KOC Risk Assessment Procedure and Guidelines
Short Description
KOC Risk Assessment Procedure...
Description
Risk Assessment Procedure & Guidelines Page 1 of 18
Risk Assessment Procedure & Guidelines Document Number: KOC.SA.018 Approver:
Manager (HSE)
Author:
TL Safety
Manager (HSE)
Document Coordinator:
TL Standards
Scope:
All KOC Directorates
Control Tier:
Tier 3
Issue Date: Revision / Review Date:
April 3, 2005
Issuing Group
HSE Group
April 19, 2009
Next Review Date:
April 18, 2010
(Technical)
Approver: (Administrative)
1.0 Purpose/Scope The purpose of this procedure is to enable KOC to identify and assess those Health, Safety and Environment hazards & risks arising from their activities (either from existing facilities or new projects) that require management in order to: •
Comply with regulatory requirements
•
Comply with company policy and business requirements
•
Eliminate, or reduce to as low as reasonably practical in terms of: o risk to human health o risk of injury o risk of damage to plant, equipment and Environment o business interruption and/or loss of production
Once a hazard / risk has been identified and found to be significant, it will need a process of management control to be put in place. This may include the need for more detailed risk identification and assessment. For example, this procedure may identify that, for a piece of plant, one hazard is “loss of containment of hydrocarbons”. This may require studies, such as HAZOPs (hazard & operability study) in order to identify more precisely exactly how and when loss of containment could occur and how it can be prevented.
2.0 Definitions Hazard A state or condition or physical or chemical characteristic having the potential for causing damage to property, people or environment. Frequency The number of occurrences of a specific event over a time period (usually a year) Hazard Analysis It is a systematic and quantitative assessment of potential hazards and its probable consequences. Risk It is the likelihood of a hazard occurrence resulting in an undesirable event. Risks can be quantitatively expressed in terms of probability or frequency. Likelihood A measure of expected frequency with which an event may occur. It can be expressed as a frequency, a probability of occurrence during a time interval or a conditional probability.
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 2 of 18
Consequence It is the undesirable result of an incident. It is usually measured in terms of personal injury, damage to property, business interruption, cost implication, legal implication or adverse reputation. Risk Estimation It is a combined impact of consequences and likelihood of an incident outcome towards measuring a risk. Risk Assessment It is the entire process of hazard identification as well as risk estimation to manage the risk associated with an activity / equipment / facility. Risk Management Risk management can be defined as a consolidated effort to manage all potential hazards associated with an activity, project, process or system Risk Register A document providing a brief, but complete overview of identified hazards, corresponding risks, its source, cause, consequence for any activity or facility within KOC jurisdiction and their control measures necessary to manage them.
3.0 General Requirements KOC HSE MS Elements HSE-03 & HSE – 04
4.0 Key Roles & Responsibilities 4.1 Manager ( All Groups) Ensure that hazards are identified, risk assessed as well as managed for all activities & / or facilities under their jurisdiction. Ensure availability of adequate resources to identify hazard, asses as well as manage the risk for activities or facilities under their jurisdiction. Ensure that all HSE risk assessment studies required under HSE plan have been completed for the projects controlled by the Group. Develop, update and manage the Risk Register for the activities or the facilities under their jurisdiction. A ‘Baseline Risk Register’ is made available for reference at Safety Team webpage and also the risk register template has been provided as Attachment - III of this document. 4.2 Asset / Directorate HSE Teams Support the Asset Owner / Controlling Team in hazard identification and risk assessment for activities / facilities within the asset / directorate. Develop and update the Asset / Directorate Risk Register based on throughput received from Groups within asset / directorate. Ensure that Risk Register for the new projects are being maintained and incorporated in Asset / Directorate Risk Register. Forward the asset / directorate Risk Register to HSE Group for collation in Company Risk Register. 4.3 Requesting Team (For New Projects / Modifications): Ensure to identify hazards & assess risk associated with existing facilities, operations, new projects / modification and its control measures including financial resources. Address risk assessment issues at CPP stage of the project. 4.4 Controlling Team: (For New Projects / Modifications): Identify hazards, assess and mange risks as per Project HSE Plan for new projects from FEED stage through Commissioning. Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 3 of 18
Compile and maintain a Risk Register for the new projects and handover to Asset / Directorate HSE Teams upon project close out. 4.5 HSE Group: Develop Baseline Risk Register and Occupational Health Risk Register taking into account the activities and facilities across asset / directorates. Finalize Company Risk Register based on Directorate Risk Register received from asset / directorate HSE Teams . Audit the risk management status arising from asset / directorate risk register. 4.6 All Employees: Aware of all hazards, risks and its control measures associated with their activities and facilities working for.
