Workplace accidents

1. Major Hazard Facilities
Major Accident Identification and
Risk Assessment

2. Overview
• This seminar has been developed in the context of the MHF
2
regulations to provide:
– An overview of MA identification and risk assessment
– The steps required for MA recording
– Examples of major accidents identified
– The steps required for a risk assessment
– Examples of risk assessment formats

3. Some Abbreviations and Terms
• AFAP - As far as (reasonably) practicable
• BLEVE – Boiling liquid expanding vapour explosion
• BPCS – Basic process control system
• DG - Dangerous goods
• Employer - Employer who has management control of the
3
facility
• Facility - any building or structure which is classified as an
MHF under the regulations
• HAZID - Hazard identification
• HSR - Health and safety representative
• LOC - Loss of containment
• LOPA – Layers of protection analysis
• MHF - Major hazard facility
• MA - Major accident
• SIS – Safety instrumented system

4. 4
Topics Covered In This Presentation
• Regulations
• Definition - Major accident (MA)
• MA identification issues
• Approaches to MA identification
• MA recording
• Pitfalls

5. 5
Topics Covered In This Presentation
• Definition of a risk assessment
• Approaches
• Risk assessment
• Likelihood assessment
• Consequences
• Risk evaluation and assessment
• Summary
• Sources of additional information
• Review and revision

6. Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
6
• Hazard identification (R9.43)
• Risk assessment (R9.44)
• Risk control (i.e. control measures) (R9.45, S9A 210)
• Safety Management System (R9.46)
• Safety report (R9.47, S9A 212, 213)
• Emergency plan (R9.53)
• Consultation

7. Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.43 (Hazard identification) states:
The employer must identify, in consultation with employees,
contractors (as far as is practicable) and HSRs:
a) All reasonably foreseeable hazards at the MHF that may
7
cause a major accident; and
b) The kinds of major accidents that may occur at the MHF,
the likelihood of a major accident occurring and the likely
consequences of a major accident.

8. Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.44 (Risk assessment) states:
If a hazard or kind of major accident at the MHF is identified
under regulation 9.43, the employer must ensure that any
risks associated with the hazard or major accident are
assessed, in consultation with employees, contractors (as far
as is practicable) and HSRs.
The employer must ensure that the risk assessment is reviewed:
a) Within 5 years after the assessment is carried out, and
8
afterwards at intervals of not more than 5 years; and
b) Before a modification is made to the MHF that may
significantly change a risk identified under regulation 9.43;
and
c) When developments in technical knowledge or the
assessment of hazards and risks may affect the method at
the MHF for assessing hazards and risks; and
d) If a major accident occurs at the MHF.

9. Regulations
Occupational Health and Safety (Safety Standards) Regulations 1994
Regulation 9.45 (Risk control) states:
The employer must, in consultation with employees, contractors
(as far as is practicable) and HSRs, ensure that any risk
associated with a hazard at the MHF is:
a) eliminated; or
b) If it is not practicable to eliminate the risk – reduced as far as
9
practicable.
The employer must:
a) Implement measures at the MHF to minimise the likelihood of
a major accident occurring; and
b) Implement measures to limit the consequences of a major
accident if it occurs; and
c) Protect relevant persons, an at-risk community, and the built
and natural environment surrounding the MHF, by
establishing an emergency plan and procedures in
accordance with regulation 9.53.

10. 10
Major Accident
A major accident is defined in the Regulations as:
A sudden occurrence at the facility causing serious danger or
harm to:
– A relevant person or
– An at-risk community or
– Property or
– The environment
whether the danger or harm occurs immediately or
at a later time
Definition

11. 11
MA Identification Issues
• Unless ALL possible MAs are identified then causal and
contributory hazards may be overlooked and risks will not be
accurately assessed
• Likewise, controls cannot be identified and assessed
• Identification of MAs must assume control measures are
absent/unavailable/not functional
That is:
WHAT COULD HAPPEN IF CONTROL MEASURES WERE
NOT APPLIED AND MAINTAINED ?

