Progress Towards the Development of a Model

QUALITY AND RELIABILITY ENGINEERING INTERNATIONAL

Qual. Reliab. Engng. Int.14: 3–14 (1998)

PROGRESS TOWARDS THE DEVELOPMENT OF A MODELFOR PREDICTING HUMAN RELIABILITY

j. e. strutt*, wei-whua loa and k. allsoppCentre for Industrial Safety and Reliability, Cranfield University, Cranfield, Bedford MK43 0AL, UK

SUMMARY

A methodology for predicting the probability of human task reliability during a task sequence isdescribed. The method is based on a probabilistic performance requirement–resource consumptionmodel. This enables error-promoting conditions in accident scenarios to be modelled explicitly and atime-dependent probability of error to be estimated. Particular attention is paid to modelling successarising from underlying human learning processes and the impact of limited resources. The paperdescribes the principles of the method together with an example related to safety and risk of a diverin the wreck scenario. 1998 John Wiley & Sons, Ltd.

key words: human reliability; reliability model

1. INTRODUCTION

The lack of accurate quantitative human reliabilitydata is seen by many as a serious limitation in QRAstudies and a major source of uncertainty in riskassessments. Models for the prediction of humanreliability are an alternative to reliability data andoffer significant advantages, but currently availablemethods are highly empirical and strongly dependenton judgemental factors. This has prompted theauthors to consider alternative methods for pre-dicting human reliability. The approach currentlyunder investigation is to generate a probabilisticmodel for a human task in which failure to achievetask objectives results in loss. In effect this modelsan accident sequence in terms of the underlyingphysical processes and conditions associated withthe task. The probability of task success is a measureof human reliability in the specific context of thetask.

The study of accidents provides an essential inputto the development of realistic human reliabilitymodels. Figure 1 shows a simplified event treewhich outlines the sequence of events that a numberof accidents take. The key stages are (i) an initiatingevent, (ii) loss of safety barriers/defences,(iii) deterioration of conditions/escalation followedby (iv) failure to evacuate or escape.

Initiating Event

Many accidents are triggered either by humanerror or the failure of a piece of equipment. The

This paper was originally presented at the 12th Advances inReliability Technology Symposium (12th ARTS), 16–17 April1996, at the University of Manchester, UK.*Correspondence to: J.E. Strutt, Centre for Industrial Safetyand Reliability, Cranfield University, Cranfield, Bedford MK430AL, UK.

CCC 0748–8017/98/010003–12$17.50 Received 17 April 19971998 John Wiley & Sons, Ltd.

trigger event itself may be quite small, it may bedeliberate or accidental and is often associated withroutine, relatively insignificant activities. The under-lying causes of such events, however, are complex,with a range of interacting human, organizationaland hardware factors.

Loss of Defences

The ability to control an event at an early stagedepends critically on prompt human reactiontogether with the availability and integrity of emerg-ency response equipment and safety control systems.Such systems must be robust and capable of with-standing the ‘loads’ imposed by initiating events, asexperience has shown that the initiating event mayprevent some of the emergency control systemsfrom functioning, resulting in a reduced capabilityto control the incident and a more rapid escalationof events.

Deterioration of conditions

This is the point at which an incident usuallyescalates from a minor to a major accident. In thecase of fires and explosions, for example, the rateof escalation will depend on the scale of the initiat-ing event and on the inventory of materials (e.g.flammability) as well as on the design and construc-tion of the plant and surrounding buildings. Incidentswhich escalate rapidly increase the potential lossesof assets and life, escape routes may becomeblocked or difficult to find and evacuation/escapeof personnel may become more difficult.

Failure to Escape or Evacuate

The greatest impact on potential loss of life ariseswhen evacuation or escape of personnel from a life-

4 j. e. strutt, w.-w. loa and k. allsopp

Figure 1. Event tree for a generic incident

threatening situation is impaired. This usually makesthe difference between accidents with fatalities andthose with no loss of life. Evacuation and escapecan be greatly facilitated by design, e.g. provisionof additional escape routes in buildings, protectionof escape routes, temporary refuge areas, transportsystems to provide rapid evacuation, etc.

