PLANT SAFETY AND OCCUPATIONAL

HEALTH CHAPTER 6:

HAZARD AND RISK

ASSESSMENT

CHE 135

BY: NSAA

Chapter 6: Hazard and risk assessment

Hazard and operability studies (HAZOP)
Fault tree analysis (FTA)
Event tree analysis (ETA)
Quantitative risk assessment (QRA)

BY: NSAA

Course Learning
Outcomes
The student should be able to:
a)

Define hazard analysis methodology:

HAZOP, FTA and ETA and their application

b)

Define the risk and quantify the risk

involved

BY: NSAA

Hazards

are everywhere

It

is essential to identify hazards and reduce the

risk well in advance of accident

Ask

yourself following questions;

What

are the hazards?

What can go wrong and how?
What are the chances?
What are the consequences?
BY: NSAA

Hazard Evaluation
Techniques
1960 - Present

Safety
Review
Walk
Through
Inspection

1960 - Present

Check Lists

1965 - Present

1970 - Present

Relative
Ranking

Historical
Lists

ICI Mond
Index

Yes / No

Dow FEI

1972 - 1974

PHA

Preliminary
Hazard
Analysis

What if

Brainstorming

Hazardous Mtls
Hazardous Opns

BY: NSAA

1974 - Present

HAZOP

Hazards
Operability
Analysis
Line by Line
Deviation
Analysis

When to perform?
-At the initial design stage.
-During ongoing operation.

Hazard evaluation

Hazard
identification ha

BY: NSAA

What can go wrong?

What are the
consequences?
How likely is it to
happen?

Risk
assessment

Definition
Risk = Severity x Likelihood

Extent of Damage
Fatality
Injuries
Losses

Analysis based on design

and modeling equations

Likelihood of event
Based of failure
frequency of process
components
Analysis based on
manufacturers and
historical data

Quantitative risk assessment (QRA) is a formalised

specialist method for calculating individual,
environmental, employee and public risk levels
for comparison with regulatory risk criteria

What is QRA?
Systematic

methodology to assess risks associated any

installation
Taking

into consideration all forms of hazards

Uses design information and historical data to estimate frequency
of failure
Uses modelling software to assess consequence
Where/when
CIMAH

is QRA needed

1996 part of CIMAH safety report

EQA 1985 a section under EIA

Concept Definitions
Risk

Intrinsic
Hazards

Undesirabl
e Event
Cause
s

Likelihood
of Event

Consequenc
es
Likelihood of
Consequence
s

Concept Definitions
Risk Layers of

Layers of
Protection

Protection

Intrinsic
Hazards

Undesirabl
e Event
Cause
s

Preventio
n

Likelihood
of Event

Preparedness,
Mitigation,
Land Use
Planning,
Response,
Recovery

Layers of Protection are

used to enhance the safe
operation. Their primary
purpose is to determine if
there are sufficient layers
of protection against an
accident scenario Can
the risk of this scenario be
tolerated?

Consequenc
es
Likelihood of
Consequence
s

Methodology
Hazard
Identification

Consequence
Analysis

Frequency
Analysis

Risk Estimation
and Evaluation
Risk
Management

Hazard Identification
Hazard
Hazard
Identificatio
Identificatio
n
n

Purpose:

to identify plausible hazard

conditions

Hazard

can be from human, situational,

chemical, physical, mechanical, external
threats

Consequen
Consequen
ce
ce
Analysis
Analysis

Frequency
Frequency
Analysis
Analysis

Methods
Preliminary

Hazard Analysis
Detailed Hazard Analysis
Check-list,

etc.

HAZOP, Hazard Survey, Safety Review

Risk
Risk
Estimation
Estimation
and
and
Evaluation
Evaluation

Risk
Risk
Manageme
Manageme
nt
nt

Hazard and
Operability(HAZOP) Study
HAZOP?

