Introduction

Fault tree analysis (FTA) is a powerful and widely used technique for evaluating safety, performance, reliability and risk analysis for a system. From a risk assessment approach, FTA can be presented as a logical block diagram starting from the top event (TE) and then developed for a specific system to explore the logical relationship between the causes and occurrence of basic events (BEs). FTA uses the probability of BEs and employs Boolean algebra to determine the probability of TE [1, 2]. While dynamic fault trees (DFT) are known as the most common extension of the conventional FTA, in recent years, fuzzy FTA (FFTA) has emerged as another popular extension [3]. Zadeh [4] introduced a fuzzy set theory to cope up with the data shortage in the conventional probability theory, which is insufficient in signifying all kinds of uncertainties based on the unpredictability of human performance as well as ambiguities of the system phenomena [5]. Therefore, the fuzzy set theory can deal with the uncertainties and can be considered as an extension of the conventional set theory [6, 7].

In FFTA, the assessors use linguistic terms to evaluate the BEs in a regular way and subsequently the failure possibility can be estimated with respect to the membership function. Numerous applications of FFTA have shown that it is capable of handling ambiguities and data shortage which may exist in the real safety system engineering [8,9,10,11,12,13]. In addition, ambiguity is a huge challenge to a variety of strategic decisions including FTA which may increase the occurrence of major accidents [14].

To deal with ambiguities and the shortage of data in conventional FTA, extensive studies have been performed employing the fuzzy set theory in different areas such as management application, medical treatment, and engineering among others [15]. In recent years, Celik et al. [16] and Lavasani et al. [17,18,19] have used triangular and trapezoidal fuzzy numbers to compute the failure probability (FP) of TE with respect to expert judgment in different chemical industries. In addition, Yazdi et al. [20, 51, 58, 67] utilized the similarity aggregation method (SAM) in terms of fuzzy set theory to compute the FP of granule storage tank. Ferdous et al. [21] used computer-aided fuzzy fault tree analysis. Shi et al. [22] studied fuzzy FT assessment to analyze fire and explosion accidents for steel oil storage tanks. Furthermore, Chan and Wang [23] employed FFTA for fire and explosion of crude oil tanks and Liu et al. [24] utilized fuzzy FTA in order to prepare an emergency response planning. A peculiar study has been performed recently, which estimates the risk at LPG refueling stations using an integration of Fuzzy FTA method and expert opinions dealing with data shortages [25].

All earlier studies have used different fuzzy tools for fuzzification, aggregations and defuzzification procedures as per the fuzzy capabilities for their purposes. To the best of our knowledge, no study has so far compared different fuzzy tools in the FFTA. Therefore, the objective of this study was to propose a novel approach to perform risk analysis in a more consistent way under uncertainty conditions and employ different types of fuzzy tools for the comparison of results. In the proposed approach, FT is used for qualitative analysis to identify the root cause of the hazardous event and the fuzzy set theory along with an expert judgment is used for obtaining the failure data of BEs of the FT. The proposed methodology was applied for risk analysis of the BP refinery accident that took place in 2005. The results thus obtained are also compared with the results of the BP investigation report.

The main contribution of this study is provided as follows. In next section, a new framework based on fuzzy set theory is introduced to compute the FP of TE. A numerical example is presented in subsequently to indicate the feasibility and effectiveness of the proposed model. Finally, the discussion and conclusion are described in last section.

Material and Methodology

This section gives a brief overview of the methodology (in four steps) which is illustrated in Fig. 1.

Fig. 1
figure 1

Proposed framework for probabilistic risk analysis

Full size image

Hazard Analysis

The hazard and operability study (HAZOP) is an important structured and systematic technique widely used to identify and evaluate hazards (that may affect the safety performance of a system in progressive phases) in chemical process plants. In other words, HAZOP is a systems analytical tool for understanding how deviations from correct operation may occur and identifying possible measures to deal with the causes [26,27,28]. Therefore, in the present work, HAZOP was used to identify significant potential process hazards of a chemical process plant. The likelihood and severity of the determined potential hazards were allocated, and their related risks were specified using American Military Standard (MTL-STD–882). A qualitative classification of the identified risks is provided at the end.

