ih/os essential toolbox tools: what-if/checklist
TRANSCRIPT
IH/OS Essential Toolbox Tools: What-If/Checklist & Qualitative
Risk Analysis
1
Kelsey Forde CIH CSP CHMM Timothy Stirrup REM CHMMOwner, Principal EHS Professional Principal EHS [email protected] [email protected](505)967-8917 (505)980-3743
Parvati Consulting LLC…a woman-owned small business…
www.parvaticorp.com
PDC 1April 29, 2019 1-5pm
ESH forHigh Technology
Chemical Safety Board Videou Imperial Sugar Company Dust Explosion and Fire
u Port Wentworth, GA – 02/07/2008
u On February 7, 2008, a huge explosion and fire occurred at the Imperial Sugar refinery northwest of Savannah, Georgia, causing 14 deaths and injuring 38 others, including 14 with serious and life-threatening burns. The explosion was fueled by massive accumulations of combustible sugar dust throughout the packaging building.
u Chemical Safety Board Video (9:28)
u https://www.youtube.com/watch?v=Jg7mLSG-Yws
2
Training Overviewu Course Outline
u Redbook as a Resource
u What-if/Checklist Hazard Evaluation Technique
u What-if/Checklist Worked Example
u Qualitative Risk Analysis Methodology
u Qualitative Risk Matrix Development
u Qualitative Risk Analysis Application & Worked Example
u Lessons Learned
u Training Objectives
u Understand Use of Redbook as Standard
u Demonstrate Use of What-if/Checklist Hazard Evaluation Technique
u Demonstrate Development of Qualitative Risk Matrix
u Demonstrate Use of What-if/Checklist & QRA
u Understand Qualitative Risk Analysis Output, Strengths & Limitations
3
Module # 1Redbook As A Resource
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned4
Redbook Outline & Flow
5
See Page 9
Historical Perspectiveu Redbook Guidelines Encompass
u Lessons Learned from Industry Accidents
u US Chemical Safety & Hazard Investigation Board (CSB)
u Recommendations for Hazard Evaluations
u http://www.csb.gov/
u Process Safety Management Implementation
u Laws & Regulations
u International Standards
u Experience Gained Since 1985 with Performing Hazard Evaluations
6
Redbook Overviewu Describes How Hazard Evaluation Techniques Used
Throughout Life of Process/Facility
u Realistic Hazard Evaluation Expectations for Managers
u What Each Hazard Evaluation Procedure/Technique Provides
u Limitations of Hazard Evaluation Techniques
u Presents Hazard Evaluation Techniques as Integral Part of a Process Safety Management Program
u Hazard Evaluation Following Organized, Formal Process
u Hazard Evaluation Positive Aspects
u Complement Traditional Health & Safety Worker Assessments
u Focus on Process Safety Issues
u Aid in Decisions
u Improving Safety
u Managing Risk of Operations 7
Redbook Overviewu Identify & Analyze the Significance of Hazards/Hazardous
Situations with a Process or Activity
u Pinpoint Weaknesses in Design & Operation of Facilities
u Hazard Evaluation Performed Throughout Life of Process
u Lifecycle Approach
u Early Stages of R&D
u Detailed Design & Construction
u Periodically Throughout Operation
u Decommissioning & Dismantlement
u Efficiently Reveal Deficiencies In Design & Operation
8
Redbook Overview
u Redbook Describes Specific Steps for Performing Hazard Evaluation with Following Techniques:
9
Non-Scenario Based
u Preliminary Hazards Analysis
u Safety Review
u Relative Ranking
u Checklist Analysis
Scenario Based
u What-If Analysis
u What-If/Checklist Analysis
u Hazard & Operability (HazOp) Studies
u Failure Modes & Effects Analysis (FMEA)
u Fault Tree Analysis (FTA)
u Event Tree Analysis (ETA)
u Cause Consequence Analysis (CCA)
Hazard Evaluation Technique Selection
10
See Page 180
Module # 2What-if/Checklist Hazard
Evaluation Technique
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned11
Define What-If Analysisu Checklist Analysis
u Written List of Items or Procedural Steps
u Verify the Status of a System
u What-If Analysis u Brainstorming Approach
u Group of Experienced People with the Subject Process Ask Questions or Voice Concerns About Possible Undesired Events
u What-If/Checklist Analysis u Combines
u Systematic Features of the Checklist Analysis
u Creative, Brainstorming Features of the What-If Analysis
4/29/19 12
Checklistu Purpose:
u Verification of System Status Using Written List of Requirements/Procedural Steps
u Description:
u List of Known Hazards, Design Deficiencies, and Incidents
u List of Requirements/Procedural Steps
u List of Other Parameters (e.g., chemical properties, codes/standards)
u Type of Results:
u Typically List with “No,” “Yes,” or “Not Applicable” & Associated Corrections
u Resource Requirements:
u Information to Create Checklist; Single Analyst; 2 – 12 Days
u Creating Checklist is Intensive Effort
