NASA engineers expect their re-evaluation of all crucial space shuttle components to result in redesigns for a number of parts in addition to the booster rocket seals suspected of causing the explosion of the Challenger, the space agency's second-ranking engineer says.

But the agency has no plans to fundamentally change the way its officials and contractors assess the risks posed by the failure of critical shuttle parts and decide which ones should have backup equipment, said Haggai Cohen, NASA's deputy chief engineer, in an interview last week.

Questions about NASA's main risk-assessment method resurfaced on Monday when the agency released information detailing 748 individual "failure modes" on a shuttle. They represent the ways that different parts, without backup equipment, might fail and result in the loss of spacecraft and crew.

A 2-year-old consultant's study, which was made public in February, had said NASA's key method of assessing risks was inadequate and had major problems.

NASA officials used their disclosure of the 748 "criticality 1" items on a shuttle to explain and defend their risk-assessment method.

They also seized the occasion to downplay concerns about the size of that list, saying it only demonstrates how thorough NASA's safety reviews are.

More important than the sheer number of potentially disastrous failures, Cohen and other NASA engineers emphasized, is the assurance that the painstaking evaluations needed to produce a list that long almost certainly had not overlooked any of the most critical items.

It would be much worse not to know in advance about a shuttle part that might fail catastrophically, they contended, than to know enough about a large number of them to feel confident they do not need a backup.

Even so, astronaut Sally Ride was reportedly incredulous when the rough estimate of about 900 such critical items - pinpointed last week at 748 - was revealed earlier in hearings of the presidential commission investigating the Challenger disaster. Ride is a member of the panel.

Echoing that concern, a veteran shuttle engineer, who asked not to be identified, said after the updated list was released that "it is a little scary how many `criticality 1' items there are."

"It's not surprising how that comes as a surprise to people" - even people involved in the shuttle program, Cohen said. "The number has been known and presented (within NASA). That doesn't mean one's attention was directed to it."

He said he suspected that a similar analysis of an automobile probably would produce a surprisingly large number for items that could wreck a car and kill its passengers.

NASA officials said no backup could be provided for 131 of the shuttle's 748 "criticality 1" items, and rigorous safety reviews showed no backup had to be required for the other 617 items.

The O-rings in the booster rocket seals that investigators believe leaked hot gases and caused the Challenger explosion had received such a "waiver" from the general requirement for a backup for crucial shuttle parts.

Some of the decisions for not requiring backups for critical items have been re-examined during the course of the shuttle program, but the project that was just started will be the first comprehensive re-review, Cohen said.

Engineers for NASA and its contractors, as well as outside experts, will be involved in the project, he said, and backup equipment probably will be recommended for some of the critical items that do not have it now, even though they may have played no role in the Challenger accident.

"That is definitely one of the expected results," Cohen said - that there "would be some design changes that are prudent. You don't go through this kind of a trauma and ignore those kinds of things a re-look tells you that you ought to do."

The review teams will also be searching for any critical items that previous NASA reviews may have overlooked, he said.

Despite indications that some members of Congress may be reluctant to approve the administration's entire budget request for NASA, Cohen said "we'll fight for the money" to make shuttle changes that go beyond the cause of the Challenger explosion.

But the agency does not intend to change the way it analyzes shuttle risks, Cohen said, although some experts have suggested in recent weeks that another technique - widely used in the nuclear power industry and gaining favor in other high-risk technologies - might offer NASA some extra advantages its own approach lacks.

The question of the different risk-assessment methods' relative merits was highlighted last month with the revelation that NASA had received a consultant's report in 1983 that strongly criticized its safety planning for the shuttle.

The study said the chance of a catastrophic accident involving the solid rocket boosters was 1 in 35 - roughly the same risk calculated for test pilots. The fatal Challenger mission was the 25th shuttle flight.

The report also criticized NASA for relying largely on a method of risk assessment that concentrates on "failure modes" and does not calculate probabilities of accidents in precise numerical terms.

This method identifies the possible "worst-case" effects of different "failure modes," or ways that critical parts can malfunction.

The other main method of risk assessment, which the study recommended, develops "fault trees" - tree-like diagrams that trace possible accidents to their various causes - and involves numerical estimates of an accident's probability.

Cohen said there was no particular reason NASA has mainly used "failure-mode" analysis instead of the numerical "fault-tree" approach, except that "failure-mode" assessment is "a tried and true technique."

"We felt its primary purpose was to illuminate failure modes that we wanted to spend time and efforts on, because of their effects. It has worked well," he said.

" `Fault-tree' analysis does much the same things. There's no huge difference in our opinion. It's not even an argument worth spending much time on. What's necessary is whether a technique illuminates the problems."

"Failure-mode" analysis illustrates the ways a certain piece of shuttle hardware can fail and what the `worst-case' consequences can be, Cohen said.

Other risk-assessment experts, including some NASA officials, have said the "fault-tree" method is more thorough. But it, too, has problems, some of them say.

While calculation of the precise probabilities of equipment failure may give an explicit picture of a risk and sharpen analytical thinking, there are certain parts of a complex technological system that defy realistic numerical estimates - particularly the humans in that system, said Baruch Fischoff, an experimental psychologist in Eugene, Ore. He specializes in studying people's perceptions of risk and the ways humans interact with computers.

The uncertainties that inevitably surround the human element in a complex system are especially important in the analysis of the Challenger disaster, he said, because of warnings by Morton Thiokol engineers about the O-rings that were later overruled by their superiors after discussions with NASA officials.

"It looks like the problems in Challenger were in the management," Fischoff said. "That is, there was some kind of distributed decision-making in different places, with different guidelines. I would guess no one really knew what was happening. It was a failure of the system as a whole. Those kinds of things are very difficult to put an absolute probability on."

Peter E. Glaser, vice president for advanced technology for Arthur D. Little Inc., said "fault-tree" analysis, although it is increasingly being embraced by the chemical industry to avoid accidents like the disastrous chemical leak in Bhopal , India, is "not the whole answer."

"One has to understand the safety implications of organizational and management behavior," said Glaser, who has done risk-analysis work for NASA, although not on the space shuttle.

Overcoming the communication barriers that occur in a complex system with responsibilities so spread out can be a considerable problem, he said.

The multiplication of procedures and regulations in such a system that are intended to ensure safety may sometimes let people become complacent in their seemingly small individual roles, Glaser said.

"The success of 24 (shuttle) launches may have led people into complacency. When too many people are involved in the review and approval of analyses, the individual importance that people attach to what they do may be lessened. They may think, `I'm just a cog in that big machine.' "

He added, however, that he thinks many media reports about the accident have been too negative and that NASA employees he knows are conscientious and dedicated.

Fischoff, who has studied the ways people can make unfairly harsh judgments in hindsight, voiced similar concerns. "Looking back, it looks like all eyes (in NASA) were on the O-rings, and all those eyes didn't see, heed or believe what they saw."

Neglecting how hard it can be for people in complex organizations to realize a problem is developing may mean the Challenger investigations assign blame too narrowly, he said, and overlook broader managerial and organizational problems that contributed.