01 Hazard-Identification PDF

Risk Management
Hazard Identification
Review
Risk
Analysis
Risk
Assessment
Risk
Management
2
QRA Steps
Dengan panjangnya rantai risiko (risk chains) maka upaya-upaya
berikut akan menjadi sangat penting disetiap akitivitas rekayasa:
1. Pendiskripsian risiko. Setiap aktivitas rekayasa akan berimplikasi

pada risiko yang berbeda-beda. Pemahaman terhadap risiko yang
mungkin (probable risk) serta risiko yang potensial (potential risk)
menjadi sangat penting di awal setiap aktivitas penilaian risiko.
2. Penentuan standar acuan. Penilaian risiko membutuhkan acuan

standar penilaian risiko. Pada penilaian risiko objek yang sama
pun penentuan standar acuan menjadi penting mengingat ada
beberapa standar yang mungkin digunakan dalam penilaian risiko
tersebut. Standar acuan penilaian risiko umumnya dikeluarkan oleh
organisasi professional atau lembaga-lembaga lainnya (contoh :
API, ASME, DNV, ABS, SNI, dll). Standar acuan yang digunakan
cenderung menggunakan standar yang paling umum digunakan di
3
dunia profesional.
QRA Steps
3. Penentuan data pendukung. Setiap aktivitas rekayasa akan berimplikasi pada
risiko yang spesifik. Setiap jenis risiko yang spesifik tersebut akan berimplikasi pula
pada data yang berbeda. Sebagai contoh, dalam menilai risiko yang mungkin
terjadi pada pipa gas bawah laut akibat kejatuhan jangkar kapal (dropped
anchor) akan membutuhkan data-data seperti data kapal, data jangkar, data
kedalaman perairan, data arus, data gelombang, data pasang surut, data pipa gas itu
sendiri, dan data-data lainnya. Sementara itu, dalam menilai risiko pipa gas
bawah laut akibat gempa akan membutuhkan data potensi gempa, data struktur
lapisan dasar laut serta data lainnya yang berbeda dengan kebutuhan data
untuk menilai risiko pipa gas bawah laut akibat kejatuhan jangkar.
4. Analisa frekuensi dan analisa konsekuensi. Risiko acap kali diartikan sebagai
perkalian/penggabungan antara frekuensi dan konsekuensi (sekalipun tidak
berarti secara harafiah dikalikan/digabungkan). Dalam konteks ini analisa dapat
dilakukan secara kuantitatif ataupun kualitatif. Analisa frekuensi akan menjawab
seberapa sering/mungkin sebuah bahaya (hazard) akan muncul dan analisa
konsekuensi akan menjawab apa implikasi yang mungkin muncul jika kejadian
bahaya tersebut muncul.
4
QRA Steps
5. Penentuan tingkat risiko.
Tingkat risiko selanjutnya dapat ditentukan dengan
mengacu pada standar yang telah ditetapkan
sebelumnya. Umumnya tingkat risiko tidak
direpresentasikan secara kuantitatif, namun lebih
sering diwujudkan dalam bentuk level/rangking
risiko (grading).
Beberapa standar merepresentasikan risiko dalam

beberapa tingkatan/level seperti high (tinggi),
medium (sedang), low(rendah), atau dengan
menggunakan tingkatan lainnya seperti acceptable
(diterima), ALARP (as low as reasonably
practicable)serta unacceptable (tidak dapat diterima).
5
What is QRA Used for?

The objectives of a QRA may include:
• Identifying the main contributors to the risk. This helps understanding of the nature
of the hazards and suggests possible targets for risk reduction measures.
• Defining design accident scenarios. These can be used as a design basis for
understanding the frequency or consequence model.
• Estimating risk levels and assessing their significance. This helps decide whether or
not the risks need to be reduced.
• Comparing design options. This gives input on risk issues for the selection of a
concept design.
• Evaluating risk reduction measures. QRA can be linked to a cost-benefit analysis, to
help choose the most cost-effective ways of reducing the risk.
• Demonstrating acceptability to regulators and the workforce. QRA can show
whether the risks have been made ‘as low as reasonably practicable’.
• Identifying safety-critical procedures and equipment. These are critical for
minimizing risks, and need close attention during operation.
• Identifying accident precursors, which may be monitored during operation to
provide warning of adverse trends in incidents.
• Etc.
6
What is QRA refer to?
Codes/Standards which Address
Risk Assessment
Nuclear Regulatory Commission (NRC)
NUREG/CR-2815 - Probabilistic Safety Analysis Procedures Guide
American Institute of Chemical Engineers
Guidelines for Chemical Process Quantitative Risk Analysis & Hazard
Evaluation Procedures
OSHA (Occupational Safety and Health Administration) 29 CFR
1910.119
PSM of Highly Hazardous Chemicals
Environmental Protection Agency (EPA) Risk Management Plan
(RMP)
American National Standards Institute - ANSI/ISA 84-01 - 1996
Application of Safety Instrumented Systems for the Process Industries

