FTUI DTM

Major Hazard Facilities Risk Assessment

KI-KE

FTUI DTM

KI-KE

FTUI DTM

KI-KE

FTUI DTM

KI-KE

FTUI DTM

KI-KE

FTUI DTM

KI-KE

Hazard versus Risk

FTUI DTM

KI-KE

Risk Assessment Definition

Any analysis or investigation that contributes to understanding of any or all aspects of the risk of major accidents, including their: Causes Likelihood Consequences Means of control Risk evaluation

FTUI DTM

KI-KE

Approach
The MHF Regulations respond to this by requiring comprehensive and systematic identification and assessment of hazards HAZID and Risk Assessment must have participation by employees, as they have important knowledge to contribute together with important learnings These employees MAY BE the HSRs, but DO NOT HAVE TO BE However, the HSRs should be consulted in selection of appropriate participants in the process

MHF - Major Hazard Facility

HAZID - Hazard identification

HSR - Health and Safety Representative

FTUI DTM

KI-KE

Approach
Types of Risk Assessment Hazard Identification Qualitative Assessment

Detailed Studies Quantitative Risk Assessment Likelihood Analysis Plant Condition Analysis Asset Integrity Studies Consequence Analysis Human Factors Studies

Technology Studies
9

FTUI DTM

KI-KE

Causes
From the HAZID and MA evaluation process, pick an MA for evaluation From the hazard register, retrieve all the hazards that can lead to the MA being realised In a structured approach, list all of the controls currently in place to prevent each of the hazards that lead to the MA being realised Examine critically all of the controls currently in place designed to prevent the hazard being realised

MA - Major Accident

10

FTUI DTM

KI-KE

Causes...........
As an example, from hazard register, MA - A26

Ignition of materials (MA - A26)

11

FTUI DTM

KI-KE

Causes....
List all possible causes of the accident (identified during HAZID study)
Hazard Scenario 1

Hazard Scenario 2

Ignition of materials (MA - A26)

Hazard Scenario 3, etc

12

FTUI DTM

KI-KE

Causes.....
List all prevention controls for the accident (identified during HAZID study)
Hazard Scenario 1
Prevention control C1-1

Prevention control C1-2

Hazard Scenario 2

Prevention control C2-1

Ignition of materials (MA - A26)

Hazard Scenario 3, etc

Prevention control C3-1

13

FTUI DTM

KI-KE

Likelihood Assessment
Likelihood analysis can involve a range of approaches, depending on the organisations knowledge, data recording systems and culture This knowledge can range from: - In-house data - existing data recording systems and operational experience - Reviewing external information from failure rate data sources Both are valid, however, the use of in-house data can provide added value as it is reflective of the management approaches and systems in place
14

FTUI DTM

KI-KE

Likelihood Assessment...... A Likelihood is an expression of the chance of something happening in the future - e.g. Catastrophic vessel failure, one chance in a million per year (1 x 10-6/year) Frequency is similar to likelihood, but refers to historical data on actual occurrences

15

FTUI DTM

KI-KE

Likelihood Assessment..... Likelihood Analysis can use: Historical Site historical data Generic failure rate data Assessment Workshops (operators and maintenance personnel) Fault trees Event trees Assessment of human error

16

FTUI DTM

KI-KE

Likelihood Assessment Qualitative Approach

A qualitative approach can be used for assessment of likelihood This is based upon agreed scales for interpretation purposes and for ease of consistency For example, reducing orders of magnitude of occurrence It also avoids the sometimes more complicated issue of using frequency numbers, which can be difficult on occasions for people to interpret

17

FTUI DTM

KI-KE

Likelihood Assessment Qualitative Approach.....

Category A Likelihood Possibility of repeated events (once in 10 years) Possibility of isolated incidents (once in 100 years) Possibility of occurring sometimes (once in 1,000 years) Not likely to occur, (once in 10,000 years) Rare occurrence (once in 100,000 years)

D E

18

FTUI DTM

KI-KE

Likelihood Assessment Fault Trees

A fault tree is a graphical representation of the logical relationship between a particular system, accident or other undesired event, typically called the top event, and the primary cause events In a fault tree analysis the state of the system is to find and evaluate the mechanisms influencing a particular failure scenario

19

FTUI DTM

KI-KE

Likelihood Assessment Fault Trees A fault tree is constructed by defining a top event and then defining the cause events and the logical relations between these cause events This is based on: - Equipment failure rates - Design and operational error rates - Human errors - Analysis of design safety systems and their intended function
20