Fuzzy Probabilistic Risk Analysis

The construction of an FT always starts with a specified TE placed atop the tree with the rest of the tree constructed downwards. The TE generally indicates an accident that can cause asset loss or safety hazards [29]. In order to complete a tree, BEs that are denoted as the lowest level of the tree (leaves) should be known. In an FT, BEs are widely considered statistically independent and exist possibly in two binary states (failed and non-failed) and the relationships between them are commonly represented by the means of AND-gates and OR-gates [30]. Once an FT is established, it can be analyzed quantitatively as well as qualitatively. In the quantitative evaluation, the probability of TE is demonstrated based on the occurrence probability of BEs, while in the qualitative assessment, Boolean algebra is used to derive the probability of TE in terms of combinations of BEs [3, 21]. To compute the probability of TE in a quantitative analysis, following conventional assumptions and mathematical operations can be performed:

$$P_{\text{OR}} = 1 - \mathop \prod \limits_{i = 1}^{n} \left( {1 - P_{i} } \right)$$
(1)
$$P_{\text{AND}} = \mathop \prod \limits_{i = 1}^{n} P_{i}$$
(2)

Three methods including extrapolation, statistical, and expert judgment can be employed to estimate the probability of BEs with unknown/limited failure data [13]. An extrapolation technique, based on employing estimation approach, is applied to the standard reliability data source, and a statistical technique is followed by the examination of data in a direct way to compute the probability of an event. The expert judgment method can be engaged to estimate the probabilities with respect to the experts’ opinions. In this study, the expert judgment method, as a scientific consensus approach, was utilized to compute the probability of BEs. Therefore, the integration of fuzzy set theory and subjective opinions to cope with any possible ambiguities can help the assessors [31]. The quantitative analysis of the probability of each BE and subsequently TE is an important challenge and depends highly on the quality of expert knowledge on the specific system and the related accurate data including the probability of ambiguous BEs or the interdependency between them [32].

In FTA, there are many important measures available to determine the relative importance of each BE in terms of their impact on the occurrence of TE [27, 33]. Thus, looking at the probability value of TE alone is not sufficient enough for further actions. In order to improve the safety performance of a system in a chemical process plant, the critical BEs should be recognized and corresponding corrective measures should be implemented within a limited span of time and budget [34]. In this study, a structural importance based on ranking failure probabilities was used. The risk reduction worth (RRW), as the highest increase in the system reliability, is obtained as a ratio of the actual TE probability to the TE probability, when \({\text{BE}}_{i}\)is replaced with BE that can never occur [35, 36]. This analysis examines how the results of a computation or model vary as individual assumptions are changed. Furthermore, it can help the assessors to understand the dynamics of the system.

Fuzzy Integrated Approaches

The fuzzy set theory is used throughout, in the literature cited, in order to aggregate the experts’ opinions to cope with the possible uncertainty in the failure data. An important point in the fuzzy set theory is considering how to quantify the qualitative index [37]. The subjectivity should be avoided in order to get more reliable results.

A simple averaging method having criteria such as age, personal experience, job tenure, and education level is considered in the literature for expert weighting, which does not show a high objectivity [17,18,19,20, 38, 39]. Therefore, the subjectivity issues can be overcome using an extension of the fuzzy analytic hierarchy process (FAHP).

The conventional AHP is a well-known method commonly used in the multi-criteria decision-making problems. However, it cannot deal with the subjective knowledge due to which FAHP has been developed to solve the AHP problems [40]. In other words, the main purpose of AHP is collecting expert opinions though conventional AHP cannot reflect human thinking. Several FAHP techniques have been proposed in the past decades with the two most important ones being introduced by Buckley [41] and Chang [42] which use trapezoidal and triangular fuzzy membership function respectively for pairwise comparison scale.

In this study, an extension of Buckley’s method was used for weighting the experts due to the limitations of other techniques such as all fuzzy comparison matrices cannot be completely used. Further, in Buckley’s method, illogical zero weight may also be obtained for the selection criteria [23].

So far, the weight of each expert is computed in a more reliable way based on their knowledge and backgrounds. Therefore, the computed weights are vital in order to represent the relative superiority of the employed experts [22, 43,44,45]. Next step introduces an approach based on fuzzy set theory to transfer linguistic expert opinion possibilities into fuzzy probability to aggregate their opinions into a crisp probability value.

