Major Hazard Facilities Major Accident Identification and Risk Assessment

1
Major Hazard FacilitiesMajor Accident
Identification and Risk Assessment
2
Overview

• This seminar has been developed in the context of
  the MHF regulations to provide
• An overview of MA identification and risk
  assessment
• The steps required for MA recording
• Examples of major accidents identified
• The steps required for a risk assessment
• Examples of risk assessment formats

3
Some Abbreviations and Terms

• AFAP - As far as (reasonably) practicable
• BLEVE Boiling liquid expanding vapour explosion
• BPCS Basic process control system
• DG - Dangerous goods
• Employer - Employer who has management control of
  the facility
• Facility - any building or structure which is
  classified as an MHF under the regulations
• HAZID - Hazard identification
• HSR - Health and safety representative
• LOC - Loss of containment
• LOPA Layers of protection analysis
• MHF - Major hazard facility
• MA - Major accident
• SIS Safety instrumented system

4
Topics Covered In This Presentation

• Regulations
• Definition - Major accident (MA)
• MA identification issues
• Approaches to MA identification
• MA recording
• Pitfalls

5
Topics Covered In This Presentation

• Definition of a risk assessment
• Approaches
• Risk assessment
• Likelihood assessment
• Consequences
• Risk evaluation and assessment
• Summary
• Sources of additional information
• Review and revision

6
Regulations
Occupational Health and Safety (Safety Standards)
Regulations 1994

• Hazard identification (R9.43)
• Risk assessment (R9.44)
• Risk control (i.e. control measures) (R9.45, S9A
  210)
• Safety Management System (R9.46)
• Safety report (R9.47, S9A 212, 213)
• Emergency plan (R9.53)
• Consultation

7
Regulations
Occupational Health and Safety (Safety Standards)
Regulations 1994
Regulation 9.43 (Hazard identification)
states The employer must identify, in
consultation with employees, contractors (as far
as is practicable) and HSRs

• All reasonably foreseeable hazards at the MHF
  that may cause a major accident and
• The kinds of major accidents that may occur at
  the MHF, the likelihood of a major accident
  occurring and the likely consequences of a major
  accident.

8
Regulations
Occupational Health and Safety (Safety Standards)
Regulations 1994

• Regulation 9.44 (Risk assessment) states
• If a hazard or kind of major accident at the MHF
  is identified under regulation 9.43, the employer
  must ensure that any risks associated with the
  hazard or major accident are assessed, in
  consultation with employees, contractors (as far
  as is practicable) and HSRs.
• The employer must ensure that the risk assessment
  is reviewed
• Within 5 years after the assessment is carried
  out, and afterwards at intervals of not more than
  5 years and
• Before a modification is made to the MHF that may
  significantly change a risk identified under
  regulation 9.43 and
• When developments in technical knowledge or the
  assessment of hazards and risks may affect the
  method at the MHF for assessing hazards and
  risks and
• If a major accident occurs at the MHF.

9
Regulations
Occupational Health and Safety (Safety Standards)
Regulations 1994

• Regulation 9.45 (Risk control) states
• The employer must, in consultation with
  employees, contractors (as far as is practicable)
  and HSRs, ensure that any risk associated with a
  hazard at the MHF is
• eliminated or
• If it is not practicable to eliminate the risk
  reduced as far as practicable.
• The employer must
• Implement measures at the MHF to minimise the
  likelihood of a major accident occurring and
• Implement measures to limit the consequences of a
  major accident if it occurs and
• Protect relevant persons, an at-risk community,
  and the built and natural environment surrounding
  the MHF, by establishing an emergency plan and
  procedures in accordance with regulation 9.53.

10
Definition

• Major Accident
• A major accident is defined in the Regulations
  as
• A sudden occurrence at the facility causing
  serious danger or harm to
• A relevant person or
• An at-risk community or
• Property or
• The environment
• whether the danger or harm occurs immediately or
  at a later time

11
MA Identification Issues

• Unless ALL possible MAs are identified then
  causal and contributory hazards may be overlooked
  and risks will not be accurately assessed
• Likewise, controls cannot be identified and
  assessed
• Identification of MAs must assume control
  measures are absent/unavailable/not functional
• That is
• WHAT COULD HAPPEN IF CONTROL MEASURES WERE NOT
  APPLIED AND MAINTAINED ?