5.0 Hazards Identification & Risk Assessment 5.1
General Requirement Hazard identification and risk assessment involves a series of steps as follows: Step - 1:
Hazard Identification & Analysis
Step - 2:
Assessment of Risks
Step - 3:
Elimination or Reduction of Risk(s)
The above steps should be carried out either within internal resource or through external agency, who have knowledge & experience in the day to day running of the plants, operations and facilities. Typically a review team for hazard identification & risk assessment may include personnel from various background as required e.g. Team Leader, senior engineers, operations / maintenance supervisors, process engineers HSE personnel and Inspection & Corrosion engineers . 5.2
Activities / Sub-activities within Asset (for existing Plants & Operations) In order to make hazard identification more manageable, each of the asset’s activities should be divided into areas / sections that can each be assessed individually. However such area / section must cover all activities within the asset. Typical sections might be but not limited to:• •
Wellheads, Manifold, Gathering Centre, CRU, Rotating Machinery, Dehydration unit Office, Workshops, Lay - down areas for maintenance activities
• •
Flaring, Vehicle movements, Waste Collection sites Drilling Operations, Effluent Pits, Injection wells, Chemical Stores
Similarly Hazard Identification and Risk Assessment for new projects should cover all systems and overall facility. 5.3
Hazard Identification & Analysis One key element of effective risk management is a systematic approach to hazard identification and risk assessment in order to help the decision-making for risk-reduction measures. Examples of hazard identification tools and / or Hazard Analysis techniques include HSE inspections, Job Hazard Analysis, HAZID (hazard identification), HAZAN (hazard analysis), HAZOPs, EIAs, PHSERs, FMEAs, P&ID Reviews, accident/incident & near miss analysis. The factors such as the physical & chemical properties of inventory / fluids being handled, the arrangement of equipment, operating & maintenance procedures and processing conditions shall be considered. Failures of software and hardware systems as well as incidents of human error should be considered in the identification of hazards
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 4 of 18
Similarly external hazards such as third party interference, extreme environmental conditions, aircraft / helicopter crash should also be considered as required. For each area, all aspects of activities that have the potential to cause harm to people, environment or asset loss should be identified. These include but not limited to: o Maintenance Activities o Inspection & sampling o Ergonomics o Work Environment Consideration should be given to:o
Normal operating conditions: This refers to the planned operation of the facility when it is operating within controlled situation. Normal relates to the routine day to day operations
o
Abnormal operating conditions: This includes planned deviations from normal conditions, such as start up, plant maintenance and scheduled shut down cases. Such situations may lead to increase in flaring, venting or generation of wastes such as sludge from tank cleaning.
Typical hazards are shown (as example but not limited to) in the following table: Activity / Area
Potential Hazards
Possible Impact
Electrical Substation
Electric Shock
Burns Death
Maintenance
Loss of Containment
Fire
Working in Confined Space
Lack of Oxygen
Asphyxiation
Working in Confined Space
H2S
Poisoning
Working at Heights
Falls
Injury
Working at Heights
Dropped Objects
Injury / Fatality Damage to Plant
Driving
Excessive Speed
Injury, Damage to Vehicle
Drilling & Well Completion / Servicing
Hazardous Materials (radioactive, toxic, explosives) Blowout Vessel Collision
Injury Fire, Fatality, Environmental Impact Damage to Well /Rig
Design
Inadequate Design (not fit for purpose)
Inherent Hazards / Risk Issues Life Cycle cost to mitigate risks
Construction & Fabrication
Hazards Site due to fabrication, hookup & large numbers of workers
Injury, Near– miss Case, Accidents, Fatality, Delay in Work Schedule
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 5 of 18
5.4
Activity / Area
Potential Hazards
Possible Impact
Operations
Fire & Explosion from process equipment Dropped & Falling Objects Pipeline Isolation Heavy Lifting, Construction Occupational Health Hazards (exposure to emissions, chemicals) Environmental Hazards (oil spill, toxic chemical, emissions)
Fire Injury, Fatality Escalation Damage to plant & injury Adverse Health Impact Adverse Environmental Impact
Office
Slips, Trips & Falls Ergonomic hazards Electric Shock
Injury Burns, Fatality
Assessment of the Risks Once identified, it is necessary to analyze the hazard determining whether it poses significant risk and requires management. The acceptability of the estimated risk must then be judged based on criteria as appropriate to particular situation. All identified hazards should be subject to an evaluation for risk potential. Evaluation and assessment should be carried taking into consideration both the potential impact of hazard and the likelihood of harm that will be caused. Subsequently each activity / aspect of activity should be assigned a risk ranking (high, medium, or low) based on relative risk, as outlined in Figure(1) Risk Evaluation Significance Matrix, and associated definitions. An activity / aspect of an activity will pose significant risk if:• It presents a reasonable risk of causing harm to people, equipment or business • It is subject to regulatory control • It is subject to company policy requirements • It may cause damage to company reputation
5.5
Likelihood Assessment The likelihood of occurrence for a risk is assessed taking into account the highest potential consequence which may result from such risk. This should not be confused with the likelihood of identified hazard as the hazard and barriers are functional, which may not always result in the full consequences.