The aggregation procedure of expert judgment in the fuzzy logic system is divided in three steps as follows.

  • Step 1 Obtaining linguistic terms of each BE based on expert judgment

  • Step 2 Converting linguistic terms into fuzzy corresponding numbers

  • Step 3 Converting fuzzy numbers into fuzzy possibility scores (FPS)

Step 1 The purpose of step 1 is to collect the failure probability of BEs based on linguistic terms expressed by the concerned industry experts. In this regard, several experts were consulted and they were sent a questionnaire (by email) to judge the failure probability of BEs. In this way, experts are more relaxed to express their opinions in linguistic terms compared to the numerical scale [46]. The linguistic terms in order to represent the probability of BEs were provided in seven categories: very high (VH), high (H), fairly high (FH), medium (M), fairly low (FL), low (L), and very low (VL). These categories are selected based on Saaty’s study which discussed that the proper number for expert judgment at a specific time is between five and nine. In other words, the common capacity of the human memory is seven plus-minus two chunks [47].

Step 2 There are many applications of fuzzy set theory dealing with uncertainties and inaccuracy of expert judgment in linguistic terms such as triangular, trapezoidal, intuitionistic, and Gaussian fuzzy membership function [48, 49]. The guarantee of the best membership function is based on realistic circumstances [50]. From the literature, triangular and trapezoidal fuzzy membership functions (see Fig. 2) are found to be more effective [17, 18, 38, 51,52,53] and are therefore used to map linguistic opinions to fuzzy membership function. The reason of using these two types of fuzzy numbers is that under some weak assumptions, the defined membership functions directly fulfill the appropriate optimization criteria [54].

Fig. 2
figure 2

Fuzzy membership functions including both triangular and trapezoidal

Full size image

So far, we see that the corresponding fuzzy number of each linguistic term is formed. Next, it is necessary to aggregate subjective opinions of experts regarding the identified BEs into a single opinion. Various techniques are available in the literature to aggregate experts’ opinions including linear opinion pool, max–min Delphi, sum-production, max–product, and similarity aggregation [37, 55, 56]. However, Liu et al. [24] discussed that there is no way to show which method is superior to the other. Here, two most common aggregation procedures, sum-production method and similarity aggregation method, are employed in order to make a comparison between them including sum-production method [22] and similarity aggregation method [55] which are provided in details as follows.

Sum-Production Method

The sum-production method, which is used in this study for aggregation process, is represented as follows.

$$Z_{i} = \mathop \sum \limits_{j = 1}^{n} w_{j} \otimes f_{ij} ,\quad i = 1,2, \ldots , m\quad j = 1,2, \ldots ,n$$
(3)

where \(Z_{i}\) denotes the aggregated fuzzy number for BE i, \(w_{j}\) represents the weight of experts j, and \(f_{ij}\) is corresponding fuzzy number of BE i given by expert j. n and m are the number of experts and BEs, respectively.

Similarity Aggregation Method

  1. 1.

    Computing the degree of similarity (degree of agreement). \(S_{uv} \left( {\tilde{R}_{u} ,\tilde{R}_{v} } \right)\) is defined as opinions between each pair of experts \(E_{u}\)and \(E_{v}\). According to this consideration for \(S_{uv} \left( {\tilde{R}_{u} ,\tilde{R}_{v} } \right)\) when \(\tilde{A} = \left( {a_{1} , \, a_{2} , \, a_{3} } \right)\) and \(\tilde{B} = \left( {b_{1} , \, b_{2} , \, b_{3} } \right),\) are two standards triangular fuzzy numbers, then the degree of agreement function of S is defined as:

    $$S\left( {\tilde{A},\tilde{B}} \right) = 1 - \frac{1}{J}\mathop \sum \limits_{i = 1}^{J} \left| {a_{i} - b_{i} } \right|$$
    (4)

    When \(S\left( {\tilde{A},\tilde{B}} \right) \in \left[ {0, \, 1} \right]\), the greater value of \(S\left( {\tilde{A},\tilde{B}} \right)\) is the best similarity between two fuzzy numbers of \(\tilde{A}\)and \(\tilde{B}\). Moreover, the amount of \(J\) is 3 and 4 for triangular and trapezoidal fuzzy numbers, respectively.