Risk Assessment
ANSI B11.TR3-2000
Risk Assessment & Risk Reduction - A Guide to
Estimate, Evaluate & Reduce Risks Associated with
Machine Tools
EN1050
Safety of machinery - Principles for risk assessment
SEMI
S10 - Safety Guideline for Risk Assessment
S14 - Safety Guide for Fire Assessment & Mitigation
for Semiconductor Manufacturing Equipment
8
Risk Assessment
IEC 61508
Functional Safety of Electrical/Electronic/ Programmable
Electronics Related Systems
International Code Council (ICC)
Performance Code for Buildings & Facilities
Semiconductor Safety Association (Europe)
Risk Assessment for Semiconductor Manufacture
International Sematech
Hazards Analysis Guide: A Reference Manual for Analyzing
Safety Hazards on Semiconductor Manufacturing
Equipment
9

Risk Assessment
NFPA 551 (Proposed)
Guide for Evaluation of Fire Risk Assessments
10
Example:
DNV initiative for Classification And Regulatory Compliance
11
Example: What is QRA refer to?

DNV initiative for Classification And Regulatory Compliance
12
QRA Methods
13
14
Hazard is defined as:
Hazard - Definition
Interpreted:
“Any activity, procedure, plant, process, substance, situation or
other circumstance that has the potential to cause harm.”
“Anything that has the potential to cause harm, ill health

and injury, damage to property, products or the
environment, production losses or increase liabilities”
At workplace categorized:
Physical, Chemical, Biological & Physcosocial
Hazard
15
HAZID - Introduction
HAZID is critical to safety duties and the safety
report
Employer must identify all major accidents
and their related causes using a systematic
and documented HAZID approach
The process must be transparent
HAZID results must be reflected in risk
assessment, adoption of control measures
and safety report
16
An example - Gramercy Alumina Refinery, US Department of Labor Report ID
No. 16-00352, 5 July 1999 at 5am
17
Were the hazards identified?

18
HAZID process must be ongoing to ensure existing
hazards are known, and
New hazards recognised before they are introduced:
Prior to modification of facility
Prior to change in workforce
Before and during abnormal operations,
troubleshooting
Plant condition monitoring, early warning signals
Employee feedback from routine participation in work
After an incident
19
HAZID Requirements
A systematic, transparent and comprehensive HAZID
process should be used based on a comprehensive and
accurate description of the facility
The underlying hazards should not be disregarded
simply because:
They appear to be very unlikely
They have not happened previously
They are considered to be adequately controlled by
existing measures
20
HAZID Requirements
The risk diagram can be useful for illustrating this aspect, as
shown below
Increasing risk
Relative Frequency of Occurrence
Breakdowns Safety Report Influence

Public criticism
High technology and high
Staff Protest pickets hazard system failures
complaints Personal injury Class actions
Industrial Market collapse
stoppage Fatality (fatalities)
Fire &
Maintenance OH&S Catastrophic
Explosion
Consequence Severity 21
HAZID Approach
• What can go wrong?

• What incidents or scenarios could
arise as a result of things going
wrong?
• What could cause or could
contribute to these incidents?
22
HAZID Approach
Considers all operating modes of the facility,
and all activities that are expected to occur
Human and system interfaces together with
engineering issues
Dynamic process to stay ahead of any changes
in the facility that could erode the safe
operating envelope or could introduce new
hazards
23
HAZID Approach
The HAZID approach is required to:
Be team-based
Use a process that is systematic
Be pro-active in searching for hazards
Assess all hazards
Analyze existing controls and barriers -
preventative and mitigative
Consider size and complexity in selecting approach
to use
24
HAZID Approach
Consideration needs to be given in selecting the
HAZID technique
Some issues to take into account are:
Life cycle phase of plant
Complexity and size
Type of Process or activity covering:
o Engineering or procedural
o Mechanical, process, or activity focussed
25
Conducting HAZID
Consider Past, Present and Future
What has gone wrong in the past?
Root Cause
Historical Historical Records
conditions Process Experience
Near Misses
Identified
What could go wrong currently?
Hazards
HAZID Workshop
Existing HAZOP Study
conditions Scenario Definitions
Checklists
What could go wrong due to change?