5.6
Consequence Assessment The consequence of a risk is assessed taking into account the severity which could result from such risk. While assessing potential consequences of an event, it should be estimated considering worst case scenario that might have resulted not what has resulted. The risk categories are generally considered for People, Asset, Environment and Reputation. Normally, if an incident can be assessed using more than one of the categories, the highest level of severity is taken.
5.7
Elimination or Reduction of Risk Risk-reduction measures include those to prevent incidents (i.e. reduce the likelihood of occurrence), to control incidents (i.e. limit the extent & duration of a hazardous event) and to mitigate the effects (i.e. reduce the consequences). Preventive measures, such as using inherently safer designs and ensuring asset integrity, should be used wherever practicable.
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 6 of 18
Risk Category
Control Regime
High
The activity shall not be carried out. Adequate control measures shall be established to bring the risk levels to medium before the activity can be performed.
Medium
The activity shall be further analysed to determine if any additional control measures are required. If required, such additional control measures shall be established before the activity can be performed.
Low
No additional control measures will be required.
In many cases, the measures to control and mitigate hazards and risks are simple and obvious and involve modifications to conform with standard practice. The general hierarchy of risk-reducing measures is: • Prevention (by distance or design) • Detection (e.g. fire & gas, leak detection) • Control (e.g. emergency shutdown & controlled depressurization) • Mitigation (e.g. firefighting and passive fire protection) • Emergency response (in case safety barriers fail) Attention must be given to risk-reducing measures which can eliminate or reduce the likelihood of hazardous events occurrence. The use of inherently safer design principles to manage risks is preferred. In inherently safer design, the following concepts are used to reduce risk: •
Reduction, e.g. reducing the hazardous inventories or frequency or duration of exposure
•
Substitution, e.g. substituting hazardous material with less hazardous one
•
Attenuation, e.g. using the hazardous material or process in a way that limits its hazard potential, such as segregating the process plant into smaller sections using ESD valves, processing at lower temperature or pressure
•
Simplification, e.g. making the plant and process simpler to design, builds and operates, hence less prone to equipment, control and human failure.
