Risk-based reliability assessment under epistemic uncertainty

Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

Contents lists available at SciVerse ScienceDirect

Journal of Loss Prevention in the Process Industries journal homepage: www.elsevier.com/locate/jlp

Risk-based reliability assessment under epistemic uncertainty M. Khalaj a, *, A. Makui b, R. Tavakkoli-Moghaddam c a

Department of Industrial Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran Department of Industrial Engineering, Iran University of Science and Technology, Tehran, Iran c Department of Industrial Engineering, College of Engineering, University of Tehran, Tehran, Iran b

a r t i c l e i n f o

a b s t r a c t

Article history: Received 13 November 2010 Received in revised form 15 September 2011 Accepted 31 December 2011

Existing risk in production systems has a direct relationship with unreliability of these systems. Under such circumstances, the approach to maximize the reliability should be replaced with a risk-based reliability assessment approach. Calculating the absolute reliability for systems and complex processes, when we are not provided with any data on failure, is extremely complex and difficult. Until now, studies of reliability assessment have been based on the probability theory, in which the failure time is anticipated after determining the type of size distributions. However, in this paper, the researchers have developed an approach to apply the possibility theory instead of the probability theory. Instead of using absolutely qualitative methods, this new approach applies the Dempstere Shafer Theory. It is obvious when there are insufficient data; an index is needed to make a decision. Then, a novel method is proposed and used in a real case study in order to determine the reliability of production systems based on risk when the available data are not sufficient, helping us to make decisions. After calculating the failure probability and analyzing the assessment matrix and risk criteria, we may conclude that the failure risk of equipment is reduced while the system reliability is increased. Ó 2012 Elsevier Ltd. All rights reserved.

Keywords: Risk Reliability DempstereShafer theory Possibility theory Epistemic uncertainty

1. Introduction Gathering data for reliability is mostly done under uncertain conditions that may be simplified. This type of uncertainty, which is known as epistemic uncertainty, occurs as a result of lack of knowledge. In contrast, there is random uncertainty that is typically known as aleatory (or irreducible) uncertainty. The aleatory uncertainty is the result of inherent variability in physical phenomena. Epistemic uncertainty is called reducible because it can be reduced or eliminated if one gathers the required data. To compute reliability, there is no need to have the previous data pertaining to the system performance. In case of insufficient available data, we are under uncertainty conditions. This is why determining the probability of proper performance of the system in a fixed period is not possible by classical methods. The subject of this study is epistemic uncertainty and calculation of hidden risk in determining reliability in maintenance of systems. There is no consensus on which model is the best in dealing with epistemic uncertainty. In this paper, an integrated approach has

* Corresponding author. Tel.: þ98 2144073481; fax: þ98 2166283149. E-mail address: [email protected] (M. Khalaj). 0950-4230/$ e see front matter Ó 2012 Elsevier Ltd. All rights reserved. doi:10.1016/j.jlp.2011.12.014

been chosen to determine risk-based reliability in uncertain conditions. It has been tried to determine epistemic uncertainty using intervals bounding variables. Some applications of interval variables; for instance, as upper and lower coherent methods of prediction, have been included in references (Kyburg, 1998 and Walley, 1991). In general, several methods are used to predict the future, notably the possibility theory (Dubois & Prade, 1998), the evidence theory (Dempster, 1967), the transferable belief model (Smets, 2000) and the Bayesian theory (Berger, 1985; Winkler, 1972). However, the method used in this paper is the DempstereShafer Theory (Dempster, 1967) that is normally used for decision making under uncertainty conditions and when the rarely-found data related to our subject of decision are used. The application of this method helps us to use the maximum data available and calculate the maximum risk in prediction of the reliability of the systems under epistemic uncertainty conditions. This means that instead of seeking a precise number we determine the range. For instance, to determine the probability of the system failure, we come to a range rather than a certain number. Hence, this study aims to calculate risk-based reliability under uncertainty conditions. It employs the DemsptereShafer Theory to describe the relation between reliability and system failure risk, and finally to

572

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

find the minimum and maximum required reliability for a production system, while coming to a certain decision using the minimum available data. Uncertainty Quantification (UQ) in an engineering system is related to risk and reliability, and thus it is related to the prediction of failure probability. In this case, there is an interaction between risk and reliability where increasing or decreasing each of them affects one another. In order to understand the relationships between these two factors, Eqs. (1)e(4) are presented. The DempstereShafer Theory provides a useful tool for partial and incomplete information situation. We use this theory to provide a bound [Bel, Pl] for an uncertainty quantification problem, which has consistency with the given incomplete information. There are some main questions in any factory, such as how can risk-based methods be used to optimal planning of the future? And what is the best model to estimate and forecast future? Especially, a theoretical framework, models and algorithms based on the probability theory are not capable to calculate the risk, because there is a lack of data in a real situation. Reliability analyses should necessarily be a risk base linked with the losses from failures, in which decision on allocation reliability or reallocation in uncertainty condition on a basis of unknown data is a new challenge. When failure time is unknown, loss of production will occur. Most factories can use risk-based methods to the optimal planning of reliability. We can measure other indices about the risk in a factory by risk-based reliability; for instance, all approaches such as reliability-centered maintenance (Knezevic, 1997 and Moubray, 1991), risk-based inspection (Chang, Chang, Shu, & Lin, 2005), risk-based maintenance (Khan & Haddara, 2003), risk-based decision making (Carazas & Souza, 2010), are related to the average rate of failures, which in turn is related to reliability. Understanding and quantifying various sources of uncertainty are essential to develop the probabilistic models of behavior needed for risk-based assessment and interpret the limit state. The effect of the uncertainty in the parameters of the models on the risk interval has also been investigated. This paper is organized as follows: Section 2 suggests the concept of reliability assessment and risk-based reliability formula. In Section 3, the DempstereShafer Theory and the principles of this theory are given. Furthermore, the related formulas and computational methods have been provided. Section 4 presents the researchers’ novel proposed reliability assessment with applying a real case study, and the computational results are provided. Finally, Section 5 includes the conclusions. 2. Reliability-based risk assessment A considerable number of papers and books (Elegbede, Chu, Adjallah, & Yalaoui, 2003; Kuo & Prasad, 2000; Tillman, Hwang, & Kuo, 1985; Wattanapongsakorn & Levitan, 2004; Xu, Kuo, & Lin, 1990) have been written on reliability optimization involving the costs since 1977. The lack of data for probabilistic assessments is occasionally used for discrediting and doubting the validity of such analyses (Hauptmanns, 2008). The existing reliability optimization models try to find the system reliability with minimum costs. However, these models are not necessarily based on risk-based reliability allocation as they do not incorporate the losses resulted from the system failure. Thinking that we can decrease the losses from failures by maximizing reliability is not true. Maximizing the system reliability does not necessarily guarantee decreasing the losses from failure. This does not comply with our general understanding and knowledge of the concept of reliability, showing that the analysis of risk-based

