1

INSE 6320 --
Risk Analysis for Information and Systems Engineering

• F-N Curves
• Fault Trees
• Event Trees
• Decision Theory for Quantitative Risk Analysis
•

Dr. M. AMAYRI Concordia University

 2

Population at risk

Individual Risk
Individual risk is the risk of fatality or injury to any identifiable (named)
individual who lives within the zone impacted by a hazard, or follows a
particular pattern of life, that might subject him or her to the consequences of a
hazard.

Societal Risk
Societal risk is the risk of multiple fatalities or injuries in the society as a whole,
and where society would have to carry the burden of a hazard causing a number
of deaths, injury, financial, environmental, and other losses.
 3

F-N curves
• Usually used to express societal risk.
• Important to define acceptable / tolerable risk
• Risk acceptability is mostly defined on the basis of F-N curves
• F-N curve is a plot of cumulative frequency versus consequences (often expressed as number of
fatalities).
F-N curves show the number of Fatalities against annual frequency.
 4

How to generate F-N curves

• The frequency of events which causes at least N fatalities is plotted

against the number N on log log scales
• The difference between the frequency of events with N or more fatalities,
F(N), and that with N+1 or more, F(N+1), is the frequency of events with
exactly N fatalities, usually represented by f(N), with lower-case f. That is,
f(N) = F(N)-F(N+1)
• Because f(N) must be non-negative, it follows that F(N) ≥ F(N+1) for all N,
so that FN-curves never rise from left to right, but are always falling or flat
• The lower an FN curve is located on the F-N graph, the safer is the system
it represents, because lower FN curves represent lower frequencies of fatal
events than higher curves.
 5

Societal risk

• The value F(1) is the frequency of accidents with 1 or more

fatalities, or in other words the overall frequency of fatal accidents.
This is the left-hand point on FN-curves, where the curve meets the
vertical axis (usually located at N = 1 with logarithmic scales).

• FN curves can be constructed based on historical data in the form

of number of events (floods, landslides, etc) and related fatalities

• They can also be based on different future risk scenarios, in which

for a number of events with different magnitudes the number of
casualties is estimated
 7

How to calculate F-N curves

• First calculate the total number of fatalities for road, railroad and aviation accidents by multiplying the
number of events with the fatality class. Also calculate the average number of fatalities per year..
• Then calculate the cumulative number of events, starting with the lowest one in the table (related to 146
fatalities) and summing them up upwards.
• Then calculate the cumulative frequency of events per year, by dividing the cumulative number by the
number of years.
 8

How to calculate F-N curves

• Plot these values in the graph indicated at the bottom of the spreadsheet in a log-log manner,
with Fatalities (N) or the X-axis, and the cumulative frequency per year on the Y-Axis.
• Compare the results. What can you conclude on the:
▪ Severity of the accident type
▪ Frequency of the accident type
 9

Probabilistic Risk Assessment

Probabilistic Risk Assessment usually answers three basic questions:

1) What can go wrong with the studied technological entity, or what are the initiators or
initiating events (undesirable starting events) that lead to adverse
consequence(s)?

2) What and how severe are the potential adverse consequences that the
technological entity may be eventually subjected to as a result of the occurrence of
the initiator?

3) How likely to occur are these undesirable consequences, or what are their
probabilities or frequencies?

• Two common methods of answering this last question are Fault Tree Analysis
and Event Tree Analysis.
• A fault tree is an event tree, where failures are emphasized rather than
successes
 10

Fault Tree Analysis

• Fault Tree Analysis (FTA) is one of the most important logic and probabilistic
techniques used in Probabilistic Risk Assessment (PRA) and system reliability
assessment.

• Fault Tree Analysis is a deductive method for identifying ways in which hazards
can lead to accident.

• The approach starts with a well defined accident, or top event, and works
backwards towards the various scenarios that can cause the accident.

• Fault trees are used to determine the probability of a “top event” (e.g., core
damage).

• Top event defines the failure or success of a system or component

• Fault trees use a structure of logical operations to calculate the probability of the
top event as a result of “basic events” inputs
 11

Fault Tree Analysis

Fault tree analysis is a graphical representation of the combination of faults
that will result in the occurrence of some (undesired) top event.
In the construction of a fault tree, successive subordinate failure events are
identified and logically linked to the top event.
The linked events form a tree structure connected by symbols called gates.
 12

Fault Tree Analysis

• The undesired event is stated at the top of the tree

• The fault tree gates specify logical combinations of

basic events that lead to the top event

• Fault trees can be used to identify system weaknesses

• Fault trees can help recognize interrelationships

between fault events

• Fault trees consist of logic gates and basic events as AND Gate:
inputs to the logic gates

