Risk and hazards analysis

Selecting the appropriate type of risk analysis is important and can be tricky. Simple qualitative methods such as Checklist, What-if, Failure Modes and Effects Analysis (FMEA) or Hazards And Operability Study (HAZOPS) are relatively efficient and often offer adequate risk resolution on which management decisions can be based. These techniques are useful in finding failure modes and the overall effects of those failures. 

Semi-quantitative (i.e., order of magnitude) methods such as Layer of Protection Analysis (LOPA) offer more detail regarding the factors that tend to contribute to the likelihood of initiating events as well as the factors that tend to contribute to more or less severe outcomes. Semi-quantitative methods can be integrated into a qualitative method for a hybrid approach which is sufficient in many cases.

Fully quantitative risk analysis is rarely needed and is typically only applicable to large chemical processes. 

A company will want to establish a consistent methodology so that risks and hazards can be compared enterprise wide on an equitable basis.  

Not all risks are created equal. Each individual company will need to establish a consistent method of determining whether a certain risk is acceptable or not – and if not, the priority of proposed mitigation efforts. Some companies prefer the decision procedure based on whether a certain loss event has a sufficient probability of occurrence. The consequences of those loss events, such as personnel injury, property damage ($), or business interruption periods are not included in the analysis. 

Other companies will go a step further and establish numerical likelihood thresholds for risk classes. This is not easy. Setting risk thresholds includes quantifying issues with uncertain or uncomfortable elements, such as severe personnel injuries. There are no widely accepted societal thresholds for these types of risks. 

The use of “heat maps” and risk matrices are common, but if not developed properly can be misleading and provide a false sense of risk comprehension. It is important for upper company management to fully buy-in on risk acceptance methodology and criteria. 

Comprehensive hazards analysis requires experience with the processes involved and loss experience. Processes or circumstances that can release energy or materials must be identified.

Hazards analysis typically involves developing a loss scenario, which has a beginning, a middle, and an end. The accident itself begins with an “Initiating Event”, such as human error, equipment failure, process damage from natural hazards, loss of power, or a process upset. The initiating event often results in the release of energy or material which has the potential to cause damage. In some cases, the scenario progresses to a fairly benign conclusion, such as the cleanup of a spill of combustible liquid that does not ignite. In other cases, the scenario progresses to more significant consequences such as if the combustible liquid ignites, resulting in a fire. As likelihood is not included in hazards analysis, it is typical to assume “near worst case” conditions during the scenario to determine the range of the severity of consequences that can result. Hazards can often be best determined in a team setting using “What If”, Checklist, Failure Modes and Effects Analysis (FMEA), and Hazards and Operability Study (HAZOPS) methods. 

Some companies already have robust Process Hazards Analysis procedures integrated into their business model. Other companies that have not previously employed PHA will need education at different levels of the company to determine if this is a viable direction for the company. 

The most important single resolution to be made is buy-in and support from upper-level management. Once the company has decided to engage PHA,  the personnel who will be involved in the assessments will need to be trained.

The typical team for these and other hazards and risk analysis methods involves the company management, process engineers, facilities engineers, operating personnel and managers, maintenance personnel, fire protection engineers, and Environmental Health and Safety personnel.

PHA can be used for new design, assessment of existing facilities and processes, management of change, mechanical integrity programs, operator training, emergency response planning, and incident investigations. 

Semi-quantitative methods such as Layers of Protection Analysis (LOPA) are useful in risk-based decision making because these methods strike a reasonable balance between detail and associated effort, and risk quantification precision.

The probability of the existence of circumstances that may exist which either raise or lower the likelihood of an accident are quantified as “Enabling Conditions”. The likelihood of the “Initiating Events” are also quantified as the frequency of occurrence per unit of time (e.g., failures per year). The probability of the initiating event resulting in more or less severe consequences are quantified by “Conditional Modifiers”. These frequencies and probabilities are typically quantified to an order of magnitude level of precision.

These factors are combined mathematically to determine the likelihood of a certain Initiating Event resulting in a certain Consequence severity. The overall risk is compared to the risk acceptance criteria so the risk can be classified as being tolerable, or if not, the priority of recommended mitigation can be determined.

 Safeguards are elements which reduce the probability of the scenario outcome or the Consequence severity . 

Safeguards includes such elements as Basic Process Control Systems (BPCS), alarm safety interlocks, passive building containment such as firewalls, curbs and berms, emergency exhaust, explosion suppression, explosion venting, pressure relief, and safety control loops. Each of these different types of safeguards have different levels of reliability and different effects on the consequence severity. 

A common safeguard is a safety control loop, which consists of a sensor, a “logic solver”, and a “final element”. The sensor detects an anomalous condition and sends a signal to the “logic solver”. The logic solver is typically an electronic controller or a series of logic switches which processes the signal to determine what should happen in order to safeguard the system from the unintended event. The logic solver then sends a signal to the “final element” which is typically a valve, switch, or other process active equipment which changes condition or position to isolate or otherwise make the system safe, depending on the nature of the anomaly. 

The reliability of each of the safeguards can be quantified in terms of Probability of Failure on Demand (PFD). The combination of several layers of safeguards determines the overall probability of an initiating event progressing to severe consequences.  Some safeguards are qualified as an Independent Protection Layers (IPL) which have strict requirements for a very high level of reliability. Such systems are more expensive but are very reliable.