reliability requires new models and algorithms involving riskrelated losses. In other words, the failure time and the losses resulted from malfunctions are simultaneously important. The failure time in a production system can be determined through the design life of system components and calculating the reliability of that system. The losses from malfunction can be calculated through assessing the results. The main limitations in determining the total reliability of the system are determination of interactions between various components and calculation of the total reliability of the system, which are not properly identified. The minimum optimum reliability of the system can be found through creating a balance between the costs of system failure and that of finding reliability (Hecht, 2004). For this purpose, various subsystems are compared with each other and one will finally be chosen. According to the classical probability theory, we use distribution functions for determining the failure point. Meanwhile, the distribution function of failure cannot be identified if there are no data available. Therefore, the possibility theory is proposed instead of the classical probability theory. Some studies have been carried out on the application of possibility theory for reliability optimization. For instance, we can refer to fuzzy techniques (Ravi, Reddy, & Zimmermann, 2000), yet no attention has been paid to minimizing the losses from system failure (Kuo & Prasad, 2000). At the present time, there is no theoretical model available for analyzing risk-based reliability under uncertainty conditions, and this is the primary reason which prompted writing this paper. The probability theory is not always a proper means of reliability assessment. For instance, consider the Weibull distribution e a statistical distribution that is widely used in determining the time of failure. Although the Weibull distribution has many advantages, many researchers have considered its suitability for failure models under questions. According to Danzer, Supancic, Pascual, and Lube (2007), the Weibull distribution is not a suitable model, as we cannot be sure that the failure distribution is Weibull’s in the case of small data. Since when available data are small and inadequate, it is extremely hard to choose a model and make decisions about the type of distribution. In other words, we cannot find out whether data conform to the Weibull’s distribution or not. Moreover, the Weibull’s distribution has flexibility and its parameters that may vary in each distribution are constructed based on the samples. Todinov (2003) has developed a number of models based on the potential losses from multimodal failures and proposed a model to determine the optimum hazard rate of the system at which the minimum of total cost is attained. In addition, he proposed some models and algorithms for losses from failure of irreparable and reparable systems whose components are logically arranged in series and for the systems with complex topology (Todinov, 2004). Henley and Kumamoto (1981) have also introduced a model for determining the risk of failure. It is worth noting that the purpose of the risk analysis is to provide support in making correct managerial decisions. By evaluating the risk associated with a set of decision alternatives, the risk analysis helps us to identify the alternative that maximizes the expected utility for the stakeholders by complying with a set of specified constraints and criteria. For the risk analysis, it should be measured by an index called risk exposure. Boehm (1991) first used this term. Risk exposure refers to the issue that how a risk becomes apparent. Although, other names (e.g., risk score (Garvey, 2001; PMI, 2004), risk value (Labuschagne, 2003), risk level, risk rate, risk status, risk priority and risk rank have also pointed to the risk exposure. In addition,

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

573

Kerzner (2003) knew the risk level or risk exposure of two characteristics of the probability and results. According to a classical definition (Henley & Kumamoto, 1981; Vose, 2003), the risk of failure K is defined by:

the time to failure T will not be greater than a specified time t. The time to failure distribution F(t) is a fundamental characteristic of components and systems. It is linked with the cumulative distribution function of the time to failure F(t) by:

K ¼ Pf  C

RðtÞ ¼ 1  FðtÞ

(1)

Where Pf is the probability of failure and C is the cost given failure. For example, for an operator of production equipment, the cost given failure C may include several components, such as cost of lost production, cost of cleaning up polluted environment, medical costs, insurance costs, legal costs, costs of mobilization of emergency resources, cost of loss of business due to loss of reputation and low customer confidence. The cost of failure to the manufacturer of production equipment may include the warranty payment if the equipment fails before the agreed warranty time, loss of sales, penalty payments, compensation and legal costs. Most of the losses from engineering failures can be classified in several major categories. Let us present the risk equation as the classical definition of risk is shown in Eq. (1). According to the classical definition of risk Ri (i.e., risk of failure), the risk is attained through multiplication of P (i.e., probability of failure) by C (i.e., consequence of failure), which it can be shown by:

Ri ¼ P  C

(2)

To analyze the relation between the reliability and the risk of a system, consider that in a given level of results, if we assume Rmax i as the maximum tolerable risk of failure, Pf max as the maximum tolerable probability of failure, and C as the value of average costs (consequences) of failure, then Eq. (2) can be shown as below:

pmax ¼ f

Rmax i C

(3)

To have a risk less than the maximum risk, Rmax , the probability of i failure, Pf, should be less than the maximum limit Pf max as shown below:

pf  pmax pf 

Rmax i C

(4)

Eqs. (2)e(4) obtained from Eq. (1) show the maximum acceptable risk of failure. In the above equation, the probability of failure should be less than the maximum acceptable limit. If we intend to design and create reliability in production systems, we should take into consideration that components whose failures are associated with large losses should be more reliable by a risk-based reliability approach. The system reliability is defined as the probability of the proper performance of that system. Therefore, it is a complement to the probability of failure. The reliability theory is the foundation of reliability engineering. For engineering purposes, reliability is defined as “the probability of a system to perform a specific function in a given period of time under the stated conditions”. Mathematically, this may be expressed by:

RðtÞ ¼ PðT>tÞ

(5)

The probability P(T > t), which is the time to failure T, is greater than a specified time t. It can also be determined by:

PðT>tÞ ¼ 1  PðT  tÞ

(6)

Reliability is always one at the start of life (i.e., R(0) ¼ 1 and R(N) ¼ 0). If T is the time to failure, let F(t) be the probability P(T  t) that

(7)

Because of Eqs. (1)e(7), it is observed that failure in defining risk interacts with reliability, if we assume Remin as the minimum of reliability, Pf max as the maximum tolerable probability of failure, as the maximum risk, then the interaction between reliability Rmax i and risk can be shown as:

Rmin ¼ 1  Pfmax e Rmin ¼ 1 e

Rmax i c

(8)

The above equation puts the failure probability at the minimum level in order to keep the risk at an acceptable level. In case of unavailability of data, finding the failure probability and the probability of proper performance of a system is not simply feasible. Therefore, the application of the probability theory is not possible. It should be taken into consideration that the strategies of reliability allocation, such as Arinc and Agree (Ebeling, 1997) are also not capable of taking losses from failure into account. Application of the DempstereShafer theory, which is a possibility theory, is thoroughly explained in this paper to calculate the risk under such conditions.

