Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022)

Edited by Maria Chiara Leva, Edoardo Patelli, Luca Podofillini, and Simon Wilson
©2022 ESREL2022 Organizers. Published by Research Publishing, Singapore.
doi: 10.3850/978-981-18-5183-4_R12-01-010-cd

Probabilistic Risk Analysis of Human Failure on Fluid Penetrant Inspection via

CAPEMO Causal Model.
André Luis G. Andriolo
Universidade Católica de Petrópolis-UCP, Brazil. E-mail: [email protected]
José Cristiano Pereira
Universidade Católica de Petrópolis-UCP, Brazil. E-mail: [email protected]
Alexandre Sheremetieff Jr.
Universidade Católica de Petrópolis-UCP, Brazil. E-mail: [email protected]
Fábio Esperança
Universidade Católica de Petrópolis-UCP, Brazil. E-mail: [email protected]
Abstract:
Fluid Penetrant Inspection relies so much on the cognitive, skill, and attitudinal aspects of human performance that
the risks of process failure are very high. Previous studies were focused on identifying risks in Fluid Penetration
Inspection, but none explicitly focused on the Human Reliability Analysis. The purpose of this paper is to use the
CAPEMO (Causal Model for Probabilistic risk analysis in Manufacturing Operation) to conduct a probabilistic
analysis of the chances of a human error during the inspection process. An in-depth literature review was conducted
to identify risk factors and validate by specialists. Bayesian Network was utilized to assess the risk factors that
contributed to the pivotal event. Goal-Tree Success-Tree was used to define additional barriers to the Non-
Destructive Testing process. As result, this study confirmed that implementing systematic barriers to mitigate risks
of human errors significantly reduced the probability of such Risk. Actions proposed to mitigate the risks caused by
human factors are connected to Environment Control, Organization Factors, Skills & Capacity. The proposed
method has been proved to be adequate to reduce the probability of an Operator failure and can be used in practice
to identify the Risk of human errors that can impact the results of the Non-Destructive Testing inspection.
Keywords: Risk Management, Fault-Tree, Fluid Penetrant Inspection, CAPEMO, HRA, Goal Tree, Success Tree.
1.
Introduction human factors field. For a Non Destructive
Inspection failures may take lives away. In the Testing (NDT) inspection to be reliable, the
civil aviation industry, failures on the Fluid whole system needs to be reliable (equipment,
Penetrant Inspection (FPI) inspection during a procedure, and personnel). "The largest source of
routine maintenance inspection resulted in terrible performance variation can be found in an
accidents, such as the Delta Flight 1288 accident operator. After all, it is the operators who interpret
in July 1998 when two passengers perished. Five the signals provided by the equipment." (Bertovic
got injured. The United Airlines Flight 232 M. 2019) According to this author, empirical
accident at Sioux City, Iowa in July 1989 was results have shown that time constraints, mental
caused by a fatigue crack undetected by the FPI workload, and knowledge impact inspection
inspection at the company's overhaul engine quality.
facility. The accident report determined that the The United Kingdom Health and Safety
cause of this accident was due to human factors Executive defines that "Human Factors refers to
and limitations in the inspection procedure. One environmental, organizational and job factors,
hundred twelve passengers died. Similarly, and human and individual characteristics which
catastrophic failures like these may also happen in influence behavior at work in a way which can
any other industry. For instance, the FPI affect health and safety." (International Civil
inspection process is used to detect fatigue cracks Aviation Organization (ICAO), 2003) therefore,
on naval structures submitted to cyclic tensions, investigating how the Human factors may impact
inspect heat exchangers tube bundles, etc. the results of an NDT inspection seems to be of
Reducing the probability of a failure in the FPI paramount importance. Drury also states that
inspection process is a big priority. efficient and effective NDT inspection depends
The most common solution adopted to improve on the good relationship between the
the performance in non-destructive testing is to organization, procedures, inspection equipment,
make better equipment and change procedures but and the human operator. (Drury & Watson, 2014).
quite a few resources are applied in research in the Previous studies did not address the influence of
432
 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022) 433

human factors on FPI, showing a gap in the The possibility of unsuccessful inspections by
literature. This paper proposes the use of Fluid Penetrant (and other NDT techniques) in
CAPEMO methodology (Pereira et al., 2014) to general has been part of risk management practice
perform the Human Reliability Analysis on the for organizations with high reliability and safety
FPI inspection process. The study identifies the demand for a long time. It is taken into account in
risk factors/events that lead to the operator's assessing the Risk of failure of a component or the
failure in identifying and reporting a major defect
entire system and is achieved by first assessing
(in this case a crack). It also defines the impact
and likelihood of each event occurring and the Risk of the component failing and deciding
suggests measures to increase human reliability in which FPI method should be applied. After the
the FPI Inspection process. The result are actions FPI was performed, the inspection result is taken
to reduce the risk of catastrophic failure caused by into the risk assessment. Future inspections are
this significant defect occurrence. planned based on this result and the general
This paper proposes responses to the following likelihood that the component will contain defects
important research questions: and eventually fail. (Bertovic, M., 2019)
1) Is the proposed method capable of performing The IEC/ISO 31010:2019 standard on risk
a quantitative and qualitative analysis of the risks assessment techniques suggests several factors
associated with human reliability in the Fluid that can influence the selection of the appropriate
Penetrant Inspection process? risk assessment technique: 1. The method's
2) What preventive actions emphasize increasing applicability to the desired steps in the risk
human reliability that can be implemented during
assessment process. 2.The availability of
the Fluid Penetrant Inspection process?
3) How to address methodologically the most resources. 3.The nature and the degree of
sensitive risks identified by the CAPEMO uncertainty associated with the Risk. 4.The
analysis? complexity of the problem and the methods
required to analyze it. The CAPEMO model can
2.
Risk Assessment be an effective tool to perform the Human
Risk Assessment is a systematic, step-by-step Reliability Analysis since all requirements
procedure for appraisal of risks, establishing the described above are met in full.
probability of a risk occurring and the
consequence. (Ostrom, L. T., Wilhelmsen, Cheryl 3.
The CAPEMO (Causal Model for
A., 2019) The International Organization for Probabilistic risk analysis in Manufacturing
Standardization defines Risk as an "effect of Operation)
uncertainty on objectives" (ISO 31000:2018, p. The CAPEMO model performs simulations on a
1), Risk can be defined as the perception of a structured approach by combining different
deleterious result or a potential negative impact methodologies such as Bayesian Belief Networks
that comes from a present process or a future (BBN) and Fault tree and provides the probability
event" (Hollnagel, 2008b, p. 33). Martin Rausand of a major consequential event happening as
(Rausand, 2020) applies three key questions to output. The first step is establishing the basic
risk analysis: What can go wrong? What is the process of mapping and defining the pivotal
likelihood of that happening? Furthermore, what element leading to the major consequential event.
are the consequences? David Hillson expands it to Next, a fault tree is drawn to represent the process
seven questions: a) What to do to achieve the mapping graphically. The third step consists of
Goal? (objective setting); b) What can affect me? defining the probabilities for each event of the
(Risk Identification); c)Which ones are the Fault Tree to be used to model a correspondent
biggest? (Risk prioritizing) d) What can be done BBN that will help to identify the
about it? (Plan and implement actions to mitigate interdependence between the various events in the
Risks); e) Does it work? (Review the Risks); f) To Model. Once the BBN is complete and the
whom shall one tell it about? (Report the Risks); probabilities are defined, the CAPEMO model
g) What has changed? (perform a Risk update) will be able to provide the final probability of the
(Hillson & Simon, 2020) major consequential event.
434 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022)

4.
HRA – Human Reliability Analysis the same errors, regardless of the people involved.
Normally, human beings are responsible for In addition, people in high-reliability
performing all phases on the majority of the organizations are generally motivated to do a
technical systems, from concept through good job - what they do generally makes sense to
management, fabrication, operation, and them at the time (Dekker, 2013). This view is
maintenance. Humans tend to make mistakes, and being replaced by the modern approach focusing
it is often said that "to err is human." As humans, on the underlying conditions that create
we are much more complex than technical possibilities for failure. Human error is a
systems, and it is difficult to predict the types of symptom of problems hidden deeper in the
errors that we may commit. (Rousand 2020) system. Efforts are thus invested into the
Many definitions of human factors can be found conditions under which people work and ways to
in the literature. HRA involves the use of prevent the failures (Dekker, 20130; (Hollnagel,
qualitative and quantitative methods to assess the 1993); Leveson, 2011; Rasmussen, 1997; Reason,
human contribution to Risk. and defines the 2015). This is achieved by implementing
probability of a person conducting a specific task defenses. Hence, when adverse events do occur,
with satisfactory performance and implies a the question should not be who failed but rather
systematic prediction of potential human errors, how and why the defenses failed.
and actions that can be taken to eliminate or Typical methods for preventing errors include
reduce their occurrence and maximize safety and designing the system so that it is simple and easy
performance. (Marques et al., 2021), (Bell & to use, training, adequate warnings that can
Holroyd, 2009). The Health and Safety Executive anticipate a system state that will likely lead to
states that "human factors refer to environmental, error, and restricting the operator's exposure to
organizational and job factors, and human and opportunities for error (Sheridan, 2008). The
individual characteristics, which influence attempts to minimize the occurrence of errors are
behavior at work in a way which can affect health either proactive or reactive. The proactive
and safety". (Health And Safety Executive, 1999). approach is based on improving the human-
(Henry M. Stephens (2000) offered a more system interface. This is most commonly
specific, NDT-oriented definition linking the achieved by creating decision aids, improving the
human factors to the "mental and physical make training or the procedures, automating system
of the individual". The individual's training and interface features, etc. The reactive approach
experience and the conditions under which the focuses on eliminating the reoccurrence of
individual must operate, influence the NDT already occurred errors. The common term used
inspection. The HRA has an important role in all for these error prevention or minimization
inspection systems. The types of human actions techniques is defenses or barriers.
required on a typical NDT Inspection are the
5.
Bayesian Belief Networks (BBN)
definition of inspection strategy, selection of
inspection techniques, preparation of equipment Bayesian Networks (BNs), also called Bayesian
and procedures, acquiring, analyzing, and Belief Networks (BBN), have become an
recording data, and reporting inspections. A increasingly popular part of the risk and reliability
failure on any of those tasks can result in missed analysis framework due to their ability to
of falsely reported defects(Vasconcelos et al., incorporate qualitative and quantitative
2019). information from different sources. (Dana &
Reason (2015), states that by concentrating on the Boring, 2009) It models interdependency and
individual origins of error, the act is wrongfully provides a causal structure that allows a deeper
isolated from its context and, therefore, critical insight into risk drivers and into specific
factors can be missed. First, it is often the best interventions that reduce Risk. The Bayesian
people that make the mistakes, and second, the structure consists of nodes drawn as ellipses, and
same combination of circumstances can provoke connecting arcs represented as arrows. The nodes
contain variables with probability information
 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022) 435

