Professional Documents
Culture Documents
SE - 2 - 4
This book is sold subject to the condition that it shall not, by way of trade or
otherwise, be lent, re-sold, hired out or otherwise circulated without the publisher's
prior consent in any form of binding or cover other than that in which it is
published and without a similar condition including this
condition being imposed on the subsequent purchaser.
1
________________________________________________________________________________________
INTRODUCTION
________________________________________________________________________________________
This lesson links what we have learned about the nature of the most likely
hazards to which property and people are exposed to the methods available for
dealing with them. 'Risk management' and 'risk control' are general terms.
They are often ill-defined but, bearing in mind that we cannot predict the
future, the application of such techniques and skills can be very effective.
________________________________________________________________________________________
YOUR AIMS
________________________________________________________________________________________
________________________________________________________________________________________
physics
chemistry
materials science
life sciences
statistics
occupational safety and health
the engineering disciplines
business administration.
loss prevention
fire and explosion protection
hazardous materials handling, transportation and disposal
pollution abatement
plant security
emergency response planning
accident investigation
budget preparation
training
employees
union officials
fellow management
insurance company personnel
consumer safety watchdogs
local police and fire services
the Health and Safety Executive.
________________________________________________________________________________________
RISK CRITERIA
________________________________________________________________________________________
In the absence of any absolute scale of human performance there is an ever on-
going search for better means of 'risk exposure measurement'. However, we
are able to adopt criteria for the dependability of hardware and software
systems (and this gives us scope for enhancing our levels of confidence). Both
areas can be represented by the following examples of typical data, although it
must be remembered that the use of such figures in hazard analysis requires
some measure of reservation, judgement and (hopefully) experience when
bearing in mind that any untoward event has a chance of happening over the
range "now" to "never"! The usual approach to attempted quantification of
criteria is to assume that all faults and failures occur in a random manner with
respect to time.
ARRIVING AT A PROBABILITY
The likelihood of the occurrence of a disastrous event derives from data which
is specific to, for example, the site, the weather, the equipment design, the
foundation specification and the properties of contained material.
Consequently, the probabilities of many events or failures of modern
equipment are not known, if only for want of historical records, and have to be
assessed by the 'best engineering judgement' despite inevitable uncertainties.
The probabilities of some events also tend to change with time, e.g. corrosion
fatigue failures, radioactive release and operator stress.
Any attempt at quantifying the effects of fires, explosions and the release of
contaminants to the environment requires an understanding of the physical and
chemical processes involved, e.g. thermal radiation flux, generated
overpressures and safe distance downwind of a released chemical. To measure
the severity of such events, damage and injury criteria are needed so that the
boundaries of the area affected by each hazard scenario can be established and
an estimate, however subjective, made of fatalities, injuries and exposure,
together with the potential damage to structures, equipment and services.
In a later lesson we shall see how a form of LOGIC TREE may be used to
predict the probability of a specific event occurring by tracing all possible
sequences of events and paths capable of leading towards it. A yardstick of
risk level acceptability is clearly needed, especially considering that different
sectors of society such as the employer, the insurers, the general public and the
regulatory bodies are unlikely to be in mutual agreement. Society at large
tends to tolerate one fatality a year over a considerable period of time but
reacts very differently to a single event which results in multiple fatalities.
Risk profiles may be derived from historical data for various natural or human-
related catastrophes.
The risk profile for an industrial activity can be calculated and superimposed
on these figures for comparison with other risks. Such profiles may also be
used to evaluate the costbenefit of changes in process route, plant design and
location or the effect of adding protective measures.
10 10
1/10 Hurricanes
Frequency (events/year)
Frequency (events/year)
1/10
10
10
1
1
1/10
Frequency (events/year)
Frequency (events/year)
1/10
Fires
1/100
1/100
Explosions
1/1 000
1/1 000
1/100 000
1/100 000
________________________________________________________________________________________
0.5F 0.1F
A B
Plant Explosion
(frequency F per yr.)
