SUBJECT NAME: Safety & Hazard Management in Chemical Industry

EXPERIMENT: 12
Risk Assessment Methods
Risk assessment and risk analysis of technical systems can be defined as a set of systematic
methods to:
 Identify hazards
 Quantify risks
Determine components, safety measures and/or human interventions important for plant safety.
Ideally Risk analysis should be done by bringing together experts with different backgrounds:
 chemicals
 human error
 process equipment
Risk assessment is a continuous process. Risk assessment includes incident identification and
consequence analysis. Incident identification describes how an accident occurs. It frequently
includes an analysis of the probabilities. Consequence analysis describes the expected damage.
This includes loss of life, damage to the environment or capital equipment, and days outage.
Scheme for qualitative and quantitative assessments

The following methods can be used to do a risk assessment:

 Use a what-if analysis to identify threats and hazards. What-if questions are asked about
what could go wrong and about what would happen if things do go wrong. This type of

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 75
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

analysis is a brainstorming activity and is carried out by people who have

knowledge about the areas, operations, and processes that may be exposed to
hazardous events and conditions.
 Use a checklist of known threats and hazards to identify your threats and hazards. The
value of this type of analysis depends upon the quality of the checklist and the
experience of the user.
 Use a combination of checklists and what-if analysis to identify your threats and hazards.
Checklists are used to ensure that all relevant what-if questions are asked and discussed,
and to encourage a creative approach to risk assessment.
 Use a hazard and operability study (HAZOP) to identify your threats and hazards. If you
need to do a thorough analysis, this method is for you. However, it requires strong
leadership and is costly and time consuming. It also assumes that you
have a very knowledgeable interdisciplinary team available to you, one with detailed
knowledge about the areas, operations, and processes that may be exposed to hazardous
events and conditions.
 Use a failure mode and effect analysis (FMEA) to identify potential failures and to figure
out what effect failures would have. This method begins by selecting a system for
analysis and then looks at each element within the system. It then tries
to predict what would happen to the system as a whole when each element fails. This
method is often used to predict hardware failures and is best suited for this purpose.
 Use a fault tree analysis (FTA) to identify all the things that could potentially cause a
hazardous event. It starts with a particular type of hazardous event and then tries to
identify every possible cause.
Methods for hazard identification:
 ”What if”
 Checklists
 HAZOP
 Task analysis
 Index (Dow, Mond)
 Failure mode and effects analysis (FMEA)

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 76
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

Hazard & Scenario Analysis:

 Fault tree analysis (FTA)
 Event tree analysis (ETA)
 Bowties
 Barrier diagrams
 Reliability data
 Human reliability
 Consequence models
Process indexes:
 Dow Fire and Explosion Index (F&EI): Evaluates fire and explosion hazards associated
with discrete process units.
 Mond Fire and Explosion Index: Developed by ICI’s Mond Division, an extension of the
Dow F&EI.
Fault Trees Analysis: (FTA)
 Graphical representation of the logical structure displaying the relationship between an
undesired potential event (top event) and all its probable causes
 top-down approach to failure analysis
 starting with a potential undesirable event - top event
 determining all the ways in which it can occur
 mitigation measures can be developed to minimize the probability of the
undesired event
 Fault Tree can help to:
 Quantifying probability of top event occurrence
 Evaluating proposed system architecture attributes
 Assessing design modifications and identify areas requiring attention
 Complying with qualitative and quantitative safety/reliability objectives
 Qualitatively illustrate failure condition classification of a top-level event
 Establishing maintenance tasks and intervals from safety/reliability assessments
Guidelines for developing a fault tree:
 Replace an abstract event by a less abstract event.
 Classify an event into more elementary events.

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 77
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

 Identify distinct causes for an event.

 Couple trigger event with ‘no protective action’.
 Find co-operative causes for an event.
 Pinpoint a component failure event.
Event Trees Analysis(ETA):
 graphical representation of a logic model
 identifies and quantifies the possible outcomes following an initiating event
 provides an inductive approach to reliability assessment as they are constructed using
forward logic.
Event tree analysis procedure:
 Step 1: Identification of the initiating event
 Step 2: Identification of safety function
 Step 3: Construction of the event tree
 Step 4: Classification of outcomes
 Step 5: Estimation of the conditional probability of each branch
 Step 6: Quantification of outcomes
 Step 7: Evaluation
Fault Trees Analysis: (FTA)
Fault trees originated in the aerospace industry and have been used extensively by the
nuclear power industry to qualify and quantify the hazards and risks associated with nuclear
power plants. This approach is becoming more popular in the chemical process industries,
mostly as a result of the successful experiences demonstrated by the nuclear industry. A fault tree
for anything but the simplest of plants can be large, involving thousands of process events.
Fortunately, this approach lends itself to computerization, with a variety of computer programs
commercially available to draw fault trees based on an interactive session. Fault trees are a
deductive method for identifying ways in which hazards can lead to accidents. The approach
starts with a well-defined accident, or top event, and works backward toward the various
scenarios that can cause the accident.
Event Trees Analysis (ETA):
Event trees begin with an initiating event and work toward a final result. This approach is
inductive. The method provides information on how a failure can occur and the probability of