12. 12
MA Identification Issues
MAs can be identified in three different areas
These are:
• Process MAs
• MAs arising from concurrent activities
• Non-process MAs

13. MA Identification Issues
Process MAs
• These are MAs caused by hazards which are associated with
upsets in the process, or failure of equipment in the process,
etc
MAs arising from concurrent activities
• Typical concurrent operations which must be considered are:
13
- Major shutdowns/start ups
- Other activity on site
- Activities adjacent to the facility

14. 14
MA Identification Issues
Non-Process MAs
• MAs created by non-process hazards that could cause release
of Schedule 9 materials
• Non-process hazards may typically include the following:
aircraft crashing; dropped objects; extreme environmental
conditions (earthquake, cyclone, high winds, lightning); non-process
fires (e.g. bush fire); vehicles and road transport;
heat stress

15. 15
MA Identification Issues
• Collate appropriate
– Facility information
– Incident data/histories
• To ensure a thorough understanding of :
– The nature of the facility
– Its environment
– Its materials
– Its processes

16. MA Identification Issues
• Develop/select a structured method for determining what types
16
of MA can occur:
– Loss of containment
– Fire
– Explosion
– Release of stored energy
– Where they can occur
– Under what circumstances
• Define and document any restrictions applied to the above

17. 17
MA Identification – Tools Usage
Examples of tools which might be used include:
• Analysis of Schedule 9 materials and DG properties
• Use of HAZID techniques
• Review of existing hazard identification or risk assessment
studies
• Analysis of incident history – local, industry, company and
applicable global experience

18. • It may be efficient to treat similar equipment items handling the
same Schedule 9 materials together - as often they have
similar hazards and controls
• Further, to ensure correct mitigation analysis, the equipment
grouped together should contain similar materials at similar
process conditions, resulting in similar consequences on release
18
Approach to MA Identification

19. Approach to MA Identification
• For consistency of analysis, all MAs should be defined in terms
19
of an initial energy release event
• This can be characterised as a loss of control of the Schedule 9
material
• As an example, in the case of a hydrocarbon release from one
vessel leading to a jet fire that subsequently causes a BLEVE in
a second vessel, the MA should be defined in terms of the initial
hydrocarbon release from the first vessel

20. Approach to MA Identification
• Review HAZID studies to identify initiating events for each MA
• Review to ensure all hazards have been identified
• Special checklists should be developed to assist with this
20
process
• Further hazards may be identified from:
- Discussions with appropriate subject experts
- Review of incident data
- Review of the records from a similar system

21. • A structured approach is important
• It can then link equipment management strategies and systems
• Record the key outputs in a register
For each MA, the register should record the following information:
• Equipment that comprises the MA
• Group similar items into one MA
• Description
• Consequences
21
MA Recording

22. MA Recording
• Consider all Schedule 9 materials - regardless of quantity
• Screen out incidents that do not pose a serious danger or
22
harm to personnel, the community, the environment or
property
• Screening should only be on the basis of consequence not
likelihood
– i.e. Events should not be screened out on the basis of
likelihood or control measures being active
– Consequence modelling should be used as justification for
screening decisions
• External influences need to be considered, for example,
potential for a power failure to cause a plant upset leading to
an MA

23. 23
Example – MA Recording
The following are examples of MA recording details
MA Reference
No.
MA Description Equipment Included
LPG-PU23-
00110
LOC - pumps LPG transfer pumps
(P254/A)
TKF-SA10 LOC – finished
flammable product
release from tank
farm
Flammable storage
tanks A202, A205,A206,
B21, C55
A26 Ignition of material Extruders E21/E22/D54

24. Major Hazard Facilities
Risk Assessment

25. 25
What is Risk?
• Regulatory definition (per Part 20 of the Occupational
Health and Safety (Safety Standards) Regulations 1994) :
“Risk means the probability and consequences of occurrence
of injury or illness”
• AS/NZS 4360 (Risk Management Standard)
“the chance of something happening that will have an impact
on objectives”
• Risk combines the consequence and the likelihood
 RISK = CONSEQUENCE x LIKELIHOOD

26. 26
Hazard versus Risk

27. 27
Risk Assessment Definition
• Any analysis or investigation that contributes to
understanding of any or all aspects of the risk of major
accidents, including their:
– Causes
– Likelihood
– Consequences
– Means of control
– Risk evaluation

