ZC COP EHS03 Risk Management

CODE OF PRACTICE ON
EHS RISK MANAGEMENT

ZonesCorp COP-EHS03
APPROVED BY: DATE: Z1 SEP2008
CODE OF PRACTICE
EHS RISK MANAGEMENT

Document No ZC-COP-EHS03 Rev. No. 0 Date of Issue 21 Sept. 2008
Industrial Sector Environment Health & Safety Regulatory Framework Page 2 of 117

REVISION HISTORY

Rev. No. Issue Date Revised Section Revision Description
0 New Document

Copyright

The copyright and all other rights of a like nature in this document are vested in Higher Corporation
for Specialized Economic Zones (ZonesCorp), Abu Dhabi, United Arab Emirates. This document is
issued as part of the Industrial Sector EHS Regulatory Framework and as guidance to Industrial
Sector within the Abu Dhabi Emirates. Any party within Industrial Sector may give copies of the entire
EHS Documents or selected parts thereof to their contractors/consultants for implementation of EHS
Management Standards. Such copies should carry a statement that they are reproduced by
permission of ZonesCorp and an explanatory note on the manner in which the document is to be
used.

Disclaimer

No liability whatsoever in contract, tort or otherwise is accepted by ZonesCorp or any party whether or
not involved in the preparation of the EHS Management System Documents for any consequences
whatsoever resulting directly or indirectly from reliance on or from the use of the ZonesCorp EHS
Documents or for any error or omission therein even if such error or omission is caused by a failure to
exercise reasonable care.

All administrative queries should be directed to the ZonesCorp EHSMS Administrator HSE Division

Higher Corporation for Specialized Economic Zones
P.O. Box: 36000, Abu Dhabi,
United Arab Emirates.
Telephone: (9712) 5073358
Fax: (9712) 5073564
Internet site: www.zonescorp.com
E-mail: hse@zonescorp.com

CODE OF PRACTICE
EHS RISK MANAGEMENT


TABLE OF CONTENTS

1 PURPOSE 4
2 SCOPE 4
3 DEFINITIONS 5
4 EXISTING APPLICABLE LAWS 8
5 RESPONSIBILITIES 11
6 EHS RISK ASSESSMENT & MANAGEMENT FRAMEWORK 13
7 RISK ASSESSMENT & MANAGEMENT BASIC APPROACH 15
8 RISK ASSESSMENT METHODOLOGY 21
9 RISK MANAGEMENT & CONTROL 38
10 RISK RECORDING 43
11 REFERENCES 45
12 APPENDIX1: RISK ACCEPTANCE CRITERIA 46
13 APPENDIX 2: ALARP 50
14 APPENDIX 3: RISK ASSESSMENT TECHNIQUES 53
15 APPENDIX 4: RISK ASSESSMENT METHODOLOGIES 57
16 APPENDIX 5: SELECTION OF RISK ASSESSMENT METHOD 97
17 APPENDIX 6: RISK ASSESSMENT GUIDELINES 102
18 APPENDIX 7: HAZARD & EFFECT REGISTER 110

CODE OF PRACTICE
EHS RISK MANAGEMENT


1. PURPOSE

This document provides guidance on the Environment Health & Safety (EHS)
Risk Assessment and Management Techniques. The Code of Practice set out
a generic framework for establishing the context, identifying, analysing,
evaluating, treating, monitoring and communicating Risks.
This document presents a set of Techniques that shall be used as an integral
part of the entity approach to the identification, assessment and management
of the EHS Risks during Design / Construction / Operations and Maintenance
of Facilities including the Contractor activities.
Risk Assessment Methodologies, Techniques, Guidelines, Formats etc. given
in this document are for guidance purpose. Entities should judicially use
techniques Fit for the Purpose as required by specific Business / Activity /
Operation.
Environment Agency Abu Dhabi (EAD) being the Competent Authority of
EHS Management within Abu Dhabi Emirate has designated Higher
Corporation for Specialized Economic Zones ZonesCorp as the EHS
Regulatory Authority for the Industrial Sector within Abu Dhabi Emirate.
ZonesCorp in its Regulatory Role is the nodal agency for the Entities within
Industrial Sector while interacting with the concerned Govt. Agencies (EAD,
Civil Defense etc.) for fulfilling the applicable regulatory requirements like EHS
Permitting etc.
The Higher Corporation for Specialized Economic Zones ZonesCorp being
the EHS Regulatory Authority for the Industrial Sector in the Emirate of Abu
Dhabi, has established the Environmental, Health & Safety Regulatory
Framework Codes of Practice to communicate the requirements of EHS
management as a key factor in successful business development to all
industries within the Emirate of Abu Dhabi. ZonesCorp considers the
establishment of priorities, programmes and practices as vital for integrating
good environmental, health & safety management into all entities business.
The Industrial Sector EHS Regulatory Framework has been established in line
with the requirements of UAE EHS Laws, Regulations and the Abu Dhabi
(EAD) EHS Management System Framework Documents for the Industrial
Sector. The system is also aligned with other international standards like
ISO14001, OHSAS18001 and BS8800 for Occupational Health.

CODE OF PRACTICE
EHS RISK MANAGEMENT


2. SCOPE

This document is applicable to all Entities within Industrial Sector in Abu
Dhabi Emirate. The Industrial Sector includes but is not limited to Entities in
Abu Dhabi Industrial Cities (ICADs), Al-Ain Industrial Cities (AAICs), Western
Region Industrial Complex, Mussafah Industrial Area and Workers Facilities
(Labour Camps) for Industrial Sector within Abu Dhabi Emirate.
Wherever possible, and rather than providing detail within this document,
reference is made to other, more detailed documents that have been provided
in the ZonesCorp EHS Management System.
3. DEFINITIONS
3.1 Accident
An uncontrolled / unplanned / undesired / uncontrolled event that results in
undesirable consequences to the personnel (injuries/illness) and/or to the
assets (damage/loss) or to the neighbouring community and/or to the
environment. The term Accident is synonymous with Incident wherever used
in ZonesCorp EHS Management Framework
3.2 ALARP (As Low As Reasonably Practicable)
a. To reduce a risk to a level which is ALARP involves balancing reduction in
risk against the time, trouble, difficulty & cost of achieving it.
b. This level represents the point, objectively assessed, at which the time,
trouble, difficulty and cost of further reduction measures become
unreasonably disproportionate to the additional risk reduction obtained.
3.3 Aspect
Element of an organisations activities products or services that can interact
with the environment (ISO 14001, 2003)
3.4 Barriers
a. Elimination and prevention measures that remove or reduce the likelihood
of realising a hazards potential for harm.
b. Barriers may be physical (materials, protective devices, segregation, etc.)
or non-physical (procedures, inspection, training, drills, etc.)
3.5 COMAH: Control of Major Accident Hazards
3.6 COMAH Report: The Control of Major Accident Hazards Report is a report
compiled by a major hazard site entity and submitted to ZonesCorp, as part of
the EHSIA process that demonstrates that the entity has taken all steps
necessary to prevent major accidents and to reduce their consequences.
CODE OF PRACTICE
EHS RISK MANAGEMENT


3.7 Consequence
The result of an accidental event sequence (fire, explosion, toxic gas
dispersion, etc.) that could affect people, the environment, Entitys assets or
reputation
3.8 Effect : An adverse impact on people, the environment, Entitys assets or
reputation
3.9 EAD: Environmental Agency Abu Dhabi
3.10 EHS: Environment Health & Safety
3.11 EHSIA: Environment Health Safety & Impact Assessment
3.12 EHSMS: EHS Management System
3.13 Entity: Facilities within Industrial Sector including Industrial, Commercial,
Residential and Welfare.
3.14 Hazard: The potential to cause harm, including ill health and injury, damage
to property, products or the environment; production losses or increased
liabilities.
3.15 HRA: Occupational Health Risk Assessment
3.16 HSE Case: A demonstration of how the Entity HSE objectives are being met
in a methodical and auditable reference document. A completed Case will
provide a reference document to all information relevant to the safety, and
health of the operations personnel, environment and resources on an
installation.
3.17 HSE Critical Activities
a. Activities that are important in preventing events with potential to cause
serious harm to people, the environment, Entitys property and/or
reputation and can reduce the impact of such an event.
b. The definition of serious harm includes the critical, severe and catastrophic
categories shown in the Risk Matrix as provided in this document.
3.18 Impact
Any change to the environment whether adverse or beneficial, wholly or
partially resulting from Entitys facilities, activities, products or services.
3.19 Incident: An uncontrolled / unplanned/undesired / uncontrolled event that
results in undesirable consequences to the personnel (injuries/illness) and / or
to the assets (damage/loss) or to the neighbouring community and/or to the
environment. The term Incident is synonymous with Accident wherever used
in ZonesCorp EHS Management Framework
CODE OF PRACTICE
EHS RISK MANAGEMENT


3.20 Industrial Sector: Industrial Sector within Abu Dhabi Emirate includes but not
limited to Entities (Industrial Units etc.) in Industrial Cities developed by
ZonesCorp, Industrial Areas like Mussafah, Mafraq, etc. and Workers
Facilities (Labour Camps) for Industrial Sector
3.21 Major Accident: An Uncontrolled Occurrence which leads to severe or
catastrophic effects to people, the environment, Entitys reputation or assets.
Refer to Risk Matrix
3.22 Major Accident Hazard: A hazard that has the potential to result in a Major
Accident
3.23 Manual of Normal Operations (NOM): Defines the limit of safe operation
permitted for a particular asset if risk management measures are reduced
and/or removed with the objective of maintaining a tolerable level of risk.
3.24 Manual of Emergency Operations (EOM): Considers combinations of
hazards and hazardous events caused by the need for simultaneous
operation and construction in order to maintain a tolerable level of risk
3.25 Risk: The product of the measure of the likelihood of an occurrence of an
undesired event and the potential adverse effects that this event may have on
people, the environment, Entitys assets or reputation
3.26 Risk Management Measures: A risk management hierarchy to eliminate,
prevent and control HSE risks to a acceptable and ALARP level.
3.27 Self-Regulation is a concept designed to enhance protection of human
health and the environment by encouraging the regulated community to
voluntarily discover, disclose, correct, and prevent violations of relevant laws.
For the purpose of the EHSMS, self-regulation is defined as: Action
undertaken by entities to develop and implement an Environment, Health and
Safety Management System that complies with the laws and policies of the
Emirate of Abu Dhabi and international standards
3.28 Shall: The Term shall as used in this document is intended to describe
mandatory requirements.
3.29 Should: The term should is intended to designate optional or practices which
ZonesCorp does not consider mandatory, but does recommend that Entities
consciously evaluate any deviation from these recommended practices
3.30 SIMOPS: Simultaneous Operations
3.31 Tenant: The Project Proponent/Lease Holder/Concession Agreement Holder/
Owner/Operator of an Entity within the Industrial Sector in Abu Dhabi Emirate
3.32 Top Event: The release of a hazard. The undesired event at the end of the
fault tree and at the beginning of the event tree. The centre point in the Bow
Tie Diagram.
CODE OF PRACTICE
EHS RISK MANAGEMENT


3.33 Threats: A possible cause that will potentially release a hazard and produce
an incident. Examples include damage caused by thermal (high temperature),
chemical (corrosion), biological (bacteria), radiation (ultraviolet), kinetic
(fatigue), climatic condition (poor visibility), uncertainty (unknowns) or human
factors (competence).
3.34 Task Risk Assessment (TRA): A process of formal identification,
assessment and recording of the risks involved in any particular operation so
that appropriate controls can be introduced. TRA is synonymous with job
safety analysis (JSA).
CODE OF PRACTICE
EHS RISK MANAGEMENT


4. EXISTING APPLICABLE LAWS
All Tenants shall ensure that their operations comply with all relevant UAE
and Abu Dhabi Environmental, Health and Safety laws and regulations.
Environmental, Health and Safety regulations in the UAE are gradually being
implemented.
This Code of Practice has been developed to ensure compliance to or exceed
the requirements of all relevant legislative statutes and regulations,
specifically including but not limited to:
4.1 Federal EHS Laws and Codes including UAE Standards Industrial Safety &
Health Regulations (Emirates Authority for Standardization & Metrology)
4.2 Local Law No. ( ) of 2008 concerning Environment Health & Safety
Management System in Abu Dhabi Emirate
4.3 Local Law No. 16 of 2005; Article 14 Establishment or Individual is prohibited
to carry out any activity that could adversely affect the lives of human beings
and the safety of the environment before obtaining a license from the Agency.
4.4 Local Law No. 21 of 2005 on the Waste Management in Emirate of Abu Dhabi
4.5 Local Law No. 23 of 2005 and the Executive Regulations Regarding the
Health Insurance Scheme for the Emirate of Abu Dhabi
4.6 Federal Law No. 1 of 2002 Regarding Organisation & Monitoring the Use of
Radiation Resources and Protection
4.7 Federal Law No. 8 of 1980. The Labor Law (as amended 1986)
4.8 Federal Law No. 23 of 1999 Marine Bio-Resources in the UAE
4.9 Federal Law No. 24 of 1999 for the Protection & Development of the
Environment
4.10 Regulations / Executive Orders made under the Federal Environment Law
a. Federal Bylaw; Protection of Air from Pollution (Ministerial Order # 12 of
2006)
b. Federal Bylaw; System for Protected Area
Ministerial Decree No. 37 of 2001 concerning the approval of the Executive
Orders for Law No. 24. It includes the following Regulations:
a. Environmental Impact assessment of Projects 2001
b. Assessment of Environmental Effects of Installations 2001
c. Protection of the Marine Environment 2001
d. Handling Hazardous Materials, Hazardous Wastes & Medical Wastes 2001
e. Pesticides, Agricultural Additives and Fertilizers 2001
CODE OF PRACTICE
EHS RISK MANAGEMENT


4.11 Ministerial Decrees & Decisions:
a. Decree No. 50/2003 Basic Regulating Rules for Ionizing Radiation
Protection
b. Decree No. 55/2004 Basic Regulations for Protection against Ionizing
Radiation.
c. Decree No. 56/2004 Basic Regulations for Safe Transport of Radioactive
Materials
d. Decree No. 57/2004 Basic Regulations for Radioactive Waste Management
e. Decree No. 214/2004 on Use of Sludge on Land
f. Ministerial Order No.32/1982 on the Determination of Preventative
Methods and Measures for the Protection of Labor from Risks at Work
4.12 Abu Dhabi Emirate Environment Protection Policies (EEPPs)
a. Part 1 Air Quality
b. Part 2 Water Quality
c. Part 3 Land Quality
d. Part 4 Noise
e. Part 5 Waste
f. Part 6 Hazardous Substances
g. Part 7 Occupational and Environmental Health & Safety
h. Part 8 Biodiversity and Conservation
4.13 Abu Dhabi Emirate Environment Protection Policies Standards
a. Part 1 Air Quality Standard
b. Part 2 Water Quality Standard
c. Part 3 Land Quality Standard
d. Part 4 Noise Quality Standard
4.14 Abu Dhabi Emirate EHS Management System Codes of Practices
a. Self Regulation
b. Roles & Responsibilities
c. Risk Management
d. Audits & Inspection
e. Emergency Management
f. Monitoring and Reporting
g. Management Reviews
4.15 EAD Regulations on Hazardous Material & Waste Permit
4.16 Industrial Safety and Health Regulations Occupational Health and
Environmental Control SSUAE No. 209 / 1995.
CODE OF PRACTICE
EHS RISK MANAGEMENT


5. RESPONSIBILITIES
5.1 Competent Authority
The Competent Authority (EAD) in cooperation with the Regulatory Authority
(ZonesCorp) shall approve the types of entities (targeted entities) that should
develop & implement an EHSMS in accordance with the Abu Dhabi Emirate
EHS Law.
The Competent Authority (EAD) shall set mechanisms for:
Reviewing and approving EHSMS developed by Entities to ensure
compliance with the requirements of the EHSMS at Abu Dhabi Emirate
level.
Auditing the EHSMS implemented by different entities.
The Competent Authority (EAD) shall promote the importance of
implementing the EHSMS.
The Competent Authority (EAD) shall be responsible for reporting to the
Executive Council the performance of the EHSMS at Abu Dhabi Emirate level.
5.2 Regulatory Authority
Regulatory Authority shall administrate, advise and support the EHSMS
Framework of Industrial Sector
The Regulatory Authority (ZonesCorp) in cooperation with the Competent
Authority (EAD) shall:
Develop Industrial Sector EHS Policy and Establish EHS Regulatory
Framework including Codes of Practice & Guidelines
Identify the types of entities that should develop & implement an EHSMS
in accordance with the Abu Dhabi Emirate EHS Law
Review and approve EHSMS developed by entities in compliance to the
requirements of the Abu Dhabi Emirate EHSMS.
Audit the EHSMS implemented by different entities.
Receive EHS Performance from Industrial Sector Entities
Compile and report EHS Performance of Industrial Sector to the
Competent Authority (EAD)
Promote the importance of implementing the EHSMS
5.3 Entities
5.3.1 Entities shall develop and implement an EHSMS within their areas of
jurisdiction to protect their employees, the community and the environment
from any adverse impacts arising from their activities.
CODE OF PRACTICE
EHS RISK MANAGEMENT


5.3.2 Entities shall provide and maintain a safe environment for workers, avoid any
risk to human health, avoid adverse impact to environment and prevent
environmental pollution.
5.3.3 Entities having an EHSMS are required to audit their System in order to
ensure conformance with ZonesCorp EHSMS Requirements.
5.3.4 Entities having established an EHSMS are required to demonstrate self
regulation
5.3.5 Entities having an EHSMS are required to submit an annual report to the
ZonesCorp / EAD on the performance of their System as per the mechanism
set by ZonesCorp.
5.4 Employers Duties
5.4.1 Employers have the ultimate responsibility to ensure the health and safety of
their employees.
5.4.2 Employers have a general Duty of Care to take all practicable steps to ensure
the safety of their employees while at work, visitors and contractors.
In particular, they are required to take all practicable steps to:
Provide and maintain a Safe Working Environment;
Provide and maintain facilities for the Safety and Health of employees at
work;
Ensure that machinery and equipment are safe;
Ensure that working arrangements are not hazardous to employees; and
Ensure a Safe System of Work comprising at least of Procedure, Training,
Communication & Supervision is in place
Ensure procedures are available to deal with emergencies that may arise
while employees are at work.
CODE OF PRACTICE
EHS RISK MANAGEMENT


6. EHS RISK ASSESSMENT & MANAGEMENT FRAMEWORK
6.1 The framework for carrying out a detailed Environment, Health and Safety
Risk Assessment & Management involves the following key stages:
a. Hazard Identification;
b. Hazard Assessment;
c. Exposure Assessment; and
d. Risk Characterisation
e. Risk Management (Elimination, Substitution, Control etc.).
6.2 This framework provides for a qualitative and/or quantitative estimation of risk,
based on an estimated exposure to a workplace hazard or contaminant (or
dose), and the likelihood that this will give rise to an adverse affect (i.e. the
dose response).
6.3 The Risk Assessment and Management Framework is explained in Figure 6.1
Figure 6.1: Framework for EHS Risk Assessment and Risk Management

CODE OF PRACTICE
EHS RISK MANAGEMENT


6.4 Hazard Identification and Risk Assessment involves a series of steps as
described below.
Figure 6.2 - Four Steps to HSE Risk Evaluation and Management

IDENTIFY
ASSESS MANAGE RECORD
HSE RISK EVALUATION AND MANAGEMENT
IDENTIFY
ASSESS MANAGE RECORD
HSE RISK EVALUATION AND MANAGEMENT

1. Identification
Identification of hazards and aspects to People, Environment, Assets and
Reputation (PEAR), based upon consideration of factors such as the physical
and chemical properties of the fluids being handled, the arrangement of
equipment, operating and maintenance procedures and processing conditions.
2. Assessment
Assessment of the risk arising from the hazards and consideration of its
tolerability to personnel, the facility, the environment and the Entity reputation.
This normally involves a process of definition of initiating events, identification of
possible accident sequences, estimation of the probability of occurrence of
accident sequences and assessment of the consequences/ impact. The
acceptability of the estimated risk must then be judged based upon criteria
appropriate to the particular situation.
3. Management
Effective management of the risks to an acceptable and ALARP level. This
implies that where deemed necessary, the risks will need to be eliminated or
reduced. This involves identifying opportunities to reduce the likelihood and/or
consequences of an accident.
4. Recording
Recording of HSE risk assessment studies and their findings in terms of the risk
management measures utilised to manage HSE risks to an acceptable and
ALARP level. Recommended method are HSE Case & Hazard & Effect Register

CODE OF PRACTICE
EHS RISK MANAGEMENT


7. RISK ASSESSMENT & MANAGEMENT BASIC APPROACH
7.1 The Risk Management Philosophy as outlined in this document provides an
overview of EHS Risk Assessment & Management requirements as shall be
applied by the Entities
7.2 Section 7 outlines the Risk Assessment & Management Process in detail.
7.3 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment
Techniques, Methodologies and the Guidelines for conducting Risk
Assessment
7.4 This document and other relevant Code of Practices as listed in Section 6 of
this document provide detailed methods, techniques and requirements for
specific EHS Risk Assessment categories.
7.5 Entities may develop their own procedures appropriate to their operations/
activities provided that the legal requirements stipulated in Law concerning
The Management of Environment, Health and Safety in Abu Dhabi Emirate
are met.
7.6 Risk Assessment & Management: The following flowchart shows the steps
involved in Risk Management. The Process is explained in further detail in the
subsequent sections.