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 78
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

occurrence. When an accident occurs in a plant, various safety systems come into play to prevent
the accident from propagating. These safety systems either fail or succeed. The event tree
approach includes the effects of an event initiation followed by the impact of the safety systems.
The typical steps in an event tree analysis are:
1. identify an initiating event of interest,
2. identify the safety functions designed to deal with the initiating event,
3. construct the event tree, and
4. describe the resulting accident event sequences.
If appropriate data are available, the procedure is used to assign numerical values to the
various events. This is used effectively to determine the probability of a certain sequence of
events and to decide what improvements are required.
Advantages and Disadvantages of Fault Trees:
 The main disadvantage of using fault trees is that for any reasonably complicated process
 the fault tree will be enormous. Fault trees involving thousands of gates and intermediate
events are not unusual. Fault trees of this size require a considerable amount of time,
measured in years, to complete.
 Furthermore, the developer of a fault tree can never be certain that all the failure modes
have been considered. More complete fault trees are usually developed by more
experienced engineers.
 Fault trees also assume that failures are "hard," that a particular item of hardware does
not fail partially. A leaking valve is a good example of a partial failure. Also, the
approach assumes that a failure of one component does not stress the other components,
resulting in a change in the component failure probabilities.
 Fault trees developed by different individuals are usually different in structure. The
different trees generally predict different failure probabilities. This inexact nature of fault
trees is a considerable problem.
 If the fault tree is used to compute a failure probability for the top event, then failure
probabilities are needed for all the events in the fault tree. These probabilities are not
usually known or are not known accurately.
 A major advantage of the fault tree approach is that it begins with a top event. This top
event is selected by the user to be specific to the failure of interest. This is opposed to the

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 79
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

event tree approach, where the events resulting from a single failure might not be the
events of specific interest to the user.
 Fault trees are also used to determine the minimal cut sets. The minimal cut sets provide
enormous insight into the various ways for top events to occur. Some companies adopt a
control strategy to have all their minimal cut sets be a product of four or more
independent failures. This, of course, increases the reliability of the system significantly.
 Finally, the entire fault tree procedure enables the application of computers. Software is
available for graphically constructing fault trees, determining the minimal cut sets, and
calculating failure probabilities. Reference libraries containing failure probabilities for
various types of process equipment can also be included.
Relationship between Fault Trees and Event Trees:
Event trees begin with an initiating event and work toward the top event (induction).
Fault trees begin with a top event and work backward toward the initiating events (deduction).

Figure:1 General description of risk.

The initiating events are the causes of the incident, and the top events are the final outcomes.
The two methods are related in that the top events for fault trees are the initiating events for
the event trees. Both are used together to produce a complete picture of an incident, from its
initiating causes all the way to its final outcome. Probabilities and frequencies are attached to
these diagrams.
Quantitative Risk Analysis (QRA) and Layer of protection analysis (LOPA):
The actual risk of a processor plant is usually determined using quantitative risk analysis (QRA)
or a layer of protection analysis (LOPA). Other methods are sometimes used; however, QRA and

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 80
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

LOPA are the methods that are most commonly used. In both methods the frequency of the
release is determined using a combination of event trees, fault trees, or an appropriate adaptation.
Quantitative Risk Analysis:
QRA is a method that identifies where operations, engineering, or management systems can be
modified to reduce risk. The complexity of a QRA depends on the objectives of the study and the
available information. Maximum benefits result when QRAs are used at the beginning of a
project (conceptual review and design phases) and are maintained throughout the facility's life
cycle. The QRA method is designed to provide managers with a tool to help them evaluate the
overall risk of a process. QRAs are used to evaluate potential risks when qualitative methods
cannot provide an adequate understanding of the risks. QRA is especially effective for evaluating
alternative risk reduction strategies.
The major steps of a QRA study include
1. defining the potential event sequences and potential incidents,
2. evaluating the incident consequences (the typical tools for this step include dispersion
modeling and fire and explosion modeling),
3. estimating the potential incident frequencies using event trees and fault trees,
4. estimating the incident impacts on people, environment, and property, and
5. estimating the risk by combining the impacts and frequencies,
In general, QRA is a relatively complex procedure that requires expertise and a
substantial
commitment of resources and time. In some instances this complexity may not be warranted then
the application of LOPA methods may be more appropriate.
Layer of Protection Analysis:
LOPA is a semi-quantitative tool for analyzing and assessing risk. This method includes
simplified methods to characterize the consequences and estimate the frequencies. Various layers
of protection are added to a process, for example, to lower the frequency of the undesired
consequences. The protection layers may include inherently safer concepts; the basic process
control system; safety instrumented functions; passive devices, such as dikes or blast walls;
active devices, such as relief valves; and human intervention. The combined effects of the
protection layers and the consequences are then compared against some risk tolerance criteria.

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 81
SUBJECT NAME: Safety & Hazard Management in Chemical Industry

In LOPA the consequences and effects are approximated by categories, the frequencies
are estimated, and the effectiveness of the protection layers is also approximated. The
approximate values and categories are selected to provide conservative results. Thus the results
of a LOPA should always be more conservative than those from a QRA. If the LOPA results are
unsatisfactory or if there is any uncertainty in the results, then a full QRA may be justified. The
results of both methods need to be used cautiously. However, the results of QRA and LOPA
studies are especially satisfactory when comparing alternatives. Individual companies use
different criteria to establish the boundary between acceptable and unacceptable risk. The criteria
may include frequency of fatalities, frequency of fires, maximum frequency of a specific
category of a consequence, and required number of independent layers of protection for a
specific consequence category.

CHEMICAL ENGG. DEPT.

SHRI K. J. POLYTECHNIC, BHARUCH Page 82