12
MA Identification Issues

• MAs can be identified in three different areas
• These are
• Process MAs
• MAs arising from concurrent activities
• Non-process MAs

13
MA Identification Issues

• Process MAs
• These are MAs caused by hazards which are
  associated with upsets in the process, or failure
  of equipment in the process, etc
• MAs arising from concurrent activities
• Typical concurrent operations which must be
  considered are
• Major shutdowns/start ups
• Other activity on site
• Activities adjacent to the facility

14
MA Identification Issues

• Non-Process MAs
• MAs created by non-process hazards that could
  cause release of Schedule 9 materials
• Non-process hazards may typically include the
  following aircraft crashing dropped objects
  extreme environmental conditions (earthquake,
  cyclone, high winds, lightning) non-process
  fires (e.g. bush fire) vehicles and road
  transport heat stress

15
MA Identification Issues

• Collate appropriate
• Facility information
• Incident data/histories
• To ensure a thorough understanding of
• The nature of the facility
• Its environment
• Its materials
• Its processes

16
MA Identification Issues

• Develop/select a structured method for
  determining what types of MA can occur
• Loss of containment
• Fire
• Explosion
• Release of stored energy
• Where they can occur
• Under what circumstances
• Define and document any restrictions applied to
  the above

17
MA Identification Tools Usage

• Examples of tools which might be used include
• Analysis of Schedule 9 materials and DG
  properties
• Use of HAZID techniques
• Review of existing hazard identification or risk
  assessment studies
• Analysis of incident history local, industry,
  company and applicable global experience

18
Approach to MA Identification

• It may be efficient to treat similar equipment
  items handling the same Schedule 9 materials
  together - as often they have similar hazards
  and controls
• Further, to ensure correct mitigation analysis,
  the equipment grouped together should contain
  similar materials at similar process conditions,
  resulting in similar consequences on release

19
Approach to MA Identification

• For consistency of analysis, all MAs should be
  defined in terms of an initial energy release
  event
• This can be characterised as a loss of control of
  the Schedule 9 material
• As an example, in the case of a hydrocarbon
  release from one vessel leading to a jet fire
  that subsequently causes a BLEVE in a second
  vessel, the MA should be defined in terms of the
  initial hydrocarbon release from the first vessel

20
Approach to MA Identification

• Review HAZID studies to identify initiating
  events for each MA
• Review to ensure all hazards have been identified
• Special checklists should be developed to assist
  with this process
• Further hazards may be identified from
• Discussions with appropriate subject experts
• Review of incident data
• Review of the records from a similar system

21
MA Recording

• A structured approach is important
• It can then link equipment management strategies
  and systems
• Record the key outputs in a register
• For each MA, the register should record the
  following information
• Equipment that comprises the MA
• Group similar items into one MA
• Description
• Consequences

22
MA Recording

• Consider all Schedule 9 materials - regardless of
  quantity
• Screen out incidents that do not pose a serious
  danger or harm to personnel, the community, the
  environment or property
• Screening should only be on the basis of
  consequence not likelihood
• i.e. Events should not be screened out on the
  basis of likelihood or control measures being
  active
• Consequence modelling should be used as
  justification for screening decisions
• External influences need to be considered, for
  example, potential for a power failure to cause a
  plant upset leading to an MA

23
Example MA Recording
The following are examples of MA recording details
24
Major Hazard FacilitiesRisk Assessment
25
What is Risk?

• Regulatory definition (per Part 20 of the
  Occupational Health and Safety (Safety Standards)
  Regulations 1994)
• Risk means the probability and consequences of
  occurrence of injury or illness
• AS/NZS 4360 (Risk Management Standard)
• the chance of something happening that will
  have an impact on objectives
• Risk combines the consequence and the likelihood
• RISK CONSEQUENCE x LIKELIHOOD

26
Hazard versus Risk
27
Risk Assessment Definition

• Any analysis or investigation that contributes to
  understanding of any or all aspects of the risk
  of major accidents, including their
• Causes
• Likelihood
• Consequences
• Means of control
• Risk evaluation

28
The Risk Assessment Should

• Ensure a comprehensive and detailed understanding
  of all aspects for all major accidents and their
  causes
• Be a component of the demonstration of adequacy
  required in the safety report - e.g. by
  evaluating the effects of a range of control
  measures and provide a basis for
  selection/rejection of measures

29
Approach

• The MHF Regulations respond to this by requiring
  comprehensive and systematic identification and
  assessment of hazards
• HAZID and Risk Assessment must have participation
  by employees, as they have important knowledge to
  contribute together with important learnings
• These employees MAY BE the HSRs, but DO NOT HAVE
  TO BE
• However, the HSRs should be consulted in
  selection of appropriate participants in the
  process

