Risk, Safety and Liability

1
Risk, Safety and Liability

• PHIL/ENGR 482
• Ethics and Engineering

2
Required reading

• Harris, Pritchard and Rabins, Engineering Ethics
  Concepts and Cases, 2nd ed. Chapter 7, Risk,
  Safety and Liability in Engineering

3
An engineering responsibility

• Codes of ethics require the engineer to prevent
  exposure of the public to unacceptable risks.

4
NSPE Code

• Hold paramount the safety, health and welfare of
  the public design to accepted engineering
  standards
• Do not complete, sign, or seal plans and/or
  specifications that are not of a design safe to
  the public health and welfare in conformity with
  accepted engineering standards
• In circumstances where the safety, health,
  property or welfare of the public are endangered
  engineers must notify their employer or client
  and such other authority as may be appropriate

5
Understanding and managing risks

• What is risk?
• How do we operate engineering systems to reduce
  risks?
• How do we design engineering systems to reduce
  risks?
• What are acceptable risks?

6
What is risk?

• One definition of risk is
• Exposure to the chance of injury or loss
• a hazardous or dangerous chance
• This definition involves both
• the probability of an event occurring
• the consequences of the event
• Websters Dictionary

7
An engineering definition of risk
8
Risk is inherent in engineering

• All engineering involves risk.
• Innovation in design generally increases risk.
  More generally, any change (from proven practice)
  will often increase risk.
• Examples
• Tacoma Narrows Bridge--1940 collapse
• Three Mile Island Power Plant--1979 radiation
  release
• Concorde airliner--2000 crash in Paris

9
Probability of failure

• A nuclear reactor will meltdown if the control
  rods fail and the cooling pump fails. What is the
  probability of this occurring?

10
Event tree analysis of failure probability
11
Engineering risk assessment

• Bridge foundation depths are often governed by
  the depth of scour, which is related to the size
  of the flood. A 100-year flood (a flood which
  has a 1 chance of occurring in any given year)
  is a common design flood level.
• Consider a bridge footing designed to have a
  2?10-3 annual probability of being undercut by
  scour in any given year.

12
Engineering risk assessment...

• Consider a a bridge that has an 2?10-3 annual
  probability of collapse due to scour.
• If collapse occurs during a rush hour (1/24
  probability), 10 lives will likely be lost. If
  collapse occurs during non rush hours (23/24
  probability) 1 life will likely be lost. One way
  to measure this risk is
• (2?10-3)(1/24)(10) 833?10-6 (risk of death)
• (2?10-3)(23/24)(1) 1917?10-6 (risk of death)
• Total risk is 833?10-6 1917?10-6 2750?10-6
  (risk of death)

13
Problems with event-tree analysis

• assigned probabilities are sometimes conjectural
• cannot anticipate all failure modes
• pipe rupture,
• pipe corrosion,
• terrorist attack,
• human error,
• etc...

14
Safety Operation of engineering systems to
reduce risk

• Many engineering failures involve, at least in
  part, an operations failureconsider the reactor
  failure at Three Mile Island
• The main feedwater pumps failed a pressure
  relief valve automatically opened, but stuck
  open. Signals failed to show that the valve was
  stuck open.
• Because of either administrative or human error,
  a critical valve in the emergency feedwater
  system was left closed, delaying the operation of
  that system for 8 minutes.
• Systems are said to be tightly coupled when a
  failure in one system can adversely and rapidly
  affect operations in another system. Tightly
  coupled systems make failures more difficult to
  predict and control.

15
Safety Operation of engineering systems to
reduce risk

• The loss of the Space Shuttle Challenger is
  another example of an engineering system failure
  due to operations failure.
• The practice of normalizing deviance, that is
  the acceptance of anomalies (unexplained leakages
  of the O-ring seals) in previous flights led to
  continued operation of a system that was
  dangerously close to its safe limit of
  operation.
• Also, operational limits (launch temperature)
  were increased without appropriate study.

16
Safety Design of engineering systems to reduce
risk to acceptable levels

• Develop inherently low-risk designs
• Incorporate redundancy in design
• Design for failure modes that give warning before
  catastrophic failure (ductile structures)
• Design for appropriate Factor of Safety
• Structural design philosophies...
• Allowable Stress Design (ASD or WSD)
• Load Factor Design (LFD)
• Probabilistic design methods (ex. LRFD)

17
Factors of Safety

• To accommodate uncertainties in...
• applied loads,
• material properties,
• simplified methods of analysis,
• construction quality,
• maintenance, ...
• and, to reflect different consequences for
  different failure modes.