• Logic Gates: Boolean operations (union or intersection)

of the input events

• Basic Events: Faults such as a hardware failure,

human error, or adverse condition
 13

Applying Fault Tree Analysis

• Postulate top event (fault)

• Branch down listing faults in the system that must occur for the
top event to occur
• Consider sequential and parallel or combinations of faults
• Use Boolean algebra to quantify fault tree with event probabilities
• Determine probability of top event

Fault Tree Logic

• Use logic gates to show how top event occurs

• Higher gates are the outputs from lower gates in the tree
• Top event is output of all the input faults or events that occur
 14

FTA Symbols

Basic Event: A lower most event that can not be further developed.
E.g. Relay failure, Switch failure etc.,

An Event / Fault: This can be a intermediate event (or) a top event. They
are a result logical combination of lower level events.
E.g. Both transmitters fail, Run away reaction

OR Gate: Either one of the bottom event results in occurrence of

the top event.
E.g. Either one of the root valve is closed, process signal to
transmitter fails.

AND Gate: For the top event to occur all the bottom events should
occur.
E.g. Fuel, Oxygen and Ignition source has to be present for
fire.
 15

Union

No Current
A A=B+C
A=B Union C
B OR C must occur
for event A to occur

B C
Switch A Battery B
Open 0 Volts
 16

Intersection

Over-heated
D Wire D=E.F
D= E Intersection F
E AND F must occur
for D to occur

E F
5mA Current Power Applied
in System t >1ms
 17

Fault Tree Basics

Top level event
A fault tree involves:
• Specifying a top level event (TLE) Intermediate
representing an undesired state. events
• Find all possible chains of basic events
that may cause the TLE to occur.

A fault tree:
• Is a systematic representation of such
chains of events.
• Uses logical gates to represent the
interrelationships between events and Basic events
TLE, e.g. AND, OR.
 18

Fault Tree Basics

Top level event
A fault tree involves:
• Specifying a top level event (TLE) Intermediate
representing an undesired state. events
• Find all possible chains of basic events
that may cause the TLE to occur.

A fault tree:
• Is a systematic representation of such
chains of events.
• Uses logical gates to represent the
interrelationships between events and Basic events
TLE, e.g. AND, OR.
An example fault tree
Logically: (A + (B + C)) . (C + (A . B))
 19

Procedure
Procedure for Fault Tree Analysis

Explore each
Define TOP Define overall branch in
event structure. successive level
of detail.

Perform
corrections if Solve the fault
required and tree
make decisions

Solve the Fault Tree:

• Assign probabilities of failure to the lowest level event in each branch of the tree.

• From this data the intermediate event frequency and the top level event frequency
can be determined using Boolean Algebra and Minimal Cut Set methods.
 20

Minimal Cut Set Theory

• The fault tree consists of many levels of basic and intermediate events linked
together by AND and OR gates. Some basic events may appear in different
places of the fault tree.

• The minimal cut set analysis provides a new fault tree, logically equivalent to
the original, with an OR gate beneath the top event, whose inputs (bottom)
are minimal cut sets.

• Cut Set: is a set of basic events whose simultaneous occurrence ensures that
the TOP event occurs.
• Minimal Cut Set: is a cut set that does not contain another cut set as a
subset.
• Each minimal cut set is an AND gate with a set of basic event inputs
necessary and sufficient to cause the top event.

• The fault tree can be represented by the TOP structure and the minimal cut
sets connected through a single OR-gate.
 21

Minimal Cut Sets

Minimal cut set analysis rearranges the fault tree so
that any basic event that appears in different parts
of the fault tree is not "double counted" in the
quantitative evaluation.

The result of minimal cut set analysis is a new fault

tree, logically equivalent to the original

The minimal cut sets for the top event are a group of
MCSs sets consisting of the smallest combinations of basic
events that result in the occurrence of the top event.
 22

Procedure

Steps to get the final Boolean equation:

TOP
1. Replace AND gates with the product of their inputs.
IE1 = A.B
IE2 = C.D
2. Replace OR gates with the sum of their inputs.
TOP = IE1+IE2 IE1 IE2

= A.B+C.D
3. Continue this replacement until all intermediate event gates
have been replaced and only the basic events remain in the A B C D

equation.
TOP = A.B+C.D
 23

Procedure
Boolean Algebra Reduction Example:
TOP = IE1 + IE2
= (A.B) + (A + IE3)
TOP
= A.B + A + (C.D.IE4)
= A.B + A + (C.D.D.B)
IE1 IE2
= A + A.B + B.C.D.D (D.D = D)
= A + A.B + B.C.D (A + A.B = A)
A B A IE3
= A + B.C.D

So the minimal cut sets are: C D IE4

CS1 = A
CS2 = B.C.D D B
meaning TOP event occurs if
either A occurs OR (B.C.D) occurs.
 25

Fault Tree Basics

• Logically, fault trees are equivalent if the associated logical formulae
are equivalent.

