AP01_45.vp 1 Notation g(x) Performance (limit state) function Cij Consequences of the events Eij Ctot Total expected cost Eij Events Hi Hazard situation i H1 Hazard situation under normal conditions H2 Hazard situation due to fire P(F|Hi) Probability of failure F given the situation Hi pF Probability of failure F pd Target probability of failure pf Probability P(F|H2) of structural failure during fire pfi, s Probability of fire start P(H2) pfi, d Conditional probabilities of fire flashover given H2 pfi Probability of fire flashover pt, fi Target probability of structural failure under fire design situation x Generic point of the vector of basic variables. X Vector of basic variables � Reliability index �X(x) Probability density function of the vector of basic variables X �X(x) Distribution function of the vector of basic vari- ables X 2 Introduction Design and assessment of civil structures suffer from a number of uncertainties, which can hardly be described by available theoretical tools. According to Thoft-Christensen and Baker [1], Melchers [2] and Holický [3] these uncertain- ties include: • natural randomness of basic variables, • statistical uncertainties caused by a limited size of available data, • model uncertainties caused by deficiencies of computa- tional models, • uncertainties caused by inaccuracy in definitions of limit states, • gross errors caused by human faults, • lack of understanding of actual behaviour of materials and structures. These uncertainties are listed in the order corresponding to their increasing effect on the frequency of failures and the decreasing possibility of describing them theoretically. Tradi- tional probability methods usually deal with the first three types of uncertainties only. It was shown by Holický [3] that the fourth type of uncertainty can be partly described using the theory of fuzzy sets. Theoretical tools for the description of gross errors are insufficient (as indicated by Melchers [2]), while no tools are available to describe the lack of understand- ing of the actual behaviour of new materials and structures. The available theoretical tools obviously have a limited capa- bility of describing all types of uncertainties. This adverse reality corresponds to the observed proportions of failure causes, for which informative values are indicated in Table 1 (obtained from the data provided by Melchers [2], Stewart and Melchers [4] and other publications quoted in these references). The first line in Table 1 indicates the proportions of vari- ous origins of structural failures chosen from basic activities during the construction and service-life of structures. The sec- ond line indicates relations between these activities and two main causes: gross errors (about 80 %) due to human activity and environmental effects (about 20 %), which are not directly dependent on human activity. Environmental influences include both random and haz- ard (accidental) situations, e.g. due to impact, explosion, fire and extreme climatic actions. Thus, natural randomness causes only a small proportion of the failures (about 10 %). Obviously, further development of more precise procedures based on the traditional probabilistic approach (the basis of which is mentioned in the following section) has only a limited significance. Advanced engineering design methods 8 © Czech Technical University Publishing House http://ctn.cvut.cz/ap/ Acta Polytechnica Vol. 41 No. 4 – 5/2001 Prospects for Advanced Engineering Design Based on Risk Assessment M. Holický Current approaches to the design of structures are based on the concept of target probability of failure. This value is, however, often specified on the basis of comparative studies and past experience only. Moreover, the traditional probabilistic approach cannot properly consider gross errors and accidental situations, both of which are becoming more frequent causes of failure. This paper shows that it is useful to supplement a probabilistic design procedure by a risk analysis and assessment, which can take into account the consequences of all unfavourable events. It is anticipated that in the near future advanced engineering design will include criteria of acceptable risks in addition to the traditional probabilistic conditions. Keywords: reliability, hazard situations, adverse events, costs, risk assessment, Bayessian network, advanced engineering design. Origin Design Execution Use Other 20 % 50 % 15 % 15 % Causes Gross errors due to human activity Environmental effects 80 % 20 % Table 1: The proportions of causes of structural failures should therefore attempt to consider the actual causes of failures. 