3. An overview of the DempstereShafer theory During the past decades, much attention has been paid to various methods of decision making under uncertain conditions. Among these proposed methods, the belief theory, also known as the DempstereShafer Theory, is a capable framework for showing and representing uncertainty of our incomplete knowledge. The application of the belief theory started by the Dempster’s work in explaining the principles of calculating upper and lower probabilities (Dempster, 1967) and then its mathematical theory developed by Shafer (1976). Although in the recent decades, the Bayes’s statistical theory has somehow covered the DempstereShafers theory due to its life span, DempstereShafer studies have had a wide range of application as a technique of modeling under uncertain conditions. Various studies have been introduced for management of uncertainty. Buchanan and Shortliffe (1975) introduced a model which manages uncertainty and has certain factors. When we have limited knowledge, it is more suitable to use uncertain methods. Fedrizzi and Kacprzyk (1980) carried out a number of studies on fuzzy prioritizing and using interval value for showing the opinions and judgment of experts through accumulated distributions. Every method that we make use of for management of uncertainty has its own advantages and disadvantages (Lee, Grize, & Dehnald, 1987) For instance, Caselton and Luo (1992), Walley (1987) have discussed problems resulted from the Bayes ’s popular analysis, which are caused by the lack of information. Klir (1989) carried out a critical analysis of uncertainty for gaining knowledge. Among the above-mentioned methods, the DempstereShafer Theory (Dempster 1967) has been widely used when the data have been gathered from several resources. In this study, the researchers have also used the DempstereShafer Theory to calculate the failure risk of equipment in a production organization. What happens to production systems in a real situation is

574

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

not predictable. We are always confronted with risk, especially when we have the limited available data. Although, various studies have been done for using the DempstereShafer Theory in identifying systems, calculating and decision making, we are still confronted with problems in the practical use of this theory for assessment of the existing risk of the system and making executive decisions in real production systems. This is the reason why this paper is written. This study aims to propose an integrated method for better identification of risk assessment of equipment and making it practicable. The executive samples have also been provided by calculation of the risk of the facilities in a production organization. Yager (1987) stated that if we cannot obtain the exact probability and earn it, we can estimate the rang of the probability as shown below:

BelðAÞ  PðAÞ  PLðAÞ

belðAÞ ¼

mðBÞ

B4A

(11)

belðfÞ ¼ 0 belð1Þ ¼ 1

3.3. Plausibility function The upper bound is plausibility, which is the summation of basic probability assignments of subsets of B, for which A (i.e., BX(A) s f) is true, and can be written by:

X

plðAÞ ¼

mðBÞ

(12)

BXAsf

The plausibility function is related to the belief function through the doubt function is defined by:

(9)

PlðAÞ ¼ 1  belð:AÞ PlðAÞ ¼ 1  doubtð:AÞ

This equation is a core of this study. By this view, we calculate the risk and reliability of a production system under uncertainty conditions.

PlðAÞ  blðAÞ PlðfÞ ¼ 0 PlðqÞ ¼ 1 Plð:AÞ ¼ 1  belðAÞ

The basic probability assignment (bpa or m) is different from the classical definition of probability. It is defined by mapping over the interval [0e1], in which the basic assignment of the null set m(f) is zero, and the summation of basic assignments in a given set A is ‘1’. The basic probability assignment is called a focal point for each element for which m(A) s 0 is true. This can be represented by:

(14)

3.4. Belief interval The belief interval represents a range where the probability may lie. It is determined by reducing the interval between plausibility and belief. The narrow uncertainty band represents more precise probabilities. The probability is uniquely determined if bel(A) ¼ pl(A) and for the classical probability theory, all probabilities are unique. If U(A) has an interval [0, 1], it means that no information is available; but, if the interval is [1, 1], then it means that A has been completely confirmed by m(A).

(10)

3.2. Belief function The lower and upper bounds of an interval can be determined through a basic probability assignment, which includes the probability of the set bounded by two non-additive measures, namely belief and plausibility. The lower limit of belief for a given set A is defined as the summation of all basic probability assignments of the proper subsets B, in which B is a subset of A. The general relation between BPA and belief can be represented by:

4. Real case study In a production system affiliated with an automotive industry, various machines are working. This company owns an exclusive 5000-ton hydraulic press and there is no alternative for this machine to the extent within the planned strategy of the company. This machine is considered as a competitive superiority and its

Feeder Out

PRESS 5000 Ejector Cushion Pumps

Computer PLC

Crane 1

Handeling

(13)

Moreover, the following relationship is true for the belief function and the plausibility function under all circumstances.

3.1. Basic probability assignment

mðAÞ/½0; 1 mðfÞ ¼ 0 P A4Q mðAÞ ¼ 1

P

Crane 2

Crane 3

Handeling

Q.C place

Feeder In Fig. 1. Schematic of the factory.

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

575

Press Stoped

Press Failure

Crane Failure

Feeder Failure

Handling Failure

Computer

Feeder Out

Crane 1

Crane 2

Feeder In

Crane 3 Motor

PLC Control

Cushion Pump

Ejector

Drive of Motor

Pump 1

Pump 3

Pump 2

Pump 4

Fig. 2. Fault tree for the press machine.

malfunction as a point of weakness, because any kind of failure or stoppage in working of this machine will affect the key results of the company’s performance. Fig. 1 depicts a schematic of the factory. As this machine is necessary, all constituent parts of this machine are also considered; because, on one hand, it is not possible to purchase all spare parts; and on the other hand, it is not possible to create extra and passive systems due to the complex structure of the machine. The system reliability is regarded as a central issue by the management of company to the degree that any kind of stoppage or interruption will incur certain losses on the company’s revenue and reputation. Other limitations are the stock value of the warehouse that should be kept in a proper extent. Purchase and provision of expensive spare parts will reduce the risk; but this would increase the costs and it is possible that some parts would remain unused for years. The manager aims at assessing the likelihood of failures in the whole press machine. Since s/he is unable to replace the press machine, s/he intends to identify the reliability and risk of the whole press machine by

determining the risk of breakdown of its key parts, and to make decisions for those parts. The fault tree analysis (FTA) is a useful tool in the probabilistic failure analysis. The use of this analysis, along with components’ failure data and human reliability data, is able to determine the frequency of occurrence of an accident. Developing probabilistic fault trees will be easier by using a methodology, called analytical simulation, (Khan & Abbasi, 2000). To begin our analysis, a part of the critical fault tree of the machine has been drawn in Fig. 2. To determine where reliability and risks are considered, it is necessary to identify all the factors contributing to critical issues and failures in a product or system. By using a graphical representation of the critical issue and its contributing events, fault tree analysis (FTA) provides the analysis tools required to know its occurrence or impact. A fault tree diagram helps us make targeted decisions about the probability of failure, consequence impact, and controls to reduce the probability of failures. Each section is a part of a production system. In this case study, three parts of the fault tree are