30
Approach
Types of Risk Assessment
31
Causes

• From the HAZID and MA evaluation process, pick an
  MA for evaluation
• From the hazard register, retrieve all the
  hazards that can lead to the MA being realised
• In a structured approach, list all of the
  controls currently in place to prevent each of
  the hazards that lead to the MA being realised
• Examine critically all of the controls currently
  in place designed to prevent the hazard being
  realised

32
Causes

• As an example, from hazard register, MA - A26

Ignition of materials (MA - A26)
33
Causes
List all possible causes of the accident
(identified during HAZID study)
34
Causes
List all prevention controls for the accident
(identified during HAZID study)
35
Likelihood Assessment

• Likelihood analysis can involve a range of
  approaches, depending on the organisations
  knowledge, data recording systems and culture
• This knowledge can range from
• In-house data - existing data recording systems
  and operational experience
• Reviewing external information from failure rate
  data sources
• Both are valid, however, the use of in-house data
  can provide added value as it is reflective of
  the management approaches and systems in place

36
Likelihood Assessment

• A Likelihood is an expression of the chance of
  something happening in the future - e.g.
  Catastrophic vessel failure, one chance in a
  million per year (1 x 10-6/year)
• Frequency is similar to likelihood, but refers
  to historical data on actual occurrences

37
Likelihood Assessment

• Likelihood Analysis can use
• Historical
• Site historical data
• Generic failure rate data
• Assessment
• Workshops (operators and maintenance personnel)
• Fault trees
• Event trees
• Assessment of human error

38
Likelihood Assessment Qualitative Approach

• A qualitative approach can be used for assessment
  of likelihood
• This is based upon agreed scales for
  interpretation purposes and for ease of
  consistency
• For example, reducing orders of magnitude of
  occurrence
• It also avoids the sometimes more complicated
  issue of using frequency numbers, which can be
  difficult on occasions for people to interpret

39
Likelihood Assessment Qualitative Approach
40
Likelihood Assessment Fault Trees

• A fault tree is a graphical representation of the
  logical relationship between a particular system,
  accident or other undesired event, typically
  called the top event, and the primary cause
  events
• In a fault tree analysis the state of the system
  is to find and evaluate the mechanisms
  influencing a particular failure scenario

41
Likelihood Assessment Fault Trees

• A fault tree is constructed by defining a top
  event and then defining the cause events and the
  logical relations between these cause events
• This is based on
• Equipment failure rates
• Design and operational error rates
• Human errors
• Analysis of design safety systems and their
  intended function

42
Likelihood Assessment Fault Trees Example
43
Likelihood Assessment Generic Failure Rate Data

• This information can be obtained from
• American Institute of Chemical Engineers Process
  Equipment Reliability Data
• Loss Prevention in the Process Industries
• EP Forum
• UK Health and Safety Executive data
• and other published reports
• (Refer to Sources of Additional Information
  slides for references)

44
Likelihood Assessment Human Error

• Human error needs to be considered in any
  analysis of likelihood of failure scenarios
• The interaction between pending failure
  scenarios, actions to be taken by people and the
  success of those actions needs to be carefully
  evaluated in any safety assessment evaluation
• Some key issues of note include
• Identifying particular issue
• Procedures developed for handling the issue
• Complexity of thought processing information
  required

45
Likelihood Assessment Human Error
46
Likelihood Assessment Event Trees

• Used to determine the likelihood of potential
  consequences after the hazard has been realised
• It starts with a particular event and then
  defines the possible consequences which could
  occur
• Each branching point on the tree represents a
  controlling point, incorporating the likelihood
  of success or failure, leading to specific
  scenarios
• Such scenarios could be
• Fire
• Explosion
• Toxic gas cloud
• Information can then used to estimate the
  frequency of the outcome for each scenario

47
Likelihood Assessment Event Trees

• Event tree example LPG Pipeline Release

48
Consequences

• Most scenarios will involve at least one of the
  following outcomes
• Loss of containment
• Reactive chemistry
• Injury/illness
• Facility reliability
• Community impacts
• Moving vehicle incidents
• Ineffective corrective action
• Failure to share learnings

49
Consequences

• Consequence evaluation estimates the potential
  effects of hazard scenarios
• The consequences can be evaluated with specific
  consequence modelling approaches
• These approaches include
• Physical events modelling (explosion, fire, toxic
  gas consequence modelling programs)
• Occupied building impact assessment

