Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Assessing risk in engineering, work and life
Assessing risk in engineering, work and life

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Probability of failure

The probability of a component failing is calculated in a similar way. However, it can be hard to assess what this probability means, in practical terms. For instance, suppose that an oil storage tank is fitted with a level-detecting device that shuts off the valve that lets oil into the tank when it is full. An assessment of the device suggests that there is a 1 in 10 000 probability that it will fail each time the tank is filled. If the tank is filled every day, how often is failure likely?

This isn’t a question you can answer, since the device might never fail. What you can say is that after a given interval, there is a particular probability of failure. For instance, you could assess the probability of a failure within 25 years. It will be assumed here that regular maintenance checks ensure that the device does not deteriorate significantly, so that the probability of failure stays constant over time.

To calculate this, consider what the probability would be if the tank were filled twice. That would give three possible outcomes: the level detector doesn’t fail, it fails once or it fails twice. Since for any event cap a, cap p times open cap a close postfix plus times of cap p left parenthesis right parenthesis cap a macron equals one, the calculation that the level detector doesn’t fail on any single occasion is 1 minus the probability that it does fail – that is,

one minus one divided by 10 postfix times 000 equals 0.9999 full stop

Now you have the probability of no failure for one occasion. How about two occasions? That is given by the product of the two individual probabilities, which is 0.99992 in this case. Working this way, you avoid any complications from multiple failures entering the calculation.

So how about the probability over 25 years? In 25 years, the number of times the tank will be filled is the number of days, 25 × 365 = 9125 (ignoring leap years). It is acceptable to round this to 9000 without having to worry about accuracy, but you cannot round the 0.9999 or your answer will always be 1. So you need to calculate 0.99999000 to estimate the probability of no failures:

0.9999 super 9000 equals 0.41 left parenthesis to two s full stop f full stop right parenthesis full stop

This is the probability of no failures, so the probability that there is a failure is given by 1 − 0.41 = 0.59. So there is a 59% probability of failure during 25 years of operation.

If the Health and Safety regulators decided that failure of the device could trigger an event similar to that at Buncefield, they might require the operators to fit a second device (the same as the first) to the tank. For the tank to overfill now requires both devices to fail at the same time.

Activity 7 Probability of failure

Timing: Allow approximately 15 minutes.

With two safety devices installed, calculate the probability that both devices fail at the same time within 25 years.


You need to go back to the original problem and look at the probability of failure for one safety device, which was 1 in 10 000 or 10−4. This means the probability of two such failures simultaneously is 10−4 × 10−4 = 10−8

Taking 1 − 10−8 = 0.999 999 99 and raising this to the power 9000 gives 0.9999 (to 4 s.f.). So you now have a probability of 1 − 0.9999 = 0.0001, or 1 in 10 000, over 25 years.

The calculation you carried out in Activity 7 assumes that the two devices would fail independently (through some random fault, perhaps). However, if the failure was due to (say) a breakdown in the power supply to the tank control system, or because the devices had both been over-insulated and overheated, or even because both devices came from a faulty batch, then adding the second device would have little if any effect in reducing the probability of an incident.

Even if you can assume independent failure of the two devices, this only implies a reduced probability of failure. In reality, failure could take much longer or, conversely, could happen the day after commissioning the installation. This is why other safety precautions would be taken, including the provision of some kind of containment system – such as an impermeable retaining wall or bund surrounding the tank – that would retain any spillage. In addition, the electrical equipment in the area would be certified as safe for use in potentially explosive atmospheres. This concept of multiple redundancies is a key way of achieving safe operation in the engineering industries.