u Analysis Procedure
u Select Checklist
u Perform Walkthrough, Design, Procedure, Codes/Standards Review
u Documenting Results
u Qualitative Report (w/ Completed Checklist) & Recommendations
u Potential for Inherent Safety Review ~ Minimization, Moderation, & Simplification4/29/19 13
What-Ifu Purpose:
u Brainstorming Approach to Identify Hazards/Hazardous Situations, or Event Sequences with Potential Undesirable Consequences ~ May Include Cause/Initiating Events
u Description:
u Use of Facilitator, Scribe, & Team
u Not Inherently Structured, Requires Skilled Facilitator
u Ideally Divide Questions Based on Hazards and/or Process Areas
u What If Can Be Effective & Efficient With Experienced Team/Facilitator
u Type of Results:
u Random Tabular Listing of Hazardous Situations with Consequences & Safeguards
u Resource Requirements:
u Supporting Information; Representative Team; 1 – 29 Days Duration
u Analysis Procedure
u Collect Chemical Data, Process Description, Drawings, & Operating Procedures
u Seed Analysis Tables for Workshop Meetings For Team Brainstorming
u Documenting Results
u Qualitative Report (w/ Completed What If Analysis Worksheet) & Recommendations
u Potential for Inherent Safety Review ~ Resolve “What-If Question”
u May Provide Input into Further More Refine HE Analysis
4/29/19 14
What-If/Checklistu Purpose:
u Systematic Use of Checklist Using Brainstorming Approach to Identify Hazards/Hazardous Situations, or Event Sequences with Potential Undesirable Consequences ~ May Include Cause/Initiating Events
u Description:
u Use of Facilitator, Scribe, & Team ~ Requires Skilled Facilitator
u Structured Approach to Identify All Hazards/Hazardous Situations
u Type of Results:
u Systematic Tabular Listing of Hazardous Situations with Consequences & Safeguards
u Resource Requirements:
u Supporting Information; Representative Team; 1 – 31 Days Duration
u Analysis Procedure
u Collect Chemical Data, Process Description, Drawings, & Operating Procedures
u Seed Analysis Tables for Workshop Meetings For Team Brainstorming
u Qualitatively Determine Significant of Effects and Relative Recommendations
u Documenting Results
u Qualitative Report (w/ Completed What If Analysis Worksheet) & Recommendations
u Potential for Inherent Safety Review ~ Resolve “What-If Question”
u May Provide Input into Further More Refine HE Analysis4/29/19 15
What-If/Checklist Termsu Basic/Common Terms
u Event ID#
u Process/Facility Location
u Hazard Type
u What-If Question/Event Description
u Consequence
u Safeguards/Controls ~ Preventative/Mitigative
u Recommendation & Actions
u Cause
u Initiating Event
u Receptors
u Input into What-If Workshop Table
4/29/19 16
What-If/Checklist Description
4/29/19 17
u Identify Hazards, Hazardous Situations, or Specific Event Sequences that Could Produce Undesirable Consequences
u Experienced Group Identifiesu Abnormal Situations (Events)
u Consequences (Impacts to Receptors)
u Existing Safeguards (Controls)
u Alternatives for Risk Reduction
u Improvement Opportunities
u Inadequate Controls
u Examination Of Possible Deviations From The Design, Construction, Modification, Or Operating Intent
What-If/Checklist Descriptionu Requires Basis Understanding of Process Intention
u Requires Ability to Mentally Combine Possible Deviations From Design Intent that Could Result in Accidents
u Potential Incomplete Results
u Not Using Experienced Facilitator
u Not Using Checklist Approach
u Not Using Complete/Updated Information
4/29/19 18
What-If/Checklist Descriptionu What-If Not Inherently Structured As Other Techniques
u Both Weakness & Strength (Why?)
u Used By Industry at Every Stage of Life Cycle
u Requires Skilled/Experienced Facilitator
u Adapt The Basic Concept To The Specific Application
u Facility Based
u Hazard Based
u Process Based4/29/19 19
What-If/Checklist Descriptionu Concept Encourages Brainstorming of Events That Begin with
What-If
u Not Like Jeopardy To Ask In Form of Question
u What-If Reflects Philosophy Rather Than Structure
u Develop What-If Questions
u Based On Experience
u Applied To Drawings And Process Descriptions
u Brainstorming of “What If” Events
u Across versus Down Worksheet
u Not Necessarily Specific Pattern or Order to Questions
4/29/19 20
What-If/Checklist TableDown vs. Across
4/29/19 21
Event ID #
Process/Facility Location
HazardWhat-If/Event Description
ConsequenceSafeguards/
ControlsRecommendations
& Actions
What-If/Checklist Descriptionu Facilitator Provides Structure/Order to Method
u Determine Structure
u Facility Based
u Hazard Based
u Process Based
u Initiating Event Based (human error, mechanical failure, etc.)
