12.220. A technique for the quantitative assessment of the risks (or probabilities) of specified accidents is based on the use of event trees, in conjunction with the fault tree method just described. An event tree is a graphical means of identifying the various possible consequences of a par­ticular event (or failure) called the initiating event. These consequences depend on the different options that are applicable following the initiating event. Event trees are similar in principle to the “decision trees” widely used in making business decisions. Since the event tree starts with an initiating event, it represents a deductive logic process, whereas the fault tree is inherently inductive.

12.221. An outline of an event tree is depicted in Fig. 12.17, where the initiating event is a large pipe break leading to an LOCA in a nuclear power plant; let Px be the probability of the occurrence of this event, as determined from a fault tree analysis. The next step is to consider whether or not electric power will be available to operate the active engineered safety features. The probability that electric power will fail, as estimated from the appropriate fault tree, is taken as P2. If power (including auxiliary

power) is not available, the active safety features will not operate and the core will be disrupted, leading to a very large release of radioactivity. The probability of this sequence of events, as indicated on the bottom line of Fig. 12.17 is thus Px x P2.

12.222. If electric power is available, the next event to consider is whether or not the ECCS will operate; suppose the probability of failure is found to be P3. Subsequent options are concerned with the fission-product (F. P.) removal system and the containment integrity; the probabilities of failure are P4 and P5, respectively. At each stage, the probability that the system will be available is 1 — P, where P = P2, P3, etc.

12.223. The overall probability of a chain of events, as given at the right of Fig. 12.17, is the product of the probabilities of the individual events in the chain. Hence, the second line from the bottom should include the factor 1 — P2, and the third from the bottom should include (1 — P2) (1 — P4). However, P2, P3, etc., are small and so the values of 1 — P are taken to be unity in each case.

12.224. It is apparent that if the failure probabilities, i. e., Pb P2, P3, etc., were known from the appropriate fault tree analyses for each of the systems in the event tree, the overall probabilities of the different failure consequences could be calculated. Thus, a combination of an event tree with a number of fault trees provides a means for evaluating the risks associated with various conceivable consequences of accidents.

12.225. The foregoing description of an event tree is presented in a simplified form to illustrate the general principle of risk assessment. In practice, several of the systems shown in Fig. 12.17 would be divided into subsystems, each of which would have its own event tree supplemented by the requisite fault trees. As is the case with fault tree analysis, uncertainties are involved in the use of event trees. For example, no allowance is made for the possibility of a partial failure or for a delay before a safety system becomes operable. Nevertheless, risk assessments based on fault trees and event trees are useful in estimating the probabilities of various accident sequences.