784 5 Safety and Risk i n Engineering Design The conditions description set d i9 can be represented by the set of input vari- ables IV 9 = {iv 1 , ,iv n },whered i9 = conditions description data object with IV 9 = {function description, failure description, failure effects, failur e conse- quences, failure causes, failure mode description, failure frequency, restoration tasks description, procedure description, maintainability, etc.}. The conditions failure output variable set d o7 can be represented by the set of output variables OV 7 = {ov 1 , ,ov m },whered o7 is the conditions failure data object with OV 7 = {failure severity, probability of consequence, failure risk, fail- ure criticality, failure downtime, restoration downtime, availability, etc.}. • Let Ks 4 be the design assessment module. This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasadesign specification set, d i10 , and computes a design criteria output variable set, d o8 . The design specification set d i10 can be represented by the set of following in- put variables IV 10 = {iv 1 , ,iv n },whered i10 = design specification data object with IV 10 = {mass, volume, capacity, circulation, agitation, fluids, solids, con- sumption, heat input, energy input, etc.}. The design criteria output variable set d o8 can be represented by the set of output variables OV 8 = {ov 1 , ,ov m },whered o8 is the design criteria data object with OV 8 = {efficiency, flow, precipitation, throughput, output, pressure, viscosity, absorption, temperature, losses, etc.}. • Let Ks 5 be the hazardous operations (HazOp) assessment module. This knowl- edge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellastheoperational hazards set d i11 , and computes an operational risk output variable set, d o9 . The operational hazards set d i11 can be represented by the set of input vari- ables IV 11 = {iv 1 , ,iv n },whered i11 = operational hazards data object with IV 11 = {efficiency rating, flow rating, throughput rating, output rating, pressure rating, temperature rating, design torque, design stress, etc.}. The operational risk output variable set d o9 can be represented by the set of output variables OV 9 = {ov 1 , ,ov m },whered o9 is the operational risk data object with OV 9 = {operational failure description, operational failure effects, operational failure consequences, operational failure causes, etc.}. Systems analysis section • Let Ks 6 be the systems definition module. This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasasystems description input, d i12 , and computes a systems definition output variable set, d o10 . There is no output variable set for systems description input. The systems definition output variable set d o10 can be represented by the set of output variables OV 10 = {ov 1 , ,ov m },whered o10 is the systems definition data object with OV 10 = {system efficiency rating, system flow rating, system output rating, system pressure rating, system temperature rating, etc.}. • Let Ks 7 be the functions analysis module. This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasafunc- 5.4 Application Modelling of Safety and Risk in Engineering Design 785 tions description input, d i13 , and computes a functions definition output variable set, d o11 . There is no output variable set for functions description input. The functions definition output variable set d o11 can be represented by the set of outputvariablesOV 11 = {ov 1 , ,ov m },whered o11 is the functions definition ob- ject with OV 11 = {type, make, size, weight, capacity, cooling, insulation, power rating, power source, governing,rotation,speed, acceleration, torque,stress, volt- age, current, etc.