risk analysis and the decision-making process in engineering

RISK ANALYSIS AND THE DECISION-MAKING PROCESSIN ENGINEERING

MAUR ICIO SANCHEZ-S ILVA

1. INTRODUCTION

The development of any kind of engineering facility requires, at some stage, to makedecisions, and a thorough consideration ofthe context within which these decisions are

made. In engineering, there is always the chance that unintended consequences mightoccur. Co nsequently, there is a permanent search for measures to assess the marginbetween the capacity of an engineered facility and the demands upo n it. Since boththe demand and the capacity cannot be described accurately, modeling and managingthc uncertainty is paramount. Th is chapter presents a discussion on the relationship be-tween risk analysis and decision making. Furthermore, a general framework in whichrisk analysis is considered as the main tool for the decision-making is proposed. Spe-cial emphasis is given to optimization as a fundamental tool for supporting assertivedecisions.

2. THE NEED FOR RISK MANAGEMENT

The reason for the existence of engineering is to provide better and efficient meansto improve the quality ofl ife. Therefore, for any engineering project to be successful,it is necessary to estimate all possible future scenarios and make the appropriate con-siderations in the planning, design, construction and operation stages. Some scenarioscannot be foreseen at all, and those who can be predicted might be difficult to model.If an unexpected event occurs, engin eerin g and society cannot do much; as stated byPlato: "How can I know what I do not know?" However, regarding the events we can

297

298 Mauricio Sanchez-Silva

predict, our responsibility is to find technical requirements that balance safety and cost,in order to be included in design and construction specifications. It is in the meaning ofthe word balance where the decision making process and risk analysisbecome relevantand risk analysis relevant. Besides, appropriate decisions should also take into accountthe context and the preferences of the person or institution that makes this choice.Within this required balance, safety is related to avoiding losses of any type, e.g.

economic, human, and environmental. Cost is referred to as the value of such lossesfor an individual, an institution or for society as a whole. Value is defined as theproportion of the satisfaction ofneeds divided by the use of resources. In other words,value is proportionate to quality divided by cost. Thus, the main quandary is: howmany resources is someone willing to invest in safety given that they are limited?The answer lies in one of the most interesting and difficult fields in engineering, riskacceptability (section 6). The paramount importance of this concept is that it defmesthe way the economy and social welfare evolves. Although it is not evident for manyengineers, behind any regulation, e.g., code of practice, there is a whole frameworkwhich determines our life.

3. RISK

Haimes (1998) defines risk asameasure ofthe probability and severity ofadverse effects.Harr (1987) defines it as the lack ofability of the system to accommodate the imposeddemands placed upon it by the sponsor, the user and the environment. More specifically,Melchers (1999) defines the term risk in two ways: 1) the probability of failure of asystem from all possible causes (violation oflimit states); and 2) the magnitude of thefailure condition, usually expressed in financial terms. These definitions of risk arecommonly used in specific engineering problems called "hard systems" which tacklewell-structured systems engineered to achieve a given objective (Checkland, 1981). Acommon and widely used definition of risk is in terms of the expected value ofa givenlevel oflosses (i.e. cost):

II

Risk = E(L) = LP(L;)L;i=l

(1)

where L is the loss (i.e. measure of the consequences) of the system for a given failurescenario i; P(L i ) is the probability ofoccurrence ofsuch a loss; and n the total numberofscenarios considered. For instance, the risk, or the expected lossesin a city, might bedescribed as the losses caused by an earthquake multiplied by the probability of havingsuch losses in case of an earthquake, plus the losses caused by landslides multiplied bythe probability of having such losses in case oflandslides, and so forth.Note that p (L i ) in equation 1, not only refers to the probability of occurrence of

the trigger event (e.g. earthquake), but to the occurrence of any scenario i. Detailedrisk analysis should consider the immediate and long-term consequences, as well asthe changes in the probability assessment in time (Blockley and Dester 1999). Thedefinition ofwhat is "high" or "low" risk depends upon the context and the decisionto be made (section 6).

Risk analysis and the decision-making process in engineering 299

The probability oflosses in a given scenario (equation 1) (e.g. caused by earthquakes)can be expressed as (Sanchez-Silva, 2001):

m

p(Li) = L p(Li I Aj)p(Aj)j=l

(2)

where p(L; I A j ) is the probability of a loss level L; given that the event A j has oc-curred; and p(Aj ) is the probability of Ai- Events Aj are defined by the context of theproblem and can describe, for example, different intensities of the same phenomenon.Then, following the previous example, the probability of having losses due to earth-quakes is the sum of the probability of having a level ofloss due to earthquakes giventhat an earthquake of intensity I = 4 has occurred, multiplied by the probability ofhaving an earthquake of intensity I = 4, plus the probability of having a loss giventhat an earthquake of intensity I = 5 has occurred, multiplied by the probability ofhaving an earthquake of intensity I = 5, and so on.Therefore, in its general form risk can be described as:

Risk = E(L) =t [~P(Li I Aj)P(A;)] t; (3)Probability assessmentdepends highly on the definition oflimit states,which in turn,

is highly related to the model ofthe system. The probability oflosses (i.e. probability offailure, pf) depends upon the relationship between the demand (D) and the capacity(C) of a system, and it can be described in terms of the limit state function, g (D, C),as:

Pf = p(g(D, q :::: 0) (4)

Reliability theory states that in its general form, failure probability can be computedas:

(5)

where f xCx) is the joint density function of the state variables of the system and D theunsafe region. A detailed discussion on the mathematical aspects of equation 5 can befound in Harr (1987), Kottegoda and Rosso (1997), and Melchers (1999).Blockley (1992) argues that a dependable risk analysis requires the complete identi-

fication and assessment of all unwanted possible futures for computing the probabilityAlthough many of them can be identified, risk assessment can only be carried out overa small number of future scenarios, which are technically foreseeable. In other words,risk analysis may be a limited guarantee ofa proper description of possible future sce-narios, especially when those possible futures are difficult to predict. Therefore, theanalysis should focus on hazard. However, that is not to say that a risk analysis does not


provide useful information, but that it is information which is an input into an overallanalysis.Blockley (1992) proposes a definition of risk slightly different from traditionalengineering approaches but more general:

"risk is the combined effect of the chances of occurrence of some failure or disaster and itsconsequences in a given context".

This definition considers three important factors: probability, consequences and con-text, which are the key for a dependable risk analysis and have been widely discussed(Blockley 1992, Sanchez-Silva et al. 1996, and Elms(Blockley 1992)). The value ofthis definition is that it is robust enough to be used in the analysis of diverse situationssuch as natural risks and industrial safety.

Frequently, vulnerability functions are combined with hazard data in order to esti-mate the probable distribution of losses for all possible events in a given time periodto determine the risk (Coburn and Spence, 1992). For instance, in earthquake engi-neering, risk is defined as "the probability that social or economic consequences of aspecific event will equal, or exceed, specified values at a site, at severalsites, or in an area,during a specified exposure time" (EERI, 1984). The way hazard and vulnerabilityfunctions are combined to obtain risk ismotive for continuous debate. An event can beconsidered a hazard, only if it is a threat to a system, and a system is only vulnerable if it

can be damaged by an event (i.e. hazard). There is a strong dependence between thesetwo concepts, and only in a few situations can hazard and vulnerability be assumed to

be independent variables. Therefore, risk cannot be evaluated just by multiplying thesefunctions because this implies an independant relationship. The term "convolution"is sometimes used as a way to describe the complex connection between hazard andvulnerability, but it does not have any meaning in the strict mathematical sense.On the whole, risk focuses on the identification and quantification of those factors

contributing to cause a loss of fitness for purpose (i.e. function) of a system.

4. DECISION-MAKING PROCESS

4.1. Basic concepts

Decision is a choice or a judgment that is made about something. When a decisionis required, the person or institution is faced with a set of alternative actions and theuncertainty about the consequences of all or some of these actions. The problem liesin deciding what the best possible action is. Usually, the best action is defined in termsof a rational decision strategy which is based only on the information available.Any engineering study is directed at providing information for decision making and

the decision is usually made by optimizing the objective function F 0:

aF(Xj , X 2 , , XII)-------=0 i=1,2, ... ,nax; (6)

F0 describes the decision criteria (e.g. cost) and Xi, the main variables involved in thedecision. In spite of the fact that there are a significant number of numerical methods


Decision 'ode Probability node Conse quences

I

Possible decisions

Figure 1. General structure of a decision tree.

Alternative actions

for solving equation 6, the applicability and scope of such an approach is limited

by the mathematical requirements and the nature of engineering problems. Makin gdecisions requires considerin g different types of information and evidence that cannotbe described within a single mathematical model. Therefore, several methods, such asevent threes (section 4.2), have been developed and are widely used in many differentengineering problems.

