3
USING RISK ANALYSIS TO ENHANCE BUILDING SAFETY AND PROTECT PROPERTY VALUES
Risk analysis, as it has evolved and is currently used, comprises an extensive set of definitions and procedures for characterizing threats to health, safety, mission, or property. Many of these procedures are based on mathematical principles of probability and statistics, while others are simply ways to structure and assist consideration of possible future events and consequences.
Risk analysis has been selectively and successfully applied to the setting of facility design criteria as well as managing risks for specific facilities. For example, designs for nuclear power facilities are subjected to very extensive and detailed risk analysis and, as already noted, building codes that address earthquake hazards are increasingly based on probabilistic analyses.
The entire field of fire safety is undergoing a major advance in risk analysis and management capabilities with the introduction of more realistic and useable computer-based models of fires in buildings. These models will permit explicit analyses of risks to be performed for design and operations planning. While nuclear facilities practices and new fire safety models demonstrate the application of risk analysis procedures, there remains substantial untapped potential for broader application of risk analysis, particularly in federal government programs where one entity effectively retains authority in all phases of a facility's life cycle. However, this is also
true in development and enforcement of state and local building codes, and in other phases of managing general building processes.
Risk analysis procedures may be applied at various levels of sophistication and detail to support effective risk management throughout a facility's life cycle, but their effectiveness often is limited by available data and the cost of data collection and analysis. Adequate data are not available to support sophisticated analysis of all facility risks, and more extensive data collection is a pressing need if the fullest benefits of risk analysis procedures are to be realized. Nevertheless, simplified analysis methods, using existing data and professional judgment may be applied more broadly now to enhance risk management.
Communication among the analyst, decision-maker, and the people exposed to risk is an important element of effective risk management. Risk analysis is, above all, a way of assessing hazards and how risk may be managed, a framework for asking the right questions about potential hazards and appropriate responses and searching for good answers. When public and regulatory attention inevitably—and appropriately—focus on elements of risk that are of greatest concern at any given time, risk analysis can inform and facilitate communication, thereby assisting decision-makers who must manage limited resources to achieve the greatest safety and protection.
LOGIC AND PROCESS OF BUILDING RISK ANALYSIS
Risk analysis should start in planning and design. Facility siting decisions influence what hazards need to be considered (e.g., earthquake or coastal zone storms) and the degree of risk (e.g., location relative to potentially unstable slopes or defined flood plain areas).
The body of procedures, criteria, and standards now used in most aspects of facility design represent a distillation and codification of lessons learned from experience and analysis over the course of many years. (Diewald, 1989) The process by which experience enters common practice is evolutionary and often slow, typically involving broad participation of many professionals and industry groups. The levels of risk inherent in any facility are implicitly established in this process, and there is little basis for presuming that risks associated with different hazards are comparably treated.
The traditional approach to design and risk management, based on this accumulated knowledge, reflects an assumption that if the proper procedures are followed and standards are met, unacceptable exposure to hazards will be avoided. If procedures are not followed or standards are violated, exposure is unacceptably high. This traditional logic deals poorly with rare events or new concerns for which there is too little experience to support the
evolutionary development of design details or operating procedures that control the hazard.
In contrast to traditional logic, risk analysis methods assume that no prediction can be made with certainty, and that there will always be some chance of exposure to hazards. The process of risk analysis therefore deals explicitly with the possibilities of exposure, the possible consequences of exposure, and the evaluation of these consequences. 20 This logic imposes demands on the analyst and on the institutional setting within which facility safety is managed, demands that may become barriers to improving safety through broader application of risk assessment.
The barriers can be overcome. After some two decades of work, organizations such as the American Institute of Steel Construction (AISC), the American Association of State Highway and Transportation Officials, and the American Institute of Timber Construction (AITC) have begun to introduce reliability-based design codes21 using the Load and Resistance Factor Design format as an alternative to traditional design methods. The American Concrete Institute (ACI) has used similar formats for some years. The recognized value leading to these changes has been the potential to assure similar structural safety levels in facilities constructed of different materials. The committee seeks to assure similar safety levels relative to the variety of hazards to which people are exposed in and around buildings.
