lable at ScienceDirect

Journal of Loss Prevention in the Process Industries 24 (2011) 541e551

Contents lists avai

Journal of Loss Prevention in the Process Industries

journal homepage: www.elsevier .com/locate/ j lp

Economic optimization of industrial safety measures using genetic algorithms

Antonio C. Caputo a,*, Pacifico M. Pelagagge b, Mario Palumbo b

aUniversity of Roma Tre, Department of Mechanical and Industrial Engineering, Via della Vasca Navale 79, 00146 Roma, ItalybUniversity of L’Aquila, Department of Mechanical, Energy and Management Engineering, Zona industriale di Pile, 67100 L’Aquila, Italy

a r t i c l e i n f o

Article history:Received 25 July 2010Received in revised form31 December 2010Accepted 3 January 2011

Keywords:Risk reductionGenetic algorithmCost minimizationCostebenefits analysis

* Corresponding author. Tel.: þ39 06 57333546.E-mail address: acaputo@uniroma3.it (A.C. Caputo

0950-4230/$ e see front matter � 2011 Elsevier Ltd.doi:10.1016/j.jlp.2011.01.001

a b s t r a c t

The paper presents a computer-aided methodology for economic optimization of industrial plants safety.The method is based on the minimization of total safety-related cost including investment, operatingexpenses of adopted safety measures, and expected monetary loss from accidents. The objective functionminimization is pursued resorting to a genetic algorithm which selects the best mix of safety measuresable to attain the optimal risk level at minimum cost by factoring in the cost and risk reduction potentialof each candidate safety measure. After a detailed description of the optimization approach the paperdiscusses two numerical examples showing the method application to both easy and complex decisionmaking scenarios.

� 2011 Elsevier Ltd. All rights reserved.

1. Introduction

In order to reduce risk in industrial plants, the safetyengineer canusually choose among avast array of different safetymeasures (SMs)according to the pursued degree of risk reduction. Given that risk isconventionally defined as R¼ p�M, a generic SM can reduce risk bylowering the accident probability p (preventive SM), by mitigatingthe magnitude of the resulting loss M (protective SM), or both.

For instance, in an attempt to reduce fire risk one could improvethe number of components or the training level of emergency firefighting squads, or could install an improved set of fire sensors, orcould change some structural materials in order to improve the fireresponse of the buildings, or could install a number of different fireextinguishing equipments (i.e. a sprinkler system, a foam system,deluge barriers, water mist systems etc.).

Different perspectives may be assumed when judging the risklevel in any civil or industrial activity. For instance, one can refer toa personal acceptable risk level, or to a social acceptable risk level(Arends, Jonkman, Vrijling, & van Gelder, 2005). However, it iswidely agreed that the economic factor is one of the main criteriautilized when taking decisions concerning industrial safety and riskreduction. In this respect each SM, when applied, not only impliesa different overall cost (including capital and operating expenses),but also a different risk reduction potential which even leads toa different monetary value of the expected loss from an accident. A

).

All rights reserved.

cost-benefit trade-off then arises. In greater detail, according to theeconomic risk approach (Arends et al., 2005; Jongejan & Vrijling,2009; Van Dantzig, 1956; Vrijling, van Hengel, & Houben, 1998)an increased cost (CSM) of preventive or protective safety measuresis incurred to increase the plant safety level S. However, a decreaseof the expected cost of the accidents (CD) is simultaneouslyobtained (Fig. 1). This happens thanks to the reduced accidentprobability and/or the lower loss resulting from the implementedmeasures, given that, in general, the expected economic loss isCD ¼ p � L, where p is the accident probability and L is the lossmonetization. It follows that the economic optimization of plantsafety is a relevant problem and that, in theory, an economicoptimal safety level may be found corresponding to the minimumtotal safety-related cost CTOT ¼ CSM þ CD.

However, although this schematization is conceptually valid, itmay not lend itself to a practical utilization. In fact, the optimaleconomic safety level may not be consistent with the notion ofacceptable risk level or with existing regulations. In this case oneshould perform the search of the best SM only after an acceptablepersonal or societal risk level has been attained. Moreover, it couldbe extremely difficult to actually plot the CSM and CD functions,because the curves would be discontinuous and might presentmultiple cost values corresponding to a same safety level. Thishappens because different kinds of accidents could occur for thesame risk level, having different probabilities and magnitude ofconsequences, or because the same risk level could be obtainedadopting different SMs having different costs.

Nevertheless, if one accepts this schematization, then theproblem arises of choosing the best mix of SMs able to “optimize”

CTOT

CSM

CD

CTOT

CSM

CD

S = 1/R SOPT

Fig. 1. Scheme of Safety Cost Optimization.

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551542

the risk level, i.e., to minimize the total safety-related cost. As analternative, the best set of SMs may be searched in order to obtainthe maximum risk reduction within the constraint of a givenbudget or a predefined risk level at minimum cost. In all cases thesafety improvement of industrial installations relies on the optimalallocation of available resources. However, given that multiplechoices of SMs are possible and that the economic consequences ofeach one may be very different, this search for the best mix of SMsactually involves the solution of a combinatorial optimizationproblem. The solution is made even harder considering that notonly a very large number of different subsets of applicable SMs istheoretically possible, but also that for any given subset of SMs,a different weight can be given to any specific adopted measure interms of a percentage budget so that an even greater number ofpossible solutions has to be examined. Nevertheless, in practice it isunfeasible to enumerate and review all possible combinations ofSMs, and usually only one SM at a time is evaluated resorting toa simple cost/benefit analysis in order to merely find an economicjustification to that candidate SM (Antes, Miri, & Flamberg, 2001).However, this prevents from optimally solving the risk optimiza-tion problem.

In order to provide a practical solution to the safety optimizationproblem, in this work a genetic algorithm (GA) approach whichproves to be effective in the practical selection of the optimal mix ofSMs is suggested. According to this approach the decision variablesare the specific SMs to be chosen and the budget allowed for each ofthem, while the objective function to be minimized is the totalsafety-related cost (Caputo et al., 2006, 2008). Constraints may bea minimum safety level and/or the maximum allowed SMs budget.

In the paper at first a formulation of the optimization problemamenable to the solution through a GA is presented, where therelationships between SM investments, the achieved safety level,and the resulting economic loss are explicitly modelled in a gener-alized manner. Afterwards, the working logic and implementationof the GA are described. Finally, two numerical examples are givento compare the method application in both an easy scenario, wheresome dominant hazards and preferred safety measures are easilyidentified, and a difficult scenario, where no dominant hazard orSM exists so that multiple combinations of SMs could be pursued.Clearly the proposed optimization method is better suited to thelatter kind of scenarios where traditional SM selection approaches,based on expert judgement, best practices, and cost-benefitsanalysis applied to one measure at a time, fail to be effective. It isbelieved that this newapproach to SMs selection through economicoptimisation of the safety level can represent a valuable tool for thesafety analyst who is in charge of reducing risk in industrial plants.

