The Fundamentals of Asset Integrity Management

Online Training Series Course Summary

COURSE B: THE FUNDAMENTALS OF ASSET INTEGRITY RISK

MANAGEMENT

Module 3: Assessing risk

Choice of Approach to Assessing Risk
The first step in choosing the right tool for the job is ensuring that its a 'fit for purpose'
assessment. There are a range of tools to assess from:
1. Qualitative - using engineering judgment, experiences - low complexity, obvious
solution and the situation as covered by codes and standards.
2. Semi-quantitative - risk matrix type approaches, mixture of both qualitative and
quantitative.
3. Quantitative - probabilistic safety assessment - high complexity
You must start simple taking into consideration if this is adequate or not and then move to
the next step.

Risk-based decision tools

The more complex or risky the project, the more sophisticated the tools required. When
the complexity and risks increases, there is increasing detail/cost of assessment.
Factors taken into consideration include codes and standards, good practice and
engineering judgment, risk assessment and cost benefit analysis, peer review and
benchmarking and stakeholder consultation
The most suitable tool also depends on what information is available, and what the output
is going to be used for.

Decision-making framework
This document is called the A Framework for Risk Related Decision Support, and was
introduced by UKOOA in 1999.
We start with the right side where we see the context to the decision - what we know and
what are the drivers.
We start in section A where we have the risks we have experience in handling and we
finish in section C, where we have no experience with and there are many uncertainties.
Once you know where you sit, you draw a horizontal line across and each of these areas
within the centre gives an indication as to the percentage that should be driving your
decision. For example if you draw a line across, you establish that your decision is in the
middle of the 'A' band and so, 50% of your risk assessment process should be making sure
you understand codes and standards, 25-30% of your risk assessment process should
ensure that you're looking at good practices and that you're complying with them and
25% is engineering judgment.
The left side illustrates the methods /means of which we can verify/check the decisions
that we make.

Codes and Standards

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
The Fundamentals of Asset Integrity Management
Online Training Series Course Summary

Provides/contains a lot of info that can be used to guide us as to whether or not

we've properly assessed the risks and whether or not our controls are suitable and
sufficient in there - this is because they contain reflect collective company,
national and international knowledge and experience that would be available
within a particular facility/company.
They may incorporate lessons learned from previous designs, risk assessments and
accidents and contains hazards already identified and standard control methods
defined.
They are updated on a fairly regular basis as well.

Good practice and engineering judgment

Never underestimate the engineering judgment, knowledge and experience of the
personnel working within your establishment. There may be limitations as to these
judgments because the knowledge base is much narrower and may not be as broad as
the codes and standards, but its a lot more relevant, focused and specific to the actual
problems we're facing in our particular location/facility.
For example, we may get high consequence low frequency event - which we dont
experience very often, so we may never have to come across them, but that doesn't
say we are not responsible for preventing them from happening.
Rapid identification of hazards, effects and controls
Success depends on knowledge and competence of personnel involved
Dont restrict the assessment to only things that have happened before
Dont underestimate value of experience and judgment - but prepare to think outside the box

Risk assessment process

Risk is always defined as the frequency and consequence - how often something is
going to happen, and when it does, how bad is it going to be - such as what's the
harm to people, the environment and assets.
When you understand the risk frequency and consequence, the risks can be
summarized and you must understand the results of these risks.
Then in the process, you get to the stage where you come to the conclusion as to
whether not you'd accept the risk, and if you do, is it worth it and how will it be
handled.
Then if risks are to be handles, more practicable risk reduction measures are to be
put in place to manage those risks more effectively.