Change Management unforeseeable
Future What-If Judgement
conditions Prediction
26
Conducting HAZID
It is tempting to disregard “Non-Credible”
Scenarios BUT
“Non-credible” scenarios have happened to

others
Worst cases are important to emergency
planning
27
It happened to someone else
Aftermath of an explosion
(U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, SIERRA
28
CHEMICAL COMPANY REPORT NO. 98-001-I-NV, January 1988)
It happened to someone else
Natural gas explosion in eastern Washington: 1 sent to Portland with burns,

29
400 evacuated
Conducting the HAZID

Issues for consideration
Equipment can be off-line
Safety devices can be disabled or fail to operate
Several tasks may be concurrent
Procedures are not always followed
People are not always available
How we act is not always how we plan to act
Things can take twice as long as planned
Abnormal conditions can cross section limits
o Power failure
30
Conducting HAZID – HAZID Process
Define boundary System description
Divide system into sections
Analyse each section

• asset or equipment failure
• external events Existing studies
• process operational deviations
• hazards associated with all materials Selected methods
• human activities which could contribute to incidents
• interactions with other sections of the facility
Systematically record all hazards
Independent check
Hazard Register Revisit after risk assessment

31
HAZID Techniques
Checklists - questions to assist in hazard
identification
Increasing effort required
Brainstorming - whatever anyone can think of

What If Analysis - possible outcomes of change
HAZOP - identifies “process plant” type incidents
FMEA/FMECA - equipment failure causes
Task Analysis – maintenance activities, procedures
Fault Tree Analysis - combinations of failures
Event Tree Analysis – Tracing the possible outcomes
from the accident event
More useful for in the evaluation of hazards and
quantification rather than identification of hazards
32
Checklist
33
Checklist
A detailed list of questions used to verify
compliance with established practices and
standards
SCOPE PREPARATION EVALUATION DOCUMENTATION
Simple / Small 2 to 4 hours 4 to 8 hours 4 to 8 hours

Product / System
Complex / Large 1 to 3 days 3 to 5 days 2 to 4 days

Product / System
34
Checklist
Simple set of prompts or checklist questions
to assist in hazard identification
Can be used in combination with any other
techniques, such as “What If”
Can be developed progressively to capture
corporate learning of organisation
Particularly useful in early analysis of change
within projects
35
Checklist
Initiating General Causes Initiating Causes
Events
Overfills And Improper Operating Error
Spills Operation Inadequate / Incorrect Procedure
Failure To Follow Procedure
Outside Operating Envelope
Inadequate Training
Vessel/Tanker Corrosion Wet H2S Cracking

Shell Failure General Process
Cooling Water
Steam / Condensate
Service Water
Mechanical Missiles
Impact Crane
Vehicles
36
Checklist
Advantages
Highly valuable as a cross check review tool following
application of other techniques
Useful as a shop floor tool to review continued
compliance with safety management system
Disadvantages
Tends to stifle creative thinking
Used alone introduces the potential of limiting study
to already known hazards - no new hazard types are
identified
Checklists on their own will rarely be able to satisfy
regulatory requirements
37
Checklist - Standard
Standard Risk Assessment Form HS.GEN.03
The HSE recommends "5 Steps to Risk Assessment":

1. Look for and identify the hazards;
2. Decide who might be harmed;
3. Evaluate the level of risk(s) arising from the hazards and decide
whether existing precautions are adequate or more should be done;
4. Record your findings;
5. Review your assessment from time to time and revise it if necessary.
This Standard Risk Assessment Form enables the employers to record

details of precautions, controls, training, instructions, the provision of
information, systems and procedures, and identify related hazards,
potential hazards and risks.
38
Checklist - Langkah
1. Menentukan aktivitas/prosedur/sistem yang akan dianalisa,
termasuk batasan-batasan yang ingin dianalisa.
2. Menentukan masalah-masalah yang relevan yang akan dikaji,
misalnya adalah masalah keselamatan, masalah lingkungan,
dampak finansial, dll.
3. Membagi sistem/prosedur menjadi sub-sistem yang lebih kecil.
4. Menurunkan pertanyaan atau pernyataan untuk melihat apa
yang terjadi jika sebuah criteria tidak dapat terpenuhi pada
sistem yang di analisa.
5. Merespon pertanyaan atau pernyataan dalam checklist.
6. Menyusun rekomendasi berdasarkan jawaban-jawaban atas
pertanyaan -pertanyaan yang dimunculkan, khususnya pada item
pertanyaan yang tidak terpenuhi kriterianya
39
Checklist – Fire Control
40
Checklist
– Fire Control
41
Checklist - Example
Ref Policy Yes No Signpost to Action / Action by When
evidence / decision
comments
1 Does a risk-based emergency evacuation
policy exist?
2 Does the policy meet current legal