The risk of an accident is dependent on thefrequency (F) with which the accident occurs andthe consequences. Where the consequences involvepotential loss of life (Nf ) the risk can be defined as

risk = (frequency of incident)

× (potential loss of life) (1)

Figure 1 is a simplified event tree model of anaccident which includes the key stages describedabove. The four stages can be considered as systemstates with transition probabilitiesPa, Pb, Pc and Pd.The four end points of the tree represent the possibleconsequence categories. Figure 2 is the risk diagramcorresponding to the event tree in Figure 1. Thisdiagram illustrates how the risk changes, from aminor incident to a major accident, as an incidentdevelops. Minor incidents are more likely than majoraccidents, but the risk, when defined as in equation(1), may remain more or less constant but withincreasing risk uncertainty (implied by the size ofthe event boxes in Figure 2) as events become less

Figure 2. Risk diagram corresponding to event tree of Figure 1

1998 John Wiley & Sons, Ltd. Qual. Reliab. Engng. Int.14: 3–14 (1998)

and less frequent. From Figure 1 the risk of a majoraccident (event 4) is given by

risk (event 4)= { FaPb.Pc.Pd}.Nf4 (2)

whereFa is the frequency of the initiating event (a)(e.g. major leakage of flammable or toxicsubstance),Pb is the probability of transition fromcontrol to loss of immediate control (breacheddefence);Pc is the probability of escalation andPd

is the probability of failure to escape.Nf4 is thepotential loss of life associated with end event 4,given the preceding events. Figure 1 and equation(2) illustrate that the risk of an accident is dependenton the effectiveness of human actions (i) to reducethe frequency (Fa) of initiating events and the tran-sition probabilitiesPb, Pc and Pd and (ii) to reducethe potential loss of life (Nf ).

2. HUMAN RELIABILITY ANALYSIS

It is widely recognized that human error plays amajor part in accidents and this has focused attentionon the need for techniques to predict human error forinclusion in probabilistic risk assessments (PRAs).Various approaches to human error prediction1,2

have been developed since the early 1980s, e.g.THERP,3, HEART,4 SLIM,5 ASEP,6 TESEO7 andHCR.8 These models are all semiempirical and relyheavily on the judgmental performance-shaping fac-tors. In the HEART methodology, for example, thefailure rate is estimated using an empiricalexpression of the form

P = P0 HPi

[(EPCi − 1).Api + 1]J (3)

whereP is the probability of human error,P0 is thenominal human unreliability (Table I),EPCi is theith error-promoting condition andApi is a proportionassessment factor for theith EPC. The method4

provides a very useful list of error-promoting con-ditions, with suggested values for eachEPC(Table II).

5predicting human reliability

Table I. HEART baseline error rates (after Williams4)

Generic task P0

(A) Totally unfamiliar, performed at speed 0·55with no real idea of likely consequences

(B) Shift/restore system to new or original 0·26state on a single attempt without super-visor or procedure

(C) Complex task requiring high level of 0·16comprehension and skill

(D) Fairly simple task performed rapidly or 0·09given scant attention

(E) Routine highly practised rapid task 0·02involving relatively low level of skill

(F) Restore or shift system to original or 0·003new state following procedures+ check-ing

(G) Completely familiar, well-designed, 0·0004highly practised, routine task occurringseveral times per hour, performed tothe highest possible standards by highlymotivated, highly trained and experi-enced person, totally aware of impli-cations of failure with time to correctpotential error but without the benefitof significant job aids

(H) Respond correctly to system command 0·000002even when there is an augmented orautomated supervisory system providingaccurate interpretation of system state