3 The probabilistic method The probabilistic method of designing structures assumes that a failure F of the structure is unequivocally described by inequality g ( x) < 0, where g ( x) denotes the limit state func- tion (g ( x) = 0 describes the limit state, g ( x) > 0 the safe state), x is a realisation of the vector of basic variables X. If �X( x) in- dicates the joint probability density of the vector of the basic variables X, the probability of failure pF can be determined from the relation � � � � pF x � � ��X x x g d 0 . (1) The reliability index � is formally defined on the basis of the probability pF using the relation pF = �(��), where � is the distribution function of the standardised normal distribution. Calculation of the probability of failure pF using equation (1) suffers from two essential deficiencies, as demonstrated by Ellingwood [5]: • uncertainty in the definition of the limit state function g ( x), • uncertainties in theoretical models describing the basic variables X. These deficiencies are most likely the main sources of the observed discrepancy between the determined probability pF and the actual frequency of failures. That is why quantities pF and � are often referred to as „formal“ (notional) reliability indicators (associated with the intention to standardise theo- retical models of basic variables). However, such an approach jeopardises the nature of probabilistic concepts including the methods of probabilistic optimisation, which should provide the target probability of failure pd used in the design condition pF < pd. In order to increase the significance of probabilistic concepts a considerable effort focussed on improving the the- oretical models describing basic variables and on extending of the traditional probabilistic concepts by risk assessment meth- ods has recently been observed by Stewart and Melchers [4] and Ellingwood [5]. 4 The concept of acceptable risk The risk assessment of a system attempts to cover all possi- ble events that might lead to unfavourable effects related to the considered system. As mentioned above, these events are caused mainly by gross errors in human activity and by acci- dental actions such as impact, explosion, fire and extreme climatic loads. Adequate situations (hazard scenarios and common design situations), designated generally as Hi, will occur with the probability P(Hi). If the failure of structure F due to a particular situation Hi occurs with the conditional probability P(F|Hi), then the total probability of failure pF is given as: � � � �p F H HF i i i� �P P . (2) The conditional probabilities P(F|Hi) must be determined by a separate analysis of the respective situations Hi. Equation (2) can be used for harmonisation of the partial probabilities of failure P(F|Hi) P(Hi) corresponding to the situations Hi, and for the following risk consideration. In general, the situations Hi may cause a number of unfa- vourable events Eij (e.g. excessive deformations, full develop- ment of the fire). It is assumed that the adverse consequences of these events can be expressed by a one-component quantity Cij (for example, by the cost expressed in a certain currency). It is further assumed that the consequences Cij are mutually uniquely related to the events Eij. Then the total risk C related to the considered situations Hi is the sum � � � �C C E H Hij ij i i ij � � P P . (3) It is sometimes necessary to describe the consequences of an unfavourable phenomenon Eij by a quantity having several components, denoted as Cij, k (describing for example cost, injuries or casualties). The components Ck of the resultant risk are then given as � � � �C C E H Hk ij k ij i i ij � � , P P . (4) If it is possible to specify the acceptable limit Ck, d for the components Ck, it is possible to design the structure on the basis of the condition of acceptable risks Ck < Ck, d that supplements the probability condition pf < pd. 5 Example of a structure under a fire situation An example illustrating the concept of acceptable risks concerns a structure for which only two different situations are considered: • H1 persistent design situation, for which P(H1) = 0.99 is assumed, • H2 accidental situation during the fire, for which P(H2) = 0.01 is assumed. The persistent situation H1 is analysed using the tradi- tional probabilistic reliability analysis. An example of an analysis of situation H2 is indicated in Figure 1, which shows a Bayesian network describing the structure during a fire. The chance, decision and utility nodes indicated in Fig- ure 1 are briefly described below. A more detailed description is given by Holický and Schleich [6]. An alternative type of network and analysis was recently provided by Holický and Schleich [7]. 