Anda di halaman 1dari 19

F Techniques

Hazard Evaluation &


Risk Assessment

Process Safety Information

Technical data that is made available to


all personnel who are involved with
hazardous processes including :- Information on all chemicals, products and
byproducts
- Stream compositions
- Chemical and physical properties
- Process operating conditions
- Equipment details and functional description
- Physical operation and failure modes

F Techniques

Where would you


Expect to find
Process Safety
Information?

PSI Sources
MSDS information
COSHH in UK
Chemical inventories
Process flow diagrams
Relief Valve Calculations
P&IDs
Plot plans
Electrical line diagrams
Hazard zone diagrams
Operating procedures
Training records
Loss control reports
Shift logs

Reviewing P&IDs

Operating limits
Ability to isolate systems and equipment
Pressure relief points
Venting points
Flame arrester applications
Fail-safe responses
Ability to deal with loss of utilities
Purging connections
Flushing and cleaning connections

HAZARD
IDENTIFICATION

Risk Assessment Methodology


OPERATING
HAZARDS

EXTERNAL
HAZARDS

NATURAL
HAZARDS

HUMAN ERROR
HAZARDS

OTHER
HAZARDS?

SCENARIO DEVELOPMENT
DEVELOP
MITIGATION
MEASURES

LIKELIHOOD
ANALYSIS

CONSEQUENCE
ANALYSIS

RESIDUAL RISK
MANAGEMENT

YES

OPERATION

NO

FURTHER
RISK REDUCTION
REQUIRED
?

OTHER
CONSIDERATIONS

RISK
ANALYSIS

RISK ASSESSMENT
METHODOLOGY

BP Techniques

Hazard Identification
Techniques

Hazard Evaluation Methods


Hazard identification/evaluation may employ one of
several different methods:
Safety Review
Checklists
HAZID
What If ?
HAZOP
Failure Modes and Effects
Fault Tree Analysis
How would you decide what method to use?

Simple Hazard Evaluation Methods


Safety Review

Multi-discipline team brainstorming potential


safety issues

Checklists

Rely on predetermined lists of potential


hazards which are based on past experience

HAZID

A technique to identify possible hazards


typically used early project design

What-If Analysis
Structured brainstorming to identify and correct
possible deviations in a plan or design.
Multi-disciplined team
Process, Maintenance, Technical and Specialty
Personnel.
Information Requirements
PFDs, Control Logic, Equipment Data Sheets, Plot
plan, Alarm set points, Baseline process data.

What-If Analysis Key Features

Simple format
Easy to facilitate
Quick to execute
Highly flexible - creative brainstorming
Can be used at any stage of design, construction,
or operation of a system or process.
Useful in evaluating organizational MOC
BUT dependent on skilled and experienced
participants.

What-If Analysis - Questions


Questions describing an initiating cause:
- What if the control valve fails to close?
- What if the operator forgets to follow step 3?
Questions describing consequences/ high level concerns
- What if there is a fire?
- What if the vessel ruptures?
Each person on team must voice a concern as their
turn arises in rotation.

What-If Analysis

WHAT IF?

CAUSE
(WHY?)

SAFEGUARDS
(WHY NOT?)

CONSEQUENCES
(SO WHAT?)

STRATEGY
(THEN WHAT?)

What-If Analysis Scope of Deviations

Contamination
Wrong concentration
Leak/rupture
Misdirected flow
Sampling
Maintenance
Hoisting
Instrumentation
Control function
Corrosion /erosion

Isolation
No mixing
Stratification
Quality infraction
No flow
Restricted flow
Poor heat transfer
Service failure
Human error
Wrong material

What If? Exercise

Exercise #
Chemical Warehouse

What-If - Exercise
A propane heating system is used to heat a chemical
warehouse. Materials consist of several hundred
drums of aqueous ammonia, chlorinated
hydrocarbons, toluene and benzene. Products are
stored in steel drums on stacked wooden pallets.
The heating system contains two 500-gallons LPG
bullets, a small vaporizer, piping and 4 floor mounted
heating units.
Conduct a What If analysis using simple format.

What-If Exercise contd

What-If Exercise contd

What-If Exercise contd


WHAT IF?
Supply line freezes

Ice from roof falls


onto line and severs
it.

CAUSE

SAFEGUARDS

CONSEQUENCES

STRATEGY

(WHY?)

(WHY NOT?)

(SO WHAT?)

(THEN WHAT?)

Cold weather

Temperature
thaw

Electric tracing fails No warning or


indication

Line protected
inside building and
within fenced off
area. Still exposed
under roof.

Building cools down.


Potential explosion
hazard if line thaws
since pilots would be
out.

Install alarm on fuel


supply.
Install lockout system
on low pressure. Must
be manually re-set
before system is restarted.

Possible fire or
service interruption.

Install a mechanical
cover over the entire
length of gas supply
line. Ensure that roof
overhang cannot
discharge directly onto
gas supply equipment.