(M) Miscellaneous task for which no 0·03description can be found

The HEART technique has found favour withsome for its simplicity and ease of application, butthere are several problems with this and other similarapproaches. Firstly, the error-promoting conditionsare not independent of each other. For example, thetop EPC ‘unfamiliarity’ may be closely connectedwith ‘inexperience’ lower in the list. It does notmake sense to multiply a nominal rate by 17 andby 3, although the method does allow the user to‘weight’ the EPCs with Ap. Secondly, some of theerror-promoting factors are included in the descrip-tion of the nominal failure rate categories. Thirdly,the use of the method is extremely subjective andheavily reliant on the experience of the analyst.Fourthly, as far as the present authors are aware,there is little in the way of experimental evidenceto validate the published values. Qualitatively theerror-promoting conditions are a useful list of factorsto guide safety managers. However, the numericalvalues are context-sensitive and the predictive equ-ation is empirical.

3. TASK REQUIREMENT–RESOURCECONSTRAINT MODEL

The motivation for the present research has been adesire to move away from empirical formulations ofhuman reliability prediction, such as those described


Table II. Error-promoting conditions (after Williams4)

Error-promoting condition EPCvalue

1 Unfamiliarity with novel or infrequent 17situation which is potentially important

2 Shortage of time for error detection or 11correction

3 Noisy/confused signals 104 A means of suppressing or overriding 9

information5 No means of conveying spatial or func- 9

tional information to human operator6 Poor system/human user interface 87 No obvious means of reversing an unin- 8

tended action8 Information overload 69 Technique unlearning/one which 6

requires application of opposing philo-sophy

10 Transfer knowledge from one task to 5another

11 Ambiguity in required performance 5standard

12 Mismatch between perceived and 4actual risk

13 Poor, ambiguous or ill-matched feed- 4back

14 No clear/direct/timely confirmation of 4intended action from system

15 Inexperience (newly qualified but not 3an expert)

16 Poor instructions or procedures 317 Little or no independent checking or 3

testing of output

above, to methods based on prediction of the under-lying physical processes in human tasks. A task orproject is viewed as a human system comprising agoal or objective possibly involving a number ofsubtasks which have intermediate goals. They havea start, duration and end and one or more resourcesto support the task. The nature and amount of workto be carried out, the work rate and the resourcesavailable and their rate of consumption are keyfactors which can be related to performance-shapingfactors or error-promoting conditions. For example,the effects unfamiliarity and time stress can beexplicitly modelled in the work rate parameter andin resource availability and usage parameters. In themodel a distinction is made between the timerequired to complete a task, given the particularconditions, and the actual task duration which maybe limited by time or resource constraints. Thesepoints are explained below and illustrated in Fig-ure 3.

Required Task duration

The nature of the task determines the amount ofwork necessary to complete the task. The requiredtask duration depends both on the total amount ofwork required to achieve the task objective and onthe work rate or the rate of progress towards suc-cessful task completion. For simple routine manual


Figure 3. Task requirement–resource constraint model

tasks with well-defined procedures in which there islittle or no learning required, e.g. a trained mainte-nance engineer removing a pump from service formaintenance, there will be little uncertainty in theamount of work involved in removing the pumpand the variance in work rate will be relativelysmall. At the other extreme a problem-solving taskmay be very complex, poorly defined, with no pro-cedures or prior experience and a significant learningprocess to achieve the task objective. In this casethere is likely to be a great deal of uncertaintyboth on how much work is required to achieve theobjectives and on the rate of progress. An importantissue here is how to measure complexity.9 Theprobability of success in the former is likely to bevery much greater than in the latter case. Thesuccess of problem-solving tasks is dependent onthe learning rate, access to or availability of infor-mation and the intelligence of the person performingthe task. Examples of tasks in this category areresearch projects, emergency management, inspec-tion of structures, fault diagnosis, etc. The workrequirement in problem-solving tasks can be equatedto the level of information required and the workrate to the information-gathering rate.

