F - Techniques

8/20/2019 F - Techniques

1/191

F – Techniques

Hazard Evaluation &

Risk Assessment

Process Safety InformationTechnical data that is made available to

all personnel who are involved with

hazardous processes including :-

- Information on all chemicals, products and

byproducts

- Stream compositions

- Chemical and physical properties- Process operating conditions

- Equipment details and functional description

- Physical operation and failure modes

F – Techniques

Where would you

Expect to find

Process Safety

Information?


2/192

PSI SourcesMSDS information

COSHH in UKChemical inventories

Process flow diagramsRelief Valve Calculations

P&ID’sPlot plans

Electrical line diagramsHazard zone diagramsOperating procedures

Training recordsLoss control reports

Shift logs

Reviewing P&ID’s

• Operating limits

• Ability to isolate systems and equipment

• Pressure relief points

• Venting points

• Flame arrester applications

• Fail-safe responses

• Ability to deal with loss of utilities

• Purging connections

• Flushing and cleaning connections

Risk Assessment Methodology

RISK ASSESSMENT

METHODOLOGY

HAZARD

IDENTIFICATION

OPERATING

HAZARDS

EXTERNAL

HAZARDS

NATURAL

HAZARDS

HUMAN ERROR

HAZARDS

SCENARIO DEVELOPMENT

CONSEQUENCE

ANALYSIS

LIKELIHOOD

ANALYSIS

FURTHER

RISK REDUCTIONREQUIRED

?

RISK

ANALYSISOPERATION

YES

DEVELOP

MITIGATION

MEASURES

NO

OTHER

CONSIDERATIONS

OTHER

HAZARDS?

RESIDUAL RISKMANAGEMENT


3/193

BP Techniques

Hazard Identification

Techniques

Hazard Evaluation Methods

Hazard identification/evaluation may employ one ofseveral different methods:

Safety Review

Checklists

HAZID

What If ?

HAZOP

Failure Modes and Effects

Fault Tree Analysis

How would you decide what method to use?


4/194

Simple Hazard Evaluation Methods

Safety Review– Multi-discipline team brainstorming potentialsafety issues

Checklists– Rely on predetermined lists of potentialhazards which are based on past experience

HAZID– A technique to identify possible hazardstypically used early project design

What-If Analysis

Structured brainstorming to identify and correctpossible deviations in a plan or design.

Multi-disciplined team

Process, Maintenance, Technical and SpecialtyPersonnel.

Information Requirements

PFD’s, Control Logic, Equipment Data Sheets, Plotplan, Alarm set points, Baseline process data.

What-If Analysis Key Features

• Simple format• Easy to facilitate• Quick to execute• Highly flexible - creative brainstorming• Can be used at any stage of design, construction,

or operation of a system or process.• Useful in evaluating organizational MOC• BUT dependent on skilled and experienced

participants.


5/195

What-If Analysis - Questions

Questions describing an initiating cause:- What if the control valve fails to close?- What if the operator forgets to follow step 3?

Each person on team must voice a concern as theirturn arises in rotation.

Questions describing consequences/ high level concern- What if there is a fire?- What if the vessel ruptures?

What-If Analysis

WHAT IF?STRATEGYCONSEQUENCESCAUSE SAFEGUARDS

(WHY?) (SO WHAT?) (THEN WHAT?)(WHY NOT?)

What-If Analysis – Scope of Deviations

• Contamination• Wrong concentration• Leak/rupture• Misdirected flow• Sampling• Maintenance• Hoisting• Instrumentation• Control function• Corrosion /erosion

• Isolation

• No mixing

• Stratification

• Quality infraction

• No flow

• Restricted flow

• Poor heat transfer

• Service failure

• Human error

• Wrong material


6/196

What If? Exercise

Exercise #

Chemical Warehouse

What-If - Exercise

A propane heating system is used to heat a chemicalwarehouse. Materials consist of several hundreddrums of aqueous ammonia, chlorinatedhydrocarbons, toluene and benzene. Products arestored in steel drums on stacked wooden pallets.

The heating system contains two 500-gallons LPGbullets, a small vaporizer, piping and 4 floor mountedheating units.

Conduct a “What If” analysis using simple format.

What-If – Exercise – cont’d


7/197

What-If Exercise – cont’d

What-If Exercise – cont’d

WHAT IF?STRATEGYCONSEQUENCESCAUSE SAFEGUARDS

(WHY?) (SO WHAT?) (THEN WHAT?)(WHY NOT?)

Suppl y l ine f reez es C ol d w ea ther E lect ri c t raci ng fa il s -No warning orindication

Building cools down.Potential explosionhazard if line thawssince pilots would beout.

Install alarm on fuelsupply.Install lockout systemon low pressure. Mustbe manually re-setbefore system is re-started.

Install a mechanicalcover over the entire

length of gas supplyline. Ensure that roofoverhang cannotdischarge directly ontogas supply equipment.

