{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T00:15:57Z","timestamp":1780618557770,"version":"3.54.1"},"reference-count":69,"publisher":"ASME International","issue":"4","content-domain":{"domain":["asmedigitalcollection.asme.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,12,1]]},"abstract":"<jats:p>Simulation-based methods are emerging to address the challenges of complex systems risk assessment, and this paper identifies two problems related to the use of such methods. First, the methods cannot identify new hazards if the simulation model builders are expected to foresee the hazards and incorporate the abnormal behavior related to the hazard into the simulation model. Therefore, this paper uses the concept of deviation from design intent to systematically capture abnormal conditions that may lead to component failures, hazards, or both. Second, simulation-based risk assessment methods should explicitly consider what expertise is required from the experts that build and use the simulation models\u2014the transfer of the methods to real engineering practice will be severely hindered if they must be performed by persons that are expert in domain safety as well as advanced computer simulation-based methods. This paper addresses both problems in the context of the functional failure identification and propagation (FFIP) method. One industrially established risk assessment method, hazard and operability study (HAZOP), is harnessed to systematically obtain the deviations from design intent in the application under study. An information system presents a user interface that is understandable to HAZOP professionals, so that their inputs are transparently entered to a data model that captures the deviations. From the data model, instructions for configuring FFIP simulation models are printed in a form that is understandable for FFIP experts. The method is demonstrated for discovering a hazard resulting from system-wide fault propagation in a boiling water reactor case.<\/jats:p>","DOI":"10.1115\/1.4030385","type":"journal-article","created":{"date-parts":[[2015,4,17]],"date-time":"2015-04-17T17:57:31Z","timestamp":1429293451000},"update-policy":"https:\/\/doi.org\/10.1115\/crossmarkpolicy-asme","source":"Crossref","is-referenced-by-count":8,"title":["Capturing Deviations From Design Intent in Building Simulation Models for Risk Assessment"],"prefix":"10.1115","volume":"15","author":[{"given":"Heikki","family":"Nikula","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering and Automation, Aalto University, P.O. Box 15500, Espoo FI-00076, Finland e-mail:"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Seppo","family":"Sierla","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Automation, Aalto University, P.O. Box 15500, Espoo FI-00076, Finland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bryan","family":"O'Halloran","sequence":"additional","affiliation":[{"name":"Raytheon Missile Systems, Reliability and Systems Safety Engineering Lead, 1151 E Hermans Road, Tucson, AZ 85756 e-mail:"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tommi","family":"Karhela","sequence":"additional","affiliation":[{"name":"VTT Technical Research, Centre of Finland, P.O. Box 1000, Espoo 02044, Finland e-mail:"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"33","published-online":{"date-parts":[[2015,11,6]]},"reference":[{"key":"2019100315371699600_bib1","unstructured":"Jensen, D., Tumer, I., and Kurtoglu, T., 2009, \u201cFlow State Logic (FSL) for Analysis of Failure Propagation in Early Design,\u201d ASME Paper No. DETC2009-87064.10.1115\/DETC2009-87064"},{"issue":"4","key":"2019100315371699600_bib2","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/s00163-013-0156-2","article-title":"Common Cause Failure Analysis of Cyber-Physical Systems Situated in Constructed Environments","volume":"24","year":"2013","journal-title":"Res. Eng. Des."},{"issue":"5","key":"2019100315371699600_bib3","doi-asserted-by":"publisher","first-page":"051401","DOI":"10.1115\/1.2885181","article-title":"A Graph-Based Fault Identification and Propagation Framework for Functional Design of Complex Systems","volume":"130","year":"2008","journal-title":"Mech. Des."