PROCEDURE

PROCESS

TEAM
END RESULT

DISADVANTAGE

HAZOP Team Members 1

Leader
planning and preparation
act as chairman for meeting

Recorder
participant in study
document the analysis

Designer(s),

process /
project engineers
understand and explain the plant
design
answer questions about the plant
and process

User(s)

may be site representative, operator,

maintenance crew
supply information about the context in
which the system will be used, e.g. site
facilities

Expert(s)

key function is to explore

ask

questions
suggest deviations /
causes / effects

need good knowledge of process chemistry,

or experience of similar plant

HAZOP Team Members 2

Team

may recruit additional members

when required

Typically

to answer specific questions,

e.g.
control engineer
mechanical engineer
occupational health / hygienist
environmental specialists

HAZOP STUDY

Complete identification of hazards from operational

upsets, operational procedures (SOPs) and
equipment failures.
Fewer commissioning and operational problems.
Less down time.
Improved product quality.
Less waste is produced.
Better informed personnel.
Employees confident in the safety of the process.
Could be used as evidence of comprehensive
thoroughness to insurers and inspectors.

TOO LATE??
There may be a tendency not to challenge an already
existing design.
Changes may come too late, possibly requiring redesign of
the process.
There may be loss of operability and design decision data
used to generate the design.

HAZOP Study Procedure

GUIDE WORDS *

POSSIBLE CAUSES
DEVIATION ( FROM DESIGN AND/OR
OPERATING INTENT )

CONSEQUENCES
ACTION(S) REQUIRED OR RECOMMENDEED

Process HAZOP worksheet

Hazards and Operability Review
Project
Name:

Date:

Page

of

Process :
Section:

Item

Ref.
Drawi
ng:
Study
node

Process
Parameter

BY: NSAA

Deviations
(guide
words)

Possible
Possible
causes consequenc
es

20

Action
Required

HAZOP Terminology
STUDY LINE/NODE
A specific location
in the process in
which (the
deviations of) the
process intention
are evaluated

RECOMMENDATION
Activities identified
during a HAZOP study
for follow-up. These
may comprise technical
improvements in the
design, modifications in
the status of drawings
and process
descriptions,
procedural measures to
be developed or further
in-depth studies to be
carried out.

PARAMETER
The relevant
parameter for the
condition(s) of the
process

DEVIATION
A way in which the
process conditions
may depart from their
INTENTION.
(Human Error.
Equipment Failure,
External Event)

CAUSES
The reason(s) why the
DEVIATION could occur.
More CAUSES can be
identified for one
DEVIATION.

CONSEQUENCES
The results of the
DEVIATION, in case
it occurs

Guidewords/ Keywords
Guide-word

Meaning

Example

No (not, none)

None of the design intent is

achieved

No flow when production is

expected

More (more of,

higher)

Quantitative increase in a
parameter

Higher temperature than

desired

Less (less of, lower)

Quantitative decrease in a
parameter

Lower pressure than normal

As well as (more
than)

An additional activity occurs

Other valves closed at the

same time (logic fault or
human error)

Part of

Only some of the design intention

is achieved

Only part of the system is shut

down

Reverse

Logical opposite of the design

intention occurs

Back-flow when the system

shuts down

Other than (Other)

Complete substitution another

activity takes place

Liquids in the gas piping

Sooner than

The timing is different from the

intention

Applies to process steps or

actions

Later than

The step (or part of it) is effected

out of sequence

Applies to process steps or

actions

BY: NSAAelse
Where

22
HAZOP STUDY
http://www.cbme.ust.hk/hazop/4round
Applicable
for flows,KIT:
transfer,
Applies to process
location, or
sources and destinations
locations in operating

Valid guide word and process parameter

combinations for process lines

No, not,
none

More,
higher,
greater

Les
s,
low
er

As
well
as

Part
of

Re
ve
rse

Oth
er
tha
n

Soon
er,
faster

Later,
slower

Temperature

Pressure

pH

Viscosity

Process
parameters
Flow

Concentration

State

BY: NSAA

23

Wh
ere
else

Valid guide word and process parameter

combinations for process vessels
No, not,
none

More,
higher,
greater

Les
s,
low
er

As
well
as

Part
of

Temperature

Pressure

pH

Viscosity

Process
parameters
Level

Concentration

Oth
er
tha
n

Soon
er,
faster

Later,
slower

Wh
ere
else

Agitation

Volume

Reaction

State

BY: NSAA

x
x

Re
ve
rse

24

Guidewords + Parameter
Some examples of combinations of guide-words and
parameters:
NO