Table 1 Basic probability assignment (BPA or m) for the system failure. Basic probability Press machine section assignment (failure Ejector Pump1 Pump2 Pump3 Pump4 Computer Cushion Programmable Crane1 Crane2 Carne3 Feed in Feeder out Motor Drive probability ) logic control (PLC) L M H L,M L,H M,H L,M,H

0.3 0.3 0 0.2 0 0.1 0.1

0.1 0.7 0.1 0.1 0 0 0

0.7 0.2 0.1 0 0 0 0

0.6 0.2 0 0 0.1 0 0.1

0.1 0.7 0 0.1 0 0 0.1

0 0.3 0 0 0 0.6 0.1

0.8 0 0 0.1 0 0.1 0

0.1 0.2 0.3 0 0 0.4 0

0.6 0.2 0 0 0.1 0 0.1

0.4 0.2 0.1 0.2 0 0 0.1

0.4 0.3 0 0.1 0.1 0.1 0

0.8 0.1 0 0 0 0 0.1

0.3 0.3 0.1 0.2 0 0 0.1

0.3 0.3 0.1 0 0 0.3 0

0.4 0.1 0 0.1 0 0.1 0.3

pl bel

0.4 0.1 0 0.6 0.4 0.2 1 0.3 0.6 0.4 0.9 0.7 0.7 1

pl bel

0.3 0.3 0.1 0.6 0.4 0.7 1 0.6 0.6 0.2 0.9 0.7 0.7 1

pl bel

0.3 0.3 0.1 0.8 0.4 0.4 1 0.9 0.2 0.1 1 0.9 0.2 1

pl bel

0.8 0.1 0 0.9 0.8 0.1 1 0.6 0.5 0.2 1 0.7 0.6 1

pl bel

0.4 0.3 0 0.8 0.5 0.4 1 0.7 0.5 0.2 0.9 0.8 0.6 1

pl bel

0.4 0.2 0.1 0.8 0.5 0.3 1 0.8 0.3 0.2 1 0.8 0.4 1

pl bel

0.6 0.2 0 0.8 0.7 0.2 1 0.1 0.6 0.7 0.7 0.8 0.9 1

pl bel

0.1 0.2 0.3 0.3 0.4 0.9 1 0.9 0.2 0.1 1 1 0.2 1

pl bel

0.8 0 0 0.9 0.8 0.1 1 0.1 1 0.7 1 0.7 1 1

pl bel

0 0.3 0 0.3 0 0.9 1 0.3 0.9 0.1 1 0.3 0.9 1

pl bel

0.1 0.7 0 0.9 0.1 0.7 1 0.8 0.3 0.2 1 0.8 0.4 1

pl bel

0.6 0.2 0 0.8 0.7 0.2 1 0.7 0.2 0.1 0.9 0.8 0.3 1

pl bel

0.7 0.2 0.1 0.9 0.8 0.3 1 0.2 0.8 0.1 0.9 0.3 0.9 1

bel pl bel

pl

PLC Cushion Computer Pump4 Pump3 Pump2 Pump1 Ejector

The upper and lower bounds of an interval are bounded by basic probability allocations, which includes a probability set bounded by two extents of belief and plausibility. The lower bound of belief (bl) from a give set A is the summation of all basic probabilities that are allocated to occurrences Eq. (11), and the upper bound is also found through Eq. (12). The probability band found through the belief and plausibility functions represents an uncertain interval that can be right to wrong due to the lack of adequate data. This band starts from the belief function and continues to the value of the plausibility function. If we show this interval by U(A), the narrower U(A) shows an exact probability. In the analysis of the attained results of the belief and plausibility function, if U(A) has the interval [0, 1], it means that there are no available data. However, if it has the interval [1, 1], it means that the likelihood of the occurrence A is totally approved by m(A). Table 1 shows the basic failure probability allocation for each machine. In addition using Eqs. (11) and (12), we can simply find the belief and plausibility functions for the systems’ failure. Table 2 shows the results. To determine the failure probability of each machine from the table of belief and plausibility functions, the interval that has a great belief interval

Press machine section

4.3. Calculation of belief function

Table 2 Calculation of the belief and plausibility functions for the failure probability of machines.

After analyzing the past performance, the researchers have classified the likelihood of the occurrence of the breakdowns in this company into three levels of magnitude: L (Low), in which a breakdown may occur with a low probability in a fixed period of time; M (Medium), in which a breakdown may occur with a medium probability in a fixed period of time; H (High), in which a breakdown may occur with a high probability in a fixed period of time. The set of these occurrences form the set of Q ¼ {L,M,H}. The possible subsets will be eight sets of {4},{L},{M},{H}, {L,M},{L,H},{M,H}{L,M,H}. Table 1 shows the basic probability assignment for the breakdowns of the production system.

0.1 0.7 0.1 0.9 0.2 0.8 1

4.2. Calculation of failure probability

0.6 0.7 0.2 1 0.7 0.7 1

Crane 1

Crane 2

Crane 3

Feed in

Feeder Out

To calculate the failure risk of equipment, we need to find the failure probability and the consequence of failure. Although we have some data pertaining to the failure probability of systems, we do not have adequate data for calculating the failure probability through the classical probability theory as we are in the conditions of uncertainty, and we need to apply the DempstereShafer Theory. We are able to make a decision making framework using the minimum available data. If we can find the failure probability in the period A, then we can find its complement, i.e. the probability of the proper performance of the system reliability. In this method, the researchers have used a basic probability assignment instead of the classical probability theory for determining the proper performance of the system in a given period of A. For this set of parts, they have analyzed the fault tree shown in Fig. 2. Since we cannot use the classical probability theory, intervals are used for determining the breakdown of machines.

0.3 0.3 0 0.8 0.3 0.4 1

Drive Motor

4.1. Application of DempstereShafer calculations

L M H L,M L,H M,H L,M,H

analyzed. The existing data on the previous failures during the past 13 years are limited and direct decision making is not possible through statistical methods. The senior manager of the company intends to make decisions about how to react to the failure risk of these three parts on the basis of previous data and expert opinions.

