It is easy to fixate on production goals and become complacent towards everyday hazards in a process unit. Process Hazard Analyses (PHAs) present a unique opportunity for teams of operators and engineers to sit down, think critically about their process, and identify hazards that may need additional measures to mitigate the operational risks to personnel. It is the PHA team’s responsibility to ensure the thoroughness of the PHA by appropriately capturing and representing the risks of the process. Common pitfalls to look out for in your next PHA are:
- Incorporating Safeguards into Consequence Development: Developing the initial consequence is perhaps one of the more difficult parts of the PHA process. Oftentimes, the people who struggle with this the most are the ones who are most knowledgeable in how the process unit operates because they see and touch the equipment every day. Risk assessment (particularly of the HAZOP/LOPA variety) involves determining the worst credible scenario and then applying a likelihood to that scenario based on the safeguards available to mitigate the outcome or prevent it from occurring entirely. Incorporating safeguards into the consequence development ultimately understates risk by assuming that safeguards will behave a certain way instead of examining how the integrity of the applicable safeguards reduces the likelihood of a hazardous scenario. Taking credit for safeguards during consequence development is equivalent to saying that a car accident cannot result in a fatality because the vehicle is equipped with an air bag and seat belt, when in reality, the likelihood of a fatality is greatly reduced by the airbag and seat belt working properly. This may seem like semantics, but understanding the difference is key to a quality risk assessment.
- Underdeveloped Scenarios: In one recent PHA, a team was analyzing the fuel gas supply to a fired heater. The team determined that in the event the fuel gas knock out drum was not drained regularly, the drum could overfill. Since the fuel gas header pressure did not exceed the design pressure of the knock out drum, the drum would not overpressure. Several of the team members were content to leave the discussion there until asked what would happen if liquid carried over to the downstream fired heater. The team determined that without taking credit for safeguards, liquid carryover to the heater burners could result in a pool fire inside the firebox. Stopping the analysis too soon in the consequence development stage of the risk assessment can understate risk by generating scenarios that are not fully fleshed out.
- Overdeveloped Scenarios: Another behavior to safeguard is developing scenarios too far. This can result in escalating a consequence to the point where a scenario is no longer credible or assigning a likelihood becomes extremely difficult. For example, any number of scenarios in a typical PHA can result in a Loss of Primary Containment (LOPC), pool fire, and fatality. Further developing those scenarios to flame impingement on another vessel that results in a secondary overpressure and LOPC would be considered escalation. In this case the PHA team could not simply assign a likelihood to the probability of the first LOPC and fatality, but would instead have to assign a combined likelihood for the entire scenario. Calculating the combined likelihood for this type of scenario may require taking numerous factors into consideration such as flame directionality, vessel fatigue stress, precise quantities of materials released, and time to metal failure, to name a few. To be sure, highly quantitative methodologies are used in industry (such as Fault Tree Analysis (FTA) and Quantitative Risk Assessment (QRA)), but these are often used to quantify the probability of specific high-risk scenarios. If every scenario in a PHA required that level of analysis, more time would be spent in risk assessment than running the plant. Walking the line between overdeveloped and underdeveloped scenarios takes a keen understanding of risk assessment methodology, but getting it right avoids both overstating and understating the hazards of the process.
- Applying Conditional Modifiers Incorrectly: Another way in which risk often gets understated is through the incorrect usage of conditional modifiers. For scenarios where the safeguard is an alarm that calls an operator to the area or the initiating event is human error, it is hard to justify applying an occupancy factor. Similarly, PHA teams should be wary of applying ignition probabilities to scenarios where the toxicity (instead of flammability) is the main concern associated with a released chemical. Applying a Time at Risk factor correctly can also be tricky. Scenarios where a hazard is only present during the specific operational mode that is being analyzed may not warrant a Time at Risk modifier.
- Team Fatigue: This bullet point may seem obvious, but it can be difficult to recognize in practice. This is especially true when a PHA needs to be completed on a deadline. Risk assessment is a highly cerebral activity and towards the end of a long day of PHA, it can be difficult to continue to think through and develop scenarios. Particularly in revalidation PHAs, it can be tempting to agree with the previous team’s analysis and move on without thoroughly thinking through each scenario as the day progresses (especially at the end of a long week or weeks). Keep an eye on team member engagement and be willing to call it a day and start fresh the next morning.
PHAs are a way to identify hazards of the process and make the plant safer. Every PHA participant shares the responsibility for providing a quality risk assessment, so be sure to look out for and avoid these common pitfalls. Cognascents has a team of facilitators ready to assist you in ensuring the integrity and quality of your next PHA.