  2. 2.

    Next, computing the average of agreement (AA) degree \({\text{AA}}\left( {E_{u} } \right)\) of the expert’s opinions.

    $${\text{AA}}\left( {E_{u} } \right) = \frac{1}{J - 1}\mathop \sum \limits_{{\begin{array}{*{20}c} {u \ne v} \\ {v = 1} \\ \end{array} }}^{J} S\left( {\tilde{R}u,\tilde{R}v} \right)$$
    (5)
  3. 3.

    Computing the relative agreement (RA) degree, \({\text{RA}}\left( {E_{u} } \right)\) of the experts.

    $$E_{u} \left( {u = 1,2, \ldots ,J} \right)\quad {\text{as}}\quad {\text{RA}}\left( {E_{u} } \right) = \frac{{{\text{AA}}\left( {E_{u} } \right)}}{{\mathop \sum \nolimits_{u = 1}^{J} {\text{AA}}\left( {E_{u} } \right)}}$$
    (6)
  4. 4.

    Estimating the consensus coefficient (CC) degree, \({\text{CC}}\left( {E_{u} } \right)\) of expert’s opinions, \(E_{u} \left( {u = 1, 2, . . ., j} \right)\).

    $${\text{CC}}\left( {E_{u} } \right) = \beta \cdot W \left( {E_{u} } \right) + \left( {1 - \beta } \right) \cdot {\text{RA }}\left( {E_{u} } \right)$$
    (7)

    where \(W\left( {E_{u} } \right)\)is the weight of each expert and the term \(\beta\) is nominated as a relaxation factor of the offered procedure due to \(\beta (0 \le \beta \le 1)\). It illustrates the importance of \(W(E_{u} )\) over \({\text{RA}}(E_{u} )\). When \(\beta = 0\), no weight has been given to it by experts and thereby a homogenous group of experts should be employed, whereas when \(\beta = 1\), it signifies that the consensus degree of an expert is equal to its importance weight.

In Hsu et al.’s study, it is recommended that the consensus coefficient of each expert is better known when the comparative competency of each expert’s opinion is estimated. Thus, it has an important part for the decision maker to allocate a proper amount of \(\beta\) [57]. However, the result of Yazdi et al. [58] represents that the \(\beta\) coefficient is not sensitive to fuzzy multiple-attribute decision making which is applied on failure modes of aircraft landing system and the best value of \(\beta\) to cover both sides is 0.5.

  1. 5.

    Finally, the aggregated result of the experts’ judgment \(\tilde{R}_{\text{AG}}\) could be found out as follows.

    $$Z_{i} = \tilde{R}_{\text{AG}} = CC\left( {E_{1} } \right) \otimes \tilde{R}_{2} \oplus CC\left( {E_{2} } \right) \otimes \tilde{R}_{2} \oplus \cdots \oplus CC\left( {E_{m} } \right) \otimes \tilde{R}_{M} \quad i = 1,2, \ldots , m$$
    (8)

    where above all-mentioned equations, sign \(\oplus\) is fuzzy addition and \(\otimes\) is fuzzy scalar multiplication operator. Additionally Kaufmann and Gupta [59] represented that the fuzzy operations of trapezoidal fuzzy member are trapezoidal fuzzy member.

Step 3 FPS denotes a crisp value which is based on experts’ opinions aggregation for any possible event. In order to defuzzify a quantifiable outcome in the fuzzy set theory, many common techniques are available. Among them, the center of Area (CoA) and max–min approaches are more popular. The details of the computation for defuzzification procedure for both techniques are provided as follows.

Center of Area (CoA)

CoA mathematically represents in Eq 9.

$$X^{*} = \frac{{\smallint \upsilon_{i} \left( x \right)x{\text{d}}x}}{{\smallint \upsilon_{i} \left( x \right){\text{d}}x}}$$
(9)

where X* = defuzzified output; \(\upsilon_{i} \left( x \right) =\) aggregated membership function; x = output variable.