0.8 0.6 0.4 1 0.9 0.6 1

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

Liklihood

576

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

will be chosen since the belief function determines a low probability that is gained through the minimum available data. 4.4. Calculation of failure consequence The second factor in determining the risk of equipment is to find the magnitude of breakdowns. After analyzing the past records of breakdowns, the researchers have categorized the breakdowns into three categories: (i) or minor, in which the magnitude of breakdown is low; (o) or moderate where the magnitude of breakdown is medium and will lead to interruption; but it is reparable; and (a) or major, in which the magnitude of breakdown is high and a crisis will happen in case of its occurrence. The set of occurrences will be Q ¼ {i,o,a}. There will be eight possible subsets:{4},{i},{o},{a}, {i,o},{i,a},{o,a},{i,o,a}. The set of basic probability allocations for the occurrence of breakdown in the production system is shown in Table 3. The gathered data on the magnitude of breakdown of machines are found from the past records of BPA regarding the breakdown of machines. According to the data of basic probability allocations, we may use Eqs. (11) and (12) to find the belief and plausibility functions of the machines in the same way of finding the belief and plausibility functions as shown in Table 4. The intervals shown in this table represent the values by which they are approved by the existing data. For example, regarding the ejector, the results of this table show that the breakdown status of the machine is at the level of minor and moderate. This interval is approved by the probability interval of [0.7e0.9]. 4.5. Determining risk interval using risk assessment matrix Once the failure probability interval and the magnitude band of system failure are determined, we can use the risk assessment matrix to find the level of risk for each component. For this purpose, the researchers have used a model, and put probability intervals in a band (Tables 5 and 6). The grading of this band starts from minor breakdowns and ends to major breakdowns. After blending, Tables 5 and 6, and drawing a two-dimensional risk diagram, it is found that the X axis of this diagram is related to the consequences, while the Y axis shows the likelihood of the occurrence of failure, of which each section represents the failure risk of each machine. For instance, calculations for an ejector are as follows: from the belief function in Fig. 3, we find that the failure risk of the ejector in the status quo is at the large level. Other results pertaining to other machines are shown in Table 7. In this table, the first column is the name of machine, the second column is the failure probability, the third column is the magnitude of the failure consequences of machine, and the fourth is the risk of machine which has been determined on the basis of the failure probability and the magnitude of the consequences of the

577

system. Classification of the consequences in a risk assessment matrix for this case study is done according to the past records and expert opinions. If we do not have adequate data available, we may use quantitative and precise numbers for calculation of a probability. However, in this case study, due to lack of information, we can only determine a range for the failure probability and magnitude of consequences. This range includes following modes: 4.6. Analysis of assessment matrix and risk criteria After finding the risk of each device, various scenarios may be chosen. The general framework of these scenarios is shown in Fig. 3. Risk is whether on the acceptable or unacceptable level. If the system’s risk is unacceptable, there are three main choices, namely control, separation and transfer of risk. What this study seeks for is control of the equipment’s risk using the reliability of systems. An organization can control the risk of equipment through adding and controlling the reliability of systems, and find the minimum reliability of the systems through risk-based reliability assessment (Fig. 4). 4.7. Reducing failure risk of equipment by increasing reliability There are two main solutions for controlling and reducing the failure risk of equipment located in unacceptable bound in order to reduce either the magnitude of the failure consequences or the probability of failure. One may say that the probability of failure of a facility is a complement to the probability of proper performance of that system in the given period of time A. Table 8 shows that the risk of ejector devices and pump 2 is located at the large level, while the risk of computers and PLC is at the level of very large. If we want to use the analysis of the risk-based reliability for controlling and reducing the risk of these equipment, we can decrease the failure probability of equipment by increasing the reliability of machines, which will lead to the reduction of failure risk of the equipment. In this section, the researchers aim to allocate systems reliability to the extent that the risk is lowered to a lower level. Table 8 shows the results of these calculations before and after the allocation of reliability in machines. This table also shows that we may increase the systems reliability to some extent. Since the magnitude of the consequences of failure in three machines is at a very high level, the risk cannot be lowered to minimum after allocation and will be at the medium level. For these machines, if the risk of the medium level is unacceptable, we should use other solutions of the algorithm in Fig. 3. By using the classification of the probability and the magnitude of hazard in Table 8, we can identify the band where we can decrease the risk of machines by increasing the machines reliability.

Table 3 Basic probability allocation for the breakdown magnitude of machines. Basic probability Press machine section assignment Ejector Pump1 Pump2 Pump3 Pump4 Computer Cushion Programmable Crane1 Crane2 Carne3 Feed in Feed out Motor Drive (consequence ) Logic Control (PLC) i o a i,o i,a o,a i,o,a

0.7 0 0.1 0 0.1 0 0.1

0.1 0.7 0 0.2 0 0 0

0.1 0.1 0 0 0 0.7 0.1

0.4 0.2 0 0 0.2 0 0.2

0.3 0.2 0.1 0.1 0.1 0.1 0.1

0.1 0.2 0.3 0 0 0.3 0.1

0.4 0.2 0 0.2 0 0 0.2

0.1 0.2 0.4 0 0.1 0 0.2

0.5 0.1 0 0.1 0.1 0 0.2

0.5 0.1 0 0 0 0 0.4

0.5 0.2 0 0.1 0 0.1 0.1

0.4 0.1 0 0.1 0 0.2 0.2

0.3 0.1 0 0.1 0 0.2 0.3

0.5 0.3 0 0 0 0.1 0.1

0.3 0.2 0 0.1 0 0.1 0.3

Drive

Plausibility 0.6 0.5 0.2 1 0.7 0.5 1 Belief 0.5 0.3 0 0.8 0.5 0.4 1

Motor

Plausibility 0.7 0.7 0.5 1 0.9 0.7 1 Belief 0.3 0.1 0 0.5 0.3 0.3 1

Feed out

Plausibility 0.7 0.6 0.4 1 0.9 0.6 1 Belief 0.4 0.1 0 0.6 0.4 0.3 1

Feed in

Plausibility 0.7 0.5 0.2 1 0.8 0.5 1 Belief 0.5 0.2 0 0.8 0.5 0.3 1

Crane 3

Plausibility 0.9 0.5 0.4 1 0.9 0.5 1 Belief 0.5 0.1 0 0.6 0.5 0.1 1

Crane 2

Plausibility 0.9 0.4 0.3 1 0.9 0.5 1 Belief 0.5 0.1 0 0.7 0.6 0.1 1

Crane1

Plausibility 0.4 0.4 0.7 0.6 0.8 0.9 1 PLC

Press Machine Section

i o a i.o i.a o.a i.o.a

Table 5 Grading the X axis in the risk matrix. Minor (I)

