Event & Fault Tree Analysis (ETA &

FTA)
Exercise lesson

Dr. Zhe Yang

Politecnico di Milano
Dipartimento di Energia
 2

Fault Tree Analysis

(FTA)
 Exercise 1: Simple Systems

• Construct the fault tree for the failure of the systems in the Figure.
• Write the systems structure functions.
• Reduce them to obtain their minimal cut sets.
Solution 1: Simple Systems
Solution 1: Simple Systems
Solution 1: Simple Systems
Solution 1: Simple Systems
 Solution 1: Simple Systems

➢ MOCUS (Method of Obtaining Cut Sets) algorithm

AND OR OR
XT XE XF XAXF X A XC
XAXD
OR
XBXF X B XC
XBXD
 Exercise 2: Reliability Block Diagram

Consider the Reliability Block Diagram in the Figure.

1 2

C
B D

You are asked to:

1. Build the Fault Tree corresponding to the top event: ‘no flow from 1 to 2’.
2. Find the minimal cut sets.
3. Compute the system unavailability, given that the unavailability of each
component is U=0.01.
 Solution 2: Reliability Block Diagram

1. Build the Fault Tree corresponding to the top event: ‘no flow from 1 to 2’.
 Solution 2: Reliability Block Diagram
2. Find the minimal cut sets.

Structure function: (B+D-BD)(A(B+C-BC))= AB+ABC-ABC+ABD+ACD-ABCD-

ABD-ABCD+ABCD=AB+ACD-ABCD

Minimal Cut sets: AB, ACD.

• MOCUS
XT AND OR AND OR
XT X1 X 2 B X2 B AX 3 B AB AB
X1 X2 B AC ABC

AND OR
D X2 D AX 3 D AB ABD
X3
DAC ACD
 Solution 2: Reliability Block Diagram

3. Compute the system unavailability, given that the unavailability of each

component is U=0.01.

Minimal cut sets:

M1  AB M 2  ACD
Structure function:
  1  1  M 1 1  M 2   M 1  M 2  M 1M 2

Unavailability:
  
1  1  P  M 1   1  P  M 2    1  1  U 2 1  U 3  0.00010099
or
P  M 1   P  M 2   P  M 1M 2   U 2  U 3  U 4  0.00010099
 Solution 2: Rare-event approximation 13

By

P    1   P  M j   P  AB   P  ACD 
mcs

j 1

=0.012  0.013  0.000101

 Exercise 3: Electrical generating system

An electrical generating system is shown in the figure below in block diagram form.
Only the major components are to be considered: the engines E1, E2, and the
generators G1, G2, G3. Each generator is rated at 30 KVA. The system is required
to supply at least 60KVA.

1. Draw a fault tree for the failure of the system to satisfy the required demand.
2. Find the minimal cut sets.
3. Estimate the unreliability of the system for one month (720 h) operation given
that the failure rate for each engine is 5 10-6 h-1 and for each generator 10-5 h-1
(assume failures of components obey exponential distribution)
 Solution 3: Electrical generating system

1. System fault tree

The fault tree is built on the bases of the following considerations. The systems
fails to provide the required power (60KVA) if at least two out of the three
generators do not work. In this case the supplied power is 30KVA or lower. Then,
the causes for the failure of each generator to provide the power are analyzed. The
failures for generators G1 or G3 require the primary failure of the components or of
the corresponding feeding engine E1 or E2, respectively (branches A and C in the
tree). The failure of the generator G2 occurs upon primary failure of the generator
or upon failure of either engines E1 or E2 (branch B in the tree).
 Solution 3: Electrical generating system

1. System fault tree

 Solution 3: Electrical generating system

2. Minimal cut-sets

For simplicity, we will deduce the system cut sets directly from the fault tree. We consider
the three branches 1, 2, 3 of the tree one at a time.

Subtree 1:
We can identify 4 cut sets, not necessarily minimal:
M1  E1 ,G 2 
M 2  E1 ,E 2 
M 3  G1 ,G 2 
M 4  G1 ,E1 ,E 2 
 Solution 3: Electrical generating system

2. Minimal cut-sets

For simplicity, we will deduce the system cut sets directly from the fault tree. We consider
the three branches 1, 2, 3 of the tree one at a time.

Subtree 2:
With an analogous procedure, we get for the subtree 2:
M 5  G 2 ,E 2 
M 6  G 2 ,G 3 
M 7  E1 ,E 2 
M 8  E1 ,E 2 ,G 3 
 Solution 3: Electrical generating system

2. Minimal cut-sets

For simplicity, we will deduce the system cut sets directly from the fault tree. We consider
the three branches 1, 2, 3 of the tree one at a time.