Equation 9 can be engaged to both trapezoidal and triangular fuzzy numbers, and it is shown as:

Defuzzification of triangular fuzzy number \(\tilde{A} = \left( {a_{1} , \, a_{2} , \, a_{3} } \right)\) is:

$$X^{*} = \frac{{\mathop \smallint \nolimits_{{a_{1} }}^{{a_{2} }} \frac{{x - a_{2} }}{{a_{2} - a_{1} }}x{\text{d}}x + \mathop \smallint \nolimits_{{a_{2} }}^{{a_{3} }} \frac{{a_{3} - x}}{{a_{3} - a_{2} }}x{\text{d}}x}}{{\mathop \smallint \nolimits_{{a_{1} }}^{{a_{2} }} \frac{{x - a_{2} }}{{a_{2} - a_{1} }}{\text{d}}x + \mathop \smallint \nolimits_{{a_{2} }}^{{a_{3} }} \frac{{a_{3} - x}}{{a_{3} - a_{2} }}{\text{d}}x}} = \frac{1}{3}\left( {a_{1} + a_{2} + a_{3} } \right)$$
(10)

Defuzzification of trapezoidal fuzzy number \(\tilde{A} = \left( {a_{1} , \, a_{2} , \, a_{3} , \, a_{4} } \right)\) can be gained by Eq 11

$$\begin{aligned} X^{*} & = \frac{{\mathop \smallint \nolimits_{{a_{1} }}^{{a_{2} }} \frac{{x - a_{1} }}{{a_{2} - a_{1} }}x{\text{d}}x + \mathop \smallint \nolimits_{{a_{2} }}^{{a_{3} }} x{\text{d}}x + \mathop \smallint \nolimits_{{a_{3} }}^{{a_{4} }} \frac{{a_{4} - x}}{{a_{4} - a_{3} }}x{\text{d}}x}}{{\mathop \smallint \nolimits_{{a_{1} }}^{{a_{2} }} \frac{{x - a_{1} }}{{a_{2} - a_{1} }}{\text{d}}x + \mathop \smallint \nolimits_{{a_{2} }}^{{a_{3} }} {\text{d}}x + \mathop \smallint \nolimits_{{a_{3} }}^{{a_{4} }} \frac{{a_{4} - x}}{{a_{4} - a_{3} }}{\text{d}}x}} \\ & = \frac{1}{3}\frac{{\left( {a_{4} + a_{3} } \right)^{2} - a_{4} a_{3} - \left( {a_{1} + a_{2} } \right)^{2} + a_{1} a_{2} }}{{\left( {a_{4} + a_{3} - a_{1} - a_{2} } \right)}} \\ \end{aligned}$$
(11)

Max–Min

The maximum and minimum fuzzy sets are expressed as follows.

$$f_{\hbox{max} } \left( x \right) = \left\{ {\begin{array}{*{20}l} {x,} \hfill & {\left( {0 \le x \le 1} \right)} \hfill \\ {0,} \hfill & {\left( {\text{otherwise}} \right)} \hfill \\ \end{array} } \right.$$
(12)
$$f_{\hbox{min} } \left( x \right) = \left\{ {\begin{array}{*{20}l} {1 - x,} \hfill & {\left( {0 \le x \le 1} \right)} \hfill \\ {0,} \hfill & {\left( {\text{otherwise}} \right)} \hfill \\ \end{array} } \right.$$
(13)

Subsequently, the right and left scores of fuzzy set (Z) can be computed as follows, respectively.

$${\text{FPS}}_{\text{Right}} \left( Z \right) = {}_{ x }^{\sup } \left[ {f_{z} \left( x \right) \wedge f_{\hbox{max} } \left( x \right)} \right] = {\raise0.7ex\hbox{${\left( {1 - d} \right)}$} \!\mathord{\left/ {\vphantom {{\left( {1 - d} \right)} {\left[ {1 + \left( {d - c} \right)} \right]}}}\right.\kern-0pt} \!\lower0.7ex\hbox{${\left[ {1 + \left( {d - c} \right)} \right]}$}}$$
(14)
$${\text{FPS}}_{\text{Left}} \left( Z \right) = {}_{x }^{\sup } \left[ {f_{z} \left( x \right) \wedge f_{\hbox{min} } \left( x \right)} \right] = {\raise0.7ex\hbox{${\left( {1 - a} \right)}$} \!\mathord{\left/ {\vphantom {{\left( {1 - a} \right)} {\left[ {1 + \left( {b - a} \right)} \right]}}}\right.\kern-0pt} \!\lower0.7ex\hbox{${\left[ {1 + \left( {b - a} \right)} \right]}$}}$$
(15)

In addition, the relationship between left and right sides of fuzzy set (Z) is illustrated in Fig. 3.