NEED FOR INFORMATION AND DATA
The principal model building codes use two broad parameters to describe building characteristics that determine requirements for safety and health: construction type and building occupancy.22 The definitions of construction
types and occupancies now used in most building codes have been developed primarily with regard to the contents of buildings, to address fire hazards and, to a lesser degree, seismic and weather-related hazards. A more complete and generally accepted cataloging of construction types, facility use and occupancies to characterize all sources of facility hazards (including operation and maintenance procedures) is needed. For example, materials used in cleaning, as well as construction, operating electrical loads, and the level of maintenance backlog may influence whether the building's heating, ventilating, and air conditioning (generally referred to as HVAC) and electrical systems should be considered potential sources of fire, explosion, or other hazards. [See box next page.]
Once hazards are specified, formalized risk assessment generally is accomplished by first stating explicitly the possible chains of events that could lead to deaths, injuries, and other losses and, second, estimating the probabilities that these various events will occur within some stated period of time. A variety of formalized procedures have been developed that structure this assessment.23 Typically these procedures use some form of network diagram to illustrate the relationships among elements of a system, how the system is operated, and external events that may jointly lead to failures. Such analyses can quickly become quite complex and technically sophisticated, and are therefore used primarily when dealing with very complex and highly sensitive facilities (such as nuclear power plants) or as a research tool for exploring policy options (for example, development of fire safety codes).
However, the risk analysis process can be applied in a simplified manner with probabilities estimated by the informed analyst. In general, the value of the assessment ultimately depends on the analyst's foresight and understanding of the technical behavior of the systems being analyzed, and on the availability of data to support estimation of probabilities that hazardous events and consequent losses will occur. In turn, the value of the analysis includes the enhanced understanding of risks and opportunities for their management, as well as the explicit estimates of risk levels.
When there is a well documented history of actual observations of the systems and events of interest, probabilities may be estimated on an actuarial or statistical basis. In the absence of statistical data, simulations or modeling and expert judgement are sometimes used to understand sequences of events or to estimate the likelihood that certain events will occur or both. Laboratory testing and analogy—a form of simulation—may be used to try
|
the intensity of that use or numbers of people potentially exposed to a hazard (e.g., single-family and multi-family residential, educational buildings, auditoriums). |
23 |
Appendix B describes some of these procedures. |
NEW TECHNOLOGY, NEW RISKS Small computers and other electronic equipment have become pervasive in the modern office. Designers and manufacturers of these electronic machines have adopted new and highly efficient single-phase power conversion technology as a means to reduce physical size, weight, and cost. However, when large numbers of these machines are operated on a three-phase system of the type commonly used in today's office buildings, transformers may become noisy and overheat, connections in pre-wired office partitions burn out, and building wiring failure may occur. These problems may, in turn, cause fires. Yet all systems seem by conventional measures to be operating well within the limits of accepted ratings for safe service. The problem stems from use of switch-mode power supplies, sometimes called "switchers" or "switching type," that draw power in from the source in short pulses, rather than continuously. This mode of operation, drawing on the typical three-phase alternating current (AC) supply, results in non-linear loads and high harmonic content—i.e., unanticipated irregularities and fluctuations—in the building's system. When switch-mode equipment is mixed in with other types of equipment such as desk lighting, typewriters, and other electrical machinery commonly found in the office, the problem is not so severe and may go unnoticed. In offices with high concentrations of computers and peripheral devices (e.g., printers, external disk drives, and modems), trouble can occur. The total harmonic current in the neutral wire of the three-phase circuit can theoretically reach 1.73 times the balanced—and normally anticipated—current that would normally occur in any phase. Detection of the hazard requires fairly sophisticated measurements, and solutions include installation of heavier-duty transformers and wiring. More elegant solutions are possible, such as installation of electrical filters to screen the supply system from the switch-mode harmonics, but such filters are large, costly, and not widely available. Electrical engineers are coming to recognize that harmonics and non-linear loads will increasingly be problems that must be addressed in design of new offices. References: Arthur Freund, ''Double the Neutral and Derate the Transformer—or Else'', EC&M, December, 1988, pp. 81–85. David Kreis, "Harmonic Analyzer Helps Solve Power Problems, EC&M, March 1989, pp. 73–76. |
to gain understanding of the expected behavior of new materials or subsystems.
