game of chance [lo]. We typically
philosopher and logician whose concern it is to provide a basis define a hazard as a characteristic or group of characteristics
for assessment of the correctness and the value of methods of that provides the potential for a loss. Flammability and toxicity
reasoning [56,88]. are examples of such characteristics.
Beyond the reasoning foundations of the scientific method, It is important to make the distinction between a hozard and
there is another important characteristic of a scientific theory a risk because we can change the risk without changing a
or hypothesis that differentiates it from, for example, an act of hazard. When a person crosses a busy street, the hazard should
faith: A theory must be “falsifiable.”This means that there must be clear to that person. Loosely defined it is the prospect
be some experiment or possible discovery that could prove the that the person must place himself in the path of moving
theory untrue. For example. Einstein’s theory of relativity made vehicles that can cause him great bodily harm were he to be
predictions about the results of experiments. These experi- struck by one or more of them. The hazard is therefore injury
ments could have produced results that contradicted Einstein, or fatality as a result of being struck by a moving vehicle.
so the theory was (and still is) falsifiable [56]. On the other The risk, however, is dependent on how that person conducts
hand, the existence of God is an example of a proposition that himself in the crossing of the street. He most likely realizes that
cannot be falsified by any known experiment. Risk assessment the risk is reduced if he crosses in a designated traffic-
results, or “theories” will predict very rare events and hence not controlled area and takes extra precautions against vehicle
be falsifiable for many years. This implies an element offaith in operators who may not see him. He has not changed the haz-
accepting such results. ard-he can still be struck by a vehicle-but his risk of injury
Because most risk assessment practitioners are primarily or death is reduced by prudent actions. Were he to encase
interested in the immediate predictive power of their assess- himself in an armored vehicle for the trip across the street,
ments. many of these issues can largely be left to the philoso- his risk would be reduced even further-he has reduced the
phers. However, it is useful to understand the implications and consequences of the hazard.
underpinnings of our beliefs. Several methodologies are available to identify hazards and
threats in a formal and structured way. A hazard and operability
Modeling (HAZOP) study is a technique in which a team of system
experts is guided through a formal process in which imagina-
As previously noted, the scientific method is a process by tive scenarios are developed using specific guide words and
which we create representations or models of our world. analyzed by the team. Event-tree and fault-tree analyses are
Science and engineering (as applied science) are and always other tools. Such techniques underlie the identified threats
have been concerned with creating models of how things work. to pipeline integrity that are presented in this book. Identified