},{"key":"2019100315371699600_bib4","volume-title":"System Safety: Hazop and Software Hazop","year":"1999"},{"key":"2019100315371699600_bib5","volume-title":"Fault Tree Handbook","year":"1987"},{"key":"2019100315371699600_bib6","volume-title":"61025: Fault Tree Analysis","year":"1990"},{"key":"2019100315371699600_bib7","volume-title":"Fault Tree Analysis\u2014A History","year":"1999"},{"key":"2019100315371699600_bib8","volume-title":"Engineering Reliability-New Techniques and Applications","year":"1981"},{"key":"2019100315371699600_bib9","volume-title":"Failure Mode and Effect Analysis: FMEA From Theory to Execution","year":"2003"},{"key":"2019100315371699600_bib10","volume-title":"Mil-Std-1629a\u2014Procedures for Performing a Failure Mode Effect and Criticality Analysis","author":"Government, U. S.","year":"1980"},{"key":"2019100315371699600_bib11","volume-title":"Reliability Engineering and Risk Analysis a Practical Guide","year":"2010"},{"key":"2019100315371699600_bib12","volume-title":"Reliability Modeling, Prediction, and Optimization","year":"2000"},{"issue":"5","key":"2019100315371699600_bib13","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1108\/02656719610118151","article-title":"Failure Mode and Effects Analysis: An Integrated Approach for Product Design and Process Control","volume":"13","year":"1996","journal-title":"Int. J. Qual. Reliab. Manage."},{"key":"2019100315371699600_bib14","volume-title":"What Every Engineer Should Know About Risk Engineering and Management","year":"2000"},{"issue":"1","key":"2019100315371699600_bib15","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/S0165-0114(98)00288-7","article-title":"A Fuzzy Set Approach for Event Tree Analysis","volume":"118","year":"2001","journal-title":"Fuzzy Sets Syst."},{"issue":"1","key":"2019100315371699600_bib16","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/24.75348","article-title":"Event-Tree Analysis by Fuzzy Probability","volume":"40","year":"1991","journal-title":"IEEE Trans. Reliab."},{"issue":"5","key":"2019100315371699600_bib17","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1016\/j.psep.2009.07.003","article-title":"Handling Data Uncertainties in Event Tree Analysis","volume":"87","year":"2009","journal-title":"Process Saf. Environ. Prot."},{"key":"2019100315371699600_bib18","volume-title":"Probabilistic Safety Assessment in the Chemical and Nuclear Industries","year":"2000"},{"key":"2019100315371699600_bib19","volume-title":"Probabilistic Risk Analysis: Foundations and Methods","year":"2001"},{"key":"2019100315371699600_bib20","volume-title":"Probabilistic Risk Assessment of Engineering Systems","year":"1997"},{"key":"2019100315371699600_bib21","volume-title":"Probabilistic Risk Assessment: What Is It and Why Is It Worth It?","year":"2000"},{"key":"2019100315371699600_bib22","volume-title":"Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners","year":"2002"},{"key":"2019100315371699600_bib23","volume-title":"Probabilistic Risk Assessment and Management for Engineers and Scientists","year":"1996"},{"issue":"5","key":"2019100315371699600_bib24","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1109\/TC.2004.1275294","article-title":"Epic: Profiling the Propagation and Effect of Data Errors in Software","volume":"53","year":"2004","journal-title":"IEEE Trans. Comput."},{"key":"2019100315371699600_bib25","doi-asserted-by":"crossref","unstructured":"Remenyte-Prescott, R., and Andrews, J. D., 2011, \u201cModeling Fault Propagation in Phased Mission Systems Using Petri Nets,\u201d Proceedings of the Reliability and Maintainability Symposium (RAMS), Lake Buena Vista, FL, pp. 1\u20136.","DOI":"10.1109\/RAMS.2011.5754451"},{"key":"2019100315371699600_bib26","unstructured":"Han, G.-C., Sun, S.-D., Si, S.-B., and Fu, P., 2005, \u201cResearch on Model of Fault Diagnosis and Propagation in Complex System,\u201d Proceedings of the Computer Integrated Manufacturing Systems, (CIMS)."