2. Literature review

Cost-benefit analyses are widely adopted to justify specific SMs(Antes et al., 2001), even if companies often use only rude estimatesof costs and benefits resulting from safety investments (Reniers &Audenaert, 2009). This means that, from a company-wide

perspective, only limited managerial insights are obtained withscarcely useful results. Therefore, most companies fail to optimizethe benefits offered by investments in safety measures. Moreover,companies find difficult to quantify financial losses from prospec-tive accidents and consider the balance of incurred costs and avoi-ded losses to be only a theoretical exercise. Reniers and Soudan(2003) report, in fact, that out of 24 chemical companies ques-tioned, not one had taken time to calculate in detail the hypotheticalbenefits resulting from implemented safety measures. Somestructured quantitative approaches to compare alternative SMshave been thus proposed in order to assist in this evaluationprocess.Reniers and Audenaert (2009) further explore the cost-benefitapproach by describing a model allowing to identify and justifysafety-related investments within a chemical company froma managerial perspective by differentiating serious and less seriousaccidents. They include fixed and variable as well as direct andindirect costs of prevention measures, and compute benefitsfactoring in direct benefits from avoided accidents and, for instance,reduced insurance premiums, as well as indirect benefits such asnon-absenteeism, non-turnover of staff and non-over investment ina restructured work environment. Avner (2004) proposed a faulttree based heuristic algorithm to identify the most cost-effectiveprimary failures to be acted upon, to achieve maximum probabilityreduction of the top event given an available budget, or to minimizethe required budget necessary to obtain a given probability reduc-tion of the top event. Caputo, Palumbo, and Tartaglia (2004) pre-sented a methodology utilizing fault tree analysis and cost-benefitevaluation to select the most cost-effective options for risk reduc-tions in industrial plants including structural changes and preven-tive maintenance. Caputo (2008) also presented a index basedapproach to rank competing SMs as well as a mathematicalprogramming approach, based on the solution of a knapsackproblem, to assist in the selection of SMs (Caputo et al., 2009).

However, given the complexity and large scale of the problem ithas not yet found a general solution. Recently, GA based methodshave been proposed in the safety-related field of plant maintenanceand have shown a potential in effectively dealing with large scaleoptimization problems (Liu & Frangopol, 2005; Kumral, 2005;Marseguerra & Zio, 2000; Lapa, Pereira, & Mol, 2000; Yang, Sung, &Jin, 2000). However, in such maintenance based applications, thefocus was on optimizing maintenance planning parameters (i.efrequency of inspection or preventive maintenance) and the safetyissuewas considered only as a side effect in terms of cost of accidents.Other authors, instead, explicitly included safety issues and costs inthe problem formulation but still in the framework of maintenanceoptimization (Giuggioli Busacca,Marseguerra, & Zio, 2001;Martorell,Sánchez, Carlos, & Serradell, 2004; Martorell et al., 2005). At anincreased level of detail, GAs have been also proposed to optimize thedesign and technical specifications of safety systems (Andrews &Bartlett, 2003; Marseguerra, Zio, & Podofillini, 2004; Pattison &Andrews, 1999), in civil engineering applications to optimize thelife cycle management of infrastructures (Furuta, Kameda, Fukuda, &Frangopol, 2003) or in the optimization of construction site layout tofind the right compromise between safety and material movementscost (El-Rayes & Khalafallah, 2005). Even the problem of safety-conscious process plant layout has been faced adopting GAs (Castell,Lakshmanan, Skilling, &Banares-Alcantara,1998;Caputo et al., 2007).However, no approach is available to optimize the economic safetylevel of whole industrial plants through the systematic selection ofSMs, as proposed in this paper.

3. A model for economic optimization of safety level

In an industrial plant a multiplicity of different hazards exist,which can be counteracted by applying safety measures. Let us

CE

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551 543

denote Z as the set of hazards and with the subscript j the j-thhazard. Similarly, we denote with the subscript i the i-th SM chosenin the set W of available SMs.

I0 1

Fig. 3. Sample trends of operating costs.

3.1. Computation of the overall cost of safety measures CSM

The overall cost CSM of applied SMs is the sum of the equivalentannual cost of each i-th adopted SM

CSM ¼Xi

CSM i ¼Xi

di½CINV iðIiÞsþ CE iðIiÞ� (1)

where the equivalent annual cost CSM i of a generic i-th SM is thesum of its amortized capital investment (CINV i, €) and operatingexpenses (CE i, €/yr), being s the capital recovery factor with T beingthe safety equipment life span (years) and s the interest rate(%/year)

s ¼ sð1þ sÞTð1þ sÞT�1

(2)

The capital recovery factor is the ratio of a constant annuity tothe present value of all annuities for a given length of time. It hasthemeaning of an amortization factor in that the capital investmenttimes the capital recovery factor determines the equivalent annualcost associated to the plant’s capital investment. This equivalentannual cost is consistent with, and can be summed to, the annualoperating expenses in order to evaluate the overall equivalentannual cost of a safety measure. In case SMs have different usefullife a proper value of s can be computed for each SM.

The binary variable di defined as

di ¼�0 if measure i is not adopted1 if measure i is adopted

(3)

expresses whether the i-th SM is adopted or not as this is one of thedecision variables in the optimization problem.

Eq. (1) also states that a given SM can be practically applied atdifferent degrees of intensity (or extent) Ii comprised between theminimum extent (Ii ¼ 0) and maximum extent (Ii ¼ 1). The costswill therefore be a function of the extent at which the measure isapplied and will gradually increase with the increasing extent atwhich the SM is enforced as shown in Figs. 2 and 3 where somegeneral cost trends are depicted for illustrative purposes.

While in general different values of Ii in Eq. (1), could be appliedto investment and running costs, here it is assumed that runningcosts are proportional to the investment. Therefore the same Ii hasbeen applied to both terms.

For sake of generality, in order to avoid explicitly expressing inabsolute terms the specific cost functions, one can refer tonormalized cost curves fN having values in the [0,1] interval when Ichanges in the [0,1] interval (Fig. 4). A set of such standard costcurves may be easily developed to suit practical applications andmodel actual cost trends.

I

CINV

0 1

Fig. 2. Sample trends of investment cost.

As a consequence, if one can estimate, for the considered safetymeasure, the minimum and maximum investment (CINV min , CINV

max) and operating cost (CE min , CE max) and their growth trendrepresented by the investment and operating expenses normalizedgrowth curves fN INV (I) and fN E (I) respectively, one can computethe actual investment and operating costs of the i-th SM as a func-tion of the application extent I as

CINViðIiÞ ¼ CINVmin i þ ½CINVmax i � CINVmin i� fN INV iðIiÞ (4)

CE iðIiÞ ¼ CE min i þ ½CE max i � CE min i� fN E iðIiÞ (5)

and consequently compute the cost CSM i (Ii).It is suggested to adopt a parametric expression of the

normalized cost functions as this allows great flexibility in choosingthe one best fitting the actual cost trends. In case of monotonicallyincreasing costs, normalized cost functions could be easilyexpressed as fN (I) ¼ Ik as shown for example in Fig. 5, with k > 0.Alternatively the following expression can be utilized

fNðIÞ ¼8<:

1�e�aðI�I0Þ1�e�aðI*�I0Þ if as0

ðI�I0ÞðI*�I0Þ if a ¼ 0

(6)

where in case of a < 0 a convex function results, and when a > 0a concave function is obtained. If a decreasing trend is desiredinstead of assuming I0 ¼ 0 and I* ¼ 1, it should be set I0 ¼ 1 andI* ¼ 0.

If required, more generalized formulations for fN (I) may befound in the works of Wymore (1993) and Smith (2005) includingadditional trends, such as sigmoidal or non monotonic normalizedfunctions.

As a final remark, it should be pointed out that economies ofscale are important factors in process plant design decisions. Here,the selection of safety measures and extent of their application areconstrained by the size of the process plant they are to be appliedto, which is considered to be an input data defining the decisionmaking scenario. This may prevent to apply each safety measure inthe most cost-effective manner (i.e. at the minimum cost impliedby its economy of scale). Nevertheless, any economy of scale relatedto capital investment or operational cost is already included in the

I

fN

0 1

0

1

Fig. 4. Example of Normalized Cost Function.

0.0 0.2 0.4 0.6 0.8 1.0I

0.0

0.2

0.4

0.6

0.8

1.0

fN(I)

fN(I)=I^k

k=1/4

k=1/3

k=1/2

k=1

k=2

k=3

k=4

Fig. 5. Example of fN (I) ¼ Ik normalized functions.

I

Δp%N

0 1

0

1

Fig. 6. Example of normalized probability reduction function.