FTUI DTM

KI-KE

Likelihood Assessment Fault Trees Example

Process vessel over pressured
AND

Pressure rises

PSV does not relieve

OR

AND

Process pressure rises

Control fails high PSV too small

Fouling inlet or outlet

Set point too high PSV stuck closed

21

FTUI DTM

KI-KE

Likelihood Assessment Generic Failure Rate Data This information can be obtained from: - American Institute of Chemical Engineers Process Equipment Reliability Data - Loss Prevention in the Process Industries - E&P Forum - Health and Safety Executive data - and other published reports

22

FTUI DTM

KI-KE

Likelihood Assessment Human Error

Human error needs to be considered in any analysis of likelihood of failure scenarios The interaction between pending failure scenarios, actions to be taken by people and the success of those actions needs to be carefully evaluated in any safety assessment evaluation Some key issues of note include: Identifying particular issue Procedures developed for handling the issue Complexity of thought processing information required

23

FTUI DTM

KI-KE

Likelihood Assessment Human Error

Type of Behaviour Extraordinary errors: of the type difficult to conceive how they could occur: stress free, powerful cues initiating for success. Error in regularly performed, commonplace, simple tasks with minimum stress (e.g. Selection of a key-operated switch rather than a non keyoperated switch). Errors of omission where dependence is placed on situation cues and memory. Complex, unfamiliar task with little feedback and some distractions (e.g. failure to return manually operated test valve to proper configuration after maintenance). Highly complex task, considerable stress, little time to perform it e.g. during abnormal operating conditions, operator reaching for a switch to shut off an operating pump fails to realise from the indicator display that the switch is already in the desired state and merely changes the status of the switch. Error Probability 10-5 (1 in 100,000) 10-4 (1 in 10,000) 10-2 (1 in 100)

10-1 (1 in 10)

24

FTUI DTM

KI-KE

Likelihood Assessment Event Trees

Used to determine the likelihood of potential consequences after the hazard has been realised It starts with a particular event and then defines the possible consequences which could occur Each branching point on the tree represents a controlling point, incorporating the likelihood of success or failure, leading to specific scenarios Such scenarios could be: Fire Explosion Toxic gas cloud Information can then used to estimate the frequency of the outcome for each scenario

25

FTUI DTM

Likelihood Assessment Event Trees

Event tree example LPG Pipeline Release

KI-KE

26

FTUI DTM

KI-KE

Consequences
Most scenarios will involve at least one of the following outcomes: Loss of containment Reactive chemistry Injury/illness Facility reliability Community impacts Moving vehicle incidents Ineffective corrective action Failure to share learnings

27

FTUI DTM

KI-KE

Consequences Consequence evaluation estimates the potential effects of hazard scenarios The consequences can be evaluated with specific consequence modelling approaches These approaches include: - Physical events modelling (explosion, fire, toxic gas consequence modelling programs) - Occupied building impact assessment

28

FTUI DTM

KI-KE

Consequences - Qualitative Evaluation A qualitative evaluation is based upon a descriptive representation of the likely outcome for each event This requires selecting a specific category rating system that is consistent with corporate culture

29

FTUI DTM

KI-KE

Consequences - Qualitative Descriptors Example

Consequence descriptors Health and Safety Values Insignificant A near miss, first aid injury Minor One or more lost time injuries No or low impact Moderate One or more significant lost time injuries Medium impact Release within facility boundary Loss from $50,000 to $1M Major One or more fatalities Medium impact outside the facility boundary Loss from $1M to $10M Catastrophic Significant number of fatalities Major impact event

Environmental Values

No impact

Financial Loss Exposures

Loss below $5,000

Loss $5,000 to $50,000

Loss above $10M

30

FTUI DTM

KI-KE

Consequences Quantitative Evaluation Consequence analysis estimates the potential effects of scenarios Tools include: - Potential consequences (event tree) - Physical events modelling (explosion, fire and/or gas dispersion consequence modelling programs) - Load resistance factor design (building design)

31

FTUI DTM

KI-KE

Consequences - Qualitative Evaluation Example

Example: Impact of Explosions

Explosion Overpressure (kPa) 7 (1 psi)

Effects Results in damage to internal partitions and joinery but can be repaired. Reinforced structures distort, storage tanks fail. Wagons and plant items overturned, threshold of eardrum damage. Complete demolition of houses, threshold of lung damage.

21 (3 psi) 35 (5 psi) 70 (10 psi)

Note: Calculations can be undertaken to determine probability of serious injury and fatality

32

FTUI DTM

KI-KE

Consequences - Qualitative Evaluation Example

Example - Overpressure Contour - impact on facility buildings

Release scenario location

35 kPa 21 kPa 14 kPa 7 kPa

33

FTUI DTM

KI-KE

Risk Evaluation
Risk evaluation can be undertaken using qualitative and/or quantitative approaches Risk comprises two categories - frequency and consequence Qualitative methodologies that can be used are - Risk matrix - Risk nomograms Semi quantitative techniques - Layers of protection analysis - Risk matrix Quantitative - quantitative techniques
34

FTUI DTM

KI-KE

Risk Assessment - What Type?