Establish the context
Identity hazards
Assess risk
Risk control
Esta
blis
h
the
cont
ext
C
o
n
s
u
l
t
a
t
i
o
n

Esta
blis
h
the
cont
ext
R
e
v
i
e
w

CODE OF PRACTICE
EHS RISK MANAGEMENT


7.7 DEFINE THE SCOPE (ESTABLISH THE CONTEXT)
The first step in the risk management process is to define the scope of the risk
management activity. The purpose of this step is to establish the parameters
of the process including the criteria by which risks will be assessed.
Therefore, this step defines the strategic and organizational context in which
the remainder of the risk management process operates. This includes:
7.1.1 Defining the external and internal stakeholders and their objectives;
7.1.2 Defining the organizational context - this is the context within which the risk
management policy is to be implemented, including what each person's
responsibilities are and what resources are required;
7.1.3 Establishing the risk management context including;
a. Defining the scope of the specific activity whose risks the process is
intended to manage;
b. Setting an overall time frame for completion of the process;
c. Identifying the resources required and distributing the responsibilities
for conducting the remainder of the process;
d. Developing the risk evaluation criteria - these may be legal, social or
financial;
e. Planning the structure of the risk management process into logical
elements.
7.8 HAZARDS IDENTIFICATION
7.8.1 EHS Regulations require that hazards are identified in the workplace and
that procedures are in place and are used to identify, assess and control
hazards:
a. Before setting up and using a workplace;
b. When planning work processes;
c. Before installing, commissioning or erecting plant;
d. Whenever changes are made to:
The workplace;
The system or method of work;
The plant used;
The chemicals used;
e. Whenever new information regarding work processes becomes
available.
CODE OF PRACTICE
EHS RISK MANAGEMENT


7.8.2 Hazard Identification consists of three main components listed below and
elaborated in subsequent sub-sections.
a. Defining Risk Assessment Objectives;
b. Defining EHS Values to be protected; and
c. Developing the Conceptual Site/Project Model.
7.8.3 DEFINING RISK ASSESSMENT OBJECTIVES
a. Defining the objectives of the risk assessment is one of the most
important steps in the risk assessment process, as inappropriate
objectives may lead to important issues being excluded from the
assessment.
b. The objectives of a risk assessment must be clearly defined prior to
any work, should be flexible, and may change during the course of the
assessment.
c. When defining risk assessment objectives, consideration needs to be
given to:
Why risk assessment is required (project design, EHSIA process,
EHSMS development etc);
The stage of the investigation (preliminary or detailed) and
associated limitations and uncertainties;
The environmental values which need to be protected;
The health and safety values which need to be protected;
Environment, health and safety context;
The audience (land owner/occupier, regulator/auditor, planning
authorities, public);
Management decisions; and
Issues for which the risk assessment process cannot be of
assistance.
d. The objectives of a preliminary assessment may be framed in broad
terms. Issues identified in the Projects Conceptual Planning Phase will
help target environmental health and safety risks.
e. The objectives of a detailed risk assessment should be more specific
and tailored to the issues identified at a site. For example, if the
preliminary risk assessment shows that only human health risk is an
issue of concern, then ecological assessment may not be necessary.
Likewise, the screening assessment may identify particular chemicals
of concern that the detailed assessment should focus on.
CODE OF PRACTICE
EHS RISK MANAGEMENT


7.8.4 EHS VALUES TO BE PROTECTED
Abu Dhabi Emirate Environment Health & Safety Protection Policies (EEPPs)
define the environment, health and safety values, indicators and objectives to
be met, and must be referred to when undertaking a risk assessment.
a. For establishing a Risk Assessment & Management System, It is
extremely important to first establish the environment health and safety
values that need to be protected for the site or activity.
b. In general, these values will reflect the existing uses of the land and the
existing and realistic future uses of the land surrounding the
site/project.
c. EHS values that are typically relevant for particular projects are listed
below.
Human Health and Safety
Aesthetics
Ecological
Groundwater and Surface Water
Adjacent Land Values
7.8.5 CONCEPTUAL SITE/PROJECT MODEL
When developing the Conceptual Site/Project Model for hazard
identification, consideration needs to be given to:
a. Whether the hazard has a single or multiple source (e.g. pollution
and/or contamination of drinking water supply from a chemical spill, vs.
particulates in the air arising from diesel engines, wood heaters and
tobacco smoke);
b. Whether the emissions affects multiple environmental media (e.g.
industry emissions contaminating air, soil, water and food);
c. Who will be affected by the hazard (e.g. employees, contractors,
visitors);
d. How do stakeholders perceive the problem? Do different groups have
different perceptions? (e.g. a stakeholder group comprised of workers
at a facility who are also nearby residents may have complex
perceptions); and
e. How do the hazards compare to other environmental, health and safety
hazards affecting the community?
Section 8 elaborates Project Risk Management concepts.
CODE OF PRACTICE
EHS RISK MANAGEMENT


7.9 EVALUATE (ANALYZE & ASSESS) HAZARDS & ESTABLISH RISK
7.9.1 The main objectives for carrying out a risk assessment are to ensure that
human health, assets, and the environment are protected, and that the
necessary resources are allocated in a prioritised and defensible manner to
ensure that any unacceptable risks identified will be reduced to acceptable
levels.
7.9.2 Where risk assessment identifies the potential for exposure to exceed the
determined maximum permissible or allowable exposure, then risk
management is necessary to reduce the potential risk to human health, the
environment or environmental values.
7.9.3 Risk assessment formalises the process of identification of the key issues
associated with operating an industry or undertaking an activity in Abu Dhabi
Emirate, including the nature of the industry/activity, the potential expected
hazards, data gaps, and the level of uncertainty.
7.9.4 All identified hazards shall be subject to an evaluation for risk potential. This
means analyzing the hazard for its probability for a loss event to occur, as well
as the likely consequences of this event. ZonesCorp recommends,
progressively, the use of following three risk assessment methods. Refer to
Table 8.1 for brief explanation.
a. Qualitative
b. Semi-Quantitative
c. Quantitative
The basis of this process is the Risk Assessment Matrix (refer to Figure 8.1).
7.9.5 A critical element to each level of risk assessment is the development of a
Conceptual Site/Project Model that describes the pathways by which
exposure from pollution / contaminant / occupational health and safety hazard
or incident / accident may occur (section 7.8.5). Refer to Section 8 for details
about Project Risk Management.
7.9.6 In general, environmental pollution / contamination is associated with air,
noise, water, waste, and land. Occupational health and safety hazards are
determined by the nature of the site and the work being performed (e.g.
chemical exposure, fire and explosion, lack of oxygen, ionizing radiation,
biological hazards, safety hazards, electrical hazards, heat stress, cold
exposure, noise and ergonomics), they can be broadly classified as physical,
chemical and biological hazards
7.9.7 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment
Assessment
CODE OF PRACTICE
EHS RISK MANAGEMENT


7.10 RISK MANAGEMENT & RECORDING
7.10.1 Risk assessment and management requires a high degree of objectivity and
scientific skill.
7.10.2 Risk Management: To manage the Risk, the entity shall:
7.10.3 Identify the Risks associated with the activities of the organisation and
document in the Hazard & Effect Register (detailed in Section 8); and
7.10.4 Evaluate the level of significance of the risk (e.g. Extreme Risk, High Risk,
Moderate Risk and Low Risk basing on qualitative assessment, semi-
quantitative or quantitative assessment, where appropriate (detailed in
Sections 9).
7.10.5 Reduce the Risk at an acceptable and as low as reasonably practicable risk
level via means of prevention, mitigation or recovering, where appropriate
(detailed in Section 10 & 11 and Appendix 1 & 2).
7.10.6 It is vital that the operational programs and procedures which are assessed
against risks are identified and managed. Continuous improvement is the key
to future HSE performance.
7.10.7 The identified risks (plus the associated risk level) shall be documented on an
Hazard & Effect Register (Appendix 7). The Register shall be reviewed and
updated at regular time intervals.

CODE OF PRACTICE
EHS RISK MANAGEMENT


8. RISK ASSESSMENT METHODOLOGY
8.1 This section outlines the concepts and approach for Risk Assessment
including the Project Risk Assessment (Refer to Section 8.14)
8.2 The objective of a risk assessment is to filter the projects with minor
acceptable risks from the projects with major non-acceptable risks. It involves
consideration of the sources of risk, the consequences and the likelihood that
those consequences may occur.
8.3 Risk analysis may be undertaken to various degrees of refinement depending
upon the risk information and data available. Analysis techniques include:
a. Qualitative assessment;
b. Semi-quantitative assessment; and
c. Quantitative assessment.
8.4 Appendix 3, 4, 5 and 6 provides description of various Risk Assessment
Assessment
8.5 In practice, a qualitative analysis is often used to first obtain a general
indication of the level of risk and then a more quantitative analysis is applied
to refine the risk.
8.6 A quantitative risk assessment can be undertaken based on statistical
analysis when the qualitative assessment does not accurately determine the
level of risk for various consequences and probabilities. In the absence of
statistical data, an estimate may be made of the degree of the consequence
and frequency.
8.7 The risk assessment methodology provided in this code of practice uses a
semi-quantitative process for determining risk. The semi-quantitative process
estimates the degree of the consequence and probability and assigns a score
to each. The score allocated does not have to bear an accurate relationship
to the actual magnitude of consequences or likelihood.
8.8 LEVELS OF RISK ASSESSMENT
8.8.1 Some form of risk assessment will be required for all industry or activities that
are to be licensed by the Environment Agency and/or others.
8.8.2 Depending on the site circumstances and the stage of the investigation, the
risk assessment may involve different levels of assessment, ranging from a
simple desktop study through to a detailed assessment as part of a formal
EHSIA (Environment, Health and Safety Impact Assessment) process.
8.8.3 The goal of the Tiered approach is to use simple conservative assumptions in
preliminary assessments to identify which issues are likely to be most relevant
CODE OF PRACTICE
EHS RISK MANAGEMENT


with respect to risk, allowing more detailed (site-specific) risk assessment to
focus on these issues.
8.8.4 This approach allows resources to be focused on the more critical issues
associated with a site or project in a prioritised and defensible manner to
ensure that any unacceptable risks will be reduced to an acceptable level.
8.8.5 EHS Risk Assessments should be performed according to a Tiered Risk
Assessment framework described in Table 8.1 below.
Table 8.1: Tiered HSE Risk Assessment Methodology
TIER DESCRIPTION
1 Tier 1 Qualitative Risk Assessment
Tier 1 risk assessment is an initial risk assessment process, based on the
Qualitative Risk Assessment Matrix (RAM) Figure 7.1, normally carried out
by the Entity or Contractor(s) staffs who are non specialists. It shall be
applied to all construction & operation related activities using the Qualitative
Risk Assessment Technique.
Task Risk Assessment (TRA) must also be carried out for tasks which will
require a permit or for other HSE critical tasks carried out outside permit
areas, e.g., office or workshops etc.
The Tier 1 screening process ensures that requirements for control measures
and HSE Management programmes are identified. These should reduce the
risk to low on the RAM. Where risks cannot be reduced to low they should
be passed through to a more detailed Tier 2 assessment of risk and
evaluation of control measures.
In principle, all events with a major accident hazard potential shall in
accordance with be directly passed to a Tier 2 Quantitative Risk Assessment
(QRA).
CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 8.1: Tiered HSE Risk Assessment Methodology
TIER DESCRIPTION
2 Tier 2 Quantitative Risk Assessment (QRA)
Tier 2 risk assessments are all other assessments that are applied to assess
the risk. These could be semi-quantitative (i.e. numerical scoring,
engineering calculations, or simple modelling) in order to evaluate in greater
detail and certainty the key HSE risk issues identified in a Tier 1 risk
assessment and to evaluate suitable control procedures and HSE
management programmes. When uncertainties exist a reasonable level of
conservatism should be applied.
Tier 2 risk assessment also includes the use of QRA techniques that may be
applied to H, S, or E risks.
8.8.6 In practice, a qualitative analysis is often used to first obtain a general
indication of the level of risk and then a more quantitative analysis is applied
to refine the risk.
8.8.7 A quantitative risk assessment can be undertaken based on statistical
analysis when the qualitative assessment does not accurately determine the
level of risk for various consequences and probabilities. In the absence of
statistical data, an estimate may be made of the degree of the consequence
and frequency.
8.8.8 The risk assessment methodology provided in this code of practice uses a
semi-quantitative process for determining risk.
8.8.9 The semi-quantitative process estimates the degree of the consequence and
probability and assigns a score to each. The score allocated does not have
to bear an accurate relationship to the actual magnitude of consequences or
likelihood.
8.9 HAZARD IDENTIFICATION
8.9.1 A key element in identifying and managing hazards in the facility (Entity) is
a systematic approach to the identification of hazards and the assessment of
the associated risk in order to provide information to aid decision-making on
the need to introduce risk reduction measures.
8.9.2 Hazard identification is the process of identifying the concerns that the risk
assessment needs to address and establishes a context for the risk
assessment. Hazard identification comprises four phases:
a. Identification of environment, health and safety hazards and
determining whether they are hazards amenable to risk assessment;
CODE OF PRACTICE
EHS RISK MANAGEMENT


b. Putting the hazards into their environment, health and safety context
(classification and prioritising of problems and hazards);
c. Identification of potential interactions between agents; and
d. Defining the scope and objectives of the risk assessment.
8.9.3 The hazard identification process should be carried out for each level of
assessment. The level of detail required for the Hazard Identification depends
on the level of assessment and the quality of the Issue Identification carried
out for any preceding assessments.
8.9.4 Hazard Identification should be carried out as part of the initial planning stage
prior to design and construction, and then revisited as further information
becomes available and the pollution, contamination, and/or human health and
safety issues at the site are better understood. If a detailed risk assessment
(Stage 3) is required, the Stage 1 and 2 assessments become inputs for the
Stage 3 assessment.
8.9.5 Hazard Identification consists of three main components listed below and
elaborated in Sections 6 above.
d. Defining Risk Assessment Objectives;
e. Defining EHS Values to be protected; and
f. Developing the Conceptual Site/Project Model.
8.9.6 In general, EHS hazards can be identified from findings on:
a. National / International Legislation, Standards;
b. HSE Audits / Inspections / Walk Through
c. Peer reviews
d. Job Safety and Risk Analyses / Task Risk Assessment
e. Model Reviews
f. P&ID reviews
g. Accident/incident and near miss reporting
h. Failures of software and hardware systems
i. Incidents of human error
j. Workplace surveys;
k. Incident analysis;
l. Personal observations;
m. Health & Safety Committee items or discussions;
n. Warning labels or sign (including HAZCHEM placard);
o. Material Safety Data Sheets;
CODE OF PRACTICE
EHS RISK MANAGEMENT


p. Manufacturers manuals or instructions;
q. Technical journals;
r. Consultants reports.
8.9.7 Recommended Techniques for hazard Identification are listed below and
explained in Appendix 3
a. Hazard Analysis (HAZAN) / PHAs
b. What ifs
c. Hazard identification (HAZID) Studies
d. Hazard & Operability (HAZOP) Studies
e. Failure Mode & effect Analysis (FMEA)
f. Environment Impact Assessment (EIA)
g. Fault Tree / Event Tree Analysis
8.9.8 The identified risks (plus the associated risk level) shall be documented on an
Hazard & Effect Register (Appendix 7). The Register shall be reviewed and
updated at regular time intervals.
CODE OF PRACTICE
EHS RISK MANAGEMENT


8.10 EVALUATE IMPACTS AND CONSEQUENCES
8.10.1 In order to conduct an initial project risk assessment for screening, impacts
(actual and potential) and where applicable potential incident events, are to be
identified for each aspect of the project. For example, the risk assessment
should be completed for both construction and operation, and potentially for
individual elements of the project.
8.10.2 In this semi-quantitative level of analysis, a point score is used which rates the
consequences of the impact for each aspect.
8.10.3 For the discharge or emission of a pollutant, evaluating factors such as those
listed below should help in the assessment of relative consequence:
a. Persistence;
b. Toxicity;
c. Health effects;
d. Concentration of chemical;
e. Volume discharged per event;
f. Duration of the discharge;
g. Proximity to water-bodies;
h. Potential dilution;
i. The area of land/marine waters affected; and
j. Taking into account secondary consequences and existing mitigation
measures.
8.10.4 Regarding occupational health and safety, evaluating factors such as those
listed below will help in the assessment of relative consequence:
a. Health effect (e.g. long / short term effects, fatality, degree of injury /
illness, disability);
b. Damage to assets (e.g. plant, premises)
8.10.5 The potential consequences must be judged using all available information,
this information may include, but not be limited to:
a. Control measures in place; written systems of work, permit-to-work
procedures for the tasks;
b. Monitoring data from within and outside the organisation;
c. Tasks being carried out, their duration and frequency and locations;
d. Plant, machinery, powered hand tools to be used;
CODE OF PRACTICE
EHS RISK MANAGEMENT


e. Size, shape, surface character and weight of materials that may be
handled; distance and heights to which materials have to be moved by
hand;
f. Service used (e.g. compressed gas), substances used or encountered
during the work;
g. Parties carried out the tasks (training received); and
h. Legal requirements.
8.10.6 Table 8.2 provides a consistent method of assessment that can be applied by
different personnel and at different times.
8.10.7 For the project screening risk assessment, five levels of severity of
consequences have been used insignificant, minor, moderate, major and
catastrophic. Refer to Table 8.3 below. The definitions used to assess relative
consequences have been adopted from HB 203:2000 as recommended by
Abu Dhabi Emirate EHS Management System Framework.
8.11 ESTIMATE PROBABILITY OF OCCURRENCE
8.11.1 The probability of occurrence then needs to be estimated. Table 8.2 below
provides likelihood ratings with descriptions for estimating the likelihood of
each occurrence.
8.11.2 Frequency descriptions have been split into Environment plus Health and
Safety for clearer explanation.
8.11.3 The probability of occurrence from any event, mode of occurrence or failure
mechanism should be considered.
8.11.4 In addition to evaluating the frequency for normal operating conditions, the
following conditions could be considered:
a. Abnormal, start up and shutdown operating conditions;
b. Incidents, accidents and potential emergency situations; and
c. Current activities and planned future activities.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 8.2: PROBABILITY OF OCCURRENCE
Descriptor Likely Frequency Probability
Environment Health and Safety
Frequent Continuous or will
happen frequently.
Occurs several times a year
at location.
5
Often 5 12 times per year. Occurs several times a year
in similar industries in UAE.
4
Likely 1 5 times per year. Has occurred at least once
in UAE.
3
Possible Once every 5 years. Has occurred in industry
(Worldwide).
2
Rare Less than once every
five years.
Never encountered in
industry.
1
8.12 RISK ESTIMATION
8.12.1 The level of risk is calculated by multiplying the Consequence Score and
Probability of Occurrence together:
Risk = Consequence Score x Probability of Occurrence
8.12.2 The final outcome is in relative point scores, rather than actual risks.
8.12.3 Note that risk estimations should be carried out assuming a well-managed
installation operating under normal conditions. Risk scores do not reflect the
highest risks under adverse conditions/worst-case scenarios.
8.13 RISK EVALUATION
8.13.1 The relative risk score estimated as defined in Section 8.9 enables definition
between those risks that are significant, and those that are of a lesser nature.
This allows a better understanding of the least probable events with high
consequence against the highly probable low consequence events. Having
established the comparative risk level applicable to individual impacts, it is
possible to rank those risks.
8.13.2 Four risk categories have been used: Extreme, High, Moderate, and Low.
8.13.3 Risk Assessment Matrix (RAM) is given in Figure 8.1. The risk matrix provides
a method for initially quantifying risks qualitatively (rated as Low, Moderate,
High, or Extreme) and semi-quantitatively (with respect to assets lost figures).
It is therefore also used as a screening process so that effort can be
concentrated on the higher levels of risks.
CODE OF PRACTICE
EHS RISK MANAGEMENT


8.13.4 For higher-level risks acceptance criteria have been established and these
are described in Section.
8.13.5 The Risk Matrix (RAM) is color-coded as follows for ease of use:

COLOUR RISK REQUIREMENT
RED Extreme Activity or industry should not proceed in current form
BEIGE High
Activity or industry should be modified to include
remedial planning and action and be subject to
detailed EHS Assessment
YELLOW Moderate
Activity or industry can operate subject to management
and / or modification
GREEN Low No action required, unless escalation of risk is possible

a. Green Acceptable Risks
Recognized and need to be managed by procedures or safe systems of
work and reduced further where possible
b. Yellow & Beige Area of Concern and ALARP
Shall be subject to further semi-quantitative assessment, e.g. bow tie or
failure modes analyses (refer to Appendix 3)
Risks in this area shall be subject to an ALARP demonstration and may be
reduced or managed through design and management control (refer to
Appendix 1 & 2)
c. Red Unacceptable
Must be subject to a full, quantified risk assessment, probably using a
specialist contractor, specific modelling and calculation techniques and
programs and recognized databases. Refer to Appendix 3
These risks shall preferably be eliminated but if this is not possible will be
reduced by design, e.g.: Prevention / Control / Mitigation / EER
(Evacuation, Escape & Rescue)

CODE OF PRACTICE
EHS RISK MANAGEMENT


FIG 8.1: RISK ASSESSMENT MATRIX (RAM)
Consequence
2

Probability
2

Insignificant
(1)
Minor
(2)
Moderate
(3)
Major
(4)
Catastrophic
(5)
Rare (1) 1 2 3 4 5
Possible (2) 2 4 6 8 10
Likely (3) 3 6 9 12 15
Often (4) 4 8 12 16 20
Frequent (5)
Almost Certain
5 10 15 20 25
15 25
Extreme
Risk
1

Activity or industry should not proceed in current
form
8 12 High Risk
Activity or industry should be modified to include
remedial planning and action and be subject to
detailed EHS Assessment
4 6
Moderate
Risk
Activity or industry can operate subject to
management and / or modification
1 3 Low Risk
No action required, unless escalation of risk is
possible

1: Risk is the multiple of Probability & Severity of Consequence
2: Probability: Refer to Table 8.1 above for getting definition of Probability of
Occurrence
3: Consequence: Refer to Table 8.3 for Potential EHS Impact & Potential Incident
Consequence Rating

CODE OF PRACTICE
EHS RISK MANAGEMENT


TABLE 8.3: POTENTIAL EHS IMPACT AND POTENTIAL INCIDENT CONSEQUENCES RATING
Area impacted Insignificant
Consequences
Minor
Consequences
Moderate
Consequences
Major
Consequences
Catastrophic
Consequences
ENVIRONMENT
Land-based ecosystem Insignificant
environmental impact.
Occasional damage by
erosion, or of flora and
fauna. Some disruption
to flora or fauna
habitats.
Minor impacts on
fauna/flora and
habitat, but no
negative impacts on
ecosystem function.
Limited damage to a
minimal area of land
of no significant
value (i.e. no unique
habitats).
Temporary damage/
disruption (<1 month)
to flora or fauna
habitats.
Significant changes
in flora/ fauna
populations and
habitat. Disruption to,
or some death of,
rare flora or fauna,
but not resulting in
eradication of
endangered species.
Non-persistent but
possibly widespread
damage to land:
damage that can be
remediated without
long-term loss;
localised persistent
damage; or
significant temporary
damage (<1 year) to
ecosystem.
Continuous and
serious damage by
erosion or to flora
or fauna. Major
disruption to, or
frequent death of,
rare flora or fauna.
Major destruction of
significant habitat.
Long-term and
significant change in
population (e.g.
eradication of
endangered species)
or habitat with
negative impact on
ecosystem function.
Widespread
destruction to a
significant area of
land, rare flora and
fauna and/or
groundwater
resource.
Aquatic ecosystem Occasional short-term
impact and/or
Minor impact on
aquatic ecosystem,
Significant localised
impacts but without
Significant
widespread impact
Damage to an
extensive portion of
CODE OF PRACTICE
EHS RISK MANAGEMENT


Consequences
Minor
Consequences
Moderate
Consequences
Major
Consequences
Catastrophic
Consequences
disruption to aquatic
flora and fauna.
including flora, fauna
and habitat. No
significant impact on
water resources.
longer-term impact
on aquatic
ecosystems, and/or
short term impacts
on water resources.
on protected wildlife
(e.g. migratory
shorebirds, marine
plants, fish breeding
grounds), or aquatic
ecosystems of
moderate duration.
aquatic ecosystem
resulting in severe
impacts on aquatic
populations and
habitats and/or long-
term impact on water
resources.
Atmosphere/waste/other Temporary nuisance
from noise, odour,
dust, other air
emissions, greenhouse
gases, vibration, visual
impact.
Minor use of water,
fuels and energy and
other natural
resources.
Results in the
generation of
significant quantities of
non-hazardous
wastes.
Minor environmental
impact due to
contained release of
pollutant (including
odour, dust and
noise), fire or
explosion with no
lasting detrimental
effects. No outside
assistance required.
Significant use of
water, fuels and
energy and other
natural resources.
Creation of noise,
odour, dust, other
controlled/
uncontrolled air
emissions,
greenhouse gases,
vibration, and visual
impact at significant
nuisance levels.
Results in the
generation of
significant quantities
of hazardous wastes.
Major
environmental
impact due to
uncontained
release, fire or
explosion with
detrimental effects.
Outside assistance
required.
Catastrophic
environmental impact
due to uncontained
release, fire or
explosion with
detrimental effects.
Outside assistance
required.
Extensive chronic
discharge of
persistent hazardous
pollutant.
Results in the
generation of
significant quantities
of intractable wastes.
Cultural heritage Minor repairable Minor repairable Moderate damage to Major damage to Irreparable damage
CODE OF PRACTICE
EHS RISK MANAGEMENT


Consequences
Minor
Consequences
Moderate
Consequences
Major
Consequences
Catastrophic
Consequences
(indigenous and
modern)
damage to
commonplace
structures.
damage to
structures/ items of
cultural significance,
or minor
infringements of
cultural values.
cultural significance,
or significant
infringement of
cultural values/
sacred locations.
cultural
significance, or
major infringement
of cultural values/
sacred locations.
to highly valued
structures/ items/
locations of cultural
significance or
sacred value.
HEALTH
Health Effects Insignificant impact on
surrounding
communities.
Minor complaints or
exposure during
plant shutdown or
maintenance.
Maximum occurrence
limited to two times
per year
Ongoing complaints
from community.
Significant emission
or discharge that
impacts on
surrounding
population.
Major ongoing long-
term health effects
likely to
surrounding
communities and
workers.

Extreme health risk
potential for death in
community.
SAFETY
Human Health and
Safety
Near miss incident or
trivial injuries, which
may require self-
administered first aid.
Injured personnel can
continue to perform
normal duties.
Injuries requiring on-
site treatment by
medical practitioner.
Personnel unable to
continue to perform
duties.
Serious injuries
requiring off-site
treatment by medical
practitioner or
immediate
evacuation to
hospital. Potential
Single fatality. Multiple fatalities.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Consequences
Minor
Consequences
Moderate
Consequences
Major
Consequences
Catastrophic
Consequences
long-term or
permanently
disabling effects.
Production Loss Incident event without
causing production
loss.
Production loss or
delay up to one
week.
Production loss or
delay of one week to
one month.
Production loss or
delay for over one
month.
Loss of licence to
operate or ability to
produce indefinitely.
Total cost of impacts or
incident event
Financial loss
(compensation, fines,
cost to repair, plant
damage) of less than
AED5,000
Financial loss
damage) of
AED5,000 -
AED50,000.
Financial loss
damage) of
AED50,000 -
AED500,000
Financial loss
(compensation,
fines, cost to repair,
plant damage) of
AED500,000 -
AED10M.
Severe financial
penalties or legal
liabilities. Financial
loss (compensation,
fines, cost to repair,
plant damage) of
greater than
AED10M.

CODE OF PRACTICE
EHS RISK MANAGEMENT

Document No ZC-COP-EHS03 Date of Issue 21 Sept. 2008

8.14 PROJECT RISK ASSESSMENT
Project Risk Management shall be ensured by conducting EHS Impact
Assessment along with all other applicable Risk Assessments as outlined in
Appendix 3 & 4. The implementation of Risk Assessments Findings /
Recommendations is the key to achieve the desired Risk Management
8.14.1 CONCEPTUAL SITE/PROJECT MODEL
a. A Conceptual Site/Project Model should be first developed as part of the
screening risk assessment, and then revised and improved as more
detailed information on the contamination becomes available and the
issues and nature of the site are better understood.
b. For exposure to occur, a complete pathway must exist between the source
of pollution / hazard and the receptor (i.e. the person or ecosystem
components potentially affected). Where the exposure pathway is
incomplete, there is no exposure and hence no risk via that pathway. An
exposure pathway will typically consist of the following elements:
Source of pollution or contamination / hazard (e.g. a spill; via the
operation of a piece of equipment; the size, shape, surface character
and weight of materials that may be handled; distances and heights to
which materials have to be moved by hand; the service used such as
gas supply);
Release mechanism (e.g. migration in soil, leaching to water, emission
to air);
Retention in the transport medium (e.g. soil, groundwater, surface
water, air);
Exposure point (e.g. where a person comes in contact with pollution or
contamination; an unsafe act / incident / accident regarding
occupational health and safety may affect employees and even people
who may not be in the workplace all the time (e.g. visitors);
Exposure route (e.g. inhalation, ingestion, absorption through the skin).
c. When developing the Conceptual Site/Project Model for hazard
identification, consideration needs to be given to:
Whether the hazard has a single or multiple source (e.g. pollution
and/or contamination of drinking water supply from a chemical spill, vs.
particulates in the air arising from diesel engines, wood heaters and
tobacco smoke);
Whether the emissions affects multiple environmental media (e.g.
industry emissions contaminating air, soil, water and food);
CODE OF PRACTICE
EHS RISK MANAGEMENT


Who will be affected by the hazard (e.g. employees, contractors,
visitors);
How do stakeholders perceive the problem? Do different groups have
different perceptions? (e.g. a stakeholder group comprised of workers
at a facility who are also nearby residents may have complex
perceptions); and
How do the hazards compare to other environmental, health and safety
hazards affecting the community?
8.14.2 ENVIRONMENT HEALTH & SAFETY IMPACT ASSESSMENT (EHSIA)
a. An EHS Impact Assessment (EHSIA) Report is a living document that
considers the full lifecycle of project, facilities and operations. It must
address the HSE impacts in each of the life cycle phases i.e. project
conception, design, tender, construction, commissioning, operation,
decommissioning, abandonment and site restoration of a project.
ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide
guidance about the requirements for conducting EHS Impact Assessment
b. ZonesCorp requires the preparation of EHSIA Reports during the
Conceptual design and FEED (Front End Engineering & Design).stage.
The report should address the potential impacts associated with the facility
throughout the life cycle (design, construction, commissioning, operation,
maintenance and de-commissioning) of the project.
c. The EHSIA Report must present an overview of anticipated HSE Hazards,
impacts and associated levels which are based on analysis of relatively
broad HSE information of conceptual technical design and the
environment in which the project will be located.
d. The report must make recommendations regarding HSE issues that must
be addressed throughout the life cycle of the project i.e. issues to be
included in the detailed design and studies/analysis that can only be
conducted meaningful during or after detailed design.
e. The EHS Impact Assessment Report must demonstrate that:
All Accident Hazards have been systematically identified and recorded
in a Hazard and Effects Register, including Risk Ranking as High,
Medium or Low;
All Occupational Health Hazards have been systematically identified,
risks assessed and suitable action to mitigate these risks and to protect
employees from these risks have been taken;
Major Accident Hazards (MAH) have been identified, and suitable
control, mitigation and recovery measures are proposed and will be
implemented;
The EHSIA Report must demonstrate that Project Proponent can
construct and operate in line with ZonesCorp / EAD Criteria for Risk
CODE OF PRACTICE
EHS RISK MANAGEMENT


Tolerability and that risks are As Low As Reasonably Practicable
(ALARP);
That there is an Implementation Plan that shows how control,
mitigation and recovery measures for MAH will be implemented and
managed throughout the facility lifecycle;
That all HSE Risk including that resulting from Medium and Low
Accident Hazards will be managed by the Projects Environment,
Health & Safety Management System (EHSMS);
That Emergency Response Plans (on-site and off-site where
necessary) in relation to Major Accident Hazard have been or will be
prepared based on credible emergency scenarios, with necessary
stakeholder consultation.
CODE OF PRACTICE
EHS RISK MANAGEMENT


9. RISK MANAGEMENT AND CONTROL
9.1 RISK MANAGEMENT
9.1.1 Risk Management measures should follow this hierarchy:
a. Elimination of the hazard, e.g., adoption of an alternative activity,
b. Prevention of incidents (i.e. reduction of the probability of occurrence)
c. Control of incidents (i.e. limit the extent and duration of a hazardous
event)
d. Mitigation of the effects (i.e. reduce the consequences / effects).
9.1.2 The hierarchy of Risk Management include:
Order No. Control Example
Firstly Eliminate Removing the hazardous piece of
equipment out of service.
Secondly Substitute Replacing a hazardous substance or
process with a less hazardous one, eg
substituting a hazardous substance with
a non-hazardous substance.
Thirdly Isolation Isolating the hazard from the person at
risk, eg using a guard or barrier.
Fourthly Engineering Redesign a process or piece of
equipment to make it less hazardous.
Fifthly Administrative Adopting safe work practices or
providing appropriate training,
instruction or information.
Sixthly Personal Protective
Equipment
The use of personal protective
equipment could include using gloves,
glasses, earmuffs, aprons, safety
footwear, dust masks.
9.1.3 Elimination of the hazard should always be first choice, followed by
preventative measures, such as using inherently safer design or adopting safe
operating procedures. Mitigation of consequences, e.g., by use of appropriate
PPE, should always be last choice.
CODE OF PRACTICE
EHS RISK MANAGEMENT


9.1.4 Measures to recover from incidents should be provided based on risk
assessment and should be developed taking into account possible failures of
the control and mitigation measures. Based on the findings of the evaluation,
detailed health, safety and environmental objectives and management
programmes should be set at appropriate levels.
9.1.5 When the risk is categorised, the management shall identify the corrective
action in order to manage the hazard at an acceptable and as low as
reasonably practicable (ALARP) risk level. For hazard with low risk, actions
may not be required. Refer Fig 9.2.
9.2 RISK CONTROL
9.2.1 Risk control must be achieved using a predetermined hierarchy of controls.
The primary aim of risk control is to eliminate the risk, the best way of
achieving this being to remove the hazard. If this is not possible the risk must
be minimised using one or more of the other control options from the
hierarchy.
9.2.2 The risk control measure selected must be the highest possible option in the
hierarchy to minimise the risk to the lowest level as reasonably practicable.
9.2.3 In many cases, it will be necessary to use more than one control method.
Back-up controls, such as personal protective equipment, should only be used
as a last resort or as a support to other control measures.
9.2.4 While the risk control process concentrates on controlling the highest ranked
risks first, this does not mean that lower priority risks which can be controlled
quickly and easily should not be controlled simultaneously. The best available
control measures should be put in place as soon as possible.
9.2.5 In some cases it may be necessary to put temporary controls in place until
such time as the proper controls can be instituted. Wherever there is a high
risk and the control measures are not immediately available, temporary
controls which reduce the risk(s) must be put in place or the activity must
cease until adequate controls are implemented.
9.2.6 During the risk assessment process, the effectiveness of existing controls
should have been evaluated. The risk control phase must take account of any
necessary changes to existing control measures to ensure that the best
available protection is afforded. In doing so, it important to check current
controls against the hierarchy of risk controls to determine whether the
highest option on the list is used. Just because controls have been in place for
some time does not mean that they cannot be improved on. As with all stages
of the risk management process, consultation is required to ensure that
management and staff at all levels can make a contribution to the
identification, assessment and control of the risks associated with hazards.
9.2.7 For specific EHS hazards, applicable legislation, codes of practice or
standards will provide the information on what controls are to be implemented.
ZonesCorp EHS Documents are referred in Section 10 of this document.
CODE OF PRACTICE
EHS RISK MANAGEMENT


9.2.8 Controlling hazards are critical to the success of reducing the risk of hazards
in the workplace. Based on the risk assessment, controls will need to
implement to reduce the risk to an acceptable level.
Risk Level Corrective Action Time Frame
Extreme Immediately
High 24 hours
Medium 14 days
Low 28 days
Negligible Not applicable

9.2.9 At least one control method in the corrective action plan is required to be
implemented within the specified time frame to reduce the risk to an
acceptable level.
9.2.10 Upon the nature of the hazards, control measures shall be identified and
implemented (applicable to moderate risk, high risk and extreme risk). The
hierarchy of control shall be as follows:
a. Elimination of the hazard (where possible);
b. Substitution (e.g. use a less hazardous substance / environmentally
friendly materials);
c. Engineering - for plant and equipment (e.g. exhaust ventilation);
d. Procedural (e.g. via improving work methods, housekeeping); and
e. Personal protective equipment (PPE) it is the last resort if the above
measures are not practicable.
9.2.11 In the evaluation of which measures shall be taken, consideration shall be
given to reducing risk to a level deemed ALARP. It is a consideration of the
legal requirements, international standard/guideline (e.g. exposure limit for
chemicals), balance amongst organizations HSE policy/objectives, public
awareness and its tolerance, availability of resources, cost and benefits, the
status of scientific and technical knowledge. It shall be noted that the status of
the said factors are changed from time to time.
9.2.12 To reduce a risk to an ALARP level (in fact, it is difficult to determine the exact
level), it involves balancing reduction in risk to a level, objectively assessed,
where the trouble, difficulty and cost of further reduction measures becomes
unreasonably disproportionate to the additional risk reduction obtained. To
demonstrate ALARP, it requires consideration of different options to ensure
the organization gets best reward over the lifetime of the operation.
9.2.13 When the mitigation / recovering measures are identified, an action plan shall
be formulated addressing roles and responsibilities, training required for the
CODE OF PRACTICE
EHS RISK MANAGEMENT


relevant parties, time frame for completing the actions, the required changes
for the EHSMS and its associated documents / procedures, the procedures
for quality assurance, monitoring, maintenance and inspection (where
appropriate). More importantly, the action plan shall be followed up (e.g.
progress) to ensure actions are closed per the plan.
9.2.14 Depending upon the magnitude of risks and the potential consequences of
hazards, risk assessment shall be periodically reviewed by competent staff
(normally at annual intervals). The review shall verify if the base assumptions
have changed since the original design was implemented or since the risks
were reviewed previously (e.g. change of legal requirements, public
perception, whether the introduction of new technology could reduce the
ALARP level, whether the performance of the plant/equipment lived up to the
expectation of the original design in terms of accident and equipment uptime).
9.2.15 Safety procedures and risk control measures shall also be reviewed at regular
time intervals to ensure their effectiveness and coping with the change in the
matters to which they relate.
9.2.16 Figure 9.1 and 9.2 elaborates concepts of Risk Acceptability, ALARP and
Hierarchy for Risk Management
CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure 9.1: RISK ACCEPTABILITY
Broadly
Acceptable
Region
The ALARP
region
(risk is undertaken only
if a benefit is desired)
Intolerable
region
Risk cannot be justified on any
grounds
Tolerable only if risk reduction is
impracticable or if its cost is
grossly disproportionate to the
improvement made
Tolerable if cost of reduction
would exceed the improvement
gained
No need for detailed work to
demonstrate ALARP
Negligible risk
Broadly
Acceptable
Region
The ALARP
region
Intolerable
region
grounds
improvement made
gained
demonstrate ALARP
Negligible risk

Figure 9.2 - Risk Management Hierarchy (UK Health & Safety Executive)
Alarms, guards and shields, fire
and blast walls, safety valves,
separation, deluge, control of
release energy, secondary
containment, drain systems,
recovery (emergency response,
medivac, fire-fighting, clean-up,
reinstatement), PPE, etc.
OVERVIEW
Permanently remove
or replace the hazard
Reduce the likelihood
of the hazard occurring
Reduce the consequence
and effects of the hazard
RISK MANAGEMENT
HIERARCHY
ELIMINATE
PREVENT
CONTROL
Permanently stop activity or
chemical usage, replace
chemical with less harmful
chemical, etc.
Risk assessment, inventory
reduction, design standards,
protective devices, drills, training,
asset integrity (risk based
inspection and reliability centred
maintenance), incident
investigation, HSE audit,
competency assurance, etc.
EXAMPLES
Alarms, guards and shields, fire
and blast walls, safety valves,
separation, deluge, control of
release energy, secondary
containment, drain systems,
recovery (emergency response,
medivac, fire-fighting, clean-up,
reinstatement), PPE, etc.
OVERVIEW
Permanently remove
RISK MANAGEMENT
HIERARCHY
ELIMINATE
PREVENT
CONTROL
chemical, etc.
EXAMPLES
Permanently remove
RISK MANAGEMENT
HIERARCHY
ELIMINATE
PREVENT
CONTROL
ELIMINATE
PREVENT
CONTROL
chemical, etc.
EXAMPLES