requirements and/or best practice?
3 Is the policy known to premises managers and

being implemented fully?
4 Is the policy available in large print, Braille,

tape or other alternative format upon request?
5 Do written procedures for the evacuation of

people with disabilities exist?
6 Are the procedures tested regularly?
7 Do the procedures take account of :

walk through procedures; announced drills; and
unannounced drills
8 Are there procedures to identify the number

and location of people requiring assistance
within the building?
9 Are procedures in place for people with

disabilities to make their needs known to staff?
42
Checklist - Example
43
Checklist - Example
44
Brainstorming
45
Brainstorming
Team based exercise
Based on the principle that several experts
with different backgrounds can interact and
identify more problems when working
together
Can be applied with many other techniques to
vary the balance between free flowing
thought and structure
Can be effective at identifying obscure
hazards which other techniques may miss
46
Brainstorming
Advantages
Useful starting point for many HAZID techniques to focus a group’s
ideas, especially at the project’s concept phase
Facilitates active participation and input
Allows employees experience to surface readily
Enables “thinking outside the square”
Very useful at early stages of a project or study
Disadvantages
Less rigorous and systematic than other techniques
High risk of missing hazards unless combined with other tools
Caution required to avoid overlooking the detail
Relies on experience and competency of facilitator
47
What-if-analysis
48
What-if-Analysis
Brainstorming approach in which a group of
experienced people ask questions or voice
concerns about possible undesired events
Simple / Small 4 to 8 hours 4 to 8 hours 1 to 2 days

Product / System
Complex / Large 1 to 3 days 3 to 5 days 1 to 3 weeks

Product / System
49
What-if-Analysis
Langkah-langkah yang dapat digunakan dalam What-if analysis
adalah:
1. Menentukan aktivitas/prosedur/sistem yang akan dianalisa,
termasuk batasan-batasan yang ingin dianalisa.
2. Menentukan masalah-masalah yang relevan yang akan dikaji,
misalnya adalah masalah keselamatan, masalah lingkungan,
dampak finansial, dll.
3. Membagi sistem/prosedur menjadi sub-sistem yang lebih kecil.
4. Menurunkan pertanyaan-pertanyaan dalam format What-if (apa
yang tejadi jika).
5. Menjawab pertanyaan-pertanyaan yang telah didokumentasikan.
6. Menyusun rekomendasi berdasarkan jawaban-jawaban atas
pertanyaan -pertanyaan yang dimunculkan.
50
What-if-Analysis
51
What-if-Analysis
52
What-if-Analysis
53
Failure Modes Effect Criticality Analysis

(FMECA)
54
Failure Modes and Effects Analysis
Tabulation of equipment and their associated
single point failure modes, consequences and
safeguards
Simple / Small 2 to 6 hours 1 to 3 days 1 to 3 days

Product / System
Complex / Large 1 to 3 days 1 to 3 weeks 2 to 4 weeks

Product / System
55
What Is A Failure Mode?

A Failure Mode is:
The way in which the component, subassembly,
product, input, or process could fail to perform its
intended function
• Failure modes may be the result of upstream
operations or may cause downstream operations to fail
Things that could go wrong
56
FMEA
A structured approach to:
Identifying the ways in which a product or
process can fail
Estimating risk associated with specific causes
Prioritizing the actions that should be taken to
reduce risk
Evaluating design validation plan (design FMEA)
or current control plan (process FMEA)
57
History of FMEA
First used in the 1960’s in the Aerospace industry
during the Apollo missions
In 1974, the Navy developed MIL-STD-1629 regarding
the use of FMEA
In the late 1970’s, the automotive industry was driven
by liability costs to use FMEA
Later, the automotive industry saw the advantages of
using this tool to reduce risks related to poor quality
58
FMEA
Why
Methodology that facilitates process improvement
Identifies and eliminates concerns early in the
development of a process or design
Improve internal and external customer satisfaction
Focuses on prevention
FMEA may be a customer requirement (likely
contractual)
FMEA may be required by an applicable
Quality Management System Standard (possibly ISO)
59
When to Conduct an FMEA

Early in the process improvement investigation
When new systems, products, and processes are being
designed
When existing designs or processes are being changed
When carry-over designs are used in new applications
After system, product, or process functions are defined,
but before specific hardware is selected or released to
manufacturing
60
FMEA: A Team Tool
A team approach is necessary.
Team should be led by the Process Owner who is
the responsible manufacturing engineer or
technical person, or other similar individual
familiar with FMEA.
The following should be considered for team
members:
– Design Engineers – Operators
– Process Engineers – Reliability
– Materials Suppliers – Suppliers
– Customers
61
FMEA Inputs and Outputs
Inputs Outputs
Matrix List of actions to prevent
Process Map causes or detect failure
Process History modes
Procedures FMEA
Knowledge History of actions taken
Experience
62
Failure Mode Effect Analysis (FMEA)
63

