Risk Assessment

Acceptable Societal Risk

Fatality, Statistics for common industrial and non-industrial activities

Risk Fatality Rate (Deaths/Person-year)

(i) Voluntary
Football playing 4 × 10-3
Rock clumbing 4 × 10-5
Car Driving 17 × 10-5
Smoking (20 cigrattes/day) 500 × 10-5
(i) Non-Voluntary
Struck by Meteorite 6 × 10-11
Transport of petrol and chemicals/air crafts cashed 0.2 × 10-7
(UK)

Explosion of Pressure Vessel (USA) 0.5 × 10-7

Lightning (UK) 1 × 10-7
Release from nuclear power station (at 1 km (UK)) 1 × 10-7

Fire 150 × 10-7

Run over by vehicle (UK) 600 × 10-7
Leukaemia 800 × 10-7

1
 General Risk Criteria Adopted

Single Complex of Plants

New Existing New Existing
10-6/year 3 × 10-6/year 10-7/year 3 × 10-5 /year

Factories Act, 1948

Section 2
(cb) "hazardous process" means any process or activity in relation to an
industry specified in the First Schedule where, unless special care is taken,
raw materials used therein or the intermediate or finished products,
byeproducts, wastes or effluents thereof would--

(i) cause material impairment to the health of the persons engaged in or

connected therewith, or

(ii) result in the pollution of the general environment: Provided that the State
Government may, by notification in the Official Gazette, amend the First
Schedule by way of addition, omission or variation of any industry specified
in the said Schedule;]

2
 What is the goal of risk management ?

“The planning, organizing, leading and controlling of an

organization’s assets and activities in ways, which
minimize the adverse operational and financial effects
of accidental losses upon the organization.”

What is the goal of risk assessment?

“The process by which the results of a risk analysis (i.e.,

risk estimates) are used to make decisions, either through
relative ranking or through comparison with risk
targets.”

Some Important Definitions

• Risk
A measure of the potential for loss in terms of both the
likelihood (events/year) of the incident and the consequences
(effects/event) of the incident

CCPS(2000): defines risk as a measure of human injury,

environmental damage or economic loss in term of both the
incident likelihood and the magnitude of the loss or injury.

Mathematically Risk = Σ probability of event × consequence of

event

Risk Analysis
The development of a quantitative estimate of risk based on
engineering evaluation & mathematical techniques for
combining estimates of incident likelihood and consequences.

3
 Risk Analysis

It is an important part and precursor of risk assessment and

management

A full analysis involves the estimation of the frequency and

consequences of a range of hazards scenarios and the damages
expected.

Damages include injury and loss of life, damage to the

environment and equipment, loss of work, and finally also
economic loss to the plant

Why Risk Analysis?

Chemicals have become a part
of our life

Chemicals have their own

inherent properties and hazards
and so do the processes by
which they are manufactured

Risks posed by these

highlighted by Flixborough
(1974), Bhopal (1984), Piper
Alpha(1998) & Other
Accidents

Government regulations and

public awareness Source: www.hse-databases.co.uk

4
 Jaipur IOCL Oil Depot Accident

The Jaipur oil depot fire broke out on

October 29, 2009 at 7:30 PM (IST) at the Indian
Oil Corporation (IOC) oil Depot’s giant tank
holding 8,000 kilolitres of oil, in Sitapura
Industrial Area on the outskirts of Jaipur,
Rajasthan, killing 12 people and injuring over
200.

A huge ball of fire with loud explosion broke

out engulfing the leaking petrol tank and other
nearby petrol tank with continuous fire with
flames rising 30–35 meters and visible from
30 km radius.

Risk Management Procedure

Data Input

Identify

Estimate Determine
Likelihood Consequences

Risk Matrix

No Reduce
Accept Mitigate
able Transfer

Yes

Operate

5
 Sources of Data Input

Chemical Usage, Contractor Activity, EH&S Policies,

Equipment Reliability, External Events, Facility & Process
Descriptions, Historical Accident, Human Reliability

Manuals for Policies & Procedures, Engineering Design,

Safety, Maintenance and data from Material Usage,
Meteorological, Population etc

Risk Assessment of a Process Plant

R ( t ) = exp( − λ t )
Where R(t) is the reliability. The complement of reliability is called the failure
probability or unreliability,P(t),i.e.

P(t ) = 1− R(t) = 1− exp(−λt)

The failure density function, f(t) is the derivative of the failure
dP(t ) dR (t )
f (t ) = =− = λ exp(−λt )
dt dt
The probability of at least one failure in the time period t=0 to t=1, is obtained as,
t1

P ( t 0 − t1 ) = ∫ f ( t ) dt = exp( λ t 0 ) − exp( λ t1 )
t0

The time interval between two failures of the component is called the mean time
between failure (MTBF) and is applied only when there is repair of the components,
equipment or system.

