 |
| The front end of the traditional PRA
process involves the identification of accident initiators; this is often
done with the use of a Master Logic Diagram. In the case of QRAS, the front end is a graphical, point-and-click, hierarchical picture (tree-like in appearance) of the system being modeled, together with its elements, subsystems, and sub-subsystems—it is called the System Hierarchy (this is one of the engineer-friendly features of QRAS). It is to this tree that the QRAS user attaches known accident initiators or failure modes. The QRAS System Hierarchy feature may also be used to construct a Master Logic Diagram. QRAS has a Mission Timeline module to contain data on subsystem run times (start and stop times), which can be adjusted to changing mission profiles. Timing data is used in other parts of QRAS to calculate failure probabilities (and future dynamic enhancements of the tool will also depend on this timing feature). As another engineer-friendly feature, |
 |
 |
QRAS facilitates the construction of Event
Sequence Diagrams (ESDs), which logically describe the
“scenarios” in which initiators can lead (through a set of
intermediate or pivotal events) to undesirable end states, such as
catastrophic failure, including the success or failure of pivotal events,
which may represent parts of a fail-safe design or even emergency
procedures. QRAS enables users to further develop the initiators and
pivotal events in terms of contributing causes (basic events) using fault
trees. Graphical interfaces are provided to built the fault trees
which are then logically linked according to the EDS models. QRAS accommodates initiators, pivotal events, and their contributing basic events quantified in a variety of ways, including: failure probability point estimates with uncertainty bounds; failure probabilities which are functions of multiple physical variables such as temperature, pressure, etc.; standard reliability functions selected by the user and supplied by QRAS; and limit-state functions which support failure probability determinations in cases such as classical stress-strength interference. |
| QRAS’ fault tree performance is
impressive, including fast, exact solutions (no rare event approximations or other short cuts employed in all other PRA computer codes). One of the particularly notable, advanced features of QRAS is its capability to handle system dependency and model “common cause” failures within an ESD through the designation and construction of Common Cause Groups that include applicable fault tree basic events. QRAS automatically generates conventional event trees for the risk scenarios, as well as the minimal cut sets of system fault trees and ESD end states. |
 |
 |
Nearing the end of the PRA process, QRAS aggregates ESD end state probabilities (using Monte Carlo simulation) to produce intermediate and/or top-level end state (e.g., catastrophic failure) probabilities and their uncertainty bounds. Among the results is a prioritization of the “risk drivers” (i.e., the initiators that contribute the most risk to the system). Finally, QRAS has a sensitivity analysis (or “what if?”) module that allows the user to modify input data and/or the modeling (modifications could include replacement of subsystems with what is known or expected from proposed upgraded subsystems, addition/deletion of failure modes, changes to failure probabilities and/or their uncertainty bounds, etc.) and re-run it to obtain the change in risk from the baseline. |
2. Which subsystem failure modes contribute the most risk to an engineered system? The answer could be the basis for identifying possible system upgrades.
3. If we could redesign subsystem A to eliminate a particular failure mode, what would be the benefit in decreased system risk? The answer could be compared to the risk benefits (and associated cost) of redesigning subsystem B.
4. If we could redesign subsystem A to reduce the probability of failure due to a particular failure mode by X percent (e.g., 50 percent), what would be the benefit in decreased system risk? The answer could help judge the total risk benefit of a proposed subsystem redesign.
5. If we change the failure probability/uncertainty of failure mode A, how does that affect the bounds on the risk of system catastrophic failure? If our uncertainty about the failure probability of a particular initiator has a significant affect on our confidence in the system under assessment, that uncertainty can be improved, perhaps through additional testing or more detailed analysis to improve our state of knowledge.