Ice from roof fallsonto line and severs

it.

Temperaturethaw

Line protectedinside building and

within fenced offarea. Still exposedunder roof.

Possible fire orservice interruption.

HAZOP

Hazard and Operability Study• Structured, systematic format for identifying

the consequences of process deviations.

• Requires facilitation

• Involves team brainstorming

• Best used when design details are complete orprocess is operating

• BUT very dependent on skilled and experiencedparticipants.


8/198

HAZOP Method

• Divide the process into nodes.• Describe intent of the node (flow, temp,pressure)

• Identify possible deviations (hi flow, low temp)

• Identify causes (blocked valve, failedinstrument)

• Develop consequences

• List existing safeguards

• Assign hazard ranking (optional)

• Propose recommendations

• Repeat for each node.

HAZOP Worksheet

J. Smith,

Engineering

November

2006

Consider the

addition of a

flow alarm

downstream

of CV-120

Pipe rating is

sufficient for

deadhead

pressure

LAH-135 on

downstreamvessel

Piping between

pump and CV-

124 will see

pump deadhead

pressure

Potential flooding

of downstreamvessel and liquidcarryover

Downstream

valve CV-124

inadvertently

closed

Upstreamvalve CV-120

fails full open

No flow

High flow

By

Who/When

Recommenda

tions

SafeguardsConsequenceCauseDeviation

No de: I nle t p ip in g P ar am et er : F lo w Dr aw in g N o. : 1 26 05- AB C

Failure Modes and Effects Analysis

Data analysis must consider:

• Failure frequency

• Cause of failure

• Mean time between failures

• Time to repair failure

• Type of repairs

• Follow-up to determine if repairs wereeffective.


9/199

Equipment Failure Analysis

• Risk analysis of mechanical equipment based onsystem model.

• Components and subcomponents identified.

• Potential failures determined and consequencesquantified.

• Failure rates estimated.

• Composite system risk is function of individualcomponent risks.

Failure Mode & Effect Analysis Approach

NO. OF FAILURES IMPACT OF FAILURE

ITEM A M ITEM CITEM B M ITEM A LITEM C ITEM D MITEM D M ITEM N L

ITEM E L ITEM Q M

COMBINED IMPACT AND FREQUENCYDETERMINES CRITICALITY AND PRIORITY.

H

H

Fault Tree Analysis

• Involves the development of the causes of anundesirable event, often a hazard.

• The possibility of the event must be foreseenbefore the fault tree can be constructed.

• Helps reveal the possible causes of the hazard.

• Extensively used in hazard assessment, but canalso help in hazard identification.


10/1910

Fault Tree Analysis

Risk Assessment

Techniques

Risk Assessment Methods

Risk assessment may employ one of severaldifferent methods:

Risk Matrix

LOPA

MAR

QRA

How would you decide what method to use?


11/1911

Risk Matrix

Positive– Fundamental Risk-based Tool– Simple, graphical tool. Easy to communication.– Qualitative – Uses ranges of severity and

likelihood– Variety of uses at different business levels

Negative– Multiple versions– Inconsistent scaling– Axes reversed

I M P A C

T

FREQUENCY1 2 3

A

B

C

D

A

B

C

D

E

1 2 3 4 5

C O N S E Q U E N C E

FREQUENCY

HIGH

LOW

Must directly link to corporate risk practices

May needto addseveralsafeguards.

Shouldadd atleast onesafeguard.

Risk Matrix

BP Risk Matrix (MAR)


12/1912

C o n s e q u e n c e s

Frequency

D

(10-5 to10-4/yr)

Frequency Band -MAR

(10-4 to10-3/yr) (


13/1913

LOPA Sequence

1. Conduct system HAZOP.Identify high consequences.

2. Establish accident scenario that results in highconsequence – discount existing safeguards.

3. Identify initiating event and determineassociated frequency.

4. Identify IPL’s and estimate failure-on-demandfor each.

5. Estimate the risk of the scenario by combiningconsequence, initiating event and IPL data.

LOPA Process

• Not all safeguards are IPL’s but all IPL’s aresafeguards.

Recognizing the existing safeguards that meetthe requirements of IPL is the heart of LOPA.

Initiating event

Undesired consequenceprevented by IPL

Undesired consequenceoccurs despite the

presence of IPL

IPL performs

IPL fails

LOPA Application

SAFETY INTEGRITY LEVEL - SISSAFETY INTEGRITY

LEVEL *

PROBABILITY OF THE SYSTEM

FAILING ON DEMAND (PFD)

SIL-1 10-1 TO 10-2

SIL-2 10-2 TO 10-3

SIL-3 10-3 TO 10-4

* SIL performance can be improved by the addition ofredundancy, more frequent testing, use of diagnostic faultdetection, diverse sensors and control element selection.


14/1914

LOPA Summary

• LOPA should be used to validate the need foradditional layers of protection.

