Upload
dangnhu
View
216
Download
1
Embed Size (px)
Citation preview
Is Risk Analysis a Useful Tool Is Risk Analysis a Useful Tool for Improving Process Safety?for Improving Process Safety?
SeunghoSeungho Jung, Hans Jung, Hans PasmanPasman, Katherine , Katherine PremPrem, , Bill Rogers, Bill Rogers, XiaoleXiaole YangYang
Mary Kay OMary Kay O’’Connor Process Safety CenterConnor Process Safety CenterTexas A&M University, College Station, TXTexas A&M University, College Station, TX
MKOPSC Symp. 2008, Oct. 28-29
What about risk analysis?A fuller world
Stringent safety requirements
Need of analysis for decision making
From qualitative to quantitative, QRA
70s and 80s developments internationally : models and tests
The 90s: QRA applied more but problems of variability of results
IEC 61511 Risk graph; RBI
Pictures after Deltalinqs, Rijnmond
Rotterdam NL
Turn-over (?)
Increase in the use of risk assessment over the years according to DNV and the boosts after accidents
Low probability –
high consequence events• What can go wrong?• How likely?• What are the losses?
Facilty
siting
and
plant lay-out: Economic optimum and safe solution.Directional effects, wind direction distribution, terrain topology, effect on nearby population, potential domino effects
Applications QRA:• Land use planning• Licensing• Operations • Emergency planning
•
Land use planning
:
Reasonably for facility siting
•
Licensing of plant
:
Some countries, e.g. NL as a routine procedure
•
Making operations safer
:
Hardly HAZOP+LOPA do instead
•
Emergency planning :
Little
there is a need
Has QRA been successful ?
Problems with present state of the art :• Effort, cost • Variability in outcomes, uncertainties!
Further trends: Larger demandFurther trends: Larger demand
Increase of inhabited areas; less space available Increase of inhabited areas; less space available
Higher safety requirements; decreasing risk tolerabilityHigher safety requirements; decreasing risk tolerability
Increasing amounts of chemicals and energy carriers produced, stIncreasing amounts of chemicals and energy carriers produced, stored, ored, shipped. Higher transport intensity. Large scale use of NG and Hshipped. Higher transport intensity. Large scale use of NG and H22
Larger vulnerability of society; multiple use of space; traffic Larger vulnerability of society; multiple use of space; traffic choke pointschoke points
Larger complexity of industry; interdependence of plants; mergerLarger complexity of industry; interdependence of plants; mergers and s and splitssplits
Stronger accountability of company management and societal politStronger accountability of company management and societal political ical leadershipleadership
Planning against terrorist threatPlanning against terrorist threat
Scenario analysis Scenario analysis –– time as a parameter; emergency planning is time as a parameter; emergency planning is developing and needs inputsdeveloping and needs inputs
What is economically the best option: CostWhat is economically the best option: Cost--effectiveness analysiseffectiveness analysis
Various risk assessment methods: Ishikawa or fish bone diagram
3. Quantification of failure frequency
5. Risk reduction
HazardousProcess
4. Quantified risk
Safeconditions
6. Risk assessment
1. Hazard identification
2. Quantificationof consequence
Riskevaluation
Risk presentation
Effectanalysis
Source terms
Damageanalysis
Fault treeanalysis
Reliability
Data banks
Checklist
HAZOP
Event tree analysis
Process Safety
Analysis
Index methodsMitigation
Layer of Protection Analysis
Safety Management System
Emergency planning
Risk perception
Riskcomparison
Risk communication
1992 EU exercise on ammonia plant: RA by 11 teams (1) Amendola
et al, J HazMats
29, 347-363
Given a particular scenario of loss of containment of ammonia, each team applied its own dispersion model calculating the ammonia concentration as a function of distance to the source
1992 EU exercise on ammonia plant: RA by 11 teams (2)