about risks that affect humans, software, and The Goal Tree Success Tree analysis process has
calibration failure. The directional arcs represent been known by experts for almost thirty years.
causal influence relationships between nodes. The However, there seem to be few publicly available
starter nodes are the parents and have their documents that provide comprehensive coverage
probability estimated by experts, while the from basic principles to advanced techniques.
children are the nodes further down the structure. According to Ingoldsby (2021) "All models,
A child can be the source for a connected follow- including attack trees, will break down if they are
on child, also called sink node. BBN structure has used beyond their limits." According to Gaol
one child at the end as a target node and different (2019) a Goal Tree Model will be documented
parents. The majority of the parent nodes contain and will become a reference in developing the
expert opinion, hence subjective information. The stages of the business process that focus on the
discrete nets used calculate the conditional organization's Goal. According to Pereira &
probability of the random variables corresponding Almeida (2014), there are common philosophic
to linked nodes, each variable represents states of points about improving quality and company
a process component. sustainability. It is necessary to map all processes
The use of BBN allows the modeling of the to increase actions and identify actions to achieve
interdependencies between events and makes the results To create a Goal Tree. Each step, resource,
Model consistent. The probability values are standard, and activity must be organized by
obtained from experts according to specific hierarch level so, the first step in developing a
procedures of probability elicitation. Conditional goal tree model involves the definition of Goal or
probability tables represent the interdependencies objective. This top Goal must be explicitly
between events. Fig. below shows an example of defined in terms that make it a single
BBN represented by parent nodes O and T unambiguous statement. From this definition, the
causing event M. The probability that event M is analyst will identify and relate all the different
true is calculated by the formula shown in (Fig.4). plant goals and subgoals that must be achieved to
attain the overall objective.
       
    
 8.
Methodology
   
                 8.1. Selecting the Population and Sample
   
               
The study adopted the approach of building
theory from Case Study Research (Eisenhardt,
   
                 1898) and Hancock et al. (2021). It combined data
   
              
from an in-depth literature review, a survey with
certified personnel from different locations, and
Fig. 4 - Formula for the probability that event M observations carried out in Fluid Penetrant
is true Inspection in a specific industrial facility.
8.2. Using Instruments and Tools
6.
Fault Tree Analysis
In the first step, a detailed process map of the fluid
The Fault Tree Analysis is a graphic way to penetrant inspection process was prepared to
demonstrate a top-down analysis to help on the understand the process variables and the risk
definition of undesirable events that can affect a factors. In the second, a Fault Tree was
system or a subsystem, using Boolean logic to constructed, and an elicitation survey structure
correlate the events through gates. A deductive was designed.
process is used to discover the root cause or 8.3. Data Collection
human errors for different situations, such as
An elicitation Survey was prepared using the
labor accidents, any fault in an industrial process, Google form "Forms" and submitted to several
or any unexpected event. (Edraw, 2021) professional specialists certified and non-certified
in FPI. The Fluid Penetrant Inspection in a
7.
Goal Tree Success Tree (GTST)
specific industrial facility was also observed to
obtain the required data.
436 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022)

8.4. Data Analysis & Actions most common human errors, and implement the
The survey result and operation process map were Measure System Analysis.
analyzed with the help of certified personnel. The
data obtained were handled with the software
Agenarisk to define the node/cause that had the
most significant influence on the Top Event. In
the end, the goal was defined as "Good Attitude"
since the factor contributing more to the Risk of
missing a crack was the item "Attitude."
Performance improvement actions were defined.
9.
Results Fig. 5 - Fault Tree
Fluid Penetration Inspection Process was mapped An elicitation survey was prepared using the
and the Pivotal element in this study was defined Google "Forms" tool and submitted to several
as missing a significant flaw during the certified and non-certified FPI. The experts were
inspection. Within the different types of contacted by e-mail based on lists of certified
discontinuities described on various standards, personnel found online with more than 200
books, papers as significant flaws, the crack is messages sent. Twenty-seven experts responded
credited as the most critical defect since it may to the questionnaire being only five were not
lead to a catastrophic event that, depending on the certified in FPI. Twenty-nine questions
application, causes loss of lives assets, and correspond to the 29 possible causes identified on
money. the Fault Tree (Fig. 6). Experts were not identified
In many Non-Destructive Testing reliability to avoid any bias on the interpretation of the
studies, the Probability of Detection (PoD) curve survey. Each question gave the expert the
is used to express the detection process's possibility of marking from zero to ten, meaning
reliability as a function of a variable of structural zero is less likely to happen and ten is the most
interest, usually crack size, as a single parameter. likely to happen. The responses were tabulated
(Hovey & Berens, 1988). Moreover, according to and weighted as 50% for the expert not certified
Drury, NDT techniques are designed specifically in FPI (for the certified experts, 100% weight was
given independently of the certification level).
for a single fault type (usually cracks). Much of
This weighting was the only correction made on
the variance in PoD can be described by just crack
the elicitation survey.
length so that the PoD is a realistic reliability The BBN shown in Fig.6, was prepared with the
measure. It also provides the planning and life results from the elicitation survey. The values
management processes with precisely the data were populated onto the AGENA RISK®
required as structural integrity is largely a software with the probabilities defined in each
function of crack length. (Drury, C., & Watson, J. question.
(2014)). Several other references confirm that The sensitivity analysis provided by the AGENA
crack is a defect that raises the most significant RISK® software defined the node/cause that has
concerns in the industry in general. the most considerable influence on the Top Event.
The fault tree diagram is shown in fig. 5. This In this case, the operator failure leads to the non-
study covers the five human factors that may
identification and consequential non-reporting of
cause an operator failure: environment control
a major defect (crack) on the piece object of
(ergonomics, time constraints, light intensity),
organizational factors (production planning, inspection.
production targets, quality, and maintenance
system), skills and capacity, attitude, and
distraction. Also, four barriers were considered
for the error prevention or minimization, process
audit focused on HRA, certification of inspectors,
training of the inspectors focused on preventing
 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022) 437

