Episode 6 : HAZARD IDENTIFICATION (FMEA & HAZOP)

SAJJAD KHUDHUR ABBASChemical Engineering , Al-Muthanna University, IraqOil & Gas Safety and Health Professional – OSHACADEMYTrainer of Trainers (TOT) - Canadian Center of Human Development

Episode 6 : HAZARD IDENTIFICATION (FMEA & HAZOP)

What is FMEA?

FMEA - Failure Modes and Effects Analysis Systematically identifies the potential failure of a

system and its effects Assesses the significance of each failure

mode to determineactions that would eliminate the chance of occurrence

Documents the potential failures

Oriented towards equipment rather than process

Purpose of FMEA

Identify single equipment of system failure modes and the potential effects or consequences of the failure modes on the system or plant.

Generate recommendation for increasing equipment or system reliability, thus improving process safety.

The History of FMEA

Applications and Benefits

May be applied at various stages Concept Design Process (Operation) Service and Maintenance

Improvements in: Safety Quality Reliability

Resource Requirement

Technical drawing of Equipment System

Knowledge of equipment function and failure modes

Personnel with knowledge of system/plant function and responses to failure equipment failure

Personnel with knowledge of FMEA methodology and analysis

FMEA Methodology

• Define system to be analyzed1

2

• Establish level of analysis• To what details

3

• Perform the analysis• Identify failure modes, causes, consequences, design and operating

provision against failures

• Reporting4

Step 1- FMEA System Definition

Define the extent of the system to be analyzed Usually performed in relatively small steps Requires analysts/personnel with a knowledge of the

system

- The functional relationships of the parts of the system and their performance requirements

Step 2- Level of Analysis

Based on the functional structure of a system

The failure mode are expressed asfailure

particular subsystem function Primary function is that for

which the

to performa

subsystemwasprovided for

Secondary function is one which is merely a consequence of the subsystem’s presence

Step 3- Failure Analysis

Possible failure scenarios Loss of containment Premature operation Failure to operate when required Intermittent operation Failure to cease operation when

required Loss of output or failure during

operation Degraded output etc

Based on failure modes Looks at the likely causes and the effects on both

the systemand the working environment

Consideration is given to the relative importance of the effects and sequence

Identifying existing safeguards againstsuch failure andmethods of detecting them are then examined

Recommended additional/new safeguards that are required against the failure

Step 4- Reporting

Identifying the most significant failures interms of their effects on the overall system

Decide whether or not the existing safeguards and detection devices are adequate.

More detailed analysis on the “weak link” No standard reporting format, typically covers:

The unit /system

Failure mode

Consequence of failure

Symptoms

Safeguards

Correction actions

FMEA Reporting Guide

No Component Description

Failure mode

Failure effect(s) Symptoms Safe Guards

Actions

1. Major component of the system

Specific failure of the component

Hazard realization due to component

failure

Indicator / representation of the failure

Existing mitigating measures

Is the existing measure

adequate, what else can be improved

Example: Fuel Storage System

Notation:

LALL – low level alarm LAHH – High level alarm LT - Level transmitter LC – Level controller

Fuel Storage System FMEA


Failure mode Failure effect(s) Symptoms Safe Guards

1 Drain pipe Valve failed opened

• Release of fuel• Occurrence of

fire

• Uncontrolled release of fuel

• Low level alarm triggered

• Low level alarm

2 Inlet pipe Valve failed closed

Valve failed

opened

• No fuel in tank

• Continuous flow of fuel into tank

• Tank overflow

• Occurrence of fire

• No fuel to nextunit



• High level alarm triggered

-

● Level controller● High level alarm

Criticality Analysis Criticality is defined in the same way as risk -

that is, a combination of the severity of an effect and the probability or expected frequency

simplest approach requires a form of ranking or quantification in Effect / consequence Frequency

Failure Mode Effect Analysis Criticality Analysis (FMEACA)

Severity Effects are normally ranked into one of the following

categoriesDescription Score

Loss of mission due to inability of equipment to perform 1

Economic loss due to lack of output or function 2

Damage to plant or third party property 3

Injury to operating personnel or the public 4

Death to operating personnel or the public or significant damage to the environment

5

Severity: Alternative ranking for effect (reverse order or

severity)Item Score

Catastrophic - may cause death or total system loss 5

Critical- may cause severe injury or damage 4

Major - may cause some injury or damage 3

Minor - requires unscheduled maintenance. 2

Negligible – minor interruption to operation 1

Likelihood / Frequency Quantification of frequency depends on the data

available and may again be a simple ranking, such as one depending on failure probability during the operating time interval