4.2. Decision trees

For problems related to engineerin g decisions, decision trees are a common alterna tivewhich is a convenient method to integrate graphic and analytic conce pts. In particular,the analytic component is based on conditional probabili ty and the Bayes rules. Deci-sion trees have a structure which is similar to an event tree. It is drawn by identifyingthe various possible decisions. Fur ther subdivisions of every possible decision presentalternative actions. Then, the final struc ture provides an overview of all possible actionsand consequences over which estimated probability of occur rence can be computed(Figure 1).Making decisions based on the probabilit ies at the end ofevery branch is not appro-

priate, since the nature of the consequences has to be considered. In other words, it isnot enough to make a decision based on a criterion such as maximum probability ofloss, but it is necessary to carefully consider the implications and possible consequencesof such a decision . This leads to define a criteria for selecting the best alterna tive amongall available. A criterion widely used for that purpose is the maximum expected value.It is based on the Von Newman and Morgenstern (1944) idea that any decision has


to be made based on the expected value; otherwise it will not be appropriate. It isimportant to mention that appropriateness does not mean success; it implies that givencertain conditions, this is the best option.The expected value analysis is possible only if all parties interested share the same

objectives and use the same attributes for making the decision (e.g. economic value).Thus, the best decision is:

[>II (" )]D=max ~Pi ~Xij (7)

where m is the number of alternative decisions, n the number of actions associated toevery alternative, Pi is the probability of every alternative and Xij the consequencesof action j asociated to alternative i.

Note that the expected value computed in equation 7 is the same conceptual ap-proach described in equation 1 to define risk.

Many other criteria have been defined for improving the selection of alternatives.For instance, the minimax strategy focuses on the minimum value of the maximum riskof every possible decision. Similarly, other approaches such as the maximin, maximaxor the Hwrlitz rule are also well known strategies. The mathematics on this matter hasbeen widely discussed in the literature. However, what is important is that there hasto be a way to select the best alternative rationally.

4.3. Defining utility criteria

Quantifying the result of every possible action is only possible if the decision criterionis "measurable". When the decision has to be made in terms of parameters difficult tomeasure, e.g. preferences, level of quality, comfort, danger, it is difficult to calculatethe expected value. An appropriate decision is the one that maximizes the expectedbenefits of the outcome, which are not necessarily economic, but might also be socialor personal.Inorder to solve this eventuality, a common approach to obtain quantifiable criteria

for decision making is through utilityJunctions. Utility functions are defined asa measurethe implications of the decision, for the decision maker, in an overall form. Utility isdefined as the true measure of value for the decision maker. Thus, a utility functionis a factious function which describes the relationships between the actual values of agiven decision.

Let us assume, for instance, that someone is facing the decision to take route A or Bto get to their work place in the morning. Route A is longer but less expensive, androute B is shorter but very expensive. The decision about what route to take dependsupon the values of the person who makes the decision. Ifhe/she prefers to get on timeto his office, route A is not an option. However, if cost is the main decision factor, thebest option is route A. On the whole, decision making is based on preferences; that is,on the utility or disutility function (figure 2).


Utilityfunctionu(x)

Higher 1.0preference

Lower 0.0Preference

Figure 2. Typical utility functions.

Risk -aver1Sion ., :::.::::.::::.:::.::: .

.., ."

Risk -affinity

Neutral to risk

Attribute(e.g. US$)

The choice of a suitable utility or disutility (i.e., loss) function is perhaps the mainproblem in the Bayesian approach and in defining the best alternative in a decision.There are many ways to define such functions; some are based on expert opinionsand others based on standard well known functions (e.g., exponential: a + b - yx,Logarirmic: a In(x + f3) + b, quadratic: a(x - 0.5 a x2) + b). The detailed discussionon this matter is beyond the scope of this chapter but has been widely discussed bymany authors.

Currently, utility functions are widely used for modeling decision processes whichmove away from pure technical problems. Within the context of applied engineering,utility concepts will continue developing and, in the future, it will take a more relevantrole in risk analysis and the decision making process.The discussion on risk (section 3) and the basics of decision making (section 4) will

be now integrated in the next section.

5. RISK-ANALYSIS BASED DECISION PROCESS

Decision-making is based upon a process ofcollecting evidence and developing modelsto combine this evidence. However, one of the main problems is that there is not awidely accepted notion ofwhat a "good" decision is. In risky decisions, the expectedbenefits or risks are not assured; on the contrary, they mayor may not occur. Therefore,uncertainty management becomes a key element in the process.The cyclic process of the interaction of a decision maker with the world has been

described by Blockley (1992) as a Riiflective Practice Loop (RPL) (Figure 3). In theRPL a decision maker perceives the world, reflects on it and takes a decision to act.According to Blockley and Dester (1999), the decision making process is driven by


Figure 3. Reflective practice loop, adapted from Blockley and Godfrey (2000).

expectation, which is the result of the perceived past, present and forecast rates ofchangefor outcomes and consequences. They also suggest that decisions should consider notonly whether there is a benefit, or a risk, but also their respective chances and thepotential for success or failure. Thus, a decision depends also on the opportunity andthe risk, understood as the relative chances of having a benefit or a loss, respectively. Inaddition, the potential for success or failure determines the concern of the decision-maker after considering the present situation in the light of the potential consequencesof his/her decision; this is a fundamental element for the fmal decision.Risk analysis is a decision tool and, as a consequence, cannot be abstracted from the

decision process. A decision process based on risk analysisusually connotes quantitativeassessmentsand therefore reliance on probability and statistics.Many authors, e.g., Angand Tang (1984), Kottegoda and Rosso (1997) and Haimes (1998), present and dis-cuss the most common quantitative and qualitative strategies for decision-making (e.g.decision trees, decision matrix, fractile method, etc.). However, risk-based decision-making methodologies do not necessarily require knowledge of probability. Throughrisk, the identification ofhazards, the definition and description offacilities, the assess-ment of the susceptibility to damage and the consequences of failure may be handledwithin a single framework, as discussed in the section 5.1.

5.1. General framework for integrating risk to the decision making process

The decision process consists ofdefining, analyzing, classifyingand ranking all possiblescenarios in terms of their likelihood and consequences, and to define an acceptancecriterion for selecting the best option. A complete strategy for using risk analysis


Identification and definition ofthe system

I ature of the decision problem

Risk analysis

Assessment of riskacceptability

Risk analysis based decis ion

Figure 4. R isk based decision process.

[

-FUnClion - (What it is for )

-Ele rnents and relat ionships-Boundaries/Conrexuli nvironrnent-Sysrems approac h ("Hard"rSoft")

[

-ObjCctivc of thc dec ision-Aspccts involved within the decision-Decision characteristics (i.c, limits, context )-Bencflt/Conscqucnccs of the decision

as part of the decision making process is present ed in Figure 4. In this process, theidentification and definiti on of the system, the nature of the decision problem , a riskanalysis strategy, the assessment of risk acceptability and the selection of an alterna tive(i.e., decision) are considered within a single framework .Th e identificatioll and dejinuion of the system focus on und erstanding the problem

as precisely as possible. It should be considered from a systemic point of view andmust include the definiti on of the boundaries, the elements and their relationships.In addition, other important aspects that are fundamental in the problem definition ,such as transformations, owners, players, client and resources, should also be consid-ered. An engineering system includes physical as well as organizational components,wh ich interact tightly to fulfill its function . Thus, the con text plays a significant part,and it has been argued that it is a key element in the definition of risk acceptabil-ity.

Wh at drives the decision is the need to move from a current state of affairs to a newstate of affairs. The motive of this process may be the result of the owner's decision orthe result of imposed needs by external conditions. Therefore, a clear understandingof the relationship between the function of the system and the implications of thescenarios resulting from the decision is required. The scop e and aims of the decision ,as well as the relationships between benefit/ consequences, oppor tunity/ risk and pre-paredness/hazard (Blockley and Dester, 1999), must be carefully listed, studied andrecorded.The risk analysis process, as described in Figure 5, rearranges and includes the con-

cepts of hazard, vulnerability and risk. System modelil1g concentrates on the functional


Natur8 oI 1h8decision problem

Risk Analysis

System modelling

.s r------------ - -- --.-.---.j~ I Probabilistic analysis of I

~ I failure scenarios I~I !. ~ I !~ i iSl! Analysis of consequences I..;c t_. ._.. .J

tAss6ssm8nr01riskacceptability

[ Functions/attribute s of system components Dependence relationships of components

[ Selection of the decision criteria:strength/ form! grounding! adaptability.

[

External factor (trigger event) Internal factor (precondition for the failure) Haza rd modelling characteristics.

[

Identify and define all failure scenarios. Look for scenarios related to the decision criteria. C lassify and rank scenarios on the bases of thedecision criteria.

[

Detailed probabil istic analysis for all scenariosdefined.

Check dependabil ity of the probabi listic models.

[

Evaluation of consequences by scenario. Consider technical/social/economic aspects. Qua ntification of the consequences

Figure 5. Risk analysis (follows from Figure 4).

relationships between system components and deals with the dependability of thecause-effect model. Modeling dependence between parameters and identifying theparameters' statistic model is paramount. The defmition ofassessment criteria (e.g. form,strength, grounding) is decided in terms of the function of the system, and it mightbe possible that more than one criteria is needed (Table 2). The identification of risk-generating hazards defines all the different sets of state variables which are preconditionsfor failure. They will be used later to describe the scenarios considered in the analysis.

