Risk Management – Correlation and Dependencies for Planning, Design and Construction Philip Sander Alfred Moergeli John Reilly Content

1. Advanced Probabilistic Risk Modeling

2. Risks Occurring Multiple Times

3. Event Tree Analysis

4. RAMS Analysis

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 2 Advanced Probabilistic Risk Modeling

The advantages of very advanced, probabilistic risk modeling (RIAAT 2014), such as currently used for the Koralm and Brenner Base Tunnels in Austria, include:

• Better, more complete modeling of the project and the ability to correlate risk events • A more detailed risk assessment and useful risk management information • More transparency and reporting of outcomes, e.g., ranking of risks, tornado diagrams • The ability to monitor and document changes to the project • The ability to integrate change order management

Although correlations (and dependencies) are a ubiquitous concept in modern risk management, they are also one of the most misunderstood concepts.

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 3 Correlations and Dependencies

Correlations quantify how specific change on one project element or characteristic is linked to a change in related project elements.

Example 1: A change in the price of steel will cause changes in the cost of several related project elements. Example 2: A probability of high labor costs can lead to a high impact of time-related cost in other project elements.

Dependencies characterize risks that are related: One risk may trigger one or more other risks, or one risk may influence the consequence (value) of another risk (or multiple risks).

Example: If a TBM is stuck in a fault zone, it might get buried and, as a further consequence, deadlocked, etc.

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 4 Risks Occurring Multiple Times Lower Inn Valley Railway Corridor (Tyrol/Austria) The project includes the construction section 1 (Kundl‐Baumkirchen) of the Lower Inn Valley Railway Corridor.

It is part of the Brenner Base Tunnel scheme. The railway track has an approximate length of 40 km. 32 km are underground.

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 5 Risks Occurring Multiple Times

Scenario: Cyclic excavation in a rock zone comes with the danger of cave-ins.

Cave-in 1st Event 2nd Event … of 5m³ to 20m³

Probability of Occurrence: It is expected that 2 cave-ins will occur in this section. Of course, it is also possible that there will be no cave-ins at all, and in worst cases there could be more than two.

Financial Impact: The financial impact is modeled as a triangular function with the parameters: Min: 50,000 ML: 65,000 Max: 90,000

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 6 Risks Occurring Multiple Times

Scenario two cave-ins

Scenario one cave-in

Scenario three cave-ins

Scenarios four and more cave-ins

Probability that no cave-in will occur Deterministic Approach: 2 x 65,000 = 130,000

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 7 Event Tree Analysis Koralm Base Tunnel (Southern Austria) With a total length of 32.8 km and a maximum cover of 1.250 m the base tunnel will traverse the Koralpe mountain range. The tunnel system is designed with two single-track tubes (approx. 82 m² per tube) and cross drifts at intervals of 500 m. Excavation for the Koralm tunnel is executed by two double shield TBM’s for long distances.

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 8 Event Tree Analysis

TBM bypass tunnel

TBM deadlocked

TBM buried No further event

TBM advancing No further event through fault zone

No event

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 9 Event Tree Analysis

12.5% probability that TBM will be buried when entering a fault zone

87.5% that TBM will advance through fault zone without getting buried

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 10 Event Tree Analysis

1 Fault Zone Result for advancing through one fault zone: 87.5% probability that risk will not occur

Cost impact scenario Bypass Tunnel (worst case)

Poisson value is set to 20 10% probability that 1.2 M$ will not be exceeded

20 Fault Zones

About 8% probability that no 90% probability that 14.4 M$ will event will occur not be exceeded

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 11 Functional System Safety (FSS) Safety Systems for ... Management of Scope & Requirements Requirement Tracking System (RTS) Failure Reporting and Corrective Action System (FRACAS ) Verification and Validation (Ver & Val)

Business Continuity Management System Reliability (RAMS) (BCM) Reliability Start up and re-establish Availability Normal Operations after Maintainability undesired events / system downtime Safety

Risk-optimized Maintenance Maintenance Management System (MMS) Condition Based / Reliability Centered Maintenance (CBM / RCM)

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 12 Bow Tie Analysis – Combination of a Fault Tree with an Event Tree Analysis

Bow Tie Analysis

Overall System III System in context System Failure Impact of failures II Reliability (R) Tech The probability that an item can perform a required function under given conditions for a nology is given time interval. R

I ) Availability (A) Integral( FaultRAMS Tree Analys The ability of a system to be in a state to perform a required function under given conditions riaat.riskcon.at at a given instant of time or over a given timeA interval, assuming that the required external resources are provided.