}. • Let Ks 8 be the FMEA module.This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasafailure modes set, d i14 , and computes a failure effects output variable set, d o12 . The failure modes set d i14 can be represented by the set of input variables IV 14 = {iv 1 , ,iv n },whered i14 is the failure modes data object with IV 14 = {system failure description, system failure mode description, etc.}. The failure effects output variable set d o12 is represented by the set of output variables OV 12 = {ov 1 , ,ov m },whered o12 is the failure effects data object with OV 12 = {system failure effects, system failure severity, etc.}. • Ks 9 is the risk evaluation module. This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasarisk identifica- tion set, d i15 , and computes a failure risk output variable, d o13 . The risk identification set d i15 can be represented by the set o f input vari- ables IV 15 = {iv 1 , ,iv n },whered i15 is the risk identification data object with IV 15 = {system failure effects, system failure consequences,system failure mode description, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}. Table 5.28 The AIB blackboard data object construct Data object input variables Data object output variables d i1 = Plant/facility d o1 = Process sequence d i2 = Operation/area d o2 = Mass balance d i3 = Section/building d o3 = Heat balance d i4 = System/process d o4 = Energy balance d i5 = Assembly/unit d o5 = Utilities balance d i6 = Component/item d o6 = Performance output d i7 = Process description d o7 = Conditions failure d i8 = Performance specification d o8 = Design criteria d i9 = Conditions description d o9 = Operational risk d i10 = Design specification d o10 = Systems definition d i11 = Operational hazards d o11 = Functions definition d i12 = Systems description d o12 = Failure effects d i13 = Functions description d o13 = Failure risk d i14 = Failure modes d o14 = Failure criticality d i15 = Risk identification d i16 = Failure identification 786 5 Safety and Risk in Engineering Design • Let Ks 10 be the criticality analysis module. This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 ,aswellasafailure identification set, d i16 , and computes a failure criticality output variable, d o14 . The failure identification set d i16 can be represented by the set of input vari- ables IV 16 = {iv 1 , ,iv n },whered i16 is the failure identification data object with IV 16 = {system function description, system failure description, system failure consequences, system failure causes, system failure mode description, system failure frequency, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}. The input and output variable sets are summarised in Table 5.28. d) The AIB Blackboard Model Specifications The AIB blackboard model developed for determining the integrity of engineer- ing design, has basically three levels of application which in effect divides the blackboard model into three separate blackboard sections: a process design black- board section (B1),asystems design blackboard section (B2),andasystems pro- cedures blackboard section (B3). The process design blackboard section, (B1), is constrained to the input and output variables directly related to the process anal- ysis section, while the systems design blackboard section, (B2), is constrained to the input and output variables directly related to the plant analysis section, and the systems procedures blackboard section, (B3), is constrained to the input and output variables directly related to the operations analysis section. Specification of the process design blackboard section (B1) X i = {d i1 ,d i2 ,d i3 ,d i4 ,d i5 ,d i6 ,d i7 ,d i8 ,d i9 ,d i10 ,d i11 }; X o = {d o1 ,d o2 ,d o3 ,d o4 ,d o5 ,d o6 ,d o7 ,d o8 ,d o9 }; P i = {IV 6 ×IV 8 ×IV 9 ×IV 10 ×IV 11 }; P o = {OV 6 ×OV 7 ×OV 8 ×OV 9 }; β = {ks 1 ,ks 2 ,ks 3 ,ks 4 ,ks 5 }; where d i1 , d i2 , d i3 , d i4 , d i5 , d i6 = IV 6 , d o1 , d o2 , d o3 , d o4 , d o5 = OV 5 ; ks 1 = {IV 6 ,d i7 ,OV 5 } ks 2 = {IV 6 ,d i8 ,d o6 } = {IV 6 ,IV 8 ,OV 6 } ks 3 = {IV 6 ,d i9 ,d o7 } = {IV 6 ,IV 9 ,OV 7 } ks 4 = {IV 6 ,d i10 ,d o8 } = {IV 6 ,IV 10 ,OV 8 } ks 5 = {IV 6 ,d i11 ,d o9 } = {IV 6 ,IV 11 ,OV 9 } . For each knowledge source ks j in β is an input set, Ψ j , containing all of the input variables of ks j , and an output set, Φ j , containing all of the output variables of ks j : Ψ 1 = {IV 6 ,d i7 } Φ 1 = {OV 5 } Ψ 2 = {IV 6 ,IV 8 } Φ 2 = {OV 6 } Ψ 3 = {IV 6 ,IV 9 } Φ 3 = {OV 7 } Ψ 4 = {IV 6 ,IV 10 } Φ 4 = {OV 8 } Ψ 5 = {IV 6 ,IV 11 } Φ 5 = {OV 9 } . 5.4 Application Modelling of Safety and Risk in Engineering Design 787 Table 5.29 Computation of Γ j,k and θ j,k for blackboard B1 Γ 1,2 = Φ 1 ∩ Φ 2 = {OV 5 }∩{OV 6 } = 0 θ 1,2 = Φ 1 ∩ Ψ 2 = {OV 5 }∩{IV 6 ,IV 8 } = 0 Γ 1,3 = Φ 1 ∩ Φ 3 = {OV 5 }∩{OV 7 } = 0 θ 1,3 = Φ 1 ∩ Ψ 3 = {OV 5 }∩{IV 6 ,IV 9 } = 0 Γ 1,4 = Φ 1 ∩ Φ 4 = {OV 5 }∩{OV 8 } = 0 θ 1,4 = Φ 1 ∩ Ψ 4 = {OV 5 }∩{IV 6 ,IV 10 } = 0 Γ 1,5 = Φ 1 ∩ Φ 5 = {OV 5 }∩{OV 9 } = 0 θ 1,5 = Φ 1 ∩ Ψ 5 = {OV 5 }∩{IV 6 ,IV 11 } = 0 Γ 2,1 = Φ 2 ∩ Φ 1 = {OV 6 }∩{OV 5 } = 0 θ 2,1 = Φ 2 ∩ Ψ 1 = {OV 6 }∩{IV 6 ,IV 7 } = 0 Γ 2,3 = Φ 2 ∩ Φ 3 = {OV 6 }∩{OV 7 } = 0 θ 2,3 = Φ 2 ∩ Ψ 3 = {OV 6 }∩{IV 6 ,IV 9 } = 0 Γ 2,4 = Φ 2 ∩ Φ 4 = {OV 6 }∩{OV 8 } = 0.7 θ 2,4 = Φ 2 ∩ Ψ 4 = {OV 6 }∩{IV 6 ,IV 10 } = 0 Γ 2,5 = Φ 2 ∩ Φ 5 = {OV 6 }∩{OV 9 } = 0 θ 2,5 = Φ 2 ∩ Ψ 5 = {OV 6 }∩{IV 6 ,IV 11 } = 0.7 Γ 3,1 = Φ 3 ∩ Φ 1 = {OV 7 }∩{OV 5 } = 0 θ 3,1 = Φ 3 ∩ Ψ 1 = {OV 7 }∩{IV 6 ,d i7 } = 0 Γ 3,2 = Φ 3 ∩ Φ 2 = {OV 7 }∩{OV 6 } = 0 θ 3,2 = Φ 3 ∩ Ψ 2 = {OV 7 }∩{IV 6 ,IV 8 } = 0 Γ 3,4 = Φ 3 ∩ Φ 4 = {OV 7 }∩{OV 8 } = 0 θ 3,4 = Φ 3 ∩ Ψ 4 = {OV 7 }∩{IV 6 ,IV 10 } = 0 Γ 3,5 = Φ 3 ∩ Φ 5 = {OV 7 }∩{OV 9 } = 0 θ 3,5 = Φ 3 ∩ Ψ 5 = {OV 7 }∩{IV 6 ,IV 11 } = 0 Γ 4,1 = Φ 4 ∩ Φ 1 = {OV 8 }∩{OV 5 } = 0 θ 4,1 = Φ 4 ∩ Ψ 1 = {OV 8 }∩{IV 6 ,d i7 } = 0 Γ 4,2 = Φ 4 ∩ Φ 2 = {OV 8 }∩{OV 6 } = 0.6 θ 4,2 = Φ 4 ∩ Ψ 2 = {OV 8 }∩{IV 6 ,IV 8 } = 1.0 Γ 4,3 = Φ 4 ∩ Φ 3 = {OV 8 }∩{OV 7 } = 0 θ 4,3 = Φ 4 ∩ Ψ 3 = {OV 8 }∩{IV 6 ,IV 9 } = 0 Γ 4,5 = Φ 4 ∩ Φ 5 = {OV 8 }∩{OV 9 } = 0 θ 4,5 = Φ 4 ∩ Ψ 5 = {OV 8 }∩{IV 6 ,IV 11 } = 0.6 Γ 5,1 = Φ 5 ∩ Φ 1 = {OV 9 }∩{OV 5 } = 0 θ 5,1 = Φ 5 ∩ Ψ 1 = {OV 9 }∩{IV 6 ,d i7 } = 0 Γ 5,2 = Φ 5 ∩ Φ 2 = {OV 9 }∩{OV 6 } = 0 θ 5,2 = Φ 5 ∩ Ψ 2 = {OV 9 }∩{IV 6 ,IV 8 } = 0 Γ 5,3 = Φ 5 ∩ Φ 3 = {OV 9 }∩{OV 7 } = 0 θ 5,3 = Φ 5 ∩ Ψ 3 = {OV 9 }∩{IV 6 ,IV 9 } = 1.0 Γ 5,4 = Φ 5 ∩ Φ 4 = {OV 9 }∩{OV 8 } = 0 θ 5,4 = Φ 5 ∩ Ψ 4 = {OV 9 }∩{IV 6 ,IV 10 } = 0 Once Ψ j and Φ j have been established for all ks j in β ,thesets Γ j,k and θ j,k can be computed for all knowledge source pairs {ks j ,ks k } in β (j = k)where Γ j ,k = Φ j ∩ Φ k and θ j,k = Φ j ∩ Ψ k .Theset Γ j,k is computed to assess functional specialisation, whereas the set θ j,k is com puted to assess serialisation and interde- pendence (Table 5.29). Knowledge source specialisation Ω j,k is computed from (Eq. 5.120), knowledge source serialisation Σ j,k is computed from (Eq. 5.121), and knowledge source inter- dependence Π j,k is computed from (Eq. 5.122) (McManus 1992). From Table 5.29, the sets Γ j,k and θ j,k for the pairs of data objects that are zero in- dicate that their specialisation, serialisation and interdependence are also zero, with the conclusion that the relevant knowledge sources are highly specialised with no serialisation and total independence,making these suitable for concurrent execution. However, the