Risk assessment requires the consideration of all possible future scenarios althoughthey might not all be easy to predict (Table 2). Not all future scenarios identified aretechnically foreseeable and may require the use of alternative assessment procedures.Uncertainty due to the difficulty of predicting scenarios must be an essential part ofthe decision process.

Each scenario requires a probabilistic analysis, not necessarily based on classic proba-bility, and a detailed consideration of the consequences. The probabilistic analysismustbe as complete as possible and has to manage carefully all factors related to the un-certainty: incompleteness, fuzziness and randomness. Quantitative parameters shouldbe estimated by using probabilistic methods or empirical evidence. They should notbe estimated on the basis of extrapolation beyond the limits of empirical data unless


Table 1 Basic concepts included in the risk analysis

Criteria Description

Assessment criteria Strength (i.e. the ability to cope with external demands) Form (i.e. its shape or pattern) Grounding (i.e, basis on which the model is founded) Adaptability (i.c, change to deal with new situations) Response capacity (i.e. ability to recover)

Characterisation of losses Costs of goods and services Economic effects (e.g. unemployment, low productivity) Deaths and Injuries (e.g. Fatality Rate) Health (e.g. illness, life expectance) Psychological factors (e.g. traumas) Environmental impact Quality oflife

Definition offailure scenarios Most likely Most frequent Maximum losses Expected recovery time

there is dependable evidence. Sensitivity analysis might be a very valuable tool for

estimating the effect of imprecision and uncertainties (Stwart and Melchers, 1997).The consequences must be viewed from a systemic perspective and must be consideredin terms of technical, social and economic aspects (Table 1). Immediate and long termconsequences must be also considered.Risk analysis should not search for precise solutions to the problem, but provide

relevant elements (i.e. evidence) for a decision. Thus, after all possible scenarios havebeen considered, enough evidence must have been collected for a decision. The levelof detail used for the risk analysis has to be considered very carefully for the relevanceof the decision. In fact, the level of detail of the analysis should not go beyond a limitwhere relevance and precision are mutually exclusive (Zadeh, L. A., 1965).The final criteria for the decision should consider the problem of acceptability oj

risk (section 6). It should be assessed on the basis of current risk levels (e.g. codeof practice) and expected changes. The acceptability of risk should be assessed withregard to explicit assessment of all relevant quantitative and qualitative characteristicsof the system. It should not be assessed on the basis of single-valued measures of risk.Alternatives for the decision must be evaluated with reference to the economic, legaland political context. Finally,a decision ismade, and further actions, such asmonitoringand review, have to be designed to ensure dependable long-term solutions.

5.2. Final remarks

To close this section it is important to stress that a good decision maker is not only aperson who has a good strategy and makes appropriate choices, but rather a person withthe ability to see the world clearly in a coherent picture. Blockley and Godfrey (2000)state that this clarity is simple but not simplistic and depends upon strong underlying


conceptual models. They also stress the concept of "wisdom engineering" and quote

Elms (1989),

"A wise person has to have knowledge, ethicalness and appropriate skills to a high degree.There also has to be an appropriate attitude, an ability to cut through complexity and to seethe goals and aims, the fundamental essentials in a problem situation and to have the will andpurpose to keep these clearly in focus. It has to do with finding simplicity in complexity. Morefundamentally it has to do with world views and the way in which the person constructs theworld in which they operate,which is to say, in engineering, that wisdomhasto do with havingappropriate conceptualmodels to fit the situation".

In summary, good decisions are strongly related to wisdom engineering.

6. ACCEPTABILITY OF RISK

Risk based decisions are not only about the best option in terms of measurable pa-

rameters (cost, utility, etc), they are also related to what a person, or group of people,

is actually willing to accept. Risk acceptance depends on complex value judgments,which consider both qualitative and quantitative characteristics of risk. Reid (Blockley

1992) argues that the acceptability of risk is determined by the need for risk expo-sure, control of the risk and fairness. For instance, a decision might be optimum, in amathematical sense, but the psychological, social or personal conditions may make that

option not viable. For instance, in tossing a coin, the probability ofwinning or losing,

is 50%. If people are asked how much they will bet, most people will bet 1 dollar,

fewer people will bet 50 dollars, only a few 100 dollars, and very few 1000 dollars.The shape of the function that describes the willingness to bet defmes the utility andthe aversion or affinitive functions described in section 4.3. It has been observed that,in general, people are risk averse.The definition of acceptable level of risk has always been a key issue in engineering

design. In reliability terms, this is related to the decision about whether the probabilityof a limit state violation is acceptable or not. However, the decision about acceptanceshould also include an assessment of the consequences of failure and the context

within which an unfavorable event might happen. Among the most common criteria

for making decisions about risk acceptance are: the comparison between the calculatedfailure probability with other risk in society, the definition of the ALARP (As LowAs Reasonably Possible) region, the calibration at past and present practice, and thecost-benefit analysis (Sanchez-Silva and Rackwitz, 2003).

In comparing calculated failure probability with other risks in society, special at-

tention should be given to the differentiation between individual and collective risks(Figure 6). An individual acts with respect to his/her needs, preferences and lifestyle.Thus, risk acceptance depends on the degree to which the risk is incurred voluntarily.Collective (public) risk is of concern for the government, or the operator of a tech-nical facility, who acts on behalf of society as a whole and is not concerned with the

individual's safety.Table 2 presents the main causes ofdeath in Colombia and the corresponding failure

probability obtained from the National Statistical Office (DANE, 2002). The values


Individuals

0 ~1O-6 ~1O-3 a 10-4 1.0

Not important Costlbenefit analysis Unacceptable

Society

0 ~1O-7 a 10-8 ~1O-5 a 10-6 1.0

NotImportant

Costlbenefit analysis Unacceptable

Figure 6. Risk perception for individuals and society (Pate-Cornell, 1994).

Table 2 Main causes of death in Colombia

Causes of death

Heart attackCancerRespiratory problemsDigestive system diseasesMalnutritionHomicideTraffic accidentDrowningFire

Number offatalities

5050426477169819280856226163108071152188

Annual probabilityof death

1,22 10-.16,37.10-4

4,09.10-4

2,23.10-4

2,06.10-4

6,20.10-4

2,60. !O-42,77.10-5

4,5310-('

presented in Table 2 vary significantly from country to country, in particular betweendeveloped and less developed, The effect of these differences is directly related to thelife expectancy ofa population, which is a concept that will be discussed in section 8.2-What is relevant in terms of the acceptability is the relation between actual annual

probability of death and peoples' perception. A representative statistical study was

carried out in Colombia's Capital, Bogota, over 1100 people with different socio-economical backgrounds in order to have a better knowledge of their perception ofrisk of death. The results were compared with those values obtained by the officialstatistics. The comparison was made in a normalized space for which different modelsrelating perception and actual failure probability values were calibrated. In Table 3the result of people's perception regarding the affinity to risk can be seen. It can beobserved that for most causes of death considered, risk-aversiveness is common.

In spite of the fact that this approach seems to be a "rational" way ahead, definingacceptable risk by comparing death rates of different activities within a society may bemisleading. Acceptability of risks varies with age, gender, socioeconomic conditions,

310 Maur icio Sanchez-S ilva

Table 3 Risk perception for Colombi a

Ca use of death R isk attitude

Trafftc acciden tHerat Atta ckEnf. RespiratoriasNatural disastersEn f. Sistema Di gestivoCa nce rFireMedical complicationsHom icideNervous systemAir accidentInfrastru cture damage/ collapseD rowningInfectionBrain dam ageMalnutrition

AversionAffinit iveAversionAversionAversionAfftnitiveAversionAversionAffinitiveAversionAversionAversionAversionAffinitivcAversionAffinirive

ot important

ii i i----~-..::-+_... _1 .I _

E!tremely high! ;1----1------Ii i'AiARP-r' ----1---00. - - - ----"'~--,+-_._-

I!

10.1

10-2

~1\1 10-3:::::>. 10-4oCU::l0" 10.5U...u,

10-6

10-7

10010 1,000

umber of fatalit ies, N

10,000

Figure 7. Defin ition of th e ALARP Region.

level of education, cultural background, available information , media influence , phys-iological aspects, and so forth.The ALARP approach defines a region ofacceptable values of probability of failure

in a plot of the occurrence probability of adverse events versus their consequences(Figure 7). It has been used widely in the industry as part ofHealth and Safety programs.Although this approach might be appealing, there arc significant difficulties in itsinterpretation , openness of decision processes, morality of actions and comparabilitybetween facilities (Melchcrs, 1999).


Calibration ofacceptable levels of risk at past and present practice has also been used

for defining target reliabilities. It is tacitly assumed that this practice is optimal althoughthis is not at all obvious. Rackwitz (2001) argues that despite this acceptability criterionis based on trial and error, it cannot give totally wrong numbers because of their longhistory. Nevertheless, analysis shows that there is great variation in reliability levels.