},{"key":"2019100315371699600_bib27","doi-asserted-by":"crossref","unstructured":"Ness, P. S., Bereket, D., Hakimi, M., Uthus, T., and Chakravarty, A., 1989, \u201cKnowledge Based Tool for Failure Propagation Analysis,\u201d Proceedings of the American Control Conference, Pittsburgh, PA, pp. 344\u2013348.","DOI":"10.23919\/ACC.1989.4790216"},{"issue":"2","key":"2019100315371699600_bib28","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/s00163-011-0117-6","article-title":"Cognitive Map-Based System Modeling for Identifying Interaction Failure Modes","volume":"23","year":"2012","journal-title":"Res. Eng. Des."},{"key":"2019100315371699600_bib29","doi-asserted-by":"crossref","unstructured":"Mohamed, A., and Zulkernine, M., 2008, \u201cOn Failure Propagation in Component-Based Software Systems,\u201d Proceedings of the Eighth International Conference on Quality Software, Oxford, UK, pp. 402\u2013411.","DOI":"10.1109\/QSIC.2008.46"},{"issue":"6","key":"2019100315371699600_bib30","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1049\/cce:19970607","article-title":"Error Propagation Analysis for Cots Systems","volume":"8","year":"1997","journal-title":"Comput. Control Eng."},{"key":"2019100315371699600_bib31","unstructured":"Nassar, D. M., Shereshevsky, M., Gradetsky, N., Gunnalan, R., Ammar, H. H., Yu, B., and Mili, A., 2004, \u201cError Propagation in Software Architectures,\u201d Proceedings of the Tenth International Symposium on Software Metrics, Chicago, IL, pp. 384\u2013393."},{"key":"2019100315371699600_bib32","doi-asserted-by":"crossref","unstructured":"Hiller, M., Jhumka, A., and Suri, N., 2001, \u201cAn Approach for Analyzing the Propagation of Data Errors in Software,\u201d Proceedings of the International Conference on Dependable Systems and Networks, Washington, DC, pp. 161\u2013170.","DOI":"10.1109\/DSN.2001.941402"},{"key":"2019100315371699600_bib33","volume-title":"Propane: An Environment for Examining the Propagation of Errors in Software","year":"2002"},{"key":"2019100315371699600_bib34","doi-asserted-by":"crossref","unstructured":"Ge, X., Paige, R. F., and Mcdermid, J. A., 2009, \u201cProbabilistic Failure Propagation and Transformation Analysis,\u201d Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security, Hamburg, Germany, pp. 215\u2013228.","DOI":"10.1007\/978-3-642-04468-7_18"},{"issue":"3","key":"2019100315371699600_bib35","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1115\/IMECE2003-41593","article-title":"Modular Architectural Representation and Analysis of Fault Propagation and Transformation","volume":"141","year":"2005","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"2019100315371699600_bib36","doi-asserted-by":"publisher","DOI":"10.1115\/IMECE2003-41593","article-title":"Comparing Two Levels of Functional Detail for Mapping Historical Failures: You are Only as Good as Your Knowledge Base","year":"2005","journal-title":"ASME"},{"issue":"2","key":"2019100315371699600_bib37","first-page":"96","article-title":"Linking Product Functionality to Historic Failures to Improve Failure Analysis in Design","volume":"16","year":"2005","journal-title":"Res. Eng. Des."},{"issue":"1","key":"2019100315371699600_bib38","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/s00163-002-0024-y","article-title":"Analytical Methods for Mapping Function to Failure During High-Risk Component Development","volume":"14","year":"2003","journal-title":"Res. Eng. Des."},{"key":"2019100315371699600_bib39","unstructured":"Krus, D., and Lough, K. G., 2007, \u201cApplying Function-Based Failure Propagation in Conceptual Design,\u201d ASME Paper No. DETC2007-35475. 10.1115\/DETC2007-35475"},{"key":"2019100315371699600_bib40","doi-asserted-by":"crossref","unstructured":"Wang, K.-L., and Jin, Y., 2002, \u201cAn Analytical Approach to Functional Design,\u201d ASME Paper No. DETC2002\/DAC-34084. 10.1115\/DETC2002\/DAC-34084","DOI":"10.1115\/DETC2002\/DAC-34084"},{"key":"2019100315371699600_bib41","doi-asserted-by":"crossref","unstructured":"Huang, Z., and Jin, Y., 2008, \u201cStress and Conceptual Strength for Functional Design for Reliability,\u201d ASME Paper No. DETC2008-49347. 10.1115\/DETC2008-49347","DOI":"10.1115\/DETC2008-49347"},{"issue":"4","key":"2019100315371699600_bib42","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s00163-010-0086-1","article-title":"A Functional Failure Reasoning Methodology for Evaluation of Conceptual System Architectures","volume":"21","year":"2010","journal-title":"Res. Eng. Des."