Minor, moderate (I,O)

[0,0.2] [0.2,0.4] Consequences ranking

Moderate (O & I,a)

Moderate, major (O,A)

Major (A)

[0.4,0.6]

[0.6,0.8]

[0.8,1]

4.8. Calculation of an example In the following paragraph we explain how to calculate a typical example of an ejector system. The associated information of the system is given in Tables 1 and 3. From Table 1, we see that Q ¼ {Low, Medium, High}, that represents likelihood of failure, for simplicity, we use “L, M, H” that stand for “low, normal and high, respectively. From Table 3, we see that Q ¼ {minor, moderate, major}, represents magnitude of consequence. For simplicity, we use “i, o, a” that stand for “minor, moderate and major, respectively. Five steps of the ejector (e) system are explained below: Step 1: Calculate the basic probability assignment (BPA or m) for the likelihood of failure The BPA for the ejector obtained from Table 1 is as follows:

mðeÞL ¼ 0:3 mðeÞL;H ¼ 0 mðeÞM ¼ 0:3 mðeÞM;H ¼ 0:1 mðeÞH ¼ 0 mðeÞL;M;H ¼ 0:1 mðeÞL;M ¼ 0:2 The sum of the above numbers is equal “1” and each of these numbers confirms evidence for the ejector failure. Step 2: Calculate the basic probability assignment (BPA or m) for the consequence of failure After the first step, the available information should be obtained according to the BPA (see Table 3). If the ejector fails, according to this table there are unexpected results shown as follows:

mðeÞi ¼ 0:3 mðeÞi;a ¼ 0 mðeÞo ¼ 0:3 mðeÞo;a ¼ 0:1 mðeÞa ¼ 0 mðeÞi;o;a ¼ 0:1 mðeÞi;o ¼ 0:2 In Table 3, the numbers show that the ejector failure is not often the critical failure results. Amount of uncertainty is equal “0.1” as: m(e)i,o,a ¼ m(e) Q ¼ 0.1 Step 3: Calculate the belief and plausibility function and uncertainty interval After allocating the Basic Probability Assignment (BPA) computed by Eq. (10), the belief functions and plausibility of each component are calculated by the use of Eqs. (11) and (12). The related results are shown in Tables 2 and 4. For instance, the belief and plausibility function of the ejector likelihood is calculated as below:

Table 6 Grading the Y axis in the risk matrix. Low (L)

Belief 0.1 0.2 0.4 0.3 0.6 0.6 1

Cushion

Belief 0.4 0.2 0 0.8 0.4 0.2 1 Plausibility 0.2 0.6 0.7 0.7 0.8 0.9 1

Computer

Belief 0.1 0.2 0.3 0.3 0.4 0.8 1 Plausibility 0.6 0.5 0.4 0.9 0.8 0.7 1

Pump4

Belief 0.3 0.2 0.1 0.6 0.5 0.4 1 Plausibility 0.8 0.4 0.4 1 0.8 0.6 1

Pump3

Belief 0.4 0.2 0 0.6 0.6 0.2 1 Plausibility 0.2 0.9 0.8 1 0.9 0.9 1

Pump2

Belief 0.1 0.1 0 0.2 0.1 0.8 1 Plausibility 0.3 0.9 0 1 0.3 0.9 1

Pump1

Belief 0.1 0.7 0 1 0.1 0.7 1 Plausibility 0.9 0.1 0.3 0.9 1 0.3 1 Belief 0.7 0 0.1 0.7 0.9 0.1 1

Ejector Consequence Impact

Press Machine Section

Table 4 Calculation of the belief and plausibility functions for the breakdown magnitude of machines

Belief 0.3 0.2 0 0.6 0.3 0.3 1

Plausibility 0.7 0.7 0.4 1 0.8 0.7 1

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

Plausibility 0.8 0.6 0.2 1 0.8 0.6 1

578

Low, medium (L,M)

[0,0.2] [0.2,0.4] Probability of failure ranking

Medium (M & L,H)

Medium, high (M,H)

High (H)

[0.4,0.6]

[0.6,0.8]

[0.8,1]

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

belðeÞL ¼ mðeÞL ¼ 0:3 belðeÞL;M ¼ mðeÞL þ mðeÞM þ mðeÞL;M ¼ 0:3 þ 0:3 þ 0:2 ¼ 0:8 belðeÞM ¼ mðeÞM ¼ 0:3 belðeÞL;H ¼ mðeÞL þ mðeÞH þ mðeÞL;H ¼ 0:3 þ 0 þ 0 ¼ 0:3 belðeÞH ¼ mðeÞH ¼ 0 belðeÞM;H ¼ mðeÞM þ mðeÞH þ mðeÞM;H ¼ 0:3 þ 0 þ 0:1 ¼ 0:4 belðeÞL;M;H ¼ mðeÞL þ mðeÞM þ mðeÞH þ mðeÞL;M þ mðeÞL;M þ mðeÞL;H þ mðeÞM;H þ mðeÞL;M;H ¼ 0:3 þ 0:3 þ 0:2 þ 0:1 þ 0:1 ¼ 1 plðeÞL ¼ mðeÞL þ mðeÞL;M þ mðeÞL;H þ mðeÞQ ¼ 0:3 þ 0:2 þ 0 þ 0:1 ¼ 0:6 plðeÞM ¼ mðeÞM þ mðeÞL;M þ mðeÞM;H þ mðeÞQ ¼ 0:3 þ 0:2 þ 0:1 þ 0:1 ¼ 0:7 plðeÞH ¼ mðeÞH þ mðeÞL;H þ mðeÞM;H þ mðeÞL;Q ¼ 0 þ 0 þ 0:1 þ 0:1 ¼ 0:2 plðeÞL;M ¼ mðeÞL þ mðeÞM þ mðeÞL;M þ mðeÞL;H þ mðeÞM;H þ mðeÞQ ¼ 0:3 þ 0:3 þ 0:2 þ 0 þ 0:1 þ 0:1 ¼ 1 plðeÞL;H ¼ mðeÞL þ mðeÞH þ mðeÞL;M þ mðeÞL;H þ mðeÞM;H þ mðeÞQ ¼ 0:3 þ 0 þ 0:2 þ 0 þ 0:1 þ 0:1 ¼ 0:7 plðeÞM;H ¼ mðeÞH þ mðeÞH þ mðeÞL;M þ mðeÞL;H þ mðeÞM;H þ mðeÞQ ¼ 0:3 þ 0 þ 0:2 þ 0 þ 0:1 þ 0:1 ¼ 0:7 plðeÞL;M;H ¼ mðeÞL þ mðeÞM þ mðeÞH þ mðeÞL;M þ mðeÞL;H þ mðeÞM;H þ mðeÞQ ¼ 0:3 þ 0:3 þ 0 þ 0:2 þ 0 þ 0:1 þ 0:1 ¼ 1

Fig. 3. Proposed decision making method regarding the system’s risk.