u Application of Checklist
u Scribe Records Events, Consequences, Controls, and Actions
u Questions Divided Into Specific Areas of Investigation Related to Consequences of Concern
u Address Questions By Team of Knowledgeable People
4/29/19 22
Types of Resultsu Simplest Form Generates a List of Questions & Answers
Regarding Process
u Ideally Tabular Listing of Hazardous Situations Together with Consequences, Safeguards, & Risk Reductions
u Results Typically DO NOT Include Ranking or Quantitative Implication for Event
4/29/19 23
Resource Requirementsu Performed at Any Stage of Life Cycle of Process
u Conceptual Through Operation
u Use of Any & All Information Available During Stage of Life Cycle
u Minimum Team (~ 3 People) But Larger Team Preferred
u Better To Use Larger Group for Larger Process
u Than To Use Small Group for Longer Period of Time
u Divide Large Process Into Smaller Segments
4/29/19 24
Resource Requirementsu Once An Organization Gains Experience, The What-if
Method Can Be A Cost Efficient Method For Evaluating Hazards During Any Project Phase
u Time And Costs Of The What-if Analysis Proportional to Complexity and Size of Process
4/29/19 25
Minimum Time Estimates for Using the What-if Analysis Method
Scope Preparation Evaluation Documentation
Small System 4-8 hours 4-8 hours 1-2 days
Large Process 1-3 days 3-5 days 1-3 weeks
Module # 3What-if/Checklist Worked Example
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned26
~Worked Example~
Refer to Handouts
27
Worked Example
u Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level28
Defining Scope
Discussion
29
DAP Example
30
See Page 97
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
31
Hazard Identification
Discussion
32
Hazard Identification Output
33
Hazard Identification Output
u Chemicalsu Anhydrous Ammonia
(liquid & vapor)
u Phosphoric Acid
u Sulfuric Acid
u Mono Ammonium Phosphate
u Diammonium Phosphate
u Urea
u Chemical Reactions
u Incompatibility
u Flammability
u Mechanical
u Heat/Elevated Temperature
u Open Storage Tank/Drowning
u Confined Space
u Electrical34
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
35
Anatomy of Loss Event
36
See Page 218
Loss Events
Discussion
37
Loss Events
38
Loss Events
u Release of Phosphoric Acid Into Work Area
u Vessel Overflow
u Unreacted Product
u Release of Ammonia Gas Into Work Areau Vessel Overflow
u Unreacted Product
u Release of DAP Into Work Area
u Vessel Overflow39
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
40
Worked Example – What-If/Checklist Table
41
ID # Facility/AreaProcess/ Activity
HazardWhat-If
DescriptionConsequence
Worked Example – What-If/Checklist Table
42
ID # Facility/AreaProcess/ Activity
HazardWhat-If
DescriptionConsequence
DAP-1 DAP-1 DAP Reactor Ammonia
DAP-2 DAP-1 DAP Reactor Ammonia
DAP-3 DAP-1 DAP Reactor Ammonia
DAP-4 DAP-1 DAP Reactor Ammonia
DAP-5 DAP-1 DAP Reactor Ammonia
DAP-6 DAP-1 DAP Reactor Ammonia
DAP-7 DAP-1 DAP Reactor Ammonia
Worked Example – What-If/Checklist Table
43
ID #Facility/
AreaProcess/ Activity
Hazard What-If Description Consequence
DAP-1 DAP-1 DAP Reactor Ammonia Vessel Overflow due to excess flow from unloading storage
DAP-2 DAP-1 DAP Reactor Ammonia Vessel overflow due to vessel overpressure from increased temperatures
DAP-3 DAP-1 DAP Reactor Ammonia Vessel overflow due to excess flow from vessel/piping integrity failure
DAP-4 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
DAP-5 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from decreased phosphoric acid feed
DAP-6 DAP-1 DAP Reactor Ammonia Unreacted ammonia from excess ammonia and phosphoric acid
DAP-7 DAP-1 DAP Reactor Ammonia Unreacted ammonia from increasedtemperatures in DAP reaction vessel
~BREAK~
Refer to Handouts
44
Chemical Safety Board Videou Inherently Safer: The Future of Risk Reduction
u Emergency Response Safety Message
u A CSB safety message that includes an interim 2D animation highlighting emergency response efforts at Husky Energy's Superior Refinery during the April 26, 2018, explosion and subsequent asphalt fire. The CSB's investigation is ongoing and a final report including findings and recommendations will be released in 2019.
u Chemical Safety Board Video (6:25)
u https://www.youtube.com/watch?v=grOA7iUIxGY
45
Module # 4Qualitative Risk Analysis
Methodology/Development
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned46
Starting Pointu Task at Hand: Determine Most Effective Controls for
Hazardous Operation
ü Completed Hazard Identification
ü Completed Hazard Evaluation Technique
ü Identified Potential Upset Conditions
ü Identified Potential Consequences Limited Resources
o Budget
o Schedule
o Staff
Starting Pointü Need Method to Rank Consequence ~ Focus Analysis
ü Unmitigated Consequence
ü Simple Consequence Ranking
ü Qualitative Assignment of Consequence
ü Need Method to Derive Controls
ü Unmitigated Likelihood
ü Unmitigated Risk
u Consequence x Likelihood = Risk
Scenario-Based Hazard Evaluation
49
See Page 213
What Is A Qualitative Risk Matrix
üQualitative Risk Analysis
üProcess of grading risk in terms of likelihood and consequence using a predefined ranking system.
üQualitative Risk Matrix
ü Effective Tool to Make Risk Based Decisions
ü Visual Aid in Assigning Risk
ü Unmitigated Risk
ü Visual Aid in Deriving Control Adequacy
ü Mitigated Risk
Likelihood & Consequence
Likelihood & Consequence
Likelihood & Consequence
Matrix Development ~ Simple
Consequence
Bad Not So Bad
Matrix Development ~ Simple 2 x 2
Consequence
Never, Not So Bad
Always,Not So Bad
Like
lihoo
d
Never, Bad
Always,Bad
Risk
Never
Always
Not So Bad Bad
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Risk
Acceptable Risk
Vs
Unacceptable Risk
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development ~ Balance 3 x 3
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development ~ Balanced 4 x 4
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development – Balance 4 x 4
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development ~ Risk Limiting
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development ~ Risk Taking
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Example Risk Matrix – ?