},{"key":"2019100315371699600_bib43","doi-asserted-by":"crossref","unstructured":"Papakonstantinou, N., Sierla, S., Tumer, I. Y., and Jensen, D. C., 2012, \u201cUsing Fault Propagation Analyses for Early Elimination of Unreliable Design Alternatives of Complex Cyber-Physical Systems,\u201d ASME Paper No. DETC2012-70241. 10.1115\/DETC2012-70241","DOI":"10.1115\/DETC2012-70241"},{"key":"2019100315371699600_bib44","unstructured":"Jensen, D., Tumer, I., and Kurtoglu, T., 2009, \u201cDesign of an Electrical Power System Using a Functional Failure and Flow State Logic Reasoning Methodology,\u201d Annual Conference of the Prognostics and Health Management Society, San Diego, CA."},{"key":"2019100315371699600_bib45","doi-asserted-by":"crossref","unstructured":"Jensen, D., Tumer, I. Y., and Kurtoglu, T., 2008, \u201cModeling the Propagation of Failures in Software-Driven Hardware Systems to Enable Risk-Informed Design,\u201d ASME Paper No. IMECE2008-68861. 10.1115\/IMECE2008-68861","DOI":"10.1115\/IMECE2008-68861"},{"issue":"8","key":"2019100315371699600_bib46","first-page":"1072","article-title":"Integrated Design and Analysis of Software-Driven Hardware Systems","volume":"60","year":"2010","journal-title":"IEEE Trans. Comput."},{"issue":"2","key":"2019100315371699600_bib47","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1016\/j.mechatronics.2012.01.003","article-title":"Early Integration of Safety to the Mechatronic System Design Process by the Functional Failure Identification and Propagation Framework","volume":"22","year":"2012","journal-title":"Mechatronics"},{"key":"2019100315371699600_bib48","doi-asserted-by":"crossref","unstructured":"Papakonstantinou, N., Jensen, D., Sierla, S., and Tumer, I., 2011, \u201cCapturing Interactions and Emergent Failure Behavior in Complex Engineered Systems and Multiple Scales,\u201d ASME Paper No. DETC2011-47767.10.1115\/DETC2011-47767","DOI":"10.1115\/DETC2011-47767"},{"issue":"1","key":"2019100315371699600_bib49","first-page":"179","article-title":"A Hierarchical Flight Planning Framework for Air Traffic Management","volume":"100","year":"2012","journal-title":"Proc. IEEE Spec. Issue CPS"},{"issue":"3","key":"2019100315371699600_bib50","doi-asserted-by":"publisher","first-page":"1081","DOI":"10.1016\/j.cie.2008.09.033","article-title":"Path Selection Model and Algorithm for Emergency Logistics Management","volume":"56","year":"2009","journal-title":"Comput. Ind. Eng."},{"issue":"6","key":"2019100315371699600_bib51","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1177\/0734904105052553","article-title":"Experimental Investigation on Smoke Propagation in a Transversely Ventilated Tunnel","volume":"23","year":"2005","journal-title":"J. Fire Sci."},{"issue":"3","key":"2019100315371699600_bib52","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1016\/S0029-5493(03)00106-7","article-title":"Probabilistic Simulation of Fire Scenarios","volume":"224","year":"2003","journal-title":"J. Nucl. Eng. Des."},{"issue":"S2","key":"2019100315371699600_bib53","article-title":"Band-Aide: A Tool for Cyber-Physical Oriented Analysis and Design of Body Area Networks and Devices","volume":"11","journal-title":"J. ACM Trans. Embedded Comput. Syst. (TECS)"},{"issue":"6","key":"2019100315371699600_bib54","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1061\/(ASCE)HY.1943-7900.0000543","article-title":"SPH Modeling of Shallow Flow With Open Boundaries for Practical Flood Simulation","volume":"138","year":"2012","journal-title":"J. Hydraul. Eng."},{"issue":"9","key":"2019100315371699600_bib55","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1061\/(ASCE)HY.1943-7900.0000219","article-title":"Flood Simulation Using a Well-Balanced Shallow Flow Model","volume":"136","year":"2010","journal-title":"J. Hydraul. Eng."},{"key":"2019100315371699600_bib56","doi-asserted-by":"crossref","unstructured":"Hossain, A. K. M. A., Jia, Y., Ying, X., Zhang, Y., and Zhu, T. T., 2011, \u201cVisualization of Urban Area Flood Simulation in Realistic 3D Environment,\u201d Proceedings of the World Environmental and Water Resources Congress, Palm Springs, CA, pp. 1973\u20131980.","DOI":"10.1061\/41173(414)207"},{"key":"2019100315371699600_bib57","unstructured":"Chen, Y., Zhu, D., and Zhao, J., 2004, \u201cSmall Basin Flash Flood Simulation With Topmodel,\u201d Proceedings of the International Conference of GIS and Remote Sensing in Hydrology, Water Resources and Environment (ICGRSHWE), Three Gorges Dam, China, pp. 41\u201349."