1 – Fire starts. The parentless chance node describing the initiation of a fire. The probability pfi, s= P(H2) = 0.01 is assumed for the positive state (fire starts) considering an office compartment of 25 m2 during its design life of 50 years. 2 – Detection by occupants. The chance node describing the detection of smoke by occupants or neighbours within a suitable time period. The conditional probability 0.9 given the fire started (parent node 1) is considered. 3 – Occupancy. The chance node describing the activity of the occupants of the building to diminish the fire. The conditional probabilities related to the states of parent nodes 2 and 6 are given by Holický and Schleich [6]. © Czech Technical University Publishing House http://ctn.cvut.cz/ap/ 9 Acta Polytechnica Vol. 41 No. 4 – 5/2001 4 – Tampering. This parentless chance node describes the interference of random factors with the automatic fire detection system (node 5). The probability 0.02 is con- sidered for the disturbing effects on the detection system. 5 – Smoke detection. The chance node describing the oper- ation of an automatic smoke detection system. The conditional probabilities related to parent nodes 1 and 4 are given by Holický and Schleich [6]. 6 – Alarm. The chance node describing the operation of an acoustic fire alarm system. The conditional probabilities related to the states of parent nodes 2, 5 and 8 are con- sidered in accordance with Holický and Schleich [6]. 7 – Tampering. The parentless chance node describing the interference of random factors with the automatic sprin- kler system (node 5). The probability 0.02 is considered for the disturbing effects on the sprinkler system. 8 – Sprinklers. The chance node describing the operation of the automatic sprinkler system (if installed). The con- ditional probabilities related to the states of parent nodes 1 and 7 are indicated by Holický and Schleich [6]. 9 – Transmission. The chance node describing the opera- tion of manual or automatic alarm transmission to the fire brigade. The conditional probabilities related to the states of parent nodes 2, 5 and 8 are given by Holický and Schleich [6]. 10 – Fire brigade. The chance node describing the operation of a professional fire brigade. The conditional prob- ability 0.9 that the fire brigade is active when the alarm (parent node 9) goes off is considered. 11 – Flashover. The chance node describing the develop- ment of the fire. The conditional probabilities related to the states of parent nodes 1, 3, 8 and 10 are given by Holický and Schleich [6]. 12 – Collapse. The chance node describing structural col- lapse under the fire design situation in the case of fire flashover. The conditional probability 0.2 of structural collapse given the fire flashover is considered in the example. 13 – Protection. The parentless decision node describing the resolution concerning protection of the structural against fire. The node has two states: ‘yes’ and ‘no’. As indicated by Holický and Schleich[6] for the state “no” the child node 12-Collapse has greater probability of a positive state than for the positive decision “yes” con- cerning structural protection. 14 – Cost. The utility node describing the cost C14(13) of structural protection (affecting node 12), which depends on the state of node 13. The relative value 10 expressed in monetary units is considered if the decision (node 13) is positive. 10 © Czech Technical University Publishing House http://ctn.cvut.cz/ap/ Acta Polytechnica Vol. 41 No. 4 – 5/2001 11-Flashover 8-Sprinklers5-Smoke det.2-Det. by occ. 1-Fire starts 4-Tampering 6-Alarm 10-Fire brigade 7-Tampering 3-Occupancy 14-Cost 16-Cost 15-Cost 9-Transmission 12-Collapse 17-Cost 13-Protection Fig. 1: An example of the Bayesian belief network representing a fire situation 15 – Cost. The utility node describing the damage cost C15(8, 10, 11) caused by the sprinklers (node 8) and the fire brigade (node 10) if the fire (node 11) does not flash- over. The relative costs expressed in the same monetary unit as cost C14(13) are indicated by Holický and Schleich [6]. If the fire develops fully (node 11), these costs are covered by utility node 16. 16 – Cost. The utility node describing the damage cost C16(11, 12) assuming that the fire flashover occurred. The relative value of 100 units expressed in the same monetary units as the costs C14(13) and C15(8, 10, 11) is assumed. 