28. 28
The Risk Assessment Should…
• Ensure a comprehensive and detailed understanding of all
aspects for all major accidents and their causes
• Be a component of the demonstration of adequacy required in
the safety report - e.g. by evaluating the effects of a range
of control measures and provide a basis for
selection/rejection of measures

29. 29
Approach
• The MHF Regulations respond to this by requiring
comprehensive and systematic identification and assessment of
hazards
• HAZID and Risk Assessment must have participation by
employees, as they have important knowledge to contribute
together with important learnings
• These employees MAY BE the HSRs, but DO NOT HAVE TO BE
• However, the HSRs should be consulted in selection of
appropriate participants in the process

30. 30
Approach
Qualitative
Assessment
Types of Risk Assessment
Hazard
Identification
Detailed Studies
Quantitative Risk Assessment Asset Integrity Studies
Likelihood Analysis Consequence Analysis
Plant Condition Analysis Human Factors Studies
Technology Studies

31. 31
Causes
• From the HAZID and MA evaluation process, pick an MA for
evaluation
• From the hazard register, retrieve all the hazards that can lead
to the MA being realised
• In a structured approach, list all of the controls currently in
place to prevent each of the hazards that lead to the MA being
realised
• Examine critically all of the controls currently in place designed
to prevent the hazard being realised

32. 32
• As an example, from hazard register, MA - A26
Ignition of
materials
(MA - A26)
Causes

33. 33
Causes
List all possible causes of the accident (identified during
HAZID study)
Ignition of
materials
(MA - A26)
Hazard
Scenario
1
Hazard
Scenario
2
Hazard
Scenario
3, etc

34. List all prevention controls for the accident (identified during
HAZID study)
34
Causes
Ignition of
materials
(MA - A26)
Hazard
Scenario
1
Hazard
Scenario
2
Hazard
Scenario
3, etc
Prevention
control
C1-1
Prevention
control
C1-2
Prevention
control
C2-1
Prevention
control
C3-1

35. 35
Likelihood Assessment
• Likelihood analysis can involve a range of approaches,
depending on the organisation’s knowledge, data recording
systems and culture
• This knowledge can range from:
- In-house data - existing data recording systems and operational
experience
- Reviewing external information from failure rate data sources
• Both are valid, however, the use of in-house data can provide
added value as it is reflective of the management approaches
and systems in place

36. Likelihood Assessment
• A “Likelihood” is an expression of the chance of something
happening in the future - e.g. Catastrophic vessel failure, one
chance in a million per year (1 x 10-6/year)
• “Frequency” is similar to likelihood, but refers to historical
36
data on actual occurrences

37. 37
Likelihood Assessment
Likelihood Analysis can use:
• Historical
– Site historical data
– Generic failure rate data
• Assessment
– Workshops (operators and maintenance personnel)
– Fault trees
– Event trees
– Assessment of human error

38. 38
Likelihood Assessment – Qualitative Approach
• A qualitative approach can be used for assessment of
likelihood
• This is based upon agreed scales for interpretation purposes
and for ease of consistency
– For example, reducing orders of magnitude of occurrence
• It also avoids the sometimes more complicated issue of
using frequency numbers, which can be difficult on
occasions for people to interpret

39. 39
Likelihood Assessment – Qualitative Approach
Category Likelihood
A Possibility of repeated
events
(once in 10 years)
B Possibility of isolated
incidents
(once in 100 years)
C Possibility of occurring
sometimes
(once in 1,000 years)
D Not likely to occur,
(once in 10,000 years)
E Rare occurrence
(once in 100,000 years)

40. 40
Likelihood Assessment – Fault Trees
• A fault tree is a graphical representation of the logical
relationship between a particular system, accident or other
undesired event, typically called the top event, and the
primary cause events
• In a fault tree analysis the state of the system is to find and
evaluate the mechanisms influencing a particular failure
scenario

41. Likelihood Assessment – Fault Trees
• A fault tree is constructed by defining a top event and then
defining the cause events and the logical relations between
these cause events
41
• This is based on:
- Equipment failure rates
- Design and operational error rates
- Human errors
- Analysis of design safety systems and their intended function