},{"issue":"3","key":"2019100315371699600_bib58","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1016\/j.cageo.2010.04.011","article-title":"Forecasting and Visualization of Wildfires in a 3D Geographical Information System","volume":"37","year":"2011","journal-title":"Comput. Geosci."},{"key":"2019100315371699600_bib59","doi-asserted-by":"crossref","unstructured":"Ali, A. N. A., and Ariffin, J., 2011, \u201cModel Reliability Assessment: A Hydrodynamic Modeling Approach for Flood Simulation in Damansara Catchment Using Infoworks RS,\u201d Proceedings of the Advanced Materials Research Conference, Haikou, China, pp. 3769\u20133775.","DOI":"10.4028\/www.scientific.net\/AMR.250-253.3769"},{"key":"2019100315371699600_bib60","volume-title":"Failure Mode\/Mechanism Distribution 1997","year":"1997"},{"issue":"2\u20134","key":"2019100315371699600_bib61","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1515\/IJMSP.2000.3.2-4.77","article-title":"Representation of Functional Relations Among Parts and Its Applications to Product Failure Reasoning","volume":"3","year":"2000","journal-title":"J. Manuf. Sci. Prod."},{"key":"2019100315371699600_bib62","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1115\/1.1862678","article-title":"The Function-Failure Design Method","volume":"127","year":"2005","journal-title":"ASME J. Mech. Des."},{"issue":"1","key":"2019100315371699600_bib63","article-title":"The Risk in Early Design Method (Red)","volume":"18","year":"2007","journal-title":"J. Eng. Des."},{"key":"2019100315371699600_bib64","doi-asserted-by":"crossref","unstructured":"O'halloran, B. M., Stone, R. B., and Tumer, I. Y., 2011, \u201cLink Between Function-Flow Failure Rates and Failure Modes for Early Design Stage Reliability Analysis,\u201d ASME Paper No. IMECE2011-63110. 10.1115\/IMECE2011-63110","DOI":"10.1115\/IMECE2011-63110"},{"key":"2019100315371699600_bib65","doi-asserted-by":"crossref","unstructured":"O'halloran, B. M., Stone, R. B., and Tumer, I. Y., 2013, \u201cDeveloping New Design Requirements to Reduce Failures in Early Complex Systems Design,\u201d ASME Paper No. DETC2013-12626. 10.1115\/DETC2013-12626","DOI":"10.1115\/DETC2013-12626"},{"issue":"12","key":"2019100315371699600_bib66","first-page":"2194","article-title":"Research on Hazard Identification of Turbo-Fan Engine Digital Control Systems Based on Functional Hazard Analysis","volume":"32","year":"2011","journal-title":"Chin. Soc. Aeronaut. Astronaut."},{"issue":"2","key":"2019100315371699600_bib67","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/s00163-001-0008-3","article-title":"A Functional Basis for Engineering Design: Reconciling and Evolving Previous Efforts","volume":"13","year":"2002","journal-title":"Res. Eng. Des."},{"key":"2019100315371699600_bib68","author":"VTT","year":"2013"},{"key":"2019100315371699600_bib69","volume-title":"A Companion Model Approach to Modelling and Simulation of Industrial Processes","year":"2005"}],"container-title":["Journal of Computing and Information Science in Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4030385\/6100954\/jcise_015_04_041011.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4030385\/6100954\/jcise_015_04_041011.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,22]],"date-time":"2025-05-22T17:57:41Z","timestamp":1747936661000},"score":1,"resource":{"primary":{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article\/doi\/10.1115\/1.4030385\/370320\/Capturing-Deviations-From-Design-Intent-in"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,6]]},"references-count":69,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,12,1]]}},"URL":"https:\/\/doi.org\/10.1115\/1.4030385","relation":{},"ISSN":["1530-9827","1944-7078"],"issn-type":[{"value":"1530-9827","type":"print"},{"value":"1944-7078","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,11,6]]},"article-number":"041011"}}