A full risk analysis yielded individual risk figures spreading over 5 orders of magnitude
Probability being killed per year of exposed person as a function of distance
EU project ASSURANCE 1999 – 2002 with 7 experienced teams; again RA of an ammonia storage plant: same kind of result! (1)
Report Lauridsen
et al, Risø
R-1344 (EN)
Maximum and minimum 10-5
/yr risk contour found in the analysis:
A problem for decision makers
EU project ASSURANCE 1999 – 2002 with 7 experienced teams (2)
F-N curves showing fatalities in outdoors exposure; the straight line piece represents the Dutch group risk criterion
Line of partner 5 may have benefit of the doubt; others do not comply
EU project ASSURANCE 1999 – 2002 with 7 experienced teams (3): Root causes of variability
Factor Importance Differences in the qualitative analysis **
Factors relating to frequency assessment: Frequency assessments of pipeline failures *** Frequency assessments of loading arm failures **** Frequency assessments of pressurized tank failures **** Frequency assessments of cryogenic tank failures ***
Factors relating to consequence assessment: Definition of the scenario *****
Modeling of release rate from long pipeline *** Modeling of release rate from short pipeline * Release time (i.e. operator or shut-down system reaction time) *** Choice of light, neutral or heavy gas model for dispersion **** Differences in dispersion calculation codes ***
"Analyst conservatism" or judgment ***
Example outcomes of calculations with various effect models Ditali
et al., 2006, Consequence
models
assessment, Chem
Eng Trans
9, p. 177-184
Release case Variable calculated EFFECTS 4 PHAST GASP EFFECTS 5.5
Toluene confined pool
Max evap. rate, kg/s 0.21 0.15 0.11 0.21
Toluene uncon- fined pool
Max evap. rate, kg/s 3.5 1.2 1.1 3.5
Max. pool area, m2 2005 995 1042 2000
LNG on water Max evap. rate, kg/s 166 273-197 147-32 Avg 169.5
Max. pool area, m2 387 1451-1520 804-1256 385
STERAD PHAST Int-HSE EFFECTS 5.5
2-Phase jet fire Surface Emissive Power, kW/m2
230 151 184 81
DISPGAS PHAST EFFECTS 5.5
Dispersion dense gas (10 wgt% H2 S)
Vertical max. dist. 100 ppm H2 S, m
625 275 367 (1695)
Hor. max. dist. 100 ppm H2 S, m
150 205 372
Failure rates! Ultra variable Corrosion, fatigue, thermal stress, accidental damage
Underlying causes:
Design errors
Construction errors
Material combinations –
corrosion –
failure mechanism
Duty / loading –
vibration –
erosion
Maintenance level
General randomness
Dutch experience from 1985 onward: Dutch experience from 1985 onward: Legal requirement for any risk producing activity:10-6
/yr
contour shall not cross residential area.
Individual risk curves around a potential risk source: Early TNO Riskcurves
result
-Scenarios standardised-No human factor specifically addressed
NL ministry now requires use of one model and gives very detailed instructions!Data all fixed; Is that the best way?
Improved representation of results e.g. risk hot spots –TNO, NL
Classical F-N curve vs. location specific GIS with population density embedded
Coping with variability / uncertainty:
Protocols for hazard identification, scenario development:
ARAMIS, PLANOP
SMEDIS - Scientific Model Evaluation of Dense Gas Dispersion Models : Certification of models
Refreshing/updating/improving physical effect models: release/spill, evaporation, dispersion etc.
New, more capable system analysis: Petri nets (time, resource), fuzzy set, Markov chains / degraded states
Bayesian approach in updating information (epistemic)
Elicitation of expert opinion and statistical treatment
Probability distributions of model parameters in general and Confidence limits on data and model outcomes (aleatory)
ARAMIS Bow tie: old-fashioned man’s tie shaped as butterfly:
UE = Unwanted Event e.g. human act
CU E = Current Event condition, direct cause
IE = Initiating Event e.g. pump fails
CE = Critical Event, 12 types: leak, start of fire
SCE = Secondary CE, escalation
DP = Dangerous Phenomena, 13 types VCE, pool fire, jet fire etc.
ME = Major Event, 4 types: overpressure, heat radiation, toxic load, pollution
Barriers: Preventive, Protective, Mitigative
AND1
Q Qn
ii
OR1
Q 1 (1 Q )n
ii
►◄
PLANOP
PLANOP: Progressive Loss of Containment Analysis–
Optimizing Prevention: computerized method to go with the plant’s life, building a LOPA, developed by Belgian competent authority
Example of screen shot batch poly-
merization
MS Access
Fault tree –
Event tree
Protection layers
Reliability figures
SMEDIS Scientific Model Evaluation of Dense Gas Dispersion Models project EU
DG XII coordinated by HSE (1996-2000)
Model assessment, verification , validation (Example UDM in PHAST for DNV by Britter, Cambridge 2002). It consists of:
Development of protocol with particular emphasis on complex effects of aerosols, terrain and obstacles
Protocol consistent with CEC Model Evaluation Group (MEG)
Assessment:
Examination of a model according to a series of categories (extensive) e.g. integral or CFD
Verification:
Confirmation software coding implementation is accurate with respect to algorithms
Validation:
Quantitative comparison of (field) experiment observations with model prediction
Hanna et al.: Statistical model performance evaluation method (model versus field experiment result)(Fractional bias -
FB, geometric mean bias -
MG, normalised mean square error -NMSE, geometric variance –
VG and fraction of predictions within a factor two of observation –
FAC2)
Failure frequency interpretation of observation of nf
failures out of n items over period T
(already in Edinburgh Loss
Prevention Symposium in 1971): too few applications
0
0,5
1
1,5
2
2,5
3
1 10 100 1000
upper 99upper 95upper 90lower 90lower 95lower 99
number of failures
m/m
Confidence limits, two-sided
m = T/ nf
; 2nf degrees of freedom; P (2 1
λ/2 : 2nf
2T/m 2λ/2 : 2nf+2
) = 1
α
Varying failure rates adapting to conditions, to situation and management effectiveness
Shifts, drifts and wear-out of components
Continuous monitoring of reliability of components and effect on risk
Measuring management effectiveness and accounting for its influence is in its infancy.
ARAMIS: 7 mgt delivery systems, 11 types of barriers, weight factors for mgt influence, mgt quality by audit, effect on hardware
Decompose IPLs
in technical and human root factors, score Safety Quality Factor by audits, correct reliability layers
Next approach is resilience engineering
Partial risk analysis, cost-benefit analysis and decision making under uncertainty
Bayesian statistics (a priori + new data posteriori)
Bayesian belief networks: for inference, diagnosis : P(x,y)=P(x)P(x|y)
Influence diagram of nodes, also for partial optimizations: for example do we need a second alarm?
Cumulative distribution functions (instead of point values) and uncertainty analysis to guide risk lowering through data prioritization
Application of uncertainty propagation: e.g. by Monte Carlo-ing
Cost of prevention/protection measures versus risk reduction benefit
Decision maker’s (dis-)utility function / (business) decision tree incl. risk aversion
Multi-attribute utility concept: decision making under uncertainty with several attribute
x y
Conclusions and recommendations
RA is in demand. It should be applied more to improve safety
Reduce uncertainty by improved scenario definition (make use of incident histories, check-list, protocol, bow-tie, LOPA team effort)
Massive new research on effect and damage models needed (Who is going to organise, who is going to pay? )
Consistent use of confidence limits on data and outcomes
Improve handle on effect of management and human factor
Time functions in failure rates (long term: wear-out) and in consequence analysis (cloud dispersion, fire development)
Generation of data on injury probability (nature, degree)
Scenario analysis for emergency response (time functions)
To think safety determine your risks, reduce them and improve!