18
(No Transcript)
19
Factors of Safety in design

• An engineer working for Otis Elevators determines
  that a fully loaded passenger elevator will weigh
  6450 lb. The elevator is supported by a
  double-sheaved cable so that the cable tension is
  1/4 of the elevator weight. The elevator is
  expected to experience dynamic load factors of
  approximately 1.35. Suppose the design code
  requires a factor of safety of 6.5. What cable
  diameter should the engineer specify?

20
Factors of Safety in design (contd)
21
Breaking strength for 6x19 wire rope...

22
Factors of Safety in design (contd)

• Choosing 1/2-in. cable...

23
Allowable (or Working) Stress Design philosophy

• ASD design philosophy limits the stress to a
  certain allowable value, which is usually some
  fraction of the yield or ultimate stress.

24
Allowable Stress Design example

• Julio is designing a portable cylindrical
  compressed air tank for use by motorists with
  flat tires, based on the calculated hoop stress
• He plans to specify steel with a minimum yield
  strength of 36 ksi, and will design for an
  allowable stress of 20 ksi.

25
Allowable Stress Design example--(contd)

• He calculates that the design pressure (125 psi)
  will cause the allowable stress (20 ksi) in the
  12 in. diameter steel tank if the wall thickness
  is 0.0375 in.
• He then increases the calculated wall thickness
  by 0.060 in. to allow for corrosion, and chooses
  the next larger available thickness 0.105 in (12
  ga).

26
Allowable Stress Design example--(contd)

• The Factor of Safety of a new tank against
  exceeding yield stress is then

The Factor of Safety of a corroded (0.045 in.
wall thickness) tank against yielding is...
27
Design difficulties...

• Different loadings may have different
  uncertainties
• Different failure modes have different risk
  (uncertainty ? consequence),
• Also the resistance (strength) of some modes may
  be affected more by construction quality,
  maintenance inspection interval, etc
• ...so different Factors of Safety may be
  appropriate for different loadings and failure
  modes.

28
Load Factor Design philosophy

• Expected loads are multiplied by Load Factors,
  which may have different values for different
  types of loads
• Strength is reduced by a Strength Reduction
  Factor reflecting the variability in the strength
• Factored loads must not exceed factored strength

29
Load Factor Design example

• Consider a bridge girder which carries its own
  weight plus the weight of the deck (DL) and
  traffic loads (LL).
• Denote the moments caused by these loads as MDL
  and MLL, respectively.
• Denote the calculated ultimate moment (which
  would cause fully plastic failure of the section)
  as Mult.

30
Load Factor Design example

• The LFD philosophy requires...
• where
• FLL and FDL are load factors for live and dead
  loads, typically specified to be 2.2 and 1.3
  respectively, and
• ? is a strength reduction factor, typically
  specified be 0.90

31
Probabilistic design philosophy (LRFD)

• Load factors and resistance (strength) factors
  are not fixed, by a design code, but are chosen
  in each design based on the specifics of the
  case.
• Factors are determined in such a way that the
  probability of failure of each limit state
  (failure mode) is maintained at some uniform
  value.

32
AASHTO LRFD Bridge design example design for
vessel collision

• Bridges in navigable waterways shall be designed
  for vessel impact, considering...
• waterway geometry,
• size, type, loading condition, and frequency of
  vessels using the waterway
• water depth,
• vessel speed and direction, and
• structural response of the bridge to collision.

33
Bridge design for vessel collision (contd)

• Bridges are classified as regular or
  critical.
• Critical bridges shall continue to function
  after more severe collisions than the collision
  limiting regular bridges

34
Bridge design for vessel collision (contd)

• An analysis of the annual frequency of collapse
  is performed for each pier or span component
  exposed to collision.
• The design vessel is selected using a
  probability-based analysis procedure in which the
  predicted annual frequency of bridge collapse
  (AF) is compared to an acceptance criterion.

35
Bridge design for vessel collision (contd)

• The Annual Frequency of collapse (AF) is computed
  by
• where...
• Nannual number of vessels, by type, size...
• PAprobability of vessel aberrancy
• PGgeometric probability of a collision by an
  aberrant vessel
• PCprobability of bridge collapse due to collision

36
Bridge design for vessel collision (contd)

• The Annual Frequency of collapse (AF) is limited
  to a specified acceptable risk...