FLOW

Wrong

flow path blockage burst pipe large leak equipment

failure incorrect pressure differential

MORE

FLOW

MORE

TEMPERATURE

Increase

pumping capacity increased suction pressure greater

fluid density control faults

Ambient

conditions failed exchanger tubes fire situation cooling

water failure defective control internal fires
25
BY: NSAA

HAZOP example a bit of

P&I

HAZOP example output

Preliminary HAZOP
Example
Refer to reactor system shown.
Monome
r
Feed

Cooling
Coils

Cooling
Water
to
Sewer

Coolin
g
Water
In
TC

Thermocouple

BY: NSAA

The reaction is exothermic. A

cooling system is provided to
remove the excess energy of
reaction. In the event of cooling
function is lost, the temperature
of reactor would increase. This
would lead to an increase in
reaction
rate
leading
to
additional energy release.
The result could be a runaway
reaction
with
pressures
exceeding the bursting pressure
of the reactor. The temperature
within the reactor is measured
and is used to control the
28
cooling water flow rate by a
valve.

Frequency Analysis
Sometimes

Hazard
Hazard
Identific
Identific
ation
ation

referred to as Hazard Analysis

Purpose:

To estimate the likelihood for a

hazard scenario to occur

Methods
Event-Tree

Analysis
Fault-Tree Analysis

Conseq
Conseq
uence
uence
Analysi
Analysi
s
s

Freque
Freque
ncy
ncy
Analysi
Analysi
s
s

Risk
Risk
Estimat
Estimat
ion
ion and
and
Evaluat
Evaluat
ion
ion

Risk
Risk
Manag
Manag
ement
ement

Inductive and Deductive

Modeling are the Two Basic Types
of Modeling
Inductive

models forwardly induce the

consequences

of an INTIATING event.

Deductive

models backwardly deduce the

causes of
An TOP event.

BY: NSAA

30

FTA_Logic gates
(AND and OR gates)

All of
these
failures
must
occur

TOP
EVENT
AN
D

OR gate
means
that:
For this
upper
failure
to occur

TOP
EVENT
OR

AND
gate
means
that:
For this
upper
failure
to occur

One of
these
failures
must
occur
A and B is
basic event
BY: NSAA

31

Steps in Constructing Fault Tree

BY: NSAA

32

Probability theory
Time

interval between two failures of the

component is called the mean time between
1
failures (MTBF)
MTBF

(Eq.1)

Eq 1 only valid for a constant failure rate,

(faults/time)
BY: NSAA

33

Failure Rates Data

Instrument
Faults/year
Controller
0.29
Control valve
0.60
Flow measurements (fluids)
Flow measurements (solids)
Flow switch
1.12
Gas liquid chromatograph
Hand valve
0.13
Indicator lamp
0.044
Level measurements (liquids)
Level measurements (solids)

1.14
3.75
30.6

1.70
6.86

Failure Rates Data

Some

data are per hour

Failure

Failure

Frequency

Frequency (hr-

Component
Gasket Failure

(hr-1)

Component
Pump Seal

(leak)
Gasket Failure

1.00 x 10-06

Failure

8.00 x 10-07

(total)
Pipe Rupture

1.00 x 10-07

Alarm Failure
Operator

1.00 x 10-05

(> 3 in)
Pipe Rupture

1.00 x 10-10

Error
Hose

2.00 x 10-05

(< 3 in)

1.00 x 10-09

Rupture

2.00 x 10-05

Valve Rupture

1.00 x 10-08

Example 1
The

water flow to a chemical reactor cooling coil is

controlled by the system shown in figure. The flow
is measured by a differential pressure (DP) device,
the controller decides on an appropriate control
strategy and the control valve manipulates the
flow of coolant. Determine the overall failure rate,
the unreliability, the reliability and the MTBF for
this system. Assume a 1-year period of operation.