Subtree 3:
M 9  E1 ,E 2 
M10  G1 ,E 2 
M11  G1 ,G 3 
M12  E1 ,G 3 

If only the minimal cut sets are considered:

M1  E1 , G 2  M 2  E1 , E 2  M3  G1 , G 2  M 4  G 2 , G 3 

M5  G 2 , E 2  M6  E1 , G 3  M 7  G1 , E 2  M8  G1 , G 3 

 Solution 3: Electrical generating system

3. System reliability

The components have exponentially distributed failure rates so that the probabilities of
failure within 1 month = 720 h equal:
6
pE =1  e510 720
 3.6E  3, for the two engines

5
pG  1  e10 720
 7.2E  3 , for the three generators.

By resorting to a first order, rare event approximation for the system unreliability:

P    1   P  M j   2.7 E - 4
mcs

j 1

Where:
P(M1 )  3.6e  3  7.2e  3  2.59e  5  P(M 5 )  P(M 6 )  P(M 7 )
P(M 2 )  3.6e  3 3.6e  3  1.3e  5
P(M 3 )  7.2e  3 7.2e  3  5.2e  5  P(M 4 )  P(M8 )
 Exercise 4: Domestic Hot Water System

In the domestic hot water system in the Figure, the control of the temperature is
achieved by the controller opening and closing the main gas valve when the water
temperature goes outside the preset limits
T min  140F,T max  180F.
1. Formulate a list of undesired safety and reliability events
2. Construct the fault tree for the top event rupture of water
tank assuming only the following primary failure events:
1: basic tank failure
2: relief valve jammed closed
3: gas valve fails jammed open
4: controller fails to close gas valve
5: basic failure of temperature Monitor
3. Find the minimal cut sets;
4. Assume primary failure event probabilities equal to 0.1 and
compute the probability of the top event working through the
fault tree;
5. Compute the probability of the top event from the minimal
cut sets found in 3.
 Solution 4: Domestic Hot Water System

1. Formulate a list of undesired safety and reliability events

• Tank rupture (safety)
• Water too cold (reliability)
• Water too hot (safety/reliability)
• Insufficient water flow (reliability)
• Excessive flow (reliability)

2. Basic events:

1: basic tank failure

2: relief valve jammed closed
3: gas valve fails jammed open
4: controller fails to close gas valve
5: basic failure of temperature Monitor
 Solution 4: Domestic Hot Water System

3. Find the minimum cut sets

M1  {X1} M 3  {X 2 , X 4 }
M 2  { X 2 , X 3} M 4  {X 2 , X 5}

4. Probability of the top event from the minimal cut-sets

From the minimal cut sets and the approximation of rare events, we have:
P( X T  1)   P ( M i )  0.1  0.1  0.1  0.1  0.1  0.1  0.1  0.13
i
 24

Event Tree Analysis

(ETA)
 Exercise 1: Lamp System
The system represented in the figure illustrates the operation of a lamp fed
by two batteries and a power unit. In order to have energy in the circuit it is
enough that one of the energy sources (i.e., battery 1, battery 2, power unit)
, works.

Build the event tree for the event “failure of the lighting system” and compute
its probability based on the component probabilities indicated on the Figure.
Solution 1: Lamp System
 Exercise 2: Gas Release (I)

In a process plant, flammable gas that is accidentally released can be detected by a process
operator working in the area.

The process operator can only detect gas if she is present in the area where the gas is
released. There are several operators working in the plant, but only one operator is on duty at
any time.

If she is not present, she can not detect the gas, but if she is present, there is a possibility that
this may happen. An operator is present 30 % of the time.

The probability that the operator will not detect the gas is 0.3. If the gas is released, there
is a possibility that the release may ignite.

The probability of ignition is 0.1 given that gas is released.

The frequency of gas release is 0.5 per year. If the gas is detected (automatically or by the
operator), the operator will try to escape and there is a 50 % probability that she escapes in
time if she is present when a gas release takes place.

Given that someone is in the area when ignition occurs, the probability of being killed is 0.2.
 Exercise 2: Gas Release (II)

a) Prepare an event tree with initiating event (top event) “Gas released” and end events
“Operator killed” and “Operator not killed” .
b) What is the frequency of an operator being killed?
c) What is the LIRA due to gas releases? (LIRA is the annual probability of being killed, given
that a person is present in an area for 100% of the time)
Solution 2: Gas Release
Solution 2: Gas Release