Finally, a reliability oriented cost-benefit analysis considers that technical facilitiesshould be economically optimal. However, the question of the economical value ofhuman life, or better, the question of how to reduce the risk to human life, cannotbe avoided. This approach has been recently updated by including the Life QualityIndex (LQI) as proposed by Nathwani et al. (1997), leading to the conclusion that riskacceptability from the public perspective is essentially a matter of efficient investmentinto life saving measures. This approach will be discussed in detail in section 7.2.

Acceptable risks for most engineering artifacts which might cause fatalities, mea-sured in terms of annual probability, have shown to be below the level for commonchronic disease (10- 3 /yr) but somewhat above the "de minimis" risk threshold, around10-7 (Pate-Cornell, 1994), where individuals and society are indifferent to the risk(Ellingwood, 2000). Since this range is extremely wide, a strategy for selecting appro-priate target reliabilities and risk acceptance criteria becomes a key element for makingdecisions. The optimization strategy presented in the following sections is suggestedas a dependable and effective approach for defining the criteria for optimum seismic

structural design.

7. OPTIMIZATION

The overall discussion in the previous sections has taken us to the problem ofmakingassertive decisions. In spite of the fact that a decision involves to great extent the con-text of the problem and a significant degree of subjectivity, "numerical models" areimportant to provide criteria with a low degree of subjectivity. Therefore, althoughincomplete, optimization techniques are rational dependable models which may sup-port coherent decision processes. This section describes some basics of optimizationand its applicability to engineering problems.

7.1. Basic optimization concepts

The essence of numerical optimization is described by equation 6, which provides themaximum or minimum value of the objective function F O. Considering uncertainty,a reliability-based optimization process consists of defining the optimum value of thevector parameter p for which the engineering facility is financially feasible. The vectorparameter p stands for any measure capable to control the risk offailure. For instance, inthe case ofa building structure, p could be the dimension ofthe structural elements, thereinforcement, the quality assurance program during construction, the maintenanceprogram during service and so forth.The general objective function for maximization can be expressed as:

Z(p) = B - C(p) - D(p) (8)


$

B (Benefit)

Figure 8. Description of cost functions for the optimization.

where B is the benefit derived from the structure assumed independent of the vectorparameter p; C(p) is the cost ofdesign and construction; and D(p) the expected failurecost (Figure 8).

Since the structure will eventually fail after sometime, the optimization has to be

performed at the decision point (i.e. t = 0). Therefore, all cost need to be discounted,for example, by using a continuous discounting function such as 8(t) = exp[-yt].In accordance with economic theory benefits and expected cost, whatever types ofbenefits and cost considered should be discounted by the same rate; however, differentparties may use different rates. While the owner may use interest rates from the financialmarket, the interest rate for an optimization in the name of the public is difficult. Adetailed discussion on participation and importance of the interest and benefit ratescan be found in (Rackwitz, 2002).

For typical engineering facilities, Hasofer and Rackwitz (2000) proposed severalreplacement strategies: (1) the facility is given up after service or failure or (2) the facilityis systematically replaced after failure. Further, it is possible to distinguish betweenstructures that fail upon completion or never and structures that fail at a random pointin time. Assuming a constant benefit (i.e. b = f3 Co), the objective function for all casesis presented in Table 4, where H is the cost of failure; y is the annual discount ratecorrected for in/deflation averaged over sufficiently long periods; and A(p) the rate offailure for stationary Poissonian failure processes.The merit of the objective function for random failures in time with systematic

reconstruction (e.g., seismic design case) is that it does not depend on a specific lifetimeof the structure, which is a random variable very difficult to quantify and usually muchlonger than values specified by codes of practice. The solution is based on failureintensities and not on time dependent failure probabilities. It is neither necessaryto define arbitrary reference times of intended use nor is it necessary to computefirst passage time distributions. The same targets, in terms of failure rates, can be set


Table 4 Objective function for various replacement strategies

Replacement strategy

Failure upon completion due to time invariant loads- Systematic reconstruction

Random failure in time

- Given up after completion -- Systematic reconstruction -

Random failure in time due to random disturbances

Objective function

Z(p) = ~ - C(p) - (C(p) +H) Pf(P)Y 1 - Pf(P)

b A(p)Z(p) = Y +A(p) - C(p) - H Y +A(p)

Z(p) = ~ - C(p) - (C(p) + H)_A--,,-Pf---,(P_)_Y y +APf(P)

for temporary structures and monumental buildings, given the same marginal costfor reliability and failure consequences (Rackwitz, 2000). Thus, by using the thirdequation in Table 4 there is no need to perform the optimization in terms of theexpected total cost over a time period (i.e. design life for a new facility, or remaininglife for a retrofitted facility), usually called Lifecycle Cost Design criteria (section 8),but to refer the analysis to yearly rates of occurrence of the event and annual failureprobabilities.

7.2. Cost of saving human lives

It wasstated in section 2 that decision making requires a balance between safetyand cost,and that safety is related to avoiding losses. Commonly in engineering, safety is relatedto saving human lives. There has been always a great amount of discussion about thecost of human life, but despite the moral and ethical considerations, economic valuesare still assigned, mainly by insurance companies. For instance, FEMA (1992) reportsthat, for the United States, the cost of injury can be taken as US$1,000/person andUS$lO,OOO/person, for minor and serious injury respectively. According to the samesource, the life saving cost has been assessed at US$1 ,700,000. In general terms, fatalityand injury losses can be evaluated using one of two approaches, namely, human capitalapproach and willingness-to-pay approach (Cho et al., 1999). These are interestingapproaches that support a common need in engineering, expressed by Lind (2001) as"a measure of tolerable risk should be based on human values and expressed in humanterms".

Many widely used social and economic indicators have been developed for inter-national organizations as an attempt to measure and compare the "quality" of life anddevelopment ofdifferent societies. Basic social indicators are statistical time series suchas life expectancy or Gross Domestic Product (GDP), while compound social indica-tors are functions of such data for specific purposes. Lind (2001) argues further thatany social index that is a differentiable function of life expectancy and GDP per per-son, imply a tolerable and simultaneously affordable risk value. The principle of equalmarginal returns defines those risk-cost combinations. Although the management ofpublic risks has several ethical, psychological and political dimensions, the core of theoverall management of risk is a problem of allocation of economic resources to servethe public good.


Risk management is the purchase of extra life expectancy. Thus, "the cost of life-saving is not so many dollars; rather the cost ofa dollar is so much life" Lind (2001). Thecost of human life will be taken into account through the Life Quality Index (LQI),which is a compound indicator of the well-being of a society defined as (Nathwaniet aI., 1997):

L = f(g)h(t) (9)

where the function jig) represents the intensity, while the factor h(t) represents theduration of the enjoyment oflife. The LQI assumes that jig) and h(t) are independentfunctions. The parameter g is the individual mean contribution to the GDp, and tthe time for enjoyment of life whose quality is measured by g. Life expectancy, e, isproposed as a measure of safety and the GDP per person, g, as a surrogate measure ofthe quality oflife. On the whole, the LQI is a cost/efficiency-based criterion expressedin terms ofa marginal utility that does not depend on absolute values oflife expectancyat birth or the gross national product. It is based on considerations about the potentialloss oflife and does not deal with risks to any particular group, nor does it deal withrisks to any identifiable person.

The LQI is based on the assumption that GDP per capita (i.e. g) is proportional toworking time w; thus, if the time spent in economic activities iswe (0 < w < 1), then,the time for enjoyment oflife is t = (1 - w)e. It is therefore reasonable to assume thatindividuals maximize their income with respect to the time they spend in earning it,

that is,

dL-=0dw

(10)

After some mathematical manipulation, the LQI can be approximated as (Nathwaniet aI., 1997; Rackwitz, 2001):

(11)

where w is the fraction of e devoted to economic activities in order to raise g. Ithas been observed that the value of w varies between 0.10 for developed countriesand more than 0.20 for undeveloped countries. An activity, regulation, project orundertaking changing life expectancy and involving cost is reasonable if (Nathwaniet al., 1997):

dL dg de-=w-+(l-w)->OL g e

(12)

The cost of life saving operation requires estimating the cost of averting a fatality interms of the gain in life expectancy .0.e. The cost of the safetymeasure is expressed as areduction .0.g of the GDP. Thus, the Implied Cost ofAverting a Fatality (leAF) canbe obtained from the equality of equation 12 after separation and integration from g


to g + !1g and e to e + !1e. Therefore, the cost per year (i.e. !1C = -!1g) to extenda person's life by !1e is:

(13)

Because !1C is a yearly cost and the (undiscounted) lCAF has to be spent for safetyrelated investments into technical projects at the decision point t = 0, one shouldmultiply by er = !1e and the lCAF becomes:

lCAF(e r ) =g(1- (1 +e,/e)-(!/q))e, (14)