Frequency, Reliability and Probability

Component

Control
Valve
Controller
DP Cell

Failure
Rate
(faults/year)
0.6

Reliability
R=e(-mt)

Failure
Probability
P=1-R

0.55

0.45

0.29
1.41

0.75
0.24

0.25
0.76

p = 1- e-t
where p is the annual probability of occurrence,
is the annual frequency and t is time period
(i.e., 1 year).
Conversion is important in OR gate
(dimensional homogeneity)

EXAMPLE_FTA

a)

A diagram of the safety system in a certain chemical reactor is

shown below. This reactor consist a high pressure alarm to alert
operator in the event of dangerous reactor pressures. It consists
of a pressure switch within the reactor connected to an alarm
indicator. For additional safety, an automatic high pressure
reactor shutdown system is installed. This system is activated at
a pressure somewhat higher than the alarm system and consists
of a pressure switch connected to a solenoid valve in the reactor
feed line. The automatic system stops flow of reactant in the
event of dangerous pressures. Develop a fault tree for the top
event overpressuring of reactor.

ETA_Initiating Event, Barrier &

Consequence
ETA

begin with an initiating event and work toward a final

result

This

method provides information on how failure can occur

Barrier1
Barrier2 Barrier3 Barrier4
and probability
of occurrence

Initiating event

An initiating event - first significant deviation from a normal situation that may
lead to unwanted consequences (e.g., gas leak, falling object, start of fire)
Barriers are also called safety functions or protection layers, and may be
technical and/or administrative (organizational). Should be listed in sequence of
activation.
BY: NSAA

40

Steps in Constructing Event Tree

BY: NSAA

41

EXAMPLE_ETA

A high temperature alarm has to be installed to warn the

operator of a high temperature within the reactor. Four safety
functions are identified. The first safety function is the high
temperature alarm. The second safety function is the operator
noticing the high reactor temperature during normal inspection.
The third safety function is the operator reestablishing the
coolant flow by correcting the problem in time. The final safety
function is invoked by the operator performing an emergency
shutdown of the reactor. Develop an event tree for the system
using loss of cooling as a initiating event

EVENT TREE ANALYSIS

(ETA)

Simpler than fault-tree

analysis:

Sequence frequencies
are products

Can combine sequences

by taking sums

However, more judgment is

required in how to model a
system as an event tree

Basic goal is to keep the

model as simple as possible:

By taking advantage of
independence and
conditional
independence relations

FAULT TREE ANALYSIS

(FTA)
FTA

is a deductive
approach for resolving
undesired event into its
causes

FTA

permits the hazardous

incident (called the top
event) frequency to be
estimated from a logic
model of the failure
mechanisms of a system.

The

top event is traced

downward to more basic
failures using logic gates to
determine its causes
(BASIC AND INTERMEDIATE)

FTA & ETA

RELATIONSH
IP

FTA- deductive
method
ETA-inductive
method
Top event for fault
tree is initiating
event for event tree
Both are used to
produce complete
picture of an incident

Probabilities and
frequencies are
attached
BY: NSAA

46

Disadvantages &
advantages of FTA

BY: NSAA

47

Consequence Analysis
Purpose:

Hazard
Hazard
Identific
Identific
ation
ation

To assess the extent of

damage

Typical Hazard

Toxic Release, Fire and Explosion

Toxic
Modeling
Release:
Dispersion
Model,
ALOHA

Fire and
explosion:
TNT
equivalent
& TNO
multienergy
method

of hazard scenario
Fatality
Assessment:
Probit Analysis
Nonfatal
Consequence:
Skin-burn,
Property
damage

