Risk Management Module 4 Summary PDF

The Fundamentals of Asset Integrity Management
Online Training Series Course Summary
COURSE B: THE FUNDAMENTALS OF ASSET INTEGRITY RISK

MANAGEMENT
Module 4: Maintaining effective barriers and human

performance
Barriers and Layers of Protection
The Swiss Cheese Model - This model illustrated having layers of controls both for
Engineering (Control) Systems such as structures, computer programs etc... and
Management (System) Controls such as procedures and human intervention to maybe
put the engineering systems in place and the such. This model shows that there may
be weaknesses in each of the layers represented as "holes". Now the better we
understand what our controls have to do, the better we can identify where those holes
are. The better we can identify those holes, the better we can make them smaller. The
smaller we make them, the less likely we are to be surprised by an incident.
The Bow-tie Model shares the same concept - layers of protection in place and looking
at particular controls to prevent the possible cause resulting in the release of a hazard.
Risk control elements/ systems - Engineered elements/ systems to prevent or mitigate

hazardous events,
The engineering controls exist in both the left and right side of the Bow-Tie Model.
The engineering controls on the left side Prevent a release (Preventative controls e.g.
process monitoring equipment, process alarms, pressure relief valves, corrosion
management systems etc..). And on the right side of the Bow-Tie Model, we have
Mitigative Measures such as secondary containment to contain a release, detect a
release, emergency response equipment, firefighting equipment and so on.
These are all controls that we are going to be reliant on to help us to control risk!
When are risk control systems suitable and sufficient?

In addition to considering control measures to be put in place, we need to assess
whether or not these engineering controls are good enough for preventing release and
risk levels to stay low.
Risk control systems need to be:
Designed to appropriate codes and standards, e.g.:
NACE (H2S)
ASME III (Boilers & pressure vessels)
BS EN 61508 (Programmable Electronic Systems)
Constructed with adequate quality and that proper procedures were in place, utilized
and followed to ensure that the level of risk stays at a manageable level
Risk assessed
Qualitative methods e.g. HAZOP, Bowtie analysis
Quantitative methods e.g. QRA, Fault/ event tree analysis
Maintained at adequate levels over time
Course summary developed by Michelle McIntyre on behalf of Oil and Gas Fundamentals Oil and Gas Fundamentals 2012
THIS IS A CONFIDENTIAL SUMMARY OF THE CONTENTS OF AN ONLINE TRAINING COURSE FOUND AT WWW.OILANDGASFUNDAMENTALS.COM.
IT IS FOR THE REVIEW OF COURSE PARTICIPANTS ONLY AND IS NOT FOR DISSEMINATION COPYRIGHT RESTRICTIONS APPLY
System Criticality
Not all risk control systems are of the same criticality, it depends largely upon
consequences of systems failure in the specific situation under consideration. One can
argue to say that every control we have be it hardware or people based, is in some
way serving to manage some degree of risk - but - then we'd be saying every control
that we have is risk critical!
Why not consider all risk control systems as critical? All risk controls cannot be
considered as critical, for if we were saying this, we won't be able to focus our resources
on the stuff that really matters. We need to get systems and identify the critical systems
that are actively managing the integrity of our assets correctly.
Modern facilities have a large number of risk control systems that could be deemed
Critical. Identifying those that are truly critical allows us to concentrate our efforts
(design, maintenance etc) on those systems.
Typical definitions of safety critical element

Safety Critical Element:
A system, equipment or structural item which could cause or contribute substantially to;
or the purpose of which is to prevent/detect; or mitigate the effect of; a major health,
safety or environmental accident hazard.
This definition includes the elements on both the left and right sides of the Bow-Tie
Model - the preventative measures and the mitigative measures. It also includes
something which may act to cause an incident such as poor structural integrity, failure of
a pressure vessel and so on.
Major Accident Hazard defined as:
Fire, explosion, release of a dangerous substance involving death or serious injury
Any event involving loss of stability of the installation
Collision of a helicopter with the installation
Failure of life support systems for diving operations or
Any event arising from a work activity involving death or serious personal injury to five or
more persons
We tie the criticality of the equipment back to the magnitude of the risk mainly driven by
consequence.
Systematic approach required

We have to have a structured approach in order to identify what we are relying on to manage
the risks.
Once criteria for criticality have been set, hazardous events meeting this criteria need to
be examined to identify the structures, systems and equipment/ components that
prevent or mitigate the event
Examination methods such as HAZID; HAZOP; Bowtie analysis; Scenario sheets;
Fault Trees etc.
We have to ensure that once these systems are in place, they are designed and built properly,
controlled properly and you have to make sure that they continue to function.
Typical safety-critical elements and systems
You may have Safety-critical elements (such as Hydrocarbon Containment, Critical process
trip functions, Relief valves, Fire and Gas Detection, Passive Fire Protection (PFP),
Automatic Fire Water Deluge, Fire Water & Foam Supply System, Blast Overpressure
Protection) may be grouped into / form part of Safety-critical systems (such as Structural
Integrity, Process Containment, Ignition Control, Detection Systems, Protection Systems,
Shutdown Systems, Emergency Response, Life Saving)
Critical risk control systems what do we need them to do?