Example:
(A + (B + C)) . (C + (A . B)) ≡ C + (A . B)
 26

Fault Tree Construction

Consider the following block diagram. Let I/P and O/P be the input and output terminals.
There are two sub-systems A and B that are connected in series.

X1 X3
INPUT OUTPUT

X2 X4

SUB - SYSTEM (A) SUB - SYSTEM (B)

For this the fault tree analysis diagram shown in next slide
 27

F (S) Top event

Continue….. OR

intermediate event

F (A) F (B)

AND AND

Basic event

F( X1) F( X2) F( X 3) F( X 4)
 28

Continue…..

Here F(X1) , F(X2) , F(X3), F(A4) Are Events Fail…

F (A) = SUB – SYSTEM (A) FAILS

F(B) = SUB – SYSTEM (B) FAILS

THEN F(A) = F(X1) AND F(X2)

AND F(B) = F(X3) AND F(X4)

FINALLY THE FAILURE OF THE SYSTEM

F(S) = F(A) OR F(B)

 29

Calculation of Reliability from Fault Tree

CONSIDER THE EARLIER BLOCK DIAGRAM

The probability of failure of sub – system (A) is indicated as shown in below,
P(A) = P (X 1 and X 2)
P(A) = P( X1) . P( X 2)

Similarly for sub – system (B)

P(B) = P( X 3 and X 4)
P(B) = P( X 3) . P( X 4)

FAILURE OCCURS WHEN SUB – SYSTEM (A) or (B) FAIL..,

F (S) = P(A) or P(B) THEN
IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4
THEN
P( Xi ) = 1 – Ri
RELIABILITY OF SYSTEM R(S) = 1 - F(S)
 30

Example: simple fault tree for a fire

What is the probability of the top event (Fire)?

For the fire to occur there needs to be:

• Fuel.
• Oxygen.
• An ignition source.
 31

Example
 32

Uses of FTA
• Use of FTA to understand of the logic leading to the top event.

• Use of FTA to prioritize the contributors leading to the top event.

• Use of FTA as a proactive tool to prevent the top event.

• Use of FTA to monitor the performance of the system.

• Use of FTA to minimize and optimize resources.

• Use of FTA to assist in designing a system.

• Use of FTA as a diagnostic tool to identify and correct causes of the top event.

Advantages Disadvantages
• Begins with top event. • Complicated process.

• Use to determine the minimal cut sets. • Require considerable amount of time to complete.
 33

Event Trees
• Event trees begin with an initiating event & work towards the final result.

• This method provides information on how a failure can occur & the probability
of occurrence.

• Event trees can be viewed as a special case of fault trees, where the
branches are all ORs weighted by their probabilities.

• Event trees are generated both in the success and failure domains.

• This technique explores system responses to an initiating “challenge” and

enables assessment of the probability of an unfavorable or favorable
outcome. The system challenge may be a failure or fault, an undesirable
event, or a normal system operating command.

• In constructing the event tree, one traces each path to eventual success or
failure.
 34

Event tree development procedure

Step 1: Identification of the initiating event

Step 2: Identification of safety function

Step 3: Construction of the event tree

Step 4: Classification of outcomes

Step 5: Estimation of the conditional probability of each branch

Step 6: Quantification of outcomes

Step 7: Evaluation
 35

Event Tree Structure

This is a complimentary technique to FTA but defines the consequential events which flow from the
primary ‘initiating’ event. Event trees are used to investigate the consequences of loss-making
events in order to find ways of mitigating, rather than preventing, losses.
36
 37

Event Tree Analysis

ADVANTAGES
• Structured, rigorous, and methodical approach.

• Can be effectively performed on varying levels of design detail.

• Permits probability assessment.

DISADVANTAGES
• An ETA can only have one initiating event, therefore multiple ETAs will be
required to evaluate the consequence of multiple initiating events.

• Partial successes/failures are not distinguishable.

• Requires an analyst with some training and practical experience.

 38

Fault Tree vs Event Tree Analysis

Key Differences

• Approach: FTA is a top-down, deductive approach focusing on causes of

failure, whereas ETA is a bottom-up, inductive approach focusing on
consequences of an initiating event.

• Focus: FTA is concerned with identifying root causes of a specific failure,

while ETA is concerned with mapping out potential outcomes of an
initiating event.

