IH/OS Essential Toolbox Tools: What - If/Checklist & Qualitative Risk Analysis 1 Kelsey Forde CIH CSP CHMM Timothy Stirrup REM CHMM Owner, Principal EHS Professional Principal EHS Professional [email protected][email protected](505)967-8917 (505)980-3743 Parvati Consulting LLC …a woman-owned small business… www.parvaticorp.com PDC 1 April 29, 2019 1-5pm ESH for High Technology
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Kelsey Forde CIH CSP CHMM Timothy Stirrup REM CHMMOwner, Principal EHS Professional Principal EHS [email protected][email protected](505)967-8917 (505)980-3743
Parvati Consulting LLC…a woman-owned small business…
Chemical Safety Board Videou Imperial Sugar Company Dust Explosion and Fire
u Port Wentworth, GA – 02/07/2008
u On February 7, 2008, a huge explosion and fire occurred at the Imperial Sugar refinery northwest of Savannah, Georgia, causing 14 deaths and injuring 38 others, including 14 with serious and life-threatening burns. The explosion was fueled by massive accumulations of combustible sugar dust throughout the packaging building.
Redbook Overviewu Describes How Hazard Evaluation Techniques Used
Throughout Life of Process/Facility
u Realistic Hazard Evaluation Expectations for Managers
u What Each Hazard Evaluation Procedure/Technique Provides
u Limitations of Hazard Evaluation Techniques
u Presents Hazard Evaluation Techniques as Integral Part of a Process Safety Management Program
u Hazard Evaluation Following Organized, Formal Process
u Hazard Evaluation Positive Aspects
u Complement Traditional Health & Safety Worker Assessments
u Focus on Process Safety Issues
u Aid in Decisions
u Improving Safety
u Managing Risk of Operations 7
Redbook Overviewu Identify & Analyze the Significance of Hazards/Hazardous
Situations with a Process or Activity
u Pinpoint Weaknesses in Design & Operation of Facilities
u Hazard Evaluation Performed Throughout Life of Process
u Lifecycle Approach
u Early Stages of R&D
u Detailed Design & Construction
u Periodically Throughout Operation
u Decommissioning & Dismantlement
u Efficiently Reveal Deficiencies In Design & Operation
8
Redbook Overview
u Redbook Describes Specific Steps for Performing Hazard Evaluation with Following Techniques:
9
Non-Scenario Based
u Preliminary Hazards Analysis
u Safety Review
u Relative Ranking
u Checklist Analysis
Scenario Based
u What-If Analysis
u What-If/Checklist Analysis
u Hazard & Operability (HazOp) Studies
u Failure Modes & Effects Analysis (FMEA)
u Fault Tree Analysis (FTA)
u Event Tree Analysis (ETA)
u Cause Consequence Analysis (CCA)
Hazard Evaluation Technique Selection
10
See Page 180
Module # 2What-if/Checklist Hazard
Evaluation Technique
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned11
Define What-If Analysisu Checklist Analysis
u Written List of Items or Procedural Steps
u Verify the Status of a System
u What-If Analysis u Brainstorming Approach
u Group of Experienced People with the Subject Process Ask Questions or Voice Concerns About Possible Undesired Events
u What-If/Checklist Analysis u Combines
u Systematic Features of the Checklist Analysis
u Creative, Brainstorming Features of the What-If Analysis
4/29/19 12
Checklistu Purpose:
u Verification of System Status Using Written List of Requirements/Procedural Steps
u Description:
u List of Known Hazards, Design Deficiencies, and Incidents
u List of Requirements/Procedural Steps
u List of Other Parameters (e.g., chemical properties, codes/standards)
u Type of Results:
u Typically List with “No,” “Yes,” or “Not Applicable” & Associated Corrections
u Resource Requirements:
u Information to Create Checklist; Single Analyst; 2 – 12 Days
u Creating Checklist is Intensive Effort
u Analysis Procedure
u Select Checklist
u Perform Walkthrough, Design, Procedure, Codes/Standards Review
u Documenting Results
u Qualitative Report (w/ Completed Checklist) & Recommendations
u Potential for Inherent Safety Review ~ Minimization, Moderation, & Simplification4/29/19 13
What-Ifu Purpose:
u Brainstorming Approach to Identify Hazards/Hazardous Situations, or Event Sequences with Potential Undesirable Consequences ~ May Include Cause/Initiating Events