37
Acceptable risk...

• What is an acceptable risk?

38
(No Transcript)
39
Some acceptable risks...

• Note that the average American could, if he/she
  chose, reduce his/her annual risk of death by
  173?10-6 by avoiding travel in automobiles or on
  highways. Since the average American chooses to
  accept this risk (because of the advantages of
  automobile transportation), the risk of death
  associated with automobile travel could be
  considered an acceptable risk, that is one
  assumed by a reasonable person.
• Similarly, the 8?10-6 risk of death in commercial
  aviation is accepted by most persons.

40
Cost-benefit risk assessment example

• The government is proposing legislation to limit
  formaldehyde emissions to 3 ppm. Industry
  estimates that to install and operate the
  necessary scrubbers will cost 300 million
  annually. Toxicologists estimate that this new
  standard will save 30 lives annually. Using
  cost/benefit analysis, should the new standard be
  implemented?
• Cost 300 million/yr
• Benefit (30 lives/yr)( ??? / life)
• What is the dollar value of human life?

41
What is the value of human life ?

• Some methods to place a value on human life
• purchasing decisions involving safety (e.g. car
  purchase)
• future earnings
• extra pay needed for risky jobs
• (e.g. house painter vs. smokestack painter)

42
Problems with using studies of purchasing
decisions to determine the value of life...

• wealthy people are willing to pay more
• people will pay 7 times more to reduce risk of
  cancer than to reduce risk of death in an
  automobile
• decisions are based on perceptions (values)
• women value their lives more than men, i.e., men
  are more willing to engage in risky behavior
• A 1984 study by Shualmit Kahn indicates that
  people typically valued their lives at 8 million
  (Note this figure is higher than is typically
  used in public policy analysis. Also note that
  Ford used 0.2 million in the 1970s Pinto case
  study.)

43
Public Policy Experts Approach to Risk

• His/her first priority is to protect the public.
• Consider the consequences of an error in a study
  to determine whether a chemical is carcinogenic
• False Positive The chemical is banned as being
  carcinogenic, when in reality it is not. The
  producer loses potential profits from the sale of
  this chemical.
• False Negative A dangerous chemical is approved
  as safe and sold to the general public. The death
  rate from cancer increases.
• A public policy expert will choose to err on the
  side of public safety, when the facts are not
  clear

44
Public policy expert approach (contd).

• In a democracy, the government policy makers
  respond to the publics wishes. The public tends
  to react to different risks in different, and
  sometimes irrational ways. As a result, we tend
  to allocate differing amounts of money to save
  lives by different measures...

45
Allocation of Money
46
Laymans approach to risk

• Respect for Persons Approach
• Key Issues
• is the risk distributed equitably?
• are those assuming the risk compensated?
• is the risk voluntary?
• does the person assuming the risk understand it?
• does the person assuming the risk have control?

47
Laymans approach to risk...

• Laymen often overestimate low probability risks
• Willing to accept higher voluntary risks than
  involuntary risks (by factor of 103)
• Laymen dont compare a risk to already accepted
  risks
• Laymen overestimate risks of human origin
  compared to risks of natural origin
• Laymens approach more closely follows
  Respect-for-Persons approach than the Utilitarian
  approaches used by many experts

48
An Acceptable Risk is one that is...

• freely assumed with informed consent
• equitably distributed
• properly compensated

49
Informed Consent

• RP says we should treat people as moral agents
  (autonomous, self-governing individuals)thus we
  should seek informed consent before assigning
  risk
• Criteria for informed consent
• consent must not be coerced
• person must be accurately informed
• person must be competent to assess information
• there are possible conceptual and applications
  issues to be resolved

50
Problems with informed consent

• difficulty getting informed consent
• consent must be obtained before the risk is
  assumed
• consent requires negotiation
• holdouts or unreasonable preferences
• parties must be well informed and reasonable
• people are often hysterical regarding dramatic or
• catastrophic risk
• people underestimate the consequences of risks
  that
• have never happened before

51
When it isnt possible to get informed consent...

• Only expose people to risks they would consent
  to, if they were informed of all known risks.

52
Or, ...

• As an alternative to gaining consent from
  everyone affected by the risk, the group leaders
  can decide to accept the risk for the group.

53
Problems with Informed Consent (contd.)

• Some people may give informed consent to things
  that are not in their interests, because of...
• misunderstanding information
• immaturity
• irrationality
• Such consent isnt autonomous.