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551544

model because the functions fN describing the growth of capitalinvestment and operational cost can be nonlinear in order torepresent economy of scale phenomena. It is up to the model userto select the proper fN function to represent the actual level ofeconomy of scale associated to each safety measure. Therefore, ourparametric formulation can accommodate any possible economy ofscale law, if applicable. This is why we adopted general purpose,nonlinear cost functions in our model.

I

ΔL%N

0 1

0

1

Fig. 7. Example of normalized loss reduction function.

3.2. Computation of the overall economic loss CD

The overall economic loss CD is the sum of the expected annualmonetary losses computed for each j-th hazard, where pj is theaccident probability corresponding to the obtained safety level andLj is the monetary loss corresponding to the resulting magnitude ofthe damage. However, CD can be expressed as a function of theoriginal risk level corresponding to the initial accident probabilityp0j and monetary loss L0j occurring when no SMs are adopted, andthe percent reduction of accident probability Dp%j, and/or thepercent reduction of monetary loss DL%j, resulting from the adop-tion of the SMs to the j-th hazard.

CD ¼Xj

pjLj ¼Xj

hp0j

�1� Dp%j

�L0j

�1� DL%j

�i(7)

As in the previous case the effects on system safety of theadopted SM will again be a function of the extent I of the SMapplication. This can be expressed by resorting to normalizedfunctionsDp%N (I) andDL%N (I) which can be expressed in analyticalform similarly to Eq. (6). A graphical example of possible trends ofsuch functions is shown in Figs. 6 and 7.

Actually the implementation of a safety measure leads toa reduction of probability and/or loss, but those terms are evaluatedin absolute values given that a minus sign appears in Eq. (7).

In cases where DL%N (I) ¼ 0 or Dp%N (I) ¼ 0, it means that theconsidered measure has no protective or preventive effect on thekind of risk examined. Obviously, if the i-th SM has effects onseveral hazards, one can define separate functions DL%Nij (Ii) and

Dp%Nij (Ii) to describe the effects of the i-th safety measure on thej-th hazard, as the measure will contribute in a differentiatedmanner to the overall risk reduction. Therefore, assuminga minimum and maximum value of Dp% and DL%, one can computethe theoretical effect of the hypothesized i-th safety measure on anyj-th hazard as follows:

Dp%ijðTHÞðIiÞ ¼ di�Dp%ijminþ

�Dp%ijmax�Dp%ijmin

�Dp%N ij

�Ii��(8)

DL%ijðTHÞðIiÞ ¼ di�DL%ij min þ �

DL%ij max � DL%ij min�DL%N ij ðIiÞ

�(9)

However, a problem arises when multiple SMs impact the samej-th hazard, as it is not correct to sum their individual risk reductioncontribution computed as if the considered SMs acted indepen-dently. This not only involves a check to avoid that SiDp%ij(TH) orSiDL%ij(TH) becomes greater than unity, but requires an assessmentof the combined effect of the SMs. Unfortunately, less is currentlyknown about the cumulative effect of various safety measures andtheir interdependence (Arends et al., 2005). In this work the posi-tion is made that the effectiveness of an SM acting on a hazard isreduced if other measures contribute to decrease the accidentprobability and monetary loss of the same hazard. Additionally, thehigher the cumulative risk reduction obtained the harder it is tofurther reduce risk. This is consistent with the “reducing returns”effect encountered in most engineering systems and the fact thatSMs costs increase in a highly nonlinear manner when the safetylevel increases so that an infinite cost would be required to totallyeliminate risk (see Fig. 1). This implies that a saturation effect holdswhen summing the risk reduction contribution of concurrent SMsand the risk elimination is only asymptotically reached:

lim Dp%j ¼ 1 whenXi

Dp%ij ðTHÞ /N (10)

The same results occur for DL%j. In practice, it can be safelyassumed that the risk reduction effect of concurrent SMs is additivewhen the overall risk reduction is low but becomes less thanadditive at high risk reduction levels, eventually asymptoticallyreaching the unit value. The actual percent reduction of accident

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551 545

probability for the j-th hazard Dp%j(ACT) can then be approximatedas shown in Figure (8) and analytically expressed as

Dp%jðACTÞ ¼

8><>:

PiDp%ijðTHÞ if

PiDp%ijðTHÞ � 0:5

1

1�e�

�Pi

Dp%ijðTHÞ �0:5

� ifPiDp%ijðTHÞ > 0:5 (11)

This means that when SiDp%ij(TH) ¼ 100%, then Dp%j(ACT) ¼ 62%.However, to reach, for example, Dp%j(ACT)¼ 98.9%, it is required thatSiDp%ij(TH) ¼ 500%. DL%j(ACT) is computed in a similar manner. Theimplied result is that it might not be cost-effective to have generalpurpose SMs instead of dedicated ones, or to deal with the samehazard with many concurrent SMs.

As a further remark it can be said that an absolute numericalexpression of the safety level value Sz 1/R is difficult owing to theconventional definition of risk level R. For sake of simplicity S maybe considered in general as the frequency of damage to publichealth (Martorell et al., 2004). However, this is not a concern herebecause we are not interested in assessing the absolute value of theoptimal safety level but rather in identifying the optimal set of SMswhich, by minimizing the total cost, imply the reach of a cost-optimal safety level.

3.3. Objective function

The objective function to be minimized is the total safety-related annual cost CTOT (€/yr) sum of the overall cost of preventive/protective measures, CSM and the expected annual loss CD

CTOT ¼ CSM þ CD¼

Xi

di½CINV iðIiÞsþ CE iðIiÞ�

þXj

hp0j

1� Dp%jðACTÞ

L0j

1� DL%jðACTÞ

ið12Þ

and in the general case no constraint needs to be specified, exceptthan Ii˛ [0,1] and Ii¼ 0when di¼ 0. In fact a minimum cost solutioncould even be that of applying no SM (i.e. di ¼ 0), and it is notrequired for any hazard to be associated to at least one SM.

As an alternative one could be interested in maximizing thesafety level, while minimizing the CD cost. In the former case theoptimization can be subjected to the constraints of maximumallowable budget for safety measures

CSM � CSM MAX (13)

or maximum obtained risk level (i.e. minimum safety level)

CD � CD MAX (14)

while in the case of maximizing the safety level, only the constraintof maximum allowable budget for safety measures will hold. Inboth cases the decision variables are di and Ii. One must decide

Σi Δpij(TH)

1

Δpj

0.5 1

Fig. 8. Cumulative Probability Reduction Function for Concurrent Safety Measures.

whether the i-th available SM should be adopted (di ¼ 1) or not(di ¼ 0) and to what percent extent (Ii).

4. The genetic algorithm solution method

A wide range of algorithms and mathematical techniques areavailable to solve optimization problems (Burke and Kendall, 2005;Rao, 1984; Rardin, 1998; Ravindran, Ragsdell, & Reklaitis, 2006).Conventional gradient-based optimization techniques are veryeffective when sufficient data, mathematical models and gradientinformation are available, when the problem formulation involvescontinuous functions, and when entrapment in local optima can beavoided. In discrete and combinatorial optimization problems suchconditions are not usually met and conventional gradient-basedoptimization techniques may not be effective. Mathematicalprogramming techniques allow a large number of decision vari-ables and a discrete problem formulation, but are more difficult toapply when nonlinear functions are to be optimized and when theobjective function dynamically changes while the solution space isexplored. In particular, Linear Programming techniques assumecontinuous decision variables, linear constraints and a linearobjective function. Integer and Mixed integer programming allowdiscrete decision variables but maintain the linearity requirementof constraints and objective function. Nonlinear programmingtechniques accept nonlinear objective functions and constraints butoptimize over continuous decision variables and may have prob-lems with non smooth objective functions as they are often basedon gradient techniques. Branch and Bound and DynamicProgramming techniques require problem-specific solutions algo-rithms and can be difficult to apply by the average plant engineer.