Conseq
Conseq
uence
uence
Analysi
Analysi
s
s

Freque
Freque
ncy
ncy
Analysi
Analysi
s
s

Risk
Risk
Estimat
Estimat
ion
ion and
and
Evaluat
Evaluat
ion
ion

Risk
Risk
Manag
Manag
ement
ement

TOXIC RELEASE DISPERSION

Wind speed
Atmospheric stability
Ground conditions, buildings,
water, trees
Height of the release above
ground level
Momentum and buoyancy of
the initial material released

PUFF

Factors Influencing Dispersion

Wind speed
Atmospheric stability
Ground conditions, buildings, water, trees
Height of the release above ground level
Momentum and buoyancy of the initial material released
Ref: page

181-186

1. Wind speed
Wind speed

the plume becomes longer and narrower

Substance is carried downwind faster but is diluted faster by a larger

quantity of air.

2. Atmospheric stability
Day

Night

During the day the air

temperature decreases
rapidly with height,
encouraging vertical
motions.

At night the temperature

decrease is less, resulting
in less vertical motion.
Sometimes an inversion will
occur. During an inversion, the
temperature increases with
height, resulting in minimal
vertical motion. This most often
occurs at night as the ground
cools rapidly due to thermal
radiation

Atmospheric stability relates to

vertical mixing of the air.

Day & Night Condition

Air temperature as a function of altitude for day and night

conditions. The temperature gradient affects the vertical
air motion.

3. Ground conditions
Ground

conditions affect the mechanical mixing at the

surface and the wind profile with height. Trees and buildings
increase mixing while lakes and open areas decrease it.

Effect of ground conditions on vertical wind gradient.

4. Height of the release above ground level

The

release height significantly affects ground level

concentrations.

As

the release height increases, ground level concentrations

are reduced since the plume must disperse a greater
distance vertically.

5. Momentum and buoyancy of the initial

material released
The

buoyancy and momentum of the material released

changes the effective height of the release.

The initial acceleration and buoyancy of the released material affects the plume
character. The dispersion models discussed in this chapter represent only
ambient turbulence.

EXPLOSION: TNT EQUIVALENT

TNT

equivalency is a simple method for equating a known

energy of a combustible fuel to an equivalent mass of TNT.

The

approach is based on the assumption that an exploding

fuel mass behaves like exploding TNT on an equivalent
energy basis.

TNT Equivalent
The procedure to estimate the damage associated with an
explosion using the TNT equivalent method is as follows :
1.

Determine the total amount of flammable material involved in the

explosion.

2.

Estimate the explosion efficiency and calculate the equivalent

mass of TNT
m TNT

mH C
E TNT

m TNT is the equivalent mass of TNT (mass) 1120 calories/g ram 4686 kJ/kg.

is the empirical explosion efficiency (unitless)

m
is the mass of hydrocarbo n
E TNT is the energy of explosion of TNT

3. Use the scaling law,

overpressure

ze

to estimate the peak side on

1/ 3
mTNT

Scaled overpressure, ps

1000

100

10

0.1

0.01
0.01

0.1

10

Scaled distance, ze (m/kg1/3)

100

4. Estimate the damage for common structures and process

equipment using table guide.

Example 1
1000 kg of methane escapes from a storage vessel,
mixes with air, and explodes. Determine:
a)

The equivalent amount of TNT. Given Hc of

methane=802.3 kJ/mol

b)

The side-on peak overpressure at a distance of 50

m from the blast

Assume an explosion efficiency of 2%

 TNO

Multi Energy Method

Identifies

confined volumes in a process

Assign relative degree of confinement
Determine the contribution to the overpressure from this
confined volume
Semi empirical curves are used to determine overpressure

