Page 35 - Pipeline Risk Management Manual Ideas, Techniques, and Resources
P. 35
1/14 Risk: Theory and Application
However, an informal approach to risk management does strengths and weaknesses, including costs ofthe evaluation and
not hold up well to close scrutiny, since the process is often appropriateness to a situation:
poorly documented and not structured to ensure objectivity
and consistency of decision making. Expanding public con- 0 Checklists
cerns over human safety and environmental protection have 0 Safety review
contributed significantly to raising the visibility of risk Relative ranking
management. Although the pipeline safety record is good, the 0 Preliminary hazard analysis
violent intensity and dramatic consequences of some accidents, 0 “What-if” analysis
an aging pipeline infrastructure, and the continued urbaniza- HAZOPstudy
tion of formerly rural areas has increased perceived, if not FMEA analysis
actual, risks. 0 Fault-tree analysis
Historical (Informal) risk management, therefore has these Event-tree analysis
pluses and minuses: 0 Cause-and-consequence analysis
Advantages 0 Human-error analysis
0 Simplehtuitive Some of the more formal risk tools in common use by the
Consensus is often sought pipeline industry include some of the above and others as
0 Utilizes experience and engineering judgment discussed below.
0 Successful, based on pipeline safety record
Reasons to Change HAZOP. A hazard and operability study is a team technique
0 Consequences of mistakes are more serious that examines all possible failure events and operability
issues through the use of keywords prompting the team for
Inefficiencies/subjectivities input in a very structured format. Scenarios and potential
Lack of consistency and continuity in a changing workforce consequences are identified, but likelihood is usually not
Need for better evaluation of complicated risk factors and quantified in a HAZOP. Strict discipline ensures that all
their interactions
possibilities are covered by the team. When done properly,
the technique is very thorough but time consuming and
Developing a risk assessment model costly in terms of person-hours expended. HAZOP and
failure modes and effects analysis (FMEA) studies are
In moving toward formal risk management, a structure and especially useful tools when the risk assessments include
process for assessing risks is required. In this book, this complex facilities such as tank farms and pump/compressor
structure and process is called the risk assessment model. A stations.
risk assessment model can take many forms, but the best ones 0 Fault-tree/event-tree analysis. Tracing the sequence of
will have several common characteristics as discussed later in events backward from a failure yields afault tree. In an event
this chapter. They will also all generally originate from some tree, the process begins from an event and progresses for-
basic techniques that underlie the final model-the building ward through all possible subsequent events to determine
blocks. possible failures. Probabilities can be assigned to each
It is useful to become familiar with these building blocks branch and then combined to arrive at complete event proba-
of risk assessment because they form the foundation of bilities. An example of this application is discussed below
most models and may be called on to tune a model from time and in Chapter 14.
to time. Scenarios, event trees, and fault trees are the core Scenarios. “Most probable” or “most severe” pipeline failure
building blocks of any risk assessment. Even if the model scenarios are envisioned. Resulting damages are estimated
author does not specifically reference such tools, models and mitigating responses and preventions are designed. This
cannot be constructed without at least a mental process that is often a modified fault-tree or event-tree analysis.
parallels the use of these tools. They are not, however, risk
assessments themselves. Rather, they are techniques and Scenario-based tools such as event trees and fault trees are
methodologies we use to crystallize and document our under- particularly common because they underlie every other
standing of sequences that lead to failures. They form a basis approach. They are always used, even if informally or as a
for a risk model by forcing the logical identification of all risk thought process, to better understand the event sequences that
variables. They should not be considered risk models them- produce failures and consequences. They are also extremely
selves, in this author’s opinion, because they do not pass the useful in examining specific situations. They can assist in inci-
tests of a fully functional model, which are proposed later in dent investigation, determining optimum valve siting, safety
this chapter. system installation, pipeline routing, and other common
pipeline analyses. These are often highly focused applications.
Risk assessment building blocks These techniques are further discussed in Chapter 14.
Figure 1.3 is an example of a partial event-tree analysis. The
Eleven hazard evaluation procedures in common use by event tree shows the probability of a certain failure-initiation
the chemical industry have been identified [9]. These are exam- event, possible next events with their likelihood, interactions
ples of the aforementioned building blocks that lay the founda- of some possible mitigating events or features, and, finally,
tion for a risk assessment model. Each of these tools has possible end consequences. This illustration demonstrates