Time–resource limitations

The actual duration of a task may be limited bya time constraint or the loss or depletion of someessential resource. As illustrated in Figure 3, if thework rate is insufficient, resource constraints leadeither to late completion of the task or to a shortfallin the performance when the available time orresources run out. In practice these two modes offailure may result in very different consequencesdepending on the context and so both situations willneed to be assessed. For example, if a SCUBAdiver, with a limited air supply, enters a wreck tosalvage a valuable asset, the task fails if he searchesuntil his air runs low and returns without the assetor if he continues to search until his air runs out.The consequence of the latter implies the loss ofthe diver’s life, while the former implies an assetloss but no loss of life.


4. STOCHASTIC MODEL DESCRIPTION

A stochastic model has been developed for pre-dicting the probability of successfully completing atask in which the key error-promoting conditions,namely unfamiliarity, time stress andnoisy/confusing signals, can be assessed. The con-cept is illustrated schematically in Figures 4 and 5.Mathematical details of the model are provided inthe Appendix. The model assumes that there is aspecific task to be completed or problem to besolved within some time or resource constraint. Atask (see Figure 4(a)) requires a quantity of workto be carried out to achieve the task objective. It isassumed that the problem/task has a certain levelof complexity which influences the amount of workwhich must be completed and hence the time tocomplete the task. If the task is one of problemsolving, then work rate is equated to informationgeneration rate. The information-gathering rate orwork progress rate is modelled as a combination ofperiods of linear progress rates (variable) over sometime period (stochastic or deterministic) and jumpsin knowledge (e.g. task short-cuts). Changes in pro-gress rate or task complexity are caused by eventswhich influence progress rate, e.g. loss of controlincreases variance in progress rate, deterioration inconditions reduces mean progress rate, as illustratedin Figure 5. These events are modelled stochasti-cally. Both task progress rate and work (knowledge)requirement may possess significant variancedepending on the conditions and situational charac-teristics. Thus the overall quantity of work to becarried out and the amount of work completed bya particular time are both distributed variables. Asthe task progresses in time, the two distributionsinteract and from this the probability of successfultask completion increases with time as shown inFigure 4(c).

Task completion will be limited by the resourcesavailable to support the task. The resource consump-tion model is illustrated in Figure 4(b). The totalresource available can be treated as a statisticalvariable as can the resource consumption rate, suchthat at any given time as the task progresses there


Figure 4. Graphical representation of task requirement–resource constraint model

Figure 5. Diving accident event sequence

will be a distribution of both the amount of resourceconsumed and the total resource available. The inter-action of these two distributions can be used togenerate a resource availability curve, i.e. the prob-ability that the available resource will not be con-sumed by timet. This decreases with time as shownin Figure 4(c).

The overall probability of success is a joint prob-ability distribution calculated as the product of theprobability of successfully completing the task(Ps(W,t)) and the probability of not consuming the


resources (Ps(R,t) = 1 − Pf(R,t) within the task timeperiod. W is the work (or information generation)rate,R is the resource consumption rate andt is thetime. The probability of successful task completionat any given time can then be calculated (seeAppendix) using

R(t) = EEf(R,W;t) · FW · (1 − FR) · dW ·dR (4)

This joint probability is a time-dependent cumulative


Figure 6. Diver escape route network

distribution function which exhibits a maximum asillustrated in Figure 4(c). The leading edge of theprobability curve is dominated by the task com-pletion rate or learning rate, while the trailing edgeis dominated by the resource availability.

5. MODEL APPLICATION AND RESULTS

A relatively simple application has been developedto test model capability. The particular scenarioselected for consideration is part of the overall taskof a diver involved in salvaging an asset from ashipwreck using only a swim line and SCUBA gear.The task set is to safely exit from the wreck. Todo this, the diver must find his way through thewreck to the exit and open water and from there tothe surface. The accident sequence is initiated bythe loss of the swim line in the wreck; the divermust then find a way out. The network diagramcorresponding to the possible escape paths is shownin Figure 6. From the location of the asset, at pointA, there are two principle routes, one of which isshorter than the other. The diver can take a routevia node X or node Y to reach the exit point at B.There is a connecting path between X and Y whichintroduces the possibility of one or more wrongturnings. There are therefore a number of possibleexit routes of different lengths that the diver maytake. The key parameters of the model are listedin Table III and the relationship between modelparameters, physical parameters and their depen-dences are listed in Table IV. A SCUBA cylinderwater capacity of 12 l and an initial mean pressureof 207 bar were fixed for all runs.