The average number of fatalities per year is 30F and the average individual
risk is this value divided by the number exposed (100), i.e. 0.3F per person
year. Now suppose there is a proposal to build a new housing estate at B,
increasing the population there by 300 to 350. The risk to any of these people
is the individual risk at B 0.1F per year but more people are exposed and
the number of people killed at B would now be 35. The individual risk and
total number killed at A are, of course, unaltered, and so the overall total for
offsite fatalities is now 25 (at A) plus 35 (at B), i.e. 60 occurring at frequency
F per year. The average number of fatalities per year has doubled to 60F but
the number exposed is now 400 and so the average individual risk is 0.15F per
person year half its previous value! This contrived example, summarised in
FIGURE 3, illustrates why average individual risk can produce misleading
conclusions. Exposing more people at low individual risk reduces the average
individual risk. Of course the risk has not reduced the societal risk has
increased because more people are exposed at low individual risk (FIGURE 4).
This also stresses the point that an F N curve (FIGURE 1) tells us nothing
about risk distribution.
Population at A 50 50
Societal risk (A) N = 25 = 25 at F yr1
Population at B 50 350
Societal risk (B) N = 5 = 35 at F yr1
AVERAGE
30F 60F
INDIVIDUAL = 0.3F yr 1 ; = 0.15 F yr 1
50 + 50 50 + 350
RISK
FIG. 3
F N CURVE
No. of casualties, N
DISTRIBUTION CURVE
Individual
risk per yr.
FIG. 4
RISK COMPARISONS
A strength of the target-setting approach is that designers will search for a low
cost means of attaining the target rather than arguing that the cost of risk
reduction is prohibitive.
Although there are advantages within industry from generating and using in-
house risk targets, any responsible organisation should be prepared to defend
any decisions on a case-by-case basis. This was one of the conclusions
reached by the Royal Society Study Group report (in 1983) on Risk
Assessment, along with the recommendation that risks should not be
aggregated into a single index unless the contributory factors are clearly
stated.
being injured if the object falls from a scaffold over a public pavement that is
situated in a busy city high street at noon, when there are many people about,
compared to an object falling from a scaffold around say, a country mansion on
a Sunday morning. Other factors which often cannot be ascertained exactly
should be estimated, such as weather conditions (e.g. wet or dry, temperature,
visibility), location, time of day (or night), density of population, etc.
However, there are areas wherein risk assessment has contributed significantly
to the formulation of general safety policy. Two such areas are nuclear power
generation and the chemical processing of nuclear fuels where the risks include
delayed or distributed deaths due to accidental events which can affect both
employees and members of the public.
Whilst various criteria have been proposed for risk to the neighbouring public
from hazardous activities, very little research has been carried out on widely-
spread risks. The concept of a "risk versus benefit" criterion is gaining
acceptance and is consistent with the 'reasonably practicable' requirement of
the U.K. Health and Safety at Work etc. Act.
________________________________________________________________________________________
The use of rating plans, in relation to specific categories of risk, for the
determination of insurance premiums has been long established in order to
secure recognition for
(a) capital investment replacement
(b) the consequences of operational hazards
and (c) the standard of protection provided for such values
against the hazards.
Process materials are marked principally with respect to fire, explosion and/or
toxicity propensities and a process is judged according to its parameters, such
as energy/heat content, temperature, pressure, corrosion and erosion.
'Hardware' relates to the quality of process containment, location, spacing,
control equipment and electrical integrity, etc.
This approach can, and does, also result in some hazards and risks actually
remaining undetected for want of a rigorous examination of the underlying
causes, a procedure vital to the establishment of appropriate corrective actions.
Two such dominant analytical procedures will be the subject of our next lessons.
Apart from these, one hazard classification method has gained considerable
prominence mainly because it specifies hazard categories and defines how the
numerical ratings should be used.
The Mond Fire, Explosion and Toxicity Index has been developed by ICI
from the American Dow Chemical Company Fire and Explosion
Classification Method (The Dow Index) into a tool which can be applied to
the majority of component units found on a plant site. It is particularly useful
in determining plant layout and spacing.