There is no comprehensive data base to support broad assessment of risk in and around buildings. Data that are available cannot easily be used to deal with diverse hazards. Accident and loss statistics form the basis for setting insurance rates, for example. However, the way in which the insurance industry collects and maintains these data typically aggregates data for diverse hazards, records loss in monetary units only, and includes no information on hazard severity. Such data have limited value for characterizing the causal
relationships that form the basis of technical risk analysis. The lack of a statistical data base for risk analysis is a major obstacle to broader application of these techniques for improving facility safety.
Investigations of particular facility or component failures are a valuable source of information about causes of failure, and may yield insights that support estimation of probabilities of similar circumstances occurring elsewhere and leading to failure. From the perspective of improving technical understanding of risk and its management, it is unfortunate that such investigations are often conducted within the context of insurance claims and court litigation procedures, so that detailed data are not made generally available for use by researchers. Knowledge gained in these investigations often does enter professional practice and contributes to evolutionary change in design parameters and building regulations.
Often, expert judgement may be the best available basis for estimating probabilities, particularly when new products and techniques or unique facilities are being considered. The public acknowledges that such judgement is a reasonable basis for establishing acceptable risk, and uses professional licensing of architects and engineers to control who is qualified to make this judgment. When failures occur, the courts may be called upon to confirm that reasonable care was exercised in making and acting on this judgment.24 For complex situations that go beyond the range of normal design and management practices, formalized procedures25 may be used to synthesize the judgments of groups of experts into a consensus.
BENEFITS AND COSTS OF RISK REDUCTION
The risk analysis produces not only an assessment of overall risk, but also insights into how action can be taken to reduce risk. Certain steps in the
chain of events that may lead to loss are typically found to have high probabilities or serious consequences that make them critical to the overall risk. Risk will be reduced if actions can be taken in planning, design, construction, operations, or maintenance to reduce the probability that these events will occur or to control the consequences if they do occur. Analysis of the criticality of facility subsystems or stages in the building process and life cycle indicates where effort to improve overall safety is most likely to have the greatest effect.
Safety of the occupants is a paramount concern of a facility's designers, but is only one of a variety of factors that influence specific design and management decisions. Other aspects of performance, as well as costs of construction and operation, must generally be considered along with safety in the design process. The same balancing of concerns is required in facility operations and maintenance. Achievable safety or allowable risk are then established—in principle—by a comparison of benefits and monetary costs of design decisions and subsequent actions that will influence hazard exposure and consequences.
When particular hazards are covered by the provisions of building codes or owner's design criteria, this comparison of costs and benefits is made at a general level for all buildings covered by these design criteria. Sometimes the comparison has not been explicitly considered, and experience may show that costs and benefits are poorly balanced, i.e., that costs are too high for the apparent improvements in safety or that greater improvements in safety could be achieved at more modest cost. For example, committee members noted that risk analysis showed that huge sums being spent in the nuclear power industry to prevent large-break loss of reactor coolant accidents could be applied to other measures that would substantially enhance overall public safety.
Risk analysis could assist public officials to formulate reasonable responses to occasional disasters that motivate public concern, for example the call for tightening local building codes that frequently follow major fires. Risk analysis could provide similar assistance when new information (for example, scientific evidence that earthquakes are more likely than previously thought) suggests that new actions are required to ensure public safety.
