In this book, I use examples to show how to make good decisions when system or product safety is involved. Such decisions do not necessarily seek maximum safety because the absolute maximization of either system or product safety may preclude other perspectives, such as overall cost or minimum needed capability. Instead, DMs seek a balance among all the factors.

The notion of maximizing safety implies that it can be measured or quantitatively analyzed. Probabilistic risk assessment (PRA), which had its genesis in the 1970s, provides the quantitative methodology that I use in this book for analyzing safety.

So what kinds of decisions do I analyze in these pages? I briefly describe some examples in the sections that follow.

The team’s scientists and engineers pepper the DM with suggestions for improving the rover, which range from using better software and enhancing maneuverability to supplying more electric power and increasing the rover’s scientific capability. Each alternative differs in terms of its cost, its impact on the schedule, and the probability of achieving a successful mission. How should the DM decide which suggestions are best?

The plant manager discusses the situation with company engineers and consultants and finds that this type of seal material has been known to degrade and eventually leak. He also learns that a newer type of seal material has much better long-term properties and is not so prone to leakage. These newer seals, however, are more expensive and more difficult to extract and replace if the electrical cabling must be replaced. The discussions result in five alternative courses of action: (1) seal off the room from the outside, (2) continuously monitor the current seals and repair or replace them in-kind as needed, (3) change all seals to the newer variety, (4) add flood-protection barriers around the critical equipment, and (5) do nothing. Although each alternative carries a different capital cost, operations cost, and safety level, plant capabilities are not affected by any of the alternatives. How should the DM decide which course of action to follow?

The term decision attribute, sometimes called decision criterion or measure of effectiveness, is a measurable or calculable factor used in deciding which alternative to choose. In the examples I present in this book, for example, the decision attributes are safety level, operating cost, capital cost, system availability, and mission success. Multiattribute decisions involve more than one attribute, and each alternative has an outcome associated with each attribute. Decision analysis is the field that was developed to help guide DMs through a cogent, rational method for choosing among alternative courses of action. Following this method increases a DM’s understanding of the interrelationships of attributes and alternatives. Although it does take time to go through the process, making potentially dangerous and expensive systems safer demands that this time be taken.

Throughout this book, I also use the following definitions:

PRA (the term I use in this book) is a method for calculating the level of safety by numerically estimating risk. In this way, the level of safety can be quantitatively included in a decisionmaking process with the same rigor as other quantified attributes such as cost, schedule, reliability, and many more. Calculating safety as a number, or more commonly, as a probability distribution, allows DMs to treat safety as they would other attributes in a multiattribute decision process.

Figure 1-1 is a simplified graphic of the concept of safety-related decisionmaking. At the left of the figure is the point in time when a decision must be made (labeled “Choose among alternatives”). Project engineers or scientists develop alternative courses of actions (labeled A, B, and N), and consult with the DM (e.g., the project manager) to create a set of attributes. The figure shows three typical attributes—cost, performance, and safety.

Next, DAs work with the engineers and scientists to estimate the probable consequences (or effects) of each alternative with respect to each attribute.² The effects in Figure 1-1 are numerical quantities (the probability distributions), which yield a metric of each attribute. Multiattribute decision analysis combines all the attribute consequences with the DM’s values or preferences to arrive at a ranking of alternatives.

The DM then decides which set of effects best meets the project’s objectives. As I describe in detail in this book, choosing the best set of effects involves combining consequences with values. As expressed by Keeney (1992), “Values are principles used for evaluation. We use them to evaluate the actual or potential consequences….” Said another way, values are a basis for establishing preferences. Without personal or organizational principles, we have no criteria with which to evaluate attributes and make the best choices. The DM infuses the decision analysis with her own values, allowing her to develop preferences among the attributes. For example, for purposes of the project’s objectives, she may value safety as much more important than cost or performance. Often the attributes must be considered jointly. For example, the incremental cost of additional performance and/or additional safety may be an important consideration.

In this context, we can think of performance as a desired system or product design feature. Examples include weight-carrying capability for rockets, power output for generators and microwave ovens, acceleration for automobiles, and durability for children’s toys. And we can think of safety as the probability of being free from harm. Finally, we can think of cost in terms of metrics such as investment expenditures or loss expressed in dollars.