u Description:
u Use of Facilitator, Scribe, & Team
u Not Inherently Structured, Requires Skilled Facilitator
u Ideally Divide Questions Based on Hazards and/or Process Areas
u What If Can Be Effective & Efficient With Experienced Team/Facilitator
u Type of Results:
u Random Tabular Listing of Hazardous Situations with Consequences & Safeguards
u Resource Requirements:
u Supporting Information; Representative Team; 1 – 29 Days Duration
u Analysis Procedure
u Collect Chemical Data, Process Description, Drawings, & Operating Procedures
u Seed Analysis Tables for Workshop Meetings For Team Brainstorming
u Documenting Results
u Qualitative Report (w/ Completed What If Analysis Worksheet) & Recommendations
u Potential for Inherent Safety Review ~ Resolve “What-If Question”
u May Provide Input into Further More Refine HE Analysis
4/29/19 14
What-If/Checklistu Purpose:
u Systematic Use of Checklist Using Brainstorming Approach to Identify Hazards/Hazardous Situations, or Event Sequences with Potential Undesirable Consequences ~ May Include Cause/Initiating Events
u Description:
u Use of Facilitator, Scribe, & Team ~ Requires Skilled Facilitator
u Structured Approach to Identify All Hazards/Hazardous Situations
u Type of Results:
u Systematic Tabular Listing of Hazardous Situations with Consequences & Safeguards
u Resource Requirements:
u Supporting Information; Representative Team; 1 – 31 Days Duration
u Analysis Procedure
u Collect Chemical Data, Process Description, Drawings, & Operating Procedures
u Seed Analysis Tables for Workshop Meetings For Team Brainstorming
u Qualitatively Determine Significant of Effects and Relative Recommendations
u Documenting Results
u Qualitative Report (w/ Completed What If Analysis Worksheet) & Recommendations
u Potential for Inherent Safety Review ~ Resolve “What-If Question”
u May Provide Input into Further More Refine HE Analysis4/29/19 15
What-If/Checklist Termsu Basic/Common Terms
u Event ID#
u Process/Facility Location
u Hazard Type
u What-If Question/Event Description
u Consequence
u Safeguards/Controls ~ Preventative/Mitigative
u Recommendation & Actions
u Cause
u Initiating Event
u Receptors
u Input into What-If Workshop Table
4/29/19 16
What-If/Checklist Description
4/29/19 17
u Identify Hazards, Hazardous Situations, or Specific Event Sequences that Could Produce Undesirable Consequences
u Experienced Group Identifiesu Abnormal Situations (Events)
u Consequences (Impacts to Receptors)
u Existing Safeguards (Controls)
u Alternatives for Risk Reduction
u Improvement Opportunities
u Inadequate Controls
u Examination Of Possible Deviations From The Design, Construction, Modification, Or Operating Intent
What-If/Checklist Descriptionu Requires Basis Understanding of Process Intention
u Requires Ability to Mentally Combine Possible Deviations From Design Intent that Could Result in Accidents
u Potential Incomplete Results
u Not Using Experienced Facilitator
u Not Using Checklist Approach
u Not Using Complete/Updated Information
4/29/19 18
What-If/Checklist Descriptionu What-If Not Inherently Structured As Other Techniques
u Both Weakness & Strength (Why?)
u Used By Industry at Every Stage of Life Cycle
u Requires Skilled/Experienced Facilitator
u Adapt The Basic Concept To The Specific Application
u Facility Based
u Hazard Based
u Process Based4/29/19 19
What-If/Checklist Descriptionu Concept Encourages Brainstorming of Events That Begin with
What-If
u Not Like Jeopardy To Ask In Form of Question
u What-If Reflects Philosophy Rather Than Structure
u Develop What-If Questions
u Based On Experience
u Applied To Drawings And Process Descriptions
u Brainstorming of “What If” Events
u Across versus Down Worksheet
u Not Necessarily Specific Pattern or Order to Questions
4/29/19 20
What-If/Checklist TableDown vs. Across
4/29/19 21
Event ID #
Process/Facility Location
HazardWhat-If/Event Description
ConsequenceSafeguards/
ControlsRecommendations
& Actions
What-If/Checklist Descriptionu Facilitator Provides Structure/Order to Method
u Determine Structure
u Facility Based
u Hazard Based
u Process Based
u Initiating Event Based (human error, mechanical failure, etc.)