ALARP
CODE OF PRACTICE
EHS RISK MANAGEMENT


10. RISK RECORDING
Risk Records are always maintained as the LIVE Documents.
10.1 Recordkeeping is essential for effective Risk Management through identifying
the responsibilities, setting target dates tracking the recommendations,
implementation follow-up, close-out etc.
10.2 Following are the recommended methods for Risk Management
Recordkeeping
a. HSE Case
b. HAZOP / HAZID Recommendations & Close-out Sheets
c. Hazard & Effect Register (Appendix 7)
d. HSE Impact Assessment Action Plans
10.3 This section outlines the key requirements for HSE Case and Appendix 7
provides guidance for developing the Hazard & Effect Register
10.4 Entities may use any Format for Hazard Management Recordkeeping
satisfying or exceeding the requirements of this document.
10.5 HSE CASE
A demonstration of how the Entity HSE objectives are being met in a
methodical and auditable reference document. A completed Case will provide
a reference document to all information relevant to the safety, and health of
the operations personnel, environment and resources on an installation
An HSE Case may be described in different ways but it is typically done in 7
parts as follows:
10.5.1 Part 1: Management Summary and Introduction
This includes a summary of the Case objectives, the main findings and risks,
and a brief introduction to the main document. Sometimes the management
summary is extracted as an executive document for distribution to senior
managers, leaving Part 1 as the Introduction.
10.5.2 Part 2: HSE MS for facility or operation.
A description of those elements of the HSE Management System that are
directly applicable to the operation or facility.
10.5.3 Part 3: Activities Catalogue
A description of those HSE-critical activities which are applicable to the
operation of facility. This is recorded at a level, which shows that the controls
are in place, and that these are suitable and sufficient for the risks addressed.
CODE OF PRACTICE
EHS RISK MANAGEMENT


10.5.4 Part 4: Description of Operation or Asset.
A description of the operation or facility, adequate to provide background
information to the hazards and effects analysis, to enable a clear
understanding of EHS-critical aspects. This will include, for example,
safeguarding systems and emergency response capabilities.
10.5.5 Part 5: Hazard and Effects Register
a. This contains a demonstration that all hazards and effects have been
identified, and the necessary risk evaluation has been carried out and
that necessary controls to manage the causes and consequences are
in place for those risks identified as significant through a process of
ranking.
b. Significant environmental effects* will be included if the case is to be
used for compliance with ISO-14001, (* For ISO 14001, this will include
a description of those 'aspects' which result in environmental effects.)
c. Typically, the controls and procedures in place to manage HSE
workplace hazards, effects and aspects which occur across the
company are described in one place and referred to from the HSE
Case. Those responsible on the facility for ensuring that the
procedures are followed are identified in the management system in
Parts 2 & 3 of the HSE Case.
10.5.6 Part 6: Shortfalls
This summarises any shortfalls identified, with a plan to resolve the findings
and thereby improve the operation.
10.5.7 Part 7: Statement of Fitness
The Statement of Fitness explains that the hazards and effects associated
with the installation or operation have been evaluated and measures have
been taken to reduce the risks to ALARP, the lowest level that is reasonably
practicable. The Statement of Fitness must affirm that conditions are
satisfactory to continue the operation.
10.5.8 Detailed guidance on how to prepare HSE or Safety Cases can be found in
the following documents:
a. Shell EP95-0310 Implementing and Documenting an HSE Management
System and HSE Cases (Sept ember 1998)
b. Guidance documents by U.K. Health & Safety Executive
CODE OF PRACTICE
EHS RISK MANAGEMENT


11. REFERENCES
11.1 Abu Dhabi Emirate EHS Management System Manual
11.2 ZonesCorp Code of Practice on EHS Management System Framework
11.3 ZonesCorp Code of Practice on EHS Compliance Enforcemet
11.4 ZonesCorp Code of Practice on EHS Audits & Inspections
11.5 ZonesCorp Code of Practice on EHS Impact Assessment (EHSIA)
11.6 ZonesCorp Code of Practice on EHS Risk Management
11.7 ZonesCorp Code of Practice on Integrity Assurance & Management
11.8 ZonesCorp Code of Practice on EHS Management of Contractors
11.9 ZonesCorp Code of Practice on EHS Performance Monitoring & Reporting
11.10 ZonesCorp Code of Practice on Waste Management
11.11 Australia/Standards New Zealand HB 203:2000, Environmental Risk
Management Principles and Process 2001, Appendix F and 4360: 1999,
Risk Management 1999. For Potential EHS Impact and Potential Incident
Consequences
11.12 Shell EP95-0310 Implementing and Documenting an HSE Management
System and HSE Cases (Sept ember 1998)
11.13 Risk Assessment and other guidance documents by U.K. Health & Safety
Executive
CODE OF PRACTICE
EHS RISK MANAGEMENT


Appendix 1
RISK ACCEPTANCE CRITERIA
CODE OF PRACTICE
EHS RISK MANAGEMENT


RISK ACCEPTANCE CRITERIA
This Appendix is provided for guidance purpose only Entities may use any
internationally acceptable Risk Acceptance Criteria.
In general, risks are expressed in terms of Individual Risk and Risk to a Group
(Societal Risk) (Refer to Figure 1).
1. Societal (or Group) Risk
Societal or group risk measures the overall risk of an Operation to the
Entity, the industry or a community. There are several ways of presenting
societal risk, but the measures most used are Potential Loss of Life (PLL) and
fN Curve.
PLL is defined as the long-term average number of fatalities per year due
to a specific cause. The PLL is a measure of the risk to a group of people
as a whole and does not provide details on whether a particular category
of personnel is more exposed than others. In measuring the effectiveness
of various risks reducing measures, it is most appropriate to compare the
PLL values. This approach gives an absolute measure of the benefit (or
otherwise) of that particular option against a defined base case.
fN curve graphically depicts the number of fatalities as a function of the
estimated frequency that those fatalities occur. The fN curve is cumulative,
i.e. the frequency for N fatalities is the frequency of N or more fatalities.
This approach allows to differentiate between High Impact - Low
Frequency events and Low Impact - High Frequency, even if the PLL is
equivalent.
2. Individual Risk
Two measures are used: Location Specific Individual Risk (LSIR) and
Individual Risk Per Annum (IRPA).
The LSIR measure, expresses the risk exposure to any individual, if
initially present, in a particular area for one whole year or for the full
duration of the activity. The risk exposure is calculated for all relevant
hazards and summed to give the overall risk in particular areas of the
plant. In the fatality estimation, the consequences of each outcome from
an accidental event are represented by the probability of death for an
individual initially present in a particular area of the platform when the
event occurs.
The IRPA is a person specific individual risk. The Individual Risk Per
Annum takes the amount of time a person actually spends in a particular
area of the operation into account, e.g. 20% of 12-hour shift working in the
Utility area. If risk could be measured by a risk meter carried by
individuals, than the risk measured would be the IRPA. IRPA is often used
CODE OF PRACTICE
EHS RISK MANAGEMENT


to compare the risk levels between different worker types, since there is a
considerable difference in the type of work and hence the risk exposure.
3. Risk Acceptance Criteria
Risk Acceptance Criteria has adopted criteria for fN and Individual Risk Per
Annum (IRPA).
Risk acceptance criteria that shall be applied as a part of the Quantitative Risk
Assessment Process are provided in Figures 2 and 3.
Figure 1: Risk Measures
Individual Risk
Individual risk IR is defined as the combined fatal risks to a named
individual. IR includes factors such as:
Total Risk, the sum of contributions from all hazards exposed to
Occupancy, the proportion of time exposed to work hazards
Vulnerability, the probability that exposure to the hazard will result
in fatality
IR (Individual Risk) = Total Risk x Occupancy x Vulnerability

Societal Risk
Societal risk is generally used to describe multiple injury accidents /
fatalities or to describe risks to unnamed individuals, which could
include the public and is usually described by F-N Curves (Frequency
vs. Fatalities listed in increasing order of magnitude, 10, 100, 1000 etc.).
SR may also be calculated as a single value known as PLL, which is
given by the expression:
SR = Frequency of hazard occurring x Proportion of time
person(s) are exposed x Number of people exposed x
Vulnerability
Number of people exposed includes workers who are defined as
anybody directly or employed by the Contractor(s).

CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure 2: Risk Criteria for Individual Risk
Broadly
Acceptable
Region
The ALARP
region
Intolerable
region
grounds
improvement made
gained
demonstrate ALARP
Negligible risk
Broadly
Acceptable
Region
The ALARP
region
Intolerable
region
grounds
improvement made
gained
demonstrate ALARP
Negligible risk

Figure 3: Risk Criteria for Societal Risk

F-N Curve for Societal Fatal Risk
1.00E-08
1.00E-07
1.00E-06
1.00E-05
1.00E-04
1.00E-03
1.00E-02
1.00E-01
1.00E+00
1 10 100 1000
FATALITIES
F
R
E
Q
U
E
N
C
Y

(
p
e
r

y
e
a
r
)
Unacceptable Risk
Acceptable Risk
ALARP
2

ALARP
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 2
AS LOW AS REASONABLY PRACTICABLE ALARP
CODE OF PRACTICE
EHS RISK MANAGEMENT


AS LOW AS REASONABLY PRACTICABLE ALARP
ALARP is an abstract concept, which cannot necessarily be expressed, in absolute
or quantitative terms. Therefore the following statements are provided as a guide to
determining whether a particular risk is being managed to an ALARP level:
a. Management decides whether ALARP is achieved, on a case by case basis, for
each particular risk.
b. For each particular risk ALARP can only be determined by comparing a number
of risk management options.
c. If risk is not managed in a manner that meets applicable standards and
international best practice, ALARP has not been achieved.
d. ALARP has not been achieved if for only a small incremental cost, risk could be
appreciably reduced.
e. There are many quantitative and qualitative tools that may be used to
demonstrate that risks are managed to ALARP, e.g. RAM, QRA, HAZOP, HAZID,
HAZAN, SWIFT, best industry practice, etc.
As a guide to deciding whether risk is managed to ALARP, the following statements
can be made about the example in Figure A2:
a. Options 1 and 2 are not ALARP as the risk is not managed to applicable
standards and risk acceptance criteria.
b. Option 3 may be ALARP. However, if for only a small incremental cost, risk could
be reduced further as in Option 4, Option 4 would then be ALARP.
c. Options 5 may not be ALARP as reduction in risk may not be justified by the
additional risk management costs.
d. Option 6 is not ALARP since the risk management costs outweigh the reduction
in risk.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure A2 - Options Appraisal and Managing Risk to ALARP
1 2 3 4 5 6
Increasing
Costs
Decreasing
Level
of Risk
Unacceptable Level of Risk
Risk Management Options
Level of risk that remains when each option is implemented
Costs of implementing each option
ALARP
1 2 3 4 5 6
Increasing
Costs
Decreasing
Level
of Risk
Unacceptable Level of Risk
Risk Management Options
Level of risk that remains when each option is implemented
Costs of implementing each option
ALARP

CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 3
RISK ASSESSMENT TECHNIQUES
CODE OF PRACTICE
EHS RISK MANAGEMENT


This appendix lists the most commonly used techniques for Risk Evaluation. These
are only given as guidelines. Entities may use any Technique suitable to their
business activities and satisfying the requirements of this Code of practice

1. Qualitative Risk Assessment: The qualitative approach uses Risk
Assessment Matrix (refer to Figure 7.1) as a guide in determining the Risk
potential

2. Quantitative Risk Assessment (QRA) uses historical/statistical and failure
data along with computer-generated consequence modelling to generate
people risk data. From QRAs one will get Individual Risk (IR), public risk
and/or Societal Risk (SR)

3. What if. For relatively uncomplicated processes, review the process from raw
materials to product. At each handling or processing step, what if questions
are formulated and answered, to evaluate the effects of component failures or
procedural errors on the process.

4. Checklist. For more complex processes, the what if study can be best
organized through the use of a checklist, and assigning certain aspects of the
process to the committee members having the greatest experience or skill in
evaluating those aspects. Operator practices and job knowledge are audited in
the field, the suitability of equipment and materials of construction is studied,
the chemistry of the process and the control systems are reviewed, and the
operating and maintenance records are audited. Generally, a checklist
evaluation of a process precedes use of the more sophisticated methods
described below, unless the process has been operated safely for may years
and has been subjected to periodic and thorough safety inspections and audits.

5. What-If / Checklist. The what-if / checklist is a broadly based hazard
assessment technique that combines the creative thinking of a selected team of
specialists with the methodical focus of a prepared checklist. The result is a
comprehensive hazard analysis that is extremely useful in training operating
personnel on the hazards of the particular operation.
The review team is selected to represent a wide range of production,
mechanical, technical, and safety disciplines. Each person is given a basic
information package regarding the operation to be studied. This package
typically includes information on hazards of materials, process technology,
procedures, equipment design, instrumentation control, incident experience,
and previous hazards reviews. A field tour of the operation also is conducted at
this time.
The review team methodically examines the operation from receipt of raw
material to delivery of the finished product to the customers site. At each step,
CODE OF PRACTICE
EHS RISK MANAGEMENT


the group collectively generates a listing of what-if questions regarding the
hazards and safety of the operation.
When the review team has completed listing its spontaneously generated
questions, it systematically goes through a prepared checklist to stimulate
additional questions.
Subsequently, answers are developed for each question. The review team
then works to achieve a consensus on each question and answer. From these
answers, a listing of recommendations is developed specifying the need for
additional action for study. The recommendations, along with the list of
questions and answers, become the key elements of the hazard assessment
report.
6. Hazard and Operability Study (HAZOP). HAZOP is a formally structured
method of systematically investigating each element of a system for all of the
ways in which important parameters can deviate from the intended design
conditions to create hazards and operability problems are typically determined
by a study of the piping and instrument diagrams (or plant model) by a team of
personnel who critically analyze effects of potential problems arising in each
pipeline and each vessel of the operation.
Pertinent parameters are selected, for example, flow, temperature, pressure,
and time. Then the effect of deviations from design conditions of each
parameter is examined. A list of key words, for example, more of, less of,
part of, are selected for use in describing each potential deviation.
The system is evaluated as designed and with deviations noted. All causes of
failure are identified. Existing safeguards and protection are identified. An
assessment is made weighing the consequences, causes, and protection
requirements involved.

7. Failure Mode and Effect Analysis (FMEA). The FMEA is a methodically
study of component failures. This review starts with a diagram of the operation,
and includes all components that could fails and conceivably affect the safety of
the operation. Typical examples are instrument transmitters, controllers, valves,
pumps, rota-meters, etc. These components are listed on a data tabulation
sheet and individually analyzed for the following:
Potential mode of failure, (i.e., open, closed, on, off, leaks, etc.)
Consequence of the failure; effect on other components & effects on whole
system.
Hazard class, (i.e., high, moderate, low)
Probability of failure
Detection methods; and
Remarks/compensating provisions.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Multiple concurrent failures also are included in the analysis. The last step in
the analysis is to analyze the data for each component or multiple component
failure and develop a series of recommendations appropriate to risk
management.

8. Fault Tree Analysis. A fault tree analysis can be either a qualitative or a
quantitative model of all the undesirable outcomes, such as a toxic gas release
or explosion that could result from a specific initiating event. It begins with a
graphic representative (using logic symbols) of all possible sequences of
events that could result in an incident. The resulting diagram looks like a tree
with many branches listing the sequential events (failures) for different
independent paths to the top event. Probabilities (using failure rate data) are
assigned to each event and then used to calculate the probability of occurrence
of the undesired event.
This technique is particularly useful in evaluating the effect of alternative
actions on reducing the probability of occurrence of the undesired event.
9. Task Risk Assessment (TRA): is an accident prevention tool that works by
identifying hazards and eliminating or minimizing them before a job is
performed, and before they have a chance to become accidents. Also known
as Job Safety Analysis
10. ENVIRONMENT HEALTH & SAFETY IMPACT ASSESSMENT (EHSIA)
An EHS Impact Assessment (EHSIA) Report is a living document that
considers the full lifecycle of project, facilities and operations.
It must address the HSE impacts in each of the life cycle phases i.e. project
ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide guidance
about the requirements for conducting EHS Impact Assessment
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 4
RISK ASSESSMENT METHODOLOGIES
CODE OF PRACTICE
EHS RISK MANAGEMENT


This appendix outlines brief description about methodologies for various techniques
used for Tier 1 and Tier 2 Risk Assessment. These are only given as guidelines.
Entities may use any Technique suitable to their business activities and satisfying
the requirements of this Code of practice.
The methodologies are provided for:
1. Qualitative Risk Assessment
2. Task Risk Assessment (TRA)
3. Semi-Qualitative Risk Assessment
4. Quantitative Risk Assessment
5. Environment Risk Assessment
6. Hazard Bow-Tie Model
7. Fire Risk Assessment
8. Occupational Health Risk Assessment
9. Safety Integrity Level (SIL) Analysis
10. Simultaneous Operations (SIMOPS)
11. EHS Impact Assessment

CODE OF PRACTICE
EHS RISK MANAGEMENT


A. TIER 1 RISK ASSESSMENT
Risk Assessment Matrix (RAM) is given in Section 7. A Tier 1 Risk Assessment of all
activities in Entity must be carried out against the RAM. To ensure coverage of all
HSE risks, regular screening of all activities should be carried out against the RAM
using Qualitative Risk Assessment.
This appendix also provide details of how Tier 2 Environmental Risk Assessment,
Fire Risk Assessment, and Occupational Health Risk Assessment shall be carried
out. However, Tier 1 assessment of these risks can all be carried out through the
Qualitative Risk Assessment.
The RAM standardizes Tier 1 HSE Risk Assessment within Industrial Sector Entities.
The RAM provided in Fig 7.1 shows Risk as the product of Probability (or likelihood)
and Severity (or consequence). The severity classes can be evaluated with respect
to Environment, Health and Safety. Table 7.3 provides guidance criteria for
identifying the Severity of Consequences.
A1. QUALITATIVE RISK ASSESSMENT (QRA)
The qualitative approach uses Risk Assessment Matrix (refer to Figure 7.1) as a
guide in determining the Risk potential. This approach depends on a select team of
experienced personnel who are knowledgeable regarding accident, historical loss
and failure data associated with the industry, which allows the team to make
professional probability/consequence decisions in order to establish a qualified risk
level.

This technique is a system for structured brainstorming of all HSE Risks arising from
the activities of a particular department or section. The essential features are:
a. All the activities at the facility should be considered for evaluation of risk.
b. As a minimum, the following items shall be considered during a GRA
study:
Hazards associated with the process or facility being reviewed.
Evaluation of any previous process or near-miss incidents.
Applicable engineering and administrative controls.
Consequences of failure of control measures.
Facility site.
Human factors
c. Risks are evaluated against the RAM.
d. The assessment is carried out at a brainstorming session involving a
facilitator, department or section Heads, the first line Supervisor/
CODE OF PRACTICE
EHS RISK MANAGEMENT


Engineer(s) or experienced employees of equivalent calibre who are
responsible for the activities and employees who carry out the activities.
e. The findings are systematically recorded with agreed control measures
and HSE management programmes. Recommended action items shall be
tracked and closed out.
f. Risks which cannot be reduced to low on the RAM are passed to Tier 2
for further evaluation and recommendation of suitable control measures.
g. The exercise is repeated annually.
h. Where TRA is also required, e.g. for tasks requiring a permit, the results of
the assessment should be made available to those responsible for the
TRA.
Sub-Contractor(s) and Consultant(s) who carry out Tier 1 risk assessments, e.g., as
part of EHSIAs, should use methods which are compatible with the requirements of
this document.