The societal equality principle prohibits differentiating with respect to special ageswithin a group; therefore (Rackwitz, 2002),

lCAF= 1'" lCAF(e - a)h(a)dao

(15)

where h(a) is the density of the age distribution of the population. The density ofthe age distribution can be obtained from life tables. Recently, Pandey and Nathwanimodified the LQI by defining a Societal Life Quality Index (SLQI) and a detaileddiscussion ofthis can be found in Rackwitz (2003). The lCAF in equation 14 is in factvery close to the human capital, i.e. the lost earnings if a person is killed at mid life;therefore, it might be used as an orientation for ajustifiable compensation by insuranceor the social system in a country. The lCAF is derived from changes in mortality bychanges in safety-related measures implemented in a regulation, code or standard bythe public. Values ofg, e, wand lCAF for selected countries are shown in Table 5.Therefore, in an exposed group of technical projects, with NF potential fatalities, the"life saving cost" is (Rackwitz, 2002):

HI = lCAF . k . N I (16)

where k (0 ~ k ~ 1) is a constant that relates changes in mortality to changes in thefailure rate and can be interpreted as the probability of actually being killed in caseof failure. HF implies that incremental investments into structural safety should beundertaken as long as one can "buy" additional life years. It is emphasized that HFis not an indicator of the magnitude of a possible monetary compensation for thefatalities, such as in case of an earthquake event, nor a measure of the human life. It isa number which society is willing to pay to save life years, i.e. investments in structuralsafety via codes of practice or the like. It enters into the optimization as a fictitiousnumber at the decision point (Rackwitz, 2002).

7.3. Life cycle costing

A particular case of optimization has to do with the life cycle of any engineeringartifact. This is a topic that has taken more relevance every day given its importance for


Table 5 GOP/per capita (allmonetary values in PPP US$, 1999,i.e. adjusted for purchasing power parity), life expectancy and w forselected countries

g (US$) eCountry (GOP/capita) (Years) W leAF

Canada 26,251 78.7 0.125 2.1.106

France 24,470 78.7 0.125 1.9.106

Germany 23,742 77.6 0.125 2.2.106

USA 31,872 76.8 0.125 4.7.106

Mexico 8,297 72.4 0.15 6.2.106

Brazil 7,073 67.5 0.15 4.8.105

Colombia 5,749 70.9 0.15 4.0.105

India 2,248 62.9 0.18 1.5.105

China 3,617 70.2 0.18 2.6.105

Japan 24,898 80.8 0.15 2.1 .106

Egypt 3,420 66.9 0.15 2.4.105

South Africa 8,908 53.9 0.15 5.0. 105

Kenya 1,022 51.3 0.18 5.2.104

Mozambique 861 39.8 0.18 3.7.104

efficient assignment of resources in the long term and its relationship with the conceptof sustainability. The basics of life cycle costing will be described in this section.

7.3. 1. General aspects

As in industry, engineering products such as infrastructure facilities have to extend thecost evaluation from the simple "counting" approach to the life cycle where valueis created and to employ foresight instead of hindsight. Thus, the analysis shouldlook forward in time, beyond the organization production costs. It should focus onthe underlying drivers of business performance, which are essential for managing thestatistical nature ofcosts.Within this context, Life Cycle Cost analysisplaysa far greaterrole than traditionally thought.

Proactive cost management should handle allkinds ofrisks that can incur lossesto theinfrastructure. Those risks range from classical engineering (failure of the structure)to business risks, which have shown recently to be a new focal point of corporategovernance. Within this context, it is evident that cost management should ideallybe expanded to risk-based cost management as well as focus on total cost. Life CycleCost analysisshould take risk and uncertainty into consideration to be really useful fordecision making.Emblemsvag (2003) argues that the Life Cycle Cost analysis idea requires acting on

the following directions:

From partial focus to holistic thinking From structure to process orientation From cost allocation to cost tracing From deterministic to uncertainty management.

Ri sk analysis and the decision-making process in engineering 317

Planning

ManufacturerUser

Planner

Owner

Conception Planning Design Construction Operation ReplacementIDisposal

Figure 9. Life cost cycle from different perspectives.

Moving to holistic thinki ng involves recognizing the real effect of a project on thewell-being of a society. It is of course related to quality in a broader sense and con-sequently with the relevance of the decisions. Considering systems as processes is aparamount concept in a holistic approach since that concept recognizes the dynamicnature of decisions. Cost allocation refers to assigning costs using arbitrary alloca-tion bases, whereas tracing relies on cause and effect relationships. Finally, uncertaintymanaging is at the heart of any decision whose outcome is not certain.

7.3.2. Basics oflife cycle costingThe life cycle of any artifact depends upon the perspective from which it is lookedat; however, it refers to lapse of time during which "someo ne" invests resources andexpects to obtain some benefit (Figure 9). Therefore, Life Cycle Cost refers to the costincur red by "someone" dur ing the lite cycle of the artifact. Needless to say that it isexpected that ideally costs should be lower than benefits in the long run; otherwise ,the product is not worth being built.Cost and benefit estimation is not easy to quantifysince the social impact ofa product

plays a significant part in the decision to develop it. It is impor tant to distinguish herebetween product life cycle and market life cycle. The forme r is related to one or afew items, while the latter is concerned with business management of product. In thischapter the discussion will focus on the product life cycle.The life cycle cost is closely related to design and development because it has been

realized that it is better to elimina te costs before they are incurred instead of trying tocut costs after they are incurred. This represents a paradigm shift away from cost cuttingto cost control during design; in other words, the traditional approach of cost cuttingis very ineffective. In terms of infrastructure it has been shown that the investmentJ ur ing the life span is several times higher than the original cost. Nowadays, publicinstitutions and companies cannot afford to segregate cost accounting from designengineeri ng, construction and other core business processes. This puts new challengeson management that traditional cost accounting techniques can not handle properly.

O n the whole, the Life-Cycle-Cost can be defined as: " the total cost that is incurred,or may be incurred, in all stages of the product life cycle" (Emblemsvag, 2003). The


Life-Cycle-Cost is a decision support tool that must fit the purpose and not an externalfinancial reporting system.

8. EXAMPLES

In order to illustrate the main concepts described in this chapter, two applied examplesof decision making will be discussed.

8.1. Allocation of resources to transport networks

Allocation of resources for construction, maintenance and rehabilitation of transportnetwork facilities has become a priority in most countries, and in particular, in thosewhere most freight is transported by land. This section presents a model for optimizingthe allocation of resources based on the operational reliability of transport networksystems. The optimum assignment of resources is carried out based on a set ofpossibleactions described in terms of the failure and repair rates of every link. Thus, the modeloptimizes the assignment of resources so that the accessibility of a centroid or the totalnetwork is maximized (Sanchez-Silva et al., 2004).

8.1.1. Basic considerations

Reliability of transport systems is a complex issue that involves several factors thatdiffer in nature. Transport systems analysismust combine physical and functional con-siderations, which are not necessarily independent. Physical aspects are related to the

impossibility for the user to reach a destination due to damage of the infrastructure (e.g.collapse of a bridge). Functional aspects are concerned with level of service provided,such as excessive travel times (Sanchez-Silva et al., 2004).

A transport network system can be thought ofasa stochastic dynamic system, wherethe state oflinks (i.e. failed or not failed) and the users' decisions change permanently.A road network is defined as a system, which can be represented mathematically as agraph G(N, A) made up ofa finite set of N nodes and A Links. The network includesa set ofroads selected on the basisofany technical, functional or administrative criteria.Centers ofspecial interest such as cities are designated as centroids and should be clearlydefined within the network.

In order to assess the reliability of a network system, it is required to consider thenetwork's variation with time. This can be looked at from two perspectives: (1) thedecisions that the user has to make as helshe goes along a route from one node toanother; and (2) the average failure and repair rates of a link within a route betweentwo nodes. These two aspects are considered in this example within a single model.For more details of the model refer to (Sanchez-Silva et al., 2004).

8.1.2. Decision criteria

Accessibility is selected as the main decision criteria. It is the ability to commandthe transportation facilities that are necessary to reach desired destinations at suitabletimes. It is the most important relationship emerging from the interaction between theelements of the network.