sets Γ j,k and θ j,k for certain pairs of data objects that are not zero indicate that their specialisation, serialisation or interdependence will also not be zero, resulting in a d iminished capability for concurrent execution. These sets’ val- ues are given below (Table 5.30). Table 5.30 Computation of non-zero Ω j,k , Σ j,k and Π j,k for blackboard B1 Γ 2,4 = 0.7 θ 2,4 = 0 Ω 2,4 = 0.67 Σ 2,4 = 0 Π 2,4 = 0 Γ 2,5 = 0 θ 2,5 = 0.7 Ω 2,5 = 0 Σ 2,5 = 0.43 Π 2,5 = 0.67 Γ 4,2 = 0.6 θ 4,2 = 1.0 Ω 4,2 = 0.67 Σ 4,2 = 1.0 Π 4,2 = 1.0 Γ 4,5 = 0 θ 4,5 = 0.6 Ω 4,5 = 0 Σ 4,5 = 0.75 Π 4,5 = 0.75 Γ 5,3 = 0 θ 5,3 = 1.0 Ω 5,3 = 0 Σ 5,3 = 0.40 Π 5,3 = 1.0 788 5 Safety and Risk in Engineering Design Specification of the systems design blackboard section (B2) X i = {d i1 ,d i2 ,d i3 ,d i4 ,d i5 ,d i6 ,d i12 ,d i13 ,d i14 ,d i15 ,d i16 }; X o = {d o10 ,d o11 ,d o12 ,d o13 ,d o14 }; P i = {IV 6 ×IV 14 ×IV 15 ×IV 16 }; P o = {OV 10 ×OV 11 ×OV 12 }; β = {ks 6 ,ks 7 ,ks 8 ,ks 9 ,ks 10 }; where d i1 , d i2 , d i3 , d i4 , d i5 , d i6 = IV 6 and d o10 = OV 10 ; ks 6 = {IV 6 ,d i12 ,OV 10 } ks 7 = {IV 6 ,d i13 ,d o11 } = {IV 6 ,d i13 ,OV 11 } ks 8 = {IV 6 ,d i14 ,d o12 } = {IV 6 ,d i14 ,OV 12 } ks 9 = {IV 6 ,d i15 ,d o13 } = {IV 6 ,IV 15 ,d o13 } ks 10 = {IV 6 ,d i16 ,d o14 } = {IV 6 ,IV 16 ,d o14 } . For each knowledge source ks j in β is an input set, Ψ j , containing all of the input variables of ks j and an output set, Φ j , containing all of the output variables of ks j : Ψ 6 = {IV 6 ,d i12 } Φ 6 = {OV 10 } Ψ 7 = {IV 6 ,d i13 } Φ 7 = {OV 11 } Ψ 8 = {IV 6 ,IV 14 } Φ 8 = {OV 12 } Ψ 9 = {IV 6 ,IV 15 } Φ 9 = {d o13 } Ψ 10 = {IV 6 ,IV 16 } Φ 10 = {d o14 } . Once Ψ j and Φ j have been established for all ks j in β ,thesets Γ j,k and θ j,k can be computed for all knowledge source pairs {ks j ,ks k } in β (j = k)where Γ j,k = Φ j ∩ Φ k and θ j,k = Φ j ∩ Ψ k .Theset Γ j,k is computed to assess functional specialisation, whereas the set θ j,k is com puted to assess serialisation and interde- pendence. From Table 5.31, the sets Γ j,k and θ j,k for the pairs of data objects that are zero in- dicate that their specialisation, serialisation and interdependence are also zero, with the conclusion that the relevant knowledge sources are highly specialised with no serialisation and totalindependence,making these suitable for concurrentexecution. However, the sets Γ j,k and θ j,k for certain pairs of data objects that are not zero indicate that their specialisation, serialisation or interdependence will also not be zero, resulting in a diminished capability for concur rent execution. These sets’ values are given below (Table 5.32). e) Findings of Specialisation, Serialisation or Interdependence Computation As previously indicated, the set Γ j,k is computed to assess functional specialisation and the cardinality of the set Γ j,k for each pair {ks j ,ks k } in β is a measure of the output overlap for the pair {ks j ,ks k } (i.e. a measure of the specialisation of pairs of knowledge sources). Knowledge source pairs {ks j ,ks k } with a large output overlap imply that ks j and ks k share a large number of output variables and, thus, have similar functions. Knowledge source pairs {ks j ,ks k } with a low overlap imply that ks j and ks k have different functions. 