Effect of Route selection(Task complexity)

Figure 7 shows the effect of taking differentroutes to exit from a wreck at 30 m depth. The pathprobabilities are based on the random selection of

Table III. Model parameter listing

Model parameter Symbol

Linear work/learning rate a(h,b)Jump in knowledge/short-cut b(h,b)Time between work rate changes Dt(h,b)Task requirement/complexity W(h,b)Initial resource capacity X(C,dc)Resource consumption rate R(h,b)


direction at each node. These were used only togive an overall mean value for the probability ofsuccess and are not used in the underlying pro-gramme. As expected, the model predicts a signifi-cant difference between the shortest route and thelongest route given the particular conditions of thedive. For the short route the probability of successreaches a maximum of about 0·95 after approxi-mately 13 min, compared with a maximum of 0·05after 18 min for the longest route taken.

Effect of diving depth(Figure 8)

For wrecks in shallow water, e.g. 10 m, diverswho take the short route are almost certain to makea successful exit from the wreck under the con-ditions specified. For deep wrecks the depth-adjustedvolume of air available decreases significantly, from1241 l of air which would be available at 10 m to414 l at 50 m depth. The probability of a successfulexit decreases to a maximum of about 0·65 after10 min; thereafter it decreases, reaching very lowvalues by 15 min. Speed of exit becomes more andmore important as the depth increases.

Effect of Breathing rate(Figure 9)

For low levels of physical exertion it is wellknown that inexperienced divers breathe at a fasterrate than expert divers. This is most likely causedby psychological rather than physiological factors.This has the effect of reducing the dive time but,for the range of breathing rates tested, has only amarginal effect on reducing the probability of asuccessful exit. Results indicate that at a breathingrate of 30 l min−1, the probability of a successfulexit is beginning to fall after 15 min. For somenovice divers the breathing rate may be even higherthan 30 l min−1, which would have the effect ofreducing the probability of success further and toshorter times.

Effect of swim rate(Figure 10)

For a free-swimming diver at higher levels ofphysical exertion there is a direct correlationbetween swim rate and breathing rate. As a diverswims faster, the breathing rate increases owing tophysical stress. This has been allowed for in themodel (see Appendix) and typical results are shownin Figure 10. Swimming faster and consuming theair faster decreases the time of task completion.Swimming slower and consuming less air results ina later exit from the wreck, but there is little changein the probability of a successful exit. In the presentmodel, psychological factors which affect the breath-ing rate have been ignored.

Expert versus Novice(Figure 11)

The difference in the probability of a successfulexit between an experienced well-trained diver and


Table IV. Meaning and dependence of model parameters

Model parameter Physical meaning Dependence

Task requirement (W) Swim distance (m) Complexity of escape route networkTask progress rate (a,b,Dt) Diver’s swim speed (m s−1) Fitness

Level of experience and trainingAvailability of swim lineUnderwater visibility

Initial resource available (X) Diver’s air volume (l) Cylinder capacityInitial pressure

Resource consumption rate (R) Breathing rate (l min−1) Level of experience and trainingStressWater depth

Figure 7. Effect of escape route distance on task reliability

an inexperienced diver is modelled in Figure 11.For several reasons the expert is likely to breatheat a slower rate, is unlikely to lose his swim line,will look for the swim line rather than try and exitunaided in the event of losing the swim line andso will be much more likely to take the short routeback. The novice has been modelled as having afaster breathing rate and as losing his swim line sothat a longer route might be taken. If by chance theshort route is taken, the novice and expert haveabout the same probability of success, but the novicehas less margin for error since his probability ofsuccess curve falls more quickly after 15 min. If thenovice takes a longer route, then the likelihood ofa successful exit is reduced. Averaging over thevarious possible paths, the novice has at best an80% chance of a successful exit after 20 min. After


30 min the chances of a successful exit are almostzero for the novice but still about 50:50 for theexpert. After 40 mins neither has much chance ofsurvival.

