Major Hazard Facilities - Major accident identification
Download
Report
Transcript Major Hazard Facilities - Major accident identification
Major Hazard Facilities
Major Accident Identification and
Risk Assessment
Overview
•
This seminar has been developed in the context of the MHF
regulations to provide:
–
–
–
–
–
An overview of MA identification and risk assessment
The steps required for MA recording
Examples of major accidents identified
The steps required for a risk assessment
Examples of risk assessment formats
2
Some Abbreviations and Terms
•
•
•
•
•
•
•
•
•
•
•
•
•
AFAP - As far as (reasonably) practicable
BLEVE – Boiling liquid expanding vapour explosion
BPCS – Basic process control system
DG - Dangerous goods
Employer - Employer who has management control of the
facility
Facility - any building or structure which is classified as an
MHF under the regulations
HAZID - Hazard identification
HSR - Health and safety representative
LOC - Loss of containment
LOPA – Layers of protection analysis
MHF - Major hazard facility
MA - Major accident
SIS – Safety instrumented system
3
Topics Covered In This Presentation
•
•
•
•
•
•
Regulations
Definition - Major accident (MA)
MA identification issues
Approaches to MA identification
MA recording
Pitfalls
4
Topics Covered In This Presentation
•
•
•
•
•
•
•
•
•
Definition of a risk assessment
Approaches
Risk assessment
Likelihood assessment
Consequences
Risk evaluation and assessment
Summary
Sources of additional information
Review and revision
5
Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
•
•
•
•
•
•
•
Hazard identification (R9.43)
Risk assessment (R9.44)
Risk control (i.e. control measures) (R9.45, S9A 210)
Safety Management System (R9.46)
Safety report (R9.47, S9A 212, 213)
Emergency plan (R9.53)
Consultation
6
Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.43 (Hazard identification) states:
The employer must identify, in consultation with employees,
contractors (as far as is practicable) and HSRs:
a) All reasonably foreseeable hazards at the MHF that may
cause a major accident; and
b) The kinds of major accidents that may occur at the MHF,
the likelihood of a major accident occurring and the likely
consequences of a major accident.
7
Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.44 (Risk assessment) states:
If a hazard or kind of major accident at the MHF is identified
under regulation 9.43, the employer must ensure that any
risks associated with the hazard or major accident are
assessed, in consultation with employees, contractors (as far
as is practicable) and HSRs.
The employer must ensure that the risk assessment is reviewed:
a) Within 5 years after the assessment is carried out, and
afterwards at intervals of not more than 5 years; and
b) Before a modification is made to the MHF that may
significantly change a risk identified under regulation 9.43;
and
c) When developments in technical knowledge or the
assessment of hazards and risks may affect the method at
the MHF for assessing hazards and risks; and
d) If a major accident occurs at the MHF.
8
Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.45 (Risk control) states:
The employer must, in consultation with employees, contractors
(as far as is practicable) and HSRs, ensure that any risk
associated with a hazard at the MHF is:
a) eliminated; or
b) If it is not practicable to eliminate the risk – reduced as far
as practicable.
The employer must:
a) Implement measures at the MHF to minimise the likelihood of
a major accident occurring; and
b) Implement measures to limit the consequences of a major
accident if it occurs; and
c) Protect relevant persons, an at-risk community, and the built
and natural environment surrounding the MHF, by
establishing an emergency plan and procedures in
accordance with regulation 9.53.
9
Definition
Major Accident
A major accident is defined in the Regulations as:
A sudden occurrence at the facility causing serious danger or
harm to:
–
–
–
–
A relevant person or
An at-risk community or
Property or
The environment
whether the danger or harm occurs immediately or
at a later time
10
MA Identification Issues
•
•
•
Unless ALL possible MAs are identified then causal and
contributory hazards may be overlooked and risks will not be
accurately assessed
Likewise, controls cannot be identified and assessed
Identification of MAs must assume control measures are
absent/unavailable/not functional
That is:
WHAT COULD HAPPEN IF CONTROL MEASURES WERE
NOT APPLIED AND MAINTAINED ?