579

580

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

Table 7 Calculation of system's risk using intervals. Press machine section

Risk calculation

Ejector Pump1 Pump2 Pump3 Pump4 Computer Cushion Plc Crane1 Crane2 Carne3 Feed in Feed out Motor Drive

Probability of failure

Consequence

Risk ¼ P  C

[0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.6,0.8] [0.2,0.4] [0.6,0.8] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4]

[0.4,0.6] [0.2,0.4] [0.6,0.8] [0.4,0.6] [0.2,0.4] [0.6,0.8] [0.2,0.4] [0.4,0.6] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4] [0.2,0.4]

Medium Small Large Medium Small large Small large Small Small Small Small Small Small Small

Fig. 5. Change risk after the allocation reliability.

From the above calculations, the ejector is selected in the interval [0.8, 1] that has the narrow uncertainty band and higher belief function. This band for the probability of failure shows “L, M” that means the likelihood of failure is low or medium. For the similar way, we have the following interval for the failure results:

UðeÞi;a ¼ ½0:4; 0:6 Step 4: Determine the location of belief and plausibility function in the risk diagram Finally, the researchers define the risk range according to the risk diagram used well for data interval in the desired range. For instance, the likelihood of the failure ejector in Fig. 3 is [0.2, 0.4] and the consequence in Fig. 3 is [0.4, 0.6]. This range shows risk of failure in the ejector is medium (see Table 7). Fig. 4. Using the risk diagram model to determine the risk.

Step 5: Analysis of the assessment matrix and risk criteria to reduce risk by enhancing reliability The above calculation is illustrated in Table 4. After obtaining Tables 2 and 4 for all devices, we can make a decision by the principles of DempstereShafer. The uncertainty interval is between belief and plausibility shown as [Bel, Pl]. We make a decision regarding the interval that must follow the rules; the narrow uncertainty band between belief and plausibility represents more precise results. We obtain a belief function considering available evidence then the selected range that has a higher belief. This selection shows in Tables 2 and 4. For example, the uncertainty interval (i.e., U) for the ejector is:

UðeÞL ¼ ½0:3; 0:6; UðeÞL;M ¼ ½0:8; 1; UðeÞT ¼ ½0:4; 0:7

UðeÞM ¼ ½0:3; 0:7; UðeÞH ¼ ½0; 0:2; UðeÞL;H ¼ ½0:3; 0:7; UðeÞM;H ¼ ½0:4; 0:7;

There are two solutions to reduce the risk of the ejector that is: 1) decreasing the likelihood of failure, and 2) decreasing the consequence of failure. We intend to reduce the likelihood of failure by increasing system reliability (see Fig. 5). After blending two dimensions of Tables 5 and 6, and drawing a two-dimensional risk diagram, we find that the X axis of this diagram is related to the consequences, while the Y axis shows the likelihood of the occurrence of failure or probability of failure (pof), each section represents the failure risk of each machine. For instance, calculations for a computer, pump2, ejector and PLC are as follows: We find that the failure risk of the computer for two dimensions of reliability (R1¼[0.6,0.8] up to R2¼[0.8.1]) changing between the large to medium risk. Other results pertaining to other equipment

Table 8 Classification of the magnitude of hazards in the case study. Section

Ejector Pump2 Computer PLC

Calculate risk before allocation reliability

Reliability allocation

Calculate risk after allocation reliability

Probability of failure interval

Consequence interval

Risk ¼ P  C

R

Probability of failure interval

Consequence interval

Risk ¼ P  C

[0.2,0.4] [0.2,0.4] [0.6,0.8] [0.6,0.8]

[0.4,0.6] [0.6,0.8] [0.6,0.8] [0.6,0.8]

Medium Large Large Large

[0.8,1] [0.8,1] [0.8,1] [0.8,1]

[0,0.2] [0.0.2] [0,0.2] [0,0.2]

[0.4,0.6] [0.6,0.8] [0.6,0.8] [0.6,0.8]

Medium Medium Medium Medium

M. Khalaj et al. / Journal of Loss Prevention in the Process Industries 25 (2012) 571e581

(Pump 2 and PLC) are shown in the diagram. We may increase the reliability of computer and decrease the failure probability and finally reduce the risk of computer. However, for an ejector, we have to reduce the consequence impact of failure. For example, we can decrease the consequence impact by the added redundancy (see Fig. 5). 5. Conclusion Risk-based assessment is a means of decision making under uncertain conditions and has a wide application in maintenance and reparation of systems. One of the concepts introduced in this study is the risk-based reliability assessment. It can be used as a new solution for decision making in risk managements. When we have intended to make a decision, we should reach a relative certainty in making that decision. This study has taken the epistemic uncertainty into consideration e a kind of uncertainty that is resulted from the lack of the correct data. One of theories used for making decisions in these conditions is the DempstereShafer Theory. The evidence theory is a useful tool for decision making with the inadequate and imperfect data. This study has proposed a method for assessing the risk of systems based on the reliability of those systems. In this study, the researchers have found a range of belief and possibility which proposes criterion in decision making in the conditions of uncertainty resulted from inadequate available data. The evidence theory does not have the limitations of a model and properly indicates the ambiguity. As we are confronted with the problem of ambiguity in the real risk assessments of workplaces, we can reduce the degree of ambiguity and increase the reliability of results by using an integrated approach of the qualitative risk assessment diagram and the DempstereShafer Theory. This study uses this theory in identifying the conditions of uncertainty and its consequences, and determining the risk of a production system using a risk matrix, putting its application in production organizations into the test indeed. In a real world situation, there does not only rely on the traditional index, such as reliability, maintainability and other indexes. Because there is the complexity and lack of data in most of the industries; therefore; a decision maker has to define “point hazards” or “interval hazards” clearly. The infrastructures are vulnerable to disruptions that can lead to cascading failures with the serious consequences since models and parameter uncertainties are the dominant influence performance reliability rather than the functional reliability. New reliability assessment methods should be developed for such applications and the type of the approach developed within the risk index, risk-based reliability may be an interesting starting point not only in the context of reliability, but also for other contexts of industrial infrastructures. One of the purposes of the this study is to demonstrate advantages of the risk-based reliability analyses against the conventional reliability methods, a risk-based reliability model has also been proposed related to the uncertainty associated with the potential loss. Another advantage is that the uncertainty estimation is made without the need to know about the probability of failure P(f) or any of the conditional probabilities P(kjf) characterizing the separate failure modes. We have to identify risk and reliability trends together, provide high quality information to support operational reliability and maintenance practice, and to address important component reliability problems. This method provides an overview of the reliability analysis approach, in which the DempstereShafer theory may be used in order to improve the reliability efficiency and the related costs.