FMEA menggunakan sebuah format yang umumnya terdiri
dari dokumentasi hal-hal sebagai berikut:
1. Nama komponen.
2. Fungsi komponen
3. Kemungkinan bentuk kesalahan.
4. Penyebab kesalahan.
5. Bagaimana kesalahan dapat dideteksi.
6. Pengaruh kesalahan pada fungsi sistem utama.
7. Pengaruh kesalahan pada komponen lain.
8. Perlunya penanganan atau tindakan memperbaiki.
9. Rata-rata frekuensi dari kesalahan.
10. Rata-rata tingkat dari kesalahan.
64
Secara umum, langkah-langkah dalam analisa FMEA berdasarkan
gambar 7.5 dapat dilakukan sebagai berikut:
1. Membentuk tim (task force)
2. Menentukan standar yang akan diacu.
3. Menentukan prosedur pelaporan
4. Menentukan lingkup analisa (boundaries of the system)
5. Mendisain sistem informasi
6. Mengevaluasi efek setiap modus kegagalan pada sistem
7. Mengidentifikasi metode untuk mendeteksi munculnya modus
kegagalan dan merekomendasikan langkah-langkah
koreksi/perbaikan
8. Mendisain pola audit terhadap obyek
9. Mendisain FMEA tests
10. Memberi rekomendasi berdasarkan hasi audit.
11. Menyusun FMEA Report
12. Mendokumentasikan hasil analisa FMEA 65
Standard of FMEA
STANDARDS
1. US Department of Defense MIL-STD-1629A,

2. CEI/IEC812 – Analysis techniques for system reliability -
Procedure for failure modes and effects analysis (FMEA)
3. BSI (BS 5760-5:1991 (Reliability of systems, equipment and
components. Guide to failure modes, effects and criticality
analysis). Guidance on FMEAs IMCA M 166 Page 12
4. IMO MSC Resolution 36(63) Annex 4 – Procedures for Failure
Mode and Effects Analysis (Whilst this is primarily for high
speed craft, it gives good guidance on FMEA procedures).
66
Standard of FMEA
67
Standard of FMEA
68
Standard of FMEA
69
Example of failure modes
70
The FMEA Form
Identify failure modes Determine and assess

Identify causes of the Prioritize
and their effects actions
failure modes
and controls
71
Severity, Occurrence, and Detection

Severity
Importance of the effect on customer
requirements
Occurrence
Frequency with which a given cause occurs and
creates failure modes (obtain from past data if
possible)
Detection
The ability of the current control scheme to detect
(then prevent) a given cause (may be difficult to
estimate early in process operations).
72
Rating Scales
There are a wide variety of scoring “anchors”, both
quantitative or qualitative
Two types of scales are 1-5 or 1-10
The 1-5 scale makes it easier for the teams to
decide on scores
The 1-10 scale may allow for better precision in
estimates and a wide variation in scores (most
common)
73
Rating Scales
Severity
1 = Not Severe, 10 = Very Severe
Occurrence
1 = Not Likely, 10 = Very Likely
Detection
1 = Easy to Detect, 10 = Not easy to Detect
74
The FMEA Form
Severity Ranking Criteria
Ranking Diskripsi
1–2 Failure is of such minor nature that the customer (internal or external) will
probably not detect the failure.
3–5 Failure will result in slight customer annoyance and/or slight deterioration of
part or system performance.
6–7 Failure will result in customer dissatisfaction and annoyance and/or
deterioration of part or system performance.
8–9 Failure will result in high degree of customer dissatisfaction and cause non-
functionality of system.
10 Failure will result in major customer dissatisfaction and cause nonsystem
operation or non-compliance with government regulations.
75
The FMEA Form

Environmental Safety and Health (ES&H) severity level criteria
Rank Severity Level Diskripsi