HAZOP

Hazard and Operability Study


Structured, systematic format for identifying
the consequences of process deviations.
Requires facilitation
Involves team brainstorming
Best used when design details are complete or
process is operating
BUT very dependent on skilled and experienced
participants.

HAZOP Method
Divide the process into nodes.
Describe intent of the node (flow, temp,
pressure)
Identify possible deviations (hi flow, low temp)
Identify causes (blocked valve, failed
instrument)
Develop consequences
List existing safeguards
Assign hazard ranking (optional)
Propose recommendations
Repeat for each node.

HAZOP Worksheet
Node:

Inlet piping

Parameter:

Flow

Drawing No.:

Deviation

Cause

Consequence

Safeguards

No flow

Downstream
valve CV-124
inadvertently
closed

Piping between
pump and CV124 will see
pump deadhead
pressure

Pipe rating is
sufficient for
deadhead
pressure

High flow

Upstream
valve CV-120
fails full open

Potential flooding LAH-135 on


of downstream
downstream
vessel and liquid vessel
carryover

12605-ABC
Recommenda By
tions
Who/When

Consider the
addition of a
flow alarm
downstream
of CV-120

J. Smith,
Engineering
November
2006

Failure Modes and Effects Analysis


Data analysis must consider:
Failure frequency
Cause of failure
Mean time between failures
Time to repair failure
Type of repairs
Follow-up to determine if repairs were
effective.

Equipment Failure Analysis


Risk analysis of mechanical equipment based on
system model.
Components and subcomponents identified.
Potential failures determined and consequences
quantified.
Failure rates estimated.
Composite system risk is function of individual
component risks.

Failure Mode & Effect Analysis Approach


NO. OF FAILURES
ITEM A
ITEM B
ITEM C
ITEM D
ITEM E

IMPACT OF FAILURE
M
M
H
M
L

ITEM C
ITEM A
ITEM D
ITEM N
ITEM Q

H
L
M
L
M

COMBINED IMPACT AND FREQUENCY


DETERMINES CRITICALITY AND PRIORITY.

Fault Tree Analysis


Involves the development of the causes of an
undesirable event, often a hazard.
The possibility of the event must be foreseen
before the fault tree can be constructed.
Helps reveal the possible causes of the hazard.
Extensively used in hazard assessment, but can
also help in hazard identification.

Fault Tree Analysis

Risk Assessment
Techniques

Risk Assessment Methods


Risk assessment may employ one of several
different methods:
Risk Matrix
LOPA
MAR
QRA
How would you decide what method to use?

10

Risk Matrix
Positive
Fundamental Risk-based Tool
Simple, graphical tool. Easy to communication.
Qualitative Uses ranges of severity and
likelihood
Variety of uses at different business levels
D

IMPAC
T

Negative
Multiple versions
Inconsistent scaling
Axes reversed

C
B
A

FREQUENCY

Risk Matrix
E

May need
to add
several
safeguards.

HIGH

CONSEQUENCE

LOW
A

Should
add at
least one
safeguard.

FREQUENCY

Must directly link to corporate risk practices

BP Risk Matrix (MAR)

11

Whiting Handrail 2003

BP Risk Matrix
Frequency Band - MAR
(<10-6/yr)

(10-6 to 10-5/yr)

(10-5
to 10-4/yr)
Frequency

(10-4 to 10-3/yr)

(<10-3/yr)

HSSE

MAR Severity Scale


Consequences

Re

c
du

sk
Ri

Frequency Band
(<10-3)

(10-3 to 10-1/yr)

focus
(>10-1/yr)

MIA
1

D
2

Texas City 2005

Tr@ction Severity Scale

PSM & IM
Standard
focus

Layer of Protection Analysis (LOPA)


Layer of protection analysis examines the various
failure paths in a system, assigns probabilities
and estimates a composite risk.
LOPA helps to understand how a system works
throughout its life cycle.
LOPA utilizes actual failure data to determine
the risk of an accident scenario.
LOPA helps establish the need for additional
safeguards.

LOPA Method
LOPA starts with an initiating event and examines
individual failure modes. How many failure
MECHANICAL
PSV
mechanisms are there?
INTERLOCK

Failure

BPCS/ALARM

EXPLOSION OF
LP SEPARATOR,
FIRE, SHRAPNEL

Initiating
event

LIQUID FEED TO HP
SEPARATOR STOPS
DUE TO UNIT SHUTDOWN

Success

Failure

12

LOPA Sequence
1.
2.
3.
4.
5.

Conduct system HAZOP.


Identify high consequences.
Establish accident scenario that results in high
consequence discount existing safeguards.
Identify initiating event and determine
associated frequency.
Identify IPLs and estimate failure-on-demand
for each.
Estimate the risk of the scenario by combining
consequence, initiating event and IPL data.

LOPA Process
Not all safeguards are IPLs but all IPLs are
safeguards.
IPL performs

Undesired consequence
prevented by IPL

Initiating event
IPL fails

Undesired consequence
occurs despite the
presence of IPL

Recognizing the existing safeguards that meet


the requirements of IPL is the heart of LOPA.

LOPA Application

SAFETY INTEGRITY LEVEL - SIS


SAFETY INTEGRITY
LEVEL *

PROBABILITY OF THE SYSTEM


FAILING ON DEMAND (PFD)

SIL-1

10-1 TO 10-2

SIL-2

10-2 TO 10-3

SIL-3

10-3 TO 10-4

* SIL performance can be improved by the addition of


redundancy, more frequent testing, use of diagnostic fault
detection, diverse sensors and control element selection.

13

LOPA Summary
LOPA should be used to validate the need for
additional layers of protection.
Proposed safeguards should be analyzed to
determine whether they will reduce the risk to an
acceptable level.
SIL rated instrumentation should only be used in
critical instances when the need is demonstrated.
SIL rated instruments must receive support and
discipline of the organization.

Quantitative Risk Assessment (QRA)

QRA is:
Very detailed and comprehensive
Takes much data, time, and resources
Quantitative (consequence impact and
frequency)
Allows objective decision making
Regulated, in some locations
Can illustrate risk reduction

QRA - Selective Use

Analysis of worst case scenarios


Total facility risk assessment
Large projects
Interpretation of major accident case
studies and statistics
Identification of best opportunities to
manage risk
Where cost of potential risk or mitigation
measures is significant

14

Quantitative Risk Assessment (QRA)


Risk = Consequence impact x frequency
Consequence impact (injuries/property
damage/environmental damage)
Radiation impact from fire
Vulnerability due to explosion overpressure
Vulnerability due to toxic exposure (acute exposure)
Environmental spill distances
Frequency
Hole/release size
Geometry
Wind direction and weather
Effectiveness of mitigation systems (ESD)

QRA Data Requirements


Process
Temperature, Pressure, Flows, Compositions
Inventory
Plot Plans
Mitigation equipment
Weather
Atmospheric Stability Class
Typical Wind Directions
Temperature, humidity
Population
Location
Number
Sensitive locations

Societal Risk fN curve

Frequency of N or more fatalities


per year = f

Numbers of people that may be killed simultaneously from accidents at one site
10-4

UNACCEPTABLE
10-5

10-6

10-7

RISK
REDUCTION
REQUIRED

ACCEPTABLE

Number of fatalities = N

15

Individual Risk
The risk that a
(hypothetical)
person will be
lethally injured due
to industrial activity
when this person
resides there 24
hours per day,
unprotected at the
same spot.

BP Major Accident Review (MAR)


Objective is to :
Provide a high level assessment of
major accident risk across the
whole company
Prioritise areas for remedial
measures and/or further
assessment
Support a process of continuous
reduction
Group Major Accident Risk (MAR) Process
(ETP GP 48-50)

BP Approach to Risk

16

MAR Approach
High level approach used exclusively by BPs
Senior Leadership
Screening tool to identify the highest levels
of Societal & Environmental Risk that the
BP Group is exposed to.
Reporting line is a high level of risk.
Continuous Risk Reduction IS REQUIRED
both above and below the line.

MAR Methodology
Identifies worst case scenarios in plant areas
Models consequences and
Impact on population
Frequencies based on historical industry and company
experience and reflect average design and operation
Does not reflect those cases where unit design is much
better or worse than average
Does not specifically cover operation of plant outside
reasonably anticipated parameters
Does not specifically examine transient or temporary
activities

MAR Process
Starts by identifying some, not all, risks on a
Hazard and Risk Register
Group Reporting Lines (onsite/offsite) are based
on company sustainability, regulatory precedents
and industry experience
Facilitates Continuous Risk Reduction

17

Remember this about MAR!


BULs must ensure that there is a valid MAR for their
facility and reviewed when:
New process units brought on stream
New major flammable/toxic inventories on site
Relocation of internal and external populations

Local Risk reduction decisions should only be


influenced by MAR if sanctioned by Senior
Leadership
If highest level of risks are below the Group Reporting
Line, locally initiated risk reduction measures should still
continue.

What MAR Is Not

MAR is not

a detailed Quantified Risk Assessment


a detailed examination of potential accident cause
a guarantee of conformance to the IM Standard
an exhaustive, all inclusive list of hazards/risks
a direct lead to mitigation measures (but likely an
identification of where further, more detailed risk
assessment is needed)

IM standard mostly
frequency reduction

IM & MAR Measures Impact on Risk

MAR measures mostly


consequence reduction

18

Continuous Risk Reduction (CRR)


Long term objective is to ensure that risks are
continuously reduced on a risk based priority
This means considering risk mitigation measures,
evaluating their impact, and making risk-based decisions.
Segments responsible for managing and measuring CRR
MAR studies to be reviewed:
whenever a change in MAR input data (hazards,
population)
at least every 5 yrs

Risk Management Summary


Significant risks identified
Comparison with risk criteria utilized
Objective basis for allocating resources
Risk controls in place for all high risks
Risks understood (Hazard and Risk Register)
Continuous Risk Reduction facilitated

19

Anda mungkin juga menyukai