8. 1.3. Accessibility

Accessibility is widely used in transport studies under different contexts. Differentauthors , such as Moseley (1979), Halden (1996), Geertman and Van Eck (1995) agreethat accessibility depends on two factors: (1) an activity or motivation based on theopportunities available in a location and (2) a resistance factor based on generalizedcost of traveling (e.g. efficiency, low cost). Others (Shen, 1998) have also includedconcepts such as the demand for the foregoing mentioned opportunities. Accessibilityis strongly related to the location and relevance of centroids, the willingness to moveand the opportunities and benefits ofmoving in accordance with the attributes of thenetwork .The operation conditi on of the network is then evaluated through the Accessibility

Index A, which is used to describe the efficiency of the network to communicatecentroids. Accessibility can be defined in terms ofany variable of the network system;however, disutility, which is the cost of the trip as network users perceive it, is a usualparameter. Disutility encompasses all factors that affect the cost for the user and theway he/ she integrates them. That includes aspects such as travel time, speed limit,quality of the road, safety, landscape, congestion, and so forth . Although the disutilityconsiders every important factor in the decision making process, travel time and directcost are usually the most relevant components (Bell and Iida, 1997).The accessibility to centroid i is defined here by:

"Ai = L l\j-.J(E [Cj -4;])

j ; l, ji

(17)

where f( E [Cj--->;] ) is a monotonic decreasing function , e.g., f (E [C;---> i]) =1/ E[Cj ..... ;] , n is the numb er centroids in the network, Nj--->i is the number of ve-hicles (traffic); and E[Cj --->;] is the expected cost of traveling from every centroid j tocentroid i. This definition implies that as the cost of traveling increases, accessibilitydecreases (Sanchez-Silva et al., 2004).However, equation 17 does not provide enough information about the behavior of

the whole network. Therefore, the Network Reliability Index (F) is proposed to measurethe change in the accessibility of the entire network, and it is defined as (Sanchez-Silvaet aI., 2004):

II'

FN=Lw jAjj ; \

(18)

where 111 is the number of centroids in the network and w j the weight ofcentroid j inaccordance to its importance for the network (e.g. economic, social). Every centroidhas a weight IV i calculated according to the evaluation objectives, such as amount offreight or passengers generated or attracted. In order for the values of IV j to guaranteecompleteness, it is necessary that the sum ofall w j be equal to 1 (Lleras and Sanchez-Silva, 2001).


8.1.4. Optimizationof resource allocation

The appropriate assignment of resources depends on an effective use of the resourcesavailable to induce a change of the accessibility as function of the changes in the failureand repair rates (Ak and f..Lk)' If the repair rate (f..Lk) is increased, the response capacity ofany interruption of link k improves; similarly, a decrease of the failure rate (Ak) meansthat prevention measures have been successful. The approach using Ak and f..Lk as themain parameters of the model, facilitates the definition of performance indexes andthe decision making process.Any change in these rates has an associate cost associated. Therefore, every action has

to be looked at in terms of the relationship between the cost and the benefit obtainedin the operation of the network if such action is taken. The objective of optimizationis to maximize the change in the accessibility, which may be looked at from twoperspectives: (1) improving accessibility to a particular centroid; or (2) enhancing theaccessibility of the whole network. The first analysis focuses on assessing the change inthe accessibility of a given centroid as a function of modifications of the parameter Aand u, The second alternative considers an increase in the accessibility of the networkas a whole.

For the centroid analysis, the optimization can be expressed as (Sanchez-Silva et al.,2004):

Maximize:

/I

A i()'j,A2, ... ,A,,,J.1.1,J.1.2, ... ,J.1./I)= L ~->J(E[C)->;])j~l.jfi

Subject to:

tI 1/

L C,i(Ai) +L C/li(J.1. i) = CLi=l i=l

A, ::: 0

M, ::: 0

(19)

(20)

where Ai (Al' A2, ... , A,,, f..Ll, f..L2, ... , f..Ln) is the accessibility as defined in equation17; CL is the maximum amount of resources (e.g. US$) available for investing in theroad network; and C (Ai) and CM, (f..Lj) are the cost of modifying the failure, A, orrepair, u, rates of link i. The results of the optimization are the changes on the failureand repair rates of every link such that the accessibility to centroid i is maximized.The optimization of the operation of the complete network can be expressed simplyreplacing the objective function (equation 19) by equation 18:

/I,

FN()"1, ),,2, ... , A,,, J.1.1, J.1.2,'' J.1.") =L UJjAj(AI, A2,"" A,,, J.1.1, J.1.2,, J.1./I) (21)j=1

The proposed model requires a nonlinear optimization of 2n variables. Note thatthe constrains Ai > 0 and u, > 0 will alwaysbe unbinding (Sanchez-Silva et al., 2004).

TRAHIC :\IATRI XDestin)23~567

o 100 60 '10 20 1'10200 270200 0 20 10 60 50 30 '10

70 30 0 ~ 30 10 10 25, 0 20 ~ 0 100 70 so 12080 60 15 110 0 130 ~5 '10110 80 26 94 130 0 '10 110

~ 20 5 ~ 115 130 0 170290 SO 10 I~O 110 120 30

C a li

R isk analysis and the decision-making process in eng inee ring 321

:\ Ia n iza lcs

Figure 10. Transport network co nsidered for the illustrative exam ple. Adapted from Sanchez-Silva et a1.(2003) .

Table 6 Accessibility to every centroid

Cent roid

12345678

Weight

0.27750.OM80.00560.13880.18500.09250.00460.23 13

Accessibility

0.12130.08530.03830.15590.46 140.4 5660. 15790.1497

8. 1.5. Case study

Asan example, a part ofthe main transport network in cent ral Co lombiawas considered(Figure 10) where the relevant information of the parameters, in suitable units for thestudy, is also presented (Sanchez-Silva et al., 2004).

As ment ioned before, the decision criterion for allocating resources is the changein the accessibility; in particular, investmen t should lead to a reduction in the totalaccessibility of the network. Therefore, in first place it is necessary to compute theaccessibility to every centroid independently. This is performed by using Equation 17with the results shown in Table 6 (Sanchez-Silva et a!' , 2004).By considering the weights also shown in Table 6, which where obtained based on

traffic demand and specific socioeco nomic characteristics of each centroid, it is possible


O' 0.0

~ 0 .' t- ~ 0 ':;: 0 .1 -; - :; 0 1~ :;~ 0 6 ~ 06> ~z 0';: O' ~ O'-c ex oj ~ OJ

0 2 0 .2

0 .1 01

00 , 6 10 II s 6 10 II

L1:'oo K L1SK

(a) (b)

Figure 11. (a) relative investment in the failure rate with respect to the maximum; and (b) relativeinvestment in the repair rate with respect to the maximum.

to compute the Network Reliability Index, F, as:

'"FN = L wJAj = 0.224

j=1

This value corresponds to the current accessibility of the network. Thus, the opti-

mization consists in defining the assignment of resources (fix budget) to modify theseparameters so that the Network Reliability Index is maximized. This requires defininga cost function for every possible action, which in this case are the changes ofthe failureand repair rate of every link. Defining this cost function depends on the context ofthe problem and has to be carefully structured. For this example, the cost function forevery link has the form C(x) = k(x - xO)4; where x represents A or fJ., and Xo is thecorresponding original value. These values were obtained from a regression analysisand reflect the actual socioeconomic conditions of the region (Sanchez-Silva et al.,2004).

Optimization is clearly a non linear problem which can be solved using standardmethods such as the projected gradient. The restrictions on optimization are theamount of resources available and the final value of the parameters A and u, whichhave to be positive. For a limited budget of US$1867 million, Figure 11 shows theresults of the optimization in terms of the relative investment in every link for thefailure and repair rates.

It can be observed in Figure 11 that investments on improving the repair rate arehigher and more even throughout the links than those required for enhancing thefailure rates. The investment in the failure rate is highly concentrated in link 9 and isfollowed by the investment in links 5 and 6. Actions directed to reduce A are relatedto physical interventions such as construction of retaining wall structures, retrofittingbridges and so forth. In terms of the repair rates, links 3 and 4 are significant for the

Risk analysisand the decision-making process in engineering 323

network since they have the smallest cost of repair and provide the redundancy for theroute from centroids 1 to 8. A failure oflink 3 makes links 2 and 5 to become extremely

critical and any alternate route very expensive. In general, it has been observed that theinvestment directed to improve repair rates has a lesser impact on the network sincethe time a link is out of service is very low.

8.1.6. Summary andfinal remarks

Allocation of resources for enhancing the reliability of a transport system is a priorityand a very controversial issue due to the differences in the criteria used for that purpose.An approach to computing the transport network systems reliability based on an entirelyprobabilistic view, as proposed by Sanchez-Silva et al. (2004), has been presented. Itconsiders the state of the network through the relationship between the failure andrepair rates of every link comprising the network. These rates are directly relatedto social or physical characteristics of the road, such as condition of the road, orfrequency and size oflandslides. The example illustrates how optimizing the assignmentof resources can be an efficient decision making strategy to enhance the reliability ofany transport network system.

8.2. Design of structural systems

Building design and construction is a fundamental activity for a society. Technical

requirements are defined by codes ofpractice based on well tested mechanical models.In areas were earthquake activity is important, the uncertainty of seismic load definesthe design requirements. In this particular case, the balance between safety and cost isextremely important and a careful consideration of the cost of saving human lives isrequired (section 7.2). This example discusses how the decision of the acceptability ofthe earthquake design criteria is controlled by saving life years criteria.

8.2.1. Decision criteria

For this example, the decision has to do with the level ofacceleration for which a build-ing structure has to be designed in accordance with the socioeconomic characteristicsof the society where it is going to be built.