50
Consequences - Qualitative Evaluation

• A qualitative evaluation is based upon a
  descriptive representation of the likely outcome
  for each event
• This requires selecting a specific category
  rating system that is consistent with corporate
  culture

51
Consequences - Qualitative Descriptors Example
52
Consequences Quantitative Evaluation

• Consequence analysis estimates the potential
  effects of scenarios
• Tools include
• Potential consequences (event tree)
• Physical events modelling (explosion, fire and/or
  gas dispersion consequence modelling programs)
• Load resistance factor design (building design)

53
Consequences - Qualitative Evaluation Example
Example Impact of Explosions
Note Calculations can be undertaken to
determine probability of serious injury and
fatality
54
Consequences - Qualitative Evaluation Example
Example - Overpressure Contour - impact on
facility buildings
Release scenario location
35 kPa
21 kPa
14 kPa
7 kPa




55
Risk Evaluation

• Risk evaluation can be undertaken using
  qualitative and/or quantitative approaches
• Risk comprises two categories - frequency and
  consequence
• Qualitative methodologies that can be used are
• Risk matrix
• Risk nomograms
• Semi quantitative techniques
• Layers of protection analysis
• Risk matrix
• Quantitative - quantitative techniques

56
Risk Assessment - What Type?
Simple, subjective, low resolution, high
uncertainty, low cost
Qualitative Assessment
Semi-Quantitative Assessment
Detailed, objective, high resolution, low
uncertainty, increasing cost
Quantitative Assessment
57
Risk Assessment Issues For Consideration

• Greater assessment detail provides more
  quantitative information and supports
  decision-making
• Strike a balance between increasing cost of
  assessment and reducing uncertainty in
  understanding
• Pick methods that reflect the nature of the risk,
  and the decision options

58
Risk Assessment Issues For Consideration

• Stop once all decision options are differentiated
  and the required information compiled
• Significant differences of opinion regarding the
  nature of the risk or the control regime indicate
  that further assessment is needed

59
Risk Assessment - Qualitative

• Qualitative risk assessment can be undertaken
  using the following
• Risk nomogram
• Risk matrix
• Both approaches are valid and the selection will
  depend upon the company and its culture

60
Risk Assessment - Risk Nomogram

• A nomogram is a graphical device designed to
  allow approximate calculation
• Its accuracy is limited by the precision with
  which physical markings can be drawn, reproduced,
  viewed and aligned
• Nomograms are usually designed to perform a
  specific calculation, with tables of values
  effectively built into the construction of the
  scales

61
Risk Assessment - Risk Nomogram
Most nomograms are used in situations where an
approximate answer is appropriate and useful
62
Risk Assessment - Risk Nomogram

• Advantages and Disadvantages
• Accuracy is limited
• Designed to perform a specific calculation
• Cannot easily denote different hazards leading to
  an MA
• Typically not used by MHFs

63
Risk Assessment - Risk Matrix

• Hazards can be allocated a qualitative risk
  ranking in terms of estimated likelihood and
  consequence and then displayed on a risk matrix
• Consequence information has already been
  discussed, hence, information from this part of
  the assessment can be used effectively in a risk
  matrix
• Risk matrices can be constructed in a number of
  formats, such as 5x5, 7x7, 4x5, etc
• Often facilities may have a risk matrix for other
  risk assessments (eg Task analysis, JSA)

64
Risk Assessment - Risk Matrix

• Results can be easily presented
• In tabular format for all MAs
• Within a risk matrix
• Such processes can illustrate major risk
  contributors, aid the risk assessment and
  demonstration of adequacy
• Care needs to be taken to ensure categories are
  consistently used and there are no anomalies
• Australian/New Zealand Standard, AS4360, Risk
  Management 1999, provides additional information
  on risk matrices

65
Risk Assessment - Risk Matrix
Risk matrix example (AS4360)
66
Risk Assessment - Risk Matrix

• Advantages
• If used well, a risk matrix will
• Identify event outcomes that should be
  prioritised or grouped for further investigation
• Provides a good graphical portrayal of risks
  across a facility
• Help to identify areas for risk reduction
• Provide a quick and relatively inexpensive risk
  analysis
• Enable more detailed analysis to be focused on
  high risk areas (proportionate analysis)

67
Risk Assessment - Risk Matrix

• Disadvantages
• Scale is always a limitation regarding frequency
  reduction - it does not provide an accurate
  reduction ranking
• Cumulative issues and evaluations are difficult
  to show in a transparent manner
• There can be a strong tendency to try and provide
  a greater level of accuracy than what is capable