For Offshore O&G industry these requirements are commonly stated in Performance
Standards.
You must be able to judge if a piece of equipment is any good and whether or not you are
managing your risk effectively, you have to be able to say - do you know what the
equipment has to do?
Once we have identified the Critical Risk Control Systems, now we need to define:
What function they must carry out (capability)
How reliable/ available we need them to be (dependability)
What conditions they need to survive (robustness)
Without knowing these factors, you don't understand what it has to do, how we would
know that its not doing it, and if its not doing it, then how are we to know that the
risks are being managed effectively!
Use HAZOP, QRA etc. to help define performance criteria
Performance standards
A Performance Standard is a statement, either qualitative or quantitative, of the performance
required of a HSE critical system or item of equipment and which is used as the basis for
managing the hazard through the life-cycle of the installation.
Performance Standards are intended to provide assurance by the risk owner/asset manager
that Critical Risk Control Systems are going to remain suitable and will continue to function for
their intended purpose.
FARSI requirements
There are many different ways to define a structural performance standard requirements of
Safety Critical Elements, and the most common one is 'FARSI':
Functionality
Availability/Reliability
Survivability
Interdependence
Functionality performance criteria

Functional Requirements In general terms what the system or sub-system is required
to achieve,
E.g. Sensors positioned so as to detect fire or smoke
Performance Criteria Specifically what measurable performance criteria does this
system or sub-system have to achieve to meet HSE/ Safety Case etc. standard,
E.g. Time to initiate executive actions once a sensor has received suitable stimulus
to place it into alarm condition is not more than 10s
Basis - Why are the performance criteria acceptable, i.e. do they conform to Project,
Company (risk studies we have done), National/ International Standards or Legal
requirements
Other performance criteria

Availability (what proportion of time will it be capable of performing) and Reliability
(how likely is it to operate on demand)
The underlying reliability of all detection devices shall provide for no more than
1% downtime for individual detectors in any 12 month period
Survivability (operate under specified conditions, particularly post event)
F&G System cabinets and the F&G main panel shall survive fire or explosion for
the TR endurance duration (1 hour)
Interactions/ Dependencies (do other systems require to be functional for it to operate)
Fire/ Smoke Detection System have a dependency on Emergency Power and an
interaction with HVAC dampers.
How are controls made effective?

Barriers are a combination of hardware controls and people controls. The role of the people is
to make sure that the hardware continues to function in the way it was intended to function.
Maintenance Management System (MMS)

Maintenance Management System (MMS) is a database that produces bills of work
detailing at set intervals:
Preventative maintenance e.g. motor overhaul;
Inspection requirements e.g. NDT of pipe-work; and
Testing requirements e.g. gas detectors.
MMS assists operators to manage all structures and equipment including Risk Control
Systems. How we will be making sure that the operator has info available to him and ma
make safety critical elements that we've got are going to work when we need them to
work, and that we have all the items that are safety critical within the MMS.
Provides a record of activities carried out - if we have a means of recording what
maintenance has been done, we have a means of assuring ourselves that the equipment
we're relying on is still functioning when we need it to function.
Human factors influencing failures
All the interactions of individuals with each other, with facilities and equipment, and with the
management systems used in their working environment such as facilities and environment,
people and management systems.
Equipment design and controls layout
Displays and alarms
Work practices and procedures
Work management and authorization
Task design and individual/team workload
Process safety culture
Competence - A persons ability to accurately and reliably meet the performance requirements for a defined role.
Asset owners ask themselves - What are the required competencies? Do we need to provide relevant training? We must
assure or verify competencies are in place. And because of the changes in the industry, standards or even equipment
need competencies to be refreshed?
Competence stages for the individual

1. Unconscious incompetence (unaware of limitations)
2. Conscious incompetence (during training and development)
3. Conscious competence (trained and assessed as competent)
4. Unconscious competence (develops good habits)
5. Unconscious incompetence (develops bad habits or lapses)
6. Individual presented with new job or task or assessed as incompetent
Typical competencies
Technician
understands current operating limits; responds to operational alarms
Understands tasks required to successfully operate or verify barriers
Accurately installs and removes temporary inhibits; Identifies and records test results, including defects
Asset Supervisor
Ensures operations are within currently defined envelope
Authorizes barrier tests, temporary inhibitions, etc. based on risk assessment
Monitors barrier performance and ceases operations if barriers unacceptably degraded
Consults technical authority about actual or potential barrier deficiencies
Technical Authority
Develops and defines suitable barrier performance standards
Accurately interprets codes and standards; Advises on test methods and procedures
Risk assesses performance standard variations and test results
For defective barriers, advises whether alternate temporary controls are possible
Asset Manager/Leader
Provides leadership to demonstrate value of effective barriers
Ensures suitable budget and competent resources are available to operate, monitor, test and manage barriers
Monitors major incident leading and lagging indicators; Acts on relevant audit findings
Module 4 - Key learning points

1. Safety critical systems are those engineered systems which prevent or mitigate major hazardous events
2. Performance standards define the performance required of a SCE for its role in managing hazards through the
lifecycle of a facility
3. Performance standards are defined in terms of performance criteria for Functionality, Availability, Reliability,
Survivability, Interdependencies (FARSI)
4. Performance Assurance tasks are carried out, by the Operator, to ensure ongoing suitability of SCEs
5. Reducing the potential for human error is an essential part of asset integrity
6. Competencies for a position or team are analogous to the performance standards developed for a hardware system

Risk Management Module 4 Summary PDF

Uploaded by

Copyright:

Available Formats

Risk Management Module 4 Summary PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management Module 4 Summary PDF

Uploaded by

Copyright:

Available Formats

The Fundamentals of Asset Integrity Management

Online Training Series Course Summary

COURSE B: THE FUNDAMENTALS OF ASSET INTEGRITY RISK

Module 4: Maintaining effective barriers and human

Risk control elements/ systems - Engineered elements/ systems to prevent or mitigate

When are risk control systems suitable and sufficient?

Typical definitions of safety critical element

Systematic approach required

Typical safety-critical elements and systems

Critical risk control systems what do we need them to do?

Functionality performance criteria

Other performance criteria

How are controls made effective?

Maintenance Management System (MMS)

Competence stages for the individual

Module 4 - Key learning points

You might also like