Fig. 3
figure 3

Schematic computation of right and left FPS

Full size image

Therefore, the fuzzy possibility scores of fuzzy number \(Z_{i}\) can be obtained by the following equation.

$${\text{FPS}}\left( {Z_{i} } \right) = \left[ {{\text{FPS}}_{\text{Right}} \left( {Z_{i} } \right) + 1 - {\text{FPS}}_{\text{Left}} \left( {Z_{i} } \right)} \right]/2$$
(16)

Failure Probability of BEs, TE Probability and Critical Ranking

FPS are converted to failure probability using following equation proposed by Onisawa [60].

$${\text{Failure}}\,{\text{probability}} = \left\{ {\begin{array}{*{20}l} {1/10^{k} } \hfill & {{\text{FPS}} \ne 0} \hfill \\ 0 \hfill & {{\text{FPS}} = 0} \hfill \\ \end{array} } \right.$$
(17)
$$k = 2.301 \times \left[ {\left( {1 - {\text{FPS}}} \right)/{\text{FPS}}} \right]^{1/3}$$
(18)

In order to compute the probability of TE, Eqs 1 and 2 and Boolean algebra are utilized. In addition, RRW is applied to recognize the critical BEs.

Application of the Study: The BP (2005) Accident

The proposed methodology was applied to a catastrophic explosion accident that occurred in the British Petroleum (BP) refinery in March 2005. Following the explosion, the fire spread and caused the death of 15 people injuring another 180, led to significant economic losses (accounting to a staggering $1.5 billion) and was counted as one of the most severe US workplace disasters of the past two decades [61, 62]. BP [63] published a detailed investigation report on the accident. Few studies have explained the detailed process describing the accident [64], provided the dynamic risk assessment [65], suggested an application to improve mishap probability prediction [66], and analyzed system safety and risk [53] in the last decade. However, more studies are required in order to learn from such an accident which is vital in preventing similar accidents. As illustrated in Fig. 4, BP accident occurred during the restart of isomerization unit (ISOM). According to CSB [61, 62], the accident occurred due to a considerably high quantity of flammable hydrocarbon release from a blowdown drum and stack, which did not have a flare system. CSB investigation report showed that when the hydrocarbons released, it immediately formed a potentially flammable vapor cloud which possibly reached an ignition source that caused an explosion. It was also noted that an idling diesel pickup truck parked about 25 ft away from the blowdown drum could also have been a possible suspected ignition source [61, 62].

Fig. 4
figure 4

Schematic diagram of ISOM unit at BP accident (modified after Ferdous et al. [53])

Full size image

A HAZOP study was conducted by a related team of industrial and academic experts to recognize the most hazardous scenarios leading to the potential release of the flammable materials and for its implementation. The MIL-STD-88213 technique was applied to determine the risk of the studied scenarios. The results revealed the release of highly inflammable hydrocarbons as a potential scenario, which was suspected in the CSB [61] report. The results of HAZOP and MIL-STD-88213 are summarized in Table 1.

Table 1 Results of qualitative hazard analyzing using HAZOP and MIL-STD-88213 techniques
Full size table

As can be seen from Table 1, hydrocarbon release was selected as the highest risk scenario and critical event. Subsequently, the FT was constructed which is illustrated in Fig. 5. In this study, the proposed uncertainty-based FTA was accomplished to analyze the risk of the possible result of the BP accident. The implementation of the proposed uncertainty-based FTA can provide a chance to reinvestigate the BEs and possible pre-BEs to such accidents in the near future. Therefore, for this purpose, the possibilities of BEs have been elicited from experts’ judgments and both linguistic expressions and corresponding fuzzy set numbers, according to Fig. 2, are provided in Table 2. Using fuzzy AHP method, three experts were assessed on different criteria including education, job tenure, age, and experience. The first expert had a master degree in chemical process engineering and had been working as a process specialist in oil and gas industry over 10 years. The second expert had a bachelor degree in chemical fire engineering and had been working as a chemical process controller in a chemical production plant for more than five years, and the third one had a doctorate degree in process safety engineering field with experience in chemical process assessment and loss prevention of more than five years. Therefore, in order to get a reflection of their different backgrounds in the FFTA, the experts were assigned the following comparative weights: 0.48, 0.09, and 0.43, taking into account the fuzzy AHP output. The system of expert data and experts’ capabilities is provided in Fig. 6.