Genetic algorithms (Goldberg, 1989; Davis, 1991) have proveninstead to be effective when large scale difficult problems (NP-hardproblems) have to be faced. This occurs for instance in discreteoptimization problems with nonlinear, discontinuous, noisy anddynamically changing objective functions with many local optimaas happens in combinatorial optimization problems, thanks to theirstochastic nature, parallelism, and capability of dealing withmultiple variables.

GA is a stochastic global search method that mimics the processof natural selection by simulating the evolution of a population ofsolutions. The GA operates starting with a population of randomstrings representing design variables. At each generation, individ-uals are selected according to their level of fitness and are then bredtogether. This process leads to the creation in subsequent evolu-tionary generations of the examined population of individualsbetter suited to their environment than their parents. Populationevolution is obtained by applying the operators of reproduction,crossover and mutation until a convergence criterion establishesthat the fittest individual has been found or a maximum number ofiterations is reached.

Advantages of GAs have been widely discussed in the literature(Coello, 2000; Forrest, 1993; Goldberg, 1989; Haupt & Haupt, 1998;Holland, 1992; Koza, Bennett, Andre, & Keane, 1999, 2003; Mitchell,1996) and can be briefly resumed as follows.

GAs are intrinsically parallel thanks to the multiple offspringswhich explore the solution space in multiple directions at once bytesting solution in parallel, and the initial population is chosenrandomly so that the search canproceed in any direction. This allowsto explore rapidly a large solution space and helps in avoiding to betrapped in local minima. Most other algorithms are serial and canonly explore the solution space in one direction at a time and eval-uate a single solution at a time. Therefore, GAs are particularly suitedto multivariable, nonlinear and combinatorial optimization prob-lems where the solution space can be very large and too vast tosearch exhaustively in any reasonable amount of time. In fact, in

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551546

a linear problem, the fitness of each component is independent, soany improvement to any one part will result in an improvement ofthe systemas awhole.However, innonlinear problemschangingonecomponent may affect the entire system, and multiple changes thatindividually are detrimental may lead to much greater improve-ments in fitness when combined. Therefore, nonlinearity results ina combinatorial explosion of the solutions to be examined. GAs areable to sample only small regions of the vast fitness landscape thusfinding optimal or very good results in a short period of time.

Aside from the multidimensional search capability, GAs canavoid being trapped by local optima owing to their stochasticnature. In fact the random starting population and the continuousrandom creation of new offsprings, resorting to selection, mutation,and crossover operators, allow to continuously change the searchdirection to explore in parallel new portions of the search spaceimplementing probabilistic rather than deterministic transitionrules. In this process, crossover plays a central role in that it allowsan exchange of information between successful candidates,a feature which is not encountered in other optimization algo-rithms, where each individual explores the search space in itsimmediate vicinity without reference to what other individualsmay have discovered. In fact, an offspring can have the strengths ofboth its parents and the weaknesses of neither.

Furthermore GAs do not require any information on the deriva-tive of the objective function (as happens in gradient methods) andthe sole value of the objective function influences the direction ofthe search. This allows to use GAs in problems where variables arediscrete and constraints and objective function are discontinuous.

GAs are also capable of multi-objective optimization (Coello,2000). In fact, they are able to manipulate many parameters simul-taneously and this allows to handle problemswhich cannot be statedin terms of a single value to beminimized ormaximized, butmust beexpressed in terms ofmultiple goals, usually with tradeoffs involved.GAs can produce multiple equally good solutions to the sameproblem, possibly with one candidate solution optimizing oneparameter and another candidate optimizing a different one. Ingeneral, GAs can give a certain number of potentially optimal solu-tions, and the final choice can be demanded to the user. This char-acteristic can be important when a problem intrinsically has a groupof optimal solutions, as happens in multi-objective optimization.

A notable characteristic of GAs is that they do not use previouslyknown domain-specific information to guide the convergenceprocess to an optimal solution. Rather they make random changesto their candidate solutions and then use the fitness function todetermine whether those changes produce an improvement. Thisavoids being fouled by partial knowledge of the problem at handsor preconceptions. Conversely expert systems adopt a problem-solving strategy that relies on prior knowledge and inevitably rulesout many pathways a priori, therefore missing any novel solutionsthat may exist there. Furthermore, any technique that relies onprior knowledge will become useless when such knowledge is notavailable, while GAs are not adversely affected by ignorance.

Additionally, GAs are easy to implement as the core of thealgorithm is independent from the nature of the problem, thenumber of decision variable, the shape fitness function. A specificproblem instance only requires the proper definition of the fitnessfunction and the chromosomes coding structure, as well as a suit-able selection of the algorithm running parameters.

Although genetic algorithms have proven to be an efficient andpowerful problem-solving strategy, they have certain limitations.At first they require a proper definition of coding scheme andfitness function able to tolerate random changes without leading toerrors or nonsense, i.e. they must produce representations ofcandidate solutions that are robust against mutation. Moreover ifthe fitness function is chosen poorly or defined imprecisely, the

genetic algorithm may be unable to find a solution to the problem,or may end up solving the wrong problem. This happens with“deceptive” fitness functions (Mitchell, 1996), those where thelocations of improved points give misleading information aboutwhere the global optimum is likely to be found. In addition, the GAsparameters must be also chosen with care as discussed below.Finally, GAs (Holland, 1992; Forrest, 1993; Haupt & Haupt, 1998)should not be used on analytically solvable problems. In this casetraditional analytic methods take much less time and computa-tional effort than GAs and, unlike GAs, are usually mathematicallyguaranteed to deliver the one exact solution.

From the above discussion it clearly appears that GA is an idealcandidate for the kind of optimization problem we are examining,owing to the very large number of possible SMs to be evaluated, thediscrete nature of some of the variables involved and the inherentnonlinearity of the objective function.

GA has been therefore selected, among other optimizationmethods, owing to its specific features andcapabilitieswhichprovedto be helpful for solving nonlinear, combinatorial, dynamic andpotentially large scale problems as the onewewere investigating. Infact, linear programming methods (LP, MILP, knapsack) were notapplicable owing to the nonlinearity of the functions involved.Gradient-based techniques were difficult to apply owing to thecombinatorial nature of the solution space, which dynamicallychanges the structure of the objective function as soon as a specificsafety measure is included or not, as well as owing to the intrinsicdiscontinuity of the objective function. Other discrete optimizationmethods, such as Dynamic Programming and Branch and Boundtechniques were not advisable given that even if to construct a treesearch onpaper can be relatively easy, to translate it into a computercode is problem-specific and can be rather difficult, limiting thegenerality and ease of application of the proposed method.

Even if GAs cannot strictly guarantee optimality they area widely accepted and frequently adopted optimization method inengineering problems. Moreover, to reach a strict optimal solutionis not conceivable in this kind of application given the uncertaintiesin involved costs and risk values characterizing real life industrialproblems. Therefore, a realistic engineering goal would be only tofind a “good” solution by thoroughly exploring the combinatorialsolution space. This can be rapidly obtained through a GA respectother enumerative techniques.

However, it should be pointed out that it is not the scope of thepaper to contribute to GA theory. Here GA is adopted merely asa tool to solve a specific class of safety optimization problems.

The genetic representation of this problem is obtained bydescribing the possible solution (i.e., the individuals of the pop-ulation) as a binary string of N substrings (di, Ii), each coding oneSM, where subscript i ranges from 1 to N, being N the number ofavailable candidate SM belonging to the set W. Each substring, inturn, is composed of a single gene representing the binary variabledi ¼ 1,0 (i.e., whether the i-th SM is applied or not) and a four-genessubstring Ii coding the SM application intensity value through24 ¼ 16 distinct values in the [0,1] range. As a consequence theentire string is composed of (1 þ 4)N bits.

In the framework of the safety optimization problem the GAdetermines, within the entire set W of possible SMs, the optimalvector of substrings (di, Ii)* which minimize the objective functionand consequently determine the optimal safety level S*.