42. 42
Likelihood Assessment – Fault Trees Example
PSV does not
relieve
AND OR
Process
pressure
rises
Control
fails high
PSV too
small
Set point
too high
PSV stuck
closed
Fouling inlet
or outlet
Pressure
rises
Process
vessel over
pressured
AND

43. 43
Likelihood Assessment – Generic Failure Rate Data
• This information can be obtained from:
- American Institute of Chemical Engineers Process Equipment
Reliability Data
- Loss Prevention in the Process Industries
- E&P Forum
- UK Health and Safety Executive data
- and other published reports
(Refer to Sources of Additional Information slides for references)

44. 44
Likelihood Assessment – Human Error
• Human error needs to be considered in any analysis of
likelihood of failure scenarios
• The interaction between pending failure scenarios, actions to
be taken by people and the success of those actions needs to
be carefully evaluated in any safety assessment evaluation
• Some key issues of note include:
– Identifying particular issue
– Procedures developed for handling the issue
– Complexity of thought processing information required

45. Type of Behaviour Error
Probability
45
Extraordinary errors: of the type difficult to conceive how they could occur:
stress free, powerful cues initiating for success.
10-5
(1 in
100,000)
Error in regularly performed, commonplace, simple tasks with minimum
stress (e.g. Selection of a key-operated switch rather than a non key-operated
switch).
10-4
(1 in
10,000)
Errors of omission where dependence is placed on situation cues and
memory. Complex, unfamiliar task with little feedback and some distractions
(e.g. failure to return manually operated test valve to proper configuration
after maintenance).
10-2
(1 in 100)
Highly complex task, considerable stress, little time to perform it e.g. during
abnormal operating conditions, operator reaching for a switch to shut off an
operating pump fails to realise from the indicator display that the switch is
already in the desired state and merely changes the status of the switch.
10-1
(1 in 10)
Likelihood Assessment – Human Error

46. Likelihood Assessment – Event Trees
• Used to determine the likelihood of potential consequences
46
after the hazard has been realised
• It starts with a particular event and then defines the possible
consequences which could occur
• Each branching point on the tree represents a controlling
point, incorporating the likelihood of success or failure, leading
to specific scenarios
• Such scenarios could be:
– Fire
– Explosion
– Toxic gas cloud
• Information can then used to estimate the frequency of the
outcome for each scenario

47. 47
Likelihood Assessment – Event Trees
Event tree example – LPG Pipeline Release

48. 48
Consequences
• Most scenarios will involve at
least one of the following
outcomes:
– Loss of containment
– Reactive chemistry
– Injury/illness
– Facility reliability
– Community impacts
– Moving vehicle incidents
– Ineffective corrective action
– Failure to share learnings

49. Consequences
• Consequence evaluation estimates the potential effects of
49
hazard scenarios
• The consequences can be evaluated with specific consequence
modelling approaches
• These approaches include:
- Physical events modelling (explosion, fire, toxic gas consequence
modelling programs)
- Occupied building impact assessment

50. 50
Consequences - Qualitative Evaluation
• A qualitative evaluation is based upon a descriptive
representation of the likely outcome for each event
• This requires selecting a specific category rating system that is
consistent with corporate culture

51. 51
Consequences - Qualitative Descriptors Example
Consequence
descriptors
Insignificant Minor Moderate Major Catastrophic
Health and
Safety Values
A near miss,
first aid injury
One or
more lost
time
injuries
One or more
significant lost
time injuries
One or
more
fatalities
Significant
number of
fatalities
Environmental
Values
No impact No or low
impact
Medium impact
Release within
facility
boundary
Medium
impact
outside
the facility
boundary
Major impact
event
Financial Loss
Exposures
Loss below
$5,000
Loss
$5,000 to
$50,000
Loss from
$50,000 to $1M
Loss from
$1M to
$10M
Loss above
$10M

52. 52
Consequences – Quantitative Evaluation
• Consequence analysis estimates the potential effects of
scenarios
• Tools include:
- Potential consequences (event tree)
- Physical events modelling (explosion, fire and/or gas dispersion
consequence modelling programs)
- Load resistance factor design (building design)