6. DISCUSSION AND IMPLICATIONS

The model has been used to assess the risk of aparticular class of diving accident. When used inthis way, it is an alternative method of predicting theend event probabilities of an event tree. However, itis more powerful and more accurate, since the taskand accident contexts are explicitly modelled andmore realistic.

A simple event tree description of the divingaccident sequence, similar to Figure 2, includesthe following critical stages: (1) the initiating event


Figure 8. Effect of water depth on task reliability

Figure 9. Effect of breathing rate on task reliability



Figure 10. Effect of swim rate on task reliability

(enter wreck); (2) breach defence, i.e. lose swimline in wreck; (3) deterioration in conditions, i.e.diver’s fins stir up silt which drastically reducesvisibility and hence swim rate; (4) failure to escape,i.e. diver’s air is consumed before finding the exit.Expert opinion could be elicited to estimate theprobabilities of occurrence listed in Table V. Theresults of the event tree analysis are listed in TableVI. The simple event tree results predict that theexperienced diver has a much higher probability ofa successful exit (Ps = 0·91) than the inexperienceddiver (Ps = 0·1) and this conforms reasonably wellwith the model predictions shown in Figure 11 ifthe worst-case scenarios for the divers are taken.However, the event tree tended to overestimate therisks to the divers, particularly the risks to theinexperienced diver. One of the significant differ-ences between the event tree description and theprediction model is that the event tree gives no

Table V. Event tree data

Event P (yes) P (no) Comment

Initiating event 1 0 Assume diver has entered wreckLose swim line 0·9 0·1 Inexperienced diver

0·01 0·99 Experienced diverDegraded conditions 0·9 0·1 Inexperienced diver: assume fine silt conditions

0·3 0·7 Experienced diver: assume fine silt conditionsFail to escape 0·9 0·1 Inexperienced diver: given low visibility, no swim line

0·7 0·3 Experienced diver: given low visibility, no swim line0·01 0·99 Experienced diver: given good visibility and swim line


indication of the time dependence which is evidentin the physical model. Time dependence in humanreliability is important and likely to be present inmany task-oriented problems where stress is gener-ated by time and resource constraints.

The model, although tested for a specific divingapplication, is being developed as a generic modeland further tests and developments are in progressto deal with more demanding scenarios. One parti-cularly important and complex task, where taskperformance–resource constraint considerations areimportant, is in the management of major emer-gencies on offshore, nuclear and other installations.For example, if an offshore installation is engulfedin an escalating fire, the task is to bring the fireunder control. An important resource constraint inthis case is the availability of a temporary refugeto protect the workforce and provide an informationcontrol centre for managing the emergency. The task


Table VI. Event tree data and predictions

Yes No← →

Initiating event 1Lose swim line 0·01 0·99 ExpertDegraded conditions 0·3 0·7 0·1 0·9 Ps = 0·91Fail to escape 0·7 0·3 0·7 0·3 0·7 0·3 0·01 0·99 Pf = 0·09Probability 0·002 9E-04 0·005 0·002 0·069 0·03 0·01 0·88

Yes No← →

Initiating event 1Lose swim line 0·9 0·1 NoviceDegraded conditions 0·9 0·1 0·1 0·9 Ps = 0·10Fail to escape 0·9 0·1 0·9 0·1 0·9 0·1 0·9 0·1 Pf = 0·90Probability 0·729 0·081 0·081 0·009 0·009 0·001 0·08 0·01

Figure 11. Effect of diver’s experience on task reliability

of bringing the fire under control is essentially alearning process and correct decisions are criticallydependent on the information available to the man-agement. Time is a key controlling factor in suchaccidents. The rate at which an incident develops(e.g. rate of smoke ingress into the TR) can havea major influence on the ability of the emergencyresponse team to control the incident and prevent amajor disaster. An incident which develops slowlyprovides a greater amount of time for planningand implementation of mitigation measures than onewhich is rapidly evolving and for which there is alimited time to bring it under control. In this situ-ation it is necessary to model a time-varying taskload of varying complexity. The ability to control


an incident is related to the difference betweenthe time available to control an incident (inverselyproportional to rate of evolution and escalation ofthe event) and the time required for control of theincident, which depends on the complexity, the flowof information and information noise. In principlethe model is applicable to this type of problem andif successful would provide a practical method ofpredicting the reliability of the emergency manage-ment process.

