Extending the capabilities of the FMV
There is an increasing interest in utilising the FRAM approach for the analysis of what exactly is going on in complex sociotechnical systems in practical high hazard environments. There are, for example, a number of ongoing projects at the moment in aviation, self-driving vehicles and, of course, on the challenges of the COVID 19 pandemic for healthcare responses. But as well as these practical applications there is an increasing interest from the academic community, in extending and developing further, the underpinning concepts, as shown in the recent review (below)
Using a FRAM model for prospective analysis (risk assessment)
The most common form for prospective analysis is risk assessment. The purpose of risk assessment is to identify the hazards that may render the system incapable of fulfilling its purpose and – preferably – to calculate the probability that this may happen. The risk is usually defined as the combination of the probability of something happening and the severity or seriousness of the outcome. This view is expressed by the traditional risk matrix.
Another form of prospective risk analysis is design evaluation, which is done to find conditions or factors that may counteract or prevent a newly designed artefact or system from functioning as intended. Here the FRAM can be used to see if combinations of multiple preconditions and/or resources can weaken a design, or whether a lack of control or time constraints can impede intended functioning. The use of the FRAM for design evaluation is, however, not described further here.
The purpose of a FRAM analysis is to describe how a system should function to meet its objectives (i.e., “everyday” performance), and to understand the variability of functions which alone or in combination may prevent that from happening. In order to do so it is necessary first to build a FRAM model of the system and then to analyse a number of scenarios or instantiations of that model.
A FRAM analysis differs from a risk assessment by being based on a functional model of the potential functionality rather than a specific representation such as a fault tree or an event tree. Thus, rather than analyse an assumed event path and look for the probability that single steps may fail or malfunction, a functional analysis tries to find the ways in which a situation can develop, and what the possible outcomes may be, specifically which of the potential couplings that may become actual couplings. The considerations that go into selection representative scenarios are nevertheless basically the same, namely a good understanding of the domain.
A FRAM model describes a system’s functions and the potential couplings among functions. The model does not describe or depict an actual sequence of events, i.e., a future accident scenario. The basic steps in building a FRAM model of the activity (or performance) that is to be analysed have been described here. The development of the model ended by describing the potential variability.
A scenario can be described by an instantiation of the model. The instantiation is a “map” of how functions are coupled under given – favourable or unfavourable - conditions.
A risk analysis using the FRAM comprises the following steps:
© Copyright Erik Hollnagel 2016. All Rights Reserved.