After randomly creating the initial population, for each indi-vidual its total cost is computed (cost of the SMs and the resultingdamage cost), and subsequently the calculation of the fitnessfunction is performed. The fitness function indicates the quality ofthe single individual with respect to the entire population and isbased on the total cost of the individual. Here it is computed as inEq. (15) because an individual whose total cost is less than the

Fig. 9. Scheme of total cost computation.

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551 547

average value of the individuals total cost has a fitness level higherthan the average.

fitness ðindividualÞ ¼�average individual total cost

individual total cost

�(15)

The subsequent selection process consists of creating couples ofindividuals who will generate offsprings once the desired numberof offsprings per generation has been fixed. This implies at firstdetermining for each individual a probability of reproducing whichis proportional to the value of its fitness function, and subsequentlypicking the couples of individuals for reproduction, also known assampling, in a number able to produce the required number ofoffsprings. In this work this is carried out adopting the StochasticUniversal Sampling (SUS) method as selection algorithm.

The successive phase is the creation of the new generation ofindividuals. The new generation is composed of:

1. The best individual copied from the previous generation (elitecount),

2. New individuals randomly generated,3. New individuals obtained by uniform crossover recombination

of the selected individuals of the previous generation,4. Mutant individuals.

Copy of the previous generation’s best individuals enables oneto maintain the best results reached so far. Random generation ofnew individuals and the individual’s mutation enables one tomaintain the genetic variety, because such individuals are abso-lutely independent from the best individual of the present gener-ation, and this enables one to overcome local minima.Recombination of individuals to create offsprings enables one toreproduce the best features of existing individuals into newindividuals.

As new individuals are created by the genetic operators, a checkis made to verify that no incompatible SMs are present in the sameindividual string. SMs can be incompatible because they are

CREATION OFINITIAL

POPULATION

FITNESSFUNCTIONCALCULATION

COSTCALCULATION

SELECTIONPROCESS

Fig. 10. Scheme of ge

mutually exclusive or because are technically or economicallyincompatible. As an example, in the case of a high pressure processoccurring within a vessel, the two options of switching to aninherently safer process operating at ambient pressure or theaddition of a pressure relief system aremutually exclusive. The caseof a fire extinguishing system based on sprinklers or CO2 injection isan example of technically incompatible measures, given the solu-bility of CO2 into water.

To avoid that two generic incompatible SMs, namely x and y, areapplied simultaneously when randomly generating offsprings, thealgorithm includes a reconciliation routine based on a compati-bility matrix C(x,y)

Cðx; yÞ ¼�1 x and y are compatible0 x and y are not compatible

(16)

If a chromosome is generated to include incompatible SMs thenthe individual is rejected and a new one is generated by randomlychanging SMs until only compatible SMs are included into theoffspring.

When the number of generations reaches the limiting valueN_MAX the iterative process is terminated and the resulting bestindividual represents the desired solution (i.e., the combination of(1 þ 4)N bits which complies with the constraints at the lowestcost).

Overall, to solve the problem one must know:

� The set Z of hazards j;� The initial probabilities of accidents p0j;� The initial loss values of accidents L0j;� The set W of possible safety measures i;� The SMs compatibility matrix C(x.y);� For each i-th measure the values of CINV min , CINV max , CE min ,CE max, Dp% ij max, Dp% ij min, DL% ij max, DL% ij min, and thenormalized functions Dp%Nij (Ii), DL%Nij(Ii), fN INV i (Ii), and fN E i(Ii).

The overall computational scheme of the objective function isshown in Fig. 9 and a flow chart of the adopted GAmethod is shownin Fig. 10.

The parameters of the GA, i.e. the size of the population, the rateof mutation and crossover, the type and strength of selection, mustbe chosen with care, as they can affect the quality of the resultingsolution. For instance, if the population size is too small, the geneticalgorithm may not explore enough of the solution space toconsistently find good solutions. If the rate of genetic change is toohigh or the selection scheme is chosen poorly, beneficial schemamay be disrupted and the population may change too fast forselection to ever bring about convergence. This is the reason whythe proper selection of operating parameters is considered more anart than a science. Many scholars analysed the problem of optimalselection of GAs parameters and came up with some generallyagreed suggestion about “good” values of the operating parameters(Boyabatli & Sabuncuoglu, 2004; DeJong & Spears, 1990;Grefenstette, 1986; Goldberg & Deb, 1991; Goldberg et al., 1992).

NUMBER OFGENERATION =N_MAX?

CHOICE OFOPTIMALINDIVIDUAL

YES

NO

CREATION OFTHE NEXTGENERATION

netic algorithm.

Table 1Hazards and Risk Data.

Hazard L0 (k€) p0 (yr�1) Risk (k€/yr)

1 2000 0.05 1002 500 0.0001 0.053 4000 0.003 124 200 0.0001 0.025 100 0.00002 0.0026 700 0.0008 0.567 600 0.0005 0.38 100 0.03 3

Table 3Safety Measures Effects Data.

SM Hazard Dp%min Dp%max DL%min DL%max

1 2 0 0.2 0.2 0.44 0.5 0.9 0.05 0.7

2 6 0.1 0.4 0.1 0.23 1 0.05 0.2 0.05 0.4

2 0.4 0.8 0.1 0.58 0.3 0.9 0.05 0.5

4 4 0.02 0.1 0.13 0.45 2 0.25 0.45 0 0.2

5 0.05 0.25 0.5 0.76 2 0.1 0.9 0.1 0.37 3 0.05 0.5 0.05 0.2

5 0.13 0.48 0.4 0.78 7 0.1 0.6 0.25 0.45

8 0.05 0.1 0.05 0.259 6 0.2 0.4 0.1 0.9

7 0.05 0.9 0.05 0.510 3 0.1 0.2 0.13 0.48

6 0.05 0.4 0.1 0.6

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551548

In particular, according to literature guidelines, crossover rateshould be high (in the range 60%e95%), while mutation rate shouldbe quite small (0.5%e1%). Population size is suggested to rangefrom 20 to 100, but it is often made a function of the adoptedencoding scheme (i.e proportional to the chromosomes number) asindicated by Goldberg and Deb (1991) and Goldberg et al. (1992).GAs are found to converge quite quickly in a few tens of genera-tions. Goldberg and Deb (1991) indicate that convergence times areO(log N) generations where N is the population size.

In particular, DeJong and Spears (1990) suggest the followingvalues, namely population size ¼ 50, number of generations 1000,crossover rate ¼ 0.6, mutation rate ¼ 0.001. Grefenstette (1986)suggests the following values, namely population size ¼ 30,crossover rate ¼ 0.9, mutation rate ¼ 0.01. However, the user isadvised that starting from the suggested settings a trial and errorprocess to check the stability and quality of the obtained solutionscan help in determining better parameters values more suited tothe specific application.

5. Application scenarios characterization

The proposed method while being very powerful is quitedetailed and computationally intensive. Therefore, it is justifiedonly when complex trade-off situations between competing safetymeasures have to be decided, while it is of little use in trivialproblems where a few clearly dominant solutions (preferred safetymeasures) can be easily identified. It may be useful, therefore, todiscuss briefly the cases where utilization of this method isappropriate. In order to assess the complexity of the decisionmaking scenario we can state the following.

1. A scenario is easy when there are a few clearly identifiablecritical hazards to be acted upon.When one cannot identify themajor hazards, the scenario is complex.

2. A scenario is easy when each SM acts on a single hazard or ona small number of hazards only. In this case it is straightforwardto identify which is the candidate SM to be selected to countera specific hazard, and the chance of applying concurrentmeasures is reduced.

Table 2Safety Measures Cost Data.