7. CONCLUSIONS

1. A task requirement–resource constraint methodfor modelling the reliability of human tasks


has been developed and its capability testedfor a typical diving incident. In this simplecase, for which a number of simplifyingassumptions were made, the incident modelsuccessfully predicted the incident sequence,providing results which were consistent withexperience.

2. The key benefit obtained from a model of thiskind, compared with conventional techniquessuch as event trees or fault trees, is the abilityto assess the impact of performance-shapingfactors, situational characteristics, accidentscenarios and error-promoting factors such asunfamiliarity, stress, noisy signals, etc. moredirectly and within the correct context.

3. A number of issues will be addressed in thenext phase of the research, e.g. how to quantifytask complexity for problem-solving tasks, howto model the effects of psychological stressand the use of Bayesian updating methods asan integral part of the learning rate.

APPENDIX

Task progress rate

The task progress rate is represented by theamount of work completed by timetn, where tn ismodelled as a time seriestn = n·Dtn in which it isassumed that there is no correlation between timetn+1 and time tn. The work completed at timet isgiven by

W(t) = Oni=1

(ai·Dt + bi ) + an+1·(t−tn) (5)

where

tn = Oni=1

Dti

tn $ t $ tn+1

The assumption is that work progresses by a seriesof random jumpsbi at random intervalDt withrandom rate of learningai in between. Where thetask is problem solving, work progress is understoodto mean knowledge accumulation, i.e. a learningprocess, anda, b and Dt model the learning rate;b0 is the task start point or the initial level ofknowledge learned from past experience. For eachtime interval (i ) the values ofa, b and Dt arechosen from Weibull distributions at random withscale parameterh and shape parameterb. Thesethree values are given by

Dt = h1 · (−lnR1)1/b1

a = h2 · (−lnR2)1/b2


b = h3(−lnR3)1/b3

whereRi is a random number between zero and one.

Resource consumption process

The resources used in task performance accumu-late in time with the same time steps as those fortask progress. The resource consumption rate is alsomade dependent onh2 and b2. This provides, whereappropriate, a connection between the consumptionrate of resources given by

r(t) = Oni=1

(Cri · Dti ) + Crn+1 · (t−tn) (6)

where

Cri = Cb · (1 + 2 · R4 · dc ·h2/ai ) (7)

The parameterCb is considered as the steady (basic)rate of resource usage.Cri is the actual resourceconsumption rate in a particular time interval (i ).The parameterdc is a fractional rate increase scalefactor for extra resource usage. This fractionalincrease in the rate of resource usage is dependenton the work progress rate through the parametera.This dependence is assumed to be inversely pro-portional to a, hence the factorh2/a. The strictproportionality is moderated through a further ran-dom factorR4. R1–R4 are successive random num-bers equally likely between zero and one. A MonteCarlo simulation method is applied.

Prediction of Human Reliability

The total amount of work (the work requirement)to complete a task or the information needed tosolve a problem is modelled as a Weibull distri-bution with scale factorhW and shape factorbW.The cumulative distribution of work completed (oruseful information gathered) will be

FW = 1 − exp[(W/hW)bW] (8)

The probability of success is represented by

Ps (W,t) = EfL

(t) · FW · dt (9)

where fL(t) is the PDF of the work completed(amount learned) betweent and t + dt.