u Application of Checklist
u Scribe Records Events, Consequences, Controls, and Actions
u Questions Divided Into Specific Areas of Investigation Related to Consequences of Concern
u Address Questions By Team of Knowledgeable People
4/29/19 22
Types of Resultsu Simplest Form Generates a List of Questions & Answers
Regarding Process
u Ideally Tabular Listing of Hazardous Situations Together with Consequences, Safeguards, & Risk Reductions
u Results Typically DO NOT Include Ranking or Quantitative Implication for Event
4/29/19 23
Resource Requirementsu Performed at Any Stage of Life Cycle of Process
u Conceptual Through Operation
u Use of Any & All Information Available During Stage of Life Cycle
u Minimum Team (~ 3 People) But Larger Team Preferred
u Better To Use Larger Group for Larger Process
u Than To Use Small Group for Longer Period of Time
u Divide Large Process Into Smaller Segments
4/29/19 24
Resource Requirementsu Once An Organization Gains Experience, The What-if
Method Can Be A Cost Efficient Method For Evaluating Hazards During Any Project Phase
u Time And Costs Of The What-if Analysis Proportional to Complexity and Size of Process
4/29/19 25
Minimum Time Estimates for Using the What-if Analysis Method
Scope Preparation Evaluation Documentation
Small System 4-8 hours 4-8 hours 1-2 days
Large Process 1-3 days 3-5 days 1-3 weeks
Module # 3What-if/Checklist Worked Example
Redbook as a Resource
What-if/Checklist Hazard Evaluation Technique
What-if/Checklist Worked Example
Qualitative Risk Analysis Methodology/Development
Qualitative Risk Analysis Application & Worked Example
Lessons Learned26
~Worked Example~
Refer to Handouts
27
Worked Example
u Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level28
Defining Scope
Discussion
29
DAP Example
30
See Page 97
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
31
Hazard Identification
Discussion
32
Hazard Identification Output
33
Hazard Identification Output
u Chemicalsu Anhydrous Ammonia
(liquid & vapor)
u Phosphoric Acid
u Sulfuric Acid
u Mono Ammonium Phosphate
u Diammonium Phosphate
u Urea
u Chemical Reactions
u Incompatibility
u Flammability
u Mechanical
u Heat/Elevated Temperature
u Open Storage Tank/Drowning
u Confined Space
u Electrical34
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
35
Anatomy of Loss Event
36
See Page 218
Loss Events
Discussion
37
Loss Events
38
Loss Events
u Release of Phosphoric Acid Into Work Area
u Vessel Overflow
u Unreacted Product
u Release of Ammonia Gas Into Work Areau Vessel Overflow
u Unreacted Product
u Release of DAP Into Work Area
u Vessel Overflow39
Worked Exampleu Read DAP Manufacturing Handout
u Identify Hazards
u Identify Loss Events
u Brainstorm Potential Scenarios
u Identify Unmitigated Consequence
u Identify Unmitigated Frequency
u Assign Unmitigated Risk Level
u Derive Controls
u Identify Mitigated Frequency
u Identify Mitigated Consequence
u Assign Mitigated Risk Level
40
Worked Example – What-If/Checklist Table
41
ID # Facility/AreaProcess/ Activity
HazardWhat-If
DescriptionConsequence
Worked Example – What-If/Checklist Table
42
ID # Facility/AreaProcess/ Activity
HazardWhat-If
DescriptionConsequence
DAP-1 DAP-1 DAP Reactor Ammonia
DAP-2 DAP-1 DAP Reactor Ammonia
DAP-3 DAP-1 DAP Reactor Ammonia
DAP-4 DAP-1 DAP Reactor Ammonia
DAP-5 DAP-1 DAP Reactor Ammonia
DAP-6 DAP-1 DAP Reactor Ammonia
DAP-7 DAP-1 DAP Reactor Ammonia
Worked Example – What-If/Checklist Table
43
ID #Facility/
AreaProcess/ Activity
Hazard What-If Description Consequence
DAP-1 DAP-1 DAP Reactor Ammonia Vessel Overflow due to excess flow from unloading storage
DAP-2 DAP-1 DAP Reactor Ammonia Vessel overflow due to vessel overpressure from increased temperatures
DAP-3 DAP-1 DAP Reactor Ammonia Vessel overflow due to excess flow from vessel/piping integrity failure
DAP-4 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from excess ammonia
DAP-5 DAP-1 DAP Reactor Ammonia Unreacted ammonia carryover into DAP storage tank from decreased phosphoric acid feed
DAP-6 DAP-1 DAP Reactor Ammonia Unreacted ammonia from excess ammonia and phosphoric acid
DAP-7 DAP-1 DAP Reactor Ammonia Unreacted ammonia from increasedtemperatures in DAP reaction vessel
~BREAK~
Refer to Handouts
44
Chemical Safety Board Videou Inherently Safer: The Future of Risk Reduction
u Emergency Response Safety Message
u A CSB safety message that includes an interim 2D animation highlighting emergency response efforts at Husky Energy's Superior Refinery during the April 26, 2018, explosion and subsequent asphalt fire. The CSB's investigation is ongoing and a final report including findings and recommendations will be released in 2019.