SM CINVMin (k€) CINVMax (k€) CE Min (k€/yr) CE Max (k€/yr)

1 100 300 2 42 25 40 8 133 5 20 5 94 20 45 3 65 e e 9 126 5 20 8 107 5 10 6 98 50 150 5 209 10 40 10 2010 60 90 3 8

3. A scenario is easy when a few SMs clearly stand up in terms ofcost-effectiveness. This allows the ability to consistently reducethe risk level of the most critical hazards with the lowestinvestment and operational costs. On the contrary, when theavailable SMs have comparable cost-effectiveness or have wideranging cost-effectiveness over a number of hazards ofdifferent criticality level, the selection of a preferredmeasure isdifficult.

Some ranking parameters can help in quantifying such state-ments. Given the set Z of hazards j one can compute the corre-sponding individual risk level Rj¼ p0j L0j, the average risk level RAvg,as well as the maximum (RMax) and minimum (RMin) values.Therefore one can compute the Risk Distribution Index as

RDI ¼ ðRMax � RMinÞRAvg

(17)

which is the ratio of the risk variation range to the average risklevel. If RDI is << 1 then the scenario is complex because mosthazards have a similar risk level and no major hazard can beidentified. When RDI �1, there are a number of hazards with a risklevel much lower than the average and a few major hazards havinga risk level much higher than the average, thus leading to an easydecision making scenario.

If N different SMs are available and Ni is the number of differenthazards that the i-th SM can mitigate, the Multiplicity Index can becomputed as

MI ¼P

i Ni

N(18)

Theminimumvalue ofMI is 1 and the higher the value, themorecomplex the decision scenario becomes because on average any SM

Table 4Hazards and Risk Data.

Hazard L0 (k€) p0 (yr�1) Risk (k€/yr)

1 50 0. 4 202 200 0.01 23 100 0.05 54 900 0.007 6.35 8000 0.0004 3.26 90 0.09 8.17 500 0.005 2.58 900 0.07 63

Table 5Safety Measures Cost Data.

SM CINVMin (k€) CINVMax (k€) CE Min (k€/yr) CE Max (k€/yr)

1 50 60 2 42 25 30 8 133 90 140 10 124 50 70 4 75 30 50 9 106 0 0 8 127 50 80 6 98 30 70 5 89 20 50 7 910 40 80 3 8

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551 549

can act on multiple hazards, although with different effectivenesslevels.

Finally, a cost-effectiveness index C/Ei can be computed for eachSM as the ratio of the maximum cost implied by the measureapplication to the resulting average percent risk reduction, which isthe average (DR%i Avg) of the maximum percent risk reductionvalues DR%ij Max ¼ 1�(1�Dp%ij Max)(1�DL%ij Max) computed for allthe hazards j affected by the i-th considered measure. This value iscomputed in relative terms respect to the original risk value.

C=Ei ¼CINV Maxisþ CE Maxi

DR%i Avg(19)

C/Ei in practice represents the average cost per unit percent riskreduction obtained by applying the i-th SM. Again the maximum,minimum, and average values of C/Ei can be computed and anEffectiveness Distribution Index can be evaluated

EDI ¼ ðC=Ei Max � C=Ei MinÞC=Ei Avg

(20)

which is the ratio of the SM cost-effectiveness variation range to theaverage cost-effectiveness level. If EDI is <1 then the scenario iscomplex because most SMs have similar cost-effectiveness and nopreferred SM can be identified. When instead EDI �1 the cost-effectiveness of available SMs is strongly variable and it is easy to

Table 6Safety Measures Effects Data.

SM Hazard Dp%min Dp%max DL%min DL%max

1 2 0 0.2 0.2 0.44 0.5 0.9 0.05 0.75 0.2 0.3 0.5 0.77 0.1 0.5 0.4 0.88 0.2 0.4 0.3 0.9

2 1 0.1 0.4 0.02 0.16 0.5 0.6 0.2 0.87 0.05 0.25 0.25 0.458 0.1 0.3 0.1 0.5

3 1 0.05 0.2 0.2 0.42 0.05 0.1 0.1 0.43 0.1 0.5 0.2 0.34 0.2 0.3 0.1 0.55 0.4 0.45 0.2 0.46 0.5 0.7 0.1 0.47 0.4 0.8 0.1 0.58 0.3 0.9 0.05 0.5

4 1 0.02 0.1 0.13 0.43 0.1 0.5 0.1 0.64 0.2 0.3 0.2 0.35 0.4 0.45 0.1 0.88 0.2 0.8 0.3 0.6

5 2 0.25 0.45 0 0.23 0.1 0.5 0.05 0.25 0.2 0.4 0.05 0.9

point out the preferred measure, thus leading to an easy decisionmaking scenario.

In conclusion we may face a complex scenario when RDI is low,MI is high, and EDI is low. The opposite is true for an easy scenario.The proposed method fully demonstrates its capabilities incomplex scenarios.

6. Application Example

In order to show the utilization of the proposed method, a briefnumerical example is presented here. This example refers toa fictitious and very small scale application, and is only illustrativeof the potential of the method when applied to real life large scaleproblems. In particular, the size of this sample problem is by nomeans representative of the dimension of real life problemsencountered when choosing safety measures in industrial plants,and it is not meant to be representative of an actual industrial casestudy. We deliberately chose a small size example just to show thateven in case of small sized problems, the solution of which couldeven be attempted by a manual approach, it is not straightforwardto find the optimal solution when there is no explicit dominantsolution. Therefore, we split the application example in two andmake a numerical simulation in both an “easy” scenario anda “difficult” one. However, the proposed method can be applied toproblems of virtually any size likely to be encountered in industrialpractice.

6.1. Easy scenario case

Let us consider a plant where eight different hazards hold asshown in Table 1, which also indicates the initial accident proba-bility, the monetary loss and the expected annual loss which isrepresentative of the risk level. In this case the expected monetaryloss from each hazard ranges over five orders of magnitude, withthe average expected loss being about 14.5 k€ and a total expectedloss of about 116 k€/yr.

In this case RDI > 1 which means an easy scenario. In fact, it isclearly recognized that Hazard #1 and #3 are dominant. Table 2instead shows the potentially applicable SMs along with their

SM Hazard Dp%min Dp%max DL%min DL%max

6 0.05 0.25 0.5 0.77 0.1 0.4 0.1 0.28 0.5 0.6 0.05 0.4

6 2 0.1 0.9 0.1 0.33 0.02 0.1 0.2 0.37 0.1 0.5 0.1 0.8

7 3 0.2 0.3 0.05 0.24 0.2 0.5 0.4 0.455 0.05 0.2 0.5 0.76 0.13 0.48 0.02 0.17 0.1 0.15 0.4 0.88 0.3 0.5 0.3 0.9

8 1 0.1 0.6 0.25 0.453 0.2 0.3 0.1 0.95 0.1 0.8 0.02 0.17 0.3 0.6 0.1 0.58 0.05 0.1 0.05 0.25

9 3 0.05 0.9 0.05 0.55 0.2 0.4 0.1 0.96 0.05 0.25 0.25 0.457 0.1 0.3 0.1 0.58 0.05 0.2 0.2 0.4

10 3 0.1 0.2 0.13 0.485 0.05 0.4 0.1 0.6

Total Annual Cost [€/yr]

60000

80000

100000

120000

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551550

cost data. Finally, Table 3 shows the percent risk reduction potentialof the available SMs. According to Table 3 effects data, each SMaffects on average 1.8 hazards (MI ¼ 1.8), a fairly low value. Whilethe data from Tables 2 and 3 have a value of EDIw1.9, which is veryhigh. Both values confirm that this is an easy scenario. In fact, it’sstraightforward to identify that Critical Hazard #1 can be actedupon only by applying SM #3, while Critical Hazard #3 can be actedupon by applying only SM #7 and SM #10. However, SM #7 is moreeffective because it can determine a higher risk reduction that SM#10 but with a lower implementation cost. Therefore, a plantmanger would utilize the available budget by enforcing SM #3 andpossibly SM #7 to the maximum allowed level.