The resources available to complete the task arealso given by a Weibull distribution with scalefactor hR and shape factorbR. The cumulative distri-bution of resources consumed will be

FR = 1 − exp[(R/hR)bR] (10)


The probability of failure due to resource restrictionis then represented by

Pf(R,t) = Efc

(t) · FR · dt (11)

where fc(t) is the PDF of the resources consumedbetweent and t + dt. In this case the probability ofsuccess is represented as

Ps(R,t) = 1 − Pf(R,t) (12)

At a given timeT there exists a bivariate distri-bution f (W,R;t). The human reliability in completingthe task is regarded as the product of the probabilityof success in problem solving and the expression isgiven by

R(t) = EEf(R,W;t) · FW · (1 − FR) · dW ·dR

(13)

REFERENCES

1. W.-W. Loa and J. E. Strutt, ‘Development of humanreliability prediction methods: Part I. A survey of humanreliability assessment techniques’,Proc. 1st Symp. of ChineseInstitute of Engineers in UK, p. 20, Cambridge, April 1995.

2. Human Reliability Assessment Group,Human ReliabilityAssessors Guide, Warrington, AEA Technology, 1988.

3. A. D. Swain and H. E. Guttmann, ‘Handbook of humanreliability analysis with emphasis on nuclear plant appli-cations: technique for human error rate prediction (THERP)’,NUREG/CR-1278, US NRC, 1983.

4. J. C. Williams, ‘HEART—A proposed method for assessingand reducing human error’,Proc. 9th Advances in ReliabilityTechnology Symposium, Univ. of Bradford, April 1986,paper B3/R.

5. D. E. Embrey, P. C. Humphreys, E. A. Rosa, B. Kirwan,and K. Rea. “SLIM-MAUD: An approach to assessing humanerror probabilities using structured Expert judgement”.NUREG/CR-3518, (BNL-NUREG-51716) Dept. of Nuclear


Energy, Brookhaven National Laboratory, Upton, New York11973, 1984.

6. A. D. Swain, ‘Accident sequence evaluation procedure(ASEP)’, NUREG/CR-4277, US NRC, 1987.

7. G. C. Bello and V. Colombari, ‘The human factors in riskanalysis of process plants: the control room operator model(TESEO)’, Reliab. Engng. 1, 3–14 (1980).

8. G. W. Hannaman, ‘Human cognitive reliability model forPRA analysis’,NUS-4531, NUS Corp., 1984.

9. R. L. Flood and E. R. CarsonDealing with Complexity: AnIntroduction to the Theory and Application of SystemsScience, Plenum, New York, 1990.

Authors’ biographies:

John Strutt is a Senior Lecturer and Head of IndustrialSafety, Reliability and Risk Management in the School ofIndustrial and Manufacturing Science at Cranfield Univer-sity. He has 20 years’ experience in research and educationat postgraduate level, largely related to reliability engineer-ing and materials performance. His responsibilities includeteaching of reliability engineering and risk management toengineers and managers across the University and researchinto the development of quantitative risk analysis tools forapplication to engineering and human systems. Currentresearch includes the development of quantitative modelsfor the prediction of risk and reliability of a range ofmechanical systems, including helicopter transmission sys-tems, submarine pipelines, electrical/hydraulic actuationsystems and smoke and gas ingress into temporary refugeson offshore installations, as well as methods for predictinghuman reliability. He is an active member of the HazardsForum and Vice-Chairman of the Mechanical ReliabilityCommittee of the IMechE, in which capacity he is leadingan IMechE initiative for the development of a nationalstrategy in reliability engineering and risk management.

W. W. (Paul) Loa is an engineer with a Masters degreein Systems Engineering from the California State Univer-sity. Since 1994 he has been researching into the develop-ment of human reliability predictions models at CranfieldUniversity as part of a PhD programme. He is currentlyemployed with the Institute of Nuclear Energy Researchin Taiwan where he leads the research into human factors.

Keith Allsopp is a Senior Research Officer at CranfieldUniversity with a degree in Mathematical Physics fromBirmingham University. He has forty years experience inmathematical modelling of human, ecological and engin-eering processess.

Progress Towards the Development of a Model

Documents

Transcript of Progress Towards the Development of a Model