Upload
salman
View
43
Download
5
Tags:
Embed Size (px)
DESCRIPTION
risk,control,qalitative
Citation preview
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
RISK MANAGEMENT
Hazard & Risks
Pooya Arjomandnia © 2015
1
LECTURE 2 PLAN:
• Some history – why risk management?
• Hazard and risk – the concepts
• Terminology, a way of thinking
• Risk perception
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
2
Books & Journals
Skelton, Bob – “Process Safety Analysis: an introduction” – chapters 1 & 2
Cameron I and Raman R. - “Process Systems Risk Management” – chapter 1
“Lee’s loss prevention in the process industries: hazard identification, assessment and control”, edited by Sam Mannan, free electronic resource at Curtin’s library – Ch. 1, 2 & Appendices
RESOURCES USED FOR DISCUSSIONS
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
3
SOME MAJOR DISASTERS - CASE STUDIES
• Flixborough, UK, 1974
• PEMEX, Mexico City, 1984
• UCIL, Bhopal, India, 1984
• Piper Alpha, UK, 1988
• Deepwater Horizon, 2010
• Fukushima Daiichi, Japan, 2011
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
6
FLIXBOROUGH, UK 1974The Process
Manufacture of caprolactum via the oxidation of liquid cyclohexane. Reaction product contained 94% cyclohexane which was subsequently separated.
Reaction carried out in six reactors (20 tonnes each) in series, operating at 8.8 barg and 155ºC.
Heat of reaction removed via vaporization of cyclohexane which was recovered from the off-gas system by condensation. Atmosphere in reactors controlled via nitrogen supply
Safety valves (11 barg) vented vapour into the relief header of the flare system
Trip to operate if high oxygen level encountered in the off-gas.
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
7
FLIXBOROUGH, UK 1974Chronology of Events
27 March: crack located in 13mm steel plate of Reactor 5.• Decision to take Reactor 5 out of service.• A by-pass constructed between Reactors 4 and 6. Done with
500mm pipe. Openings were 710mm. Dog-leg design, because of different reactor levels. Bellows installed at each end. By-pass pneumatically tested to 9.0 barg.
29 May: Isolation valve leaking. Shutdown for repairs.1 June: Startup of plant. Reactors subjected to higher than
normal design pressure.early am: sudden rise to 8.5 barg in Reactor 1 during
startup late am: pressure reaches 9.1-9.2 barg at normal
operating temperature late pm: vapour release via pipe rupture4.53 pm: massive vapour cloud explosion (VCE)
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
8
FLIXBOROUGH, UK 1974
Extent of DisasterDeath and Injury
28 killed (within plant) 54+ injured
Plant and Equipment complete destruction of
processing facilities ($60-70 million)
Plant Environs 1821 houses badly damaged 167 shops damaged
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
9
FLIXBOROUGH, UK 1974Lessons from the Incident:
1. Inventory of Hazardous Materials large volumes stored on site
(1.5 million litres cyclohexane plus 450,000 litres of other highly flammables)
2. Design and location of control room and other buildings
18 out of 28 deaths were in the control room
3. Siting of Major Hazards higher casualties avoided due to relative isolation
4. Public Controls of Major Hazard Installations ACMH (Advisory Committee on Major Hazards) also CIMAH (Control
of Industrial Major Accident Hazards) regulations
5. Management Aspects safety versus production hazard analysis of modifications management safety system essential planning for emergencies
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
12
PEMEX, MEXICO CITY, 1984Extent of Disaster
Death and Injury 542 killed (mainly outside plant) > 7000 injured
Plant and Equipment majority of LPG installation destroyed
Plant Environs severe damage area out to 400m fragments out to 1200m
100 delivery trucks destroyed 200 houses destroyed 1800 houses damaged
200,000 evacuated
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
13
PEMEX, MEXICO CITY, 1984The Facility
LPG storage and distribution centre, located in a north-eastern suburb of Mexico City.
Storage at San Juan Ixhuatepec was:
Surrounding residential area started 130m from storage tanksFeed via 3 underground lines (300mm) from refineries up to
500 km awayLPG distributed to local gas companies and others via
underground lines, cylinders and rail-tankers.
Type Number Capacity (tonnes)
Pressure (bar)
Total (tonnes)
bullet
bullet
sphere
sphere
44
4
4
2
50
90
575
1250
9
9
13.5
13.5
2200
360
2300
2500
54 7360
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
15
PEMEX, MEXICO CITY, 1984
Chronology of EventsSunday18 November, late pm: facilities almost empty.