6
 MTTF: Mean time to failure and is the mean of the distribution of times to failure
to an item without repair.

MTTFF: Mean time to first failure and is applied to items with repair to find the
Mean of the distribution of times to first failure.

x1

MTBF = E (t ) ∫ f (t ) dt = 1 / λ
0

Interaction Between Process Equipment/Instruments or Units

Series Systems
n
R = ∏
i
Ri

n
P = 1− ∏(1− Pi )
i

For exponential (Poisson) Distribution,

n n
R = ∏ exp(−λt ) − exp(∑ − λi t )
i i =1

= exp( − λ t )
Where,
n
λ = ∑ λi
i

7
 Parallel System

For Parallel System, the system failure probability is the product

of the failure probabilities of individual components,

n
P = ∏ i
Pi

n
R = 1 − ∏ (1 − Ri )
i

n
= 1 − ∏ [1 − exp(−λi t)]
i

Availability and Unavailability

τo
A⋅ =
τ0 +τi

A = λτ o U = λτ i

t1
U = τ u / λi τu = ∫ P ( t )dt
0

τ1

∫ P(t )dt = τ [1 − exp(−λt )]dt

1 1
U=
τi 0 i

8
 Probability of-Coincidence

µ = Pd / Ti
PdU
µd = = µU
Ti
For small failure rates, U = (1 / 2 ) λτ is

pd = λµτ is

µ d = (1 / 2 ) λµτ is

The mean time between coincidences (MTBC) is , then

1 2
MTBC = =
µd λµτ i

General Steps in Risk Analysis

The general steps in any hazard identification technique are:-
1. Assembling a team
2. Collection of data
3. Deciding on level of detail
4. Applying the technique
5. Documenting the results

9
 Methods For Risk Analysis
Risk analysis can be carried out by a number of methods

Cause-Consequence Analysis, Checklist, Event Tree Analysis

Failure Modes, Effects and Criticality Analysis (FMECA)
Fault Tree Analysis (FTA), Hazard & Operability Analysis
(HAZOP), Bow Ties, Petri nets

Method usage depends on level of detail and resources

available

Classification of Methods
The methods can be classified in to the following categories:
1. Qualitative
2. Quantitative

These can further be divided into:

1. Deterministic
2. Probabilistic

10
 Methods for Risk Analysis
The deterministic methods take into consideration the
products, the equipment and the quantification of
consequences for various targets such as people, environment
and equipment.

The probabilistic methods are based on the probability or

frequency of hazardous situation apparitions or on the
occurrence of potential accident.

The probabilistic methods are mainly focused on failure

probability of equipment or their components.

Some Qualitative Methods

Preliminary Risk Analysis

In this technique, the possible undesirable events are identified
first and then analyzed separately.
For each undesirable events or hazards, possible improvements,
or preventive measures are then formulated.
The result from this methodology provides a basis for
determining which categories of hazard should be looked into
more closely and which analysis methods are most suitable.
With the aid of a frequency / consequence diagram, the
identified hazards can then be ranked according to risk, allowing
measures to be prioritized to prevent accidents

11
 Some Qualitative Methods
Hazard And Operability Study
This technique is usually performed using a set of guidewords: NO / NOT,
MORE / LESS OF, AS WELL AS, PART OF REVERSE, AND OTHER
THAN.

From these guidewords, scenarios that may result in a hazard or an

operational problem are identified

The consequences of the hazard and measures to reduce the frequency with
which the hazard will occur are then discussed.

This technique had gained wide acceptance in process industries

Example of HAZOP applied to a Hot Air Filter system

Possible Potential Existing Recommendations

Deviation
Causes consequences systems

No temp NA NIL NIL NIL

Temp indications
Less Temp Inlet gas temp low Operability NIL
available
Inlet gas temp Equipment Temp indications
More Temp NIL
high damage available
As well as
NIL NIL NIL NIL
Temp

Part of Temp NIL NIL NIL NIL

Other than
NIL NIL NIL NIL
Temp
Reverse
NA NA NIL NIL
Temp

12
 Some Qualitative Methods
Failure Modes and Effects Analysis (FMEA)
This method was developed in the 1950s by reliability
engineers to determine problems that could arise from
malfunctions of military system.
Failure mode and effects analysis is a procedure by which each
potential failure mode in a system is analyzed to determine its
effect on the system and to classify it according to its severity.
When the FMEA is extended by a criticality analysis, the
technique is then called failure mode and effects criticality
analysis (FMECA)

A Typical FMEA Sheet

Failure Causes Effects Detection Safety Severity Comments
mode method provisions class

Valve Internal Toxic Pressure PRV II Prevent

Fails malfunct release indicators operator
open Operator error
error
Valve Internal Flow Pressure None IV Check for
fails malfunct stopped over
indicators
closed Operator Pressure
error