400000 50 100 150 200

Generation

Fig. 12. Simulation Results for “Complex” Scenario.

6.2. Complex scenario case

In this scenario the hazards and SMs data of Tables 4, 5, and 6apply. One can observe that the expected monetary loss rangesover only two orders of magnitude, while the average expected lossis about 13.7 k€/yr. The RDI is lower than the previous case whichmeans a more complex scenario as most hazards have similar riskvalues and the highest risk hazards (#1 and #8) have a risk valueonly marginally higher than the average. On average, each of theten available SMs affect about five hazards (MI ¼ 4.8), a fairly highvalue, while the data from Tables 5 and 6 have a value of EDI w0.4,which is quite low. Both values confirm that this is a complexscenario. In fact as soon as one tries to slightly reduce risk of thetwo most relevant hazards, the other hazards immediately becomecritical and it is difficult to identify the most effective set of SMs tobe applied.

The GA was run with a maximum number of generationsN_MAX ¼ 200, a crossover probability of 0.7, and a mutationprobability of 0.001, while the population was formed by 100individuals. The above values are within the ranges suggested inthe literature, and have been fine tuned during a number ofexperiments in which the parameters values were changed untila satisfactory set was obtained with respect to solution quality andspeed of convergence.

Figs. 11 and 12 show the convergence trends for 10 separatesimulation runs in both scenarios. In case of the easy scenario(Fig. 11) the initial expected annual cost of accidents without anySM applied was 115930 €/yr, while the minimum total safety-related cost value was found to be 73084 €/yr. This corresponds tothe application of only SM #3 at an intensity I1 ¼ 100%. This waslargely expected as Critical Hazard #1 could be acted upon only byapplying SM #3. Furthermore, just to mitigate Hazard #1 proved tobe enough to minimize costs, while applying SM #7 to mitigate

Total Annual Cost [€/yr]

60000

100000

140000

180000

220000

0 50 100 150 200Generation

Fig. 11. Simulation Results for the “Easy” Scenario.

Hazard #3 proved not to be cost-effective. It is worth noting that inthe easy case the GA rapidly converged to the solution in less than30 generations. In the complex scenario (Fig. 12), much moregenerations were required to converge to the optimal result. Theinitial cost without SMs was 110,100 €/yr while the minimum costwas found to be 54,209 €/yr obtained by applying SM #2 and SM#4both at an intensity I ¼ 80%. This optimal solutionwould have beenmuch more difficult to guess based on the above data without theresort to the proposed optimization algorithm.

7. Conclusions

In this paper an innovative method for searching the economicoptimum risk level has been presented. The methodology relies ona formulation enabling the minimization of total safety-relatedcosts, including investment and operating expenses of adoptedsafety measures and expected monetary loss from accidents. Theobjective functionminimization is pursued by resorting to a geneticalgorithm which selects the best mix of safety measures byfactoring in the cost and risk reduction potential of each candidatesafety measure. The method requires the knowledge of the initialaccident probability and magnitude of the economic loss prior toapplying any new safety measure, as well as the estimation of thecost of the candidate safety measures and the extent to which anysafety measure can reduce the accident probability or the economicloss. In the paper a new set of indices has been also introduced tocategorize the complexity of the decision scenario. This will proveuseful to practitioners in order to assess whether or not it isappropriate to utilize the proposed optimization method. In factthe computer tool, although very powerful and effective, relies onfairly detailed knowledge about the characteristics of the hazardsand the candidate SMs. Such quantitative information might notalways be readily available and require considerable preparatorywork to be gathered. Therefore, the proposed model finds the bestapplication potential in complex scenarios where no dominanthazard and safety measures can be readily identified.

The utilization of themethod enables one to choose the best mixof safety measures to obtain the optimal risk level or a predefinedrisk level at minimum cost, or even obtain the maximum riskreduction within the constraint of a given budget. Therefore, themethod is mainly focused on the selection and design of safetysystems in industrial plants contributing to the optimal allocationof available resources during the risk minimization process. In thisrespect this novel approach to economic optimization of the safetylevel can represent a valuable tool for the safety analyst and plantdesigner. At present the proposed model is deterministic. This can

A.C. Caputo et al. / Journal of Loss Prevention in the Process Industries 24 (2011) 541e551 551

be considered as a limitation given that the quantification of costsand accident probabilities is difficult, and economic scenarioparameters such as discount rate, capital recovery factor andequipment life have also stochastic nature. As a future research it isplanned to extend the model in the framework of a stochasticoptimization problem.

References

Andrews, J. D., & Bartlett, L. M. (2003). Genetic algorithm optimization of a fire-water deluge system. Quality and Reliability Engineering International, 19(1),39e52.

Antes, M. K., Miri, M. F., & Flamberg, S. A. (2001). Selection and design of cost-effective risk reduction systems. Process Safety Progress, 20(3), 197e203.

Arends, B. J., Jonkman, S. N., Vrijling, J. K., & van Gelder, P. H. A. J. M. (2005). Eval-uation of tunnel safety: towards an economic safety optimum. ReliabilityEngineering and System Safety, 90, 217e228.

Avner, B. Y. (2004). Cost-optimization heuristic algorithm in safety engineering.International Journal of Production Economics, 91, 149e164.

Boyabatli, O., & Sabuncuoglu, I. (2004). Parameter selection in genetic algorithms.Journal of Systemics, Cybernetics and Informatics, 2(4), 78e83.

Burke, E. K., & Kendall, G. (Eds.). (2005). Search methodologies. Introductory tutorialsin optimization and decision support techniques. Springer.

Caputo AC, Palumbo M, Pelagagge PM. Economic Optimization of Industrial SafetyUsing Genetic Algorithms. In: Proc. 24th International System Safety Confer-ence (ISSC 2006). Albuquerque, USA, July 30-August 4 2006.

Caputo AC. A novel set of ranking indices for effective selection of safety measures.In: Proc. 26th International System Safety Conference ISSC 2008. Vancouver,25e29 August 2008.

Caputo A., Palumbo M, Pelagagge PM. A Software Tool for Economic Optimization ofIndustrial Safety Measures. In: Proc. 26th International System Safety Confer-ence (ISSC 2008). Vancouver, Canada, 25e29 August 2008.

Caputo AC, Palumbo M, Salini P. Safety-based Process Plant Layout Using GeneticAlgorithms. In: Proc. 25th International System Safety Conference (ISSC 2007).Baltimore, 13e17 August 2007.

Caputo, A. C., Palumbo, M., & Tartaglia, R. (2004). Fault tree analysis for riskassessment in the Borexino experiment. Process Safety Progress, 23(2),121e131.

Caputo AC, Pelagagge PM, Salini P. A Multicriteria Knapsack Approach to EconomicOptimization of Industrial Safety Measures. In: Proc. 27th International SystemSafety Conference (ISSC 2009). Huntsville, USA, 3e7 August 2009.

Castell, C. M. L., Lakshmanan, R., Skilling, J. M., & Banares-Alcantara, R. (1998).Optimisation of process plant layout using genetic algorithms. Computers andChemical Engineering, 22, S993eS996.

Coello, C. (2000). An updated survey of GA-based multiobjective optimizationtechniques. ACM Computing Surveys, 32(2), 109e143.

Davis, L. (1991). Handbook of genetic algorithms. USA: Van Nostrand Reinhold.DeJong KA, Spears WM. An analysis of the interacting roles of population size and

crossover in genetic algorithms. In: Proc. First Workshop Parallel ProblemSolving from Nature, Springer-Verlag, Berlin, 1990: 38e47.

El-Rayes, K., & Khalafallah, A. (2005). Trade-off between safety and cost in planningconstruction site layouts. Journal of Construction Engineering and Management,131(11), 1186e1195.

