Risk assessment of process models

Pergamon Computers ind. Enfng Vol. 30, No. 4, pp. 599--610, 1996

Copyright © 1996 Elsevier Science Ltd Printed in Great Britain. All rights reserved

03(10-8352(9~178-6 0360-8352/96 $15.00 + 0.00

RISK ASSESSMENT OF PROCESS MODELS

ANDREW KUSIAK and ARMEN ZAKARIAN Intelligent Systems Laboratory, Department of Industrial Engineering, The University of Iowa, Iowa City,

IA 52242-1527, U.S.A.

(Received I October 1995)

Abstract--The IDEF methodology has been extensively used for modeling various processes. Qualitative and quantitative reliability analysis and risk assessment of IDEF models is of interest to industry for several reasons. It identifies critical activities in a process, improves the process performance, and decreases downtime and operating cost of the process. To evaluate the risk associated with an IDEF3 model formal tools and techniques are required. In this paper, the fault tree analysis technique and minimum cut and path sets generation algorithms are applied for reliability evaluation and risk assessment of the parent activities in an IDEF3 model. A structural and reliability importance measure for parent activities in an IDEF3 model as well as for the elementary activities in a decomposed model are presented. Copyright © 1996 Elsevier Science Ltd

1. INTRODUCTION

The IDEF methodology is a structured modeling technique, primarily intended for representing manufacturing systems. Initially, it was developed as a set of four methodologies, IDEF0, IDEF1, IDEF2, and IDEF3, for functional data, dynamic analysis, and process modeling, respectively [1].

An IDEF3 model is a collection of diagrams, text, and glossary. The two basic components of the IDEF3 diagram are a box and an arrow. Boxes represent activities, while the arrows represent interfaces. There are three different interfaces entering and exiting a box: input, output, and control (see Fig. 1).

The essence o f I D E F 3 m e t h o d o l o g y is its abi l i ty to descr ibe activities and their re la t ionship at var ious levels o f detai l . A n ini t ial mode l includes pa ren t activit ies tha t are decomposed into lower level activities. Each decomposed act ivi ty is represented by a larger number o f activit ies a t the next level.

The I D E F 3 m e t h o d o l o g y syntax includes the semantics o f the first o rde r logic and graphica l syntax [2]. To analyze the rel iabi l i ty o f an I D E F 3 model , the graphica l syntax o f I D E F 3 is discussed next.

The relationship between activities is modeled with three types of links: precedence, object flow, and relational. The precedence and object flow links expresses the simple temporal precedence between activities. The relational links highlight the existence of relationships among activities. The logic of branching within a process is modeled using an AND (&), OR (O), and exclusive OR (X) junction boxes.

Reliability analysis and risk assessment allow to identify critical activities in an IDEF3 model, improve its performance, and decrease operating cost of the process. The reliability evaluation and risk assessment of any process, e.g. product development, manufacturing, represented with an IDEF3 model can be complex, since the model may include a large number of activities connected

Control (C)

Output (0)

Fig. 1. IDEF3 activity box and interface arrows.

599

600 Andrew Kusiak and Armen Zakarian

by logical links. In addition, reliability evaluation and risk assessment of the model require evaluation of the failure probabilities of parent activities (i.e. top level activities) in the model. After failure probabilities of the top level activities are determined, the cut sets or path sets method can be applied for the evaluation of reliability of the IDEF3 model. However, the evaluation of failure probability of the parent activities is also complex as in a typical IDEF3 model, parent activities decompose into lower level activities. Therefore, the reliability analysis and risk assessment of an IDEF3 model must be carried out in a structured manner using reliability and risk evaluation techniques.

In recent years, a number of attempts has been made to use the IDEF3 methodology for analysis of system reliability and project risk assessment. Ang and Gray [3] examined the adequacy of IDEF0 methodology and suggested a number of modifications and enhancements in order to improve its descriptive power for project risk assessment. Kusiak and Larson [4] integrated techniques for analysis of system reliability with an IDEF3 model. This paper applies the fault tree analysis approach and minimum path and cut sets generation algorithms for reliability evaluation and risk assessment of parent activities in IDEF3 models. This approach can be used as a framework for developing viable computer solutions for risk analysis of process models.