6.0 Risk Register: The results of hazard identification, risk assessment and control measures shall be recorded in Risk Register. A sample Risk Register Template is provided as Attachment – III of this document. This is a basic working document that enables all hazards to be clearly seen, together with key information focusing risk management at each asset / directorate level. Each Group shall have its own Risk Register taking into account their business activities and risk exposure along with control measures Based on Group throughput, the Risk Register is developed and maintained at each asset / directorate level in KOC., The Risk Register will cover all activities, facilities and project related works within asset / directorate. Moreover as a part of assistance a ‘Baseline Risk Register’ has been provided by Safety Team which is also available on Safety Team webpage. The Risk Register for each directorate shall be reviewed annually by respective HSE Team. Additionally the Risk Register for projects related works and plant modifications activities shall be documented at early stage of project, Management of Change and to be reviewed during PHSER(s). The Risk Register should also be amended immediately whenever Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 7 of 18
• •
There are significant changes to activities, company policy or regulations The significance or management of a hazard changes due to new information from monitoring, audits, incident reports, etc. Accountability / responsibility and / or priorities of actions related to risk control measures are altered
•
Any amendment in the directorate Risk Register should be communicated to asset employees by respective HSE Teams. The respective asset / directorate HSE Team should review the Risk Register and its amendments for consistency among Groups within asset / directorate. Any inconsistency in the risk register should be notified to all Teams / Groups within asset / directorate, along with recommendations for resolving such inconsistencies. Figure - 1. Risk Evaluation Significance Matrix
LIKELIHOOD OF OCCURRENCE
HAZARD SEVERITY Negligible (1)
Slight (2)
Moderate (3)
High (4)
Very high (5)
Very Unlikely (A)
LOW
LOW
LOW
LOW
MEDIUM
Unlikely
(B)
LOW
LOW
LOW
MEDIUM
MEDIUM
Possible
(C)
LOW
LOW
MEDIUM
MEDIUM
HIGH
Likely
(D)
LOW
MEDIUM
MEDIUM
HIGH
HIGH
Very Likely
(E)
LOW
MEDIUM
HIGH
HIGH
HIGH
7.0 Key Documents/Tools/References •
Procedure for preparation of Project HSE Plan. (KOC.GE.048)
•
KOC Base Line Risk Register
•
Occupational Health Risk Register
•
HSEMS Procedure “Contractor’s HSE Oversight Process” (KOC.GE.012)
•
Environmental Aspects Identification & Assessment Procedure (KOC.EV.001)
•
HSE Compliance Register (KOC.GE.005)
•
Environmental Impact Assessment (EIA) Procedure (KOC.EV.003)
•
HAZOP Study Procedure (KOC.GE.021)
•
HAZOP Guidelines (KOC-RP-L- 017)
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 8 of 18
8.0 Review/Revision Log Review/Revision Date
Document Approver
Document Author
April 3, 2005
M (HSE)
TL-Safety
Procedure approved by Implementation Committee
December 3, 2006
M (HSE)
TL-Safety
Internally reviewed & revised
TL-Safety
Internally reviewed aligning with Risk Register requirement & issued as combined document for Risk Assessment Procedure & Guidelines (KOC.SA.019 is withdrawn and added to this procedure)
April 19, 2009
Control Tier 3
M (HSE)
Revision Details
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
the
HSEMS
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 9 of 18
Attachment - 1 Likelihood of Occurrence for Risk Management Categories (People, Asset, Environment, Reputation) The following guidance for likelihood of occurrence should be used: LIKELIHOOD OF OCCURRENCE
Very Unlikely - (A)
General definition
Reoccurrence Frequency per "One Off" Frequency for routine Operation** operations*
A freak combination of factors would be required for an Over one hundred years incident to occur
Less than 1/10,000
Unlikely- (B)
A rare combination of factors would be required for an incident to occur
Between ten and one hundred years
Between 1/1,000 and 1/10,000
Possible - (C)
Could happen when additional factors are present but otherwise unlikely to occur
Between one and ten years
Between 1/100 and 1/1,000
Likely - (D)
Very Likely - (E)
Not certain to happen but an Between one month and additional factor may result in one year an incident A continuous emission, or an incident that is very likely to occur
Under one month
Between 1/10 and 1/100
Greater than 1/10
*
This is the estimated frequency for incidents associated with a continuous operation or one that occurs routinely many times a year. e.g. leaks from flow lines, tanker collisions.
**
This is the estimated frequency for incidents associated with an operation that may be normal, but is not continuous or part of normal day to day activities.
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 10 of 18
Attachment - II
Hazard Severity Guide The following guide should be used when assessing hazard severity:-
IMPACT
LEGAL & POLICY
REPUTATION
NEGLIGIBLE (1)
SLIGHT (2)
MODERATE (3)
HIGH (4)
VERY HIGH (5)
Injury
None
Minor cuts or bruises requiring first aid.
Serious injury requiring time off for recovery
Serious injury causing long term disability
One or more fatalities
Recovery time
Almost immediate
One day
One week
One month
One year
Oil Spill Size
Sheen
< 1 bbl
1 - 30 bbl
30 - 1000 bbl
> 1000 bbl
Business Interruption
None
Less than one shift
Less than one day
Less than one week
More than one week
Cost
KD 1 million
None
Internal only
Must be reported to concerned authorities
Must be reported immediately to concerned authorities
Must be reported immediately to concerned authorities
None
Local Concern (e.g. among staff)
Significant Local Concern
National Concern
Major International Concern
Reporting Requirements
Public Concern
Note: (i)
Normally, if an incident can be assessed using more than one of the categories given above, the highest level of severity is taken.
(ii)
The above table is for guidance only and a good justification is required to assess risk.
(iii)
When assessing hazard severity the most severe outcome that is reasonably likely should be considered, not the most severe outcome possible. (However, in line with the principles stated above, when assessing hazards, existing procedural controls, such as the use of personal protective equipment, should normally be ignored.) For example; an area has many trip hazards. The most severe likely outcome is that somebody falls and suffers a serious injury, such as a broken arm. If very unlucky he could hit his head on the ground and be killed. However this is very unlikely, so the hazard should be rated as Moderate (3). It is further to note that if there were objects within the trip hazard area that a person could easily fall onto, hitting his head, then the risk of suffering a blow to the head would be far higher and the hazard should be rated as High (4).
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 11 of 18
Attachment - III
Risk Register Template Area / Activity
Hazard Reference
Used to define the hazard number & references follows: O for Operations, R for Risk, R for Register, Four digits for the hazard number, GC No for Gathering Center identification number.
Information Source
Used to define the source of hazard information. e.g. : HAZOP, QRA, What If, Insurance Recommen dations etc.
HSE Category
Health / Safety / Environment
Hazards
Source
Cause
Potential Risk
Consequence People
To define identified Hazard which could be a state, condition, situation, product, activity
To define specific source leading to the hazard, it could be represented by state of equipment, materials , products, processes, actions by people, worksite , activities, etc
To define what could be wrong or possible failures that would trigger the hazard
To define what would be the likely negative impacts on people, Asset (includes, equipment, process, product , reputation, economic impact, loss of opportunities) & Environment
High / Medium / Low
Asset
High / Medium / Low
Environ
High / Medium / Low
Existing Control (Preventive & Recovery) Measures
Additional Control (Preventive & Recovery) Measures
Responsible Authority for Control Implementation
This will define those proved existing measures to control or mitigate the hazard & they can be represented in specific mechanisms, actions, projects, procedures, materials, specifications, process, systems, standards, practices etc. It includes those preventive / action / recovery measures.
This will define those identified additional measures required to control or mitigate the hazard & they can be represented in specific mechanisms, actions, projects, procedures, materials, specifications, process, systems, standards, practices etc. It includes those preventive / action / recovery measures.
This will define & specify position, group or department responsible to put in place those Additional Controls required.
Note:‘Baseline Risk Register’ is available at Safety Team webpage which can be referred for developing Group / Directorate Risk Register
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 12 of 18
Attachment - IV Guide to Risk Assessment & Management: Risk management can be defined as a consolidated effort to manage all potential hazards associated with an activity, project, process or system. The process of hazard management is indicated in Figure – 2 below. Continuous improvement is the key to KOC’s HSE performance. With reference to Figure-2, management of hazards is a 4 step closed loop continuous process:
Identify the hazard(s)
Review & verify hazards & risks
4 1 3
Manage the risk (to acceptable level)
2 Evaluate (analyse & assess) the risk
Figure- 2 The 4-step hazard management process
Barriers to Hazards : Consequence assessments should consider the barriers in place, how these are intended to function and if they function. Some barriers are installed to individually stop the hazard from releasing. Other barriers will only reduce or mitigate the consequences of the released hazard and a series of sequential barriers is required to fully eliminate the consequences. If all the barriers are in place and functional, the consequences of the hazard should in theory not occurs. Similarly, if any of the barriers is not functional, then the consequence size will ultimately depend on the specific effect of the non-functional barrier. Figure - 3 (A & B): Effects of Barriers on Hazard Release
rrier 1 Ba Barrier
Hazard which, if not stopped, will develop into full co nsequences
rrier 2 Ba Barrier
Barrier Ba rrier 3
Hazard has develo ped into full consequences
B a rrie r 3 B a rrie r 1
B a rr ie r 2
Principle of Barriers w hich w ill each, on their ow n, prevent the Hazard from releasing.
C o ns e qu e n ce of H a z a r d r e le a s e w i th o u t B a r rie rs
Control Tier 3
C o n s e q u e n ce o f H a z a r d r e le a s e w i th B a r rie rs 1 a n d 2 fu n c ti o n i n g , B a r rie r 3 n o t fu n c tio n in g
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
P r in c ip le o f B a rr ie rs w h ic h p ro g r e s s iv e ly r e d u c e t h e c o n s e q u e n c e s o f H a z a r d re le a s e .
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 13 of 18
Manage the Risk to Acceptable Level After the risk has been identified and analysed as per above, management decides what corrective action (if any) is necessary to manage the hazard at an acceptable and ALARP risk level. Depending on the nature of the specific hazard(s), this may require different steps to: •
Prevent the hazards from occurring (eliminate) or to reduce the likelihood of the incidents;
•
Mitigate the consequences of the hazards which are inherent to the type of operation or working environment and which cannot be prevented altogether and have a chronic likelihood to develop into incidents with harmful consequences.
•
Recover from the consequences of incidents. Recovery and Damage Control measures should be developed for all potential emergencies with the aim to prevent escalation e.g. from critical into severe or worse severities.
•
Eliminate the hazard.
•
Reduce the consequences with other control measure.
If the risk is low, no action may be required. Medium and high risks require that management formulate a corrective action plan, which should include: •
Agreed actions, responsible person(s), and completion date(s). In formulating these plans, it is important to realize that risk management measures include organizational and system measures, such as: -
•
Control Tier 3
Engineering Control (such as detection, alarm & shutdown system) Administrative Control ( such as standing instruction, job rotation, warning signs, notices etc) personnel training and qualification procedures change control and documentation procedures quality assurance, maintenance and inspection procedures periodic personnel medical check-ups and medical treatments such as vaccination/immunization)
Follow up that includes regular updates for progress to ensure actions are closed per the plan.
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 14 of 18
Attachment - V Demonstrating ALARP ( As Low As Reasonably Practicable) In all cases consideration should be given to reducing risk to a level deemed ALARP reflecting among other factors local conditions and circumstances, the balance of cost and benefits and the current state of scientific and technical knowledge. To reduce a risk to an ALARP level involves balancing reduction in risk to a level, objectively assessed, where the trouble, difficulty and cost of further reduction measures becomes unreasonably disproportionate to the additional risk reduction obtained, as illustrated in Figure 4. Demonstrating ALARP requires consideration of all the hard and soft issues related to a range of options. It requires a judgmental decision at the right level in the organization with the full knowledge of all options, associated risks and costs. Specifically in the context of project engineering, ALARP is not just a demonstration that risks of the preferred or selected option are acceptable and/or comparable to other similar developments. Demonstrating ALARP requires consideration of fundamentally different options to provide assurance that the company gets best value for money over the lifetime of a facility or operation. In defining ALARP risk reduction measures, the potential for changes in risk tolerability criteria with time should be borne in mind for those projects or operations with a considerable life span. Rather than applying fit-for-purpose now, the contingency should be built-in which allows for seamless ALARP upgrade without costly retrofits. What is considered ALARP today may no longer be acceptable in the future, for example: • the applicable legislation may change, • public awareness may increase and/or tolerance may decrease, • The company’s own HSE objectives may become more stringent. Determining the exact level of ALARP is difficult and depends on many factors such as internal/external influences and the nature of the hazards and associated risks. One may arrive at different ALARP definitions for identical hazards/risks which occur at different locations. As such it is critically important to fully understand the effects of risk reduction measures, specifically for those risks which require multiple measures to achieve ALARP. The effects of the individual measures should be fully explored with a view to avoiding potential clashes and/or overlaps. Every effort should be made to ‘design out’ rather than add on mitigation controls/measures. In the various attempts to achieve ALARP one should be cautious and not over-complicate: • equipment and process control/shutdown system designs, • procedures for systems and processes, and • Personnel training and qualification criteria. Specifically for projects, ALARP should be pursued with risk reduction measures that have obvious, clear and measurable effects on the estimated risk level. Application of these measures may initially appear expensive but should have preference over combinations or multitudes of measures which, even if easier and at less cost from a project perspective, have effects difficult to understand or require significant operations/maintenance effort in the medium/long term. In addition to the long term cost liability, there is the danger that some of these overlapping measures become neglected with time and possibly excessive reliance is put on what are deemed to be the key risk reduction measures. Where quantitative risk assessment is used, then the costs of the various options can be compared with the respective risks and ALARP illustrated in a graph similar to Figure 4. In qualitative analysis, ALARP is established using standards, legislative requirements and judgement based on experience. Regardless of the risk assessment methodology used, it still needs to be demonstrated, at a reasonable cost, that risks are ALARP from all points of view. Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 15 of 18
Figure - 4 Demonstrating ALARP
R is k T o lera b ility C riterio n
$
ALARP?
C o st
R isk In tole rabl e
A LA R P
D ispr opo rtion ate
Criteria for Risk Tolerability The assessment and control of risk are essential requirements for a proactive HSE management system. In order to make a value judgment and to decide on what risks are acceptable, an easily understood set of criteria should be set and followed rigorously. Risk criteria are required to promote consistency in evaluating the results of relevant studies and to formulate a proactive approach to incident prevention. This document sets out the basis for selecting the risk acceptance criteria and explains some of the techniques used to arrive at the quantitative assessments made to understand the qualitative risk levels. Individual Risk Criteria (IR) Ideally, there is a need to determine the limits for IR, based on numeric values (based on QRA studies) which would be regarded as intolerable. Figure 5 shows the principle of this framework. Figure - 5: Risk Acceptance framework for Individual Risk to Worker or Public
UNACCEPTABLE REGION maximum tolerable limit 1 in 1000 per year ALARP Benchmark existing installations
UNACCEPTABLE REGION maximum tolerable limit 1 in 10,000 per year
1 in 5,000 per year
ALARP OR TOLERABILITY REGION ALARP Benchmark new installations 1 in 50,000 per year
maximum tolerable limit 1 in 100,000 per year
ALARP OR TOLERABILITY REGION (Risk must be demonstrated to have been reduced to a level which is practicable with a view to cost/benefit) maximum tolerable limit 1 in 1,000,000 per year
ACCEPTABLE REGION
ACCEPTABLE REGION
Control Tier 3
INDIVIDUAL RISK TO WORKERS
INDIVIDUAL RISK TO THE PUBLIC
(including contractor employees)
(all those not directly involved with company activities)
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 16 of 18
Societal Risk Criteria The ALARP principle applies in the same way for societal risk as for Individual Risk (Figure 5). Societal risk tolerability would be utilized in reporting QRA results. Societal risk should not be confused as being the risk to society or the risk as being perceived by society. The word “societal” is merely used to indicate a group of people and societal risk refers to the frequency of multiple fatality incidents, which includes workers and the public. Societal risk is usually represented by F-N (fatality - frequency) curve such as Figure 6 below. The F-N Curve represents societal risk for a single facility, like a refinery or a process plant. FIGURE 6. F-N Curve: Societal Fatal Risk Tolerability, Single Facility Only
F-N C urve for Societal Fatal Risk 1.00E+00
FR EQU EN CY (per ye ar)
1.00E-01 1.00E-02
Unacceptable Risk
1.00E-03
X
1.00E-04 1.00E-05
A LARP
1.00E-06 1.00E-07
Acceptable Risk 1.00E-08 1
2
10
100
1000
FA TA LITIES
To illustrate an example of societal risk, note the ‘X’ in the upper portion of the graph which is marked “Unacceptable Risk”. The ‘X’ is located at the axis of the lines ‘1.00 E-04’ (1 in 10,000 years) and 10 fatalities. The ‘X’ thus represents an event which would kill 10 people at a frequency of once in 10,000 years. This is unacceptable. This principle of societal risk indicates that society’s tolerance for risk decreases as fatalities increase. Review / Verify the Risk Depending on the magnitude of risks and the potential consequences of hazards, these should be periodically reviewed by competent staff. The reviews should involve those parts of the organization which are involved in day-to-day management of these hazards i.e. the operations and maintenance functions. As a typical issue for these reviews one should verify if the base assumptions have changed since the original design was implemented or since the risks were reviewed previously e.g.: •
Has the plant/equipment performance lived up to the expectations of the original design in terms of accidents, incidents and equipment uptime?
•
Has the oil, product or equipment price changed significantly i.e. what is the current cost of production loss and/or equipment replacement?
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 17 of 18
•
Have there been significant and unexpected changes in age and/or technical integrity of equipment e.g. excessive corrosion, wear/tear?
•
Have there been significant hardware changes and if so, have the risk associated been adequately reviewed in the context of previously defined risk levels?
•
Is the average experience level of plant operators and maintainers still the same?
•
Can new technology provide lower (and possibly cheaper) ALARP levels?
•
Have legislation and/or public perceptions changed regarding what is now considered acceptable/unacceptable?
•
Have there been changes outside Company influence which could affect overall risk levels e.g. population build-up around facilities in previously isolated areas, increased road traffic, security aspects, etc?
Specifically for those issues which are managed at ALARP risk level but still remain toward the upper end of the ALARP region, management should insist on a minimum review frequency (e.g. annually) to be conducted by appropriate and expert personnel. The documented results of these reviews should be fully auditable. Factors Affecting the Risk Criteria The risk criteria for numerical risk levels are generally based on risk comparisons. However, there are some factors which need to be considered in order to ensure that the proposed risk criteria reflects adequately the nature and risk levels for activities/processes used at KOC / KPC Group Companies. These factors include the following: •
Risks which may be tolerable for workers in a hazardous industry are not necessarily tolerable for a member of the public who may be exposed to the work activity hazards.
•
Risk criteria selected by different industries are not necessarily the same. Risk criteria adopted by different countries may also not be the same.
•
The concept of ALARP is based on cost - benefit assessment and requires explicit valuation of a life.
•
The QRA criteria for risk relates to Individual Risks to workers (and the public) as well as to societal risks as a result of fatal accidents. Injuries and/or ill health are not included in this method of risk assessment.
•
Multiple fatality accidents require use of F-N Curves for risk tolerability. See Figure 5. Table 1: Proposed KOC Target Individual Risk (IR) Criteria KOC Maximum Individual Risk Criteria Workers
Public
Existing Facilities
New Facilities
All Facilities
Benchmark
IR = 1 in 5,000 or below (IR < 2 x 10-4)
IR = 1 in 50,000 or below (IR < 2 x 10-5)
IR = 1 in 100,000 or below (IR < 10-5)
Unacceptable
IR = 1 in 1,000 or above (IR > 10-3)
IR = 1 in 1,000 or above (IR > 10-3)
IR = 1 in 10,000 or above (IR > 10-4)
Acceptable
IR = 1 in 100,000 or below (IR < 10-5)
IR = 1 in 100,000 or below (IR < 10-5)
IR = 1 in 1,000,000 or below (IR < 10-6)
Where IR = Individual Risk (fatality per person/year)
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
Risk Assessment Procedure & Guidelines Page 18 of 18
The tolerable risk level lies between the acceptable and unacceptable levels in which ALARP must be demonstrated. Once a specific hazard is demonstrated by analysis to result in acceptable risk there is no requirement, other than the HSE MS continuous improvement principles, to further reduce risk under the ALARP criteria. Workers would include KOC employees and contractors working on KOC business. The public includes the general public, visitors, marine vessels and any third party who is not directly involved in the KOC and/or Group Company work activities. The tolerability criteria above should not be misinterpreted as the number of fatalities that KOC is prepared to accept in conducting operations. They must be used only in QRA context as statistical likelihood that equipment, systems and procedures fail and result in fatalities. The “IR benchmark” for new facilities is the overall IR level which project teams should aim for when designing new facilities. The design of existing facilities is set which leaves less flexibility in reducing absolute risk levels than for new designs. As such, the benchmark IR target for existing facilities is set on order of magnitude higher than for new installations. This benchmark should be used when designing major alterations/modifications to existing facilities. Cost Benefit Analysis Approach The Cost Benefit Analysis (CBA) approach is an effective risk management tool as it aids consistency in decisions for health, safety and environmental resource allocation. The CBA approach requires monetary evaluation of risks or the monetary evaluation of the loss. Some typical examples are: -
loss of plant, assets (e.g. rebuild cost)
-
loss of product and/or revenue
-
loss of sales or customers (e.g. through loss of reputation)
-
loss of life
-
loss of or damage to a natural resource
-
cost of clean-up (e.g. following accidental and/or chronic contamination)
Cost benefit analysis must be considered and performed for the activities of QRA as well as any other risk assessment which involves individual risk (fatality) or societal risk (fatality). The evaluation of measures to avert loss of life requires ‘Valuation of life’ for which different figures have been used by various industries and countries. KOC, at this time, does not specify a common ‘Valuation of life’ criterion which is to be applied throughout the Companies
Control Tier 3
Uncontrolled copy. Valid only at the time of printing: 4/23/2009
Revision Date: April 19, 2009
View more...
Comments