11
MA Identification Issues
MAs can be identified in three different areas
These are:
• Process MAs
• MAs arising from concurrent activities
• Non-process MAs
12
MA Identification Issues
Process MAs
• These are MAs caused by hazards which are associated with
upsets in the process, or failure of equipment in the process,
etc
MAs arising from concurrent activities
• Typical concurrent operations which must be considered are:
-
Major shutdowns/start ups
Other activity on site
Activities adjacent to the facility
13
MA Identification Issues
Non-Process MAs
•
•
MAs created by non-process hazards that could cause release
of Schedule 9 materials
Non-process hazards may typically include the following:
aircraft crashing; dropped objects; extreme environmental
conditions (earthquake, cyclone, high winds, lightning); nonprocess fires (e.g. bush fire); vehicles and road transport;
heat stress
14
MA Identification Issues
•
Collate appropriate
–
–
•
Facility information
Incident data/histories
To ensure a thorough understanding of :
–
–
–
–
The nature of the facility
Its environment
Its materials
Its processes
15
MA Identification Issues
•
Develop/select a structured method for determining what types
of MA can occur:
–
–
–
–
–
–
•
Loss of containment
Fire
Explosion
Release of stored energy
Where they can occur
Under what circumstances
Define and document any restrictions applied to the above
16
MA Identification – Tools Usage
Examples of tools which might be used include:
•
•
•
•
Analysis of Schedule 9 materials and DG properties
Use of HAZID techniques
Review of existing hazard identification or risk assessment
studies
Analysis of incident history – local, industry, company and
applicable global experience
17
Approach to MA Identification
•
•
It may be efficient to treat similar equipment items handling
the same Schedule 9 materials together - as often they have
similar hazards and controls
Further, to ensure correct mitigation analysis, the equipment
grouped together should contain similar materials at similar
process conditions, resulting in similar consequences on release
18
Approach to MA Identification
•
•
•
For consistency of analysis, all MAs should be defined in terms
of an initial energy release event
This can be characterised as a loss of control of the Schedule 9
material
As an example, in the case of a hydrocarbon release from one
vessel leading to a jet fire that subsequently causes a BLEVE in
a second vessel, the MA should be defined in terms of the initial
hydrocarbon release from the first vessel
19
Approach to MA Identification
•
•
•
•
Review HAZID studies to identify initiating events for each MA
Review to ensure all hazards have been identified
Special checklists should be developed to assist with this
process
Further hazards may be identified from:
Discussions with appropriate subject experts
Review of incident data
Review of the records from a similar system
20
MA Recording
•
•
•
A structured approach is important
It can then link equipment management strategies and systems
Record the key outputs in a register
For each MA, the register should record the following information:
• Equipment that comprises the MA
• Group similar items into one MA
• Description
• Consequences
21
MA Recording
•
•
•
Consider all Schedule 9 materials - regardless of quantity
Screen out incidents that do not pose a serious danger or
harm to personnel, the community, the environment or
property
Screening should only be on the basis of consequence not
likelihood
–
–
•
i.e. Events should not be screened out on the basis of
likelihood or control measures being active
Consequence modelling should be used as justification for
screening decisions
External influences need to be considered, for example,
potential for a power failure to cause a plant upset leading to
an MA
22
Example – MA Recording
The following are examples of MA recording details
MA Reference
No.
MA Description
Equipment Included
LPG-PU2300110
LOC - pumps
LPG transfer pumps
(P254/A)
TKF-SA10
LOC – finished
flammable product
release from tank
farm
Flammable storage
tanks A202, A205,A206,
B21, C55
A26
Ignition of material
Extruders E21/E22/D54
23
Major Hazard Facilities
Risk Assessment
What is Risk?