10 Catastrophic I A failure results in the major injury or death of personnel.
7–9 Critical II A failure results in minor injury to personnel, personnel
exposure to harmful chemicals or radiation, a fire or a
release of chemicals in to the environment.
4–6 Major III A failure results in a low level exposure to personnel, or
activates facility alarm system.
1–3 Minor IV A failure results in minor system damage but does not cause
injury to personnel, allow any kind of exposure to
operational or service personnel or allow any release of
chemicals into environment.
76
The FMEA Form
Occurrence Ranking Criteria
Ranking Diskripsi
1 An unlikely probability of occurrenceduring the item operating time interval.
Unlikely is defined as a single failure mode (FM) probability < 0.001of the
overall probability of failure during the item operating time interval.
2-3 A remote probability of occurrenceduring the item operating time interval (i.e.
once every two months). Remote is defined as asingle FM probability > 0.001
but < 0.01of the overall probability of failure during the item operating time
interval.
4-6 An occasional probability of occurrenceduring the item operating time interval
(i.e. once a month). Occasional is defined as asingle FM probability > 0.01 but <
0.10of the overall probability of failure during the item operating time interval.
77
Risk Priority Number (RPN)
RPN is the product of the severity, occurrence, and

detection scores.
Severity X Occurrence X Detection = RPN
78
79
80
81
Hazard and Operability

(HAZOP)
82
83
84
85

(langkah umum)
86
(Langkah Khusus)
87

(Example)
88
(HAZOP Report)
89

(example)
Condenser
Distillation column
Product receiver
Product feed line
Hot oil furnace

and circ. pump
90
(Example)
91

(Example)
92
(Example)
93

(Example)
94
(Example)
95
Rec #1
Install high flow alarm on L0. A flow controller fault may signal valve V0 to pass more than the necessary
quantity, resulting in flooding of L6, thereby slowing the heating process. Although adverse effects are
unlikely, the poor operation of the plant could be minimised by installing a high flow alarm for early
operator intervention.
Rec #2
Install high level alarm (independent of level controller LIC) in column H3. A level controller fault may
result in flooding of L6 with slowing of operation (see above). An independent alarm at a level above the
normal control level, but below the level of L6, can alert the operator to take early action.
Rec #3
Install low level alarm (Not necessary to be independent ofLIC) on column H3 to ensure early operator
intervention and avoid production losses. No adverse consequences.
Rec #4
Install pressure indicator and high pressure alarm on column H3 to close the natural gas supply valve V1
to furnace Hi. High pressure in column H3 is possible due to several causes, one of which is the failure of
cooling water to the condenser. Although the condenser vent will act as a relief valve, this is not
desirable.
Rec #5
Install temperature alarm (high & low) on TIC on column H3 to alert operator of malfunction. Additional
independent high temperature alarm to be installed to shut natural gas supply valve V1 to furnace H1.
No immediate adverse effects are likely with temperature rise. However, it was considered prudent to
shut the gas supply to avoid unnecessary overheating of reboiler H2 tubes if kerosene level in reboiler
fell too low. 96
Rec #6
A further investigation is recommended into the possibility of air suck back through the condenser vent
when the column H3 cools after shut down. The air can cause corrosion in the column H3 and also can
form explosive mixtures with the kerosene vapour on start-up. A nitrogen purge system should be
considered.
Rec #7
Investigate the need for a backup cooling water system for the condenser C1, a thermocouple on
condenser vent and reorient condenser water lines for counter-current and "bottom-in/ top-out" flow. A
loss of cooling water will result in high pressures in the condenser and column H3. The thermocouple at
the vent will provide early warning of low water flow rate.
Rec #8
Install high level alarm (independent of LIC) on product receiver T1 to avoid overfilling and subsequent
overpressure in condenser and column H3 due to failure in product pumping system (P2, Via, LIC,
etc.).Investigate if alarm should be audible for operator intervention or automaticshutdown of gas supply
to furnace H1.
Rec #9
Investigate the need for low level alarm or pump trip in the event of level controller fault in Ti, to avoid
pump damage due to running "dry".
Rec #10
Install flow sensor/indicator/alarm on hot oil circulation lines to shut gas supply to furnace H1 in the
event of loss of flow in circulation system, to avoid temperature rise in H1.
97
Rec #11
Consider installing a surge tank in hot oil system toaccommodate volume changes due to temperature
changes. Evaluate location of surge tank, either at pump suction or on L2. Check effects of dead leg and
moisture (condensation) in the oil.
Rec #12
Install a pyrometer in furnace to alarm and shut gas supply to furnace H1 on high temperature in H1 due
to loss of hot oil (from pipe leak), TIC fails to close V1 or poor heat transfer in H2.
Rec #13
The surge tank in Rec #11 will need to be vented. Condensation of moisture on cooling can contaminate
the oil and result in steam explosions on reheating. Consider nitrogen padding and steam vents at high
points
98
Fault Tree Analysis
(FTA)
99
Fault Tree Analysis (FTA)

History
• 1961 - FTA Concept by HWatson, Bell TelephoneLaboratories
• 1970 -Vesely- Kinetic Tree Theory
• Importance measures -
Birnbaum,Esary,Proschan,Fussel,Vesely
• Initiator/EnablerTheory –LambertandDunglinson
• FTA on PCs with GUI’s
• Automatic Fault Tree Construction
• Binary Decision Diagram
100
101
102
103
104
105

Why We Need?
106
(When We Need?)
Only do FTA on
Safety Critical
hazards
107

Example Applications
108
(Timeline)
109

OR Gate
110
AND Gate
111

INHIBIT Gate
112
Cut set
113

Min Cut set
114
requirement
115
116
117
118
119
120
121
122
123
Let’s consider the pressure vessel in Figure 1.