Qualitative Risk Analysis Application & Worked Example
Lessons Learned46
Starting Pointu Task at Hand: Determine Most Effective Controls for
Hazardous Operation
ü Completed Hazard Identification
ü Completed Hazard Evaluation Technique
ü Identified Potential Upset Conditions
ü Identified Potential Consequences Limited Resources
o Budget
o Schedule
o Staff
Starting Pointü Need Method to Rank Consequence ~ Focus Analysis
ü Unmitigated Consequence
ü Simple Consequence Ranking
ü Qualitative Assignment of Consequence
ü Need Method to Derive Controls
ü Unmitigated Likelihood
ü Unmitigated Risk
u Consequence x Likelihood = Risk
Scenario-Based Hazard Evaluation
49
See Page 213
What Is A Qualitative Risk Matrix
üQualitative Risk Analysis
üProcess of grading risk in terms of likelihood and consequence using a predefined ranking system.
üQualitative Risk Matrix
ü Effective Tool to Make Risk Based Decisions
ü Visual Aid in Assigning Risk
ü Unmitigated Risk
ü Visual Aid in Deriving Control Adequacy
ü Mitigated Risk
Likelihood & Consequence
Likelihood & Consequence
Likelihood & Consequence
Matrix Development ~ Simple
Consequence
Bad Not So Bad
Matrix Development ~ Simple 2 x 2
Consequence
Never, Not So Bad
Always,Not So Bad
Like
lihoo
d
Never, Bad
Always,Bad
Risk
Never
Always
Not So Bad Bad
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Risk
Acceptable Risk
Vs
Unacceptable Risk
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development ~ Balance 3 x 3
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Matrix Development ~ Balanced 4 x 4
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development – Balance 4 x 4
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development ~ Risk Limiting
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Matrix Development ~ Risk Taking
Consequence
Like
lihoo
dLikely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible
Example Risk Matrix – ?
65
Likelihood
Cons
eque
nce
M
H
L
N
AUEUBEU
Matrix Development – Balance 5 x 5
Consequence
Like
lihoo
d
Likely
Medium High
Very Likely
Unlikely
Low
Extremely Unlikely
Negligible Very High
Anticipated
Matrix Development ~ Simplified Rulesü Develop Consequence Definitions
ü Gradient of Consequence
ü Three = 3 x 3
ü Four = 4 x 4
ü Five = 5 x 5
ü Include Lowest
ü Develop Likelihood Definitions
ü Match # Consequence
ü Include Lowest
Matrix Development ~ Simplified Rules
ü Colors
ü Three Colors Minimum
ü Maximum Colors Match Matrix
ü Don’t Jump Colors with Adjacent Bins
ü Determine Balance of Risk
Consequence (C) Level
(Abbreviation)
Offsite Immediate Worker Site Worker
High (H)C≥ 25.0
remPrompt worker fatality or acute injury that is immediately life- threatening or permanently disablingORRadiological consequences≥ 100 remORRadioactive material quantity exceed Hazard Category 3 threshold (per DOE-STD-1027-923)
C ≥ 100.0 remORPrompt worker fatality or acute injury that is immediately life-threatening or permanently disabling
Moderate (M) 5.0 ≤ C < 25.0rem
Serious injury, no immediate loss of life, no permanent disabilities; hospitalization requiredORRadiological consequences 25 ≤ C < 100 rem
25.0 ≤ C < 100.0 remORSerious injury, no immediate loss of life, no permanent disabilities; hospitalization required
Low (L) 0.5 ≤ C < 5.0rem
Minor injuries; no hospitalizationORRadiological consequences 5 ≤ C < 25 rem
5.0 ≤ C < 25.0 remORMinor injuries; no hospitalization
Negligible (N) C < 0.5rem
Consequences less than those for Low Consequence Level ORC < 5.0 rem
C < 5.0 remORConsequences less than those for Low Consequence Level
Matrix Development ~ Consequence
Event Frequency Code Description
Anticipated (A)
Accidents that may occur several times during the life cycle of the facility (accidents that commonly occur)
Unlikely (U)
Accidents that are not anticipated to occur during the lifecycle of the facility. Natural phenomena of thisprobability class include the following: InternationalBuilding Code- level earthquake, maximum wind gust,etc.