• Regulatory definition (per Part 20 of the Occupational
Health and Safety (Safety Standards) Regulations 1994) :
“Risk means the probability and consequences of occurrence
of injury or illness”
• AS/NZS 4360 (Risk Management Standard)
“the chance of something happening that will have an impact
on objectives”
• Risk combines the consequence and the likelihood
RISK = CONSEQUENCE x LIKELIHOOD
25
Hazard versus Risk
26
Risk Assessment Definition
•
Any analysis or investigation that contributes to
understanding of any or all aspects of the risk of major
accidents, including their:
–
–
–
–
–
Causes
Likelihood
Consequences
Means of control
Risk evaluation
27
The Risk Assessment Should…
•
•
Ensure a comprehensive and detailed understanding of all
aspects for all major accidents and their causes
Be a component of the demonstration of adequacy required
in the safety report - e.g. by evaluating the effects of a
range of control measures and provide a basis for
selection/rejection of measures
28
Approach
•
The MHF Regulations respond to this by requiring
comprehensive and systematic identification and assessment of
hazards
•
HAZID and Risk Assessment must have participation by
employees, as they have important knowledge to contribute
together with important learnings
•
These employees MAY BE the HSRs, but DO NOT HAVE TO BE
•
However, the HSRs should be consulted in selection of
appropriate participants in the process
29
Approach
Types of Risk Assessment
Hazard
Identification
Qualitative
Assessment
Detailed Studies
Quantitative Risk Assessment
Asset Integrity Studies
Likelihood Analysis
Consequence Analysis
Plant Condition Analysis
Human Factors Studies
Technology Studies
30
Causes
•
•
•
•
From the HAZID and MA evaluation process, pick an MA for
evaluation
From the hazard register, retrieve all the hazards that can lead
to the MA being realised
In a structured approach, list all of the controls currently in
place to prevent each of the hazards that lead to the MA being
realised
Examine critically all of the controls currently in place designed
to prevent the hazard being realised
31
Causes
•
As an example, from hazard register, MA - A26
Ignition of
materials
(MA - A26)
32
Causes
List all possible causes of the accident (identified during
HAZID study)
Hazard
Scenario
1
Hazard
Scenario
2
Ignition of
materials
(MA - A26)
Hazard
Scenario
3, etc
33
Causes
List all prevention controls for the accident (identified during
HAZID study)
Hazard
Scenario
1
Hazard
Scenario
2
Hazard
Scenario
3, etc
Prevention
control
C1-1
Prevention
control
C2-1
Prevention
control
C1-2
Ignition of
materials
(MA - A26)
Prevention
control
C3-1
34
Likelihood Assessment
•
•
Likelihood analysis can involve a range of approaches,
depending on the organisation’s knowledge, data recording
systems and culture
This knowledge can range from:
-
•
In-house data - existing data recording systems and operational
experience
Reviewing external information from failure rate data sources
Both are valid, however, the use of in-house data can provide
added value as it is reflective of the management approaches
and systems in place
35
Likelihood Assessment
•
•
A “Likelihood” is an expression of the chance of something
happening in the future - e.g. Catastrophic vessel failure, one
chance in a million per year (1 x 10-6/year)
“Frequency” is similar to likelihood, but refers to historical
data on actual occurrences
36
Likelihood Assessment
Likelihood Analysis can use:
•
•
Historical
–
Site historical data
–
Generic failure rate data
Assessment
–
–
–
Workshops (operators and maintenance personnel)
Fault trees
Event trees
–
Assessment of human error
37
Likelihood Assessment – Qualitative Approach
•
•
A qualitative approach can be used for assessment of
likelihood
This is based upon agreed scales for interpretation purposes
and for ease of consistency
–
•
For example, reducing orders of magnitude of occurrence
It also avoids the sometimes more complicated issue of
using frequency numbers, which can be difficult on
occasions for people to interpret
38
Likelihood Assessment – Qualitative Approach
Category
Likelihood
A
Possibility of repeated
events
(once in 10 years)
B
Possibility of isolated
incidents
(once in 100 years)
C
Possibility of occurring
sometimes
(once in 1,000 years)
D
Not likely to occur,
(once in 10,000 years)
E
Rare occurrence
(once in 100,000 years)
39
Likelihood Assessment – Fault Trees
•
•
A fault tree is a graphical representation of the logical
relationship between a particular system, accident or other
undesired event, typically called the top event, and the
primary cause events
In a fault tree analysis the state of the system is to find and
evaluate the mechanisms influencing a particular failure
scenario
40
Likelihood Assessment – Fault Trees
•
•
A fault tree is constructed by defining a top event and then
defining the cause events and the logical relations between
these cause events
This is based on:
-
Equipment failure rates
Design and operational error rates
Human errors
Analysis of design safety systems and their intended function
41
Likelihood Assessment – Fault Trees Example
Process
vessel over
pressured
AND
Pressure
rises
PSV does not
relieve
AND
Process
pressure
rises
OR
Control
fails high
Fouling inlet
or outlet
PSV too
small
Set point
too high
PSV stuck
closed
42
Likelihood Assessment – Generic Failure Rate Data
•
This information can be obtained from:
-
American Institute of Chemical Engineers Process Equipment
Reliability Data
Loss Prevention in the Process Industries
E&P Forum
UK Health and Safety Executive data
and other published reports
(Refer to Sources of Additional Information slides for references)
43
Likelihood Assessment – Human Error
•
•
•
Human error needs to be considered in any analysis of
likelihood of failure scenarios
The interaction between pending failure scenarios, actions to
be taken by people and the success of those actions needs to
be carefully evaluated in any safety assessment evaluation
Some key issues of note include:
–
–
–
Identifying particular issue
Procedures developed for handling the issue
Complexity of thought processing information required
44
Likelihood Assessment – Human Error
Type of Behaviour
Error
Probability
Extraordinary errors: of the type difficult to conceive how they could occur:
stress free, powerful cues initiating for success.