The safety system consists of 4 valves, which
are connected to the tank. The valves will open
if the pressure in the tank exceeds a certain
level, for example P0. The content in the tank
will be release to the environment if both
valves A1 and A2 on line 1 or both valves A3 and
A4 on line 2 are open
124
The safety system fails to
release the content in the
tank when the pressure is
more than P0
AND
(1) fails to open (2) fails to open
OR OR
A1 fails to A2 fails to A3 fails to A4 fails to

open open open open
125
126
127
The cooling water supply system consists of a

seawater pumping station supplying a
seawater reservoir, from which the cooling
water is normally pumped to the process plant
circulation. A freshwater reservoir provides a
back-up for this supply. Both the seawater
pumping station and the freshwater reservoir
are equipped with diesel motor operated
pump sets as a back-up for the normally used
electrical pumps
128
129
Comparison among methods
130
Comparison among methods
131
System Description
(1st stage)
132
• Understanding and describing the system
• Setting “battery limit”
• Segmenting object
• Identifying hazards of each segment
133
Fire, explosion,
Object, risk dispersion, human,
receiver, disruption, leakage,
consequence…… etc
Water depth,
burial scenario,
Soil liquefaction,
coating and
Scouring,
pipeline type
corrosion, marine
growth, UMO
134
(2nd stage)
135
Hazard Identification (HAZID)

• HAZID is a general term used to describe an exercise whose goal is to identify hazards
and associated events that have the potential to result in a significant consequence.
• For example, a HAZID of an offshore petroleum facility may be conducted to identify

potential hazards which could result in consequences to personnel (e.g., injuries and
fatalities), environmental (oil spills and pollution), and financial assets (e.g., production
loss/delay).
• The HAZID technique can be applied to all or part of a facility or vessel or it can be
applied to analyze operational procedures. Depending upon the system being
evaluated and the resources available, the process used to conduct a HAZID can vary.
• Typically, the system being evaluated is divided into manageable parts, and a team is
led through a brainstorming session (often with the use of checklists) to identify
potential hazards associated with each part of the system.
• This process is usually performed with a team experienced in the design and operation
of the facility, and the hazards that are considered significant are prioritized for further
evaluation
136
1. Identifying hazards.
2. Describing their failure modes.
3. Suggesting risk reducing measures that can prevent or mitigate each
hazard.
4. Estimating their frequencies and consequences, thus ranking the hazards.
5. Develop risk scenarios based on the ranked hazards.
• Loading
Ex: hazards present for LNG tankers in operation (scope) • Departing quay
• Maneuvering
• Transit and navigation in coastal
waters (without tug)
• Transit in open sea
• Arriving in port
• Mooring and preparing for
unloading
• Unloading
• Operation in ice conditions
• Maintenance and repairing on
board
• Training
• Emergency situations
• Docking
• General hazards
137
1. Select a representative LNG carrier.

2. Identify hazards for the operation of LNG tankers world-wide.
3. Identify risk reducing measures that can prevent or mitigate
each hazard.
4. Rank hazards and suggest risk reducing measures in order of
priority for the later risk analysis.
5. Consider how representative the specific design is for the LNG
carrier fleet as a whole.
6. Prepare a HAZID study report as an input to the further risk
analysis work
138
Select a representative LNG carrier – step 1
A 138,000 m3 LNG tanker, under construction at Navantia has been utilized as input to the HAZID session in
order to identify hazards.
• Length over all abt. 284.40 m

• Length between perpendiculars abt. 271.00 m
• Breadth (moulded) abt. 42.50 m
• Depth to main deck (moulded) abt. 25.40m
• Depth to trunk deck (moulded) abt. 32.20m
• Draft design (moulded) under keel (98,5% filling) abt. 11.40 m
• Draft scantling (moulded) abt. 12.30m
• Total loaded displacement lower than 98.500 t
The design draught is based upon departure condition with maximum allowable cargo tanks filling with a
LNG cargo of 0.460 specific gravity, sufficient bunkers & consumables for abt. 10,200 miles plus 3 days’
reserve steaming at 19.50 knots at 90 % MCR even keel condition.
The cargo tank capacity when geometrically calculated at the operation condition (-163ºC, atmpressure):
• No.1 Cargo tank abt. 22.630 m3
• Total (Excluding dome space and internalstructure and fittings) abt. 138.000 m3
• Total (Excluding dome space and internal structure and fitting at 98,5% abt. 135.930 m3
139