65
Likelihood
Cons
eque
nce
M
H
L
N
AUEUBEU
Matrix Development – Balance 5 x 5
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible Very High
Anticipated
Matrix Development ~ Simplified Rulesü Develop Consequence Definitions
ü Gradient of Consequence
ü Three = 3 x 3
ü Four = 4 x 4
ü Five = 5 x 5
ü Include Lowest
ü Develop Likelihood Definitions
ü Match # Consequence
ü Include Lowest
Matrix Development ~ Simplified Rules
ü Colors
ü Three Colors Minimum
ü Maximum Colors Match Matrix
ü Don’t Jump Colors with Adjacent Bins
ü Determine Balance of Risk
Consequence (C) Level
(Abbreviation)
Offsite Immediate Worker Site Worker
High (H)C≥ 25.0
remPrompt worker fatality or acute injury that is immediately life- threatening or permanently disablingORRadiological consequences≥ 100 remORRadioactive material quantity exceed Hazard Category 3 threshold (per DOE-STD-1027-923)
C ≥ 100.0 remORPrompt worker fatality or acute injury that is immediately life-threatening or permanently disabling
Moderate (M) 5.0 ≤ C < 25.0rem
Serious injury, no immediate loss of life, no permanent disabilities; hospitalization requiredORRadiological consequences 25 ≤ C < 100 rem
25.0 ≤ C < 100.0 remORSerious injury, no immediate loss of life, no permanent disabilities; hospitalization required
Low (L) 0.5 ≤ C < 5.0rem
Minor injuries; no hospitalizationORRadiological consequences 5 ≤ C < 25 rem
5.0 ≤ C < 25.0 remORMinor injuries; no hospitalization
Negligible (N) C < 0.5rem
Consequences less than those for Low Consequence Level ORC < 5.0 rem
C < 5.0 remORConsequences less than those for Low Consequence Level
Matrix Development ~ Consequence
Event Frequency Code Description
Anticipated (A)
Accidents that may occur several times during the life cycle of the facility (accidents that commonly occur)
Unlikely (U)
Accidents that are not anticipated to occur during the lifecycle of the facility. Natural phenomena of thisprobability class include the following: InternationalBuilding Code- level earthquake, maximum wind gust,etc.
Extremely Unlikely (EU)
Accidents that probably do not occur during the life cycle of the facility
Beyond Extremely Unlikely (BEU) All other accidents
Matrix Development ~ Frequency
Matrix Development ~ Z AxisCo
nseq
uenc
e
Likelihood
Cons
eque
nce
Likelihood
Rece
ptor
s
What Do We Use QRA For?
72
Adequacy of Safeguards
73
ü Redbook Chapter 7 – Risk Based Determination of the Adequacy of Safeguards
ü Hazards Evaluation Question/Answer
ü What Can Go Wrong?
ü What Safeguards Are In Place?
ü Now Ask Safeguards Adequacy
ü How Safe is Safe Enough?
ü How Many Protection Layers Are Needed?
ü How Much Risk Reduction Should Each Layer Provide?
Adequacy of Safeguards
74
üExperienced-Based Action Decisions
ü Comparison Against Established Practices
ü Comparison Against Known Codes & Standards
ü Checklist Approach
üRisk-Based Action Decision
ü Consequence x Frequency = Risk
ü (impact/event) x (event/time) = impact/time
ü Time = year, life of facility, operation campaign, etc.
ü Injuries Per Year, Fatalities Per Year, Loss $ PerYear
üEstimate Scenario Risk Then DetermineAcceptance
Adequacy of Safeguards
75
ü Identification of Scenarios Using Scenario Based HE Method
ü Develop Cause-Consequence Pairs
ü Cause = Frequency
üSeverity of Consequences
ü Remember Difference Between Loss Event &Impact
ü Loss Event ~ Irreversible Point in Event
ü Supports Prevention versus Mitigation of Event
ü Qualitative Versus Quantitative Assignment of Consequence Severity
Adequacy of Safeguards
76
üWorst-Case Impacts = Unmitigated Consequence
üBalance Between Use of Unmitigated versusMitigated
ü Unmitigated Overstates Risk
ü Mitigated Overshadows Risk
ü Initial Conditions & Assumptions
üQualitative Risk Analysis
ü Consequence and/or Frequency
Adequacy of Safeguards
77
ü Events with Consequences of Concern Estimate How Likely Event to Occur
ü Initiating Cause Frequency x Control FailureProbability
ü Unmitigated Versus Mitigated
üScenario Frequency x Scenario Impact = Scenario Risk
Adequacy of Safeguards
78
üQuantitative Risk Versus Qualitative Risk
ü Quantitative Using Direct Calculation
ü Qualitative Using Risk Matrix
üRisk Matrices Tool For Relating Likelihood & Severity (Risk)
ü To Defined Risk Boundaries
ü To Risk Reduction Requirements
ü Comparative Value for Risk Binning
üUnmitigated Compared to Mitigated
ü Determine Control Adequacy
Anatomy of Loss Event
79
See Page 218
Adequacy of Safeguards
üPreventative Controlsü Reduce Frequencyü Prevent Loss Event
üMitigative Controlsü Reduce Consequenceü Mitigate Loss Event
Adequacy of Safeguardsü Follow Hierarchy of Controls
ü Prevent vs Mitigate
Adequacy of Safeguards
3 4
Frequency
Cons
eque
nce
4
2 3 4
1 2 3M
EU BEU
H
L
U
4
4
4
1 1 2 3
N
A
Adequacy of Safeguards
Scenario
Consequence
Frequency
Risk Controls
Consequence
Frequency
Risk
1 H A 1 P-1M-1
M U 2
2 H EU 2 P-1M-1
M BEU 4
3 M U 2 P-1M-1
L EU 4
4 M EU 3 P-1M-1
L BEU 4
5 L EU 4 P-1M-1
N BEU 4
Adequacy of Safeguards
Scenario
Consequence
Frequency
Risk Controls Consequence
Frequency
Risk
1 H A 1 P-1M-2
L U 3
2 H EU 2 P-1 H BEU 3
3 M U 2 P-1 L U 3
4 M EU 3 P-1M-1
L BEU 4
5 L EU 4 - - - -
QRA Examples
85
Example - ConsequenceDetermination
See Page 215
Table 7.2 Example of EHS impact categories and magnitudes used in hazard evaluations
Impact magnitude
Impact category 1 2 3 4 5
On-site (worker) health effects
Recordable injury
Lost-time injury Mu ltiple o r severeinjuries
Perm anent healtheffects
Fatalities
Off-site (public)effects InjuryOdor; exposure below limits
ExposureAbovelimits
Hospitalization or multiple injuries
Severe injuriesor permanenteffects
Environmental impacts Reportable release
Intermediate effects
Widespread or long-termeffects
Widespread and long-termeffects
Localized and short-term effects
Accountability; attention/ concern/response
Plan t Division; regulators
Corporate; neighborhood
Local/state State/na tional
86
Example - FrequencyDetermination
See Page 219
Table 7.3 Example initiating cause frequency scale (order-of-magnitude basis)
Magnitude10•/yr
Equivalent cause likelihood Comparisonwith experience
0 Onceayear
-1
-2
-3
-4
-5
1in 10(10% likelihood)
per yr ofoperation
1 in 100(1%likelihood)
per yr ofoperation
1 in 1,000per yr ofoperation
1 in 10,000per yr ofoperation
1 in100,000per yr ofoperation
Unpredictable as towhenitwilloccur, butwithin realm ofmostemployees' experience
Outsideof someemployees' experience; within realmof process' experience
Outsideofalmostallemployees'experience;withinrealm ofplant-wide experience
Outside ofalmostallprocess experience; maybewithin realm ofcompany-w id e ex perience
Outsideofmostcompanies'experience;withinrealmofindustry-wide experience
Maybeoutside therealm ofindustry-wide experience,except forcommon types of facilities andoperations
87
Example Risk Matrix
88
Example Risk Matrix
89
Consequence
Frequency
H M L N
High Severity
Moderate Severity
Low Severity
Negligible Severity
A Anticipated 1 1 2 3U Unlikely 1 2 2 4
EU Extremely Unlikely
2 2 3 4
BEU Beyond Extremely Unlikely
3 3 4 4
1 Unacceptable – Mitigated with engineering and/or administrative controls
2 Undesirable – Mitigated with engineering and/or administrative controls3 Reasonably Low Risk – Engineering and/or administrative controls
may be implemented4 Reasonably Low Risk
Example Risk Matrix - ANSI Z590
90
Example Risk Matrix - ANSI Z590
91
Example Risk Matrix - ANSI Z590
92
Example Risk Matrix – MILSTD 882E
93
Example Risk Matrix – SEMI S10-0307
94
Example Risk Matrix
Likelihood
Cons
eque
nce
M
H
L
AUEUBEU
Example Risk Matrix – DOE STD3009-14
96
Example Risk Matrix – DOE STD3009-14
97
Likelihood
Cons
eque
nce
M
H
L
N
AUEUBEU
Example Risk Matrix –Parvati Consulting
98
Likelihood →Consequence ↓
Anticipated (A)
Unlikely (U) Extremely Unlikely (EU)
BeyondExtremely Unlikely (BEU)
High (H) I I II III
Moderate (M) I II III IV
Low (L) II III IV IV
Negligible (N) III IV IV IV
I Unacceptable – Mitigated with engineering and/or administrative controls
II Undesirable – Mitigated with engineering and/or administrative controls
IIIReasonably Low Risk – Mitigated with engineering and/or administrativecontrols
IV Reasonably Low Risk
Matrix Development – ParvatiFrequency
Cons
eque
nceM
EU BEU
H
L
U
N
A
Module # 5Qualitative Risk Analysis Application & Worked
Example
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned100
~Worked Example~
Refer to Handouts
101
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
102
Consequence Guidelines
103
Abbrev. Consequence Level Description
H High Immediate Loss of Life; Permanent Disabilities
M Moderate
Serious Injury, No Immediate Loss of Life; No Permanent Disabilities; Inpatient Hospitalization Required
L LowInjuries; Outpatient Hospitalization; Emergency Response Required
N NegligibleMinor injuries; Minor First Aid; No Emergency Response Required
Worked Example – What-If/Checklist Table
104
ID #Facility/
AreaProcess/ Activity
Hazard What-If Description Consequence
DAP-1 DAP-1 DAP Reactor Ammonia Vessel Overflow due to excess flow from unloading storage
DAP-2 DAP-1 DAP Reactor Ammonia Vessel overflow due to vessel overpressure from increased temperatures
DAP-3 DAP-1 DAP Reactor Ammonia Vessel overflow due to excess flow from vessel/piping integrity failure
DAP-4 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
DAP-5 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from decreased phosphoric acid feed
DAP-6 DAP-1 DAP Reactor Ammonia Unreacted ammonia from excess ammonia and phosphoric acid
DAP-7 DAP-1 DAP Reactor Ammonia Unreacted ammonia from increasedtemperatures in DAP reaction vessel
Worked Example – What-If/Checklist Table
105
ID #Facility/
AreaProcess/ Activity
Hazard What-If Description Consequence
DAP-1 DAP-1 DAP Reactor Ammonia Vessel Overflow due to excess flow from unloading storage High
DAP-2 DAP-1 DAP Reactor Ammonia Vessel overflow due to vessel overpressure from increased temperatures High
DAP-3 DAP-1 DAP Reactor Ammonia Vessel overflow due to excess flow from vessel/piping integrity failure High
DAP-4 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia High
DAP-5 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from decreased phosphoric acid feed
High
DAP-6 DAP-1 DAP Reactor Ammonia Unreacted ammonia from excess ammonia and phosphoric acid Negligible
DAP-7 DAP-1 DAP Reactor Ammonia Unreacted ammonia from increasedtemperatures in DAP reaction vessel Moderate
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
106
Frequency Guidelines
107
Abbrev. Consequence Level Description
H High Immediate Loss of Life; Permanent Disabilities
M Moderate
Serious Injury, No Immediate Loss of Life; No Permanent Disabilities; Inpatient Hospitalization Required
L Low
Injuries; Outpatient Hospitalization; Emergency Response Required
N NegligibleMinor injuries; Minor First Aid; No Emergency Response Required
Worked Example – What-If/Checklist Table
108
Event ID #
Facility/Area
Process/ Activity
Hazard What-If Description Cause UC UF UR
DAP-5a DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A H
DAP-5b DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H
DAP-5c DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H
DAP-5d DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H
DAP-5e DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP Mixingdue to Wrong Temperature
H
Worked Example – What-If/Checklist Table
109
Event ID #
Facility/Area
Process/ Activity
Hazard What-If Description Cause UC UF UR
DAP-5a DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A H EU
DAP-5b DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U
DAP-5c DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A
DAP-5d DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU
DAP-5e DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP Mixingdue to Wrong Temperature
H ?
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
110
Risk Matrix
111
Likelihood →
Consequence ↓
Anticipated (A)
Unlikely (U)
Extremely Unlikely
(EU)
Beyond Extremely Unlikely (BEU)
High (H) I I II III
Moderate (M) I II III IV
Low (L) II III IV IV
Negligible (N) III IV IV IV
Worked Example – What-If/Checklist Table
112
Event ID #
Facility/Area
Process/ Activity
Hazard What-If Description Cause UC UF UR
DAP-5a DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A H EU
DAP-5b DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U
DAP-5c DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A
DAP-5d DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU
DAP-5e DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP Mixingdue to Wrong Temperature
H ?
Worked Example – What-If/Checklist Table
113
Event ID #
Facility/Area
Process/ Activity
Hazard What-If Description Cause UC UF UR
DAP-5a DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A H EU II
DAP-5b DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U I
DAP-5c DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
DAP-5d DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
DAP-5e DAP-1 DAPReactor
Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP Mixingdue to Wrong Temperature
H ? ?
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
114
Worked Example – What-If/Checklist Table
115
Event ID #
Hazard What-If Description Cause UC UF UR Safeguards/ Controls
DAP-5a Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
DAP-5b Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U I
DAP-5c Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
DAP-5d Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Worked Example – What-If/Checklist Table
116
Event ID #
Hazard What-If Description Cause UC UF UR Safeguards/ Controls
DAP-5a Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Ammonia Detector
Preventive Maintenance
DAP-5b Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U I
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
SOP/Training
Ammonia Detector
DAP-5c Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1)
Reaction Vessel Temp
Ammonia Detector
DAP-5d Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Preventive Maintenance
Worked Example – What-If/Checklist Table
117
ID # Hazard What-If Description Cause UC UF UR Safeguards/ Controls
DAP-5a Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure – Valve A
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Ammonia Detector - M
Preventive Maintenance - P
DAP-5b Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error
H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
SOP/Training - P
Ammonia Detector - M
DAP-5c Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error – Indicator Failure H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - M
DAP-5d Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP Reactor Mixing due to Mechanical Failure H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Preventive Maintenance - P
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
118
Worked Example – What-If/Checklist Table
119
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Ammonia Detector - M
Preventive Maintenance - P
BEU
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
SOP/Training - P
Ammonia Detector - M
EU
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MA
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Preventive Maintenance - P
BEU
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
120
Worked Example – What-If/Checklist Table
121
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Ammonia Detector - M
Preventive Maintenance - P
BEU
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
SOP/Training - P
Ammonia Detector - M
EU
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MA
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Preventive Maintenance - P
BEU
Worked Example – What-If/Checklist Table
122
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Ammonia Detector - M
Preventive Maintenance - P
H BEU
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
SOP/Training - P
Ammonia Detector - M
M EU
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MN A
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Level Indicator (L1) - M
Preventive Maintenance - P
H BEU
Worked Example – What-If/Checklist Table
123
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Ammonia Detector
Preventive Maintenance - P
H BEU
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp
Level Indicator (L1)
SOP/Training - P
Ammonia Detector
M EU
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MN A
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Preventive Maintenance - P
H BEU
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
124
Worked Example – What-If/Checklist Table
125
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Ammonia Detector
Preventive Maintenance - P
H BEU
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp
Level Indicator (L1)
SOP/Training - P
Ammonia Detector
M EU
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MN A
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Preventive Maintenance - P
H BEU
Worked Example – What-If/Checklist Table
126
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Ammonia Detector
Preventive Maintenance - P
H BEU III
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp
Level Indicator (L1)
SOP/Training - P
Ammonia Detector
M EU III
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1) - M
Reaction Vessel Temp - M
Ammonia Detector - MN A III
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Preventive Maintenance - P
H BEU III
Worked Example – What-If/Checklist Table
127
ID # What-If Description Cause UC UF UR Safeguards/ Controls MC MF MR
5a Unreacted ammonia carryover into DAP storage tank from excess ammonia
Mechanical Failure –Valve A
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Ammonia Detector
Preventive Maintenance - P
H BEU III
5b Unreacted ammonia carryover into DAP storage tank from excess ammonia
Erroneous Control Operator Error H U I
Line Flow Meter (F1) - M
Reaction Vessel Temp
Level Indicator (L1)
SOP/Training - P
Ammonia Detector
M EU III
5c Unreacted ammonia carryover into DAP storage tank from excess ammonia
Control Operator Error –Indicator Failure
H A I
Line Flow Meter (F1)
Reaction Vessel Temp - M
Ammonia Detector - ML A II
5d Unreacted ammonia carryover into DAP storage tank from excess ammonia
Inadequate DAP ReactorMixing due to Mechanical Failure
H EU II
Line Flow Meter (F1)
Reaction Vessel Temp
Level Indicator (L1)
Preventive Maintenance - P
H BEU III
Residual Risku Brainstorm Additional Controls
u Focused Efforts on Preventive
u Interlocks?
u Valve Redundancy?
u Train Redundancy?
128
Module # 6Lessons Learned
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned129
Hazard Evaluation Limitationsu Never 100% Certainty for Identification of All Hazards,
Events, Causes, and Effects
u Results & Benefits Cannot Be Directly Verified
u Based on Existing Knowledge or Process/Operation
u Quality Reflected in Drawing Accuracy, Procedure Accuracy, & Process Knowledge
130
Hazard Evaluation Limitationsu Judgment, Assumptions, & Experience of Analysts
u Cannot Guarantee Incidents Will Not Occur
u Limitation Provides Justification
u Periodic HE Throughout Lifecycle
u Justification for Management of Change (MOC)
131
QRA Lessons Learned – Risk Matrix Benefits
13
ü Practical & Easy Tool to Support a Risk Management Programü Promote Robust Discussion
ü Provide Consistency Prioritizing Risks
ü Focus on Higher Priority Risks
ü Present Data in Easily Understood Format