Qualitative Assessment
Simple, subjective, low resolution, high uncertainty, low cost

SemiQuantitative Assessment
Detailed, objective, high resolution, low uncertainty, increasing cost

Quantitative Assessment
35

FTUI DTM

KI-KE

Risk Assessment Issues For Consideration Greater assessment detail provides more quantitative information and supports decision-making Strike a balance between increasing cost of assessment and reducing uncertainty in understanding Pick methods that reflect the nature of the risk, and the decision options Stop once all decision options are differentiated and the required information compiled Significant differences of opinion regarding the nature of the risk or the control regime indicate that further assessment is needed
36

FTUI DTM

KI-KE

Risk Assessment - Qualitative

Qualitative risk assessment can be undertaken using the following - Risk nomogram - Risk matrix Both approaches are valid and the selection will depend upon the company and its culture

Risk Assessment - Risk Nomogram

A nomogram is a graphical device designed to allow approximate calculation Its accuracy is limited by the precision with which physical markings can be drawn, reproduced, viewed and aligned Nomograms are usually designed to perform a specific calculation, with tables of values effectively built into the construction of the scales

37

FTUI DTM

KI-KE

Most nomograms are used in situations where an approximate answer is appropriate and useful

Enhancing Occupational Safety and Health

Geoff Taylor, Kellie Easter and Roy Hegney, Elsevier Butterworth-Heinemann, 2004

38

FTUI DTM

KI-KE

Enhancing Occupational Safety and Health

Geoff Taylor, Kellie Easter and Roy Hegney, Elsevier Butterworth-Heinemann, 2004

39

FTUI DTM

KI-KE

Risk Assessment - Risk Nomogram

Advantages and Disadvantages Accuracy is limited Designed to perform a specific calculation Cannot easily denote different hazards leading to an MA Typically not used by MHFs

40

FTUI DTM

KI-KE

Risk Assessment - Risk Matrix

Hazards can be allocated a qualitative risk ranking in terms of estimated likelihood and consequence and then displayed on a risk matrix Consequence information has already been discussed, hence, information from this part of the assessment can be used effectively in a risk matrix Risk matrices can be constructed in a number of formats, such as 5x5, 7x7, 4x5, etc Often facilities may have a risk matrix for other risk assessments (eg Task analysis)
41

FTUI DTM

KI-KE

Risk Assessment - Risk Matrix Results can be easily presented - In tabular format for all MAs - Within a risk matrix Such processes can illustrate major risk contributors, aid the risk assessment and demonstration of adequacy Care needs to be taken to ensure categories are consistently used and there are no anomalies Australian/New Zealand Standard, AS4360, Risk Management 1999, provides additional information on risk matrices
42

FTUI DTM

KI-KE

Risk Assessment - Risk Matrix

Consequences
Insignificant 1 Health and Safety Values Environmental Values Financial Loss Exposures
A Possibility of repeated events, (1 x 10-1 per year)
A near miss, First Aid Injury (FAI) or one or more Medical Treatment Injuries (MTI)

Minor 2
One or more Lost Time Injuries (LTI)

Moderate 3
One or more significant Lost Time Injuries (LTI)

Major 4
One or more fatalities

Catastrophic 5
Significant number of fatalities

No impact

No or low impact Loss $5,000 to $50,000

Loss below $5,000

Medium impact. Release within facility boundary Loss from $50,000 to $1,000,000

Medium impact Major impact outside the facility event boundary Loss from $1,000,000 to $10,000,000 Loss of above $10,000,000

Significant Risk Moderate Risk

Significant Risk Significant Risk Moderate Risk Low Risk Low Risk

High Risk Significant Risk

High Risk High Risk

High Risk High Risk

Likelihood

B Possibility of isolated incidents, (1 x 10-2 per year) C Possibility of occurring sometimes, (1 x 10-3 per year) D Not likely to occur, (1 x 10-4 per year) E Rare occurrence, (1 x 10-5 per year)

Low Risk Low Risk Low Risk

Significant Risk Moderate Risk Moderate Risk

High Risk Significant Risk Significant Risk

High Risk High Risk Significant Risk

43

FTUI DTM

KI-KE

Risk Assessment - Risk Matrix Advantages If used well, a risk matrix will: Identify event outcomes that should be prioritised or grouped for further investigation Provides a good graphical portrayal of risks across a facility Help to identify areas for risk reduction Provide a quick and relatively inexpensive risk analysis Enable more detailed analysis to be focused on high risk areas (proportionate analysis)
44