2. RISK ANALYSIS OF PROCESS MODELS

The risk associated with a process model is of concern, as the cost of failures of the process as well as system unavailability are an issue. The need for improvement of processes is also apparent. To meet these requirements one must be able to assess the risk involved in the introduction of new process models. Therefore, it is important that reliability analysis and risk assessment form an integral part of process modeling, which includes determination of the process structure and its functions.

In general, two types of risks are distinguished: risk of failure of the process and risk inherent to the process that functions as intended. For example, the system inherent risk in product development can be reduced by an early involvement of various experts at the initial stages of the product development. To evaluate and determine the process risk, formal tools and techniques are required. This paper presents a fault tree analysis technique and cut sets and path sets generation algorithms for qualitative and quantitative risk evaluation of process models.

3. PRELIMINARY RISK ANALYSIS

This stage includes the identification of prime activities in a model that lead to the process failure. It should also include considerations of the activity failure sequences which transforms to a process failure, as well as corrective measures and consequences of the failure.

The next step is to select the activity failure prevention measures. The decisions to be considered are shown in the form of a tree in Fig. 2 [5]. One can take corrective actions in the form of process or equipment changes used in the process.

Perform risk analysis of the model

Critical activities in the model exist

No critical activities has been found

I ldentify corrective actions to decrease risk

Accept the model "as-is"

Provide corrective and contingency actions

Fig. 2. Risk analysis tree for process models.

Risk assessment of process models 601

4. THE FAULT TREE APPROACH

In this section, the fault tree analysis technique is presented for qualitative and quantitative risk analysis of parent activities in an IDEF3 model. The qualitative analysis is used to improve the process performance, while the quantitative analysis is important to quantify a model or activity failure rates.

The fault tree analysis technique was developed by H. A. Watson of the Bell Telephone Laboratories in 1961-1962 in an Air Force contract on the Minuteman Launch Control System. The first results were presented at the 1965 Safety Symposium sponsored by the University of Washington and Boeing. Haasle [6], Lambert [5], and Fussel [7] presented detailed descriptions of the technique.

The purpose of the fault tree analysis, proposed in this paper, is to construct a fault tree structure which relates the parent activities to elementary activities in the decomposed IDEF3 model. The fault tree constructed can be used to perform qualitative and quantitative risk assessment of the model.

The fault tree analysis usually begins with the identification of the top events. In the IDEF3 model, the top events correspond to the critical parent activities. Next, the activities directly contributing to the critical parent activity are identified and connected to the parent activity by logical links. The process continues until the lowest level is reached or all elementary activities of the model are revealed.

In the fault tree analysis, the quantitative assessment of the model is accomplished by reducing a fault tree to a logically equivalent form which can be evaluated by the minimal cut or path set methods. To obtain actual estimates of the probability of occurrence of the parent activity from the probabilities of the elementary activities in an IDEF3 model, conditional probabilities are associated with all the elementary activities in the fault tree.

To determine relationships between activities in the decomposed IDEF3 model from the fault tree, logical links and activity symbols are introduced to classify and connect activities.

Logical links

Logical links connect higher level activities of the fault tree to the lower level activities according to their causal relations. The symbols used to represent logical links are listed in Table 1. The higher level output activity of an AND logical link occurs if all lower level input activities occur. The higher level output activity of an OR logical link occurs if any of the lower level input activities occur. The higher level output activity of an exclusive OR logical link occurs if one and only one of the lower level input activities occur. The higher level output activity of m out of n logical link occurs if m out of n lower level input activities occur.

Activity symbols

The activity symbols used in the fault tree are shown in Table 1. A rectangular box denotes an activity in the model, the occurrence of which results from a combination of occurrence of more

Logical link/activity symbol

Table I. Logical links and activity symbols

Logical link/symbol meaning Causal relation

O Elementary activity

[ - ~ Non-elementary activity or activity which decomposes into lower level activities

] AND logical link

] OR logical rink

] Exclusive OR logical link

] m out of n logical link

Output activity occurs if all input activities occur

Output activity occurs if any of the input activities occurs

Output activity occurs if one and only one of the input activities occurs

Output activity occurs if m out of n input activities occur

602 Andrew Kusiak and Armen 7.,akarian

than one elementary activities in the model connected by the logical links. A circle denotes an elementary activity, i.e. activity that does not decompose into lower level activities in the model.