8.2.2. Probabilistic model oftheground motionEarthquake hazard assessment focuses on defining the probability of excedence ofa particular ground motion parameter at a site, in a given period of time, T. Forconvenience and in agreement with current practice, the peak ground acceleration istaken as the design parameter. Attenuation laws, which relate peak ground accelerationwith magnitude and epicentral distance, have the general form:

a = h(m, r) = b1(r)e/"'" (22)

where a is the peak ground acceleration at the site of interest, b: = 0.573, m is theRichter-magnitude and b1(r) is a function ofdistance describing the energy dissipation.


For the seismic conditions of California, which are similar to those of the region ofinterest, i.e. Bogota, bl (r) = (9.81*0.0955 exp(-0.00587r))/Jr 2 + 7.32 (Joyner andBoore, 1981). For the attenuation law in equation 22, a coefficient of variation ofabout 0.6 is reported. The data collected showed that the magnitude can be fittedby an extreme value distribution type III (for maxima). The upper bound is definedby historical data of earthquake events and by the regional geological characteristics.In addition, only events with magnitudes which may cause significant damage aretaken into account, i.e. m > Mmi" = 4.0. Therefore, the conditional probability densityfunction for the magnitude will be given by (Sanchez-Silva and Rackwitz, 2004):

(23)

The values of the distribution parameters wand u can be determined based on theavailable data of the seismicity of the area. The denominator of the equation corre-sponds to 1 - FM(m),which is the probability ofhaving an earthquake with magnitudehigher than Mmi,.. The parameters of the distribution were computed by a maximumlikelihood method based on data for Bogota. The yearly rate of occurrences of earth-quakes has been determined as A = 2.9. Based on the attenuation law considered inequation 22 and the conditional density function for the magnitude equation 23, thederived conditional density distribution function for the acceleration can be calculatedas:

(24)

with Mmi" < h-l(a, r) = (1/b 2)ln(a/(b l(r)) < Mil. In order to obtain the uncon-ditional density function for the acceleration, it is necessary to integrate over thearea within which the analysis is performed (i.e. circular around the point of inter-est, Rmax = 200 Km). Therefore, the probability density function of the distance R isconsidered uniform with a value offR (r) = 2r / R;tax. Ofcourse more elaborated mod-els can be developed if the location and earthquake pattern of the seismic sources areclearly identified. Assuming stochastic independence between magnitude and distance,the density for the acceleration is (Sanchez-Silva and Rackwitz, 2004):

(25)

The mean and the standard deviation for the acceleration without considering theuncertainty in the attenuation law are 0.075 m/s2 and 0.116 m/s2 respectively, implyinga coefficient ofvariation of 155%. The maximum and minimum acceleration expectedon site are a max = 9.44 m/s2 (R = 0, M = Mu) and ami" = 0.014 m/s2 (R = 200 Km,M=4).


8.2.3. Model of theprobability offailure of thestructural systemThe structural system is modeled as a one degree of freedom system. The demandon the building structure subjected to a ground motion depends upon the proba-bility distribution function of the acceleration and the variation of the accelerationobtained from the response spectrum. Thus, the limit state function can be defined asg (R, S, A) = R - SAs = 0, where R is the resistance including all structural char-acteristics like distribution ofmassesand ductility, S accounts for the variability of theresponse spectral acceleration of the system to the ground motion (p.. s = 1, as = 0.6),A is the peak ground acceleration at the base, and e accounts for the uncertainty in theattenuation law. Ifboth resistance and demand are modeled as lognormal distributions,the conditional probability of failure of the system can be expressed analytically as(Sanchez-Silva and Rackwitz, 2004):

(26)

The ratio plsa corresponds to the central safety factor, where p is the mean value ofthe resistance. The variability of the attenuation law is included within the variabilityof the demand Vs, which was increased for the purpose of this study to 0.8. It ispointed out that equation 9 isvalid only conditionally on the acceleration, a; therefore,expectation has to be taken to remove the condition. The unconditional probabilityof failure can be computed by integrating over the acceleration range. Thus, theunconditional probability depends only on the parameter p and represents the failureprobability of the structural system when subjected to acceleration with probabilitydensity as defined in equation 25.

8.2.4. Estimation of cost

The definition ofcost is fundamental for the optimization process. The cost of interestfor the optimization process is: (1) cost of construction; (2) cost of retrofitting; (3) costof expected material losses; and (4) cost of human life losses (Table 7).The construction cost of the structure consists of two parts (equation 27), one that

does not depend on the structural characteristics (non-structural elements), and the

Table 7 Cost functions used in the optimization

Type of cost

Construction and retrofitting

Rehabilitation

Expected damage

Saving Human Lives

Cost function

C(p) = (Co + ClpD)CR(a, p) = (Co + CzpDar)HM(a) = CM1/'HF(a) = (lCAF . k NF) . 1/a

Equation No.

(27)

(28)(29)(30)

CII (C(,= 1 x 10")-construction cost. CI (CI = 1 x 100)-construction cost that depends on the amount of resistanceprovided to the structure and 8 = 1.1; C, (C2 = 8000 (C,/C(, = 0.008)) is the cost of retrofitting the structure; r = 1.5;CM (C.\! = 1.5 x lO')-cost of material damage, ~ = 1.25; a-acceleration in m/s-.


direct cost of the structure itself. It is widely known that the cost of the structure, ifdesigned to withstand earthquakes, accounts for some 20% to 30% of the total cost ofthe building. The investment in rehabilitation or retrofitting is related mainly to thestructural system although it may imply some repairs to non-structural elements. Thiscost depends upon both the structural behavior and the actual ground motion. Theparameter p defines the requirement in structural terms to upgrade a structure tothe reliability level of the current code of practice after it has been damaged, and theacceleration expected in site relates it to the expected structural damage (equation 28).Expected earthquake damage is usually measured in terms ofthe earthquake intensity

(eg.MMI, MSK) and can be modeled asvulnerability curves, damage matrices, damageintensity curves and so forth. In this paper, the damage cost is referred to not asintensity, but to peak ground acceleration (equation 29). Empirical relationships andtables were used as reference to relate damage observed and acceleration. The damagefunctions developed do not discriminate between different intensities of damage (eg.low, moderate, high), but take into account the total value of the damage. In additionto the direct cost of damage, the cost of loss of opportunity, Ho, was included as aconstant depending upon the socioeconomic climate, i.e. Hr, = Co, but independentof acceleration. For comparative purposes, was selected as 3.615, 1.0 and 0.231 forhigh, moderate and low socioeconomic climates (Sanchez-Silva and Rackwitz, 2004).

8.2.5. Optimization

The random failure in time with systematic reconstruction can be applied to earth-quakes in which the seismic events follow a Poissonian process with occurrence rate Aand failures can occur independently with probability Pr(p) (Hasofer and Rackwitz,2000) (Table 4).An area with moderate to high seismic activity was considered as a case study. The

ground motion characteristics used in the model correspond to data obtained fromthe US Geological Service (UGS, 2001). The study focused on the implications ofthe LQI in the optimization process and the consequences in terms of structural safetyfor different socioeconomic contexts. Thus, three different socioeconomic conditionswere reviewed (Table 8), with an annual benefit of O.03Co and a discount rate of 2%per year.

Table 8 Data for comparing different socioeconomic contexts

Socioeconomic level

High Moderate Low(Western Europe, USA, (Latin America & (Least develop

Parameter Japan) Caribbean) countries)

g 23,500 6,500 1,500Cj- 20 28 40w 0.125 0.15 0.18ICAF 3.10 6 4.10 5 7.104

F. opportunity 3.615 1.0 0.231


High Social CUmBie V, riaUon with k

' 00 - - - -- - , .,

~ b O.1- :,...-

.J"V.- *:0.01k:O .OO1

I

,.~~ I1 ,. -- - - - - -~.!:. ~-"'-,- . I ~ " ..... . : : ~ . . . . . . 1''' ' ~--..,..,-~ , .' ~~ .'! . ' ~1::r .~'::-:"t.~:: ;::: ::: ~::::::~...

(a)

' 00" ~Numb ot ,,,.UU.,

(b)

'00

Figure 12. (a) Spectral acceleration for k = 0.01 and for different social climates. (b) Spectral accelerationfor high social climate and different values of k.

A reliability analysis using FORM/SORM was performed in order to determinethe acceleration associated to every p-optimum obtained in any case considered. Thiscorresponds to the design value ofthe peak ground acceleration for which the structurehas to be designed. Figure 12a presents the spectral design acceleration as function ofthe number of fatalities in case of collapse of the structure for a value of k = 0.01 anddifferent social climates, while in Figure 12b. the results are shown for the high social

climate depending upon the value of k.First ofall, it can be observed that in all cases, as the number offatalities per building

increase, there is also an increase in the required design acceleration, and it changesdepending upon the socioeconomic condition of the population. In all cases it is clearthat a highly developed country should spend more in order to save life years thana developing country. Furthermore, the design acceleration levels defined in currentcodes ofpractice are, in many cases, sub-optimal. They do not account for the numberof fatalities nor for the socioeconomic characteristics of the population. Therefore,the average design acceleration specified in the code of practice leads to overdesign inmoderate and low socioeconomic climates and to underdesign of structures in highlydeveloped countries. Results showed that the design criteria cannot be set in terms ofthe return period alone, but they have to consider also construction and reconstructioncosts, opportunity losses, and the potential for human life saving (Sanchez-Silva andRackwitz, 2004).

