Many accidents occurred in high hazard industries have been serving to
focus attention on a better scientific thinking of safety. To name a few, Piper
Alpha and Deep Water Horizon disaster were the examples of poor safety
management systems that could lead to the occurrence of an accident 1. It did
not allow organisations to achieve their zero accident goal, but these
accidents had changed their perspective about how an accident could occur as
well as the efforts to prevent it. Traditional risk model only focuses on
technical failures, whereas there has been an urge to identify risk as a whole
system 2. A study from Bellamy and Trucco et al. 3, 4 explained that in
high hazard industries, human factor science plays important role in preventing
the occurrence of any accident and in case of emergency responses. Human
factors have always been the basic events of any incident that can lead to the
occurrence of major accident. Therefore, the need for a systematic approach
that can integrate technical factor, organisational factor and human behaviour
is necessary in order to provide a risk model that can be applied in process
The importance of incorporating technical and management factors in risk
assessment has changed the research focus in safety management and engineering.
Researchers have been putting their attention on analysing a whole system to
provide optimal solutions in order to prevent accidents. For instances, Ale et
al. 5, 6 had successfully developed a causal model for air transport safety
(CATS) which aims to quantify the risk of air traffic and support the further
methods of reducing the risks and improving safety. Some studies conducted by
Lisbona et al. and Bellamy et al. 7, 8 also focused on integrating technical
and human factors in order to analyse the loss of containment (LoC) incidents
using a tool called Storybuilder. From these studies, the importance of
integrating human factors and organizational behaviour into risk analysis is
clearly defined and imperative in order to minimise the risk associated in high
In 2013, a current project was undertaken these issues and to provide a
model that can be implemented in process industries. Ale et al. 2 developed a
model that supported recent issues in risk analysis for process safety named
Platypus. Platypus has been being expected to tackle these challenges and the development
has been directed to incorporate technical and human factors to prevent LoC and
minimise human factors failure as the basic events of any accident.
Although the initial project was successful, a deeper and wider-reaching
analysis is needed to provide in-depth analysis of technical, human and
organisational factors on the LoC in a chemical plant 9. There are still many
fuzzy factors that can influence the results of the model, for example the
limited number of observations and lack of expert judgements. Besides that, as
a new model, there are some aspects need to be developed from this Platypus
model in order to be able to be used widely in process industries.
This research aims to cope with problems to perform deeper analysis on
the studies of integrating technical and management aspects on risk assessment
for process safety. In order to achieve this goal, this research will validate
the model in order to be able to be used widely in process industry without
another adjustment from another modeller. Besides that, validity analyses are
aimed to evaluate the predictions that the model makes with the historical
accident data. Furthermore, Platypus needs extensively sensitivity analyses to
optimise a mix of safety intervention as well as understand the most sensitive
parameter of the model. Optimisation studies are also needed to provide
additional tools or engines to this model as well as to reduce the probability
of LoC based on a deeper analysis that integrates technical, management and
organisational factors. All in all, this research is aimed to optimise
Platypus’s functionality in order to be able to cope with recent problems faced
by process industries in conducting risk assessment by providing a more
systematic approach on integrating management and technical aspects in process
The challenges in developing Platypus model motivate this research to
answer these following research questions:
Is the outcome of Platypus independent to the modeller
and does it fit with the field data?
Which are the most sensitive parameters in the model?
Which parameters do need to turn in order to reduce
the probability of loss of containment most efficiently and effectively?
The objectives of this research are:
Validating the independence of the outcomes to the
modeller and evaluating prediction that the model makes based on the historical
Identifying parameters that are the most sensitive in
the model based on the representative data in the field.
Identifying parameters that can be turned in order to
reduce the probability of loss of containment efficiently and effectively.
Ale et al. 2 developed a model that integrates both technical and
human performance in order to prevent the occurrence of Loss of Containment
(LoC). This model was first developed on May 2013 following the development of
other models that dealt with the same problems. Platypus was then introduced as
the name of the model. It shows the influence of technical, human and
organisational factors on LoC. This model has also been programmed as a
Bayesian Network within the software package of UNINET 9.
The backgrounds of Platypus development followed the success of CATS which
was established by Ale et al too. This Causal Model integrated 3 modelling
techniques; Event Sequence Diagram (ESD), Fault Tree Analysis (FTA) and
Bayesian Belief Network (BBN), into one single model 6. This integration was
a part of the efforts to incorporate human factors and organisational behaviour
to risk analysis. Ale et al. from one of his studies 9, explained the
development of Platypus was based on the integration of Fault Tree (FT),
Bow-tie and human performance model into one single BBN structure. Human
performance model was considered to optimally prevent the occurrence of process
leak. Platypus focused on the development of QRA model that represented
Left-hand side of the Bow-tie. Whereas, the right-hand of the bow-tie was
relatively well established on the QRA for chemical safety 10. Left-hand side
of the bow-tie represents the prevention and protection, when right-hand side
represents the mitigation barriers that model consequences of accidents 8,
10. LoC acts as the centre event of the bow-tie where the modelling is aimed
to prevent the occurrence of LoC as well as provide barriers that can mitigate
the occurrence of the loss.
