Text

I Still Have Nightmares About That Class*

PRA: why its complicated and why it doesnt have to be Nathan Siu Senior Technical Adviser for PRA Analysis Office of Nuclear Regulatory Research Division of Risk Analysis RES Staff Technical Seminar (Virtual) - Part 1 May 13, 2021 (2:00-3:00)

• The views expressed in this presentation are not necessarily those of the U.S. Nuclear Regulatory Commission.

Special Guests:

Prof. George Apostolakis Dr. Harold S. Blackman Dr. Dennis C. Bley Dr. Robert J. Budnitz Prof. Ali Mosleh John W. Stetkar Dr. Thomas R. Wellock

2 Summer at NRC After 40+ years, PRA seems intuitive to me Browns Ferry Fire, WASH-1400 Indian Point PRA 1975 1980 1985 1990 1995 2000 2005 2010 2015 2020 Join PLG Join INL Join MIT COMPBRN (NRC-support)

Quad Cities IPEEE 9/11 Fukushima Join NRC Typewriters, punch cards => laptops It cant be done => modern risk-informed regulator Punch card graphic adapted from: https://en.wikipedia.org/wiki/Punched_card#/media/File:FortranCardPROJ039.agr.jpg. Publicly available under Creative Commons Attribution-Share Alike 2.5 Generic conditions, COVID-19

3 but it might not be to others Carolyn (12)

Kenny (9)

Christopher (4)

Who does Daddy work for?

The Nuclear Regulatory Commission Wha? The government Me What does he do?

Makes sure nuclear plants dont go overboard or something like that He reads a lot of stuff and goes to meetings Write An old survey 1Ola Bckstrm, The role of digital insight in a safer nuclear industry, Power, January 28, 2021. (Available from:

https://www.powermag.com/the-role-of-digital-insight-in-a-safer-nuclear-industry/)

You no longer need to be a mathematical genius to run a reliability or risk analysis.

- Ola Bckstrm (2021)1 More recently

4 Talk Outline

• PRA: what is it and why do it?

• Challenges and complications

• Strategies for reducing complexity

• Closing remarks Alphabet Soup PRA = Probabilistic Risk Assessment RIDM = Risk-Informed Decision Making

5 PRA: WHAT AND WHY

6 Risk Assessment

• Risk (per Kaplan and Garrick,1 adopted by NRC2)

- What can go wrong?

- What are the consequences?

- How likely is it?

• Qualitative as well as quantitative

• Non-prescriptive, flexible

- Does not define wrong or prescribe metrics for consequences or likelihood

- Does not define how risk is to be assessed 1S. Kaplan and B.J. Garrick, On the quantitative definition of risk, Risk Analysis, 1, 1981.

2See, for example:

- White Paper on Risk-Informed and Performance-Based Regulation (Revised), SRM to SECY-98-144, March 1, 1999.

- Glossary of Risk-Related Terms in Support of Risk-Informed Decisionmaking, NUREG-2122, May 2013.

Whats in a word?

analysis, n., process of separating an entity into its constituent elements; process as a method for studying the nature of something or determining its essential features and their relationships assessment, n., an estimation or judgment of value [emphasis added] or character

7 PRA Risk assessment where likelihood is quantified in terms of probability

• Still flexible - definition does not mandate specific methods (e.g., event tree/fault tree analysis)

• Typically: engineering analysis process

- Models facility/process as an integrated system

- Attempts to address all important scenarios (within study scope)

- Attempts to use all practically available, relevant information (not just statistics) 1See:

- G. Apostolakis, Probability and risk assessment: the subjectivistic viewpoint and some suggestions, Nuclear Safety, 9, 305-315(1978).

- G. Apostolakis, The concept of probability in safety assessments of technological systems, Science, 250, 1359-1364(1990).

- M. Granger Morgan, Use (and abuse) of expert elicitation in support of decision making for public policy, National Academy of Sciences Proceedings (NASP), 111, No. 20, 7176-7184, May 20, 2014.

Subjective Interpretation of Probability1 Probability quantifies degree of belief Appropriate for decision support Inherent in current PRAs (e.g., Bayesian updating)

Not universally accepted

Subjectivity uncomfortable for many

Technical objections (appropriateness of a lottery model for characterizing subjective uncertainty)

8 Why PRA?

PRA Policy Statement (1995)1

• Increase use of PRA technology in all regulatory matters

- Consistent with PRA state-of-the-art

- Complement deterministic approach, support defense-in-depth philosophy

• Benefits:

(1) Considers broader set of potential challenges (2) Helps prioritize challenges (3) Considers broader set of defenses Risk assessment is a set of tools, not an end in itself. The limited resources available should be spent to generate information that helps risk managers to choose the best possible course of action among the available options.