Forrest, S. (1993). Genetic algorithms: principles of natural selection applied tocomputation. Science, 261, 872e878.

Furuta, H., Kameda, T., Fukuda, Y., & Frangopol, D. M. (2003). Life-cycle cost analysisfor infrastructure systems: life-cycle cost vs. safety level vs. service life. Life-Cycle Performance of Deteriorating Structures, 19e25.

Giuggioli Busacca, P., Marseguerra, M., & Zio, E. (2001). Multiobjective optimizationby genetic algorithms: application to safety systems. Reliability Engineering andSystem Safety, 72(1), 59e74.

Goldberg, D. E. (1989). Genetic algorithms in search, optimization and machinelearning. USA: Addison-Wesley.

Goldberg, D. E., & Deb, K. (1991). A comparative analysis of selection schemes usedin GAs. In G. Rawlins (Ed.), Foundations of GAs (pp. 69e93). San Mateo, CA:Morgan Kaufmann.

Goldberg, D. E., Deb, K., & Clark, J. H. (1992). Genetic algorithms, noise, and thesizing of populations. Complex Systems, 6, 333e362.

Grefenstette, J. J. (1986). Optimization of control parameters for genetic algorithm.IEEE Trans. Systems, Man, and Cybernetics, SMC-16(1), 122e128.

Haupt, R., & Haupt, S. E. (1998). Practical genetic algorithms. John Wiley & Sons.Holland, J. (1992). Genetic algorithms. Scientific American, 66e72.Jongejan, R. B., & Vrijling, J. K. (2009). The optimization of system safety: rationality,

insurance, and optimal protection. In Martorell., et al. (Eds.), Safety, reliabilityand risk analysis: theory, methods and applications. London: Taylor & Francis.

Koza, J., Bennett, F., Andre, D., & Keane, M. (1999). Genetic programming III:Darwinian invention and problem solving. Morgan Kaufmann Publishers.

Koza, J., Keane, M., Streeter, M., Mydlowec, W., Yu, J., & Lanza, G. (2003). Geneticprogramming IV: Routine human-competitive machine intelligence. KluwerAcademic Publishers.

Kumral, M. (2005). Reliability-based optimisation of a mine production systemusing genetic algorithms. Journal of Loss Prevention in the Process Industries,18(3), 186e189.

Lapa, C. M. F., Pereira, C. M. N. A., & Mol, A. C. D. A. (2000). Maximization of a nuclearsystem availability through maintenance scheduling optimization usinga genetic algorithm. Nuclear Engineering and Design, 196(2), 219e231.

Liu, M., & Frangopol, M. (2005). Multiobjective maintenance planning optimizationfor deteriorating bridges considering condition, safety, and life-cycle cost.Journal of Structural Engineering, 131(5), 833e842.

Marseguerra, M., & Zio, E. (2000). Optimizing maintenance and repair policies viaa combination of genetic algorithms and Monte Carlo simulation. ReliabilityEngineering and System Safety, 1, 69e83.

Marseguerra, M., Zio, E., & Podofillini, L. (2004). A multiobjective genetic algorithmapproach to the optimization of the technical specifications of a nuclear safetysystem. Reliability Engineering and System Safety, 84(1), 87e99.

Martorell, S., Sánchez, A., Carlos, S., & Serradell, V. (2004). Alternatives and chal-lenges in optimizing industrial safety using genetic algorithms. ReliabilityEngineering and System Safety, 86(1), 25e38.

Martorell, S., Villanueva, J. F., Carlos, S., Nebot, Y., Sánchez, A., Pitarch, J. L., et al.(2005). RAMSþC informed decision-making with application to multi-objectiveoptimization of technical specifications and maintenance using genetic algo-rithms. Reliability Engineering and System Safety, 87(1), 65e75.

Mitchell, M. (1996). An introduction to genetic algorithms. USA: MIT Press.Pattison, R. L., & Andrews, J. D. (1999). Genetic algorithms in optimal safety system

design. Proceedings of the Institution of Mechanical Engineers, Part E: Journal ofProcess Engineering, 213(3), 187e197.

Rao, S. S. (1984). Optimization theory and applications. USA: Wiley.Rardin, R. L. (1998). Optimization in operations research. Prentice Hall International.Ravindran, A., Ragsdell, K. M., & Reklaitis, G. V. (2006). Engineering optimization:

methods and applications. John Wiley & Sons.Reniers, G. L. L., & Audenaert, A. (2009). Chemical plant innovative safety invest-

ment decision-support methodology. Journal of Safety Research, 40(6), 411e419.Reniers, G. L. L., & Soudan, K. (2003). Risicoanalyse procedures in de scheikundige

nijverheid:resultaten van kwalitatief onderzoek bij 24 chemische plants.Economisch en Sociaal Tijdschrift, (3), 57.

Smith, R. (2005). Chemical process design and integration. Chapter 3. Optimization(pp. 47e48). USA: Wiley.

Van Dantzig, D. (1956). Economic decision problems for flood prevention. Econo-metrica, 24, 276e287.

Vrijling, J. K., van Hengel, W., & Houben, R. J. (1998). Acceptable risk as a basis fordesign. Reliability Engineering and System Safety, 59, 141e150.

Wymore, A. W. (1993). Model based systems engineering. USA: CRC Press.Yang, J. E., Sung, T. Y., & Jin, Y. (2000). Optimization of the surveillance test interval

of the safety systems at the plant level. Nuclear Technology, 132(3), 352e365.

Antonio C. Caputo, Ph.D. University of Roma Tre, Department of Mechanical andIndustrial Engineering, Faculty of Engineering, Via della Vasca Navale 79, 00146 Roma,Italy, Tel e (þ39) 0657333546. acaputo@uniroma3.it. Dr. Caputo was born in Genova,Italy on June 22, 1966. He received his Master’s degree in Mechanical Engineering fromthe University of Roma, La Sapienza, in 1991. In 1995 he obtained a Ph.D. degree inMechanical Engineering and joined the Faculty of Engineering at the University ofL’Aquila, Italy, where in 2006 he was appointed full professor in Industrial & PlantEngineering. From 2010 he moved to the University of Roma Tre. In 1991e92 he servedas a volunteer in the Italian National Corps of Firefighters. His primary researchinterests include design of manufacturing systems, industrial logistics, productionplanning and control, industrial safety.

Mario Palumbo, University of L’Aquila, Department of Mechanical, Energy andManagement Engineering, Faculty of Engineering, Zona Industriale di Pile,67100 L’Aquila, Italy. Tel e (þ39) 0862 434723; fax e (þ39) 0862434303. mario.palumbo@univaq.it. Dr. Palumbo received his Master’s degree in Mechanical Engi-neering from the University of L’Aquila in 1990. He immediately joined, as a researchassistant, the Faculty of Engineering at the University of L’Aquila, Italy, where he iscurrently an associate professor in Industrial & Plant Engineering. In 1991e92 heserved as an officer in the Technical Corp of the Italian Army. His primary researchinterests include design of manufacturing systems, plant automation, and industrialsafety.

Pacifico M. Pelagagge, University of L’Aquila, Department of Mechanical, Energy andManagement Engineering, Faculty of Engineering, Zona Industriale di Pile,67100 L’Aquila, Italy. Tel e (þ39) 0862 434316; Fax e (þ39) 0862434303. e pacifico.pelagagge@univaq.it. Dr. Pelagagge was born in Palermo, Italy on June 21, 1956. Hereceived his Master’s degree in Chemical Engineering from the University of L’Aquila in1979. In 1980 he joined the faculty at the University of L’Aquila as an assistantprofessor, to become associate professor in 1987. He is currently a full professor inIndustrial Plants at the same University. He served 2 years as an officer in the ItalianNavy and thenworked for the Italsiel Software Co. as a consultant engineer. His currentresearch interests include design and simulation of manufacturing systems, productionand operations management and plant utilities.