5.4 Application Modelling of Safety and Risk in Engineering Design 789 Table 5.31 Computation of Γ j,k and θ j,k for blackboard B2 Γ 6,7 = Φ 6 ∩ Φ 7 = {OV 10 }∩{OV 11 } = 0 θ 6,7 = Φ 6 ∩ Ψ 7 = {OV 10 }∩{IV 6 ,IV 14 } = 0 Γ 6,8 = Φ 6 ∩ Φ 8 = {OV 10 }∩{OV 12 } = 0 θ 6,8 = Φ 6 ∩ Ψ 8 = {OV 10 }∩{IV 6 ,IV 14 } = 0 Γ 6,9 = Φ 6 ∩ Φ 9 = {OV 10 }∩{d o13 } = 0 θ 6,9 = Φ 6 ∩ Ψ 9 = {OV 10 }∩{IV 6 ,IV 15 } = 0 Γ 6,10 = Φ 6 ∩ Φ 10 = {OV 10 }∩{d o14 } = 0 θ 6,10 = Φ 6 ∩ Ψ 10 = {OV 10 }∩{IV 6 ,IV 16 } = 0 Γ 7,6 = Φ 7 ∩ Φ 6 = {OV 11 }∩{OV 10 } = 0 θ 7,6 = Φ 7 ∩ Ψ 6 = {OV 11 }∩{IV 6 ,d i12 } = 0 Γ 7,8 = Φ 7 ∩ Φ 8 = {OV 11 }∩{OV 12 } = 0 θ 7,8 = Φ 7 ∩ Ψ 8 = {OV 11 }∩{IV 6 ,IV 14 } = 0 Γ 7,9 = Φ 7 ∩ Φ 9 = {OV 11 }∩{d o13 } = 0 θ 7,9 = Φ 7 ∩ Ψ 9 = {OV 11 }∩{IV 6 ,IV 15 } = 0 Γ 7,10 = Φ 7 ∩ Φ 10 = {OV 11 }∩{d o14 } = 0 θ 7,10 = Φ 7 ∩ Ψ 10 = {OV 11 }∩{IV 6 ,IV 16 } = 0 Γ 8,6 = Φ 8 ∩ Φ 6 = {OV 12 }∩{OV 10 } = 0 θ 8,6 = Φ 8 ∩ Ψ 6 = {OV 12 }∩{IV 6 ,d i12 } = 0 Γ 8,7 = Φ 8 ∩ Φ 7 = {OV 12 }∩{OV 11 } = 0 θ 8,7 = Φ 8 ∩ Ψ 7 = {OV 12 }∩{IV 6 ,d i13 } = 0 Γ 8,9 = Φ 8 ∩ Φ 9 = {OV 12 }∩{d o13 } = 0 θ 8,9 = Φ 8 ∩ Ψ 9 = {OV 12 }∩{IV 6 ,IV 15 } = 1.0 Γ 8,10 = Φ 8 ∩ Φ 10 = {OV 12 }∩{d o14 } = 0 θ 8,10 = Φ 8 ∩ Ψ 10 = {OV 12 }∩{IV 6 ,IV 16 } = 1.0 Γ 9,6 = Φ 9 ∩ Φ 6 = {d o13 }∩{OV 10 } = 0 θ 9,6 = Φ 9 ∩ Ψ 6 = {d o13 }∩{IV 6 ,d i12 } = 0 Γ 9,7 = Φ 9 ∩ Φ 7 = {d o13 }∩{OV 11 } = 0 θ 9,7 = Φ 9 ∩ Ψ 7 = {d o13 }∩{IV 6 ,d i13 } = 0 Γ 9,8 = Φ 9 ∩ Φ 8 = {d o13 }∩{OV 12 } = 0 θ 9,8 = Φ 9 ∩ Ψ 8 = {d o13 }∩{IV 6 ,IV 14 } = 0 Γ 9,10 = Φ 9 ∩ Φ 10 = {d o13 }∩{d o14 } = 0 θ 9,10 = Φ 9 ∩ Ψ 10 = {d o13 }∩{IV 6 ,IV 16 } = 1.0 Γ 10,6 = Φ 10 ∩ Φ 6 = {d o14 }∩{OV 10 } = 0 θ 10,6 = Φ 10 ∩ Ψ 6 = {d o14 }∩{IV 6 ,d i12 } = 0 Γ 10,7 = Φ 10 ∩ Φ 7 = {d o14 }∩{OV 11 } = 0 θ 10,7 = Φ 10 ∩ Ψ 7 = {d o14 }∩{IV 6 ,d i13 } = 0 Γ 10,8 = Φ 10 ∩ Φ 8 = {d o14 }∩{OV 12 } = 0 θ 10,8 = Φ 10 ∩ Ψ 8 = {d o14 }∩{IV 6 ,IV 14 } = 0 Γ 10,9 = Φ 10 ∩ Φ 9 = {d o14 }∩{OV 13 } = 0 θ 10,9 = Φ 10 ∩ Ψ 9 = {d o14 }∩{IV 6 ,IV 15 } = 0 Table 5.32 Computation of non-zero Ω j,k , Σ j,k and Π j,k for blackboard B2 Γ 8,9 = 0 θ 8,9 = 1.0 Ω 8,9 = 0 Σ 8,9 = 0.28 Π 8,9 = 1.0 Γ 8,10 = 0 θ 8,10 = 1.0 Ω 8,10 = 0 Σ 8,10 = 0.18 Π 8,10 = 1.0 Γ 9,10 = 0 θ 9,10 = 1.0 Ω 9,10 = 0 Σ 9,10 = 0.64 Π 9,10 = 1.0 From Table 5.30, the knowledge sources ks 2 = {IV 6 ,IV 8 ,OV 6 } and ks 4 = {IV 6 ,IV 10 ,OV 8 } have a relatively low level of functional specialisation with a large output overlap, where ks 2 and ks 4 share a large number of output variables and, thus, have similar functions. The knowledge source ks 2 = the performance assessment module with output variable set OV 6 = {efficiency rating, flow rating, throughput rating, output rating, yield, pressure rating, consistency, temperature rating, productivity, etc.}. The knowledge source ks 4 = the design assessment module with output variable set OV 8 = {efficiency, flow, precipitation, throughput, output, pressure, viscosity, absorption, temperature, losses, etc.}. Similarly, the set θ j,k is computed to assess serialisation and interdependence. The cardinality o f the set θ j,k for each pair {ks j ,ks k } in β , compared to the car- dinality of the set Ψ k , is a measure of the input overlap for the pair {ks j ,ks k } (i.e. a measure of the serialisation of pairs of knowledge sources). Knowledge source pairs {ks j ,ks k } with a large input overlap imply that ks j and ks k share a large num- ber of output to input variables and, thus, form serialised execution. Knowledge source pairs {ks j ,ks k } with a low input overlap imply that ks j and ks k can execute separately. 