Platypus has been providing many advantages in quantitative risk
assessment (QRA) for process industries. Considering the background of Platypus
development, this model was aimed to prevent loss of containment in a process
plant. Firstly, platypus is capable of calculating the frequencies of LoC per
year for a chemical plant. Secondly, platypus is also able to provide safety
intervention based on the base case of a loss or plant characteristics 2.
Furthermore, these safety interventions are aimed to decrease the frequencies
of a loss event. The occurrence of LoC will not always lead to an incident, yet
the prevention of LoC needs to be considered to optimise a plant and build
safety awareness. Based on a study conducted by Ale et al. 2, each safety
intervention recommended on Platypus will contribute to the significance of a
loss frequency reduction. The decision for choosing the best safety
intervention will need further analyses.
Platypus’s main structure uses the four layers that have been developed
in the CATS 6. These four layers are:
Management layer. This layer positions all management
activities influence human behaviour in company.
Human layer. This layer positions all human actions
that influence the technical behaviour of the plant.
Hardware layer. This layer positions technical
performance of a plant, installation or any equipment.
Consequence layer. This layer positions the
consequences of LoC.
Ale et al. 2,9,10 also explained the relevant elements in the
structure of Platypus are as follow:
Elements in Platypus’s Structure
Platypus mainly combines
all layers needed to perform risk assessment in process industry aimed to
reduce the occurrence and the consequences of loss of containment. The elements
of Platypus also cover all technical aspects to understand and model LoC
events, starting from the parameters, barriers to the combination of LoC in
equipment. Thus, this model structures and elements are relevant to tackle
challenges faced in incorporating technical and human factors while modelling
the risks and consequences of loss of containment.
Bayesian-Belief Network (BBN)
Ale et al. 11 explained that Bayesian-Belief Network (BBN) had been
successfully applied to civil aviation case and developed into a framework that
is able to be implemented in other high hazard industries, including chemical
process industry. BBN has been being used as a tool for representing uncertain
knowledge. Belief networks are graphical models that model the knowledge
domain, rather than rule based systems that model the expert 12. BBN is
widely used to minimise the dependencies to the modeller. BBN is a
probabilistic approach that splits complexity in high-dimensional problems into
more manageable sub-problems 13.
The learning process in a BBN is typically Bayesian 13. Pedrali et al.
gave an illustration that am expert has his/her belief on the occurrence of an
event A (P(A)). Suppose an event B occurs; then the expert’s belief on A is
updated into the posterior probability P(A|B)
according to the Bayes theorem:
Statements about the Bayes theorem also
apply when considering random variables. Conditional probabilities P(A|B) are
the building bricks of the BBNs, along with the chain rule:
= P(C|AB) . P(B|A) . P(A)
And the conditional independence
= P(A|C) . P(B|C)
The above conditional property is valid
when A and B have the same parent C.
A study conducted by Ale et
al. 1 explained the advantages of using BBN in risk analysis apart from being
able to deal with uncertainty with information from different sources. BBN is
able to cope with problems found in traditional risk analysis method, especially the ones related to common cause and
human influence which are categorised as probabilistic influences. Furthermore,
human error probabilities can be determined by modelling the organisational and
management factors using BBN framework. BBN or influence diagrams are used to
quantify human and management influences on risk. Thus, the development of
Platypus using BBN framework is expected to model organisational and management
factors into risk analysis model.
Joint Use of FT and BBN for Human Factor Analysis
Human factors play important
role in most accidents involving loss of containment event. In high hazard
industries, human factors consideration is particularly important
to prevent accident and in order to provide proper emergency responses. A loss
of containment (LoC) which is commonly known in process industry is always
associated with a hydrocarbon release 3. This event has been the centre of
attention in order to prevent the occurrence of major accidents associated with
hydrocarbon releases. When there is a leak, the direct cause has always been
either mechanical or chemical failures. But, after conducting a further
accident analysis, the underlying cause of a release always leads to be human
error. Thus, human factor science is really important factor to be involved in
Analysing the underlying cause of an event, Fault Tree is often used in
order to prevent the occurrence of top event; loss of containment 3. Then,
BBN is used to modify the probability of some basic events in the Fault Tree
based on the available knowledge or assumptions made on the human and
organisational factors 4. The means of the basic Bayes theorem will estimate
the influence of organisational factors on the probability of occurrence of a
single basic event. Therefore, the concept of organisational scenario variables
as the conjunction between BBN and Fault Tree needs to be introduced. This can
be a solution to provide more extensive and representative safety interventions
based on the mentioned approach.