National Research Council, 1994 It [fire PRA] aint perfect but its the best thing weve got.

- G. Holahan Our tendency is to focus on things that are interesting and make them important. The thing that we have to do is focus on what really is important

- R. Rivera, 2020 1U.S. Nuclear Regulatory Commission, Use of Probabilistic Risk Assessment Methods in Nuclear Activities; Final Policy Statement, Federal Register, 60, p. 42622 (60 FR 42622), August 16, 1995

9 Risk information has uses beyond immediate decision support 9

Adapted from NUREG-2150

10 Moving Forward

• Past successes1 => expectation of future successes

• Past results => anticipation of future challenges

• Continued investment => readiness to meet challenges, maintain NRC international leadership 1For examples, see Probabilistic Risk Assessment and Regulatory Decisionmaking: Some Frequently Asked Questions, NUREG-2201, September 2016.

0.00 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0.80 0.90 1.00 0

10 20 30 40 50 Probability {one or more accidents before t}

Years from Now Average Plant CDF 10-4/ry 5*10-5/ry 10-5/ry International Fleet ~ 440 rx

11 NPP PRA: ITS CHALLENGING

12 0.0 5.0 10.0 15.0 Fatality Rate by Vehicle Type (2018)

Cars SUVs Pickups Vans 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Fatalities/105 Vehicles Lots of Data => Statistical Analysis Data from https://crashstats.nhtsa.dot.gov From Traffic Safety Facts: Research Note, U.S. Dept. of Transportation, 2016.

0.00 1.00 2.00 3.00 4.00 5.00 6.00 0

10,000 20,000 30,000 40,000 50,000 60,000 Fatality Rate (per 100M VMT)

Fatalities Motor Vehicle Fatalities 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Alcohol-Impaired Driving Fatality Rates per 106 VMT (2018)

U.S. Average: 0.32 Maryland: 0.20 Accident Causes Driver Vehicle Environment Unknown Driver Errors Recognition Decision Performance Non-Performance Other 2005-2007

13 Fundamental NPP PRA Challenge: Little/No Plant-Level Data Sparse data

- Few accidents/serious incidents

- Statistical relevance challenged by design and operational changes

- Interest in specific plant => further reduced data set Coping strategies

- Decomposition-based systems modeling (e.g., event trees, fault trees)

- Specialized estimation procedures (e.g.,

Bayesian statistics, expert elicitation) for model elements

=> Complexity (no free lunch)

Accident In a nutshell Note TMI 2 (1979)

Anticipated transient +

additional failures and errors Unlikely confluence of likely events Chernobyl 4 (1986)

Systems test in unstable regime, violating procedures Single-minded aim to perform test Fukushima Daiichi 1-3 (2011)

Beyond design basis tsunami Extremely unlikely catastrophic event Licensee Event Reports 1969-2019 (~4360 ry)

(No significant precursors since 2002; one under review) significant precursor precursor 2021: ~18700 reactor-years

14 PRA Complications

• Inherent in problem, e.g.,

- Complex phenomenology (often beyond experience)

- Multiple technical disciplines, roles, and perspectives

• Highlighted (or even introduced) by coping strategies for sparse data com*pli*cat*ed, adj. consisting of many parts not easily separable; difficult to analyze, understand, explain, etc.

For many years, risk assessment required a high level of abstraction and an elite team of analysts fully immersed in the ways of every single component and their failure profiles. A heady task for any risk analyst, but one made doubly hard by the exacting requirements of nuclear.

- Ola Bckstrm (2021)1 1Ola Bckstrm, The role of digital insight in a safer nuclear industry, Power, January 28, 2021. (Available from:

https://www.powermag.com/the-role-of-digital-insight-in-a-safer-nuclear-industry/)

15 Complex Phenomenology: Scenario Dynamics (1)

Time

Time Hazard Systems Indications Operators/Workers ERC/ER team EP 14:46 0:00 Earthquake Scram 14:47 0:01 MSIVs close, turbine trips, EDGs start and load Rx level drops 14:52 0:06 ICs start automatically RV pressure decreases; RV level in normal range 15:03 0:17 ICs removed from service Cooldown rate exceeding tech spec limits Manually remove IC from service 15:06 0:20 Disaster HQ established in TEPCO Tokyo 15:10 0:24 Determine only 1 train IC needed; cycle A train 15:27 0:41 First tsunami arrives 15:35 0:49 Second tsunami arrives 15:37 0:51 Loss of AC 15:37 0:51 1537-1550: Gradual loss of instrumentation, indications (including IC valve status, RV level), alarms, MCR main lighting Determine HPCI unavailable 15:42 0:56 TEPCO enters emergency plan (loss of AC power); ERC established 16:35 1:49 D/DFP indicator lamp indicates "halted" 16:36 1:50 Review accident management procedures, start developing procedure to open containment vent valves without power Cannot determine RV level or injection status; work to restore level indication; do not put IC in service Review accident management procedures, start developing procedure to open containment vent valves without power Declared emergency (inability to determine level or injection)

16 Complex Phenomenology: Scenario Dynamics (2)

17 Coping with Dynamics

• Aggregation (bundling)

• Simplified timing + success criteria For an early discussion of transitions between sequences, see G. Apostolakis and T.L. Chu, Time-dependent accident sequences including human actions, Nuclear Technology, 64, 115-26 (1984).

18 Complication: Multiple Disciplines, Multiple Roles NPP PRA Mechanical Electrical Fire Protection Earth Sciences Human Factors Probability

& Statistics Operational Experience Materials Systems Science Plant Systems Nuclear Civil Developers Analysts/

Reviewers Users Different points of view:

Whats important to the analysis?

Whats an acceptable solution approach?

19 External Flooding at Plant X: Model Scope?

U.S. watershed image from https://www.nps.gov/miss/riverfacts.htm

20 Diverse Views: From Coping to Benefitting?

From You PRA Guys/Gals to Us PRA Guys/Gals?

• Clear definition of analysis needs, interfaces

• Stakeholders 101: early, open engagement

• Future: integrated native language analysis (e.g., dynamic PRA)?

21 Complication: Numerous Possibilities Many paths to core damage Many ways to fail each barrier in path

22 Coping with Multiple Scenarios

• Model simplifications, e.g.,

- Screening

- Grouping (often with bounding quantification)

• Boolean algebra, reliability theory,1 e.g.,

for independent basic events, where

• Software tools to implement theory Risk Spectrum RISKMAN CAFTA

1 1 1 1 1 See, for example, R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testing Probability Models, To Begin With, Silver Spring, MD, 1975. (Available in the NRC Technical Library: TS173.B37 c.1)

23 Complication: Sparse Data 10 12 14 16 18 20 22 24 26 28 30 Flood Height (ft)

Potomac River Flooding (Little Falls, VA)

Major Flood Moderate Flood 1930 1940 1950 1960 1970 1980 1990 2000 2010 2020 Data from: https://water.weather.gov/ahps2/crests.php?wfo=lwx&gage=brkm2&crest_type=historic

24 Coping with Sparse Data: Modeling + Bayesian Estimation 0.00 0.05 0.10 0.15 0.20 0.25 0.30 probability density Major Flood Frequency (/yr)

First cut bounding analysis: major flood1 => catastrophic flood Frequency of major flooding ()

- Prior state-of-knowledge: minimal

- Evidence: 12 major floods over 1932-2019 (87 years)

- Bayes Theorem:

- Posterior state-of-knowledge:

More sophisticated analysis if needed (e.g., frequency-magnitude analysis (perhaps with expert elicitation)

Date Flood Height (ft) 5/14/1932 15.25 2/27/1936 14.69 3/19/1936 28.10 4/28/1937 23.30 10/30/1937 15.62 10/17/1942 26.88 4/29/1952 14.17 8/20/1955 17.60 6/24/1972 22.03 11/7/1985 17.99 1/21/1996 19.29 9/8/1996 17.84 05 = 0.079/yr 50 = 0.13/yr 95 = 0.21/yr mean = 0.14/yr prior posterior

Poisson Non-informative 1 Data from: https://water.weather.gov/ahps2/crests.php?wfo=lwx&gage=brkm2&crest_type=historic 2Major Flood: height > 14 ft Potomac River (Little Falls, VA)1

25 More Complications: Expert Elicitation >> BOGGSAT1

• Mechanism to support decision making

- Diverse, authoritative views

- Broad range of evidence

• Social process => social biases; need

- Formal elicitation processes (e.g., SSHAC2)

- Sufficient time and resources

• Need to remember purpose and context; follow-on experimentation, analysis, etc.

may be needed 1BOGGSAT: Bunch of guys and gals sitting around a table 2SSHAC: Senior Seismic Hazard Analysis Committee. See R. J. Budnitz, et al., Recommendations for Probabilistic Seismic Hazard Analysis: Guidance on Uncertainty and Use of Experts, NUREG/CR-6372, 1997.

P{XlC,H}

what we believe conditions of probability statement what we know proposition/event of concern Level Characteristics 1

TI only (literature review, personal experience) 2 TI interacts with proponents and resource experts 3

TI brings together proponents and resource experts 4

TFI organizes expert panel to develop estimates TI = Technical Integrator TFI = Technical Facilitator/Integrator

26 SO PRA CAN BE COMPLICATED.

DOES IT HAVE TO BE?

You no longer need to be a mathematical genius to run a reliability or risk analysis.

- Ola Bckstrm (2021)1 1Ola Bckstrm, The role of digital insight in a safer nuclear industry, Power, January 28, 2021. (Available from:

https://www.powermag.com/the-role-of-digital-insight-in-a-safer-nuclear-industry/)

27 It depends. (Tough problems => increased complexity)

• Technically challenging

- Complex phenomenology

- Multiple disciplines, roles, perspectives

• Tough decisions (higher-fidelity solutions)

- high stakes

- multiple stakeholders

- multiple risk attributes

- uneven distribution of risks and benefits

- large uncertainties From Indian Point Emergency Plan (ML15357A005)

28 Reducing PRA Complexity Source Simplification Strategy BUT Complex phenomenology Simplify regulated systems/processes Increase certainty in rarity of off-normal conditions (facilitates screening)

Obtain more empirical data (reducing need for sub-modeling)

Improve PRA technology1 to improve focus on whats important Beware of simplistic characterizations (e.g.,

gravity never fails => natural circulation cooling will always work)

Remember real-world testing and maintenance needs => extra bits and pieces, off normal configurations and procedures Remember even simple systems can have complex behaviors (e.g., dynamic resonances)

Multiple disciplines, roles, perspectives Improved communication Beware of unintended side effects (e.g., reducing diversity through forcing a view)

Tough decision problem (driving need for high-fidelity PRA model)

Reduce stakes (e.g., by reducing potential consequences), enabling lower-fidelity model Recognize some risk metrics (e.g., for enterprise risk) might be less sensitive to design/operational changes Recognize technical arguments for reduced concern might not be accepted 1PRA Technology = PRA methods, models, tools, data

29 Internal Risk Communication Challenge Principle: the decision maker should be an informed consumer of risk information What do the DMs need to know? Is perceived complexity a barrier to effective communication?

Other Considerations Current regulations Safety margins Defense-in-depth Monitoring Quantitative Qualitative Adapted from NUREG-2150 Barriers?

PRA is for my PhDs

30 Reducing Perceived Complexity Strategy BUT Improve training and communication: ensure focus is on what DMs need to know Beware of turning PRA into a black box oracle; DMs need to appreciate (without overemphasizing) limitations and uncertainties Ensure NRC has (or has access to) experts who understand and can communicate limitations and uncertainties, especially when addressing novel applications (designs, processes, decision problems)

Improve PRA technology1 to increase focus on whats important (e.g., analytics-informed automated PRA)

Same as above but ever so much more so Wait: take advantage of growing societal experience with and acceptance of analytics (e.g., sports),

modeling (e.g., weather), real-world risk scenarios2 and trade-offs (e.g., climate change, pandemics)

Dont wait too long (technology rejection is the result of social processes, established attitudes can be difficult to overcome) 1PRA Technology = PRA methods, models, tools, data 2According to https://www.etymonline.com, the current, common use of scenario (Italian, sketch of the plot of a play) as an imagined situation first occurred in 1960 as a reference to hypothetical nuclear wars.

31 Were Not Alone

• Other industries and other countries perform risk assessments for a wide range of applications (simple to complex). Examples:

- Chemical process industry

- NASA

- Netherlands (all industries, all hazards)

• Potentially instructive: review of requirements and practices for lower-risk applications 1Oosterscheldedam photo from https://commons.wikimedia.org/wiki/File:Oosterscheldedam_storm_Rens_Jacobs.jpg 1978 1985 2020

32 Example: Layers of Protection Analysis (LOPA)1

• Intention: reduce inconsistency in qualitative assessments without requiring full PRA

Purpose:

estimate risk (order-of-magnitude frequencies, qualitative consequences), assess adequacy of protection layers

• Adequacy assessed via risk matrix 1See M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.

33 Change Emphasis to Improve Communication?

(And Banish Nightmares?)

System Familiarization:

How do things work?

How can they fail?

Scenario Analysis Risk-Informed Decision Making The Engineering Story

34 PRA Simplification: Some Cautionary Notes Past NPP PRA simplifications have gravitated to more detailed models

- RSSMAP/IREP1 => NUREG-1150

- ASP plant class models => SPAR Simplified model results and insights can be harder to interpret and use

- Reduced scope => unknown importance of out-of-scope contributors

- Game over conservatism => masking of important contributors Better, cheaper, and faster - realistic result of learning or wishful thinking?

1RSSMAP = Reactor Safety Study Methodology Applications Program (4 plants, 1978-1982)

IREP = Interim Reliability Evaluation Program (4 plants, 1980-1982)

Risk Reduction Alternatives (notional)

35 CONCLUDING REMARKS

36 The Bottom Line PRA can be complicated Inherent problem complexities

- Systems and phenomenology

- High-stakes issues Coping strategies for problem complexity can introduce technical complexity

- Modeling simplifications and math

- Estimation procedures to address sparse data Multiple disciplines/communities => added complexity but complexity can [sometimes] be reduced Simplify problem (e.g., simplify analyzed system, reduce stakes of decision)

Improve PRA technology (methods, models, tools, data)

Improve training You know about conservation of mass, energy, etc. Today were going to talk about the Conservation of Difficulty.

Hoo boy.

Gotta get out of this class!

37 Acknowledgments My views on PRA have, of course, been strongly influenced by my interactions with others. I can truthfully say that Ive learned from all of my colleagues and that Im still digesting some of these lessons. Special acknowledgments go to Professor George Apostolakis (my adviser and mentor in grad school and beyond, who gave me a framework and tools for thinking about PRA and its use); Dr. B. John Garrick (the importance of aiming for the truth, even if unpopular); Professor Norman Rasmussen (the importance of pragmatic engineering approaches even in R&D, theres no such thing as a worst case),

John Stetkar (the basics of practical NPP PRA in the field); Dr. Harold Blackman (the importance and rigor of human factors engineering); Professor Ali Mosleh, Dr. Dennis Bley, and Dr. Robert Budnitz (gracious sounding boards for ideas, wild or otherwise); and Dr. Thomas Wellock (the early history of PRA and what skeptics think about the enterprise). My particular thanks go to Dr. Dana Kelly, gone too soon, for fruitful discussions. I regret that we never got to write the Details Matter paper we were toying with.

38 ADDITIONAL SLIDES

39 Everyday Risk-Informed Decisions Should I

- Go for a run in the woods?

- Cross the street against the light?

- Eat that last doughnut?

- Click on that emailed link?

- Go to the office when Im coughing?

- Get vaccinated?

- Visit NYC?

What do I know?1 What are the current conditions?

What are the risks? The benefits?1 N.B. Risk is input to decision problem (choice among alternatives), not just FYI 1 And of course: What are the rules? What are the margins? Is there any defense in depth? Can I monitor the outcome(s) to influence future choices?

Teach me to ignore that High Wind warning

40 Risk information - not always for decision support.

(Sometimes people just want to know.)