CODE OF PRACTICE
EHS RISK MANAGEMENT


A2. TASK RISK ASSESSMENT
1. Purpose
This section provides is to provide guidance on how to conduct a Task Risk
Assessment (TRA).
2. Background: TRA is
a. An accident prevention tool that works by identifying hazards and
eliminating or minimizing them before a job is performed, and before they
have a chance to become accidents.
b. An important part of HRA in that it is the basis for managing workplace
activities hazardous to peoples health.
c. The basis for managing HSE critical activities through individual
constituent tasks associated with workplace operations.
3. Roles and Responsibilities
3.1 Who Performs a Task Risk Assessment?
a. TRA is normally a team exercise involving three to five people.
b. The composition of the team depends on the individual task being
reviewed. Operations & Maintenance Personnel should be involved in the
TRA. If the task is to be carried out in a live operating facility a
representative of the EHS should be in the team.
c. The person involved in leading the analysis should have a level of
technical competence relevant to the job to be analysed, as well as be a
competent in the TRA process.
d. The leader may decide to invite additional people with specific discipline
expertise to participate.
e. Tasks of greater complexity may involve HSE staff.
f. If the task is large or particularly complex, a specialist Facilitator may be
brought in to lead the TRA.
3.2 Implementation of the Task Risk Assessment Process
a. It is the overall responsibility of the facility management that TRA is
applied as and when required.
b. It is the responsibility of the facility management to ensure that adequate
and competent staff and competent TRA Facilitator(s) are available as and
when required for scheduled task risk assessment sessions. .
c. The section head or equivalent responsible for the work that is subject to a
task risk assessment is responsible for initiating the TRA.
CODE OF PRACTICE
EHS RISK MANAGEMENT


d. The responsible job supervisor or equivalent will normally conduct the TRA
using a team of people who will be involved in the work and who can offer
the necessary expertise to evaluate the risks arising.
e. In some cases others with specialist knowledge or experience may need
to join the assessment team.
f. If the task is too complex for the supervisor to handle, it is the Department
Managers (or equivalent) responsibility to assemble a team and assign a
competent TRA Facilitator.
g. It is important to ensure that the agreed recommendations from a TRA are
supported adequately. Ultimately all recommendations made by the
individual or team need to be accepted by the concerned Manager (or
equivalent) and in place before the task are carried out.
h. It is the responsibility of the Section Head (or equivalent) that the findings
and recommendations of the TRA are implemented.
i. If the TRA has been conducted in preparation of a Permit to Work, it is the
person accountable for issuing the work permit that is responsible for
verifying whether the findings and recommendations of the TRA have
been implemented.
j. If needed, those involved in conducting the TRA shall be trained and
guided in the technique. It is the responsibility of facility management that
such training is provided, including training for facilitation skills (e.g. for the
TRA Facilitator).
4. When to Apply a Task Risk Assessment
a. TRA is appropriate for any HSE critical task where the hazards need to be
identified, assessed and controlled.
b. A TRA must be available as a condition of the issuance of a permit to
work. However, TRA may also be appropriate for tasks not carried under
permit, e.g. tasks in the office, workshops etc.
c. During Qualitative risk assessments, the need for TRA may be identified. If
so, the results of the Qualitative risk assessment should be made available
to the TRA.
d. The TRA can be applied to non-routine tasks. The most common areas of
application are indicated in Table 1.
e. Routine tasks do not require a new TRA to be carried out every time but
the existing TRA should be reviewed each time to ensure that there are no
changes in task, personnel or environment which may require a revision
and all personnel involved in the task should familiarize themselves with
the contents of the TRA.
f. TRA should be thoroughly reviewed when major changes are carried out
or at least once a year.
CODE OF PRACTICE
EHS RISK MANAGEMENT


g. See section 1 of Table for details on application of TRA in the facility.
Table 1: Application of TRA
TYPE OF TASK DESCRIPTION
Routine Tasks which have potential for serious personal injury /
illness, or environmental impact, or equipment damage
Tasks possibly conflicting with other activities
Tasks being carried out in unusual circumstances
Jobs in which minor or major accidents have previously
occurred
As verification of the hazard control measures in place of
an established work procedure
Non-Routine New jobs that have never been done previously, or jobs
that are done infrequently

Jobs with steps that have been altered from the original job
steps
5. How to Conduct a Task Risk Assessment
See the flowchart for conducting a TRA, Figure 1. The steps on the flowchart are
numbered and discussed below.
The TRA Worksheet shown in Figure 2 is used to record the findings of the TRA
session.
Step 1 Initiating the TRA
Determine the task to be analysed, establish the scope of work and the objectives of
the TRA. Convene and select appropriate attendees and brief the TRA team.
The scope of work should include the task to be analysed and the range of operating
environments to be considered. The scope of work should also include a clear
description of the geographical area in which the task is to take place.
The above details are recorded in the top half of the TRA Worksheet.
Step 2 Breaking Down the Task
Break down the task into its basic steps, describing what is to be done and in what
sequence. If the TRA is applied to an existing task, this information can often be
found in the present work procedure.
In defining the steps a balance must be made between too much and too little detail.
As a general rule, the demarcation between steps will be marked by some change in
CODE OF PRACTICE
EHS RISK MANAGEMENT


activity or location, which would result in different hazard potential or exposure. As a
rule of thumb, the total number of steps should not exceed 15. If more than 15 steps
are identified and it is not feasible to merge some steps without losing detail, it is
recommended to split the task and conduct a TRA for the separate tasks.
Each step description should clearly provide a statement of what is to be done,
without giving details on how it s done and by whom.
Record the steps on the TRA Worksheet.
Step 3 Identify Hazard Potential
The most important activity in a TRA is the identification of the hazard potential
associated with each of the individual steps.
Examine each basic step for hazards that could be present as a result of the task
itself or of the work environment. At the same time, consider departures from
expected circumstances that could release or expose the hazard.
TRA requires a systematic approach, based on a structured set of questions (see
Table 2) or a checklist (see Table 3).
Record the hazard potential on the TRA Worksheet.
Step 4 Identify Consequences
Establish whether people, environment, assets or reputation can be harmed.
For some task steps it may be necessary to look at one or two of these consequence
measures, e.g. people or environment. If more than one consequence measure is to
be considered; only the consequence with the highest Severity rating should be
described. The severity ratings shall be taken from the Risk Assessment Matrix
(RAM).
Describe the consequences on the TRA Worksheet, and assign the associated
Severity category under S on the worksheet.
Step 5 Determine Risk
Determine the risk associated with the job step being analysed.
In order to estimate the risk, both the consequences and probability of a hazard
potential need to be reviewed. The consequences have already been determined
see Step 4. The probability can now be assigned for the specific consequences
recorded in the previous step, using the RAM (Fig 7.1), i.e., assigning the probability
as improbable, remote, occasional, probable or frequent. For the purposes of TRA
these probability categories should be interpreted as follows:

CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 2- Probability of Occurrence
Descriptor Likely Frequency Probability
Environment Health and Safety
Frequent Continuous or will
happen frequently.
Occurs several times a
year at location.
5
Often 5 12 times per year. Occurs several times a
year in similar industries in
UAE.
4
Likely 1 5 times per year. Has occurred at least once
in UAE.
3
Possible Once every 5 years. Has occurred in industry
(Worldwide).
2
Rare Less than once every
five years.
Never encountered in
industry.
1
The probability category is recorded under P on the worksheet.
With the probability (P) and consequences (S) known, the risk can be assigned I.
Step 6 Identify Control Measures
Use the RAM to determine whether the risk identified is High, Medium (ALARP) or
Low.
For job steps that can be associated with High and Medium risk it is necessary to
identify potential risk reducing measures, and to assess the effectiveness of these
control measures.
Each hazard and potential incident should be examined and control measures
identified. A useful hierarchy of solutions, ranked in order of effectiveness, is shown
in Table 4. A distinction has been made between preventative measures (how can
the consequences/ accident be prevented?) and mitigating measures (how can the
consequences be minimised?).
Note: If the task analysed indicates that a significant number of steps can be
associated with High or Medium risk, the control measures should be reviewed by
looking at the entire task and the overall risks involved. If the task described involves
a number of high risks, a change in the entire task may be more appropriate than
controlling each hazard individually.

CODE OF PRACTICE
EHS RISK MANAGEMENT


Step 7 Determine Residual Risk
Determine the risk level, assuming all of the control measure(s) identified in Step 6
are in place, this is known as the Residual Risk.
The residual risk is estimated using the same principles as applied for determining
the initial risk (see steps 4 and 5 above), except that the control measures is
assumed to be implemented. In general, the control measures can reduce the
consequences (S) or the probability (P).
The residual risk is then assessed in terms of High, Medium (ALARP) or Low
risk. In the event the risk is still High or Medium, other or additional control
measures will need to be contemplated.
Step 8 Implement Control Measure(s)
Once an appropriate control measure has been identified, it may be necessary to
assign an action in order to ensure implementation. The action as well as the
responsible party is recorded on the TRA Worksheet.
Step 9 Recording of TRA
The completed TRA Worksheets should be accompanied by a summary report,
detailing:
The scope of work.
Venue and time of the TRA session(s).
Position/ qualifications of team members.
Assumptions made.
Summary of actions.
Abbreviations used.
A copy of the summary should be available at the workplace for use as a site
reference. Where a programme of Task Risk Assessments has been undertaken, the
results should be filed in an appropriate reference manual. Additional controls
identified during TRA should be incorporated into written work instructions to ensure
that they are applied on all repeat work. Permit to work should not be issued unless
and until all of the safeguards identified in the TRA can be shown to be in place.
Step 10 Review and Update of TRA
If the TRA fails to identify all significant factors or hazards, the way in which the task
is done may differ from that identified in the original TRA.
Therefore it is important to review and update the original TRA after the job has been
completed, to review its relevance as well as to ensure that the experience and
CODE OF PRACTICE
EHS RISK MANAGEMENT


information gained by doing the job remains available to others who may be required
to perform the same or similar jobs.
When reviewing the TRA on completion of the job, the following should be
considered:
Changes to job circumstances. Changes to the environment, specifications, or
tools and equipment can cause job steps to be added, deleted or modified.
Changes in job steps can introduce new hazards requiring new solutions.
Unforeseen hazards. Once a job has commenced, additional unforeseen
hazards may present themselves so that solutions have to be developed on the
job. These job-developed solutions need to be included in the revised TRA.
External influences and interfaces. When conducting a TRA it is often difficult
to identify all of the possible external factors that impact on the job and to assess
the interface with other jobs and people in the immediate vicinity. Feedback of
this type can be invaluable to people planning similar jobs in the future.
For a regularly repeated task, the risk assessed procedure would be the subject of
training and periodic review to ensure it is still valid. Retaining the documented TRA
will allow future users to understand the reasoning behind the specified controls.
In subsequent use, if the responsible Engineer has determined that there has been
no change in conditions, it is not necessary to repeat the TRA itself but only to
maintain the controls as originally developed. Nevertheless, the TRA should be
revalidated at least every 3 years, to ensure that the conditions have not changed
and the control measures are still adequate.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure 1: Task Risk Assessment
Initiation- Identify
Task Scope and
TRA Objectives
Breakdown Task into
Basic Steps
Identify Hazard
Potential
Identify
Consequences
Determine Risk
Risk High or
Medium
Identify Control or
Recovery Measures
Identify Residual
Risk
Risk High or
Medium
Identify Action/
Responsible Person
Work Can Proceed
1
2
3 4 5
6
7
8
Yes
No
Yes
No
Recording of TRA 9
Update TRA 10
P
r
e
-
T
a
s
k

R
e
v
i
e
w
T
a
s
k

E
x
e
c
u
t
i
o
n
P
o
s
t
-
T
a
s
k

R
e
v
i
e
w
A
n
a
l
y
s
i
s

F
o
r

A
l
l

S
t
e
p
s
For All Steps

CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 2: Questions to Identify Hazard Potential

No. EXAMPLE QUESTION
1
Can the employee be struck by or contacted by anything while doing this job
step?
2 Can the employee strike against or make injurious contact with anything?
3 Can he be caught in, on or between anything?
4 Can the employee strain or overexert?
5 Can the employee slip or trip on anything. Can he fall in any way?
6
Can the employee be exposed to any injurious conditions such as g, heat,
fumes, pressure, chemicals, asbestos, etc.?
7 Can the employee injure a fellow employee?
8 Can damage to equipment occur?
9 Can pollution of the environment occur?
10
When is the task to be executed, could it be carried out at a more appropriate
time (e.g. during shutdown)?
11 Where is the task to be performed, could it be carried out in a safer location?
12
Are there any simultaneous operations which have a significant safety impact
on the task (e.g. other tasks occurring as part of the same work scope, or other
work in the adjacent area)?
13
What hazardous materials are involved (e.g. chemicals, combustibles, inert gas)
within the system being worked on or within the area worked in?
14 What hazards are introduced by tools and equipment to be used?
15
What hazards are introduced by the specific circumstances of the job to be
performed (e.g. day / night, exposure to weather, in a shutdown, simultaneous
operations, etc.)?
16
Are there any location related hazards (e.g. working at height, in confined
spaces, below ground, etc.)?
17
Are there any installation related hazards (e.g. pressurised systems, extreme
temperatures, etc.)?
18
Are there any adjacent areas (e.g. below, above, to the side) on which this task
may have an impact?
19
Are there any safety systems involved whose function / availability may be
impaired?
20
Does the task affect emergency response or (e.g. restricting emergency exits,
etc.) or require a dedicated emergency contingency plan?

CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 3: Hazard Checklist

HAZARD
CATEGORY
HAZARDS CONSEQUENCES /EFFECTS
Chemical
Dust
Particulars
Vapour/gas (toxic or
flammable)
Liquid (toxic or
flammable)
Solid
Respiratory disease
Occupational disease
Poisoning, oxygen deficiency,
fire/explosion, burns
Dermatitis, poisoning, fire/explosion,
burns
Fire/explosion, burns
Physical
Noise
Ionising radiation
Slips, trips and falls
Compressed gas
Temperature
Manual handling
Explosion
Confined space
Reduced hearing capability
Cancer
Bruise, fractured bone, fatality
Eye damage, tissue damage
Burns (cold and hot), fire
Chronic back injury, general injury
Fatality, fire
Oxygen deficiency, poisoning
Mechanical
Rotating machinery
Mechanical lifting
Operation of vehicles
Permanent disability
Cuts, bruising, abrasions
Fatality, damage to equipment
Electrical
Static
Voltage > 30 volts
Shock, fire, explosion
Shock, burns, fatality
Biological
Microbiological
organisms
Viruses
Illness
Illness, fatality
Ergonomic
Moving and lifting
equipment
Machinery design
Workstation layout
Control room design
Process plant design
Equipment damage, injury
Inadequate use, injury
Tiredness, headache, fatigue
Inadequate control of plant
Inadequate operation of plant
Psychological
Shift patters
Work organisation
Fatigue, stress, lacking motivation
Inefficient work patterns
Environment Humidity Fatigue
CODE OF PRACTICE
EHS RISK MANAGEMENT


HAZARD
CATEGORY
HAZARDS CONSEQUENCES /EFFECTS
Temperature
Lighting
Population
Space
Inability to work efficiently
Eye strain, headache
Fatigue
Inefficient work patterns
Natural
Earthquake
Rain/ snow
Lightning
Winds (hurricane)
Structural and equipment damage, fire
/ explosion
Structural and equipment damage,
flooding
Structural and equipment damage, fire
/ explosion
Structural and equipment damage

Table 4: Examples of Control Measures

TYPE EXAMPLE CONTROL MEASURE
P
r
e
v
e
n
t
a
t
i
v
e

m
e
a
s
u
r
e
s

1. Eliminating the hazard (e.g. relocating the task to a less hazardous
environment)
2. Substitution (e.g. using a less hazardous material or process)
3. Reducing the frequency of a hazardous task
4. Enclosing/ isolating the hazard through physical barriers (e.g. guards,
distance, spades, isolation)
5. Guarding/ segregating people
6. Additional procedures Additional supervision
7. Additional training
8. Instructions/ information (handouts/signs)
9. Use of (additional) personal protective equipment
M
i
t
i
g
a
t
i
n
g

m
e
a
s
u
r
e
s

1. Use of (additional) personal protective equipment
2. Secondary containment
3. (Additional) detection and alarm systems
4. Escape and rescue equipment/ facilities
5. Emergency procedures

CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure 2: Task Risk Assessment Worksheet

TASK RISK ASSESSMENT WORKSHEET
TASK DESCRIPTION WORK ORDER NO.
TRA TEAM MEMBERS DATE
BASELINE
RISK
RESIDUAL
RISK
STEP
NO.
DESCRIPTION OF TASK
STEP
HAZARD CONSEQUENCES
PEOPLE, ENVIRONMENT,
ASSETS, REPUTATION
CONTROLS
PREVENT, DETECT,
CONTROL, MITIGATE
S P R
ADDITIONAL CONTROL
MEASURES / ACTIONS
RESP.
PARTY
S P R

Reviewed By: Section Head or Equivalent Approved by: Dept. Manager or Equivalent
Name: Sign: Date:

Name: Sign: Date:
S: Severity, P: Probability, R: Risk From The Risk Assessment Matrix (Fig. 8.1)

CODE OF PRACTICE
EHS RISK MANAGEMENT


B. TIER 2: RISK ASSESSMENT
Tier 2 risk assessments are all other assessments that are applied to assess the
risk. These could be semi-quantitative (i.e. numerical scoring, engineering
calculations, or simple modelling) in order to evaluate in greater detail and certainty
the key HSE risk issues identified in a Tier 1 risk assessment and to evaluate
suitable control procedures and HSE management programmes. When uncertainties
exist a reasonable level of conservatism should be applied.
B1. SEMI-QUANTITATIVE RISK ASSESSMENT

The semi-quantitative approach also depends on a select team of experienced
personnel who have access to accident, historical and failure data to make
professional probability decisions.
Semi-quantitative assessments determine consequences based upon in-house
use of hazard/probability tables which further support the risk matrix. The
probability categories relate to the theoretically calculated chance of major
incidents happening. They do not relate to actual events as experienced on
specific plants, locations or companies.

B2. QUANTITATIVE RISK ASSESSMENT (QRA)
Quantitative Risk Assessment (QRA) uses historical/statistical and failure data
along with computer-generated consequence modelling to generate people
risk data. From QRAs one will get Individual Risk (IR), public risk and/or
Societal Risk (SR).

ZonesCorp does not stipulate QRA as a requirement for every Facility or
operation with the aim to numerically quantify overall individual or people risk
levels. The decision to conduct QRA is often driven by complexity, nature,
severity of risks identified and/or the need to better define risk tolerability.

Note: Whichever propriety quantification methodology is used, Entity shall ensure
it:
Has an established track record
Is broadly recognized within industry
Is a development of a methodology with an established track record
Has in-built quality assurance processes
Ensures that assumptions made are recorded, justified and validated
Reports against Dolphin acceptance criteria
Uses recognized databases
CODE OF PRACTICE
EHS RISK MANAGEMENT


1. Purpose
This section describes the general principles of Quantitative Risk Assessment (QRA)
and how it may be applied at Entity assets and Contractor(s) work areas. QRA is
normally carried out by specialists, frequently employed by Consultant(s) and
Contractor(s).
2. Background
QRA is the means by which the risk associated with a hazard can be expressed as a
numerical value, based on the hazards frequency and consequence.
This numerical value can be compared to other risks from other hazards that are
calculated in the same manner. QRA allows for the comparison of risk reduction
options for a particular hazard on an equivalent basis, as well as allowing for the
comparison of risks that are generated from separate and unique hazards (i.e. fire
and explosion risks versus transport accidents).
Because QRA represents risk as numerical values, standard mathematic functions
can also be applied to the results of the quantification. The sum of all risks for all
hazards at a facility gives an indication of the overall risk for that facility, while the
sum of all risks in each particular area of the facility give an indication as to which
locations or equipment sections are the most hazardous.
It is important to contrast QRA with qualitative risk assessment, such as Tier 1
method (RAM). Neither is a better means of evaluating risk than the other, and
either or both can be a valid means of evaluation of a particular risk. Both methods
use the same basic steps of hazard identification, consequence assessment and
exposure assessment in order to characterize risk. The primary differences in the
methods are the level of complexity in these steps, as well as the level of experience
and expertise of the personnel carrying out the assessment and a commensurate
increase in the resources required to complete the exercise.
Typically, qualitative risk assessment is used as a screening tool prior to the
completion of a quantitative assessment.
The result of this increasing use of QRA in the design/review process has
contributed not only to increase safety through Risk-Based Design but also to
improve cost effectiveness and savings in many areas.
QRA can be applied to any type of hazardous event that has the potential to cause
major or catastrophic damage (e.g. loss of life) including (among others):
a. Fire and explosions;
b. Chemical releases (routine and non-routine);
c. Environmental releases;
d. Electrocution;
e. Road transport accidents;
CODE OF PRACTICE
EHS RISK MANAGEMENT


f. Dropped objects;
g. Falls, crushing and drowning; etc.,
Terminology used in evaluation of the hazards that make up these activities may
vary, but the process used is valid for all of them. It is important to note that the use
of QRA is valid for many types of incident.
QRA is frequently associated with fire and explosion incidents, but while these types
of incidents are very visible and dramatic, they account for a relatively small number
of the fatalities which have occurred.
3. When to Apply Quantitative Risk Assessment
The objective of any QRA is quantification of risk into a numerical value so that
comparisons of risks and controls can be performed objectively. Particular examples
where QRA would be applied include:
a. The evaluation of risk reduction options where the relative effectiveness of the
options is not obvious ;
b. When the exposure of the workforce, public or strategic value of the asset is high,
and risk reduction measures are to be evaluated ;
c. When novel technology is involved resulting in a perceived high level of risk for
which no historical data is available;
d. When a demonstration that risks are being managed to a level which is as low as
reasonably practicable (ALARP) is required;
e. The application of QRA need not be limited to large, complex and expensive
studies, however. It is a technique that can be applied quickly and inexpensively
to help structure the solution to problems for which the solution is not intuitively
obvious.
QRA shall be used for evaluating the risks to people from fatalities, risk to assets
from loss or significant damage and identify risk hot spots to provide input into the
EHSIA Reports (COP-EHS04 EHS Impact Assessment) in order to facilitate a
hierarchy of control for risk management at a facility.
QRA is a Tier 2 methodology. QRA shall be used or all high Risks as defined by the
RAM presented in Section 7 Fig 7.1. Medium risks may also be subject to QRA in
order to add value to an ALARP evaluation.
In accordance with the tiered risk assessment approach presented in Section 8 the
RAM shall be used as a Tier 1 screening tool for determining the requirement for a
QRA. In particular all Major Accident Hazards (MAH) should be subject to QRA
For new projects and existing operations the results of QRA should be compared for
defeminising risk acceptability (Section 8)

