When branches of a fault tree are pruned, their probabilities are not fully transferred to the "all other" branch. We test 3 explanations for this underestimation of the "all other" probability: availability, ambiguity, and credibility. In an experiment, we varied the credibility of a cover story and separately observed the generation of a fault's causes to isolate availability, and the categorization of causes to assess ambiguity. The results identify biased availability as a broad threat to the validity of likelihood estimates. Ambiguity adds to the problem whenever tree designers are unable to eliminate it from causes or categories. Finally, though subjects had clear expectations for what constitutes a credible fault tree, none of the "all other" underestimation could be traced to credibility factors. The discussion covers both underlying mechanisms and corrective techniques. A fault tree is a schematic, hierarchical representation of the possible causes of some undesired event. It represents accumulated, often collective, expert knowledge in an accessible format. Fault trees are used both retrospectively to diagnose the cause of a particular occurrence of the fault and prospectively to devise plans for preventing it. These models of the many parallel and sequential causes of a fault were developed in the aerospace industry of the 1960s (Barlow & Lambert, 1975; Vesely, Goldberg, Roberts, & Haash, 1981). They remain best suited to the physical systems that typically concern engineers and are most commonly constructed when failure entails high cost. Examples of systems to which fault trees have been applied are chemical (explosion, fire, or release of toxic material), electrical (failure of a motor to start or switch to close), mechanical (rupture of a pressure tank or no spray from an automatic sprinkler system), and nuclear (fire in the reactor building or excessive leakage from a reactor containment system). However, fault trees can also be used to explain more mundane events, such as why a car might not start or why a restaurant might fail. An example of a fault tree, for causes of death in the United States, is displayed in Figure 1. Fischhoff, Slovic, and Lichtenstein (1978) demonstrated a serious problem with fault trees that are incomplete. Using a fault tree for a car's failure to start, they compared a full tree, consisting of six labeled branches and a seventh catchall branch ("All Other Problems") to a pruned version of the same tree. The pruned tree omitted three of the six labeled branches, leaving three labeled branches and the catch-all category. Subjects estimated the probabilities of each branch, either the seven branches of the full tree or the four branches of a pruned tree. The only legitimate difference between the branch probabilities of the full and pruned trees is that the
[1]
N. Sanders,et al.
Journal of behavioral decision making: "The need for contextual and technical knowledge in judgmental forecasting", 5 (1992) 39-52
,
1992
.
[2]
A. Tversky,et al.
Judgment under Uncertainty: Heuristics and Biases
,
1974,
Science.
[3]
W E Vesely,et al.
Fault Tree Handbook
,
1987
.
[4]
Richard E. Barlow,et al.
Reliability and fault tree analysis : theoretical and applied aspects of system reliability and safety assessment : papers
,
1977
.
[5]
O. Larichev,et al.
Contemporary issues in decision making
,
1990
.