The comparison of benefits and costs may be made for individual facilities and for programs that will lead to the construction of several facilities, as well as for communities as a whole. As in the cases of setting design criteria, increasing experience and new information may lead to a reassessment of whether risks are at acceptable levels. However, the means for responding to new conclusions are restricted to changes in operation and maintenance procedures, and retrofit or reconstruction of the facility. In extreme cases, a facility may be decommissioned and demolished.
Benefit-cost analysis may be used to support these decisions, but great care is required. The tendency of benefit-cost analysis to express all elements of benefits and costs in terms of a single measure—frequently monetary—is always fraught with uncertainty, particularly when efforts are made to place values on human lives and environmental quality. The institutional setting within which risk and safety decisions are made does not utilize economic information alone, and efforts to reduce decisions to strictly economic terms may founder.
INSTITUTIONAL SETTING FOR SAFETY AND RISK MANAGEMENT
Responsibility for safety in and around buildings is distributed among owners, designers, constructors, the insurance industry, regulatory agencies, building occupants, and the public at large and is subject to interpretation and redistribution by the courts. Owners of facilities, especially those that pose particular risks (such as facilities containing hazardous materials), bear the primary responsibility for ensuring their facilities' safety. Architects and engineers (A/Es)—operating as general and specific agents for these owners—help the owners to understand what these risks are and do not bear greater burdens of liability for having done so.26
In contrast, the architects and engineers who design other types of facilities may be directly liable for losses. Integrated A/E firms typically pay one to five percent of their gross receipts for adequate insurance, while structural engineers may pay 8 to 10 percent. Firms with good reputations and low loss records may pay less. In addition, there are often limits on the amount of coverage available (currently $15 million is typical), and coverage is subject to a deductible of 1 to 2 percent of the gross damages.27 Many firms purchase less coverage than the maximum available, or are completely uninsured.
A/Es working in such an environment may hesitate to use risk analysis, which focuses so directly on uncertainties in the building process. A/Es working with federal agencies may find that more knowledgeable staff, less
aggressive avoidance of ownership costs, and infrequent use of lawsuits to remedy problems are reflected in reduced exposure to financial liability, and may consequently be more willing to adopt risk-based design procedures.
Because insurance transfers at least a portion of the financial burden of risk away from the facility owner, user, or A/E, the insurance industry could be a principal beneficiary of risk analysis. However, the industry has pursued a loss-based approach to business and has not undertaken broad, systematic study of the technical measures of risk associated with hazards in and around buildings.28 Risk management professionals employed by private firms and state and local governments focus primarily on actions to reduce financial loss exposure, rather than reduction of technical risk. (PRIMA, 1988)
Local building code administrators and other government regulatory agencies assume some responsibility for risk management by adopting codes and standards to which facilities must conform. The adequacy of the facility with respect to the underlying goal of assuring public safety is presumed if the code and standards are met. The setting of these standards is based largely on a consensus of judgments. If risk, in the technical sense, is reflected at all in these judgements, it is typically in an informal and implicit manner. Furthermore, judgments about conformance to code and underlying safety are in the hands of local government code officials or federal agency design and construction supervisors. Subjective perceptions and assessed levels of risk may differ among these individuals and from one situation to another. It is therefore unclear what the risk levels are,29 although the absence of widespread losses suggests that the codes and standards, as they have evolved, are delivering relatively safe facilities.
Standards issued by government agencies address some hazards not covered by state and local codes or generally used design criteria. For example, the federal Occupational Safety and Health Administration (OSHA) issues regulations that bear on the design, construction, and operation of facilities. Broad environmental risks related to facility location, design, and operations may fall under the control of the Environmental Protection Agency
(EPA) and state or local environmental agencies. Each agency may adopt its own approach as a basis for setting its standards.
The process of environmental impact review prior to facilities construction, 30 conducted with public involvement and documented in an environmental impact statement (EIS), may include particular hazards and risk mitigation actions to avoid losses. However, risk is not necessarily addressed and—some observers suggest—may be avoided because of analysts' concerns that the public will not fully appreciate the inevitability of some risk and may respond negatively to explicit risk assessment.