Fig. 6 - BBN with the results from the

elicitation survey – Partial view
The item identified as the most significant
contributor to the Top Event was Attitude which
Fig. 7 – Goal Tree
relates to three items: - Negative mental attitude According to the Goal Tree analysis, the
of the inspector/operator leads to higher rejection organization should work on the following
rates. Operator/inspector's personal problems actions: Improve the organizational
negatively influence the interpretation of the test Communication, implement a conflict
results. Lack of horizontal and vertical administration system based on facts, prepare the
communication skills leads to misunderstanding Human Resources to help the employees with
and conflicts. After defining the new barrier, the their difficulties, invest in communication
Model should be rerun until the probability of the training and work on team building in to boost
Top Event occurring lows below 30%. integration and homogenization of information
The Goal in Figure 7 was defined as "Good and knowledge of the team. A Performance
Attitude" since the factor contributing more to the improvement process can be implemented to
Risk of missing a crack was the item "Attitude." expedite the changes necessary to improve the
Human reliability on the FPI inspection process.
According to Meyer, John P. Allen, Natalie J.
(1991), there are three components for the 10.
Discussion of Results
organizational commitment to work: Affective The proposed method demonstrated that
commitment, Continuance commitment, and implementing systematic barriers to mitigate the
Normative Commitment. The organizational risks of human errors reduced the probability of
commitment is influenced by, among other such Risk happening. Actions taken to mitigate
things, the personal characteristic, the the risks caused by human factors connected to
organizational structure, work experiences, Environment Control, Organization Factors,
Skills & Capacity, and Distraction proved to
feeling comfortable in the organization,
reduce the probability of an operator failure
socialization (cultural/familial/organization).
significantly. Several barriers contributed to
Psychological and spiritual factors impact human reducing the Risk of Operator Failure. A training
errors (Pan et al., 2017). Based on these program that focuses on Human Factors sensitizes
principles, the critical success factors to achieve inspectors, supervisors, and managers and creates
the Goal were defined as having a "Positive the perception of the importance and impact of
Mental Attitude," being able to "Leave Personal time constraints, management pressure, and
Problems at Home," having "Good Horizontal personal problems. The establishment of audit
Communication," and improving "Management checklists that include verification if the human
Communication Skills." Necessary conditions are factors that impact the inspection performance
linked to motivation tools and improved have been considered. A Measurement System
communication skills to achieve the defined Analysis is important to verify the inspection
critical success factor. process's repeatability, reproducibility, bias,
stability, resolution, and linearity. It indicates
possible systemic process failures that may
influence the interpretation of the test results.
438 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022)