8.2.6. Summary andfinal remarks

Structures should be optimal in terms of the capital invested and the saving oflife years.Selecting appropriate target reliabilities and risk acceptance criteria is paramount formaking decisions on infrastructure development. The reliability-based optimizationprocess defines the optimum value of the design vector parameter p, for which thebuilding is financially feasible. Results showed that optimum design values are verysensitive to the socioeconomic context and to the number offatalities as the economic


level of the society increases. In addition, it could be inferred that countries withdifferent socioeconomic contexts should invest their resources in structural safety dif-ferently. Low developed countries should invest less in structural safety, and redirectthe resources to other aspects such as education or health, which may prove to be moreimportant for development (Sanchez-Silva and Rackwitz, 2004).

9. CONCLUSIONS

Risk analysis is an essential tool for making decisions since it uses evidence effectivelyto provide information on the potential consequences of a given scenario. The mainchallenges that engineers face is how to make decisions which balance cost and safetywithin an uncertain environment. Decisions range from pure technical aspects toplanning and idealizing engineering projects. There is not a way to define the correctdecision because it not only depends upon the strategy of comparing alternatives,but also on the point of view of who makes it and his/her perception of risk. Inother words, it depends highly on the acceptability criteria. An alternative for definingrational acceptable criteria has to be linked to actual facts and must be the result of anoptimization process. A great deal ofwork has to be done on integrating risk analysisand decision making strategies; it is definitely an important way ahead for developingbetter engineering which serves society.

REFERENCES

Ang A. H-S. and Tang W.H. (1984), Probability concepts in engineeringplanning and design. Vol II Decision Riskand reliability. John Wiley & Sons, New York.

Bell M. G. H. and lida Y. (1997), Transportation Network Analysis, Wiley, Chichester.Blockley, D. I. (1992), En,!;ineering Seifety, Mc Graw Hill, London.Blockley D. I. and Dester W. (1999), "Hazard and Energy in risky decisions".]. of Civil Eng and Ev. Syst,

Vol. 16, pp. 315-337.Checkland P. Systems Thinking, Systems Practice. John Wiley and Sons, 1981.Cho H. N., Ang A. H-S. and LimJ. K. (1999), "Cost effective optimal target reliability for seismic designupgrading oflong span PC bridges". Proc. Application of Statistics andprobability. (Ed. R. E. Melchers &M. G. Stwart), Balkema Rotterdam, pp. 519-526.

Coburn A, Spence R. Earthquake protection. John Wiley & Sons, 1992.DANE (2002). http://www.DANE.gov.co.EERI Committee on seismic risk (1984). Glossary of terms for probabilistic seismic-risk and hazard analysis.Earthquake Spectra, Vol. 1, No.1, November, 35-40.

Ellingwood B. (2000). "Probability-based structural design: prospects for acceptable risk bases". Proc. ofInternational Conference onApplications of Statistics and Probability, pp. 11-18, Balkema, Sydney.

Elms D. G. (1989), "wisdom engineering: the methodology of versatility". J. of Applied Eng. Education,5, (6),711-717.

Emblemsvag (2003), Life Cycle Costing. John Wiley.Federal Emergency Management Agency (FEMA). (1992). A benefit-cost modelforthe seismic rehabilitation of

buildings. Volume 1 & Volume 2, FEMA-227 & FEMA-228.Geerrman S. C. M. and Van EckJ. R. R. (1995), GIS and models of accessibility potential: an applicationin planning, International Journal Geographical Information Systems, 1995, Vol. 9, No.1, 67-80.

Halden D. (1996), Managing uncertainty in transport policy development, Proc. Inst. Civ. Engrs Transport,117, Nov, 256-262.

Haimes Y. Y. (1998), Risk modellin,!; assessment andmanagement. John Wiley & Sons, New York.Harr M. E. Reliability-Based Design in Civil Engineering. Dover, 1996.Hasofer A. M. and Racwitz R. (2000), "Time-dependant models for code optimization", Proceedings ICASP-

99. Balkema Rotterdam, Vol. 1, pp. 151-158.

Risk analysisand the decision-making process in engineering 329

Joyner and Boore, (1981), "Peak horizontal acceleration and velocity from strong motion records includingrecords from the 1979 Imperial Valley, California earthquake". Bull. Seism. Soc. Amer.,71, pp. 2011-2038.

Kottegoda and Rosso, (1997), Probability, statistics and reliability for civil and environmental engineers.McGrawHil!.

Lind N. (2001). "Tolerable Risk". Proc. of the International Conference Safety Risk and Reliability, Trendsin Engineering, pp. 23-28. Malta.

LlerasG. c., and Sanchez-Silva M., (2001), Vulnerability ofHighway Networks, Proceedings of the InstitutionofCivil Engineers (ICE), United Kingdom, November 2001, Issue 4, pp. 223-230.

Melchers R. E. (1999), Structural reliability AnalysisandPrediction. 2nd Edition,John Wiley & Sons, Chichester,UK.

Moseley M. J. (1979), Accessibility, the rural challenge, London, 1979.Nathwani J. S., Lind N. C. and Pandey M. D. (1997), Affordable safety by Choice: the Life Quality Method.Institute for Risk Research, University ofWaterllo, Ontario Canada.

Pate-Cornell E. (1994), "Quantitative safety goals for risk management of industrial facilities". Structuralsafety. Vo!. 13, No.3, pp. 145-157.

Rackwitz R. (2000), "Optimization-The basisof code making and reliabilityverification". Structural Safety,Vo!. 22, No.1, pp. 27-60.

Rackwitz R. (2001), "A new approach for setting target reliabilities". Proc. ofthe International ConferenceSafetyRisk andReliability, Trends in Engineering, pp. 531-536. Malta.

Rackwitz R. (2002), "Structural optimization and the Life Quality Index". Structural safety. Special Issue,To be published.

Rackwitz R. (2003) "Discounting for optimal and acceptable technical facilities", to be presented at theICASP9, San Francisco.

Sanchez-Silva M. (2001), Basic concepts in risk analysisand the decision making process.] Civil Engineeringand Environmental Systems, Vo!. 18, No.4, pp. 255-277.

Sanchez-Silva M., Taylor C. A., Blockley D. I. (1996), Uncertainty modeling of earthquake hazards, Micro-computers in Civil Engineering, Vo!. 11,99-114.

Sanchez-Silva M., Daniels M., Lleras G., Patino D. (2004). "A transport network reliability model for theefficient assignment of resources".] of Transport Research B. Elsevier. In print.

Sanchez-Silva M., Racwitz R. (2004). "Implications of the Life Quality Index in the optimum design ofstructures to withstand earthquakes". The] ofStructures, American Society of Civil Engineers ASCE. Inprint.

Shen Q. (1998). Spatial Technologies, Accessibility, and the Social Construction ofUrban Space. Computers,Environment and Urban Systems, Vo!. 22, No.5, pp. 447-464.

Stwart M. and Melchers R. (1997), Probabilistic riskassessment of engineering systems. Chapman Hill, London.U'S: Geological Service (2001), http://eqint.cr.usg.gov/neic/, National Earthquake Information Center,World data Center for Seismology,Denver.

United Nations Human Development Report, 2001, http://www.undp.org/hdr2001 /completenew. pdf.Von Neumann J. and Morgenstern 0. (1944), Theory ofgames and economic behaviour. Princeton University

Press.Zadeh L. A. (1965), "Fuzzy sets".] Information and Control, Vo!. 8, 338-353.

RISK ANALYSIS AND THE DECISION-MAKING PROCESS IN ENGINEERING1. INTRODUCTION2. THE NEED FO R RISK MANAGEMENT3. RISK4. DECISION-MAKING PROCESS4.1. Basic concepts4.2. Decision trees4.3. Defining utility criteria

5. RISK-ANALYSIS BASED DECISION PROCESS5.1. General framework for integrating risk to the decision making process5.2. Final remarks

6. ACCEPTABILITY OF RISK7. OPTIMIZATION7.1. Basic optimization concepts7.2. Cost of saving human lives7.3. Life cycle costing7.3. 1. General aspects7.3.2. Basics oflife cycle costing

8. EXAMPLES8.1. Allocation of resources to transport networks8.1.1. Basic considerations8.1.2. Decision criteria8.1.3. Accessibility8.1.4. Optimization of resource allocation8.1.5. Case study8.1.6. Summary and final remarks

8.2. Design of structural systems8.2.1. Decision criteria8.2.2. Probabilistic model of theground motion8.2.3. Model of the probability of failure of the structural system8.2.4. Estimation of cost8.2.5. Optimization8.2.6. Summary and final remarks

9. CONCLUSIONSREFERENCES

risk analysis and the decision-making process in engineering

Documents

tween risk analysis

existence of engineering

engineering project

risk managementthe reason

kind of engineering

whichrisk analysis

meaning ofthe word balance

decision making