13
 Some Qualitative Methods
Checklists Simple Checklist for long
drive in a car
A list of possible problems and
areas to be checked and reminds 1. Check oil
the reviewer of potential problem 2. Check tire air pressure
areas
3. Check radiator fluid
Easy to apply and assessment can 4. Check air filter
be performed by inexperienced 5. Check head and tail lights
practitioners
6. Check exhaust
Assessment will only be as 7. Check petrol
complete as the list used and
difficulties faced in novel process

Pros and Cons of Qualitative Techniques

The three techniques outlined above require only the
employment of "hardware familiar" personnel

FMEA tends to be more labor intensive, as the failure of each

individual component in the system has to be considered

A point to note is that these qualitative techniques can be used

in the design as well as operational stage of a system

14
 Quantitative Risk Assessment (QRA)

Quantitative Risk Assessment or QRA has gained a wide acceptance as a

powerful tool to identify and assess the significant sources of risk and
evaluate alternative risk control measures in chemical process industries.
QRA is a part of Process Safety Management System. (CCPS, 2000)

QRA is a systematic approach to identify hazards, potentially hazardous

events and estimate likelihood and consequences to people, environment
and assets, of incidents developing from these events. (Shell,1995)

Quantitative Risk Assessment (QRA)

Quantitative Risk Assessment or QRA has gained a wide

acceptance as a powerful tool to identify and assess the significant
sources of risk and evaluate alternative risk control measures in
chemical process industries. QRA is a part of Process Safety
Management System. (CCPS, 2000)

QRA is a systematic approach to identify hazards, potentially

hazardous events and estimate likelihood and consequences to
people, environment and assets, of incidents developing from these
events. (Shell,1995)

15
 Inherent risk assessment (IRA)
Process design engineers can assess the risk which is inherent to
their design from the beginning of the design stages.

With the early detection, proactive measures to eliminate or

minimize risk based on inherent safety principles can be
implemented. This new concept is named as inherent risk
assessment (IRA) which adopts similar approach to the
conventional QRA for easy adaptation by the industries.

This technique is possible by utilizing the integrated risk

quantification tool with process design simulator.

Table : Comparison between QRA and IRA.

16
 Some Quantitative Techniques
Fault Tree Analysis
A fault tree is a logical diagram which shows the relation
between system failure, i.e. a specific undesirable event in the
system, and failures of the components of the system

It is a technique based on deductive logic. An undesirable

event is first defined and causal relationships of the failures
leading to that event are then identified

Symbols used in FTA

Classic FTA Symbol Description
Primary Event Block

Basic Event A basic initiating fault (or failure event).

An event that is normally expected to occur.

External Event (House
In general, these events can be set to occur or not occur, i.e. they
Event)
have a fixed probability of 0 or 1.

An event which is no further developed. It is a basic event that does

Undeveloped Event
not need further resolution.

Conditioning Event A specific condition or restriction that can apply to any gate.

17
 Symbols used in FTA
Classic FTA
Name of Gate Description
Symbol

AND The output event occurs if all input events occur.

OR The output event occurs if at least one of the input events occurs.

The input event occurs if all input events occur and an additional
Inhibit
conditional event occurs.

The output event occurs if all input events occur in a specific

Priority AND
sequence.

XOR The output event occurs if exactly one input event occurs.

Fault tree for fire in LPG tank for small leakage

18
 Variable Factors Frequency/probability

denoted in
figure .
A Crack on tank 1×10-5 year-1

B Crack on pipe 1×10-4 year-1

C Gasket failure 5×10-5 year-1

D Flange failure 4×10-5 year-1

E Valve seating failure 3×10-2 year-1

F Drainage valve not 1×10-4 year-1

properly shut
G Leakage rate greater 30.3×10-3 year-1
than defined
H Wind direction 0.06 year-1

I Carrier of ignition source 0.05 year-1

J Probability of ignition 0.5

source
Y Flammable mixture 1.8×10-2 year-1
ignition source

Z Effective ignition source 2.5×10-2 year-1

R Fire in tank 1.37×10-5 year-1

The probability of occurrence of fire in case of small leakage in tank is 1.37×10-5 year-1

Fault tree analysis

Some assumptions:

Equipments are properly designed and hence vessel design failures are not
considered.

Proper preventive maintenance is carried out with regular testing of control

systems, pipelines for leakages, corrosion, etc.

A general value for failure on demand for basic process control system in order of
10-1 per year is taken.

The reasons for operator not responding despite getting notification are varied and
many and cannot be incorporated in the analysis. How ever for operator errors a
general value in order of 10-2 per calculation was taken into consideration.

A general value in order of 10-2 per year was taken for power failure.

19