CODE OF PRACTICE
EHS RISK MANAGEMENT


4. QRA Methodology
Overview
The QRA methodology is described in Table 1 below and depicted in Figure
Table 1: Five Steps of a QRA
Step Description
1 Hazard Identification
The hazard identification consists of a qualitative review of possible accidents
that may occur, based on previous accident experience or judgement where
necessary. There are several formal techniques for this, which are useful in
their own right to give a qualitative appreciation of the range and magnitude of
hazards and indicate appropriate mitigation measures. Formal approaches
include Hazard Identification (HAZID), Hazard & Operability studies (HAZOP),
and Failure Mode and Effect Analysis (FMEA).
In the context of QRA, hazard identification uses similar techniques, but has a
more precise purpose - selecting a list of possible accidental scenarios that
shall be further analysed quantitatively.
Sometimes checklists are used. However, the most powerful tools for
identification of events that may create incidents are imagination combined
with experience. For this reason, a brainstorming session with those
personnel involved in the design and operation of a process is often effective
in determining a list of top events.
2 Frequency Estimation
Once the potential accidental scenarios have been identified, frequency
analysis estimates how likely it is for the scenarios to occur. The frequencies
are usually obtained from statistical analysis of previous accident experience.
In some occasions the statistical data cannot be applied directly to the
selected accidental scenarios, in which case theoretical modelling may be
required in particular the use of Fault Tree Analysis (FTA) and occasionally
Event Tree Analysis (ETA).
However, if historical data is not available or only available for facilities
operating in different circumstances, or FTA cannot be applied, it is necessary
to rely on the opinion of experts to interpret data for comparable equipment in
order to make the best estimation.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Step Description
3 Consequence Analysis
In parallel with the frequency estimation, consequence analysis evaluates the
resulting effects if the accidents occur, and their impact on personnel,
equipment and structures, the environment or business. Estimation of the
consequences of each possible event often requires some form of computer
modelling, but may be based on accident experience or judgements if
appropriate.
Physical effects from the release of hydrocarbons or toxic material such as
dispersion, explosion over-pressures and heat radiation have to be calculated
to assess whether escalation is a realistic possibility and the extent of the
damage following the escalation. Important factors such as leakage rate and
time dependence need to be calculated during consequence assessment
prior to the determination of actual damages to people, assets and the
environment.
Often ETA is used to structure the possible outcomes of accidental
scenarios. E.g. if ignited a flammable gas release can result in a jet fire, flash
fire or explosion, depending on factors such as timing of ignition (immediate
or delayed) and the degree of confinement in the area where the release
occurred. ETA can help to organise the outcomes as a function of the
parameters.
4 Risk Estimation
Once the frequency and consequence for each scenario are determined as
statistical quantities, potential loss for each scenario can be calculated as the
product of the frequency and consequence values. Total potential loss can
also be determined as the sum of the potential loss for each discreet
scenario.
Various forms of risk presentation may be used (risk measures); as further
described in Appendix A. In general, risks are expressed in terms of
Individual Risk and risk to a group (Societal Risk).
CODE OF PRACTICE
EHS RISK MANAGEMENT


Step Description
5
Risk Assessment
Up to this point, the process has been purely technical, and is known as risk
analysis. The next stage is to introduce criteria, which are yardsticks to
indicate whether the risks are acceptable, or to make some other judgement
about their significance. Risk assessment is the process of comparing the
level of risk against a set of criteria as well as the identification of major risk
contributors. The purpose of risk assessment is to develop mitigation
measures for unacceptable generators of risk, as well as to reduce the overall
level of risk to As Low As Reasonably Practical (ALARP).
The ZonesCorp risk criteria are discussed in Appendix A.
In order to make the risks acceptable; risk reduction measures may need to
be implemented. The benefits from these measures can be evaluated by
repeating the QRA with them in place, thus introducing an iterative loop into
the process. The economic costs of the measures can be compared with
their risk benefits using cost-benefit analysis.
It is important to note that quantification of risk is an engineering exercise, but
evaluation of ALARP is a management exercise. Ranking of options on the
basis of the criteria considered important can be done objectively, but only
management can make the value judgments required in selection of the
criteria and determine the end points of practicability.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Figure 1: QRA Methodology

CODE OF PRACTICE
EHS RISK MANAGEMENT


C. OTHER EHS RISK ASSESSMENT TECHNIQUES

Depending on the nature of an activity or operation such as new projects, additional
or complementary EHS Assessments or studies may be undertaken or referenced in
support of risk management requirements.

This includes environment risk assessment, health risk assessment, escape,
evacuation and rescue studies, fire and explosion risk assessment or modelling etc.
Subsequent sections elaborates various types of Risk Assessments
C1. ENVIRONMENT RISK ASSESSMENT
1. Purpose
This section describes the general principles of Environmental Risk Assessment
(ERA) and how it may be applied to entity assets and Contractor (s) work areas.
2. Background
ERA is a measure of the potential threats to the environment and combines the
probability that an event will lead to environmental degradation, with the severity of
that degradation. ERA is an important tool for evaluating the potential consequences
of an action or activity on the environment and for allowing informed decisions to be
made on the magnitude of environmental risk.
ERA allows a proactive approach to be taken to environmental management, rather
than a reactive one focusing only on remedial measures. ERA is now widely
recognised as an essential tool for businesses to incorporate environmental issues
into their management systems.
ERA is a key and integral component of sustainable development that is the need
to ensure that activities carried out by society today do not compromise the ability of
future generations to meet their needs. Sustainable development is recognised
worldwide as a guiding principle that should be incorporated into all development
decisions which could potentially impact on the environment. ERA is also linked to
the Precautionary Principle which was adopted internationally by world
governments at the United Nations Rio Conference in 1992. This principle states:
Where there are threats of serious or irreversible damage, lack of full
scientific certainty shall not be used as a reason for postponing
costeffective measures to prevent environmental degradation.
3. When to Apply Environmental Risk Assessment
In general, it shall be used for all the assets and Contractor(s) work areas, which are
likely to have significant impacts on the environment and should be used in
conjunction with EHS Impact Assessment. ZC-COP-EHS04
CODE OF PRACTICE
EHS RISK MANAGEMENT


ERA is integral part of the EHSIA reporting In particular ERA support an
Environmental Impact Assessment (EIA) required as part of an EHSIA Report. ERA
can also provide essential input on environmental risks for Pollution Prevention and
Control (PPC) assessments.
4. ERA Methodology
Environmental Risk Assessment includes a Tiered ERA methodology based on a
source-pathway-receptor model. An underlying principle which should be borne in
mind during problem formulation and throughout the risk assessment is the
connection between the source (of the hazard), the pathway, the receptor and the
impact. If any of these components is missing, then there is no need to take the risk
assessment any further.
Refer to Table 1 below for explanation about Tiered Approach
Table 1: Tiered Environmental Risk Assessment
DESCRIPTION
Tier 1 of the ERA is consistent with Tier 1 of the tiered HSE risk assessment
framework as explained above. In environmental assessments it is common to
review accidental releases as well as continuous (routine) emissions; this is contrast
with safety assessments where the focus is on accidental type of incidents.
The ZonesCorp RAM is only suitable for the assessment of non-routine (accidental)
events that have the potential to cause harm to the environment. Use of the RAM for
routine releases will result in low risk determination.
The process of legal screening is therefore particularly important to ensure that
routine environmental events are correctly incorporated at this level and passed to a
Tier 2 assessment. Routine events with the potential to cause harm to the
environment shall be risk assessed using an alternative and complementary
qualitative approach.
If the initial Tier 1 assessment based on a worst case scenario indicates no cause
for concern, more detailed analysis will not be needed. This allows detailed
quantification of risks to be focused on those risks likely to be of most significance.
Tier 2 of the ERA can be semi-quantitative (utilising simple quantitative calculations
and models where appropriate) to further evaluate and assess significant
environmental risks determined from the Tier 1 risk assessment. The hazard scoring
and ranking methodology should be defined.
A Tier 2 ERA can also be more detailed and be consistent with the requirements of
a QRA utilising environmental end points as opposed to the human fatalities end
point often associated with a QRA. There are many quantitative ERA techniques
provided by US EPA and UK Environment Agency that may be used to address
specific issues such as contaminated land ERA, exposure modelling assessments,
etc. Any quantitative assessment process should be scoped and boundary
conditions agreed before commencement.
CODE OF PRACTICE
EHS RISK MANAGEMENT


For the Tier 1 as well as any of the Tier 2 EAR methods a five stage approach is
adopted, Refer to Table 2

Table 2: Five Steps of an ERA
Step Description
1 Hazard Identification
Hazard in the context of ERA is defined as a property or situation that in particular
circumstances could lead to harm. The identification of hazards at each stage of the
risk assessment process is of key importance in establishing the breadth of the
overall assessment. It is also important that both primary and secondary hazards
are identified during the process.
2 Identification of Consequences
The potential consequences that may arise from a particular hazard depend upon
the inherent nature of the hazard. The full range of potential consequences should
be considered at this stage, without taking into account the likelihood (probability) of
these consequences. This allows a broad view of potential environmental impacts to
be examined initially, even though some may eventually be rejected as not
significant due to low probability.
3 Magnitude of Consequences
The consequences of a particular hazard may be actual or potential harm to human
health, property or the natural environment. There are various ways of assessing
the magnitude of consequences, depending on whether they are being considered
as part of a risk screening process or a detailed risk assessment. Whichever stage
in the process, the following issues need to be considered:
Spatial scale of the consequences.
Temporal scale of the consequences.
The time of onset of the consequences.
4 Probability of Consequences
The probability of a particular consequence being realised has three components:
The probability of the hazard occurring.
The probability of sensitive receptors being exposed to the hazard.
The probability of harm resulting from exposure to the hazard.
5 Significance of Risk
Having established the probability and magnitude of the consequences that might
arise as a result of a particular hazard, it is then necessary to put the risk into
context by applying value judgements. This may be, for example, through reference
to environmental quality standards or toxicological thresholds. Significance
assessments become increasingly difficult where there are no quantifiable limits of
acceptability, such as in the case of the intrinsic ecological value of a particular
habitat.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Guidance on Risk Assessment of Environmental Impacts is given in ZonesCorp COP
on EHS Impact Assessment. These criteria shall be used by the Entities.
5. Environmental Risk Management
The appraisal of environmental risk management options shall be integrated and
performed in conjunction with HSE Risk Management. Environmental risk
management options appraisal shall be consistent with ZonesCorp COP on Pollution
Prevention and Control. The options appraisal and risk acceptance processes shall
ensure that environmental risks are managed in accordance with:
a. Legal Requirements. If the ERA demonstrates that a legal environmental
standard may be breached (including environmental standards defined in any
ZonesCorp Codes of Practice(s) then the risk must be considered as
unacceptable. In such cases, risk reduction measures will be needed. Where no
legal standard exists, it will often be helpful to define environmental targets,
ultimately leading to continuous improvements.
b. Best Available Techniques (BAT). The BAT principle requires the selection of
pollution control techniques which achieve an appropriate balance between the
environmental benefits they bring and the costs to implement them. Importantly,
the application of BAT and the estimation of risk associated with a particular
activity can change over time, as new techniques in pollution reduction become
available at reasonable cost. BAT also considers other types of environmental
control, such as the use of environmental management and staff training.
c. Best Practicable Environmental Option (BPEO). Where an industrial activity
releases pollutants to more than one environmental medium i.e. to the air, water
or land, it is important to identify control procedures which minimise the impact
on the environment as a whole. Selection of BPEO addresses this cross media
impact issue by analysing the effects of different control strategies to ensure
that solution of one environmental problem does not lead to problems in another
medium.
BPEO and BAT can be considered to be equivalent to ALARP.
CODE OF PRACTICE
EHS RISK MANAGEMENT


C2. CONTROL OF MAJOR ACCIDENT HAZARDS (COMAH)
A COMAH Report is required for all projects, entities, facilities or operations in which
Major Accident Hazards are deemed to occur. If it concluded that no Major Accident
Hazards occur, then it must be demonstrated that this has been concluded following
thorough screening of the Hazard and Effects Register (see appendix 7).
The COMAH Report must demonstrate for the Major Accident Hazards as identified
in the Hazards and Effects Register (see appendix 7):
a. That these have been analysed in detail, inclusive of accident scenarios
and the quantified risk pertaining to each of these.
b. How the Major Accident Hazards will be controlled, managed and
mitigated to ALARP in accordance with principles of ZonesCorp Risk
Management Standards as defined in this Document & CoP on EHSIA.
c. That the overall risk levels of the project, site or operation are acceptable
or ALARP i.e. within the ZonesCorp criteria for risk tolerability
d. How the Entity plans to respond to emergencies concerning the full range
of possible accidents that involve the Major Accident Hazards (on site and
off-site where necessary).
e. A demonstration of how the Major Accident Hazards will be addressed via
the EHSMS
The COMAH Reports should
a. Identify hazards / hazardous events
b. Define major Accidents Scenarios
c. Assess Risk
d. Demonstrate Tolerable & ALARP Risk
e. Provide Control, Mitigation and Recovery Plans
f. Demonstrate how controls are managed via EHSMS
g. Provide evidence of Independent Verification
Entities need to establish Procedures to prepare a COMAH Report where required.
Each COMAH Report shall be subject to thorough verification of correctness and full
coverage. This verification must be completed prior to submitting the COMAH Report
to ZonesCorp as part of the EHSIA Report (refer to ZonesCorp CoP on EHSIA)).
CODE OF PRACTICE
EHS RISK MANAGEMENT


C3. THE HAZARD BOW-TIE MODEL
The Hazard 'Bow-tie' Model describes the basic Hazard - Top Event - Consequence
sequence and is shown in Figure 1 below. This highlights the point that it is the
hazard that can have undesirable consequences and must be managed. This
involves understanding both causation, ie how the hazard may be released, as well
as consequence, i.e. what could possibly result if the hazard is in fact released.

Figure 1: Hazard Analysis The BOW-TIE
The model states that for a hazard at a location there are a number of causes
(threats) that will release the hazard (top event) and that if a hazard is released that
there are a number of possible outcomes (consequences). To manage the hazard
fully requires that all threats are suitably and sufficiently controlled (barriers) and that
suitable and sufficient measures are in place for all consequences possible and
foreseeable (recovery preparedness measures).
TERMINOLOGY USED IN THE BOW-TIE MODEL
The starting point of the Hazard Bow-Tie Model is the hazard; where the term
hazard is used it also includes environmental effects and agents affecting the health.
This generally involves identifying the potential for harm (some form of energy) to
people, assets, the environment and reputation. Once the hazard has been identified
CODE OF PRACTICE
EHS RISK MANAGEMENT


its significance in terms of risk must be assessed and reviewed. Is the operation
necessary? Can the hazard be eliminated?
Assuming that there is no alternative and that the hazard is an intrinsic part of the
operation, then the hazard must be managed. Firstly, by considering the causation
path to the point where the hazard could first be released, and then by consideration
of the range of possible consequences through to the worst case scenario.
The causation path relates to release mechanisms, or threats, such as erosion,
corrosion, human error (competence), physical causes, etc. The first consequence of
a released hazard is termed the 'top event' from reference to Quantitative Risk
Assessment techniques. For example, for a hydrocarbon hazard the top event is
often loss of containment. To reduce the probability of this top event occurring each
and every 'threat' should be controlled by putting into place effective and appropriate
'threat barriers' or 'controls', as shown in Figure 2.
Figure 2 - Control of a Threat

Many environmental effects and health hazards can be considered in the same way.
In this case, the top event is often a deviation from defined control limits, for
example, exceeding environmental discharge limits, or exceeding occupational
health exposure limits. Environmental effect can be seen as a 'top event', often the
result of an activity whose significance (in terms of potential harm to the
environment) was not properly considered or controlled at the outset. Example -
deforestation leads to erosion, which in turn leads to silting of streams and damage
to aquatic life. What was the root cause of the impact or effect? How can the lessons
from this causation sequence be used to prevent a recurrence? Potential damage to
the company's reputation can be addressed in the same way.
On the consequence side of the 'Bow-tie', i.e. once the hazard has been released,
what are the potential consequences or effects? These can be seen as a series of
possible outcomes or events of increasingly lower probability of occurrence. Such
consequences will include at one end a top event and at the other a disastrous event
CODE OF PRACTICE
EHS RISK MANAGEMENT


in terms of human and/or environmental loss or damage, asset loss, damage to the
corporate reputation or some combination.
In considering this chain of events, measures aimed at reducing the probability and
mitigating each consequence should be considered. These are termed 'recovery
preparedness measures' or more simply 'Recovery Measures', as shown in Figure3.
Figure 3 - Recovery preparedness for a possible consequence

It is then important to consider those conditions that can prevent barriers or recovery
preparedness measures from being effective, escalation factors, e.g. safeguard
systems being out of action. Controls, or escalation factor controls, can be put in
place to ensure that the probability of the escalation factor affecting the barrier or
recovery preparedness measure is minimised,
CODE OF PRACTICE
EHS RISK MANAGEMENT


C4. FIRE RISK ASSESSMENT
1. Purpose
This section describes the general principles of Fire Risk Assessment (FRA) and
how it may be applied in the Construction and Operation & Maintenance phases.
2. Background
Fire Risk Assessment (FRA) is an important qualitative technique for analysing fire
potential in any location and is effective in both identifying ways to enhance fire
prevention and fire control. ZonesCorp CoP on Fire Risk Assessment provides a
common standard for carrying out FRA.
The objective of an FRA is to determine the chance of a fire occurring and the
dangers from fire that the workplace poses to the people who use it. The FRA can
be carried out as part of a more general risk assessment or as a specific exercise.
3. When to Apply Fire Risk Assessment
In general, the requirement for an FRA applies to all places where people work, open
areas, plant and buildings including offices and warehouses. It also covers storage of
flammable liquids and liquefied petroleum gases in fixed systems and containers. It
is not specifically intended to deal with FRA for major hazards, although many of the
principles are common.
An FRA is required on major hazard sites for buildings and other facilities that are
not specifically a major hazard.
4. FRA Methodology
FRA constitutes a qualitative Tier 2 risk assessment in accordance with the tiered
HSE Risk Assessment Framework presented in Section x.
The FRA must be thoroughly planned including:
Who will be involved?
When it will take place?
When the tour of the workplace will take place?
How responsibilities for any changes will be assigned?
How any changes will be communicated to those who need to know?
Table 1 provides a summary of the FRA process.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 1: Five Steps of an FRA

Step Description
1 Identify potential fire hazards in the workplace.
2 Decide who (e.g. employees, contractors, visitors.) might be in danger in
the event of a fire and note their location.
3 Evaluate the risks arising from the hazards and decide whether the
existing fire precautions are adequate, or whether more should be done to
prevent fires (preferable) or to reduce their potential effects.
4 Record the findings of Steps 1-3 and details of any action taken to
prevent fires, or reduce their potential effects. Ensure that employees
and other affected personnel are told about the findings
5 Keep the assessment under review and revise it when necessary.
FRA is essentially a matter of applying informed common sense. The objective is to
identify those things that could be reasonably expected to lead to danger. It is
important to concentrate on significant hazards and ignore the trivial.
The FRA shall be carried out in a practical and systematic way. It shall take the
whole of the workplace into account, including outdoor locations and any rooms or
areas that are rarely used. If the workplace is small, it may be possible to assess it
as a whole. In larger workplaces, the workplace shall be divided into a series of
assessment areas of manageable size. Natural boundaries and clear nomenclature
should be used as appropriate, e.g. Process Areas, Offices, Stores, Workshops, etc.
Further details of the FRA requirements and methodology are provided in
ZonesCorp CoP on Fire Risk Assessment (COP-FE01).
CODE OF PRACTICE
EHS RISK MANAGEMENT