53. 53
Consequences - Qualitative Evaluation Example
Example: Impact of Explosions
Explosion Overpressure
(kPa)
Effects
7 (1 psi) Results in damage to internal
partitions and joinery but can be
repaired.
21 (3 psi) Reinforced structures distort,
storage tanks fail.
35 (5 psi) Wagons and plant items overturned,
threshold of eardrum damage.
70 (10 psi) Complete demolition of houses,
threshold of lung damage.
Note: Calculations can be undertaken to determine probability of serious injury and fatality

54. Example - Overpressure Contour - impact on facility buildings
Release scenario location
54
35 kPa
21 kPa
14 kPa
7 kPa
Consequences - Qualitative Evaluation Example

55. Risk Evaluation
• Risk evaluation can be undertaken using qualitative and/or
55
quantitative approaches
• Risk comprises two categories - frequency and consequence
• Qualitative methodologies that can be used are
- Risk matrix
- Risk nomograms
• Semi – quantitative techniques
- Layers of protection analysis
- Risk matrix
• Quantitative - quantitative techniques

56. 56
Qualitative
Assessment
Semi-
Quantitative
Assessment
Quantitative
Assessment
Simple, subjective, low
resolution, high uncertainty,
low cost
Detailed, objective, high resolution,
low uncertainty, increasing cost
Risk Assessment - What Type?

57. Risk Assessment – Issues For Consideration
• Greater assessment detail provides more quantitative information
57
and supports decision-making
• Strike a balance between increasing cost of assessment and
reducing uncertainty in understanding
• Pick methods that reflect the nature of the risk, and the decision
options

58. 58
Risk Assessment – Issues For Consideration
• Stop once all decision options are differentiated and the
required information compiled
• Significant differences of opinion regarding the nature of the
risk or the control regime indicate that further assessment is
needed

59. Risk Assessment - Qualitative
• Qualitative risk assessment can be undertaken using the
59
following
- Risk nomogram
- Risk matrix
• Both approaches are valid and the selection will depend upon
the company and its culture

60. 60
Risk Assessment - Risk Nomogram
• A nomogram is a graphical device designed to allow
approximate calculation
• Its accuracy is limited by the precision with which physical
markings can be drawn, reproduced, viewed and aligned
• Nomograms are usually designed to perform a specific
calculation, with tables of values effectively built into the
construction of the scales

61. Most nomograms
are used in
situations where
an approximate
answer is
appropriate and
useful
61
LIKELIHOOD
Might well be
Expected at Sometime
Quite Possible
Could Happen
Unusual but
Possible
Remotely
Possible
Conceivable but
Very Unlikely
Practically
Impossible
EXPOSURE
Very Rare,
Yearly or Less
Rare
Few per year
Unusual
Once per Month
Occasional
Once per Week
Frequent
Daily
Continuous
TIE LINE
POSSIBLE
CONSEQUENCES
Catastrophe
Many Fatalities
>$100M Damage
Disaster
Multiple Fatalities
>$10M Damage
Very Serious
Fatality
>$1M Damage
Serious
Serious Injury
>$100k Damage
Important
Disability
>$10k Damage
500
400
300
200
100
80
60
Noticeable
Minor Injury / First Aid
>$1k Damage
40
20
10
0
Very High Risk
Consider
Discontinuing
Operation
High Risk
Immediate
Correction
Required
Substantial
Risk
Correction
Required
Risk must be
Reduced
SFARP
Risk
Acceptable if
Reduced SFARP
Risk Assessment - Risk Nomogram

62. 62
Risk Assessment - Risk Nomogram
Advantages and Disadvantages
• Accuracy is limited
• Designed to perform a specific calculation
• Cannot easily denote different hazards leading to an MA
• Typically not used by MHFs

63. Risk Assessment - Risk Matrix
• Hazards can be allocated a qualitative risk ranking in terms of
estimated likelihood and consequence and then displayed on a
risk matrix
• Consequence information has already been discussed, hence,
information from this part of the assessment can be used
effectively in a risk matrix
• Risk matrices can be constructed in a number of formats, such
63
as 5x5, 7x7, 4x5, etc
• Often facilities may have a risk matrix for other risk
assessments (eg Task analysis, JSA)