• Diagram: FTA uses logical gates to show the relationship between

failures, while ETA uses branches to show different possible scenarios.

Both FTA and ETA are complementary techniques and can be used together
for comprehensive risk assessment. FTA helps in understanding how failures
can occur, while ETA helps in understanding the impact of those failures and
how effective the mitigation measures are.
39
 40

Decision Theory
• A decision is a choice between alternatives based on estimates of the values
of those alternatives.

• A decision problem is characterized by decision alternatives, states of

nature, and resulting payoffs.

• The decision alternatives are the different possible strategies the decision
maker can employ.

• The states of nature refer to future events, not under the control of the
decision maker, which will ultimately affect decision results. States of nature
should be defined so that they are mutually exclusive and contain all possible
future events that could affect the results of all potential decisions.

• Decision theory problems are generally represented as one of the following:

Influence Diagram, Payoff Table, or Decision Tree
 41

Influence Diagrams
• An influence diagram is a graphical device showing the relationships among the
decisions, the chance events, and the consequences.
• Squares or rectangles depict decision nodes.
• Circles or ovals depict chance nodes.
• Diamonds depict consequence nodes.
• Lines or arcs connecting the nodes show the direction of influence.
 42

Payoff Tables
• The consequence resulting from a specific combination of a decision
alternative and a state of nature is a payoff.

• A table showing payoffs for all combinations of decision alternatives and states
of nature is a payoff table.

• Payoffs can be expressed in terms of profit, cost, time, distance or any other
appropriate measure.

Profit in $1,000’s
Investment Choice (States of Nature)
(Alternatives) Strong Stable Weak
Economy Economy Economy
Large factory 200 50 -120
Average factory 90 120 -30
Small factory 40 30 20
 43
Decision Trees
• A decision tree is a chronological representation of the decision problem.
• Each decision tree has two types of nodes; round nodes correspond to the
states of nature while square nodes correspond to the decision alternatives.
• The branches leaving each round node represent the different states of nature
while the branches leaving each square node represent the different decision
alternatives.
• At the end of each limb of a tree are the payoffs attained from the series of
branches making up that limb.

Chance
node Event 1
Decision
Event 2
node
s i o n1
De ci
Event 3
Dec
is ion
2
 44

Example: CAL Buildings Complex

A developer must decide how large a luxury buildings complex to build – small,
medium, or large. The profitability of this complex depends upon the future
level of demand for the complex’s buildings.

Elements of Decision Theory

• States of nature: The states of nature could be defined as low demand

and high demand.
• Alternatives: CAL could decide to build a small, medium, or large building
complex.
• Payoffs: The profit for each alternative under each potential state of
nature is going to be determined.
 45

CAL Building: Payoff Table

THIS IS A PROFIT PAYOFF TABLE

States of Nature
Alternatives Low High
Small 8 8
Medium 5 15
Large -11 22

(payoffs could be in millions of dollars)

 46

CAL Building: Decision Tree

Chance mand 8
node w de
Lo

High
lex dema
nd
p 8
om
C
all
Sm em and 5
w d
Lo
Decision Medium Complex High dem
and
node 15
La
rg
e
Co
m
pl
ex Low demand -11
High d
emand
22
 47

Decision Making without Probabilities

• Three commonly used criteria for decision making when probability

information regarding the likelihood of the states of nature is
unavailable are:
▪ the optimistic approach
▪ the conservative approach
▪ the minimax regret approach.
 48

Optimistic Approach

• The optimistic approach would be used by an optimistic decision

maker.

• The decision with the best possible payoff is chosen.

• If the payoff table was in terms of profits, the decision with the
highest profit would be chosen (maximax).

• If the payoff table was in terms of costs, the decision with the
lowest cost would be chosen (minimin).
 49
Conservative Approach

• The conservative approach would be used by a conservative decision

maker.

• For each decision the worst payoff is listed and then the decision
corresponding to the best of these worst payoffs is selected. (Hence, the
worst possible payoff is maximized.)

• If the payoff was in terms of profits, the minimum profits would be

determined for each decision and then the decision corresponding to the
maximum of these minimum profits is selected. (Hence, the minimum
possible profit is maximized: maximin)

• If the payoff was in terms of costs, the maximum costs would be

determined for each decision and then the decision corresponding to the
minimum of these maximum costs is selected. (Hence, the maximum
possible cost is minimized: minimax)
 50

Minimax Regret Approach

1. The minimax regret approach requires the construction of a regret

table or an opportunity loss table. This is done by calculating for
each state of nature the difference between each payoff and the
best payoff for that state of nature.