0 0.01 0.02 0.03 0.04 0.05 0.06 Daily Cases (%)

MoCo Covid-19 Cases (%)

MoCo Dailies %

MoCo 7-Day (%)

COVID-19 data from: https://coronavirus.maryland.gov/datasets/mdcovid19-casesbycounty Estimated population for Montgomery County (2020): 1M

41 RIDM: A Changing Environment

• Internal

- Overall direction (transformation)

- Initiatives (e.g., Be riskSMART)

• External

- Risk communication: risk maps, e.g.,

• Tsunami inundation zones (explicit), e.g., https://www.conservation.ca.gov/cgs/tsunami/maps

• Industrial risks (explicit), e.g., https://www.risicokaart.nl/

• Wildfire extent (implicit), e.g., https://inciweb.nwcg.gov/

• COVID-19 extent (implicit), e.g., https://coronavirus.maryland.gov/

- Explicit representation of uncertainties (e.g., hurricane tracks)

- Explicit acknowledgment of expert judgment informed by models (e.g., weather forecasting)

- Tough, widely discussed risk problems (e.g., climate change, COVID-19)

42 On Using the Right Tool: Some Cautions

• If all you have is a hammer Event tree/fault tree analysis for a fundamentally continuous process?

• Using the wrong tool might not only be ineffective or inefficient, it might damage the tool Using PRA to prove a facility/process is safe?

43 Complexity: In the Eye of the Beholder Developers Analysts/

Reviewers Users

0,

1,,

44 Challenges and Whats Important:

In the Eye of the Beholder Developers Analysts/

Reviewers Users Academic contribution Nexus between personal/professional and external interests Support (especially with declining budgets)

Near-term solutions: heavy time/budget pressure Huge problem size and complexity Multiple technical communities/cultures State of technology: Too much/little diversity, Holes Fundamental nature of risk problem (complexity, uncertainty, multiple consequence types and potentially large magnitude, multiple stakeholders, )

Competing problems with attentional and resource demands

45 Increasing Model Completeness (and Confidence)

Information Sources Hazard analysis tools, e.g.,

- Failure Modes and Effects Analysis (FMEA)

- Hazard and Operability Studies (HAZOPS)

- Master Logic Diagrams (MLD)

- Heat Balance Fault Trees

- System-Theoretic Accident Model and Processes/Systems-Theoretic Process Analysis (STAMP/STPA)

Past events Other studies Attitude Be open to possibilities Use checklists but also search for ways to get in trouble, e.g.,

- What might prompt operators to operate in an unstable regime? Disable safety systems?

- What could cause a complete loss of AC and DC power?

- What could cause coolant channel blockage?

- What could cause removal of all control rods?

it is incumbent upon the new industry and the Government to make every effort to recognize every possible event or series of events which could result in the release of unsafe amounts of radioactive material to the surroundings

- W.F. Libby (1956)1 1W. F. Libby (Acting Chairman, AEC) - March 14, 1956 response to Senator Hickenlooper. [See D. Okrent, Reactor Safety, University of Wisconsin Press, 1981. (NRC Technical Library TK9152.O35, multiple copies)]

46 Harnessing Imagination:

Credible Possibilities Need Support (Causality)

ISO-XHE-EOC-TERM OPERATOR TERMINATES ISOLATION CONDENSER OPERATION Possible but plausible?

47 Expert Elicitation Easy Button Adapted from: R. J. Budnitz, et al., Recommendations for Probabilistic Seismic Hazard Analysis: Guidance on Uncertainty and Use of Experts, NUREG/CR-6372, 1997.

Process Design Interaction With Individual Experts Model Structure Interaction Data Interaction Model Parameter Interaction Uncertainty Assessment Interaction Ground Motion Forecast Interaction Integration Integrator Group Workshop Interaction With Individual Experts Group Workshop Interaction With Individual Experts Integrator General Process 1)

Preparation 2)

Piloting/Training 3)

Interactions (Workshops) a)

Evaluate evidence b)

Develop, defend, and revise judgments c)

Integrate judgments 4)

Participatory Peer Review

48 Sources of Risk Communication Breakdowns1

• Differences in perception of information

- Relevance

- Consistency with prior beliefs

• Lack of understanding of underlying science

• Conflicting agendas

• Failure to listen

• Trust 1J.L. Marble, N. Siu, and K. Coyne, Risk communication within a risk-informed regulatory decision-making environment, International Conference on Probabilistic Safety and Assessment (PSAM 11/ESREL 2012), Helsinki, Finland, June 25-29, 2012 (ADAMS ML120480139).

Listed causes are for breakdowns between risk managers and the public, but appear to be relevant to internal risk communication as well.

49 Bowtie Diagrams:

Different Visualization => Different Insights? Decisions?

From W. Nelson, How Things Fail - e.g. Deepwater Horizon and Fukushima - and Occasionally Succeed, presentation to U.S.

Nuclear Regulatory Commission, Det Norske Veritas AS, November 2, 2011.