Fig. 5
figure 5

Fault tree diagram for hydrocarbon release (BP refinery accident—2005)

Full size image
Table 2 Identified causes for BP accident refinery and corresponding qualitative experts’ opinions
Full size table
Fig. 6
figure 6

Analytic hierarchy process index system

Full size image

Using the equations from Eqs 3 to 18, the probability of each basic event was computed by four different aggregation approaches (sum-production/CoA, sum-production/max–min, SAM/CoA and SAM/max–min). The Boolean logic expression of TE to compute its probability is given by Eq 19:

$${\text{TE}} = \left( {\left( {{\text{BE}}.1 \cap {\text{BE}}.2 \cap {\text{BE}}.3 \cap {\text{BE}}.4 \cap {\text{BE}}.5} \right) \cup \left( {{\text{BE}}.6 \cup {\text{BE}}.7} \right)} \right) \cap \left( {{\text{BE}}.8 \cup {\text{BE}}.9 \cup {\text{BE}}.10} \right)$$
(19)

Therefore, the probability of hydrocarbons release from the blowdown drum is given by Eq 20:

$$P_{\text{TE}} = \left( {\left( {P_{{{\text{BE}}.1}} \times P_{{{\text{BE}}.2}} \times P_{{{\text{BE}}.3}} \times P_{{{\text{BE}}.4}} \times {\text{P}}_{{{\text{BE}}.5}} } \right) + \left( {P_{{{\text{BE}}.6}} + P_{{{\text{BE}}.7}} } \right)} \right) \times \left( {P_{{{\text{BE}}.8}} + P_{{{\text{BE}}.9}} + {\text{P}}_{{{\text{BE}}.10}} } \right)$$
(20)

Using Eqs 1, 2 and 20, the probability of TE in four different approaches was computed. The details of the result are provided in Tables 3 and 4.

Table 3 Probability of BEs employing sum-production/CoA and sum-production/max–min
Full size table
Table 4 Probability of BEs employing SAM/CoA and SAM/max–min
Full size table

In order to rank the critical BEs, RRW is applied (as a sensitivity analysis). In this context, input data are changed and subsequent changes in the new probability of TE are computed. This is repeated for a group of changes using either different values for the same parameter or having different parameters. In general, for a specific sensitivity analysis, only one parameter is changed at a time and is called a one-at-a-time sensitivity study [18, 67]. This technique is used here to confirm the sensitivity of the proposed approach. As mentioned in “Fuzzy Probabilistic Risk Analysis” section, the inverse RRW can be computed by re-quantifying the probability of each BE which is given by setting \({\text{BE}}_{i}\) to 0. Based on Boolean logic, it seems that the elimination of BEs, which have the highest contribution to the happening of TE, should reduce the probability of TE more than the elimination of the rest of BEs. The results of sensitivity analysis in ranking the critical BEs are provided in Tables 5 and 6.

Table 5 Result of SA according to sum-production/CoA and sum-production/max–min
Full size table
Table 6 Result of SA according to SAM/CoA and SAM/max–min
Full size table

Conclusions and Discussion

CSB [62] investigated a number of root causes of the BP accident. Often, identifying the important causes of the accident and drawing their corresponding FTs were done, as represented in Fig. 5. According to the literature and two investigation reports, the fundamental causes of accident were based around poor design, inadequate operating practices and highly deficient management processes, safety cultural issues at the highest level of the company and mechanical component failures were identified as important factors causing the accident. Since the probability of the most inputted BEs was ambiguous in the FT, conducting risk analysis under uncertain conditions was a big challenge. In this study, using expert judgment based on fuzzy set theories to apply FTA was considered the basis in order to reduce the ambiguities. The four different commonly used approaches to aggregate experts’ opinions in fuzzy environment have been described in the article along with their results. In addition, to illustrate the effectiveness of the proposed FFTA, a case study of the BP accident was undertaken to analyze the comparable approaches which included sum-production/max–min, SAM/max–min, sum-production/CoA and SAM/CoA. Tables 3, 4, 5 and 6 present the ranking results of all 10 BEs as obtained using these approaches.