2. Then, using this regret table, the maximum regret for each possible
decision is listed.

3. The decision chosen is the one corresponding to the minimum of

the maximum regrets.
 51

Solving CAL Buildings Problem

• Suppose that information regarding the probability (or likelihood) that there will be
a high or low demand is unavailable.
▪ A conservative or pessimistic decision maker would select the decision
alternative determined by the conservative approach.
▪ An optimistic decision maker would select the decision alternative
rendered by the optimistic approach.
▪ The minimax regret approach is generally selected by a decision
maker who reflects on decisions “after the fact”, and complains about
or “regrets” their decisions based upon the profits that they could have
made (or cheaper costs that they could have spent) had a different
decision been selected.
 52

CAL building: Optimistic Decision

• If the optimistic approach is selected:
STATES OF NATURE BEST
Alternatives Low High PROFIT
Small 8 8 8
Medium 5 15 15
Large -11 22 22 Maximax
payoff

Maximax
decision
 53

CAL building: Conservative Decision

• If the conservative approach is selected:

Maximin
decision STATES OF NATURE WORST
Alternatives Low High PROFIT Maximin
Small 8 8 8 payoff

Medium 5 15 5
Large -11 22 -11

The decision with the best profit from the column of worst profits is selected.

In the maximin criterion the decision maker selects the

decision that will reflect the maximum of the minimum
(best of the worst-case)
 54

CAL Building: Minimax Regret Decision

• If the minimax regret approach is selected:
Step 1: Determine the best payoff for each state of nature and create a regret table.
STATES OF NATURE
Alternatives Low High
Small 8 8
Medium 5 15
Large -11 22
Best Profit Best Profit
for Low for High
8 22

regret is the difference between the payoff associated with a particular decision
alternative and the payoff associated with the decision that would yield the most
desirable payoff
regret is often referred to as opportunity loss
 55

CAL Building: Minimax Regret Decision

• If the minimax regret approach is selected:
Step 1: Create a regret table (continued).
STATES OF NATURE
Alternatives Low High For a profit payoff
table, entries in the
Small 0 14 regret table represent
Medium 3 7 profits that could have
been earned.
Large 19 0

We choose the decision alternative that minimizes the maximum state of regret that could occur over all possible states of
nature.
This approach is neither purely optimistic nor purely conservative.
 56

CAL Building: Minimax Regret Decision

• If the minimax regret approach is selected:

Step 2: Create a regret table (continued).
Step 3: Determine the maximum regret for each decision.
STATES OF NATURE Max
Alternatives Low High Regret
Small 0 14 14
Medium 3 7 7
Large 19 0 19

The decision maker calculates the maximum opportunity loss values (or also known as regret) for each alternative, and then chooses the decision
that has the lowest maximum regret.
 57

CAL Building: Minimax Regret Decision

• If the minimax regret approach is selected:

Step 4: Select the decision with the minimum value from the column of max regrets.
STATES OF NATURE Max
Alternatives Low High Regret
Small 0 14 14
Medium 3 7 7 Minimax
Regret
Large 19 0 19 payoff

Minimax
Regret
decision
 58

Generic Example

Consider the following problem with three decision alternatives and

three states of nature with the following payoff table representing costs:

States of Nature
s1 s2 s3

d1 4.5 3 2
Decisions d2 0.5 4 1
d3 1 5 3
 59

Generic Example : Optimistic Decision

• Optimistic Approach
An optimistic decision maker would use the optimistic
(maximax) approach. We choose the decision that has the best
single value in the payoff table.

Best
Decision Cost Minimin
Minimin d1 2 payoff
decision d2 0.5
d3 1
 60

Generic Example: Conservative Approach

• Conservative Approach
A conservative decision maker would use the conservative
(maximin) approach. List the worst payoff for each decision.
Choose the decision with the best of these worst payoffs.

Worst
Decision Payoff
Minimax
Minimax d1 4.5
payoff
decision d2 4
d3 5
 61

Generic Example: Minimax Regret Decision

• Minimax Regret Approach

States of Nature
s1 s2 s3 For a cost entries in the
regret table represent
d1 4.5 3 2 overpayments (i.e.
higher costs incurred).
Decisions d2 0.5 4 1
d3 1 5 3

Best cost for each state of nature.

 62

Generic Example: Minimax Regret Decision

• Minimax Regret Approach (continued)

For each decision list the maximum regret. Choose the
decision with the minimum of these values.

States of Nature Max

s1 s2 s3 Regret

d1 4 0 1 4
Decisions d2 0 1 0 1
d3 0.5 2 2 2 Minimax
regret
Minimax
decision