17 – Cost. The utility node describing the damage cost C17(12) due to the collapse of the structure (node 12). Relative values of the cost C17(12) from 10 5 to 108 are considered in the example. Assuming the independence of the two situations H1 and H2, it holds that P(H1) + P(H2) = 1. If P(F|H1) = 10 �5 (which is an expected value) and P(F|H2) = 10 �3, then the probabil- ity of failure is according to relation (2) � � � � � � � �p F H H F H HF � � �P P P P1 1 2 2 52 10 . (5) Further it is assumed that the following events, the first of which are related to situation H1, and the other to H2, may occur: • E11 structural failure due to exceeding the ultimate limit state, • E12 unacceptable deformations, i.e. exceeding the limit state of serviceability, • E21 activation of sprinklers (Figure 1 – chance node 8), • E22 intervention of a fire brigade (Figure 1 – chance node 10), • E23 full development of fire (Figure 1 – chance node 11), • E24 structural failure due to fire (Figure 1 – chance node 12). The conditional probabilities P(Eij|Hi) can generally be determined on the basis of a detailed probabilistic analysis of the two situations H1 and H2. Assuming that unfavourable consequences are given by quantities Cij or Cij, k corresponding to an unfavourable phe- nomenon Eij, equations (3) and (4) may be applied to de- termine the total risk C or its components Ck. Note that the unfavourable consequences C21, C22, C23 and C24 are described in Figure 1 by utility nodes 15, 16 and 17. The total expected cost Ctot can then be given by a simplified equation (3) as a sum � � � � � � � �C C C C p Ctot f� � � � 14 15 16 1713 8 10 11 11 12 12, , , (6) where, as described above, C14(13) is the cost depending on the state of node 13, C15(8, 10, 11) is the damage cost depend- ing on the states of nodes 8, 10 and 11, and C16(11, 12) is the cost due to flashover depending on the state of nodes 11 and 12. The last term in the sum pf × C17(12) is the expected cost due to structural failure (collapse), where pf is the probability of failure and C17(12) is the damage cost given the failure. The damage cost C17(12) is a complex quantity, which is dependent on many factors including the cost of the structure and other costs due to structural malfunctioning. 6 Probabilistic analysis The Bayesian network was analysed using the program HUGIN 1999. The resulting probabilities pfi of fire flashover, the conditional probabilities pfi, d, and the probabilities of structural failure pf are shown in Table 2. The probability pfi of fire flashover (0.00013) obtained by the probabilistic analysis of the network seems to be relative- ly low. Note, however, that this value is valid for the fire start probability pfi, s = P(H2) = 0.01 (corresponding to a small compartment area A = 25 m2 and a 50 year time period), which is linearly dependent on compartment area A. Thus, the input probability pfi, s may be much greater than 0.01. If, for example, the compartment area is ten times greater (250 m2), then pfi, s= 0.1 and the probabilities pfi will also be ten times greater than the values indicated in Table 2. The conditional probability pfi, d that the fire, once started, will de- velop fully (shown in the second line of Table 2), is relatively low primarily due to the relatively high efficiency of the sprin- klers considered by Holický and Schleich [6]. Table 2 also shows that the probability of structural failure may be decreased using the appropriate structural protection. However, the data given in Table 2 depend on input condi- tional probabilities, which should be determined on the basis of a detailed probabilistic analysis, taking into account the actual protection measures. Having the probability of fire flashover pfi, it is now possible to specify the target probabili- ties pt, fi of structural failure under the fire design situation using equation (2). Obviously with increasing probability of fire flashover pfi the probability pt, fi decreases. As pfi is depend- ent on compartment area A, the probabilities pt, fi are also dependent on A. Detailed discussion is provided by Holický and Schleich [6]. For large compartment areas A, the target probability pt, fi of structural failure under the fire design situation will be very small and, consequently, it may be difficult (if not impossible) to design the structure under this condition. In such a case, it may be necessary to use additional elements of the fire pro- tection system in order to decrease the probability of fire flashover pfi. It appears that the Bayesian network may effec- tively be used to model a fire protection system and, possibly, to find the optimum arrangement. For this purpose decision and utility nodes often supplement a Bayesian network like that in Figure 1. © Czech Technical University Publishing House http://ctn.cvut.cz/ap/ 11 Acta Polytechnica Vol. 41 No. 4 – 5/2001 Decision concerning protection Yes No Probabilities of fire flashover pfi assuming P(H2) = 0.01 0.00013 Conditional probabilities pfi, d of fire flashover given H2 0.013 Probability of structural failure