64. 64
Risk Assessment - Risk Matrix
• Results can be easily presented
- In tabular format for all MAs
- Within a risk matrix
• Such processes can illustrate major risk contributors, aid the
risk assessment and demonstration of adequacy
• Care needs to be taken to ensure categories are consistently
used and there are no anomalies
• Australian/New Zealand Standard, AS4360, Risk Management
1999, provides additional information on risk matrices

65. Risk Assessment - Risk Matrix
Risk matrix Consequences
example
(AS4360)
Insignificant Minor Moderate Major Catastrophic
1 2 3 4 5
Significant
number of
fatalities
Major impact
event
Loss of above
$10,000,000
One or more
fatalities
Medium impact
outside the facility
boundary
Loss from
$1,000,000 to
$10,000,000
One or more
significant Lost Time
Injuries (LTI)
Medium impact.
Release within facility
boundary
Loss from $50,000 to
$1,000,000
High Risk High Risk High Risk
Significant Risk High Risk High Risk
Significant Risk High Risk High Risk
One or more
Lost Time
Injuries (LTI)
No or low
impact
Loss $5,000 to
$50,000
Significant
Risk
Significant
Risk
Moderate
Risk
A near miss, First Aid
Injury (FAI) or one or
more Medical
Treatment Injuries
(MTI)
No impact
Loss below $5,000
Significant
Risk
Moderate Risk
Low Risk
Low Risk Low Risk Moderate Risk Significant Risk High Risk
65
Health and
Safety
Values
Environmental
Values
Financial Loss
A Possibility of repeated
events, (1 x 10-1 per year)
B Possibility of isolated
incidents, (1 x 10-2 per year)
C Possibility of occurring
sometimes, (1 x 10-3 per year)
D Not likely to occur,
(1 x 10-4 per year)
E Rare occurrence,
(1 x 10-5 per year)
Likelihood
Exposures
Low Risk Low Risk Moderate Risk Significant Risk Significant Risk

66. 66
Risk Assessment - Risk Matrix
Advantages
If used well, a risk matrix will:
• Identify event outcomes that should be prioritised or grouped
for further investigation
• Provides a good graphical portrayal of risks across a facility
• Help to identify areas for risk reduction
• Provide a quick and relatively inexpensive risk analysis
• Enable more detailed analysis to be focused on high risk
areas (proportionate analysis)

67. 67
Risk Assessment - Risk Matrix
Disadvantages
• Scale is always a limitation regarding frequency reduction - it
does not provide an accurate reduction ranking
• Cumulative issues and evaluations are difficult to show in a
transparent manner
• There can be a strong tendency to try and provide a greater
level of accuracy than what is capable

68. Risk Assessment - Semi-Quantitative Approach
• One tool is a layer of protection analysis approach (LOPA)
• It is a simplified form of risk evaluation
• The primary purpose of LOPA is to determine if there are
68
sufficient layers of protection against a hazard scenario
• It needs to focus on:
– Causes of hazards occurring
– Controls needed to minimise the potential for hazards occurring
– If the hazards do occur, what mitigation is needed to minimise
the consequences

69. 69
Risk Assessment - Semi-Quantitative Approach (LOPA)
Diagrammatic Representation - LOPA
• Analysing the safety
measures and
controls that are
between an
uncontrolled release
and the worst
potential consequence

70. Risk Assessment - Semi-Quantitative Approach (LOPA)
The information for assessment can be presented as a bow-tie
diagram
70
Preventative Controls
Hazards Controls
Mitigative Controls
Controls
MA
Causes
Outcomes
Consequences

71. 71
Risk Assessment - Semi-Quantitative Approach (LOPA)
Advantages and Disadvantages
• Risk evaluation can be undertaken using a bow-tie approach
• A procedural format needs to be developed by the company to
ensure consistency of use across all evaluations
• External review (to the safety report team) should be
considered for consistency and feedback
• Correct personnel are needed to ensure the most applicable
information is applied to the evaluation approach