________________________________________________________________________________________
FIGURE 5 attempts to list all the risk sources of a typical project which
require consideration even before the facility becomes a revenue-earning
reality. At all stages it will be seen that human error is involved.
RECOMMENDATIONS
FROM EARLY CONCEPT
SAFETY EVALUATION OR
SIMILAR STUDIES
IGNORED
INCORRECT ENGINEERING
DESIGN SPECIFICATIONS
DESIGN ERRORS OR
OMISSIONS
SOURCES OF
RISK IN LATE CHANGES IN HUMAN
PROJECT DESIGN INTENT FACTOR
DEVELOPMENT
INADEQUATE SAFETY
STUDIES
INADEQUATE QUALITY
ASSURANCE/CONTROL
DURING PROCUREMENT
AND CONSTRUCTION
EQUIPMENT OVERSTRESSED
OR WEAKENED DURING
PRE-COMMISSIONING
ACTIVITIES
SPECIFICATION WAIVES
GRANTED IN ORDER TO
ACHIEVE PROJECT
COMPLETION DATE
These risks are common to all installations These risks vary from installation to
and arise principally from HUMAN installation depending on the process and
ACTIVITY on or around the installation, can arise only in event of LOSS OF
e.g. CONTAINMENT of the system inventory,
falling off the structure e.g.
tripping over obstacles emission of flammable material
impact by falling objects (fire or explosion)
contact with moving machinery emission of toxic or corrosive
physical operations such as materials
drilling, lifting, scaffolding, discharge of hot scalding fluids
flexing up, carrying out discharge of cold sub-zero fluids
maintenance, etc. asphyxiation risks
blast or projectiles (due to
equipment rupture)
FIG. 6
equipment breakdown
equipment malfunction
fouling
corrosion/erosion/thinning
blockages
internal leakage (passing valves, heat exchangers)
spurious operation of protective trip systems.
FIG. 7
Define
system
to be studied
Identify
AWARENESS
hazards
Analyse Analyse
ANALYSIS
causes effects
Assess risks
ASSESSMENT FEEDBACK qualitatively or
quantitatively
as required
EVALUATION Decision
FIG. 8
STAGE COMMENTS
Risk management within this life cycle depends on the following factors.
Expanding FIGURE 8, we can now insert the two techniques which are
universally accepted for implementing risk control:
The 'feedback' feature applies in both respects, i.e. for qualitatively checking
the integrity of a system after any corrective change has been decided and/or to
test for the achievement of quantitative risk targets.
The last box implies that as process (or any) plants can be modified, extended
or changed during the lifespan of the plant, then hazard identification and risk
assessment studies should be on-going throughout the life of the plant.
Acceptance
Criteria
(quantitative) Compare with criteria.
(qualitative)
Hazard/Event analysis.
Check sensitivity of
Quantification leading to likely numerical data,
frequency for Hazard. particularly for those
having dominant effect.
Is Target met?
YES NO
________________________________________________________________________________________
SELF-ASSESSMENT QUESTIONS
________________________________________________________________________________________
(iv) Risk management applies only to the planning and process design
stages of an industrial project.
________________________________________________________________________________________
1. ALL of them, (although most are not specifically listed in the text) but
particularly( i), (iii), (v), (vii) and (viii).
2. (b) This is equivalent to 0.0003 or 1 failure for every 3333 actions by the
operator. (The relief valve is 30 times more reliable on this basis.)
3. (i) TRUE
(ii) FALSE
(iii) TRUE
(iv) FALSE
If you were undecided about statements (ii) and (iii) then refer to Topic 1.
________________________________________________________________________________________
SUMMARY
________________________________________________________________________________________
We should now have a feel for levels of risk acceptability, the problems of
establishing criteria and for the objectives of those methods by which a
satisfactory response is achievable.
The next lesson introduces us to one particular means by which the underlying
hazards are capable of detection with a high degree of confidence.