Service speed at design moulded draft (under keel) 11.40 mwhen runningat NCR (90%MCR) of
main propulsion machinerywith 21% sea margin shall be 19.50 knots.
Endurance on 19.5 knots at NCR of main propulsion machineryshallbeabt. 20,000 sea miles,
considering fuel oil tanks at98% full and 2% unpumpable in departure condition.
Main turbine : Reversible geared, cross compound steamdriven 28,000 kW x 83RPM. Propeller:
5 blade fixed pitch type.
The vessel shall accommodate a complement of forty (40) persons including 4 Suez Canal
Workers.
Notation: LR, + 100 A1,Liquefied Gas Tanker, Shiptype 2G, Methane in Membranetanks, Max.
pressure 0.25 bar, Min. Temperature –163ºC, + LMC,UMS, PORT, SDA, IWS, SCM, LI, FDA,
NAV1,IBS, ES, TCM, CCS.
The 138,000 m3 LNG carrier is a representative ship for the fleet. The ship capacity is within
the main ange for this ship trade, without exploring the hazards for the planned large LNG
vessels of more than 200,000m3
The containment type being of the membrane type seems to be dominating world-wide
amongst the new-build fleet. The ship speed is about the standard speed for this ship type.
140
Identify hazards for the operation of LNG tankers world-wide- STEP 2
141
142
143
References
Major Hazard Facilities – Hazard
Identification, Australia’s Safest Workplaces
(www.comcare.gov.au)
Hazard/Risk Identification, S. Verasingam
144

01 Hazard-Identification PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

01 Hazard-Identification PDF

Încărcat de

Drepturi de autor:

Formate disponibile

Risk Management

1. Pendiskripsian risiko. Setiap aktivitas rekayasa akan berimplikasi

2. Penentuan standar acuan. Penilaian risiko membutuhkan acuan

Beberapa standar merepresentasikan risiko dalam

What is QRA Used for?

What is QRA refer to?

What is QRA refer to?

Example: What is QRA refer to?

“Anything that has the potential to cause harm, ill health

Were the hazards identified?

Breakdowns Safety Report Influence

• What can go wrong?

What could go wrong due to change?

“Non-credible” scenarios have happened to

It happened to someone else

Natural gas explosion in eastern Washington: 1 sent to Portland with burns,

Conducting the HAZID

Divide system into sections

Analyse each section

Systematically record all hazards

Hazard Register Revisit after risk assessment

Brainstorming - whatever anyone can think of

SCOPE PREPARATION EVALUATION DOCUMENTATION

Simple / Small 2 to 4 hours 4 to 8 hours 4 to 8 hours

Complex / Large 1 to 3 days 3 to 5 days 2 to 4 days

Vessel/Tanker Corrosion Wet H2S Cracking

The HSE recommends "5 Steps to Risk Assessment":

This Standard Risk Assessment Form enables the employers to record

Checklist – Fire Control

2 Does the policy meet current legal

3 Is the policy known to premises managers and

4 Is the policy available in large print, Braille,

5 Do written procedures for the evacuation of

6 Are the procedures tested regularly?

7 Do the procedures take account of :

8 Are there procedures to identify the number

9 Are procedures in place for people with

SCOPE PREPARATION EVALUATION DOCUMENTATION

Simple / Small 4 to 8 hours 4 to 8 hours 1 to 2 days

Complex / Large 1 to 3 days 3 to 5 days 1 to 3 weeks

Failure Modes Effect Criticality Analysis

Simple / Small 2 to 6 hours 1 to 3 days 1 to 3 days

Complex / Large 1 to 3 days 1 to 3 weeks 2 to 4 weeks

What Is A Failure Mode?

When to Conduct an FMEA

FMEA Inputs and Outputs

Failure Mode Effect Analysis (FMEA)

1. US Department of Defense MIL-STD-1629A,

Example of failure modes

Identify failure modes Determine and assess

Severity, Occurrence, and Detection

The FMEA Form

Rank Severity Level Diskripsi

Risk Priority Number (RPN)

RPN is the product of the severity, occurrence, and

Severity X Occurrence X Detection = RPN

Failure Mode Effect Analysis (FMEA)

Hazard and Operability

Hazard and Operability

Hazard and Operability

Hazard and Operability

Hazard and Operability

Product feed line