C5. OCCUPATIONAL HEALTH RISK ASSESSMENT
1. Purpose
This section describes the general principles of Occupational Health Risk
Assessment (OHRA) and how it may be applied in Project and Operations &
Maintenance phases.
2. Background
OHRA is the primary method for classification of the level of occupational health risk
and setting of control implementation priorities. OHRA is the systematic identification
of health hazards in the workplace and subsequent evaluation of health risks. This
process takes existing control measures into account and identifies and
recommends further preventive or control actions where appropriate.
When applied systematically within an organisation, OHRA can be used as a
management tool to assist in:
a. Comprehensive identification of work place health hazards for risk
assessments;
b. Prioritising the implementation of OHRAs, focusing first on those activities
involving the greatest potential risk to health;
c. Prioritising the implementation of additional control measures, where
necessary, to minimise the health risk to ALARP;
d. Including OHRA as an integral component of introducing new, or changes to
existing, plants/processes/activities to ensure health hazards are adequately
controlled before the new/revised operation commences;
e. Educating staff on the health hazards, risks and measures of control
appropriate to their tasks;
f. Determining appropriate records on staff exposures to health hazards which,
when combined with health surveillance records, can be used to identify
health trends and problem areas for action, to fulfil legal requirements and to
safeguard the Entity against unforeseen liabilities;
g. Developing the means for promoting continual improvement in occupational
health standards and performance;
h. Promoting the well-being of the workforce.
3. When to Apply Occupational Health Risk Assessment
See Table 1 for details on application of OHRA.
When introducing new tasks or activities that could introduce hazards, Health Risk
Assessment shall be applied to identify, assess and control the hazards. Sometimes
HRA is conducted in combination with a Task Risk Assessment.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Similarly HRA can be applied to manage health hazards the risk associated with any
potentially hazardous existing activities and jobs.
A programme for implementing OHRA as part of the Entity EHS Management
System should be established, in which the roles and responsibilities of line
managers, specialist advisers, supervisors and workforce are defined. Next a
structure for implementation must be established, as indicated in Table 1.
Table 1: Implementation Program for OHRA
Step Description
1 Define Management's Role and Responsibilities and Allocate Appropriate
Resources
2 Define Structure for Implementation
Divide the organisation into manageable assessment units, these being
dependent on the size and nature of the operation.
Select and appoint Assessment Teams and Team Leaders to carry out the
OHRAs, taking into account competencies required.
Identify job types within the Assessment Units which contain staff groups
with similar exposure profiles, e.g. operators, drivers, maintenance
personnel.
Identify tasks carried out by each Job Type and all associated hazardous
agents so that the nature of exposure to those agents can be assessed
during actual operations.
Decide whether a generic approach to OHRA is appropriate, whereby
similar operations within a plant or at different locations can be assessed
collectively.
4. OHRA Methodology
The process of OHRA can be broken down into several steps, see Table 2.
The OHRA methodology described in ZC COP on EHSIA is not presented in the
form of a tiered risk assessment approach. However, a tiered approach is entirely
consistent with the HRA methodology proposed by ZonesCorp, and the Entity shall
ensure that OHRAs are performed in accordance with the tiered HSE risk
assessment framework presented in Table 2.
CODE OF PRACTICE
EHS RISK MANAGEMENT


Table 2: Tiered Health Risk Assessment
TIER DESCRIPTION
1
Tier 1 OHRA shall be through the use of Risk Assessment Matrix (RAM)
provided in Section 7 Fig 7.3.
Jobs / activities with a Medium of High risk shall be subject to a Tier 2 risk
assessment.
2
Initially a Tier 2 OHRA shall utilise the risk assessment method, which
involves a simple quantitative scoring system for health risk ranking.
Remedial controls shall be identified for high and medium risks. The extent of
remedial controls shall be proportional to the level of risk. ALARP principles
shall govern the extent of remedial controls for medium risks.
For all High risk hazards the HRA shall include a more quantitative risk
assessment. A more detailed assessment may also be needed for activities
that are perceived to be high risk by employees. An illustration of this may be
occupational exposures to H
2
S.

Table 3: Five Steps of an HRA
Step Description
1 For each Job Type Gather Information on:
Agents and their harmful effects;
Nature and degree of exposure to the agents; and
Screening and performance criteria against which to evaluate the risk to
health. These include: exposure limits and specifications for engineering,
procedural, personal protective equipment and emergency (recovery)
control measures.
2 Evaluate the Risk to Health based on a Tier 1 or Tier 2 method. The
Assessment Team should make a judgement on:
Severity of the possible ill-health effect from over-exposure to the agent
to give a Hazard Rating. The greater the severity, the more stringent the
measures required for controlling exposure.
Chance of over-exposure to the agent to give an Exposure Rating, taking
into account the effectiveness of existing control measures.
Risk to health by combining the above Ratings in a matrix. Also take into
account the number of people exposed.
The overall conclusion of the OHRA should be recorded indicating whether
or not action is necessary to reduce the risk to health.
3 Decide on the Remedial Action, including priorities, responsible persons
and target dates. Take into account the 'hierarchy of controls' and the
CODE OF PRACTICE
EHS RISK MANAGEMENT


Step Description
concept ALARP.
In addition, determine the need for:
Periodic exposure measurement/routine exposure monitoring.
Health surveillance.
Routine maintenance of controls.
Provision of information, instruction and training to ensure staffs are
familiar with the health hazards, potential risks and measures of control
relevant to their tasks.
4 Record the Occupational Health Risk Assessment. It is important that:
An individual's Medical Record is linked to the OHRA to create a work
history of exposure;
Staffs are informed of the results and record that the information has
been made available.
5 Review the Health Risk Assessment to ensure ongoing control, including:
Follow-up of action items;
Periodic Assessment Review to ensure that the OHRA remains valid;
Audit of all steps in the process.
CODE OF PRACTICE
EHS RISK MANAGEMENT


C6. SAFETY INTEGRITY LEVEL ASSESSMENT
1. Purpose
This section provides guidance on the general principles of Safety Integrity Level
(SIL) assessment and how it may be used by the Entity and Contractor (s).
2. Background
Safety Integrity Level (SIL) is a measurement of the availability/reliability of
instrument-based safety devices. Examples of instrument based safety systems
include process shutdowns (High Level etc.) and gas and fire detectors.
Systems which generate alarms only are not suitable for SIL assessment as they
rely on operator intervention in order to achieve any protective function.
SIL is defined and discussed in IEC standards 61508 and 61511.
SIL assessment comprises two distinct stages.
a. A risk based review of the protection system and is used to define the
required SIL.
b. A failure mode and reliability type review of the instrument based safety
system, this is used to demonstrate the SIL that the system can achieve.
Maintenance, inspection, test and calibration schedules can have a direct
effect on the SIL that a system can be credited with.
SIL is expressed as a number between 1 and 4 which corresponds with a target
probability of failure on demand. For systems which are activated infrequently, the
SIL categories are as follows:
Table 1: Safety Integrity Levels
SIL
Probability of Failure on
Demand
4 10
-5
to < 10
-4

3 10
-4
to < 10
-3

2 10
-3
to < 10
-2

1 10
-2
to < 10
-1

The purpose of the exercise is to ensure that the system design and maintenance is
sufficient for it to meet the target SIL and therefore to provide the required level of
protection.
There are many methods which can be used in the first stage of a SIL assessment
such as risk matrices, calibrated risk graph and layer of protection analysis (LOPA).
Recommended techniques for the process industries are described in IEC 61511..

CODE OF PRACTICE
EHS RISK MANAGEMENT


An example of a calibrated risk graph is shown in Figure 1.

Figure 1: Example Calibrated Risk Graph

SIL assessment is often carried out in a team based workshop format but may also
be carried out by individuals working alone.
It is essential that full understanding of the function of the instrument based safety
system is achieved before conducting part i of the SIL study.
Completing part ii of the SIL study requires data relating to the failure rates of the
system components usually consisting of at least a detector, a logic system and an
end device. For example a high level trip would typically consist of a level switch, a
PLC and an ESD valve.
3. When to Apply SIL Assessment
SIL assessment is normally applied during design of new facilities, modification of
existing facilities or the preparation of maintenance, inspection, test and calibration
schedules.
Within the Entity, SIL assessment may usually be carried out by external specialists
but the Entity concerned staff may be involved in the assessment after appropriate
training. The team leader should ensure that the implications of system failure are
fully explored.
CODE OF PRACTICE
EHS RISK MANAGEMENT


C7. SIMOPS SIMULTANEOUS OPERATIONS
Simultaneous operations (SIMOPS) studies will be carried out where there is scope for
interaction to occur between hazardous activities, and the intent is to carry out these
activities concurrently. An example of SIMOPS is simultaneous construction and
commissioning. The purpose of these studies will be:
a. To identify the SIMOPS areas & the additional levels of risk being introduced
b. To assess the acceptability of additional risks and to identify risk reduction
methods, which shall be built into the design and operational controls.
c. To agree the division of roles and responsibilities
d. To define lines of communication.
e. To agree Permit to Work (PTW) requirements
f. To agree emergency response requirements
g. To define and plan training requirements
h. To determine a SIMOPS matrix of permitted, prohibited and restricted
simultaneous activities
Findings and recommendations from the SIMOPS studies should be used to develop the
Simultaneous Operations Procedures.
C8. EHS IMPACT ASSESSMENT (EHSIA)
a. An EHS Impact Assessment (EHSIA) Report is a living document that
considers the full lifecycle of project, facilities and operations. It must
address the HSE impacts in each of the life cycle phases i.e. project
ZonesCorp Code of Practice on EHSIA (ZC-COP-EHS04) provide
guidance about the requirements for conducting EHS Impact Assessment
b. ZonesCorp requires the preparation of EHSIA Reports during the
Conceptual design and FEED (Front End Engineering & Design).stage.
The report should address the potential impacts associated with the facility
throughout the life cycle (design, construction, commissioning, operation,
maintenance and de-commissioning) of the project.
c. The EHSIA Report must present an overview of anticipated HSE Hazards,
impacts and associated levels which are based on analysis of relatively
broad HSE information of conceptual technical design and the
environment in which the project will be located.
d. The report must make recommendations regarding HSE issues that must
be addressed throughout the life cycle of the project i.e. issues to be
included in the detailed design and studies/analysis that can only be
conducted meaningful during or after detailed design.
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 5
GUIDANCE FOR SELECTION OF
RISK ASSESSMENT METHODOLOGY
CODE OF PRACTICE
EHS RISK MANAGEMENT


SELECTION OF THE PROPER RISK ASSESSMENT METHODOLOGY
This appendix recommends criteria for selection of suitable Risk Assessment
Techniques. Details about specific methodology as adopted for the Risk Assessment
should be finalized by Risk Assessment Team.
The selection of methodology shall consider the complexity of the process, known
hazards, stage of the project, etc. The Risk Assessment team leader in consultation
with the team members will decide on the type of analysis to be carried out in a
particular system or modification.
Selection Criteria: When a hazard evaluation is proposed for a particular system,
the methodology selected to conduct the said evaluation depends on the stage or
phase of the project and the type of evaluation that needs to be carried out.
Generally recommended, when a project is still in its conceptual phase, the
Preliminary Hazard Analysis Technique will be utilized. As the project proceeds, and
before the final P&IDs are developed, the designers could keep on applying a
continuous What if type of methodology, in the same way that a programmer
debugs a computer program. Once the final P&IDs are elaborated and are available,
a formal HAZOP should be conducted. This sequence of methodologies will provide
a high degree of reliability regarding Hazard Identification. HAZOP study is required
for high hazard and complete processes.
If Quantification of Risk is required, then a formal QRA (Quantitative Risk Analysis)
using the FTA (Fault Tree Analysis Technique could be the best choice to proceed
with the complete evaluation of a specific system.
Depending on the above criteria, other methodologies (such as the ones outlined
below) shall be used for conducting the Risk Assessment:
a. What if?
b. Checklist
c. What if / Checklist
d. Failure Mode and Effects Analysis (FMEA)
e. Fault Tree Analysis (FTA)
f. Process Hazard Review (PHR)
g. Hazard Identification study (HAZID)
h. Hazard and Operability Study (HAZOP)
i. Quantitative Risk Assessment
j. Qualitative Risk Assessment
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPLICATION OF RISK ASSESSMENT TECHNIQUES
A Roadmap for Initiating HSE Risk Assessment towards applying recommended
hazard identification and risk assessment methods and techniques is given in Table
below:
LIFECYCLE
PHASE
HAZARD IDENTIFICATION OR RISK
MANAGEMENT PROCESS
RECOMMENDED
TECHNIQUE / TOOL
For New Facilities, Activities, Products and Services
Conceptual
Design
Preliminary and coarse HSE risk evaluation
and management exercise as part of New
Project feasibility process.
HAZID
Tier 1 Risk Assessment
(Risk Assessment
Matrix)
Engineering
Design
(Front End &
Detailed)
Increasingly detailed HSE risk evaluation
and management process in accordance
with EHSIA Reporting requirements.
HAZID (update)
HAZOP
SIL Assessment
(EHSIA QRA, ERA,
HRA, FRA)
For Existing Facilities, Activities, Products and Services
Operational Conduct comprehensive HSE risk
evaluation and management on all existing
facilities, activities, products and services.
This shall be performed in accordance with
EHSIA Reporting requirements.
HAZID
(Risk Assessment
Matrix), e.g. Qualitative
RA
(EHSIA QRA, FRA,
ERA, HRA)
Operational Periodic review and update of hazard
assessments and risk assessments in
accordance with periods defined.
HAZID (update)
(Risk Assessment
Matrix) e.g. Qualitative
RA
(QRA, FRA, ERA, HRA)
(update)

CODE OF PRACTICE
EHS RISK MANAGEMENT


LIFECYCLE
PHASE
MANAGEMENT PROCESS
TECHNIQUE / TOOL
Operational Identifying additional activities which
should be subject to a Permit-to-Work
system.
Hazard assessment,
possibly including a
Qualitative RA/TRA
Operational Application of Permit-to-Work system
in natural gas distribution network, in
order to control the risk associated with
planned activities being routine or
non-routine.
TRA should be
available for all tasks
covered by a work
permit.
Operational Work tasks carried out outside the
permit system but which are HSE
critical e.g. in the office or workshops
TRA
Operational Application of hazard identification and
risk management in order to manage
new hazards introduced by plant
modifications, organizational changes,
and changes to systems and
procedures.
A EHSIA Report shall be submitted by
Entity when major plant modifications,
significantly alter or add new HSE
hazards and risks.
HAZID
HAZOP
SIL Assessment
Tier 1 Risk
Assessment (RA) e.g.
Qualitative RA
Tier 2 Risk
Assessment (EHSIA,
QRA, FRA, HRA,
ERA, TRA)
Operational Introducing new tasks or activities that
could introduce hazards.
TRA
OHRA
Qualitative RA or
other approved
technique
De-Commissioning
De-
Commissioning
Conduct comprehensive HSE risk
evaluation and management for
facilities, activities, products and
services that will be decommissioned.

HAZID
Tier 1 Risk
Assessment (Risk
Assessment Matrix)
Tier 2 Risk
Assessment (QRA,
FRA, ERA, TRA,
OHRA)
CODE OF PRACTICE
EHS RISK MANAGEMENT


LIFECYCLE
PHASE
MANAGEMENT PROCESS
TECHNIQUE / TOOL
General
Tendering /
Procurement
Initiate HSE Risk Evaluation and
management as part of the Contract
phase involving planning and invitation
to tender.
Tier 1 Risk
Assessment (Risk
Assessment Matrix)
e.g. Qualitative RA
Construction Apply hazard and risk assessment in
order to manage the risk associated
with any potentially hazardous activities
and jobs.
TRA
OHRA
Qualitative RA or
other approved
technique

LEGEND:
QRA Quantitative Risk Assessment / FRA Fire Risk Assessment / TRA Task
Risk Assessment / RA Risk Assessment / OHRA Occupational Health Risk
Assessment / EHSIA Environment Health & safety Impact Assessment / HAZID
Hazard Identification / HAZOP hazard & operability Study / SIL Safety Integrity
Level Assessment
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 6
RISK ASSESSMENT GUIDELINES
CODE OF PRACTICE
EHS RISK MANAGEMENT



The guidelines/formats presented in this Appendix are for recommended use and
explanation purpose only. Entities may use techniques, formats, methodologies,
formats etc. suitable to their business/activities and satisfying the requirements of
this Code of Practice
This Appendix presents the basic guidelines about
a. How to conduct the Qualitative Risk Assessment through the use of Risk
Assessment Matrix (RAM)
b. A format recommended for conducting and recording the risk assessment for
various activities, This also includes the potential hazards, possible controls,
estimation of risk (through RAM) and any required action or follow-up
c. Recommended format for Hazards Recording including the explanation of various
terms and requirements.

CODE OF PRACTICE
EHS RISK MANAGEMENT


Step 1- Consider the Consequences Step 2 Consider the Likelihood Step 3 Calculate the Risk
What are the consequences of this incident
occurring? Consider what could reasonably
have happened as well as what actually
happened. Look at the descriptions and choose
the most suitable Consequences.
What is the likelihood of the consequence identified
in step 1 happening? Consider this without new or
interim controls in place. Look at the descriptions
and choose the most suitable Likelihood
1. Take Step 1 rating and select the correct column
2. Take Step 2 rating and select the correct line
3. Circle the risk score where the two ratings cross on
the matrix below.
E=Extreme, H=High, M=Medium, L=Low, N=Negligible
4. Risk Score = ..

CONSEQUENCES LIKELIHOOD

Consequences Description Likelihood Description CONSEQUENCES
Ins Min Mod Maj Cats
Catastrophic Multiple Fatalities 1
Less than once every five years.
Never encountered in industry
1 N N N L L
Major Single Fatality 2
Once every 5 years. Has occurred in
industry (Worldwide).
2 N L L M M
Moderate Lost Time Injury 3
1 5 times per year. Has occurred
at least once in UAE.
3 N L M M E
Minor Medical Treatment 4
5 12 times per year Occurs
several times a year in similar
industries in UAE
4 L M M E E
Insignificant First Aid case 5
Continuous or will happen
frequently. Occurs several times a
year at location
L
I
K
E
L
I
H
O
O
D

5 L M E E E
CODE OF PRACTICE
EHS RISK MANAGEMENT


EHS RISK ASSESSMENT RECOMMENDED FORMAT
To be completed for work activities in high-risk facilities (e.g. flammable storage or workshop)
Facility Supervisor: Date of assessment:
Facility location: Faculty/Unit/Area:
Others involved in assessment:

Note to supervisor on consultation: Occupational health and safety legislation requires that
staff involved in the work activity must be consulted during risk assessments when decisions
are made about the measures to be taken to eliminate or control OHS risks and when risk
assessments are reviewed.

STEP 1: DESCRIBE THE HAZARDOUS ACTIVITY/TASK
Activity/Task Name.

Describe the task - You may find it useful to observe/consider the task and list the steps involved.

STEP 2: IDENTIFY THE HAZARDS

a) Are you using (Tick boxes [] where applicable)
[ ] plant/equipment
[ ] ionising radiation sources or equipment
2,3

[ ] plug-in electrical appliances
2
[ ] lifts/hoists/cranes
3

[ ] pressure vessels/boilers
3

[ ] imported biological material, cytotoxins, genetic
manipulation
2

[ ] chemicals (hazardous substances/dangerous goods)
1

[ ] sharps/needles
[ ] pathogens/infectious materials
2

[ ] compressed gas

CODE OF PRACTICE
EHS RISK MANAGEMENT


b) Does the task involve (Tick boxes [ ] where applicable)
[ ] using tools/equipment with moving part(s)
[ ] using tools/equipment that vibrate
[ ] electrical wiring
3

[ ] hazardous waste (biological or chemical)
[ ] working with animals/insects
[ ] working with fungi/bacteria/viruses
[ ] exposure to bodily fluids
[ ] fieldwork
2

[ ] clinical/industrial placement
[ ] working at a height
[ ] working with lasers, microwaves or ultraviolet light
[ ] working in isolation for extended periods
[ ] working in a confined space
[ ] manual handling: repetitive or awkward movements
[ ] manual handling: lifting or moving awkward or heavy objects
[ ] violent or volatile clients/interviewees

c) Is there (Tick boxes [ ] where applicable)
[ ] noise
2

[ ] dust/fumes/vapours/gases
[ ] extreme temperatures
[ ] a risk of fire/explosion
[ ] slippery surfaces/trip hazards
[ ] poor ventilation/air quality
[ ] a work area that is not suited for the task

[ ] other

1
Specific risk assessment must be completed for hazardous substances and dangerous goods see Step 3
2
Specific control measures must be put in place for these hazards see Step 3
3
Specific licences may be required for these hazards see Step 3
STEP 3: EXISTING CONTROL MEASURES

a) Note strategies already in place to minimize the likelihood and/or severity of harm or loss.
[ ] guarding/barriers
[ ] biosafety cabinet
[ ] fume cupboard/local exhaust ventilation
[ ] lifting equipment/trolleys
[ ] regular maintenance of equipment
[ ] supervision
[ ] training/information/instruction
[ ] Safe Work Method Statement (SWMS)
[ ] Personal Protective Equipment - gloves, boots, eye
protection, hardhat, facemask, hearing protection,
protective clothing
b) Note any specific risk assessments or licenses.
[ ] chemical risk assessment (hazardous
substances and dangerous goods)
[ ] certification/licenses for operators of
equipment
[ ] test and tag plug-in electrical equipment

[ ] monitor exposure levels (sound /substance/radiation)
[ ] UTS Fieldwork Guidelines for overnight excursions in
the field
[ ] Biosafety Committee assessment for genetic
manipulation, cytotoxins, pathogens, imported
biological material, ionising radiation sources
[ ] equipment licenses (pressure vessels, radiation
equipment)
c) Note any emergency response systems.
[ ] first aid kit
[ ] chemical spill kit
[ ] extended first aid kit
[ ] evacuation/fire control
[ ] safety shower
[ ] eye wash station
[ ] emergency stop button
[ ] remote communication mechanism

[ ] other risk control measures

CODE OF PRACTICE
EHS RISK MANAGEMENT


STEP 4: ESTIMATED RISK LEVEL
Rate the level of risk, based on the LIKELIHOOD of harm or loss occurring and the CONSEQUENCE of that
harm or loss, by marking the risk matrix below. When doing this, consider:
The harm or loss (to people, physical environment, or the University) that might be caused by the
hazards listed, &
The existing controls measures listed above

Is a Safe Work Method Statement required? [ ] Yes [ ] No
Safe Work Method Statements must be completed for all high risk tasks. Extreme Risk tasks must not be
carried out.