790 5 Safety and Risk in Engineering Design Knowledge sources ks 2 = {IV 6 ,IV 8 ,OV 6 }, ks 4 = {IV 6 ,IV 10 ,OV 8 } and ks 5 = {IV 6 ,IV 11 ,OV 9 } have a relatively high level of serialisation and interdependence with a large input overlap,and share a large numberof output to input variables,thus forming serialised execution in the blackboard section (B1), related to the process analysis section. Knowledge sources ks 8 = {IV 6 ,d i14 ,OV 12 }, ks 9 = {IV 6 ,IV 15 ,d o13 } and ks 10 = {IV 6 ,IV 16 ,d o14 } also have a relatively high level of serialisation and in- terdependence with an input overlap, and share a varied number of output to input variables, thus forming serialised execution in the blackboard section (B2), related to the systems analysis section. The relativeinput overlapsforknowledgesources ks 8 and ks 9 are small compared to that for knowledge source ks 10 , which requires a significant effort for re-design of the knowledge source resulting in concentrated focus on ks 10 . Knowledge source ks 8 = the FMEA module with the input variable set IV 14 = {system failure description, system failure mode description, etc.}. Knowledge source ks 9 = the risk evaluation module with the input variable set IV 15 = {system failure effects, system failure consequences, system failure mode description, sys- tem probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}. Knowledge source ks 10 = the criticality analysis module with the input variable set IV 16 = {system function description, system failure de- scription, system failure effects, system failure consequences, system failure causes, system failure mode description, system failure frequency, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}. It is quite apparent that these knowledge sources share the same input variables, not necessarily requiring serialised execution based on their serialisation value, Σ j,k , but having a tight output to input connectivity (value=1.0) where the knowledge sources are totally interdependent. 5.4.3 Application Modelling Outcome Of the ten knowledge sources evaluated in the two blackboard sections, B1 and B2, for the process analysis section and the systems analysis section of the AIB blackboard model respectively, several knowledge sources failed to meet stringent constraints of specialisation, serialisation or interdependence. This prompted re- design of some of the knowledge sources’ interconnectivity to minimise serialised execution in the AIB blackboard model, whereby automated continual design re- views could be conducted throughout the engineering design process on the basis of concurrent evaluations of design integrity in an integrated collaborative engineering design environment. The performance assessment module and the design assessment module of the process analysis section were found to have a relatively low level of functional spe- cialisation with a large output overlap, indicating that a large number o f output vari- 5.5 Revie w Exercises and References 791 ables were common and, thus, had similar functions. This necessitated combining the two knowledge sources both in access and in application during re-design of the knowledge sources, thereby enhancing functional specialisation of the process design blackboard section (B1). The FMEA module, risk evaluation module, and criticality analysis module o f the systems analysis section of the AIB b lackboard model had a relative input over- lap, indicating that they shared a varied number of output to input variables, thus forming serialised execution. However, the relative input overlap for the FMEA and risk evaluatio n knowledge sources were small compared to the criticality analysis knowledge source. The relatively low serialisation value for the FMEA and risk evaluation modules indicated that these knowledge sources shared the same input variables but did not necessarily have complete serialised execution. The criticality analysis module had a relatively high serialisation value (64%), indicating the need for a high level of serialised execution. All three knowledge sources had a tight output to input connectivity (value=1.0), where the knowledge sources were totally interdependent. This necessitated combining the three knowledge sources both in access and in application during re-design of the knowledge sources, thereby en- hancing functional independence of the systems design blackboard section (B2). 