Extremely Unlikely (EU)
Accidents that probably do not occur during the life cycle of the facility
Beyond Extremely Unlikely (BEU) All other accidents
Matrix Development ~ Frequency
Matrix Development ~ Z AxisCo
nseq
uenc
e
Likelihood
Cons
eque
nce
Likelihood
Rece
ptor
s
What Do We Use QRA For?
72
Adequacy of Safeguards
73
ü Redbook Chapter 7 – Risk Based Determination of the Adequacy of Safeguards
ü Hazards Evaluation Question/Answer
ü What Can Go Wrong?
ü What Safeguards Are In Place?
ü Now Ask Safeguards Adequacy
ü How Safe is Safe Enough?
ü How Many Protection Layers Are Needed?
ü How Much Risk Reduction Should Each Layer Provide?
Adequacy of Safeguards
74
üExperienced-Based Action Decisions
ü Comparison Against Established Practices
ü Comparison Against Known Codes & Standards
ü Checklist Approach
üRisk-Based Action Decision
ü Consequence x Frequency = Risk
ü (impact/event) x (event/time) = impact/time
ü Time = year, life of facility, operation campaign, etc.
ü Injuries Per Year, Fatalities Per Year, Loss $ PerYear
üEstimate Scenario Risk Then DetermineAcceptance
Adequacy of Safeguards
75
ü Identification of Scenarios Using Scenario Based HE Method
ü Develop Cause-Consequence Pairs
ü Cause = Frequency
üSeverity of Consequences
ü Remember Difference Between Loss Event &Impact
ü Loss Event ~ Irreversible Point in Event
ü Supports Prevention versus Mitigation of Event
ü Qualitative Versus Quantitative Assignment of Consequence Severity
Adequacy of Safeguards
76
üWorst-Case Impacts = Unmitigated Consequence
üBalance Between Use of Unmitigated versusMitigated
ü Unmitigated Overstates Risk
ü Mitigated Overshadows Risk
ü Initial Conditions & Assumptions
üQualitative Risk Analysis
ü Consequence and/or Frequency
Adequacy of Safeguards
77
ü Events with Consequences of Concern Estimate How Likely Event to Occur
ü Initiating Cause Frequency x Control FailureProbability
ü Unmitigated Versus Mitigated
üScenario Frequency x Scenario Impact = Scenario Risk
Adequacy of Safeguards
78
üQuantitative Risk Versus Qualitative Risk
ü Quantitative Using Direct Calculation
ü Qualitative Using Risk Matrix
üRisk Matrices Tool For Relating Likelihood & Severity (Risk)
ü To Defined Risk Boundaries
ü To Risk Reduction Requirements
ü Comparative Value for Risk Binning
üUnmitigated Compared to Mitigated
ü Determine Control Adequacy
Anatomy of Loss Event
79
See Page 218
Adequacy of Safeguards
üPreventative Controlsü Reduce Frequencyü Prevent Loss Event
üMitigative Controlsü Reduce Consequenceü Mitigate Loss Event
Adequacy of Safeguardsü Follow Hierarchy of Controls
ü Prevent vs Mitigate
Adequacy of Safeguards
3 4
Frequency
Cons
eque
nce
4
2 3 4
1 2 3M
EU BEU
H
L
U
4
4
4
1 1 2 3
N
A
Adequacy of Safeguards
Scenario
Consequence
Frequency
Risk Controls
Consequence
Frequency
Risk
1 H A 1 P-1M-1
M U 2
2 H EU 2 P-1M-1
M BEU 4
3 M U 2 P-1M-1
L EU 4
4 M EU 3 P-1M-1
L BEU 4
5 L EU 4 P-1M-1
N BEU 4
Adequacy of Safeguards
Scenario
Consequence
Frequency
Risk Controls Consequence
Frequency
Risk
1 H A 1 P-1M-2
L U 3
2 H EU 2 P-1 H BEU 3
3 M U 2 P-1 L U 3
4 M EU 3 P-1M-1
L BEU 4
5 L EU 4 - - - -
QRA Examples
85
Example - ConsequenceDetermination
See Page 215
Table 7.2 Example of EHS impact categories and magnitudes used in hazard evaluations