during the fire pf = P(F |H2) 1.0 × 10�5 3.6 × 10�5 Table 2: Probabilities of fire flashover pfi and conditional proba- bilities pfi, d 7 Analysis of an influence diagram In order to perform the risk assessment under a fire design situation the Bayesian causal network in Figure 1 is supplemented by decision node 13 and four utility nodes 14, 15, 16 and 17. The purpose of the influence diagram in Fig- ure 1 is to analyse the expected total cost Ctot given by equa- tion (6). The total expected cost Ctot is dependent on the assumed probability of fire start pfi, s = P(H2). Figure 2 shows the total cost Ctot as a function of the cost C17(12). It follows from Figure 2 that for the cost C17(12) up to about 5 × 10 5 (expressed in relative monetary units), the structural protec- tion seems to be uneconomical. However for the cost C17(12) greater than 5 × 105 the expected total cost could be consid- erably lower when the structural protection is provided. It should be noted that the critical value of the cost C17(12) for which the costs both with and without structural pro- tection are equal depends on the probability of fire start pfi, s = 0.01; with increasing pfi, s the critical value decreases approximately by the same order. 8 Concluding remarks The traditional probabilistic approach to engineering de- sign covers only a small part of actual causes of structural fail- ures. A significant proportion of all failures, besides gross errors, is related to hazard scenarios (e.g. fire, impact, and explosion), which are not usually included in the traditional probabilistic analysis. For this reason, specification of the design probability of failure remains an open question (how safe is safe enough?). The methods of risk analysis and assessment are capable of encompassing more types of uncertainties than the tradi- tional probabilistic approaches, and can significantly contrib- ute to further improvement of advanced engineering design. The remarkable fact that the public is better prepared to accept certain risks than to stand for specified probabilities of failure will make the application of risk assessment easier. It is therefore anticipated that in the near future the probabilistic methods of structural design will be supplemented by the criteria of acceptable risks. The above results should be considered as examples valid for the assumed input data only. These data were assessed here without due regard to specific technological and eco- nomic conditions, which should be considered in the fire safety assessment of a particular structure. Further research is needed to specify a more detailed Bayesian network and the appropriate input conditional probabilities. In particular, cost distribution depending on the states of the parent nodes should be investigated. Nevertheless, available experience indicates that the Bayesian belief network provides a very logical and effective tool for analysing the probability of fire flashover for particular fire protection conditions. Acknowledgement This research has been conducted at the Klokner Institute of the Czech Technical University in Prague, Czech Republic as a part of research project CEZ: J04/98/210000029 “Risk Engineering and Reliability of Technical Systems”. References [1] Thoft-Christensen, P., Baker, M. J.: Structural Reliability and its Applications. Springer-Verlag Berlin, 1982 [2] Melchers, R. E.: Structural Reliability Analysis and Predic- tion. John Wiley & Sons, Chichester, 1999 [3] Holický, M.: Fuzzy Probabilistic Optimisation of Building Performance. Automation in Construction, Elsevier, Am- sterdam, 8(4), 1999, pp. 437– 443. [4] Stewart, M. G., Melchers, R. E.: Probabilistic Risk Assess- ment of Engineering Systems. Chapman & Hall, London, 1997 [5] Ellingwood, B. R.: Probability-Based Structural Design: Pro- spect for Acceptable Risk Bases. In: Application of Statistics and Probability ICASP 8. Balkema Rotterdam, 1999, pp. 11–18 [6] Holický, M., Schleich, J.-B.: Fire Safety Assessment using Bayesian Causal Network. In: Foresight and Precaution Conference, Edinburgh, May 2000, pp. 1301–1306 [7] Holický, M., Schleich, J.-B.: Estimation of Risk under Fire Design Situation. In: Proc. of Risk Analysis 2000 Confer- ence, Bologna, WITpress, Southampton, Boston, 2000, pp. 63–72 Doc. Ing. Milan Holický, PhD., DrSc. phone: +420 2 24310208 fax: +420 0 24355232 e-mail: holicky@vc.cvut.cz Czech Technical University in Prague Klokner Institute Šolínova 7, 166 08 Praha 6, Czech Republic 12 Acta Polytechnica Vol. 41 No. 4 – 5/2001 1 10 100 1000 10 5 10 6 10 7 10 8 Without protection With protection Ctot C17(12) Fig. 2: Expected total cost Ctot versus cost C17(12) due to structural collapse for pfi, s = P(H2) = 0.01