STEP 5: ACTION REQUIRED TO FURTHER CONTROL THE RISK
Are there any further actions required to reduce risk?
[ ] YES [ ] NO (Go to Step 6)
If risk can be further reduced to a practicable level, then note further actions required. Base these on the
priorities listed to the right. Also list any
specific assessments required.

Refer to the example controls listed earlier.
Also consider:
Redesigning the workplace or activity
Replacing the hazard with something less
hazardous

Once the actions are complete, sign and date the form.

Further Actions Required Date Completed Signed

STEP 6: ARE THE RISKS CONTROLLED?
To be signed when actions are completed as noted in Step 5.
Name Supervisors signature Date

File the completed assessment form in the EHS Risk Management Manual of each facility.
1. Eliminate the hazard

2. Keep the hazard and people apart
3. Change work method
4. Use personal protective equipment
CONSEQUENCE
Insignificant Minor Moderate Major Catastrophic
Almost certain High High Extreme Extreme Extreme
Likely Medium High High Extreme Extreme
Possible Low Medium High Extreme Extreme
Unlikely Low Low Medium High Extreme
L
I
K
E
L
I
H
O
O
D

Rare Low Low Medium High High

CODE OF PRACTICE
EHS RISK MANAGEMENT


HAZARD REGISTER RECOMMENDED FORMAT
Facility: System:
Plant/Process Unit: Equipment: Tag No.
OPERATIONAL PHASE
FEED EPC Construction Commissioning Operation SIMOPS Normal Other
HAZARDS EVENTS AND OUTCOME
HAZARD (1) INITIATING EVENT (2) ESCALATING EVENT (3) INCIENT OUTCOME (4)

Ignition Prevention System Relief Systems (PSV, Overpressure etc.) Storage Tanks Roatating Machnery
Ezport Pipeline Integrity/Protection Riser and Pipelines Integrity/Protection Corrossion Monitoring Structural Integrity
Hydrocarbon Containing Equipment Ventilation and Pressurisation (HVAC etc) Process Shutdown Helideck
High Speed Machnery Trips Other (Please State)
CONTROL
Emergency Shutddown System Welhead Control System Hazardous Drainage Fire and Gas System
Flammable gas Detection Manual Alarm Call Point Fire Detection Toxic Gas Detection
EDP (Flare) ESDVs Other (Please State)
MITIGATION
Passive Fire Protection Blast Protection and Fire Partions impact Protection Active Fire Protection
Emergency Power Systems Other (please State)
ESCAPE EVACUATION AND RESCUE
Escape, Evacuation and Rescue Emergency Comms and Telecoms PA/GA System Emergency Lighting
Escape and Evacuation Routes Personal Protective Equipment (PPE) Other (Please State)
CONSEQUENCE RATING LIKELIHOOD RATING CONSEQUENCE X LIKELIHOOD=RISK RANKING
Personnel: Personnel: Personnel:
Plant/Process Unit Operations: Plant/Process Unit Operations: Plant/Process Unit Operations:
Environment: Environment: Environment:
Public: Public: Public:
Note: From the Consequence Table 7.3 (Section 7) select a consequence
ranking value for each of the parameters and record these values in their
respective box.
Note: From the Likelihood Table 7.2 (Section 7) select a consequence
ranking value for each of the parameters and record these values in their
respective box.
Note: Based on the Consequence & Likelihood values, proceed & record the
product of both in their respective boxes. The largest value is used to detrmine
the Risk ranking for this hazard. Figure 7.1 Risk Assessment matrix
CODE OF PRACTICE
EHS RISK MANAGEMENT


HAZARD REGISTER EXPLANATORY INFORMATION
Hazardous Groups Initiating Events Escalating Events Incident Outcomes
General hazards Equipment Failure Human Errors Propagating Factors Phenomena
Containment (loss of) Failure Control/Safety Systems Failure Design Equipment failure Fires
Control/Safety System Failure Construction, fabrication Pool fires
on Demand Process Upsets: Operations
- Safety critical system failure
Jet fires
Process deviations Testing and inspection Ignition Sources Flash fires
Structural Integrity Temperature Furnaces, incinerators Explosions
Equipment Failure Pressure External Events Vehicles, internal combustion BLEVEs
Dropped Objects Flow rate Extreme weather conditions engines drivers Fireballs
Environmental (Impact from Concentration Earthquakes Electrical switches and contacts Vapour cloud explosions
Natural Hazards) Phase/state change Exposure to third-parties events Static electricity Physical explosions
Environmental (Impact to/on) Impurities Vandalism/sabotage Hot surfaces Dust explosions
Occupational Incidents Reaction rate/heat of reaction Impact Matches, cigarettes, lighters, Condensed phase detonations
Smoke/Heat (Flux) open flames Missiles
Non-process Fire/Explosion Spontaneous Reaction Extreme Physical Conditions
Ionising Radiation Polymerisation High temperature Management System failures Consequences
Heat Radiation Runaway reaction Low temperature, freezing, (Construction/Operations Effect analysis
Internal explosion cryogenic Phase Only) - Toxic effects
Offshore Decomposition Temperature cycling - Thermal effects
Helicopter Crash High pressures Human Errors - Overpressure effects
Ship Collision Containment Failures Low pressures, vacuum Omission, commission Missile effects
Pipes, tanks, vessels, Pressure cycling Fault diagnosis, decision-making Building damage assessments
Specific Hazards gasket/seals Vibration/liquid hammering - Building occupants/personnel
As identified Equipment malfunction Corrosion Domino Effects - Building structure
Pumps, valves, instruments, Erosion Other containment failures, - Building contents
sensors, interlocks Cracking releases Controls, communications,
Creep rupture life support systems,
Loss of utilities Fatigue failure External Conditions records/data
Electricity, water, refrigeration, Fracture Degree of confinement/

inert gas, air, heat transfer openness Environmental Contamination
fluids, ventilation Weather Marine
Visibility Atmosphere
Land
Structural failure
Fatalities and/ or Serious Injuries
Offsite Damage or Impact
CODE OF PRACTICE
EHS RISK MANAGEMENT


APPENDIX 7

GUIDANCE FOR PREPARING A
HAZARDS AND EFFECTS REGISTER
CODE OF PRACTICE
EHS RISK MANAGEMENT


1. INTRODUCTION

This appendix provides guidance on recording the results of the analysis made of
each hazard or effect present in a facility or operation in a Hazards and Effects
Register.
2. WHAT IS A HAZARDS AND EFFECTS REGISTER?
A Hazards and Effects Register is a quality record which demonstrates that all
the hazards and effects (in terms of the objectives established for COMAH
Report) have been identified, are understood, and are being properly controlled.
It demonstrates that the facility, 'as built' and 'as will be operated', or the
operation 'as planned', is adequately controlled and that preparations are in place
to handle any consequence that could result, if control is ever lost. It is kept
current throughout the life-cycle of a project, eg from design, through operations
to decommissioning. The purpose of the Hazards and Effects Register is to
present in a clear and concise form, the results of the analysis made of each
hazard or effect present in, or resulting from, the facility or operation.
3. WHO SHOULD PREPARE THE HAZARDS AND EFFECTS REGISTER?
Hazards and Effects can be identified and assessed by multi-disciplinary Working
Groups with numbers drawn from relevant disciplines. Each group should meet
as needed to assess one or more hazards or effects. Facilitation during the
process of building the Hazards and Effects record is usually needed. The
meetings should therefore be facilitated by a member of an HSE Management
System team, or line person familiar with the Hazards and Effects Management
Process (HEMP), and should be attended by personnel who are knowledgeable
of the location, area or operation in which the hazards and effects are to be
addressed (e.g. gas plant operations, maintenance, seismic survey, etc).
The identification and analysis of some hazards and effects may require
specialist input. Ideally Major Accident Hazards and effects for which control is
largely provided by location, layout, design and provision of hardware should be
identified and analyzed and properly recorded during the design and construction
stages of a project. For existing facilities, the current situation and condition may
need to be re-assessed and recorded. Some hazards and effects, or event
scenarios, may be such that risks can only be reliably evaluated by specialist
structured analysis techniques. Appropriate specialists, in-house or contracted,
may be needed to apply these techniques properly and cost effectively. A
summary of the results of these analyses should be recorded in the Hazards and
Effects Register in the same way as for other analysis results.
No hazard analysis process can guarantee the identification and control of all
hazards and effects, but a multi-discipline team has the potential to provide the
best possible results. Additionally, when teams are actively involved in analyzing
CODE OF PRACTICE
EHS RISK MANAGEMENT


their activities and tasks the improvement initiatives that result are much more
likely to be owned by them.
The quality of the output from a team exercise comes not only from the
experience and expertise of the team members but also from the association of
ideas triggered by personal interactions. The role of the team leader is critical in
facilitating this process.
4. WHAT NEEDS TO BE RECORDED FOR EACH HAZARD OR EFFECT?
Each hazard or effect identified as being encountered or involved with a facility or
operation (subject to the scope and objectives established for the COMAH
Report) should be recorded together with the associated assessments, control
and recovery measures in place or required to be in place and an evaluation of
risks.
The form of recording is not as important as the need for completeness of the
information recorded. Entities may choose to use a format that is compatible with
their management systems and satisfy or exceed the requirements of these
guidelines.
4.1 Hazard description
Describe the hazard (agent or effect) identified for which information is to be
recorded by broad groupings (e.g. hydrocarbons, elevated objects, high pressure
fluids, extreme temperatures, biological hazards, toxic substances, land take) and
sub-groups, (e.g. high pressure gas, oil, hot surfaces, specific bacteria or
parasites). Assessment of hazard
This describes where and when the hazard is most likely to be encountered and
the possible hazardous events that could result from loss of control (in terms of
the specific hazard's potential to cause harm, including ill health and injury,
damage to property, plant or the environment, production losses, increased
liabilities, or damage to reputation).
4.2 Top event
Describe here the event or situation that represents the release of the hazard or
deviation from defined control limits (continuous exposures or continuous
discharges). If this event or situation can be prevented by active controls (see 4.5
- threat controls) no scenario can develop which could lead to a consequence or
effect as defined by COMAH Report objectives.
4.3 Locations associated with hazard and acceptance criteria
List the locations where the hazard (or effect) is present.
CODE OF PRACTICE
EHS RISK MANAGEMENT


For each location, define the acceptance criteria. Criteria may include a range of
considerations or values that may be defined in both qualitative and quantitative
terms. Acceptance Criteria also define what is deemed suitable and sufficient
control of threats and suitable and sufficient recovery preparedness. For example
in drilling operations a stipulated number of barriers or controls (usually 2 or 3)
are required to be in place before an operation may proceed. This specified
number of controls is the acceptance criterion for the particular hazard and
location under review.
To illustrate this point, an example set of acceptance criteria is provided in Table
1 below.

TABLE 1 - AN EXAMPLE SET OF ACCEPTANCE CRITERIA
Controls Intolerable Risk Hazards
Incorporate Risk
Reduction Measures
Zone Hazards
Low Risk Hazards
Threat
Barriers
Minimum of 3 independent
effective barriers to be in
place for each identified
threat
Minimum of 2
independent effective
barriers to be in place
for each identified threat
Minimum of 1
independent
effective barrier to
be in place for
each identified
threat
Recovery
Preparedness
Measures
effective recovery
preparedness measures
required for each identified
consequence (including
one to detect
automatically occurrence
of top event, and one
other to prevent
automatically further
escalation)
Minimum of 2
recovery preparedness
measures required for
each identified
consequence (one to
detect occurrence of top
event and other to
prevent further
escalation)
Minimum of 1
independent
effective recovery
preparedness
measure required
for each identified
consequence
Escalation
Factor
Controls
effective control for each
identified escalation factor
Minimum of 1
control for each
identified escalation
factor
Minimum of 1
procedure for each
identified
escalation factor

4.4 Threats and Controls
Identify and describe the possible causes of release of the hazard or deviation
from control limits, resulting in the top event defined in 4.3. These are threats.
Hazards, threats and top events are logically related. For example:
CODE OF PRACTICE
EHS RISK MANAGEMENT


HAZARD THREAT TOP EVENT
'oil under pressure' (in piping) 'corrosion' 'loss of containment'
elevated load inadequate sling
strength
fall to lower level
oil in effluent water instrument failure exceeded control
limits

Describe the likelihood or frequency that the threats release the hazard. This may
be done either quantitatively if sufficient data is available, by reference to
incidents in similar facilities or operations or based on the judgment of
experienced personnel. These likelihood(s) or frequencies should be expressed
in terms which can be related to the acceptance criteria described in 4.4.
For each threat describe the threat controls, commonly referred to as barriers.
These are pro-active and prevent threats from releasing the hazard or causing
deviation from control limits. Barriers include, guards or shields, separation,
energy reduction or administrative controls, and specific controls, procedures,
work instructions, design, competence, standards, control systems, etc. Any
shortfalls in meeting acceptance criteria should be highlighted and recorded, see
4.10. A cross reference should be provided to the HSE-critical activities or tasks
providing or maintaining these threat controls.
4.5 Consequences and Risk Assessment
Describe the possible consequences or potential effects that could result if the
hazard is released or control limits are exceeded. Consequences or effects are
logical and credible outcomes of scenarios starting with the top event which
follow different escalation sequences according to the availability and
(in)effectiveness of recovery measures. Loss of containment (Top Event) of
hydrocarbon gas could result in, for example, rapid detection, shutdown,
limitation of volume, no ignition and consequently a minor release to the
atmosphere. Alternatively it could result in, for example, failure or delay in
detection, continued release, ignition, explosion and consequently major damage,
injuries or fatalities, etc..
Assess the risks associated with each of the possible consequences. As a
minimum the worst case, most severe consequences should be determined both
with all available recovery measures in place and working, and with all possible
recovery measures not available or not working. The likelihood (probability or
frequency) element of risk should also be assessed.
Some risks or complex scenarios may require the application of structured review
techniques by specialists, for example, health risk assessments, quantitative
CODE OF PRACTICE
EHS RISK MANAGEMENT


(safety) risk assessments or environmental assessments. However, many
hazards can be adequately assessed by appropriately experienced staff by
comparisons, reference to statistics or judgment.
Risks may be expressed quantitatively, if the assessment method is quantitative,
but for most hazards a qualitative risk assessment may be adequate. The risk
matrix is considered a useful way of presenting the risks for most hazards.
Risks to people, assets, the environment and company reputation should be
assessed separately. A leak or spill may be of little direct consequence for
people, but may be of greater consequence for the environment.
4.6 Recovery Preparedness Measures
Describe the recovery preparedness measures that are required to meet the
acceptance criteria. These are the technical, operational and organizational
measures which are needed to prevent a top event from developing further,
hence mitigating the consequences or effects and recovering a degree of control.
These recovery preparedness measures are essentially reactive as they respond
to a situation which has occurred and are intended to block further development
of the accident scenario and to provide for emergency management.
Recovery preparedness measures include active systems which detect and
abate incidents (for example, gas and fire detection, shutdowns, sprinkler
systems, etc); passive systems which contain (or restrict) an incident and provide
protection for people and essential equipment (for example, fire and blast walls,
protective coatings, drain systems, tank bunds, catchment basins, etc); and
operational and organizational systems for emergency management (for
example, contingency planning, training, drills, Medevac, firefighting, oil spill
response, etc).
Any shortfalls in meeting acceptance criteria should be highlighted and recorded,
see 4.10. A cross reference should be provided to the HSE-critical activities or
tasks providing or maintaining these recovery measures.
4.7 Escalation factors and controls
Describe the factors or conditions which could lead to loss of barriers or loss of
recovery preparedness measures. These factors escalate the probability of a top
event and/or escalate the likelihood or severity of consequences or effects if the
top event occurs. Escalation factors include:
Abnormal operating conditions, for example, concurrent construction or
maintenance, operating outside the design envelope, etc;
Environmental variations, for example, high winds, waves, tides or rainfall;
CODE OF PRACTICE
EHS RISK MANAGEMENT


Failure of controls, for example, improper maintenance, damage as a result of
another event (fire, explosion, etc) introduction of an ignition source, etc;
Human error, for example, lapses, rule violations, etc; or
Absence of controls (threat controls and recovery measures) due to technical
feasibility, policy (burn-down philosophy) or excessive cost.
Health and human factor aspects e.g. alcohol, drugs and inappropriate
working schedules.

Describe for each escalation factor the controls that should be in place to 'stand-
in' for the defeated barrier or recovery preparedness measure. Many escalation
factor controls will be similar to threat controls, see 4.5. Other significant controls
on escalation factors such as concurrent activities (production/drilling
operations/construction/ maintenance), operations outside the design envelope,
severe weather, etc are limitation of activities in accordance with the Manual of
Permitted Operations (MOPO) and issue of permits to work (PTW), which are a
means of implementing the MOPO. Escalation controls which are dependent on
the MOPO should be highlighted for later verification of MOPO coverage.
Any shortfalls in escalation controls should be highlighted and recorded, see
4.10. A cross reference should be provided to the HSE-critical activities or tasks
providing or maintaining the escalation controls.
4.8 Reference documents
List and number all the documents, procedures, standards, specifications,
studies, assessments, etc used or referred to in developing the information
entered for the hazard or effect being recorded. Barriers, recovery preparedness
measures and escalation controls should be cross-referenced to these
references.
4.9 Deficiencies
Record all the shortfalls or deficiencies identified with respect to management of
the hazard or effect being recorded as noted in 4.5, 4.7 and 4.8. These shortfalls
should later be collated in the COMAH Report summary of shortfalls and
remedial actions and an action plan, priority rating, action party and timing
assigned and agreed. Typical types of shortfalls are summarized in Table 2.
4.10 Manual of Permitted Operations (MOPO)
Having identified and evaluated hazards, and put in place controls and recovery
measures to maintain risk levels to acceptable or ALARP, it is vital to understand
the limits of safe operation, i.e. where the operating envelope is. When should
the decision be made to stop? It is crucial that an operation be stopped in time to
avoid all types of losses whether human, environmental or asset related.
CODE OF PRACTICE
EHS RISK MANAGEMENT


This understanding of where the operating envelope is can be greatly assisted if
we consider the effect that threats and escalation factors have upon the risk of
the operation. Threats and escalation factors include:
Multiple activities such as any combination of maintenance, production,
construction, production, drilling, well work-over or other operations taking
place concurrently
External influences such as inclement weather
Inactive safeguards such as the testing of an emergency system or the
bypassing of a control system
In all such cases we wish to understand how the risk of the operation is increased
and what additional measures are needed to manage the increased risk such that
it still remains acceptable or ALARP.
The MOPO is aimed at doing just this; at showing where the boundary of the
operating envelope is. It is imperative that the MOPO be a permitted operations
manual and not a prohibited operations manual since the latter leads to the
possible interpretation that anything not specifically prohibited is allowed. This is
certainly not the intention
TABLE 2 - TYPICAL SHORTFALL TYPES
Shortfall Type Recommendations
Shortfall in meeting external standards Includes codes, legislation, industry standards
Shortfall in meeting current company
standards

Includes procedures, guidelines, entity
standards, specifications, procedures, work
instructions
Area for improvement in the medium to long
term
Often related to controls assessed as
ineffective
Implementation shortfall
Often related to controls assessed as
ineffective
Consider for lateral application in the Entity
An area for improvement that the review team
thinks would benefit other activities
Also applies to the corporate HSE MS
A hazard shortfall that may have resulted due
to a shortfall in the corporate management
system
Failure to meet threat control or
consequence recovery acceptance criteria
Any time there is a failure to meet acceptance
criteria
Failure to meet risk tolerability criteria
Any consequence that plots in the intolerable
area on the risk matrix
Area requiring further and / or more rigorous
analysis
The review team cannot properly assess the
hazard; for example, effect of H2S release on
nearby community.

ZC COP EHS03 Risk Management

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ZC COP EHS03 Risk Management

Uploaded by

Copyright:

Available Formats

CODE OF PRACTICE ON

EHS RISK MANAGEMENT

You might also like