FTUI DTM

KI-KE

Risk Assessment - Risk Matrix Disadvantages Scale is always a limitation regarding frequency reduction - it does not provide an accurate reduction ranking Cumulative issues and evaluations are difficult to show in a transparent manner There can be a strong tendency to try and provide a greater level of accuracy than what is capable

45

FTUI DTM

KI-KE

Risk Assessment Semi-Quantitative Approach One tool is a Layer of Protection Analysis approach (LOPA) It is a simplified form of risk evaluation The primary purpose of LOPA is to determine if there are sufficient layers of protection against a hazard scenario It needs to focus on: Causes of hazards occurring Controls needed to minimise the potential for hazards occurring If the hazards do occur, what mitigation is needed to minimise the consequences
46

FTUI DTM

KI-KE

Risk Assessment - Semi-Quantitative Approach (LOPA)

Diagrammatic Representation - LOPA

Analysing the safety measures and controls that are between an uncontrolled release and the worst potential consequence

47

FTUI DTM

KI-KE

Risk Assessment - Semi-Quantitative Approach (LOPA)

The information for assessment can be presented as a bow-tie diagram

Preventative Controls

Mitigative Controls

Causes

MA

Hazards

Controls

Controls

Consequences
48

Outcomes

FTUI DTM

KI-KE

Risk Assessment - Semi-Quantitative Approach (LOPA) Advantages and Disadvantages Risk evaluation can be undertaken using a bow-tie approach A procedural format needs to be developed by the company to ensure consistency of use across all evaluations External review (to the safety report team) should be considered for consistency and feedback Correct personnel are needed to ensure the most applicable information is applied to the evaluation approach
49

FTUI DTM

KI-KE

Risk Assessment - Quantitative

Quantitative assessments can be undertaken for specific types of facilities This is a tool that requires expert knowledge on the technique and has the following aspects: It is very detailed High focus on objective Detailed process evaluations Requires a high level of information input Provides a high output resolution Reduces uncertainty Frequency component can be questionable as generic failure rate data is generally used Provides understanding on the high risk contributors from a facility being evaluated
50

FTUI DTM

KI-KE

Risk Assessment - Quantitative

Typical result output from such an assessment is individual risk contours

Ra c e co urs e

Ho spi t al

Sch oo l

Sc h ool Ligh t Rai l Res erve To wn Cen te r Re s id e ntu al Spo r t s Comp le x

Example shown is for land use planning

10-5

106

10 7

10 -6

51

FTUI DTM

KI-KE

Risk Assessment - Quantitative

Time consuming Expensive Expert knowledge is required Not suitable for every MHF site Process upsets (such as a runaway reaction) cannot be easily modelled as an initiating event using standard equipment part counts - incorporation of fault tree analysis required Use of generic failure rate data has limitations and does not take into consideration a specific companys equipment and management system strategies

52

FTUI DTM

KI-KE

Sources of Additional Information

The following are a few sources of information covering risk assessment Hazard and Operability Studies (HAZOP Studies), IEC 61882, Edition 1.0, 2001-05 Functional Safety Safety Instrumented Systems for the Process Industry Sector, IEC 61511, 2004-11 Fault Tree Analysis, IEC 61025, 1990-10 Hydrocarbon Leak and Ignition Data Base, E&P Forum, February 1992 N658 Guidelines for Process Equipment Reliability Data, Center for Chemical Process Safety of the American Institute of Chemical Engineers, 1989

53

FTUI DTM

KI-KE

Sources of Additional Information

Offshore Hydrocarbon Release Statistics, Offshore Technology Report OTO 97 950, UK Health and Safety Executive,
December 1997

Loss Prevention in the Process Industries , Lees F. P., 2nd

Edition, Butterworth Heinemann

Layer of Protection Analysis, Simplified Process Risk Assessment,

Center for Chemical Process Safety of the American Institute of Chemical Engineers, 2001 Nomogram, Wikipedia, the free encyclopaedia

54

FTUI DTM

KI-KE

Example LOPA Assessment Spreadsheet Format

Cause

Hazard

Independent Preventative Protection Layers

Mitigative Protection Layers Pressure safety valve opens on high pressure

Loss of cooling tower water to conden ser once every 10 years

Catastrophic rupture of distillation column with shrapnel, toxic release

Columns condenser, reboiler and piping maximum allowable working pressures are greater than maximum possible pressure from steam reboiler

Logic in BPCS trips steam flow valve and steam RCV on high pressure or high temperature . No credit since not independent of SIS.

High column pressure and temperature alarms can alert operator to shut off the steam to the reboiler (manual valve)

Logic in BPCS trips stream flow valve and steam RCV on high pressure or high temperatur e (dual sensors separate from DCS).

55

FTUI DTM

Example Example Bowtie Assessment System Format

KI-KE

56