Maintainability (M) The ability of a system to be in a state or to be reset into a state where a given active maintenance action, for an item under given conditions of use, can be carried out within a stated time interval, if maintenance is performedM under stated conditions and using stated procedures and resources.

Safety (S) Freedom from unacceptable risk for health andS personal integrity of humans. Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 13 RAMS – System in Context Process Phase II: System in RAM Safety Context Fault Tree RAM with Common Cause Fault Tree Safety with Technology and Context Common Cause Technology Phase I Technology and Context Level 1

System Analysis Identification of Common Cause Factors Level 1 CC originating within the system and Level 2 Comp. ACC integration into the Fault Tree MS 1 Comp. Comp. CC B C CC CC Comp. MS 1 Common Cause Context Comp. B CC C MS 2 Fault Tree RAM & external risk scenarios System Analysis Fault Tree Safety & external risk scenarios Identification of other external risk Level 1 R scenarios Based on iteraction with R R Level 1 context, without directly affecting specific components CC Comp. CC Level 2 CC R Comp. A Comp. B R C CC MS 1 MS 1

CC Comp. External Risk Scenarios Comp. B CC R C R R R MS 2

Results Most likely Evaluation & Assessment [h/AP] System Optimization Downtime due to [%/AP] critical failures [%/AP] Analysis Period Best Case Worst Case Probability for at least one Results of Risk Analysis failure during the Analysis R Probability for at least Most likely [h/AP] one failure during the [$/AP] Mean Time To Period which is Analysis Period Repair safety-relevant Cost to Repair Results for Phase III Best Case Worst Case

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 14 RAMS – Reliability, Availability, Maintainability & Safety Process Phase III: System in interaction with other systems

Phase III: Sample: Tunnel Boring Machine (TBM) Overall System Results For Phase II Phase II: Precast Concrete Context PCS Segments (PCS) Identification of risks for the analyzed system originating from external Phase I: TBM Shotcrete Production systems and processes and vice versa Supply Train Etc. Analysis of the interaction of the analyzed with all other adjacent systems Supply Geology Ground Support RAMS Analysis to be performed for all systems and processes which are Tunnel TBM TBM – Design required for the operation of the overall system Etc. Disposal Assessment if the analyzed system is complying with all requirements for reliability, availability, maintainability and safety instead of all identified risks and interactions Waste Disposal Site Sedimentation Tank Conveyors Results for Phase III Etc.

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 15 RAMS – FTA RAM

Analysis Period = 1a

riaat.riskcon.at

Both Safety Controllers can control both channnels

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 16 RAM – Interpretation of Results

Reliability: Availability: Reliability Ma inte nance Time Intermediate Corrective The braking system for one axle will have at least one failure The braking system will be available during the analysis period during the anaylsis period of 1 year with a probability of 22%. of 1 year with a probability of 78%. However, there is a potential that the system will have down-time for 6,4h (VaR95) due to the braking system. Maintainability: Maintenance Cost Maintenance Maintenance Time Maintenance Because in this sample every failure of a component by R, A With a probability of 78% there will be no maintenance cost und M is a critical failure, Maintenance Time (MT) equals due to the braking system. However, up to 6.200 $ (Var95) Down Time (DT). are possible.

riaat.riskcon.at

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 17 RAMS – FTA Safety

Analysis Period = 1h

Redunda nt Systems No Compressed Air Supply as not safety- relevant

Redunda nt Channels

r ia at.r is kc on.at

Redu nda nt Saf ety Con trollers

Risk Management – Correlation and Dependencies for Planning, Design and Construction www.riskcon.at www.moergeli.com www.johnreilly.us Slide 18