54
Problems with Informed Consent (contd.)

• If consent is not autonomous, then you should
  find a way to make consent autonomous.

55
Risk concepts--Example

• The electric power company proposes to build a
  nuclear power plant near your neighborhood.
  Given the newly deregulated electricity market,
  the power probably will be sold out of state
  because prices are higher there.

56
Risk concepts--Example (contd.)

• Is the risk voluntary?
• Does the person taking the risk understand it?
• Does the person taking the risk have control?
• Is the risk distributed equitably?
• Do those taking the risk get the rewards?

57
Risk concepts--Example (contd.)

• Is the risk voluntary?
• Yes, within the limits of the democratic process.
• Does the person taking the risk understand it?
• No, the general public does not understand
  nuclear energy.
• Does the person taking the risk have control?
• No, the power company controls the plant.

58
Risk concepts--Example (contd.)

• Is the risk distributed equitably?
• No, those living close to the plant take a higher
  risk
• Do those taking the risk get the rewards?
• No, the power is shipped out of state.

59
Informed Consent by Group Leaders--Example

• The XYZ Chemical Company wants to build a new
  plant in Smallville. The chemical plant has a
  pollution effluent that may give one citizen
  cancer every five years. However, the plant will
  create 100 new jobs and a substantial tax base
  for Smallville, which will improve the local
  schools and hospital. The XYZ Chemical Company
  asks the town council for approval to build the
  plant in the industrial park.

60
Informed Consent by Group Leaders (contd.)

• Advantages
• simplifies decision-making process
• Problems
• How do we compensate those individuals who suffer
  the consequences of the risk?
• Approval of group leaders does not reflect the
  wishes of all individuals
• Works okay for small risks, but large risks may
  need individual consent

61
Paternalism

• Paternalism the exercise of power by one person
  or institution over another in order to help or
  prevent harm to the latter, when...
• Weak paternalism--the latter is not exercising
  moral agency effectively.
• Strong paternalism--there is no reason to believe
  the latter is not effectively exercising moral
  agency.

62
Paternalism (contd)

• Commonly-accepted criterion for acceptable
  paternalism
• A fully rational person informed of the relevant
  facts would consent to intervention in this case
• Paternalism often causes resentment.
• Paternalism (weak) is permissible if protected
  person is not autonomous
• but people will disagree over who is autonomous.

63
Summary

• Be aware that experts tend to use a utilitarian
  approach and the lay public tends to use a
  respect-for-persons (RP) approach
• Utilitarian and RP approaches each have their
  limitations
• It is difficult to quantify risk
• Peoples values differ regarding risk
• Promote informed consent within your limits as an
  engineer

64
For guidance...

• People should be protected from the harmful
  effects of technology, especially when the harms
  are not consented to or when they are unjustly
  distributed, except that this protection must
  sometimes be balanced against (1) our need to
  preserve great and irreplaceable benefits and (2)
  the limitations on our ability to obtain informed
  consent. Harris, et al.

65
Summary (contd.)

• Some technologies provide valuable and
  irreplaceable benefits, yet are inherently risky
  (e.g. automobiles)
• Engineers should be paternalistic and protect the
  public from harmful impacts of technology if
• Consequences are severe
• Consequences are unjustly distributed
• Informed consent is not possible

66

• Liability

67
An engineers ethical dilemma...

• All engineering involves some risk.
• Protecting the public from all risks is not in
  the publics best interest.
• We must protect the public from unacceptable
  risks.
• We may be liable for injuries caused when we
  misjudge the risks, as well as when we make
  errors.

68
Different standards for tort law and science...

• Tort (injury) law uses different standards for
  risk and liability than we have been discussing
  so far.
• An engineer might not feel confident that action
  A had caused result B without strong statistical
  evidence (ie., 95 confidence)
• Tort law requires proof by a preponderance of
  evidence (ie., 51)

69
Recommendations...

• Work conscientiously, diligently, and ethically
  make sure your designs are consistent with best
  engineering practice.
• Document your actions and decisions in a Daily
  Log.
• Liability insurance is commonly purchased by
  design engineers. Costs can be high, depending
  on the work you do.

70
Representative costs for liability insurance
policies

• Chemical Engineers (with PE designations,
  signatory authority, plant-scale involvement)
• 1million coverage, 5000 deductible,
  premium900/yr
• Architects/Engineers
• 75million coverage, 15,000 deductible,
  premium10,000/yr