QRA Lessons Learned – Risk Matrix Limitations
ü Subjective Interpretation
ü Consequence
ü Frequency/Likelihood
ü Misleading Rankings of Risk
ü Inexperienced
ü Biased
ü Agenda
ü Assign Identical Risks to Different Cause-Consequence Pairs
ü Frequency can Mask Consequence
QRA Lessons Learned – Risk Matrix Limitations
ü Static View
ü Risk of Event May Change Over Time
ü Material at Risk Increases
ü Receptor Encroachment
ü Exposure Standards Changes
ü Actual Events Not Incorporated into Risk
QRA Lessons Learned – Risk Matrix Limitations
13
üLimitations
ü Focusing on Numbers Versus Comparative Value
ü Subjective Assignment of Consequence &Frequency
ü Two Different People Yield Comparable But Difference Risks for Same Scenarios
QRA Lessons Learned – Risk Matrix Limitations ~ Fixes
ü Defined Risk Management Program
ü Precise Risk Statement
ü Identify, Evaluate, Control, Implement, Lessons Learned
QRA Lessons Learned – Risk Matrix Limitations ~ Fixes
ü Defined Likelihood & Consequence Definitions
ü Relative Likelihood for Facility Life Cycle
ü Relative Consequence for Business Model
QRA Lessons Learned – Risk Matrix Limitations ~ Fixes
13
ü Team Using Consistent Approach with Standard Risk Tables
ü Peer Review Process Against Comparable Analyses
QRA Lessons Learned – Risk Matrix Limitations ~ Fixesü Follow Hierarchy of Controls
ü Prevent vs Mitigate
QRA Lessons Learned – Risk Matrix Limitations ~ Fixes
ü Incorporate Into Business Model
ü Recognize Risk Management is Bottom Line
ü Costs Should be Tracked Against Savings
ü Business Receptors: Mission, Costs, Public Perception, etc
Instructor Lessons Learnedu Stakeholder Buy In
u Scope
u Schedule
u Budget
u Never Enough Time to Complete
u Preparation, Analysis, & Documentation
u Use Dedicated Workshop Facilitator
u Respect Team Leader Responsibilities
u Required to Take On Process
u Review, Documentation, Factual Accuracy, Comment Resolution & Concurrence
u In Addition to Workshop/Meetings
141
Instructor Lessons Learnedu Adjust Team Members Based on Complexity of Operation
u Minimum ~ Analyst with Operations/Peer Review
u Maximum ~ Divide & Conquer
u Few Team Members With Prior HE / What-If Analysis Experience
u Initial Training for Team on Technique & Expectations
u Expect Re-Training/Calibration During HE
u Hard for Team Members to Grasp Brainstorming with No Restrictions
u Unmitigated Events
142
Instructor Lessons Learnedu Breakdown Workshop Into Facility/Process/Hazards
u Create Worksheets Based on Checklist
u Pre-populate (Seed) What-If Analysis Table
u Recommend Few Across & Many Down
u Facility/Process ~ Event, Hazards, Consequence, Controls
u Finish Brainstorming Events (Down) in Workshop
u Facilitator/Analyst Completion of Workshop Tables
u Common Event Language ~ Develop Write Ups for Events
u Common Control Terms ~ Develop Standard List
u Ensure Consequences Are Comparable Throughout ~ Develop Standard List
143
Preferred Methodologyu Formal Hazard Identification Using Standard Checklist
u Screen Hazard Identification for Hazards to Carry Forward into Hazard Evaluation
u Typically Screen on Standard Industrial Hazards ~ Codes & Standards
u Preferred “Broad Brush” Hazard Evaluation Method
u What-If/Checklist ~ Not In Form of What-If Question (e.g., Event)
u Use List of Hazards Carried Forward as Checklist
u Use of Process Areas as Checklist
u Use HE Worksheet with Process Area, Event, Cause/Initiating Event, Hazard, Consequence, & Frequency
144
Preferred Methodologyu Perform Additional Hazard Evaluation and/or Accident
Analysis If Necessary
u Higher/Unacceptable Residual Risk
u Unclear Control Strategies
u Better Definition of Frequency or Consequence
u Use of Risk to Determine Control Adequacy
u Standard Frequency, Consequence, & Risk Tables
u Qualitative Analysis
u Analyze Unmitigated Consequence & Frequency ~ Inherent Risk
u Apply Identified Preventative/Mitigative Controls
u Determine Mitigated Consequence & Frequency ~ Residual Risk
145
Preferred Methodologyu Perform Control Hierarchy Analysis
u Document “Safety Envelope”
u Initiate Management of Change
u Identify Changes
u Evaluate Potential Impact to Analysis & Subsequent Controls
146
Training Overviewu Course Outline
u Redbook as a Resource
u What-if/Checklist Hazard Evaluation Technique
u What-if/Checklist Worked Example
u Qualitative Risk Analysis Methodology
u Qualitative Risk Matrix Development
u Qualitative Risk Analysis Application & Worked Example
u Lessons Learned
u Training Objectives
u Understand Use of Redbook as Standard
u Demonstrate Use of What-if/Checklist Hazard Evaluation Technique
u Demonstrate Development of Qualitative Risk Matrix
u Demonstrate Use of What-if/Checklist & QRA
u Understand Qualitative Risk Analysis Output, Strengths & Limitations
147
Referencesu Guidelines for Hazard Evaluation Procedures “Red Book,” 3rd Ed; CCPS 2008
u Guidelines for Risk Based Process Safety; CCPS 2007
u Layer of Protection Analysis: Simplified Process Risk Assessment; CCPS 2001
u Guidelines for Initiating Events and Independent Layers of Protection Analysis, 1st Ed; CCPS 2014
u Guidelines for Enabling Conditions and Conditional Modifiers in Layer of Protection Analysis; CCPS 2015
u System Safety Analysis Handbook “Big Green Book,” System Safety Society
u System Safety for the 21st Century “Green Book,” Richard A. Stephans
u ANSI Z590, Prevention Through Design Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes
u MIL-STD-882E, Department of Defense Standard Practice System Safety
u SEMI S10-0307E, Safety Guideline for Risk Assessment and Risk Evaluation Process
u OSHA 1910.119, Process Safety Management of Highly Hazardous Chemicals
u DOE-STD-3009, Preparation of Nonreactor Nuclear Facility Documented Safety Analyses
148
Follow Up with Parvatiu Facility/Worker Safety
u Redbook Training
u Redbook Overview
u Redbook HE Techniques
u What-If/Checklist
u Failure Modes & Effects Analysis
u Hazard & Operability Analysis
u Layer of Protection Analysis (LOPA)
u Risk Analysis
u Inherent Safety Reviews
u Perform Process Hazards Analysis
u Compliance Auditing
u Facilitate Hazard Evaluations
u Peer Review PHA (HI + HE)
u STAMP/STPA
u Traditional ES&H/IH Services149
´ Kelsey L. Forde CIH CSP CHHM
´ (505) 967-8917
´ Timothy S. Stirrup REM CHMM
´ (505) 980-3743
´ www.parvaticorp.com
150
Kelsey Forde CIH CSP [email protected](505) 967-8917
Timothy Stirrup REM [email protected](505) 980-3743