Sensitivity analysis (SA) is a study to know the significance of any
changes to parameter can affect the results generated from a developed model.
There are many literatures explaining how to conduct a sensitivity analysis.
For instance, Nurdiana 14 on one of her papers conducted a sensitivity
analysis using Analytical Hierarchy Method (AHM). This method simplifies the
quantification to know which parameter that is the most sensitive one to a
function. Hoseyni et al. 15 used different approach to study sensitivity
analysis. They performed sensitivity analysis based on Bayesian updating
algorithm. This method is suitable to identify relevant input variables of a
severe accident code.
A.M. Hasofer 16 from his paper discussed the most common approach to
perform sensitivity analysis. The paper introduced two new modern methods of
global sensitivity analysis for computer models; Fourier Amplitude and Sobol,
as well as a modern factor screening method; the Morries method. There are
mainly three settings in performing sensitivity analysis 17; (a) factor
screening, (b) local SA, and (c) global SA. As platypus is a computer model,
the approach introduced by A.M. Hasofer would be appropriate to be implemented
in order to identify the most sensitive parameters in the model.
Fig. 2. Flowchart of Research
The flow of this research is illustrated on Figure 2 above. Generally,
this research will be divided into four stages; introduction, data acquisition,
analytical and final stage. Introduction stage is the initial steps required to
conduct this research. This stage covers problem identification and formulation
by constructing research questions as the background of this research. After
that, research objectives will be further defined according to research
questions. Then, preliminary studies are also conducted on this first stage by
performing literature reviews and field research. Literature reviews aim to
study concepts and theories which are able to support the development of this
research in order to answer all research questions. Meanwhile, field research
will be conducted to gather actual information / data and current situation in
Secondly, on the data acquisition stage, all necessary data will be used
as the basis to conduct this research. These data are but not limited to Process
Plants Equipment Data (Vessels, Piping, Valves, Compressor, Pump, Heat
Exchanger, etc.), Components Failure Data, Accident Report, Probability of Each
component’s failure, System’s hazards Data, Organisational and Management Data,
Loss of Containment Scenarios, Parameter Excursions, and Barriers.
Thirdly, main activities in this research will be conducted on the
analytical stage. Model optimisation will be performed to evaluate existing
model so that in-depth analysis of FT and BBN will be applied to the suggested
model of Platypus. After a more optimal model is achieved, validation analysis
will be conducted to validate the independency of the model, validate the
output and provide loss of containment frequency based on the new developed
model. Then, sensitivity analysis will be performed to study the influence of
model’s input parameters to the output. Besides that, sensitivity analysis will
help provide more extensive safety intervention for the system.
Last but not least, final
stage will cover the completion processes of this research. Model fixation will
be performed after all three analysis methods are successfully carried out.
Final evaluation and testing need to be conducted to test the new model in the
industry in order to re-evaluate the whole delivery package of the model.
Lastly, Thesis report will be carried out in order to be able to proceed to the
final defence of this research.
This section explains how research questions support the big issues on
research backgrounds. The rationale diagram is depicted as follows:
research questions aim to develop the existing model of Platypus. Firstly,
sensitivity analysis will be able to answer which parameter is the most
sensitive to the model. This is an effort to answer the research gap on
providing extensive safety interventions by providing the process plants and
organisational data, and optimal input parameters to the model. Secondly, model
optimisation is used to identify and modify the existing model in order to get
the most optimal structures in order to reduce the probability of loss of
containment efficiently and effectively. This can be achieved by optimising the
Fault Tree and BBN of the model based on the input parameters. Lastly,
validation analyses would be necessary to validate the outcomes of the model.
This validation is performed to evaluate the probability of LoC; does it fit
with the field data and represent the historical accident data? All in all,
these analyses aim to provide the most optimal model for performing QRA that
can be applied to chemical process safety.
is a new model which is expected to tackle recent problems faced by process
industries in performing risk assessment and analysis. The importance of
in-depth analysis of FT and BBN will also give additional benefits to this
model. A success improvement of Platypus will give many advantages to process
industries throughout the world, including Indonesia. It is possible to modify
the model based on data in Indonesia. This type of model and same analysis will
help companies such as PT Pertamina to reduce risk of losses of containment in
form of leaks of hazardous gases, explosion, etc. in the plant. Moreover, this model
will also be able to reduce the loss of life and injuries amongst people living
outside the gates of the plants’ perimeter and for the employees of the plant
themselves. Thus, there are room for improvements for this model to be
implemented in Indonesia and help related industries achieve their goals in
reducing potential losses in their companies.
The expected results of
this research will be optimal, commercial and widely-used model of FT and BBN
integration in process safety. Besides that, several publications; at least 3
publications are also expected by conducting this research which will be
published on International Journals.