As shown in Table 3, the probability of TE is the same in sum-production/max–min and SAM/max–min approaches but different in the others. While comparing sum-production/CoA with SAM/CoA, it comes out that the probability is nearly twofold. As mentioned earlier, in order to improve the safety performance of a system, critical BEs should be discovered. The probability values should not be the only factors to be considered for this because the concept of probability does not guarantee when a specific event happens in time. In other words, if the probability of TE is estimated as 0.9999, there is no guarantee of its occurrence. It may not occur even in 10 years time or more since TE is expected to occur at least once in a year.

The sensitivity analysis was carried out to find the critical BEs and validate the performance of the approaches according to the information provided in Tables 3 and 4. As shown in Tables 5 and 6, BE.7 (pump fails) has the highest contribution to the TE occurrence probability. Therefore, it ranks first in sum-production/max–min and SAM/max–min approaches and second in sum-production/CoA and SAM/CoA approaches. While CoA as a defuzzification technique was used to combine sum-production/CoA and SAM/CoA approaches, the results indicated that BE.9 and BE.7, respectively, contributed majorly to the most occurrence of the accident. On the contrary, when the max–min technique was used, BE.7, BE.6, and BE.9 with the fourth rank played the most significant role in the occurrence of the accident. In other words, unlike the aggregation approaches, the defuzzification techniques have a direct and considerable effect on the selection of the most critical BEs. In addition, this finding was consistent with previous studies such as the BP report [62].

It is obvious that selecting a proper approach, which is both less time consuming and carries low computationally difficulty, has high importance. Additionally, the output of the approach employed should be reliable. In this context, the similarities between the four different proposed approaches (in terms of RRW ranking) are given in Fig. 7. It shows that only sum-production/CoA approach is similar to the approaches SAM/max–min, sum-production/CoA and SAM/CoA by at least 60 percent. The rate of similarity between all the other approaches is less than 60 percent except for the approaches sum-production/max–min and SAM/CoA which are exactly (100 percent) the same. In other words, max–min technique is not sensitive despite having different fuzzy set values. Moreover, sum-production is less complex than the SAM technique. Therefore, in terms of computational complexity, reliability and time spent on computation, the sum-production/CoA approach is superior to other approaches.

Fig. 7
figure 7

Similarities of four different proposed approaches

Full size image

In recent years, a Bayesian network (BN) methodology has been proposed and used to overcome the major disadvantages and limitations of the proposed integrated approaches, which are the inability to update the risk during the life cycle of the process and ignoring the dependency among basic events [2, 34, 68, 69].

FFTA is a fairly new tool for risk analysis and safety assessment of a system. Uncertainties as input data in FTA are critical challenges and major concerns which have not been completely identified in a risk assessment study. In addition, it can mislead the decision-making process so much that it leads to completely untreatable results. In order to reduce uncertainties, such as mitigation process in risk assessment, four fuzzy-based approaches along with a sensitivity analysis (RRW) were developed for FTA. The proposed approaches were applied to the incident of the BP refinery accident, and their results were compared with each other and found to be in good agreement with the BP report.

For any system, the features which ensure safety using the mentioned approaches for risk assessment under uncertainties conditions are given below:

  • A fuzzy-based approach is a proper technique to cope with the subjective uncertainties associated with experts’ judgments.

  • The proposed approaches can be applied for risk assessment and safety analysis on any system having shortages of input data.

  • Employing related experts to a specific industry offer an alternative to cope with shortages of data and the lack of information about the system. Fuzzy aggregation procedure can reduce uncertainties by providing consensus knowledge.

  • Sensitivity analysis recognizes the critical BEs which have a high contribution in the occurrence of TE. It represents the priority of all BEs for further actions including elimination and control procedures.

  • This study (based on a specific case study) shows that sum-production/CoA fuzzy integrated approach is more reliable, clear, suitable and uncomplicated in the safety and risk analysis.