5.5 Review Exercises and References Review Exercises 1. Discuss and compare fault-tree analysis (FTA), root cause analysis (RCA), and event tree analysis (ETA) for determining system safety in engineering design. 2. Discuss the general application of cause-consequence analysis for determining system safety in engineering design. 3. Give a brief account of the process of hazardous operability (HazOp) studies in designing for safety, considering concepts such as design representations, entities and their attributes, guidewords and interpretations, process parameter selection, point of reference, consequences and safeguards, and deriving recom- mendations. 4. Explain deviations from design intent and screening for causes of deviations. 5. Discuss the significance of safety and risk analysis in engineering design. 6. Describe the use of cost risk models, considering feature-based costing, para- metric costing and risk analysis in designing for safety. 7. Discuss traditional cost estimating and consider comparisons between paramet- ric cost estimating and qualitative cost estimating. 8. Discuss the significance of risk cost analysis in designing for safety. 9. Discuss process operational risk modelling and give an overview of developing a risk hypothesis and risk equation and measures. 10. Give a brief accountofthe application of hazard and operability (HazOp)studies for risk prediction in designing for safety. 792 5 Safety and Risk in Engineering Design 11. Give an example of primary and secondary keywords in a HazOp study for risk prediction in engineering design. 12. Briefly describe the steps in the HazOp study methodology. 13. Consider the concept of hazard and operability modelling. 14. Describe qualitative modelling for hazard ide ntification in contrast to a quanti- tative representation of uncontrolled processes. 15. Discuss checking safety by reachability analysis. 16. Give a brief description of the application of Markov point processes in design- ing for safety. 17. Define point process parameters. 18. Explain Markov chains and critical risk in safety analysis. 19. Briefly discuss the application of Kolmogorov differential equations. 20. Describe the Q-matrix. 21. Discuss critical risk theory in designing for safety. 22. Explain the concept of delayed fatalities. 23. Give a b rief account of fault-tree analysis (FTA) for safety systems design and assessment of safety protection systems. 24. Discuss design optimisation in designing for safety. 25. Describe the process of assessment of safety systems with FTA. 26. Describe common cause failures in root cause analysis (RCA). 27. Define CMF and CCF and consider problems with applying CCF in safety and risk analysis for engineering d esign 28. Explain point process event tree analysis in designing for safety by determining the source of risk and designing for safety requirements. 29. Define probabilistic safety evaluation (PSE) 30. Explain point process consequence analysis. 31. Discuss the relationship between cause-consequence analysis, FTA and reliabil- ity analysis. 32. Give a brief account of fault tree, reliability block d iagram, and event tree trans- formations. 33. Briefly describe the process of RBD to fault tree transformation. 34. Briefly describe fault tree to RBD transformation. 35. Briefly describe RBD and fault tree to event tree transformation. 36. Briefly describe event tree to RBD and fault tree transformation. 