Frequency estimation
Frequency estimations can be gathered from the following:
Publicly and commercially available Historical data e.g. Leak rates, hole sizes,
ignition probabilities, etc
Fault Tree Analysis, and Event Tree Analysis both which are more complex and
goes into more detail about how to manage a particular even and they're widely
used in the nuclear and oil and gas industry

Fault and event tree analysis

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
The Fundamentals of Asset Integrity Management
Online Training Series Course Summary

Purpose:
FTA: To identify causes of hazardous events (top down), or of hardware systems
and human error.
ETA: To analyze various outcomes (e.g. fire, un-ignited spill, explosion) of a
hazardous event, including consideration of escalation paths. ETA is essential part
of Quantitative Risk Assessment (QRA); FTA generally only applied in oil and gas
industry for analysis of complex safeguarding systems.
Typical inputs:
System / facility equipment drawings / PFDs.
Equipment failure data and event data.
Typical outputs:
FTA: Frequency of hazardous event (the top event). Logic diagram illustrating
combinations of events which can lead to top event.
ETA: Frequency of event outcomes, given occurrence of an initiating event.
Diagram illustrating escalation of initiating event (time sequence), through various
success / failure states of safeguards, to discrete event outcomes.
Typical software: FT+, Risk Spectrum, Fault Tree & Event Tree

Physical effects modelling

Various techniques (spread sheets, software tools) available for estimating consequences of:
Gas, liquid release rates from a hole (in vessel, pipe work etc.) the source term
Heat from liquid pool fires / gas jet fires
Heat/fireball from Boiling Liquid Expanding Vapour
Explosion (BLEVE)
Dispersion of gases / materials flammable, toxic, radioactive etc.
Overpressure from explosions
Dispersion of smoke / atmospheric pollutants
Dispersion of liquid releases in water e.g. oil slicks

Leading consequence tools

These leading consequence tools have an increasing level of accuracy and time, cost &
resource.
1. EMPIRICAL MODELS which deal with Release, fire, explosion and gas dispersion
and are fairly simple, robust, used as screening tools to provide rapid indication of
physical effects. E.g. FRED, PHAST, TRACE, CIRRUS, EFFECTS, CANARY, CASQADE
2. EMPIRICAL MODELS which deal with far field atmospheric dispersion and are more
appropriate for long-range dispersion modelling. E.g. ADMS 3, AERMOD, ATSTEP,
CALPUFF, DISPERSION21, ISC3 NAME, MERCURE, PUFF-PLUME
3. PHENOMENOLOGICAL MODELS which deals with confined / vented explosions and
have greater accuracy than empirical models but less than CFD. E.g. SCOPE, CLICH
4. CFD MODELS which deal with Ventilation, dispersion, fire or explosion and are
appropriate for design decisions for offshore and congested onshore explosion
modelling. E.g. KFX, CFX, FLACS FLUENT, AUTOREAGAS, CEBAM, StarCCM, EXSIM,
OpenFOAM, COBRA
Further option is experimental scale modelling.

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
The Fundamentals of Asset Integrity Management
Online Training Series Course Summary

Quantitative risk assessment (QRA)

Purpose:
To determine robustness of design by performing a numerical risk assessment of
hydrocarbon and non-hydrocarbon hazards for facility.
Typical inputs:
Design studies such as HAZID studies, FEA, EERA, ESSA, etc.
Typical outputs:
Risk of death to individual workers or members of the public.
Frequency of multiple fatalities.
Frequency of impairment of buildings.
Typical software:
Excel, Shepherd, PhastRisk

What is quantitative risk assessment?

Risk is the chance of harm actually being done.
Risk = probability x consequence
We shall assess the physical effects (consequence) factoring in vulnerability of the targets (be
it personnel, environment, housing etc..) factoring in the amount of exposure those people
might have.

Quantitative risk assessment (QRA)

Combines quantitative physical effects modelling and frequency assessment
(ETA/FTA) to determine numerical risk values
Based on representative set of hazardous events
Uses spread sheet or proprietary software
Usually calculates risk of death to individuals
and groups of people, but can also be used to
predict frequency of damage to buildings
The duty of reducing the risk is on the duty holder to seek to improve the risks unless the
money spent to implement a particular risk reduction measure is less than the benefits it
obtained, only then that risk reduction measure should be implemented. If the money to
implement the risk reduction measure is larger than that of the benefit, that risk reduction
measure should not be used and makes this not reasonably practicable.

