Difficulties in Fault-Tree Synthesis for Process Plant

This paper identifies a number of related difficulties, some of which are still unsolved. Attention is drawn to failings in the type of pressure-flow model commonly used in the literature. Difficulties also exist when published algorithms are applied to control loops. These are illustrated for simple and cascade control applications and discussed in some detail. Eight general conclusions are: 1. The concept of 2-way flow of information in failure models is important in certain situations, e.g., fluid flow. 2. The accuracy of failure models is generally low. This reflects the fact that much of the effort expended in systematic failure analyses has been heavily oriented towards algorithms. 3. Models used in failure analyses do not have to be comprehensive. Only the credible set of events is needed. 4. No always-satisfactory algorithm has been published for fault-tree synthesis where control loops are encountered. 5. The control loop problem is inextricably interlinked with the general difficulty that fault-tree methodology is primarily oriented to binary systems where the time dimension can be ignored. 6. Fault-tree methodology uses simple models to approximate system failures. If these failures are complex then fault trees might not be suitable. The results of analyses involving complex failures must be treated with great care. 7. When fault-tree methodology is not completely suitable one ought to consider using a different technique altogether. The cause-consequence diagram might be appropriate since it can be used to study failure modes where time is important. 8.