Description Score

Extremely unlikely 1

Remote 2

Occasional 3

Reasonably frequent 4

Frequent 5

Description Score

Extremely unlikely: < 0.001 per year 1

Remote: between 0.001 and 0.01 2

Occasional: between 0.01 and 0.1 per yr 3

Reasonably frequent: between 0.1 and 0.2 per yr 4

Frequent: 0.2 per yr 5

*x10-6 occurence per 106 hours of operation

FMEACA Summary

Component Failure mode

Failure effect(s) Symptoms Severity Frequency* Score

Inlet pipe Rupture • Loss of containmentof ethylene oxide

• Workers expose to exthylene oxide and occurrence of fire /explosion

Inlet control valve

Fails opened

• Uncontrolled flow into storage tank

• Overflowing of storage tank

• Workers expose to ethylebe oxide & occurrence of fire / exploson

5

4

3

2

11

A2

B3 4

C5

DACCEPTABLE UNACCEPTABLE

Example: Threshold value = 10

Criticality Matrix

A C C D DA B C C DA B B C CA A B B CA A A A A

Example: Fuel Storage System

Notation:

LALL – low level alarm LAHH – High level alarm LT - Level transmitter LC – Level controller

FMEAFuel Storage System FMEA

No ComponentDescription

Failure mode Failure effect(s) Symptoms Safe Guards



fire



• Low levelalarm


Valve failed

opened

• No fuel in tank


• Tank overflow

• Occurrence offire

• No fuel to next unit




-

● Level controller● High level alarm

Frequency / LikelihoodFrequency Score Definition

High 5 Failure that occur on monthly basis

Probable 4 Probable is defined as a single FM probability > 0.10 but < 0.20 of Failure that occur on yearly basis

Occasional 3 Facility had previous experience of similar failure

Remote 2 Possible to occur and had occurred in similar facility else where

Unlikely 1 Have not known to occur the similar facility else where

ConsequencesFrequency Score Definition

Catastrophic 5 Failure results in occurrence of fire that cause fatality

Major 4 Failure results in occurrence of fire that cause injury

Moderate 3 Failure results in occurrence of fire that cause damage to nearby property

Minor 2 Failure results in occurrence of fire that cause minor damage to nearby property

Negligible 1 Failure results in occurrence of fire that does not cause damage to nearby property

FMEACAFuel Storage System FMEA


Failure mode Failure effect(s) Symptoms Frequency Severity Score



fire



2 4

Frequency Score Definition

High 5 Failure that occur on monthly basis

Probable 4 Probable is defined as a single FM probability > 0.10 but <0.20 of Failure that occur on yearly basis

Occasional 3 Facility had previous experience of similar failure

Remote 2 Possible to occur and had occurred in similar facility elsewhere

Unlikely 1 Have not known to occur the similar facility else where

Frequency

Severity

1 2 3 4 5

5 5 10 15 20 25

4 4 8 12 16 20

3 3 6 9 12 15

2 2 4 6 8 10

1 1 2 3 4 5

HighModerateLow



Failure mode Failure effect(s) Symptoms Frequency Severity Score



fire



2 4 8(Moderate)



Failure mode Failure effect(s) Symptoms Frequency Severity



fire



2 4


Valve failed

opened

• No fuel in tank


• Tank overflow

• Occurrence of fire

• No fuel to next unit

• Low level alarmtriggered

• Uncontrolledrelease of fuel


2

2

2

4

Corrective Action and Follow- up

Reduce the probability that the cause of failure will result in the failure mode

Reduce severity of failureby redundancy

Increase probability of detection

redesign or addprotection

Hazard and Operability Studies (HAZOP)

The term “HAZOP” originated in ICI and first appeared in the literature in the early 1970s.

A formal, systematic, critical, rigorous examination to the process and engineering intentions of new and existing facilities to assess the

hazard potential of mal-operation or mal-function of individual items of equipment and the consequence effects.

Skelton, B., 1997

A formal, systematic, examination of a processing plant in order to identify hazards, failures and operability problems, and assess the

consequences from such mal-function.

Wells, G.,1996

Why DoHAZOP?

Generates a list of identifiedproblems, suggestions for improvement of the system.

usually

with

some

Improve safety, reliability, and quality by making people moreaware of potential problems.

Help to sort out loopholes and inconsistencies in procedures and force plant personnel to get their instructions up to date.

HAZOP

If a process operates within its intended design philosophy thenundesired hazardous events should not occur.

To identify how process deviations can be prevented or mitigated to minimize process hazards.

Thanks for Watching Please follow me / SAJJAD KHUDHUR ABBAS