ALARP fundamental questions

Now the better you understand the risks and what you have, the better you can answer the
following questions:
1. Have the bare minimum been done?
2. What is the level of the risk, have the legislative requirements been fulfilled? If
not, you are not ALARP (as low as reasonably practicable). Have you followed the
Company's standards and good practice?
3. Is there anything more that can be done and is it reasonable practicable?

Acceptance criteria
Risk levels may be quantitative and/or qualitative

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
The Fundamentals of Asset Integrity Management
Online Training Series Course Summary

Number, type and quality of controls

Need to consider what supports the barrier, e.g. people, equipment,
documentation
The likelihood of the event
Suitability of the controls
Independence of the controls
Defeating factors

Tolerable risk?
All reasonably foreseeable risks over which exercise control or mitigation
If we can say whether or not that we can live with a certain level of risk is dictated by either
semi-quantitative risk matrix or numerical target as illustrated by those tools.
In other words, the risk is tolerable if its ALARP.

ALARP assessment
In this process, we should have some sort of process that helps in improving on the controls
that already exist:
Identify potential risk reduction measures
Improvements on existing controls
Additional controls - could we put an extra barrier in place between the release
of the hazard and unwanted event?
When we have identified these additional controls, then we compare the benefit
and sacrifice
Depth of assessment should be proportional
Qualitative
Semi-quantitative
Cost Benefit Analysis
Rigour will depend on e.g.
Nature of hazard
Extent of risk
Societal concerns etc.
When we're evaluating the benefit and the sacrifice, the more uncertainty we've
got and the bigger the level of risk - the wider the effect is on society.
The more systematic the approach, the more rigorous and transparent it is to
stakeholders so the better we can document this, the better we can assure
ourselves that we're doing the best job we practicably can and also better we can
assure the stakeholders that we are doing the best job as reasonably practicable.

Qualitative
Can we think of any risk reduction measures?
Is it cost effective Y/N?
It is a very simple and straightforward method. But the downside of it is that it may be
difficult to audit whether or not a wide range of things were considered in making these
decisions.
However it can be increased by moving into a semi-quantitative approach.

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
The Fundamentals of Asset Integrity Management
Online Training Series Course Summary

Semi-quantitative - matrices
This method allows for more consistent and transparent decision making.

Quantitative cost-benefit analysis (CBA)

A CBA reduces everything to a monetary value. So the reduction of harm to people will be
associated with a numerical value. Like for example the average value that can be assumed by
preventing a fatality - if we can say we prevented a certain number of fatalities, we can quantify that benefit to society
in terms of the number of lives that have been saved.
Must meet minimum standards (irrespective of cost) - CBA cannot be used to argue against implementation
of relevant good practice - must still comply with the law.
Depth of analysis should be fit for purpose, i.e. greater rigor required for higher risks or larger consequences
Sensitivity analysis generally required
A CBA on its own
Does not constitute an ALARP case
Cannot be used to argue against statutory duties
Cannot justify intolerable risks or justify evidently poor engineering
It is an aid to a decision-making process and gives more objective assessment of the benefits and sacrifices.

Documentation
Documentation is important for this entire process.
Responsibility of the duty holder to show that they've documented all risks. Better quality of documentation
- better demonstration to the shareholders that its a more appropriate control of the risks
Allows for communication, audit, discussion etc.
Depth proportional to the issue
Consider:
What are the issues?
What is the level of risk?
Options considered
Benefit vs Sacrifice
Rationale for rejection
Actions (timescales, responsibilities etc.) for implementation
Adequate documentation an assists you to make better informed decisions.

Module 3 - Key learning points

1. Risk assessment involves finding out what can go wrong, how bad can it be, what we are doing about it and
whether this is good enough
2. There are numerous techniques available for assessing risk, some qualitative, others quantitative - the key is
to select the right one for the job (all techniques have advantages and disadvantages)
3. The best approach depends on the operation complexity / novelty, level of risk, information available, user
experience and what you want to use the results for
4. ALARP reviews need to question:
a. Have we done enough?
b. Could we do more?
c. Is it reasonably practicable to do so?

Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012

THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY