KOC.sa.018 - Safety Risk Assessment and Management Procedure
Short Description
koc sa.018...
Description
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 1 of 30
Safety Risk Assessment and Management Procedure Document Number: KOC.SA.018 Document Coordinator:
Document Author:
Team Leader Safety
Approved by:
KOC HSEMS Procedures Sub-committee
Authorized by:
KOC HSSE Implementation Committee
Original Issue Date:
03 April, 2005
Document Control Tier 3 Tier:
Revision/Review Date:
12 July 2015
Next Review Date:
1.0
Team Leader Standards
11 July, 2018
Purpose/Scope
The main purpose of this procedure is to enable Company’s Asset Owners and Project Managers to identify and assess those safety hazards & risks arising from their activities (from existing facilities or projects) that require management in order to: Comply with regulatory requirements Comply with company policy and business requirements Assess the risk imposed by KOC activities, existing facilities and projects to personnel, public, environment, business, or assets; Ensure that adequate measures are taken to eliminate, or reduce those risks to a tolerable and as low as reasonably practicable (ALARP) level. Another important purpose of this procedure is to provide the philosophy that underpins the application of the Risk Assessment and Management methodologies to Safety. In doing this, the procedure provides a sequence in the use of these methodologies to the different stages of the lifecycle of KOC activities, existing facilities and projects, i.e. from seismic through design, operation and abandonment of a facility. The procedure provides suitable and sufficient risk assessment and management effort, covering all the approaches to Risk Assessment and Management, and reflecting a range of detail of assessment from the lowest qualitative risk assessment (qRA), through semi-quantitative (SQ) to the highest level represented by a full blown quantitative risk assessment (QRA). It is worth noting that this procedure shall be read and applied together with the following HSEMS Documents:
KOC.SA.037, “Risk Management Framework in KOC” KOC.SA.040, “Guidelines for Quantitative Risk Assessment” KOC.SA.041, “Rule Set for Quantitative Risk Assessment” KOC.SA.042, “Guidelines for As Low As Reasonably Practicable (ALARP) Demonstration” KOC-SA-034, “Guidelines for Safety Hazard Identification”
Similarly, this procedure supports the application of other KOC procedures and documents, such as: Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 2 of 30
KOC-C-030, "KOC Recommended Practice for Blast Resistant Design of Buildings" KOC.GE.038, "Procedure for HSE Planning for Well Delivery Projects” KOC.GE.048, "Procedure for Preparation of Project HSE Plan” KOC.I.017, “KOC Recommended Practice for Implementation of Safety Instrumented Functions (SIF)” KOC-L-002, "KOC Recommended Practice for the Protection of KOC Clearance Requirements for Buried Pipelines, Cables, Underground Structures, Buildings and Housing Projects" KOC-L-028, "KOC Recommended Practice for Plant Layout" KOC.PS.001, “Process Safety Management (PSM) Manual” KOC.PS.002, “Safety Critical Equipment” KOC.SA.008, “Procedure for SIL Determination and Verification for SIF” KOC.SA.043, “Strategy and Rule Set for Identification and Management of H2S Simultaneous Operations (SIMOPs) in KOC” KOC.SA.044, “Guidelines for Development of Emergency Planning Zones (EPZs) for H2S Operations”
This procedure is applicable to all activities carried out by Company / Contractors / Sub-contractors employees involved in design, production, maintenance, construction, inspection or other relevant purpose in Company’s business. It is not intended to limit the acceptable techniques to those listed here nor cause every technique to be applied blindly
2.0
Definitions
Accident Scenario - A sequence of events that results in undesirable consequences. An incident with specific safety consequences or impacts. Administrative Control - A procedural requirement for directing and/or checking engineered systems or human performance associated with plant operations. As Low As Reasonably Practicable (ALARP) - Expresses that the risk level is reduced, through a documented and systematic process, so far that no further cost effective measure is identified. Note: The requirement to establish a cost effective solution implies that risk reduction is implemented until the cost of further risk reduction is grossly disproportional to the risk reducing effect. Best Practice - In the context of these guidelines, best practice refers to standards/procedures for controlling risk above the level provided by the application of good practice. Consequence - The direct, undesirable result of an accident scenario usually involving a fire, explosion, or release of toxic material. Consequence descriptions may be qualitative or quantitative estimates of the effects of an accident in terms of factors such as harm to people, economic loss, and equipment damage. Consequence Analysis - The study of the possible extent (footprint) of harmful effects of potential incidents, e.g. calculation of the size of the flammable region of a vapor cloud following a gas release / spill. Event - An occurrence related to equipment performance or human action, or an occurrence external to the system that causes system upset. In this document an event is either the cause of or a contributor to an incident or accident, or is a response to an accident's initiating event. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 3 of 30
Event Tree Analysis (ETA) - A logic model that graphically portrays the combinations of events and circumstances in an accident scenario, which result from an initiating event (normally equipment or piping failure). External Event - Event external to the system/plant caused by (1) a natural hazard such as: earthquake, flood, tornado, extreme temperature, lightning, etc., or (2) a human induced event such as: aircraft crash, missile, nearby industrial activity, fire, sabotage, EOD, etc. Failure Mode - A symptom, condition, or fashion in which hardware fails. A failure mode might be identified as loss of function; spurious trip function (function without demand); an out-of-tolerance condition; or a simple physical characteristic such as a leak. Failure Modes and Effects Analysis (FMEA) - A systematic, tabular method for evaluating and documenting the causes and effects of known types of component failures. Fault Tree Analysis (FTA) - Deductive technique that focuses on one particular accident or main system failure, and provides a method for determining causes of that event. FTA is a graphical model that displays the various combinations of equipment failure and human error that can result in the main system failure of interest (called the top event). Frequency - The number of occurrences per unit time (usually a year) at which observed events occur or are predicted to occur Good Practice - In the context of these guidelines, good practice refers to standards/procedures for controlling risk which have been judged and recognized by KOC as satisfying all the requirements when applied to a particular case in an appropriate manner. In this sense, written good practice is that contained in KOC standards and other engineering standards produced by globally recognized organizations such as: NFPA, API, ISO, etc. Harm - Physical injury or damage to health, property or the environment Hazard - An inherent physical or chemical characteristic that has the potential for causing harm to people, property, or the environment. In this procedure it is the combination of a hazardous material, an operating environment, and certain unplanned events that could result in an incident. Hazard Identification - The pinpointing of material, system, process, and plant characteristics that can produce undesirable consequences through the occurrence of an accident. Hazard and Operability (HAZOP) Study - A systematic method in which process hazards and potential operating problems are identified using a series of guide words to investigate process deviations. Hazard Checklist - An experience-based list of hazards, potential accident situations, or other process safety concerns used to stimulate the identification of hazardous situations for a process or operation. Initiating Event - The first event in an event sequence. Can result in an accident unless protective systems or human actions intervene to prevent or mitigate the accident. Likelihood - A measure of the expected probability or frequency of an event's occurrence.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 4 of 30
Process Hazard Analysis (PHA) - The analysis of the significance of hazardous situations associated with a process or activity. Uses qualitative and quantitative techniques to pinpoint weaknesses in the design and operation of facilities that could lead to accidents. Process Safety Audit - An inspection of a plant or process unit, drawings, procedures, emergency plans, and/or management systems, etc., usually by an independent, impartial team and usually problem-solving in nature. Process Safety Management (PSM) - The application of management principles and systems to the identification, understanding, and control of process hazards to ensure the safety of process facilities, and protect employees, facility assets, and the environment. Quantitative Risk Assessment (QRA) - The process of hazard identification, followed by numerical evaluation of consequences and frequencies, and their combination into an overall measure of risk. QRA is based on the application of engineering evaluation and mathematical techniques. Ordinarily applied to accident scenarios and is related to Probabilistic Risk Assessment (PRA) used in the nuclear industry. Residual Risk - The risk remaining after controls have been applied to associated hazards that have been identified, quantified to the maximum practicable, analyzed, communicated to the proper level of management and tolerated after proper evaluation. Risk - The risk associated with an event is defined as the product of the likelihood of the event and the magnitude (severity) of the outcome of that event. The likelihood is defined in terms of the annual frequency of the outcome. The magnitude of the outcome is defined as the number of fatalities caused by the event. The risk is the product of these quantities and is expressed in terms of fatalities per year. Note that the calculated risk is linear with respect to both frequency and number of fatalities. Public and media response to incidents shows significant aversion to accidents involving multiple fatalities. Therefore events which may be estimated to give the same numerical risk may give rise to very different levels of public and media concern and/or impact on Company reputation. There are several risk measures which are defined below:
Location Specific Individual Risk (LSIR) Location Specific Individual Risk (LSIR) provides a measure of the inherent hazard associated with different geographic locations within a plant or facility. The basis for the calculation of the location specific risk is that each target location considered is permanently inhabited by a single individual. The LSIR is evaluated (typically) at points on an orthogonal grid covering the area of interest. The calculated risks are typically presented as iso-risk contours, which provide an easily understood graphical presentation of the risks. LSIR contours are indicative of the potential magnitude or intensity of the risk, but the risks will only be realised at a given location if personnel will be present at that location 24/7. LSIR only considers those sources of risks which themselves have fixed locations. LSIR does not therefore take account of transportation risks, occupational risks, etc.
Individual Risk (IR or IRPA) Individual Risk (IR or IRPA) is determined on a case by case basis for each individual working on a plant or facility. In practice there is insufficient definition in the data which defines the durations for which people will be exposed and locations at which they will be exposed. Calculations are therefore undertaken for representative work groups rather than for every individual. The process contribution to the individual risk for a specified work group is evaluated
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 5 of 30
as the time weighted average of the LSIR values determined at each of the locations at which the work group will spend time. Risk contributions due to transport and occupational risk are also accounted for. Where personnel remain on the plant during their off shift risk contributions for this period are also taken into account.
Potential Loss of Life (PLL) Potential Loss of Life (PLL) is derived from the workgroup’s IR estimates. The PLL for each workgroup is the product of the workgroup IR and the number of members of the workgroup. Where both day and night shifts will be utilised both will contribute to PLL. Rotations are also accounted for. PLL can be evaluated in terms of fatalities per year, but may also be expressed in terms of total fatalities over the design life of the facility. Where the difference in PLL between two design options is required (for example as part of an ALARP demonstration) this is usually evaluated over the life of the plant since this facilitates cost benefit calculations.
Cumulative Frequency vs. Number of Fatalities (F-N) Cumulative Frequency vs. Number of Fatalities (F-N), also called Societal Risk, is an F-N plot that plots the cumulative frequency (F) of events resulting in N or more fatalities against N. Because of the way the plot is defined the maximum value of F corresponds to the smallest value of N and vice-versa. F therefore plots as a decreasing function of N. The F-N curve provides information with respect to the distribution of risk between events resulting in small numbers of fatalities and events resulting in large numbers of fatalities.
Risk Assessment - Overall process of risk analysis and risk evaluation, which consists of deciding whether or not the risk is tolerable. Risk Control - Process of decision-making for managing and/or reducing risk; its implementation, enforcement and re-evaluation from time to time, using the results of risk assessment as one input. Risk Estimation - Process used to produce a measure of the level of risks being analyzed. Risk estimation consists of frequency analysis, consequence modelling, and integration of frequency and consequences. Risk Evaluation - Process in which judgments are made on the tolerability of the risk on the basis of risk analysis and taking into account factors such as socio-economic and environmental aspects. Risk Management - The systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating and controlling safety risk in order to protect employees, the general public, and company assets Risk Measures - Ways of combining and expressing information on likelihood with the magnitude of loss or injury (e.g., risk indexes, individual risk measures, and societal risk measures). Risk Reduction Measure - A specific hardware, software system, or administrative control designed to maintain a process within safe operating limits, to safely shut it down in the event of a process upset, or to reduce human exposure to the effects of an upset. Risk Tolerability Criteria - Criteria that are used to express a risk level that is considered tolerable for the activity in question. Note: Risk Tolerability Criteria are used in relation to risk assessment and express the level of risk which will be tolerable for the activity. It is the starting point for further risk reduction according to the ALARP principle. It may be qualitative or quantitative. Safety - Freedom from intolerable risk. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 6 of 30
Societal Risk - The relationship between frequency and the number of people suffering from a specified level of harm in a given population from the realization of specified hazards. Tolerable Risk - Risk that has been reduced to a level that can be endured by KOC. Worst Case Scenario - A conservative (high) estimate of the consequences of the most severe accident scenario identified. 3.0
General Requirements
4.0
KOC HSEMS Element HSE-03-01 KOC HSEMS Element HSE-03-02 KOC HSEMS Element HSE-03-03 KOC HSEMS Element HSE-03-04 KOC HSEMS Element HSE-04-01
Key Roles & Responsibilities 4.1 Managers (All Groups)
Ensure that hazards are identified, risks assessed as well as managed for all activities & / or facilities under their jurisdiction.
Ensure availability of adequate resources to identify hazard, asses as well as manage the risk for activities or facilities under their jurisdiction.
Develop, review and approve Safety Risk Register for the Group. Any updates to the Register must also be reviewed and approved.
Maintain and update the Group Safety Risk Register.
Communicate Group Safety Risk Register with all the concerned employees.
4.2 HSE Team Leaders (Assets / Directorates)
Support the respective Group Managers in hazard identification and risk assessment for activities / facilities within the Asset / Directorate.
Coordinate and arrange for awareness sessions to the employees as per the requirement.
Coordinate and support Managers and DCEO for monitoring status of safety risk management programs.
Review the Group Safety Risk Registers within the Asset / Directorate including updates for consistency.
4.3 Team Leader – Safety
Review, approve (KOC.SA.033).
Audit the Safety risk management status arising from Group Safety risk registers.
and
maintain
KOC
Control Tier 3
Safety
Risk
Register
template
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 7 of 30
4.4 All Employees
5.0
Aware of all hazards, risks and its control measures associated with their activities and facilities they are working for.
Comply with control measures identified in their respective Group Safety Risk Register.
Risk Assessment and Management Process 5.1 Overview The KOC HSEMS is composed of 13 Elements. Risk Assessment, Compliance and Management is the Element 3 of the KOC HSEMS, and it does clearly support the implementation of Element 4 (Facilities, Design & Construction), Element 5 (Operations and Maintenance), Element 6 (Management of Change), and Element 7 (Crisis Preparedness and Management). Other elements in the system either require input from Risk Assessment and Management, or they rely on this element to help define and clarify their management aims. The relationships noted above support an integrated system for managing risks throughout the entire lifecycle of KOC facilities and activities. Consequently, the Risk Assessment and Management process is essential to the objectives of the KOC HSE Management System as a whole The primary objectives of the Risk Assessment and Management process are to identify and rank the risks so that they can be adequately assessed and managed and to examine associated risk reduction measures to determine those most suitable for implementation. In this context, the main role of the Risk Assessment and Management process is to assist KOC management in providing a demonstration that:
All hazards have been identified;
All risks have been evaluated; and,
Adequate measures have been, or will be, taken to control the risks to a tolerable and ALARP level.
As part of the Risk Assessment and Management process a Safety Risk Register shall be generated so as to enable identification and maintenance of risk reduction measures for ensuring that these safety risks are within limits of tolerability and ALARP as per the Risk Tolerability Criteria provided in Appendices II (qualitative and semi-quantitative), and III (quantitative). The Risk Register Template is provided in Appendix I. This template shall be utilized in all Risk Assessment and Management activities, including the preparation of Project Safety Risk Register. 5.2 Risk Assessment and Management Approaches Risk Assessment and Management process shall be used to provide an input into the decision making process. This will enable the Company’s Management to provide reasoned and supported arguments to demonstrate that there is nothing else that could reasonably be done to reduce risks further.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 8 of 30
As expressed in Figure No. 1 below, Risk Assessment and Management methodologies need to be proportionate to the magnitude of risk being analyzed; i.e. the Risk Assessment and Management methodology utilized in each case must be efficient and should normally progress from qualitative (qRA) to quantitative risk assessment (QRA).
Tolerability of Risk
Risk reduction Regardless of cost
Increasing Risk
Unacceptable Region
QRA Tolerable Region
Acceptable Region
SQ
qRA
Relevant Good Practice Plus Risk Reduction Measures Plus Gross Disproportion Relevant Good Practice
Figure 1 - Proportionate Risk Assessment and Management The lower levels of assessment (qRA and SQ) are considered most appropriate for hazard screening. The usual approach to deciding the appropriate level of Risk Assessment and Management detail would be to start with a qualitative approach and to elect for more detail whenever it becomes clear that the current level of detail is unable to allow for a clear understanding and assessment of the risks. However, to save time and budget, and yet achieving high quality results, a highly competent and experienced Risk Assessment and Management Specialist may decide to start the process with SQ or QRA to make the process more efficient. Regardless of the type of technique or approach used, Risk Assessment and Management process shall not be used in isolation and in a mechanistic way. Risk Assessment and Management process provides only one input into the decision-making process. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 9 of 30
5.3 Risk Assessment and Management Methodologies Table No. IV.1 given in Appendix IV summarizes the individual purposes of the various Risk Assessment and Management methodologies recommended for use in KOC projects and facilities. A comprehensive Risk Assessment and Management study may not be necessary for every occasion. Each methodology may be applied to specific systems or activities based on the needs of the analysis and the complexity of the system. As shown in Table No. IV.1 in Appendix IV, an assessment can range from a single screening study to a detailed QRA studying a large number of issues, using highly sophisticated frequency and consequence models. Between these extremes, Risk Assessment and Management is performed to meet the needs of the Asset consistent with inherent risk levels. Setting the study objectives, intention, and scope clarifies the Risk Assessment and Management effort. The goals and objectives vary according to specific needs or requirements. Risk assessment objectives include, but are not limited to, the following:
Estimating risk to people
Meeting legal or regulatory requirements
Estimating business interruption risk.
Identify Safety Critical Elements (SCEs)
Evaluating risk reduction measures;
Prioritising safety investments;
Emergency Response
The available information may limit the scope of the assessment. The number and type of techniques are defined by the magnitude and complexity of the system or activity under study. 5.4 Application of Risk Assessment and Management Risk is highly impacted by decisions made throughout the lifecycle of an activity or facility. This is particularly true for the early stages of the design, but it is also true for the rest of the stages of the lifecycle. This lifecycle for KOC activities and facilities can be expressed in four stages: Explore, Develop, Produce and Abandon, and it is reflected in Figure No. 2 below.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 10 of 30 Drilling
Seismic
RA&M Process 1. HAZID 2. JSA 3. Footprint
Project Development
RA&M Process See PGS for Well Delivery Process
Project Gate System 1. Identification 2. Concept Selection 3. Project Definition 4. Project Execution
Operate
Decommission
RA&M Process 1. All RA&M methodologies as they apply. 2. HSEMS Procedures 3. Revalidation every 5 years
RA&M Process 1. All RA&M methodologies as they apply. 2. HSE Plan 3. HSEMS Procedures 4. JSA
RA&M Process See KOC-GE-048
Explore
Operations HSE Case Develop
Produce
Abandon
Figure 2 - Application of Risk Assessment and Management Methodologies to Lifecycle As shown in Figure No. 2 above, in order to reduce risks to a tolerable and ALARP level, RA&M shall be applied in each stage of the lifecycle. Below, there is a brief description of the application of the RA&M methodologies to each stage. Seismic Phase HAZID and JSA are the most appropriate methodologies to be applied to the seismic phase, due to the fact that seismic activities are mainly performed with a series of tasks and individual jobs. Additionally, it is worth preparing a footprint of these activities. Drilling Phase The decision of the location of wells shall be accomplished based on a risk assessment of all the options, whereas the technical aspects of the drilling activities shall be based on a HAZID and HAZOP to assess the different types of risks that the well design could have. HSEMS Procedure KOC.GE.038 for “HSE Planning for Well Delivery Projects” shall be followed for Risk Assessment and Management aspects in the drilling phase. Project Development Phase The Risk Assessment and Management activities in this phase need to be commensurate with the individual gate being developed, i.e. the type and depth of methodologies to be applied are determined by the amount of information available at each Gate. In any case, HSEMS Procedure KOC.GE.048 for “Preparation of Project HSE Plan” shall be applied for the entire phase. Operations Phase During the “operate phase”, a series of techniques may be applied for different purposes. QRA and LOPA revision, including HAZOP, and Consequence Modelling, shall be performed for major modifications to the system. Other techniques such as HAZID may be applied for minor modifications. JSA shall also be applied, since operation activities involve a number of individual tasks and jobs. HSEMS procedures shall be followed in this respect, and revalidation of studies shall be performed every 5 years. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 11 of 30
Decommissioning Phase During the “decommissioning phase”, a series of techniques may be applied for different purposes. The abandonment works shall be supported by a HSE Plan, and HSEMS procedures shall be followed as they apply. JSA shall also be applied, since these activities involve a number of individual tasks and jobs. 5.5 Description of the Risk Assessment & Management Process Figure No. 3 below summarizes the main stages in the process of Risk Assessment and Management. As it can be seen, Risk Assessment and Management involves a series of steps as follows:
Hazard Identification, based on consideration of factors such as the physical and chemical properties of the fluid being handled
Risk Assessment, from the hazards and consideration of its tolerability to personnel.
Risk Management, consisting of reducing risks where this is deemed to be necessary. This involves identifying opportunities to reduce the frequency and/or consequence of an accident.
Hazard
Risk
Risk
ALARP
Identification
Estimation
Assessment
Demonstration
Risk Reduction Measures
qRA
Hazard Identification
LIKELIHOOD OF OCCURRENCE
SEVERITY Negligible (1)
Slight (2)
Moderate (3)
High (4)
Very high (5)
Very Unlikely (A)
LOW
LOW
LOW
LOW
MEDIUM
Unlikely
(B)
LOW
LOW
LOW
MEDIUM
MEDIUM
Possible
(C)
LOW
LOW
MEDIUM
MEDIUM
HIGH
Likely
(D)
LOW
MEDIUM
MEDIUM
HIGH
HIGH
Very Likely (E)
LOW
MEDIUM
HIGH
HIGH
HIGH
SQ
COST
RISK
Inherent Safety Lessons Learnt Preventive Passive Active Etc. Etc.
Tolerability of Risk
Risk reduction Regardless of cost
QRA
Increasing Risk
Unacceptable Region
QRA Tolerable Region
Acceptable Region
SQ
qRA
Relevant Good Practice Plus Risk Reduction Measures Plus Gross Disproportion Relevant Good Practice
Risk Estimation Risk Assessment Risk Management
Figure 3 - Risk Assessment and Management Process It is clear then that the main purpose of Risk Assessment and Management process is to identify and rank the risks so that they can be adequately managed. Each stage in the process can be seen as an opportunity to identify potential risk reduction options. The following sections present a description of each stage of the Risk Assessment and Management process. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 12 of 30
The Risk Assessment and Management process shall be carried out either utilizing internal resources or through an external agency, who have knowledge & experience in the day to day running of the plants, operations and facilities. Typically a review team for hazard identification & risk assessment may include personnel from various backgrounds as required e.g. Team Leader, senior engineers, operations / maintenance supervisors, process engineers HSE personnel and Inspection & Corrosion engineers. 5.6 Hazard Identification One key element of effective safety risk management is a systematic approach to hazard identification. The Hazard Identification methodology applied shall consider all the factors involved in the system under study. This shall include all modes of operation (routine and non-routine activities), emergencies, as well as external hazards. For application, methodologies, etc. related to hazard identification, the reader is referred to HSEMS Guidelines KOC.SA.034 for “Safety Hazard Identification”. 5.7 Risk Assessment After the hazards have been identified, the risks arising from them are evaluated either qualitatively or quantitatively. This typically requires carrying out a first stage named “risk estimation”, which entails assessing both the severity (consequence) and frequency (likelihood) of hazardous events. The amount of detail and effort required to complete this first stage increases from qualitative (qRA) to semi-quantitative (SQ) to quantified risk assessment (QRA). (a) Qualitative (qRA) and Semi-Quantitative (SQ) Risk Estimation For the qRA or SQ approaches, this procedure provides the criteria for assessing the frequency and consequences (see Table No. II.1 of Appendix II). Potential consequences of an event shall be estimated considering worst case scenario that might have resulted not what has resulted. The impact categories are People, Asset, and Reputation. The frequency of occurrence of the worst case scenario identified during severity assessment must be determined. This initial likelihood is determined after taking into consideration the existing control measures in place to prevent occurrence of the hazardous event (i.e. the event which is manifestation of the hazard) as well as control measures in place to mitigate the severity of the consequences. Once the frequency and consequences are determined, the risk must be estimated using the Safety Risk Evaluation Matrix shown in Figure II.1 of Appendix II. (b) Qualitative (qRA) and Semi-Quantitative (SQ) Risk Assessment The results of the risk estimated as established above, shall be compared to the KOC Risk Tolerability Criteria (RTC), also given in the Safety Risk Evaluation Matrix shown in Figure II.1 of Appendix II. The risk then shall be managed accordingly. This process is called Risk Assessment, which refers to the process of objectively examining the risks involved in a particular activity. The objective of the determination is to ensure that the risks are fully understood. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 13 of 30
In the case of the qualitative (qRA) and Semi-Quantitative (SQ) approaches, the tolerability or otherwise of an identified risk and any associated risk-reducing measures are determined on the basis of the collective judgment of the Risk Assessment Team and KOC current standards. In these cases the assessment shall be performed using the Safety Risk Evaluation Matrix shown in Figure II.1 of Appendix II. This risk matrix is a convenient method of ranking and presenting the results. It is worth mentioning that this is a 5x5 risk matrix, and therefore, it is capable of discriminating between the risks of the different hazardous events for a facility or activity. The tolerability of the estimated risk must then be judged based on criteria given in Table II.2 of Appendix II. All identified hazards should be subject to an evaluation for risk potential. All activities having applicable legal requirements, irrespective of the ranking of the risk shall have a compliance mechanism including monitoring program which shall be linked to HSE Compliance Register of the respective Group. (c) Quantitative Risk Assessment (QRA) On the other hand, if a QRA is required, then HSEMS Procedures KOC.SA.040 for “Guidelines for Quantitative Risk Assessment” and KOC.SA.041 for “Rule Set for Quantitative Risk Assessment” shall be applied. A detailed description of these criteria both for Individual and Societal Risks is given in Appendix III. 5.8 Risk Management (a) Overview Risk-reducing measures shall be introduced if the risks exceed any RTC, or if there are other reasonable measures that can be justified. In any case, consideration shall be given to reducing risk to a level deemed ALARP reflecting among other factors local conditions and circumstances, the balance of cost and benefits and the current state of scientific and technical knowledge. To reduce a risk to an ALARP level involves balancing reduction in risk to a level, objectively assessed, where the trouble, difficulty and cost of further reduction measures becomes unreasonably disproportionate to the additional risk reduction obtained. This process is described in detail in HSEMS Procedure KOC.SA.042 for “Guidelines for As Low As Reasonably Practicable (ALARP) Demonstration”. Particular attention shall always first be given to risk reduction measures which have the effect of eliminating or reducing the frequency of hazardous events occurring. The use of inherently safer design principles (see HSEMS Procedure KOC.PS.006 for “Inherently Safer Design”) to manage risks is preferred. A progressive approach to risk reduction shall be adopted, giving attention first to those measures which have greatest effect in risk reduction for least effort. Successive evaluations of risk reduction measures shall be undertaken until a point is reached where all the RTC have been satisfied, and it has been demonstrated that the risks are tolerable and ALARP.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 14 of 30
(b) Barriers to Hazards. Risk assessment shall consider the barriers in place (see Figure 4 below), how these are intended to function and if they function. Some barriers are installed to individually stop the hazard from releasing. Other barriers will only reduce or mitigate the consequences of the released hazard and a series of sequential barriers is required to fully eliminate the consequences. If all the barriers are in place and functional, the consequences of the hazard should in theory not occur. Similarly, if any of the barriers is not functional, then the consequence size will ultimately depend on the specific effect of the non-functional barrier.
Barrier 1
Hazard which, if not stopped, will develop into full consequences
Barrier 2
Barrier 3
Hazard has developed into full consequences
Barrier 1
Consequence of Hazard release without will Barriers
Principle of Barriers which each, on their own, prevent the Hazard from releasing.
Barrier 2
Barrier 3
Consequence of Hazard release with Barriers 1 and 2 functioning, Barrier 3 not functioning
Principle of Barriers which progressively reduce the consequences of Hazard release.
Figure 4 (A & B) - Effects of Barriers on Hazard Release (c) Manage the Risk to Acceptable Level After the risk has been identified and analysed as per above, management decides what corrective action (if any) is necessary to manage the risk at a tolerable and ALARP risk level. For more detail refer to HSEMS Procedure KOC.SA.042 for “Guidelines for As Low As Reasonably Practicable (ALARP) Demonstration”. Depending on the nature of the specific hazard(s), this may require different steps to:
Eliminate the hazard.
Prevent the hazards from occurring (eliminate) or to reduce the likelihood of the incidents.
Reduce the consequences with other control measure.
Mitigate the consequences of the hazards which are inherent to the type of operation or working environment and which cannot be prevented altogether and have a chronic likelihood to develop into incidents with harmful consequences.
Recover from the consequences of incidents. Recovery and Damage Control measures should be developed for all potential emergencies with the aim to prevent escalation e.g. from critical into severe or worse severities.
In any case, concerned asset management shall formulate a corrective action plan, which shall include the agreed actions, responsible person(s), and completion date(s). Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 15 of 30
In formulating these plans, it is important to realize that risk management measures include organizational and system measures, such as:
Engineering Control (such as detection, alarm & shutdown system)
Administrative Control (such as standing instruction, job rotation, warning signs, notices etc.)
Personnel training and qualification procedures
Change control and documentation procedures
Quality assurance, maintenance and inspection procedures
Periodic personnel medical check-ups and medical treatments such as vaccination/immunization)
Follow up that includes regular updates for progress to ensure actions are closed per the plan.
5.9 Risk Monitoring The responsibility for implementation of additional control measures as well as maintenance of existing control measures must be specified. Responsibility must be assigned to a specific designation. Where additional controls are in the form of a program requiring time and resources for completion, the target date for completion must also be specified. 5.10 Documentation The key information and the decisions made in the Risk Assessment and Management process shall be fully documented in an ordered and comprehensive manner. The documentation shall register the various decisions made during the process as well as the basis for those decisions. This documentation shall be reflected in a Risk Assessment and Management report. This report shall be written in an understandable manner to all personnel involved in the decision making process. As a minimum it shall include: Objectives, scope and limitations A description of the system under study Assumptions and premises Main contributors to the risk Sensitivity analysis (if required) Conclusions from the study Risk reduction measures recommended The Risk Assessment and Management report shall be approved by the asset management. The asset management in turn, shall prepare an implementation plan for the risk reduction measures agreed and a follow-up plan, which will be included in the HSE Group Audit Program. On the other hand, the results of Risk Assessment and Management studies and activities shall also be recorded in the Safety Risk Register (SRR). Additional information on the Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 16 of 30
management of the Safety Risk Register, as well as the SRR Template (KOC.SA.033) are provided in Appendix I. 5.11 Updating and Verification As a minimum Risk Assessment and Management studies shall be updated once every 5 years. However, depending on the magnitude of risks and the potential consequences of hazards, the Risk Assessment and Management studies shall be periodically reviewed by competent staff. The reviews shall involve those parts of the organization which are involved in day-to-day management of these hazards i.e. the operations and maintenance functions. As a typical issue for these reviews it shall be verified if the base assumptions have changed since the original design was implemented or since the Risk Assessment and Management study was done, e.g.:
Has the plant/equipment performance lived up to the expectations of the original design in terms of accidents, incidents and equipment uptime?
Has the oil, product or equipment price changed significantly i.e. what is the current cost of production loss and/or equipment replacement?
Have there been significant and unexpected changes in age and/or technical integrity of equipment e.g. excessive corrosion, wear/tear?
Have there been significant hardware changes and if so, have the risk associated been adequately reviewed in the context of previously defined risk levels?
Is the average experience level of plant operators and maintainers still the same?
Can new technology provide lower (and possibly cheaper) ALARP levels?
Have legislation and/or public perceptions changed regarding what is now considered tolerable/untolerable?
Have there been changes outside KOC influence which could affect overall risk levels e.g. population build-up around facilities in previously isolated areas, increased road traffic, security aspects, etc?
Specifically, those issues which are managed at ALARP risk level but still remain toward the upper end of the ALARP region, shall be reviewed on a minimum frequency of once a year. Verification of Risk Assessment and Management studies shall be performed by Assets / Directorates HSE Teams competent personnel, and as a minimum the following aspects shall be verified in this process:
The Risk Assessment and Management study is adequately scoped in accordance with the needs and objectives
The Risk Assessment and Management study has thoroughly followed the process established in this guide
The Risk Assessment and Management assumptions and premises are credible.
On the other hand, Risk Assessment and Management process shall be systematically audited by HSE Group with the aim to achieve the following objectives:
Ensure the effectiveness of the studies and their adherence to this guide.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 17 of 30
Ensure that risks are being properly managed. 5.12 Risk Communication Risk Assessment and Management activities and results are of limited value if not communicated properly to internal audiences and, where appropriate, external audiences. The internal audience is comprised of KOC employees and relevant contractors. Risk communication is an Asset Management responsibility, which should be fulfilled through ongoing communications to ensure that all personnel are aware of the risks, and changed risks, plus their roles and actions to be taken. The external audience includes the general public that can be impacted by Asset’s operations and, also, appropriate regulatory agencies for emergency preparedness purposes.
6.0
Key Documents/Tools/References
HSEMS Procedure KOC.GE.005 for “HSE Compliance Register”
HSEMS Procedure KOC.GE.021 for “HAZOP Study”
HSEMS Procedure KOC.GE.038 for “HSE Planning for Well Delivery Projects”
HSEMS Procedure KOC.GE.048 for “Preparation of Project HSE Plan”
HSEMS Manual KOC.PS.001 for “Process Safety Manual”
HSEMS Procedure KOC.PS.002 for “Safety Critical Equipment”
HSEMS Procedure KOC.PS.006 for “Inherently Safer Design (ISD)”
HSEMS Procedure KOC.SA.008 for “SIL Determination and Verification for SIF”
HSEMS Template KOC.SA.033 for “Safety Risk Register”
HSEMS Guidelines KOC.SA.034 for “Safety Hazard Identification”
HSEMS Document KOC.SA.037 for “Risk Management Framework in KOC”
HSEMS Guidelines KOC.SA.040 for “Quantitative Risk Assessment”
HSEMS Document KOC.SA.041 for “Rule Set for Quantitative Risk Assessment”
HSEMS Guidelines KOC.SA.042 for “As Low As Reasonably Practicable (ALARP) Demonstration”
HSEMS Document KOC.SA.043 for “Strategy and Rule Set for Identification and Management of H2S Simultaneous Operations (SIMOPs) in KOC”
HSEMS Guidelines KOC.SA.044 for “Development of Emergency Planning Zones (EPZs) for H2S Operations”
KOC-L-17, “KOC Recommended Practice for HAZOP Studies”.
KOC-C-030, Rev. 1 “"KOC Recommended Practice for Blast Resistant Design of Buildings"
KOC.I.017, “KOC Recommended Practice for Implementation of Safety Instrumented Functions (SIF)”
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 18 of 30
7.0
KOC-L-002 Rev. 3, "KOC Recommended Practice for the Protection of KOC Clearance Requirements for Buried Pipelines, Cables, Underground Structures, Buildings and Housing Projects"
KOC-L-028, Rev.4 "KOC Recommended Practice for Plant Layout,"
“Guidance on Risk Assessment for Offshore Installations”. Health and Safety Executive, UK, 2006
BS 8444-3, “Risk Management: Part 3: Guide to Risk Analysis of Technological Systems”, Brittish Standards, UK
Abbreviations
8.0
ALARP - As Low As Reasonably Practicable API – American Petroleum Institute BRA - Building Risk Assessment EOD – Explosive Ordinance Disposal ERM - Enterprise Risk Management ETA - Event Tree Analysis F-N - Cumulative Frequency vs. Number of Fatalities FMEA - Failure Mode and Effect Analysis FTA - Fault Tree Analysis HAZID - Hazard Identification Study HAZOP - Hazard and Operability Study HSE - Health, Safety & Environment HSEMS - Health, Safety & Environment Management System IR - Individual Risk ISO – International Organization for Standardization JSA - Job Safety Analysis KOC - Kuwait Oil Company LOPA - Layers of Protection NFPA – National Fire Protection Association PHA - Process Hazard Analysis PLL – Potential Loss of Life PSM – Process Safety Management qRA - Qualitative Risk Assessment QRA - Quantitative Risk Assessment RTC - Risk Tolerability Criteria SQ - Semi-Quantitative Risk Assessment SRR - Safety Risk Register
HSE Records (Retention Period)
Group Safety Risk Registers (Indefinite, and updated as required) Risk Assessment Study Report (indefinite, and updated as required)
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 19 of 30
Review/Revision Log Revision Date 03 April, 2005 03 December, 2006
19 April, 2009
Revision Details Procedure approved by the HSEMS Implementation Committee. Internally reviewed & revised. Internally reviewed aligning with Risk Register requirement & issued as combined document for Risk Assessment Procedure & Guidelines (KOC.SA.019) is withdrawn and added to this procedure. Revisions made in all sections to make the procedure specific for Safety Risk Assessment. References to Health & Environment have been removed from the procedure.
28 June, 2012
New subsections have been added about methodology for initial and residual risk assessment under section 5.4 Assessment of the Risks Section on Risk Register (new section no. 5.5) has been updated to reflect KOC Safety Risk Register template and Group Safety Risk Register requirements. New sections 7.0 and 8.0 ‘Abbreviations’ and ‘HSE Records’ have been added. Appendix I - Safety Risk Register Template has been updated to include applicable legal requirement, residual risk and monitoring requirement. Revisions made in all sections to relate and adapt the procedure to HSEMS Elements, other HSEMS new documents, e.g. KOC.SA.040, 041, 042, ERM, and PSM Manual. Main changes can be described as follows:
12 July, 2015
1. The title of the procedure was modified to “Safety Risk Assessment and Management Procedure”, which matches with Element 3 of the HSEMS, and better reflects the contents. 2. Definitions section was completed incorporating additional terms 3. The Risk Assessment and Management process was incorporated and described in its totality including qualitative, semi-quantitative, and quantitative approaches. 4. The application of Risk Assessment and Management to KOC projects/activities/facilities was clarified. 5. The application of Risk Assessment and Management methodologies was clarified by incorporating a table with the methodologies and their purpose. 6. The Safety Risk Register (SRR) template was modified to adapt it to all the modifications and to simplify its use. Its application and management was also clarified 7. The Safety Risk Matrix was modified and calibrated to align it to ERM Matrix, and the Quantitative Risk Tolerability Criteria given in this procedure. 8. Additional sections were incorporated, such as: Risk Assessment and Management Documentation, Updating & Verification, and Risk Communication
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 20 of 30
Appendix I KOC Safety Risk Register (SRR)
Overview The use of a risk register is well established in the field of safety risk management. The aim of the Safety Risk Register (SRR) is to register hazards and risks posed by an activity, project or facility, and support on the determination of the most cost-effective risk safety management strategy. It is worth mentioning that the SRR is NOT a Risk Assessment and Management methodology in itself, and shall not be used as such. The SRR is only a tool which enables recording the results of all Risk Assessment and Management activities. Managing an Efficient Safety Risk Register (SRR) The SRR shall be developed early in a project or activity as established in HSEMS Procedure KOC.GE.048 for “Preparation of Project HSE Plan”, it is one of the first documents produced. Obviously, safety risks with the ability to disrupt the project, shall be included in the Business Risk Register of the project. From here the SRR shall be used throughout the entire lifecycle of the project and future facility. This means it becomes a constantly used tool which is dynamic, changing as uncertainties change through each phase of the lifecycle. Once the project is finished, and the facility starts operation, the safety risks posed by the facility, with the ability to disrupt KOC business, shall be included in the Enterprise Risk Management (ERM) risk register. In addition to the Risk Assessment and Management studies themselves, it is envisaged that meetings of any sort (e.g. project meetings, operational meetings, management meetings, etc.) will invariably lead to identification of risks followed by agreement on how they will be managed. The SRR shall formalize this process using the template provided in this Appendix. Consequently, any meeting that generates the discussion of a risk should use the SRR. After completion of the SRR it becomes a control tool, which can be used to check that the planned actions are being implemented. Performance can therefore be measured and corrective actions taken, if necessary. The SRR shall be properly updated and maintained throughout the lifecycle of the activity or facility. For the SRR to work properly in must be a living document. By doing this it can become the main document that runs through the lifecycle of the activity or facility, maintaining the continuity of risks. It is worth noting that different levels of risks are managed by different levels of management, therefore, there will always be different audiences using the SRR. This may create confusion and mismanagement of the SRR. Consequently, it is highly recommended to view the risk register the same way as any other management tool, i.e. it can operate at a strategic level initially but drill down to specific operational levels as the activity/project/facility develops. To elaborate a little more on this issue, the SRR should not contain a multitude of generic (everyday) risks, of the kind that operative level should encompass.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 21 of 30
The SRR is intended to draw attention to and assist the management of significant specific risks; and these are often, the sort that can impact on Asset’s production success. Emphasis should be more on the risk management actions, as an indication of the quality and robustness of the SRR, and as a means of identifying genuine actions taken to manage safety risk. Benefits of the Safety Risk Register (SRR) The SRR’s main benefit is that it formalizes the safety risk management process and communicates the most important information in a structured manner. Reviewing the risk register at regular meetings brings the risks to everyone’s attention and requires action to be taken, making them highly visible to management, and in general to all employees and contractors. The risk register also provides an audit trail of the safety risk management process for future reference which can be measured to evaluate performance, or consulted as part of an accident investigation. Group Safety Risk Register Numbering Each Group shall have its own Safety Risk Register based on KOC.SA.033 taking into account their business activities and risk exposure along with control measures. The Risk Register will cover all activities, facilities and project related works within Group. The Group Safety Risk Register (SRR) shall have the document number as KOC.SA.033.XXX. Where, “XXX” shall be the respective Group’s abbreviation (all in capital letters). For example:
The SRR for Operations (SK) Group will be KOC.SA.033.OSK The SRR for Support Services (WK) Group will be KOC.SA.033.SSWK The SRR for Field Development (NK) Group will be KOC.SA.033.FDNK The SRR for Public Relations & Information Group will be KOC.SA.033.PRI The SRR for Research & Technology Group will be KOC.SA.033.RT The SRR for Industrial Services Group will be KOC.SA.033.IS The SRR for Ahmadi Services Group will be KOC.SA.033.AS The SRR for Planning Group will be KOC.SA.033.P
However, for groups having same initials, a second letter shall be added for distinguishing each other. For example:
The SRR for Exploration group will be KOC.SA.033.EX and the SRR for Engineering group will be KOC.SA.033.EN The SRR for Major Projects (I) group will be KOC.SA.033.MPI and the SRR for Major Project (II) group will be KOC.SA.033.MPII
Where Directorate Planning Team is not under any of the Groups, SRR for such team shall have the document number as KOC.SA.033.P. [Directorate]. Where, “[Directorate]” shall be the abbreviation for the respective Directorate. Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 22 of 30
In case the Safety Risk Register (SRR) is deemed necessary and appropriate to have at any team level, then such SRR shall have the document number as KOC.SA.033.XXX.YYY. Where, “XXX” shall be the respective Group’s abbreviation (all in capital letters), and, “YYY” shall be the respective Team’s abbreviation (all in capital letters) For example:
The SRR for Production Operations (WK) Team, which is under Operations (WK) Group, will be KOC.SA.033.OWK.POWK
The Group Safety Risk Register shall be reviewed annually by respective Groups. The Group Safety Risk Register shall be updated immediately whenever:
There are significant changes to activities, company policy or regulations The Risk or management of a hazard changes due to new information from monitoring, audits, incident reports, etc. Accountability / responsibility and / or priorities of actions related to risk control measures are altered
Any update in the Group Safety Risk Register should be communicated to all concerned employees by respective Group. Asset / Directorate HSE Teams should review the Safety Risk Registers of Groups within its Asset / Directorate including updates for consistency. Any inconsistency in the risk register should be notified to all Teams / Groups within Asset / Directorate, along with recommendations for resolving such inconsistences.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 - Safety Risk Assessment and Management Procedure Page 23 of 30
Appendix I
Safety Risk Register Template Monitoring (13) Project// Facility/ Activity (1)
Hazard Reference (2)
Hazard Reference No.
Information Source (3)
Used to define the source of hazard information. e.g. : HAZOP, QRA, What If, Insurance Recommen dations, Lessons learned from past incidents etc.
Hazards (4)
To describe the identified Hazard.
Source of Hazard (5)
To define specific source leading to the hazard, it could be represented by state of equipment, materials , products, processes, actions by people, worksite , activities, etc
Causes (6)
To describe what could possibly go wrong, or possible failures, or initiating events that would originate the hazard
Consequences (7)
To describe what would be the likely negative impacts, and how big they would be.
Applicable Legal Requirement (8)
If yes , please identify the legal compliance reference number from the compliance register, otherwise mention N/A
Existing Risk Reduction Measures (9)
Describe those proved existing measures to reduce the risk & they can be represented in specific mechanisms, actions, projects, procedures, materials, specifications, process, systems, standards, practices etc.
Control Tier 3
Risk Tolerability Category (10)
Define the risk tolerability as per the Safety Risk Evaluation Matrix (qualitative and semiquantitative), or from the RTC for QRA. In other words, define whether the risk is Unacceptable, ALARP, or Acceptable
Additional Risk Reduction Measures (11)
Describe the ALARP process followed to define the risk reduction measures needed, as well as those identified additional measures required to reduce the risk. These can be represented in specific mechanisms, actions, projects, procedures, materials, specifications, process, systems, standards, practices etc.
Revised Risk Tolerability Category (12)
Define the new risk tolerability category after applying the ALARP risk reduction measures.
Responsible Authority for Control Implementatio n (13a)
Specify designation within the group responsible to put in place those proposed additional risk reduction measures required or maintain the existing risk reduction measures.
Target Date / Period (13b)
Provide target date in the case of additional control measures
Remarks (14)
To support why the additional risk reduction measures have been taken, and why and how these measures reduce the risk. Include any other important remark that clarifies the risk understandi ng
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 24 of 30
Appendix II Safety Risk Evaluation Matrix About this Matrix: o This Risk Matrix and risk tolerability criteria are endorsed for use across KOC. o The non-monetary severity columns (People and Reputation) are independent of any monetary relationships and are not intended to be proportionally related to the other Consequence Severity Categories. o Damage to assets includes capital loss, business interruption, production deferment, legal liability and emergency response costs.
Decreasing Consequence Categories Negligible (1)
Minor (2)
Moderate (3)
Major (4)
Severe (5)
People
No injury or damage to people.
Slight damage and/or operational impact with costs up to KD 1.0 million
Reputation
Minor, adverse local public and media attention
Moderate irreversible impairment to one or more employees that can result in lost workdays (LTI), or restricted work. Partial damage and/or operational impact with costs between KD 15 million and KD 30 million Criticism by national government
Single employee fatality or permanent total disability to one or more employees, and some impact on third parties. Major damage and/or operational impact with costs between KD 30 million and KD 140 million Significant adverse national media or public or national government attention
Multiple employee fatalities, and/or multiple third party fatalities.
Assets
Reversible, minor employee injury not affecting work performance, requiring short term hospitalization. Minor damage and/or operational impact with costs between KD 1.0 and 15 million Attention from media; heightened concern by local community
Significant damage and/or operational impact with costs above 140 million, e.g. total loss of a facility. International public or media attention, with potentially severe impact
Frequency Estimation Frequency Category
A B C D E
Qualitative Interpretation Guidance
Quantitative Interpretation Guidance (yr-1)
Very Unlikely. Has happened once, or not at all in KOC Has happened a few times, or not at all in O&G Industry Unlikely. Similar event may occur once in 50-100 years at one of KOC assets. Have been isolated occurrences in KOC or has happened several times in the O&G Industry. Possible. Similar event may occur once in 10 to 50 years at one of KOC assets. Has not happened before at the Asset or has happened a few times in KOC. Likely. Similar event may occur at Asset every 10 to 50 years. Has happened once before at the Asset, or several times in KOC. Possible. Similar event may occur at Asset every 1 to 10 years. Has happened several times at Asset, or many times in KOC
Control Tier 3
Less than E-05
Between E-05 and E04 Between E-04 and E03 Between E-03 and E02 Greater than E-01
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 25 of 30
Safety Risk Evaluation Matrix
CONSEQUENCE
LIKELIHOOD OF OCCURRENCE
Negligible (1) Very Unlikely (A) Unlikely
(B)
Possible
(C)
Likely
(D)
Frequent
(E)
Minor (2)
Moderate (3)
Major (4)
Severe (5)
ACCEPTABLE REGION
ALARP REGION
UNACCEPTABLE Table II.1 Safety Risk Evaluation Matrix
Risk Category
Control Regime
Unacceptable Region
The activity shall not be carried out as the Risk is intolerable / unacceptable. Adequate control measures shall be established to bring the risk levels to at least ‘Medium’ before the activity can be performed. Such additional control measures must be in place before the activity can commence.
ALARP Region
The Risk is tolerable. The activity shall be further analysed to determine if any additional control measures are required. If required, such additional control measures shall be established before the activity can be performed.
Acceptable Region
The Risk is acceptable. No additional control measures will be required. Table II.2 Safety Risk Tolerability Criteria
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 26 of 30
Appendix III Quantitative Risk Tolerability Criteria. The assessment and control of risk are essential requirements for a proactive HSE management system. In order to make a value judgment and to decide on what risks are tolerable, an easily understood set of criteria should be set and followed rigorously. Risk criteria are required to promote consistency in evaluating the results of relevant studies and to formulate a proactive approach to incident prevention. This document sets out the basis for selecting the risk tolerability criteria and explains some of the techniques used to arrive at the quantitative assessments made to understand the qualitative risk levels. Individual Risk per Annum (IRPA) Criteria Ideally, there is a need to determine the limits for IRPA, based on numeric values (based on QRA studies) which would be regarded as intolerable. Figure III.1 shows the principle of this risk tolerability criteria.
UNACCEPTABLE REGION maximum tolerable limit 1 in 1000 per year ALARP Benchmark existing installations
UNACCEPTABLE REGION maximum tolerable limit 1 in 10,000 per year
1 in 5,000 per year
ALARP OR TOLERABILITY REGION
ALARP OR TOLERABILITY REGION
ALARP Benchmark new installations 1 in 50,000 per year
(Risk must be demonstrated to have been reduced to a level which is practicable with a view to cost/benefit)
maximum tolerable limit 1 in 100,000 per year
maximum tolerable limit 1 in 1,000,000 per year
ACCEPTABLE REGION
ACCEPTABLE REGION INDIVIDUAL RISK TO WORKERS
INDIVIDUAL RISK TO THE PUBLIC
(including contractor employees)
(all those not directly involved with company activities)
Figure III.1 Risk Tolerability for Individual Risk to Worker or Public. The same risk tolerability criteria for IRPA can be expressed in a tabular form as depicted in Table III.1 below:
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 27 of 30
KOC Maximum Individual Risk Criteria Workers
Public
Existing Facilities
New Facilities
All Facilities
Benchmark
IR = 1 in 5,000 or below (IR < 2 x 10-4)
IR = 1 in 50,000 or below (IR < 2 x 10-5)
IR = 1 in 100,000 or below (IR < 10-5)
Unacceptable
IR = 1 in 1,000 or above (IR > 10-3)
IR = 1 in 1,000 or above (IR > 10-3)
IR = 1 in 10,000 or above (IR > 10-4)
Acceptable
IR = 1 in 100,000 or below (IR < 10-5)
IR = 1 in 100,000 or below (IR < 10-5)
IR = 1 in 1,000,000 or below (IR < 10-6)
Where IR = Individual Risk (fatality per person/year)
Table III.1 Risk Tolerability for Individual Risk to Worker or Public Note 1: The “IR benchmark” for new facilities is the overall IR level which project teams should aim for when designing new facilities. Existing facilities leave less flexibility in reducing absolute risk levels than new designs. As such, the benchmark IR target for existing facilities is set one order of magnitude higher than for new installations. This benchmark should be used when designing major alterations/modifications to existing facilities. Note 2: Workers would include KOC employees and contractors working on KOC business. The public includes the general public, visitors, marine vessels and any third party who is not directly involved in the KOC and/or Group Company work activities. Note 3: The tolerable risk level lies between the acceptable and unacceptable levels in which ALARP must be demonstrated. Once a specific hazard is demonstrated by analysis to result in acceptable risk there is no requirement, other than the HSE MS continuous improvement principles, to further reduce risk under the ALARP criteria. Societal Risk Criteria The ALARP principle applies in the same way for societal risk as for Individual Risk. Societal Risk tolerability shall be utilized in reporting QRA results. Societal risk should not be confused as being the risk to society or the risk as being perceived by society. The word “societal” is merely used to indicate a group of people and societal risk refers to the frequency of multiple fatality incidents, which includes workers and the public. Societal risk is usually represented by F-N (fatality - frequency) curve such as Figure III.2 below. The F-N Curve represents societal risk for a single facility, like a refinery or a process plant.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 28 of 30
F-N Curve for Societal Fatal Risk 1.00E+00
FREQUENCY (per year)
1.00E-01 1.00E-02
Unacceptable Risk
1.00E-03
X
1.00E-04 1.00E-05
ALARP
1.00E-06 1.00E-07
Acceptable Risk 1.00E-08 1
2
10
FATALITIES
100
1000
FIGURE III.2. F-N Curve: Societal Fatal Risk Tolerability, Single Facility Only To illustrate an example of societal risk, note the ‘X’ in the upper portion of the graph which is marked “Unacceptable Risk”. The ‘X’ is located at the axis of the lines ‘1.00 E-04’ (1 in 10,000 years) and 10 fatalities. The ‘X’ thus represents an event which would kill 10 people at a frequency of once in 10,000 years. This is unacceptable. This principle of societal risk indicates that society’s tolerance for risk decreases as fatalities increase. Note: The societal risk tolerability criteria above should not be misinterpreted as the number of fatalities that KOC is prepared to accept in conducting operations. They must be used only in QRA context as statistical likelihood that equipment, systems and procedures fail and result in fatalities. Factors Affecting the Risk Criteria The risk criteria for numerical risk levels are generally based on risk comparisons. However, there are some factors which need to be considered in order to ensure that the proposed risk criteria reflects adequately the nature and risk levels for activities/processes used at KOC. These factors include the following:
Risks which may be tolerable for workers in a hazardous industry are not necessarily tolerable for a member of the public who may be exposed to the work activity hazards.
Risk criteria selected by different industries are not necessarily the same. Risk criteria adopted by different countries may also not be the same.
The concept of ALARP is based on cost - benefit assessment and requires explicit valuation of a life.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 29 of 30
The QRA criteria for risk relates to Individual Risks to workers (and the public) as well as to societal risks as a result of fatal accidents. Injuries and/or ill health are not included in this method of risk assessment.
Multiple fatality accidents require use of F-N Curves for risk tolerability. See Figure III.2.
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
KOC.SA.018 Safety Risk Assessment and Management Procedure Page 30 of 30
Appendix IV Risk Assessment and Management Methodologies and their Purpose
Identify Hazards
Identify the path from cause to consequence
Identify and maps out the barriers to prevent or mitigate the causes or consequences of hazards.
Identify Opportunities to Eliminate Hazards
QRA
Consequence Modelling
Event Tree Analysis (ETA)
QUANTITATIVE
Fault Tree Analysis (FTA)
HAZOP
Bow-Tie
What If /Checklist
HAZID
QUALITATIVE
Job Safety Analysis
Risk Assessment & Management Methodology
SEMIQUANTITATIVE
Layers of Protection Analysis (LOPA) Failure Mode and Effect Analysis (FMEA) Building Risk Assessment (BRA)
Risk Assessment & Management Approach
Qualitative Estimate of Likelihood
Identify Accident Initiating Events
Estimate Frequency of Initiating Events
Identify Opportunities to Reduce Frequency of Initiating Events
Identify accident Events Sequence and Consequences
Estimate Frequency of Event Sequences
Estimate Magnitude of Consequences of Event Sequences Identify Opportunities to Reduce Frequency and/or Consequences of Event Sequences
Table IV.1 Risk Assessment and Management Methodologies and their Purpose
Control Tier 3
Revision Date: 12 July, 2015 Uncontrolled Copy if Printed
View more...
Comments