The fault tree construction algorithm is presented next. The tree generated by the algorithm highlights the relationship between activities and reveals elementary activities in the decomposed IDEF3 model. The latter is important in the evaluation of failure probabilities of parent activities in an IDEF3 model.

The fault tree construction algorithm

Step 1: Place the parent critical activity on the top of the tree (level k = 1). Step 2: Place the activities that are contributing to the occurrence of the activities at level k at

the next level (level k + 1). Connect activity at level k to the activities at level k + 1 as follows:

(a) By logical link AND if, activity at level k occurs if all lower level (level k + 1) activities occur.

(b) By logical link OR if, activity at level k occurs if any of the lower level (level k + 1) activities occur.

Top level

1

2

3

Level 1

I

Level 2

3 ~ I I Level 3

i i.Vel Fig. 3. The decomposition of activity 3 of an IDEF3 process model.

Risk assessment o f process models 603

(c) By logical link exclusive OR if, activity at level k occurs if one and only one of the lower level (level k + 1) activities occur.

(d) By logical link m out of n if, activity at level k occurs if m out of n lower level (level k + 1) activities occur.

Step 3: If all the activities at this level are elementary, stop. Otherwise, go to step 2.

Note, one can represent the logical links presented in Table 1 with an m out of n and exclusive m out of n logical links, and further simplify Step 2 of the fault tree construction algorithm, however, it is more appropriate to follow the IDEF3 notation that has been broadly accepted by industry. In this case AND, exclusive OR, and OR logical links can be represented as an exclusive n-out-of-n, an exclusive 1-out-of-n, and an l-out-of-n logical links, respectively.

Consider the IDEF3 process model in Fig. 3 which includes four activities. Activity 1 represents the design process of the product. Activities 2 and 3 represent two alternative machining processes. Activity 4 represents the assembly process. To illustrate the fault tree construction algorithm, consider the decomposition of activity 3 in Fig. 3. The list of the activities of the IDEF3 process model in Fig. 3 is presented in Table 2.

Steps of the fault tree construction algorithm

Step 1: Activity 3 is placed on the top of the tree (level 1). Step 2: Activities 311,312, and 313 are placed at level 2.

Since the top level activity occurs if all three activities 311, 312, and 313 occur, the AND link is used to connect activity 3 to activities 311, 312, and 313.

Step 3: Activity 313 is non-elementary, go to step 2. Step 2: Activities 321 and 322 are placed at level 3.

Since activity 313 occurs if both activities 321 and 322 occur, the AND link is used to connect activity 311 to activities 321 and 322.

Step 3: Activities 321 and 322 are non-elementary, go to step 2. Step 2: Activities 331,332, 333, 334 and 335 are placed at level 4.

Since activity 322 occurs if any of the activities 331, 332, and 333 occurs, the OR link is used to connect activity 322 to activities 331, 332, and 333. Since activity 321 occurs if any of the activities 334 and 335 occurs, the OR link is used to connect activity 321 to activities 334 and 335.

Step 3: Activities 334 and 335 are non-elementary, go to step 2. Step 2: Activities 341,342, 343, 344, and 345 are placed at level 5.

Since activity 334 occurs if all the activities 341, 342, and 343 occur, the AND link is used to connect activity 334 to activities 341,342, and 343. Since activity 335 occurs if any of the activities 344 and 345 occurs, the OR link is used to connect activity 335 to activities 344 and 345.

Step 3: All the activities at level 5 are elementary, stop.

Table 2. List of the activities of the process model in Fig. 3

Activity Activity name

1 Product design 2 Machining 3 Machining 4 Assembly

311 Determine reference surfaces 312 Determine tolerances 313 Determine the sequence of operations 321 Grinding 322 Milling 331 Milling external and internal threads and surfaces 332 Milling planetary surfaces 333 Plain milling 334 Universal NC grinding 335 Special grinding 341 Program numerical control instructions 342 Process the program to develop tool location data set 343 Postprocess the program for a specific grinder 344 Portable, ofl]umd grinding 345 Flexible shaft grinding


Level 1

Level 2

Level 3

Level 4

66

C

Level 5

F E

Fig. 4. Fault tree structure of the decomposed activity 3.

The fault tree structure of the decomposed activity 3 is shown in Fig. 4.

5. GENERATION OF MINIMAL CUT SETS

Having constructed the fault tree for an IDEF3 model, the cut sets are determined. A minimum cut set of the fault tree is a collection of the smallest number of elementary activities required to ensure the occurrence of the parent activity in the model. There are a number of methods available [8-10] to determine minimal cut sets in a fault tree. In this section, the cut sets generation algorithm is presented to produce the minimal cut sets of an IDEF3 fault tree.

Before applying the cut sets generation algorithm, the following two transformations are performed on the IDEF3 fault tree: (1) an exclusive OR logical link [Fig. 5(a)] is replaced by a combination of an AND and an OR logical links [Fig. 5(b)] and (2) an m out n logical link [Fig. 6(a)] is replaced by a combination of an AND and an OR logical links [Fig. 6(b)]. The two transformations simplify the algorithm.

The minimal cut sets generation algorithm

Step 0: Initialize: label each logical link, number each activity in the fault tree. Step 1: Place uppermost logical link in the list.

Step 2: (a) Replace each OR logical link by lists of the input activities to the logical link, and increase the number of lists.

(b) Replace each AND logical link by a horizontal list of the input activities to the logical link, and enlarge the size of the lists.

If the activity considered in (a) and (b) is non-elementary, replace it with an equivalent logical link.

Step 3: If all logical links have been replaced by elementary activities, stop. Each list is a cut set. Otherwise, repeat step 2.

Note, that OR logical links in the above algorithm increase the number of cut sets, whereas AND logical links increase the size of the cut sets.

(a)

I

"11

Risk assessment of process models

(b) Activity 1 operates I

, , 12 I

I Activity 11 I Activity 12 t operates I fails ]

Fig. 5. Transformation of an exclusive OR logical link.

I I I Activity 111 Activity 12 I fails [ operates

605

To illustrate the cut sets generation algorithm, consider the fault tree in Figure 4.

Steps of the algorithm Step 0: Initialize: each logical link is labeled, each activity in the fault tree is numbered (see

Fig. 4). Step 1: The uppermost logical link A is placed in the list.

{A} Step 2: Since A is an AND logical link, therefore it is replaced by a horizontal list of the input

activities to the logical link A, i.e. {311,312, B (313)} The above notation B (313) implies that the logical link B replaces the non-elementary activity 313.

Step 3: Repeat step 2. Step 2: Replace logical link B by a horizontal list of the input activities to the logical link B, i.e.

{311, 312, C (322), D (321)} Step 3: Repeat step 2. Step 2: Replace logical link C by lists of the input activities to the logical link C, i.e.

{311, 312, 331, D (321)}, {311,312, 332, D (321)}, {311,312, 333, D (321)} Replace logical link D by lists of the input activities to the logical link D, i.e. {311,312, 331, E (334)}, {311,312, 332, E (334)}, {311,312, 333, E (334)}, {311,312, 331, F (335)}, {311, 312, 332, F (335)}, {311, 312, 333, F (335)}

Step 3: Repeat step 2. Step 2: Replace logical link E by a horizontal list of the input activities to the logical link E, and

logical link F by lists of the input activities to the logical link F, i.e. {311,312, 331,341,342, 343}, {311,312, 332, 341,342, 343}, {311,312, 333, 341,342, 343}, {311,312, 331,344}, {311,312, 331,345}, {311,312, 332, 344}, {311,312, 332, 345}, {311, 312, 333, 344}, {311,312, 333, 345}

Step 3: Since all logical links have been replaced by elementary activities, stop.

(a) 7- (b, r

Fig. 6. Transformation of an m out of n logical link.


The minimal cut sets obtained from the cut sets generation algorithm are:

CI = {311,312, 331,341,342, 343}, C2 = {311,312, 332, 341,342, 343}, C3 = {311,312, 333, 341, 342, 343}, C,={311, 312, 331, 344}, C5={311, 312, 331, 345}, C6={311, 312, 332, 344}, C7= {311,312, 332, 345}, Cs = {311,312, 333, 344}, C9= {311,312, 333, 345}.

After all minimal cut sets of a fault tree are evaluated, the reliability of the parent activity is calculated from (1)

R r A = I - j__l~ ( 1 - i[-[cj Ri) (1)

where; RpA is the reliability of the parent activity in an IDEF3 model, Ri is the reliability of elementary activity i, and n is the number of cut sets. Therefore, the reliability of the parent activity 3 of the IDEF3 process model in Fig. 3 is

RpA = 1 - (1 - R311 R 312 R331 R341 R342 R343 ) (1 - R311 R 312 R332 R341 R342 R343 ) (1 - Ral I RaI2Raa3 R341 R342 R343)(1 - Ral I R312 R331 Ru4)(1 -- Rail Ral2Raal R345) (1 - Rail RaI2Ra32R344)(1 - Ral I Ra12Raa2R345)(I - Rail Ra12Raa3 R344) (1 - Ral I R312 Raa 3 Ra45 )

6. EVALUATION OF MINIMAL PATH SETS

A minimum path set of the fault tree of a parent activity in an IDEF3 model is a collection of the smallest number of elementary activities such that, if none of the activities in the set occurs the parent activity is guaranteed to not occur. The minimal path sets generation algorithm is presented next.

The minimal path sets generation algorithm

Step 0: Initialize: label each logical link, number each activity in the fault tree. Step 1: Place uppermost logical link in the list.

Step 2: (a) Replace each AND logical link by lists of the input activities to the logical link, and increase the number of lists.

(b) Replace each OR logical link by a horizontal list of the input activities to the logical link, and enlarge the size of the lists.

Step 3:

If the activity considered in (a) and (b) is non-elementary, replace it with an equivalent logical link. If all logical links have been replaced by elementary activities, stop. Each list is a path set. Otherwise, repeat step 2.

To illustrate the path sets generation algorithm, consider the fault tree in Fig. 4.

Steps of

Step 0:

Step 1:

Step 2:

Step 3: Step 2:

Step 3:

the algorithm

Initialize: each logical link is labeled, each activity in the fault tree is numbered (see Fig. 4). The uppermost logical link A is placed in the list. {A} Since A is an AND logical link, therefore it is replaced by lists of the input activities to the logical link A, i.e. {311}, {312}, {B (313)} Repeat step 2. Replace logical link B by lists of the input activities to the logical link B, i.e. {311}, {312}, {C (321)}, {D (322)} Repeat step 2.


Step 2: Replace logical links C and D by a horizontal list of the input activities to the logical links C and D, i.e. {311}, {312}, {331, 332, 333}, {E (334), F (335)}

Step 3: Repeat step 2. Step 2: Replace logical link E by lists of the input activities to the logical link E, and logical link

F by a horizontal list of the activities to the logical link F, i.e. {311}, {312}, {331, 332, 333}, {341, 344, 345}, {342, 344, 345}, {343, 344, 345}

Step 3: Since all logical links are replaced by elementary activities, stop.

The minimal path sets obtained from the path set generation algorithm are: PI = {311}, P2 = {312}, P3 = {331,332, 333}, P4 = {341,344, 345}, P5 = {342, 344, 345}, P6 = {343, 344, 345}.

After all minimal path sets of a fault tree are evaluated, the unreliability of the parent activity is calculated from (2)

QpA = [ 1 - / E l ~ p t ( 1 - q , ) l [ 1 - i l-]v2(l- q , ) ] . . . [ 1 - i 1-Iv (1 +qi)] (2)

where; Qp^ is the unreliability of the parent activity in an IDEF3 model, and q,. is the unreliability of elementary activity i. Therefore, the unreliability of the parent activity 3 of the IDEF3 process model in Fig. 3 is

QvA = [1 -- (1 -- q3.)][1 -- (q312)][1 -- (1 -- q331)(1 - - q 3 3 2 ) ( 1 - - q333)]

[1 - - ( 1 - - q ~ ) ( 1 - - q ~ ) ( 1 - - q ~ 5 ) ] [ l - - ( 1 - - q ~ 2 ) ( 1 - - q 3 ~ ) ( l - - q ~ s ) ]

[1 -- (1 -- q343)(1 -- q~4)(l -- q345)1

7. STRUCTURAL AND RELIABILITY IMPORTANCE OF ACTIVITIES

A typical IDEF3 model includes a large number of activities connected with logical links. At the same time, each activity in the model may decompose into elementary activities. Therefore, as the size of the model increases, the application of the techniques described above becomes difficult.

In this section, a measure for structural and reliability importance of parent activities in an IDEF3 model as well as for elementary activities in a fault tree is presented.

7.1. Structural and reliability importance of parent activities

The measure of structural importance of activities does not require the estimates of their reliabilities and can provide valuable insights concerning the strengths and weaknesses of the model as well as identify activities in the model that should be of more focus.

Define:

x = (xl, x2 . . . . . . x,) the vector of outcomes of parent activities.

{~ if activity i functions x~ = if activity i fails

{~ if the IDEF3 model functions for vector x ~b(x) = if the IDEF3 model fails for vector x.

The quantitative measure of structural importance of the activities is computed as follows [11]:

nf(i)= ~ [~(1,,x)-~b(0,,x)] (3) {xlxi= I} where:

~b(ll, x)

¢,(0. x)

represents the value of the structure function when activity i functions and the state of each of the remaining activities vary, and represents the value of the structure function when activity i fails and the state of each of the remaining activities vary.


A c t i v i t y N a m e

1 - M a c h i n i n g 2 - P e r f o r m a u t o m a t e d

q u a l i t y c o n t r o l ( A Q C ) 3 - P e r f o r m p a r t i n s p e c t i o n 4 - P e r f o r m s t a t i s t i ca l a n a l y s i s 5 - A s s e m b l e p a r t s

F ig . 7. I D E F 3 p r o c e s s m o d e l .

The reliability importance of an activity considers the reliability value of the activity as well as the system structure. This measure is important in determining activities which are critical to the model from the reliability point view. The measure of reliability importance of an activity is the rate at which model reliability improves as the reliability of the activity improves and its computed as follows [11]

or the equivalent form is

8h(p) I , ( i ) = - - (4)

Ih(i ) = h(l~,p) -- h(O,,p) (5)

for O<~Ih(i)<~ 1. Under the assumption that each of the i activities is independent, and h(p) is the expected value

of the model structure function ~b(x). To illustrate the structural and reliability importance measure determination, consider the

IDEF3 process model in Fig. 7. Assume the parent activity reliabilities are ordered as follows

R 1 = 0.9 > R2 = 0.8 > R 3 = 0.7 > R4 = 0.6 > R s = 0.5

where: R; is the reliability of parent activity i. In Table 3 the measure of structural importance of parent activity 2 for the IDEF3 process model in Fig. 7 is computed.

The measures of structural and reliability importance of the parent activities in the IDEF3 process model in Fig. 7 are summarized in Table 4. This analysis implies that in order to improve the performance of the model in Fig. 7, one should focus on activities 1 and 5. The higher the value of the measure of structural importance the more important the parent activity of the model from a structural point of view. An IDEF3 model may include large number of parent activities and performing fault tree analysis for each activity in the model can be tedious. Therefore, if an analyst wants to improve the performance or perform a qualitative analysis of the model, then it is reasonable to begin with a parent activity with the highest value of the measure of structural importance and perform fault tree analysis for this activity first.

Table 3. The values o f the measure o f s t ructural impor tance o f activity 2 o f the I D E F 3 process model in Fig. 7

Possible Ou tcome of ~(xl,x2,xj,x(,xs) for x~= I ~(12,x)- ~b(O2, x) (o, i , o , o , o ) o - o = o O, 1 ,o ,o ,o) o - o = o (1, 1, 1 , 0 ,0 ) 0 - 0 = 0 (1, 1, 1, 1,0) 0 - 0 = o (1, I, 1, 1, 1) 1 - 1 = o O,l,0,1,0) o - o = o o, 1,0, 1, I) 1-o = l (I, 1,0,0, I) I -0 = I (1, 1, 1,0, 1) 1 - o = 1 (0, 1, I, 0, 0) 0 - 0 = o (0, 1, I, 1,0) o - o = o (0, 1, I, 1, 1) 0 - 0 = 0 (0, 1, 1,0, l) o - o = 0 (0, l , 0, l , 0) 0 - 0 = 0 (0, 1, o, 1, 1) 0 - 0 = o (0, 1, 0 ,0 , I) 0 - 0 = 0

nf(2) = 3


Table 4. Structural and reliability importance of parent activities of the process model in Fig. 7

Structural Reliabifity Activity importance ny(i) Rank importance lk(i ) Rank

1 5 1 0.442 2 2 3 2 0.261 3 3 1 3 0.054 5 4 1 3 0.063 4 5 5 I 0.796 1

However, if the reliability of the IDEF3 model in Fig. 7 is of concern, then one should focus on activity 5, as the largest reliability rate improvement of the model is obtained from improving the reliability of activity 5. Therefore, fault tree analysis for activity 5 should be performed to determine the elementary activities which contribute largest reliability improvement of activity 5 and describe the actions that will lead to an improvement.