• Proposed safeguards should be analyzed todetermine whether they will reduce the risk to anacceptable level.

• SIL rated instrumentation should only be used incritical instances when the need is demonstrated.

• SIL rated instruments must receive support anddiscipline of the organization.

Quantitative Risk Assessment (QRA)

QRA is:

• Very detailed and comprehensive

• Takes much data, time, and resources

• Quantitative (consequence impact andfrequency)

• Allows objective decision making

• Regulated, in some locations

• Can illustrate risk reduction

QRA - Selective Use

• Analysis of worst case scenarios

• Total facility risk assessment

• Large projects

• Interpretation of major accident casestudies and statistics

• Identification of best opportunities tomanage risk

• Where cost of potential risk or mitigationmeasures is significant


15/1915

Quantitative Risk Assessment (QRA)Risk = Consequence impact x frequency

– Consequence impact (injuries/propertydamage/environmental damage)

• Radiation impact from fire

• Vulnerability due to explosion overpressure

• Vulnerability due to toxic exposure (acute exposure)

• Environmental spill distances

– Frequency

• Hole/release size

• Geometry

• Wind direction and weather

• Effectiveness of mitigation systems (ESD)

QRA Data Requirements

• Process– Temperature, Pressure, Flows, Compositions– Inventory– Plot Plans– Mitigation equipment

• Weather– Atmospheric Stability Class– Typical Wind Directions

– Temperature, humidity• Population

– Location– Number– Sensitive locations

Societal Risk fN curve

10-4

Number of fatalities = N

Numbers of people that may be killed simultaneously from accidents at one site

F r e q u e n c y o f N o r m o r e f a t a l i t i e s

– p e r y e a r = f

10-5

10-6

10-7

UNACCEPTABLE

↑ACCEPTABLE

RISK

REDUCTION

REQUIRED


16/1916

Individual Risk

The risk that a(hypothetical)person will belethally injured dueto industrial activitywhen this personresides there 24hours per day,unprotected at thesame spot.

BP Major Accident Review (MAR)

Objective is to :

– Provide a high level assessment ofmajor accident risk across thewhole company

– Prioritise areas for remedialmeasures and/or further

assessment– Support a process of continuous

reductionGroup Major Accident Risk (MAR) Process

(ETP GP 48-50)

BP Approach to Risk


17/1917

MAR Approach

High level approach used exclusively by BP’sSenior Leadership

Screening tool to identify the highest levelsof Societal & Environmental Risk that theBP Group is exposed to.

Reporting line is a high level of risk.

Continuous Risk Reduction IS REQUIREDboth above and below the line.

MAR Methodology

• Identifies worst case scenarios in plant areas

• Models consequences and

• Impact on population

• Frequencies based on historical industry and companyexperience and reflect “average” design and operation

– Does not reflect those cases where unit design is muchbetter or worse than average

– Does not specifically cover operation of plant outsidereasonably anticipated parameters

– Does not specifically examine transient or temporaryactivities

MAR Process

• Starts by identifying some, not all, risks on a

Hazard and Risk Register

• Group Reporting Lines (onsite/offsite) are basedon company sustainability, regulatory precedentsand industry experience

• Facilitates Continuous Risk Reduction


18/1918

Remember this about MAR!

• BUL’s must ensure that there is a valid MAR for theirfacility and reviewed when:

• New process units brought on stream

• New major flammable/toxic inventories on site

• Relocation of internal and external populations

• Local Risk reduction decisions should only beinfluenced by MAR if sanctioned by SeniorLeadership– If highest level of risks are below the Group Reporting

Line, locally initiated risk reduction measures should stillcontinue.

What MAR Is Not

• MAR is not– a detailed Quantified Risk Assessment

– a detailed examination of potential accident cause

– a guarantee of conformance to the IM Standard

– an exhaustive, all inclusive list of hazards/risks

– a direct lead to mitigation measures (but likely an

identification of where further, more detailed riskassessment is needed)

IM & MAR Measures – Impact on Risk

I M s t a n d a r d – m o s t l y

f r e q u e n c y r e d u c t i o n

MAR measures –mostly

consequence reduction

I M s t a n d a r d – m o s t l y

f r e q u e n c y r e d u c t i o n

MAR measures –mostly

consequence reduction


19/19

Continuous Risk Reduction (CRR)

• Long term objective is to ensure that risks arecontinuously reduced on a risk based priority

– This means considering risk mitigation measures,evaluating their impact, and making risk-based decisions.

• Segments responsible for managing and measuring CRR

• MAR studies to be reviewed:

– whenever a change in MAR input data (hazards,population)

– at least every 5 yrs

Risk Management Summary

• Significant risks identified

• Comparison with risk criteria utilized

• Objective basis for allocating resources

• Risk controls in place for all high risks

• Risks understood (Hazard and Risk Register)

• Continuous Risk Reduction facilitated

F - Techniques

Documents

Transcript of F - Techniques