37. Give a brief description of structuring the cause-consequence diagram with event ordering and cause-consequence diagram construction. 38. Discuss failure modes and safety effects (FMSE) evaluation. 39. Define safety criticality analysis. 40. Define risk-based maintenance. 41. Discuss the significance of safety criticality analysis and risk-based maintenance in designing for safety. 42. Discuss risk analysis and decision criteria in designing for safety. 43. Define qu alitative criticality analysis. 44. Describe residual life evaluation. 5.5 Revie w Exercises and References 793 45. Consider the concepts of failure probability, reliability and residual life in de- signing for safety. 46. Define sensitivity testing. 47. Consider establishing an analytic basis for developing an intelligent computer automated system, including concepts such as a computer automated design space. 48. Discuss preferences and fuzzy rules, and dynamic constraints and scenarios in developing an intelligent computer automated system. 49. Discuss evolutionary computing and evolutionary design. 50. Define evolutionary algorithms (EA). 51. Describe the fundamentals of evolutionary algorithms. 52. Define genetic algorithms (GA). 53. Describe the fundamentals of genetic algorithms (GA). 54. Consider genetic algorithms in optimal safety system design. 55. Give a brief account of safety design considerations in the design optimisation problem. 56. Discuss systems analysis with GAs and fault trees. 57. Describe the concepts of algorithm description and binary decision diagrams in GA methodology for optimal safety system design. 58. Give an example of a genetic algorithm application in designing for safety, with typical results expected of the GA methodology. 59. Briefly describe artificial neural network (ANN) m odelling in designing for safety. 60. Give a brief description of the building blocks of artificial neural networks (ANNs) and consider a typical structure of the ANN. 61. Briefly describe the process of learning in artificial neural networks. 62. Consider back propagation in artificial neural networks. 63. Briefly discuss the application of fuzzy neural rule-based systems in designing for safety. 64. Give a brief account of the significance of artificial neural networks in engineer- ing design. 65. Describe the various ANN computational architectures. References AFSC DH 1-6 (1967) System safety design handbook. United States Air Force Systems Command AIChE (1985) Guidelines for event tree analysis. American Institute of Chemical Engineers, Cen- ter for Chemical Process Safety, New York AIChE (1992) Guidelines for hazard ev aluation procedures. American Institute of Chemical Engi- neers, Center for Chemical Process Safety, Ne w York Akers SB (1978) Binary decision diagrams. IEEE Trans Computers vol C-27, no 6, June Andrews JD (1994) Optimal safety system design using fault tree analysis. Proc Inst Mech Engrs 208 I Mech E:123–131 Andrews JD, Morgan JM (1986) Application of the digraph method of fault tree construction to process plant. Reliability Eng 14:85–106 . Define CMF and CCF and consider problems with applying CCF in safety and risk analysis for engineering d esign 28. Explain point process event tree analysis in designing for safety by determining the. and deriving recom- mendations. 4. Explain deviations from design intent and screening for causes of deviations. 5. Discuss the significance of safety and risk analysis in engineering design. 6 safety. 792 5 Safety and Risk in Engineering Design 11. Give an example of primary and secondary keywords in a HazOp study for risk prediction in engineering design. 12. Briefly describe the steps in the