72. Risk Assessment - Quantitative
• Quantitative assessments can be undertaken for specific types
72
of facilities
• This is a tool that requires expert knowledge on the technique
and has the following aspects:
– It is very detailed
– High focus on objective
– Detailed process evaluations
– Requires a high level of information input
– Provides a high output resolution
– Reduces uncertainty
• Frequency component can be questionable as generic failure
rate data is generally used
• Provides understanding on the high risk contributors from a
facility being evaluated

73. VRJ Risk Engineers Pty Ltd
Example
shown is for
land use
planning
73
Risk Assessment - Quantitative
Typical result output from such an assessment is individual risk
contours
10-5 10-
6
10-
7
10-6
Town
Center
Hospital
Racecourse
Light Rail Reserve
Residentual
School
Sports Complex
School
Figure 13: Sample Risk Plot - VRJ QRA Risks are in chances per
million per year

74. Risk Assessment - Quantitative
• Time consuming
• Expensive
• Expert knowledge is required
• Not suitable for every MHF site
• Process upsets (such as a runaway reaction) cannot be easily
modelled as an initiating event using standard equipment part
counts - incorporation of fault tree analysis required
• Use of generic failure rate data has limitations and does not take
74
into consideration a specific company’s equipment and
management system strategies

75. Summary
• A risk assessment provides an understanding of the major
75
hazards and a basis for determining controls in place
• Risk assessments can involve significant time and effort
• Operations personnel and managers could cause, contribute
to, control or be impacted by MAs
• Hence they should be involved in the risk assessment
• HSRs may or may not take part, but must be consulted in
relation to the process of HAZID & Risk Assessment
• They should also be involved in resolution of any issues that
arise during the studies, including improvements to methods
and processes

76. Review and Revision
• Employer must review (and revise) Hazard Identifications,
76
Risk Assessments and Control Measures to ensure risks
remain reduced to AFAP:
– At the direction of the Commission
– Prior to modification
– After a major accident
– When a control measure is found to be deficient
– At least every 5 years
– Upon licence renewal conditions

77. Sources of Additional Information
The following are a few sources of information covering risk
77
assessment
• Hazard and Operability Studies (HAZOP Studies), IEC
61882, Edition 1.0, 2001-05
• Functional Safety – Safety Instrumented Systems for the
Process Industry Sector, IEC 61511, 2004-11
• Fault Tree Analysis, IEC 61025, 1990-10
• Hydrocarbon Leak and Ignition Data Base, E&P Forum,
February 1992 N658
• Guidelines for Process Equipment Reliability Data, Center for
Chemical Process Safety of the American Institute of
Chemical Engineers, 1989

78. Sources of Additional Information
• Offshore Hydrocarbon Release Statistics, Offshore Technology
78
Report – OTO 97 950, UK Health and Safety Executive,
December 1997
• Loss Prevention in the Process Industries , Lees F. P., 2nd
Edition, Butterworth Heinemann
• Layer of Protection Analysis, Simplified Process Risk
Assessment, Center for Chemical Process Safety of the
American Institute of Chemical Engineers, 2001
• Nomogram, Wikipedia, the free encyclopaedia

79. 79
Questions?

80. Cause Hazard Independent Preventative Protection Layers Mitigative
Protection
Layers
80
Loss of
cooling
tower
water
to
conden
ser
once
every
10
years
Catastrophic
rupture of
distillation
column with
shrapnel,
toxic release
Columns
condenser,
reboiler and
piping maximum
allowable
working
pressures are
greater than
maximum
possible pressure
from steam
reboiler
Logic in
BPCS trips
steam flow
valve and
steam RCV
on high
pressure or
high
temperature
. No credit
since not
independent
of SIS.
High column
pressure
and
temperature
alarms can
alert
operator to
shut off the
steam to the
reboiler
(manual
valve)
Logic in
BPCS trips
stream flow
valve and
steam RCV
on high
pressure or
high
temperature
(dual
sensors
separate
from DCS).
Pressure
safety
valve
opens on
high
pressure
Example LOPA Assessment – Spreadsheet Format

81. 81
Example Example Bowtie Assessment – System Format
MA-1
MA-2