10-5
(1 in
100,000)
Error in regularly performed, commonplace, simple tasks with minimum
stress (e.g. Selection of a key-operated switch rather than a non keyoperated switch).
10-4
(1 in
10,000)
Errors of omission where dependence is placed on situation cues and
memory. Complex, unfamiliar task with little feedback and some distractions
(e.g. failure to return manually operated test valve to proper configuration
after maintenance).
10-2
(1 in 100)
Highly complex task, considerable stress, little time to perform it e.g. during
abnormal operating conditions, operator reaching for a switch to shut off an
operating pump fails to realise from the indicator display that the switch is
already in the desired state and merely changes the status of the switch.
10-1
(1 in 10)
45
Likelihood Assessment – Event Trees
•
•
•
•
Used to determine the likelihood of potential consequences
after the hazard has been realised
It starts with a particular event and then defines the possible
consequences which could occur
Each branching point on the tree represents a controlling
point, incorporating the likelihood of success or failure, leading
to specific scenarios
Such scenarios could be:
–
–
–
•
Fire
Explosion
Toxic gas cloud
Information can then used to estimate the frequency of the
outcome for each scenario
46
Likelihood Assessment – Event Trees
Event tree example – LPG Pipeline Release
47
Consequences
•
Most scenarios will involve at
least one of the following
outcomes:
–
–
–
–
–
–
–
–
Loss of containment
Reactive chemistry
Injury/illness
Facility reliability
Community impacts
Moving vehicle incidents
Ineffective corrective action
Failure to share learnings
48
Consequences
•
•
•
Consequence evaluation estimates the potential effects of
hazard scenarios
The consequences can be evaluated with specific consequence
modelling approaches
These approaches include:
-
Physical events modelling (explosion, fire, toxic gas consequence
modelling programs)
Occupied building impact assessment
49
Consequences - Qualitative Evaluation
• A qualitative evaluation is based upon a descriptive
representation of the likely outcome for each event
• This requires selecting a specific category rating system that is
consistent with corporate culture
50
Consequences - Qualitative Descriptors Example
Consequence
descriptors
Insignificant
Minor
Moderate
Major
Catastrophic
Health and
Safety Values
A near miss,
first aid injury
One or
more lost
time
injuries
One or more
significant lost
time injuries
One or
more
fatalities
Significant
number of
fatalities
Environmental
Values
No impact
No or low
impact
Medium impact
Release within
facility
boundary
Medium
impact
outside
the facility
boundary
Major impact
event
Financial Loss
Exposures
Loss below
$5,000
Loss
$5,000 to
$50,000
Loss from
$50,000 to $1M
Loss from
$1M to
$10M
Loss above
$10M
51
Consequences – Quantitative Evaluation
•
•
Consequence analysis estimates the potential effects of
scenarios
Tools include:
-
Potential consequences (event tree)
Physical events modelling (explosion, fire and/or gas dispersion
consequence modelling programs)
Load resistance factor design (building design)
52
Consequences - Qualitative Evaluation Example
Example: Impact of Explosions
Explosion Overpressure
(kPa)
7 (1 psi)
Effects
Results in damage to internal
partitions and joinery but can be
repaired.