These results are consistent with previous studies. The study suggests that human factors aspects
Drury asserted that the dominant variance factors should be highlighted on the training material and
on the NDT procedure application are more the audit checklists.
linked to materials, procedure, and human factors. In response to the question "Is the proposed
Marija Bertovic stated that the organization of the method capable of performing a quantitative and
working schedule, Communication, procedures, qualitative analysis of the risks associated with
supervision, time pressure, mental workload, and human reliability in the Fluid Penetrant
experience influence the quality of the inspection Inspection process?" the qualitative analysis
performance. identified the risks involved in the FPI Process,
The sensitivity analysis identified that errors developing a strategy to address these risks with
linked to Attitude factors lead to the high probabilities (quantitative approach) to prepare an
probability of an Operator Failure. Therefore, a action plan.
new barrier should be established to help mitigate In response to the question, "What preventive
the following risks. An error occurs due to the actions emphasize increasing human reliability
inspector/operator; Operator/inspector's problems that can be implemented during the Fluid
negatively influence the interpretation of the test Penetrant Inspection process? The Actions
results; Lack of horizontal and vertical defined on Environment Control, Organization
communication skills leads to misunderstanding Factors, Skills & Capacity, and Distraction
and conflicts. proved to be effective in reducing the probability
This study also proposes that using a root cause of operator failure significantly. The CAPEMO
investigation tool may help determine what model proved to be effective in assessing the risks
actions may raise additional barriers to the NDT associated with human factors involved in the FPI
inspection process. It suggests a Performance inspection process and showed that actions could
Improvement process to speed up the be taken to reduce the possibility of missing a
implementation of change and make it last and crack when inspecting a critical part.
effective in mitigating the risks. This work did not As a suggestion for further studies, the authors
investigate the influence of human errors related recommend: (1) studying the influence of human
to improper fluid penetrant inspection materials factors on different NDT processes using the
and supplies and incorrect inspection procedures CAPEMO model to investigate the causes of
and is limited to human factors that may lead to Operators Failures on those processes and (2)
operator failure during the FPI process. extending the use of the proposed Model on
another process that is also heavily influenced by
11.
Conclusion
the Human Factor.
The paper presents how the CAPEMO causal
model for can be applied in the Fluid penetrant 12.
References
Inspection process. Independent and structured Bell, J., & Holroyd, J. (2009). Review of human
data obtained from the expert elicitation process reliability assessment methods. In Health &
raised the probabilities for the different causes of Safety Laboratory.
failure in the inspection process. The proposed http://www.hse.gov.uk/research/rrpdf/rr679.pdf
Model proved to be an essential tool for risk Bertovic, M., (2019). Human Factors in Non-
assessment processes strongly influenced by Destructive Testing (NDT): Risks and
human factors. The CAPEMO model can be Challenges of Mechanised NDT. Published
applied in quantitative analysis of the risks of a by ProQuest LLC (2019)
human error by using experts' opinions to map the Dana, K., & Boring, D. (2009). Human
process and draw a network of probabilities Reliability Analysis (HRA) P-203 United
allowing a sensitivity analysis that gives the States Nuclear Regulatory Commission.
probability of occurring errors that leads to the Idaho National Laboratory, March.
undesired Top Event. The CAPEMO model has https://www.nrc.gov/docs/ML1204/ML120
combined findings from the BBN analysis on the 44A208.pdf
human factors in Fluid Penetrant Inspection to Dekker, S. (2013). The field guide to
produce recommendations for good practices in understanding human error. August 2000,
inspection training and inspection process audits. 1–236.
https://doi.org/10.1080/00140130701680544
 Proceedings of the 32nd European Safety and Reliability Conference (ESREL 2022) 439