Risk Estimation and

Evaluation
Purpose:
To assess Risk and Make Safety

Hazard
Hazard
Identific
Identific
ation
ation

Judgment
Methods
Individual

Risk
Societal Risk
Tolerability

Conseq
Conseq
uence
uence
Analysi
Analysi
s
s

Freque
Freque
ncy
ncy
Analysi
Analysi
s
s

Criteria
Risk
Risk
Estimat
Estimat
ion
ion and
and
Evaluat
Evaluat
ion
ion

Risk
Risk
Manag
Manag
ement
ement

Risk Estimation and

Evaluation
Purpose:
To assess Risk and Make Safety

Hazard
Hazard
Identific
Identific
ation
ation

Judgment
Methods
Individual

Risk
Societal Risk
Tolerability

Conseq
Conseq
uence
uence
Analysi
Analysi
s
s

Freque
Freque
ncy
ncy
Analysi
Analysi
s
s

Criteria
Risk
Risk
Estimat
Estimat
ion
ion and
and
Evaluat
Evaluat
ion
ion

Risk
Risk
Manag
Manag
ement
ement

Two distinct categories of Risks

Voluntary

Risks

e.g.

driving or riding in an automobile,

and working in an industrial facility.

Involuntary
e.g.

Risks

exposure to lighting, disease,

typhoons and persons in residential or
recreational areas near the industrial
facilities.

Examples of risks associated with

activities

Individual Risk
Individual

risk is defined formally (by Institution

of Chemical Engineering, UK) as the frequency
at which an individual may be expected to
sustain a given level of harm from the
realization of specified hazards. It is usually
taken to be the risk of death, and usually
expressed as a risk per year.

The

term individual may be a member of a

certain group of workers on a facility, or a
member of the public, or anything as defined by
the QRA.

Location Specific Individual

Risk

IRx ,y ,i pi fi
IRx,y,i

is the individual risk at location (x,y) due to event

i,
pi

is the probability of fatality due to incident i at

location (x,y). This is normally determined by FTA

fi

is the frequency of incident outcome case i, (per year).

This value can be determined using Probit Analysis

When there are more than one release

events, the cumulative risk at location
(x,y) is given byn equation

IRx ,y IRx ,y ,i
i 1

Average Individual Risk /

Individual Risk Per Annum
The

average individual risk is the average of all

individual risk estimates over a defined or exposed
population. This is useful for example in estimating
the average risk of workers in reference with
existing population. Average individual risk over
exposed population is given by CCPS (1989) as

IRAV

IRx y Px y

x y
,

Px y

x y
,

Here, IRAV is the average individual risk in the exposed

population (probability of fatality per year) and P x, y is
the number of people at location x, y

Example: LSIR for Ship Explosion at a

Proposed Port

1 x 10-5

1 x 10-6

Societal Risk
Societal

risk measures the risk to a group

of people. It is an estimation of risk in term
of both the potential size and likelihood of
incidents with multiple consequences.

The

risk can be represented by FrequencyNumber (F-N) Curve.

Determination of Societal Risk

To

calculate the number of fatalities resulting from each

incident outcome case, the following equation is used:

Ni Px ,y pf ,i
x ,y

Here, Ni is number of fatalities resulting from

Incident Outcome case i, pf,i is the probability of
fatality and Px,y is the number of population.
The cumulative frequency is then calculated
using the following equation:

FN Fi
i

Here, FN is the frequency of all incident outcome cases

affecting N or more people, per year and Fi= is the frequency
of incident outcome case i per year.

Location/ Individual Risk

The annual probability that a person living near a
hazardous facility might die due to potential
accidents in that facility.

Societal Risk
Total expected number of fatalities in a year due
to a hazardous facility.

72

Risk Management
Propose:

to propose mitigating measure to reduce

the potential impact of the hazard and possibly
reduce the risk level

Method
Toxic

release : release mitigation (page 230-231)

Fire and explosion: prevention (Table 7-8 page 365)
Safety procedures and designs (page 579)
Emergency Response Management
Emergency Response Procedure

Hazard
Hazard
Identific
Identific
ation
ation

Conseq
Conseq
uence
uence
Analysi
Analysi
s
s

Freque
Freque
ncy
ncy
Analysi
Analysi
s
s

Risk
Risk
Estimat
Estimat
ion
ion and
and
Evaluat
Evaluat
ion
ion

Risk
Risk
Manag
Manag
ement
ement

for your kind attention