68
Risk Assessment - Semi-Quantitative Approach

• One tool is a layer of protection analysis
  approach (LOPA)
• It is a simplified form of risk evaluation
• The primary purpose of LOPA is to determine if
  there are sufficient layers of protection against
  a hazard scenario
• It needs to focus on
• Causes of hazards occurring
• Controls needed to minimise the potential for
  hazards occurring
• If the hazards do occur, what mitigation is
  needed to minimise the consequences

69
Diagrammatic Representation - LOPA
Risk Assessment - Semi-Quantitative Approach
(LOPA)

• Analysing the safety measures and controls that
  are between an uncontrolled release and the worst
  potential consequence

70
Risk Assessment - Semi-Quantitative Approach
(LOPA)

• The information for assessment can be presented
  as a bow-tie diagram

Preventative Controls
Mitigative Controls
Controls
Controls
Hazards
Consequences
71
Risk Assessment - Semi-Quantitative Approach
(LOPA)

• Advantages and Disadvantages
• Risk evaluation can be undertaken using a bow-tie
  approach
• A procedural format needs to be developed by the
  company to ensure consistency of use across all
  evaluations
• External review (to the safety report team)
  should be considered for consistency and feedback
• Correct personnel are needed to ensure the most
  applicable information is applied to the
  evaluation approach

72
Risk Assessment - Quantitative

• Quantitative assessments can be undertaken for
  specific types of facilities
• This is a tool that requires expert knowledge on
  the technique and has the following aspects
• It is very detailed
• High focus on objective
• Detailed process evaluations
• Requires a high level of information input
• Provides a high output resolution
• Reduces uncertainty
• Frequency component can be questionable as
  generic failure rate data is generally used
• Provides understanding on the high risk
  contributors from a facility being evaluated

73
Risk Assessment - Quantitative

• Typical result output from such an assessment is
  individual risk contours

Example shown is for land use planning
74
Risk Assessment - Quantitative

• Time consuming
• Expensive
• Expert knowledge is required
• Not suitable for every MHF site
• Process upsets (such as a runaway reaction)
  cannot be easily modelled as an initiating event
  using standard equipment part counts -
  incorporation of fault tree analysis required
• Use of generic failure rate data has limitations
  and does not take into consideration a specific
  companys equipment and management system
  strategies

75
Summary

• A risk assessment provides an understanding of
  the major hazards and a basis for determining
  controls in place
• Risk assessments can involve significant time and
  effort
• Operations personnel and managers could cause,
  contribute to, control or be impacted by MAs
• Hence they should be involved in the risk
  assessment
• HSRs may or may not take part, but must be
  consulted in relation to the process of HAZID
  Risk Assessment
• They should also be involved in resolution of any
  issues that arise during the studies, including
  improvements to methods and processes

76
Review and Revision

• Employer must review (and revise) Hazard
  Identifications, Risk Assessments and Control
  Measures to ensure risks remain reduced to AFAP
• At the direction of the Commission
• Prior to modification
• After a major accident
• When a control measure is found to be deficient
• At least every 5 years
• Upon licence renewal conditions

77
Sources of Additional Information

• The following are a few sources of information
  covering risk assessment
• Hazard and Operability Studies (HAZOP Studies),
  IEC 61882, Edition 1.0, 2001-05
• Functional Safety Safety Instrumented Systems
  for the Process Industry Sector, IEC 61511,
  2004-11
• Fault Tree Analysis, IEC 61025, 1990-10
• Hydrocarbon Leak and Ignition Data Base, EP
  Forum, February 1992 N658
• Guidelines for Process Equipment Reliability
  Data, Center for Chemical Process Safety of the
  American Institute of Chemical Engineers, 1989

78
Sources of Additional Information

• Offshore Hydrocarbon Release Statistics, Offshore
  Technology Report OTO 97 950, UK Health and
  Safety Executive, December 1997
• Loss Prevention in the Process Industries , Lees
  F. P., 2nd Edition, Butterworth Heinemann
• Layer of Protection Analysis, Simplified Process
  Risk Assessment, Center for Chemical Process
  Safety of the American Institute of Chemical
  Engineers, 2001
• Nomogram, Wikipedia, the free encyclopaedia

79
Questions?
80
Example LOPA Assessment Spreadsheet Format
81
Example Example Bowtie Assessment System Format