21 (3 psi)
Reinforced structures distort,
storage tanks fail.
35 (5 psi)
Wagons and plant items overturned,
threshold of eardrum damage.
70 (10 psi)
Complete demolition of houses,
threshold of lung damage.
Note: Calculations can be undertaken to determine probability of serious injury and fatality
53
Consequences - Qualitative Evaluation Example
Example - Overpressure Contour - impact on facility buildings
Release scenario location
35 kPa
21 kPa
14 kPa
7 kPa
54
Risk Evaluation
•
•
•
Risk evaluation can be undertaken using qualitative and/or
quantitative approaches
Risk comprises two categories - frequency and consequence
Qualitative methodologies that can be used are
-
•
Semi – quantitative techniques
-
•
Risk matrix
Risk nomograms
Layers of protection analysis
Risk matrix
Quantitative - quantitative techniques
55
Risk Assessment - What Type?
Qualitative
Assessment
Simple, subjective, low
resolution, high uncertainty,
low cost
SemiQuantitative
Assessment
Detailed, objective, high resolution,
low uncertainty, increasing cost
Quantitative
Assessment
56
Risk Assessment – Issues For Consideration
•
•
•
Greater assessment detail provides more quantitative information
and supports decision-making
Strike a balance between increasing cost of assessment and
reducing uncertainty in understanding
Pick methods that reflect the nature of the risk, and the decision
options
57
Risk Assessment – Issues For Consideration
•
•
Stop once all decision options are differentiated and the
required information compiled
Significant differences of opinion regarding the nature of the
risk or the control regime indicate that further assessment is
needed
58
Risk Assessment - Qualitative
•
Qualitative risk assessment can be undertaken using the
following
-
•
Risk nomogram
Risk matrix
Both approaches are valid and the selection will depend upon
the company and its culture
59
Risk Assessment - Risk Nomogram
•
•
•
A nomogram is a graphical device designed to allow
approximate calculation
Its accuracy is limited by the precision with which physical
markings can be drawn, reproduced, viewed and aligned
Nomograms are usually designed to perform a specific
calculation, with tables of values effectively built into the
construction of the scales
60
Risk Assessment - Risk Nomogram
LIKELIHOOD
Might well be
EXPOSURE
Expected at Sometime
POSSIBLE
CONSEQUENCES
Very Rare,
Yearly or Less
Catastrophe
Many Fatalities
>$100M Damage
Rare
Few per year
Disaster
Multiple Fatalities
>$10M Damage
Quite Possible
Could Happen
Remotely
Possible
Conceivable but
Very Unlikely
Unusual
Once per Month
Frequent
Daily
Continuous
Practically
Impossible
Very Serious
Fatality
>$1M Damage
Serious
Serious Injury
>$100k Damage
Occasional
Once per Week
TIE LINE
Unusual but
Possible
500
400
Very High Risk
Consider
Discontinuing
Operation
300
200
100
High Risk
Immediate
Correction
Required
80
60
40
Most nomograms
are used in
situations where
an approximate
answer is
appropriate and
useful
Substantial
Risk
Correction
Required
Risk must be
Reduced
SFARP
Important
Disability
>$10k Damage
20
Noticeable
Minor Injury / First Aid
10
>$1k Damage
Risk
Acceptable if
Reduced SFARP
0
61
Risk Assessment - Risk Nomogram
Advantages and Disadvantages
•
•
•
•
Accuracy is limited
Designed to perform a specific calculation
Cannot easily denote different hazards leading to an MA
Typically not used by MHFs
62
Risk Assessment - Risk Matrix
•
•
•
•
Hazards can be allocated a qualitative risk ranking in terms of
estimated likelihood and consequence and then displayed on a
risk matrix
Consequence information has already been discussed, hence,
information from this part of the assessment can be used
effectively in a risk matrix
Risk matrices can be constructed in a number of formats, such
as 5x5, 7x7, 4x5, etc
Often facilities may have a risk matrix for other risk
assessments (eg Task analysis, JSA)
63
Risk Assessment - Risk Matrix
•
Results can be easily presented
-
•
•
•
In tabular format for all MAs
Within a risk matrix
Such processes can illustrate major risk contributors, aid the
risk assessment and demonstration of adequacy
Care needs to be taken to ensure categories are consistently
used and there are no anomalies
Australian/New Zealand Standard, AS4360, Risk Management
1999, provides additional information on risk matrices
64
Risk Assessment - Risk Matrix
Risk matrix
example
(AS4360)
Health and
Safety
Values
Environmental
Values
Financial Loss
Exposures
A Possibility of repeated
events, (1 x 10-1 per year)
Likelihood
B Possibility of isolated
incidents, (1 x 10-2 per year)
C Possibility of occurring
sometimes, (1 x 10-3 per
year)
D Not likely to occur,
(1 x 10-4 per year)
E Rare occurrence,
(1 x 10-5 per year)
Consequences
Insignificant
Minor
Moderate
Major
Catastrophic
1
2
3
4
5
A near miss, First Aid
Injury (FAI) or one or
more Medical
Treatment Injuries
(MTI)
One or more
Lost Time
Injuries (LTI)
One or more
significant Lost Time
Injuries (LTI)
One or more
fatalities
No impact
No or low
impact
Medium impact
Major impact
outside the facility event
boundary
Loss below $5,000
Loss $5,000 to
$50,000
Medium impact.
Release within facility
boundary
Loss from $50,000 to
$1,000,000
Loss from
$1,000,000 to
$10,000,000
Significant
number of
fatalities
Loss of above
$10,000,000
Significant
Risk
Significant
Risk
High Risk
High Risk
High Risk
Moderate Risk
Significant
Risk
Significant Risk
High Risk
High Risk
Low Risk
Moderate
Risk
Significant Risk
High Risk
High Risk
Low Risk
Low Risk
Moderate Risk
Low Risk
Low Risk
Moderate Risk
Significant
Risk
Significant
Risk
High Risk
Significant
Risk
65
Risk Assessment - Risk Matrix
Advantages
If used well, a risk matrix will:
•
•
•
•
•
Identify event outcomes that should be prioritised or grouped
for further investigation
Provides a good graphical portrayal of risks across a facility
Help to identify areas for risk reduction
Provide a quick and relatively inexpensive risk analysis
Enable more detailed analysis to be focused on high risk
areas (proportionate analysis)
66
Risk Assessment - Risk Matrix
Disadvantages
•
•
•
Scale is always a limitation regarding frequency reduction - it
does not provide an accurate reduction ranking
Cumulative issues and evaluations are difficult to show in a
transparent manner
There can be a strong tendency to try and provide a greater
level of accuracy than what is capable
67
Risk Assessment - Semi-Quantitative Approach
•
•
•
•
One tool is a layer of protection analysis approach (LOPA)
It is a simplified form of risk evaluation
The primary purpose of LOPA is to determine if there are
sufficient layers of protection against a hazard scenario
It needs to focus on:
–
–
–
Causes of hazards occurring
Controls needed to minimise the potential for hazards occurring
If the hazards do occur, what mitigation is needed to minimise
the consequences
68
Risk Assessment - Semi-Quantitative Approach (LOPA)
Diagrammatic Representation - LOPA
• Analysing the safety
measures and
controls that are
between an
uncontrolled release
and the worst
potential consequence
69
Risk Assessment - Semi-Quantitative Approach (LOPA)
The information for assessment can be presented as a bow-tie
diagram
Causes
Outcomes
Mitigative Controls
Preventative Controls
M
A
Hazards
Controls
Controls
Consequences
70
Risk Assessment - Semi-Quantitative Approach (LOPA)
Advantages and Disadvantages
•
•
•
•
Risk evaluation can be undertaken using a bow-tie approach
A procedural format needs to be developed by the company to
ensure consistency of use across all evaluations
External review (to the safety report team) should be
considered for consistency and feedback
Correct personnel are needed to ensure the most applicable
information is applied to the evaluation approach
71
Risk Assessment - Quantitative
•
•
Quantitative assessments can be undertaken for specific types
of facilities
This is a tool that requires expert knowledge on the technique
and has the following aspects:
–
–
–
–
–
–
•
•
It is very detailed
High focus on objective
Detailed process evaluations
Requires a high level of information input
Provides a high output resolution
Reduces uncertainty
Frequency component can be questionable as generic failure
rate data is generally used
Provides understanding on the high risk contributors from a
facility being evaluated
72
Risk Assessment - Quantitative
Typical result output from such an assessment is individual risk
contours
VRJ Risk Engineers Pty Ltd
R acecourse
H ospital
S chool
S chool
Li ght Rai l Reserve
Tow n
C enter
R esidentual
Example
shown is for
land use
planning
S ports C ompl ex
10-5
106
107
10-6
Figure 13: Sample Risk Plot - VRJ QRA
Risks are in chances per
million p er y ear
73
Risk Assessment - Quantitative
•
•
•
•
•
•
Time consuming
Expensive
Expert knowledge is required
Not suitable for every MHF site
Process upsets (such as a runaway reaction) cannot be easily
modelled as an initiating event using standard equipment part
counts - incorporation of fault tree analysis required
Use of generic failure rate data has limitations and does not take
into consideration a specific company’s equipment and
management system strategies
74
Summary
•
A risk assessment provides an understanding of the major
hazards and a basis for determining controls in place
•
Risk assessments can involve significant time and effort
•
Operations personnel and managers could cause, contribute
to, control or be impacted by MAs
•
Hence they should be involved in the risk assessment
•
HSRs may or may not take part, but must be consulted in
relation to the process of HAZID & Risk Assessment
•
They should also be involved in resolution of any issues that
arise during the studies, including improvements to methods
and processes
75
Review and Revision
•
Employer must review (and revise) Hazard Identifications,
Risk Assessments and Control Measures to ensure risks
remain reduced to AFAP:
–
–
–
–
–
–
At the direction of the Commission
Prior to modification
After a major accident
When a control measure is found to be deficient
At least every 5 years
Upon licence renewal conditions
76
Sources of Additional Information
The following are a few sources of information covering risk
assessment
•
•
•
•
•
Hazard and Operability Studies (HAZOP Studies), IEC
61882, Edition 1.0, 2001-05
Functional Safety – Safety Instrumented Systems for the
Process Industry Sector, IEC 61511, 2004-11
Fault Tree Analysis, IEC 61025, 1990-10
Hydrocarbon Leak and Ignition Data Base, E&P Forum,
February 1992 N658
Guidelines for Process Equipment Reliability Data, Center for
Chemical Process Safety of the American Institute of
Chemical Engineers, 1989
77
Sources of Additional Information
•
•
•
•
Offshore Hydrocarbon Release Statistics, Offshore Technology
Report – OTO 97 950, UK Health and Safety Executive,
December 1997
Loss Prevention in the Process Industries , Lees F. P., 2nd
Edition, Butterworth Heinemann
Layer of Protection Analysis, Simplified Process Risk
Assessment, Center for Chemical Process Safety of the
American Institute of Chemical Engineers, 2001
Nomogram, Wikipedia, the free encyclopaedia
78
Questions?
79
Example LOPA Assessment – Spreadsheet Format
Cause
Hazard
Loss of
cooling
tower
water
to
conden
ser
once
every
10
years
Catastrophic
rupture of
distillation
column with
shrapnel,
toxic release
Independent Preventative Protection Layers
Columns
condenser,
reboiler and
piping maximum
allowable
working
pressures are
greater than
maximum
possible pressure
from steam
reboiler
Logic in
BPCS trips
steam flow
valve and
steam RCV
on high
pressure or
high
temperature
. No credit
since not
independent
of SIS.
High column
pressure
and
temperature
alarms can
alert
operator to
shut off the
steam to
the reboiler
(manual
valve)
Logic in
BPCS trips
stream flow
valve and
steam RCV
on high
pressure or
high
temperatur
e (dual
sensors
separate
from DCS).
Mitigative
Protection
Layers
Pressure
safety
valve
opens on
high
pressure
80
Example Example Bowtie Assessment – System Format
MA-1
MA-2
81