7.2. Structural and reliability importance of elementary activities

In Section 7.1 the measure of the structural and reliability importance of parent activities in an IDEF3 model were presented. Similar measure of importance of elementary activities may be defined for a fault tree of an IDEF3 model.

Define: Y = (Yl ,Y2 . . . . . . y,) the vector of outcomes of elementary activities.

10 if elementary activity i functions Yi = if elementary activity i fails

10 if the parent activity functions for vector y (Y) = if the parent activity fails for vector y.

The elementary activity importance measure for the fault tree is [8]

n ( i ) = ~ [d/(1,,y)-~b(O,,y)] (6) {YlYi = I}

under the assumption that each of the i elementary activities is independent. The reliability importance l(i) of elementary activity i is computed as follows [8]

I(i ) = E[~b (1,, y) - ~b (0,, y)] (7)

assuming that each of the i elementary activities is independent. To illustrate the importance measure determination, consider the fault tree in Fig. 4. Based on

the ideas presented in Section 7.1, the values of structural importance measure n(i) for each elementary activity is calculated. The results are summarized in Table 5.

8. C O N C L U S I O N

The fault tree analysis technique for reliability evaluation and risk assessment of parent activities in an IDEF3 process model were discussed. The algorithms were presented for the evaluation of

Table 5. Structural importance of elementary activities of the fault tree

in Fig. 4

Elementary activity n(i) 311 512 312 512 331 25 332 25 333 25 341 7 342 7 343 7 344 81 345 81

CAII~ 30/4.--~


minimal cut and path sets of the fault tree. A methodology for identifying critical activities in an IDEF3 model as well as in a fault tree from structural and reliability point view were developed.

The quantitative and qualitative approaches for reliability analysis and risk assessment improves performance of an IDEF3 model, decreases downtime and operating cost of the underlying process.

Acknowledgements--The research presented in this paper has been partially supported by research funds from the U.S. Army (grant No. DAAE07-93-C-R080), National Science Foundation (grant No. DDM-9215259), and research contracts from Rockwell International Corporation.

REFERENCES

1. A. Kusiak, T. N. Larson and J. Wang. Reengineering of design and manufacturing processes. Computers Indust. Engng 26, 521-536 (1994).

2. C. Menzel, R. J. Mayer and D. D. Edwards. IDEF3 process descriptions and their semantics. In Intelligent Systems in Design and Manufacturing (Edited by Dagli C. H. and Kusiak A.), pp. 172-212. ASME Press, New York (1994).

3. C. H. Ang and R. Gray. IDEF0 modeling for project risk assessment. Computers Ind. 22, 31-45 (1993). 4. A. Kusiak and N. Larson. System reliability and risk assessment: a quantitative extension of IDEF methodologies.

Stanford University: AAAI Spring Symposium, pp. 88-93 (1994). 5. H. E. Lambert. System safety analysis and fault tree analysis. UCID-16238, 31 (2) (1973). 6. D. F. Haasle. Advanced concepts in fault tree analysis. System Safety Symposium, Boeing, Seattle (1965). 7. J. Fussel. Fault tree analysis--concepts and techniques. In Generic Techniques in Reliability Assessment (Edited by

Henley E. and Lynn J.). Noordhoff, Leyden (1976). 8. R. E. Barlow, J. B. Fussel and N. D. Singpurwalla. Reliability and Fault Tree Analysis. SIAM, Philadelphia (1975). 9. R. E. Barlow and H. E. Lambert. Introduction to Fault Tree Analysis. SIAM, Philadelphia (1975).

10. J. B. Fussel and W. E. Vesely. New methodology for obtaining cut sets for fault trees. Am. Nucl. Soc. Trans. 15, 262-263 (1972).

I I. Z. W. Birnbaum. On the importance of different components in a multi-component system. In Multivariate Analysis (Edited by Krishnaiah P. P.), pp. 581-592. Academic Press, New York (1969).

Risk assessment of process models

Documents

Transcript of Risk assessment of process models