Drury, C., & Watson, J. (2014). Human factors International Civil Aviation Organization
good practices in Fluorescent Penetrant (ICAO). (2003). Human Factors Guidelines
Inspection. Research Gate, June, 1–57. for Aircraft Maintenance Manual. 147.
https://www.researchgate.net/publication/2 ISO 31000:2018 Risk management – Guidelines
53111957 ISO (the International Organization for
Eisenhardt, K. M. (1989). Building theories from case Standardization). 2018
study research. Academy of management review, ISO. IEC 31010:2019 – Risk management –
14(4), 532-550. Risk Assessment Techniques. ISO (the
Gaol, Ford Lumban, Danny, Jonathan and International Organization for
Matsuo, Tokuro. (2019) "Application of Standardization). 2019
organization goal-oriented requirement Marques, R. O., Vasconcelos, V., Soares, W. A.,
engineering (OGORE) methods in erp- Silva Júnior, S. F., Raso, A. L., &
based company business processes" Open Mesquita, A. Z. (2021). Probabilistic Safety
Engineering, vol. 9, no. 1, 2019, pp. 545- Analysis and Risk-Based Inspection of
553. https://doi.org/10.1515/eng-2019-0064 nuclear research reactors: state-of-the-art
Hancock, D. R., Algozzine, B., & Lim, J. H. (2021). and implementation proposal. Brazilian
Doing case study research: A practical guide for
beginning researchers.
Journal of Radiation Sciences, 8(3B), 1–12.
Health And Safety Executive. (1999). https://doi.org/10.15392/bjrs.v8i3b.371
Understanding Human Failure: Human Pan, X., Lin, Y., & He, C. (2017). A Review of
Failure and Accidents HSG48. In Human Cognitive Models in Human Reliability
Factors in Industrial Safety: Reducing Error Analysis. Quality and Reliability
and Influencing Behaviour (Vol. HSG48). Engineering International, 33(7), 1299–
https://doi.org/10.1108/ss.1999.11017cae.0 1316. https://doi.org/10.1002/qre.2111
07 Pereira, J., Lima, G., Santanna, A., Peres, L., &
Henry M. Stephens, J. (2000). NDE Reliability - Pizzolato, N. (2014). Causal Model for
Human Factors - Basic Considerations. probabilistic risk analysis of jet engine
Roma 2000 15th WCNDT. failure in manufacturing situational
https://www.ndt.net/paper/wcndt00/papers/i operation (CAPEMO). Complexity, 3(3).
dn736/idn736.htm Rausand, M. (2020). Risk assessment. In
Hillson, D., & Simon, P. (2020). Practical Norwegian University of Science and
Project Risk Management, Third Edition: Technology. Wiley; 2nd ed. 2020
The ATOM Methodology (3rd ed.). Reason, James (2015) Organizational Accidents
Berrett-Koehler Publishers. Revisited. CRC Press; 1ª ed 2015
https://books.google.com.br/books?id=4Xz Vasconcelos, V., Soares, W. A., Marques, R. O.,
nDwAAQBAJ&lpg=PP1&ots=q8LLxY__h Silva Jr, S. F., & Raso, A. L. (2019).
8&dq=Practical Project Risk Human reliability in non-destructive
Management%2C Third Edition%3A The inspections of nuclear power plant
ATOM Methodology pdf&lr&hl=pt- components: modeling and analysis.
BR&pg=PP1#v=onepage&q&f=false Brazilian Journal of Radiation Sciences,
Hollnagel, E. (1993). The phenotype of https://doi.org/10.15392/bjrs.v7i2b.368
erroneous actions.pdf (p. 32). International Wilpert, B., & Miller, R. (1999). Nuclear Safety:
Journal of Man-Machine Studies Volume A Human Factors Perspective. CRC Press, 1998.
39 issue 1 1993 [].
https://doi.org/10.1006%2Fimms.1993.1051
Hovey, P. W., & Berens, A. P. (1988). Statistical
evaluation of NDE reliability in the
aerospace industry. Review of Progress in
Quantitative Nondestructive Evaluation, 7
B, 1761–1768. https://doi.org/10.1007/978-
1-4613-0979-6_108
Ingoldsby T. R. (2021) Attack Tree-based Threat
Risk Analysis by Amenaza Technologies
Limited