581

References Berger, J. O. (1985). Statistical decision theory and Bayesian analysis. New York: Springer. pp. 109e130. Buchanan, B. J., & Shortliffe, E. H. (1975). A model of inexact reasoning in medicine. Mathematical Biosciences, 23, 351379. Boehm, B. W. (1991). Software risk management: principles and practices. IEEE Software, 8(1), 32e41. Caselton, W. F., & Luo, W. (1992). Decision making with imprecise probabilities, DempstereShafer theory and applications. Water Resources Research, 28(12), 3071e3083. Carazas, F. G., & Souza, G. F. M. (2010). Risk-based decision making method for maintenance policy selection of thermal power plant equipment. Energy, 35, 964e975. Chang, M.-K., Chang, R.-R., Shu, C.-M., & Lin, K.-N. (2005). Application of risk based inspection in refinery and processing piping. Journal of Loss Prevention in the Process Industries, 18, 397e402. Danzer, R., Supancic, P., Pascual, J., & Lube, T. (2007). Engineering Fracture Mechanics, 74, 2919e2932. Dempster, A. P. (1967). Upper and lower probabilities induced by a multi-valued mapping. Annals Mathematical Statistics, 38, 325e339. Dubois, D., & Prade, H. (1998). Possibility theory is not fully compositional! A comment on a short note by H.J. Greenberg. Fuzzy Sets and Systems, 95(1), 131e134. Ebeling, C. E. (1997). An Introduction to Reliability and Maintainability Engineering. McGraw-Hill Co. Elegbede, A. O. C., Chu, C., Adjallah, K. H., & Yalaoui, F. (2003). Reliability allocation through cost minimization. IEEE Transactions on Reliability, 52(1), 106e111. Fedrizzi, M., & Kacprzyk, J. (1980). On measuring consensus in the setting of fuzzy preference relations making with fuzzy sets. IEEE Transactions on Systems, Man, and Cybernetics, 10, 716e723. Garvey, P. R. (2001). Implementing a risk management process for a large scale information system upgrade e a case study. Incose Insight, 4(1), 5e6. Hauptmanns, H. (2008). The impact of reliability data on probabilistic safety calculations. Journal of Loss Prevention in the Process Industries, 21, 38e49. Hecht, H. (2004). Systems reliability and failure prevention. Artech House. Henley, E. J., & Kumamoto, H. (1981). Reliability engineering and risk assessment. Englewood Cliffs, NJ: Prentice-Hall. Kerzner, H. (2003). Project management: A systems approach to planning, scheduling, and controlling (8th ed.). USA: John Wiley & Sons. Khan, F. I., & Abbasi, S. A. (2000). Analytical simulation and PROFAT II: a new methodology and a computer automated tool for fault tree analysis in chemical process industries. Journal of Hazardous Materials, 75, 1e27. Khan, F. I., & Haddara, M. (2003). Risk-based maintenance (RBM): a quantitative approach for maintenance/inspection scheduling and planning. Journal of Loss Prevention in the Process Industries, 16, 561e573. Klir, G. J. (1989). Is there more to uncertainty than some probability theorists might have us believe? International Journal of General Systems, 15, 347e378. Knezevic, J. (1997). System maintainability. Chapman and Hall. Kuo, W., & Prasad, R. (2000). An annotated overview of system-reliability optimization. IEEE Transactions on Reliability, 49(2), 176e187. Kyburg, H. E. (1998). Interval-valued probabilities. The Imprecise Probabilities Project. Labuschagne, L. (2003). Measuring project risks: Beyond the basics. Working paper. Johannesburg, South Africa: Rand Afrikaans University. Lee, N. S., Grize, Y. L., & Dehnald, K. (1987). Quantitative models for reasoning under uncertainty in knowledge-based expert systems. International Journal of Intelligent Systems, 2, 15e38. Moubray, J. (1991). Reliability centered maintenance. Butterworth. PMI (Project Management Institute). (2004). A guide to the project management body of knowledge (PMBoK guide). PA, USA: Newtown Square. Ravi, V., Reddy, P. J., & Zimmermann, H. J. (2000). Fuzzy global optimization of complex system reliability. IEEE Transactions on Fuzzy Systems, 8(3), 241e248. Shafer, G. (1976). A mathematical theory of evidence. Princeton: Princeton University Press. Smets, P. (2000). Belief functions and the transferable belief model. The Imprecise Probabilities Project. Tillman, F. A., Hwang, F. A., & Kuo, W. (1985). Optimization of systems reliability. Marcel Dekker. Todinov, M. T. (2003). Modeling consequences from failure and material properties by distribution mixtures. Nuclear Engineering and Design, 224, 233e244. Todinov, M. T. (2004). Reliability analysis and setting reliability requirements based on the cost of failure. International Journal of Reliability, Quality and Safety Engineering, 11(3), 1e27. Vose, D. (2003). Risk analysis: A quantitative guide. London, UK: John Wiley & Sons. Walley, P. (1987). Belief-function representations of statistical evidence. Annals of Statistics, 10, 741e761. Walley, P. (1991). Statistical reasoning with imprecise probabilities. New York: Chapman & Hall. Wattanapongsakorn, N., & Levitan, S. P. (2004). Reliability optimization models for embedded systems with multiple applications. IEEE Transactions on Reliability, 53(3), 406e416. Winkler, R. L. (1972). Introduction to Bayesian inference and decision. New York: Holt: Rienhart & Winston. Xu, Z., Kuo, W., & Lin, H. H. (1990). Optimization limits in improving system reliability. IEEE Transactions on Reliability, 39(1), 51e60. Yager, R. R. (1987). On the DempstereShafer framework and new combination rules. Information Sciences, 41, 93e137.