Afternoon shift begins tank filling from refineries.Monday 19 November, early am: filling of bullets and 2
largest spheres completed; 2 smaller spheres about 50% full.Sudden pressure drop at pumping station 40 km away. Rupture of an 8 in. pipe between a sphere and cylinders5.20 am: escape of liquefied gas with deafening noise – 2m high cloud 200m x 150m5.40am: cloud ignited by flare at bottling plant. Flash fire and local overpressures5.45am: first major explosion (BLEVE)5.46 am: first small sphere explodes with 300m fireball. Raining LPG.up to 7.30am: 9 major explosions
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
16
PEMEX, MEXICO CITY, 1984Lessons from the Incident
Layout PEMEX facilities very confined cylinders very close and walled-in leading to increased
overpressuresLocation
closeness to major residential areas (130 metres) local authority planning strategies
Maintenance poor quality – gas detection and emergency isolation often postponed seldom recorded failure of the overall system of protection
Disaster Planning total confusion reigned inadequate disaster management
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
17
UCIL, BHOPAL, INDIA, 1984
Extent of the DisasterDeath and Injury
3000 fatalities >250,000 injured
(159 orphaned children, 169 widows, 1000 cases of blindness)
Plant and Equipment closure of facility
Plant Environs major long-term devastation of
local community
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
18
UCIL, BHOPAL, INDIA, 1984
The Process
Phosgene stripping
MIC refinin
g
Pyrolysis
Reaction system
MIC storag
e
MIC derivativ
es
MIC destruction VGS/flare
Tails
Tails
Phosgene
Monomethylamine
Chloroform
Hydrogen chloride
Unit vents
Residues
Çrude
MIC
Product
Product
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
19
UCIL, BHOPAL, INDIA, 1984
Chronology of EventsSunday 2 December
8.30pm: operator asked to wash piping around tank 610
10.55pm: pressure in tank 610 rises to 10 psig. Operator assumes it is due to nitrogen pressurization
11.30pm: operators sense eye irritation due to small amount of MIC
Monday 3 December
12.00 midnight: pressure continues to build. Water sprays used to cool tank but ineffective
12.30 am: pressure rises to full scale . Bursting disc and safety valve blows. MIC released via scrubber and vent (40 tonnes in total) – scrubbing, refrigeration & flare not working!
1.00am: alarm activated© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
20
UCIL, BHOPAL, INDIA, 1984Lessons from the Incident
Storage of hazardous intermediates? is it necessary?
Non-adherence to recommended plant procedures
Inoperative safety systems vent gas scrubber flare stack water curtain refrigeration system spare storage tank
• Multinational safety standards
• common standards worldwide
• adequate training• Local Government
actions• local community
awareness• suitably planned
buffer zones• Sabotage of operations ?
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
21
PIPER ALPHA, UK, 1988
Extent of Disaster major oil platform
destroyed 167 deaths major oil production
disruption for Occidental Petroleum
Cullen Report leads to major off-shore safety system changes
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
22
PIPER ALPHA, UK, 1988
The Process platform operations separated fluid
from wells into gas, oil and condensate
oil pumped to Flotta Terminal, Orkneys
gas sent to MCP-01 platform for compression for discharge to St. Fergus
gas received from Tartan gas line link to Claymore
(Lees, 1996)
Pipeline connectionsRISK MANAGEMENT AND PROCESS SAFETY Lecture 2
23
PIPER ALPHA
Chronology of Events Condensate pump was taken out of service for maintenance by
day shift PSV of the pump was taken out of service; blind installed loosely
(bolts not tight) 21:45 – 2 condensate pumps tripped, one restarted by night shift
(not knowing what the day shift did) Leak and large amount of condensate released – vapor cloud 22:00 – first explosion 22:20 - rupture of gas riser from Tartan death in accommodation module 22:50 & 23:20 – third and fourth explosion 24:15 - platform Piper disappears
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
24
PIPER ALPHA
Lessons from the Incident quality of safety management – lack of control, poor permit to work systems quality of safety auditing isolation of plant for maintenance training of contractors – no proper training! disabling of protective systems by fire/explosion safe refuge for workers planning for emergencies – emergency induction not provided,
no drills of exercises to test emergency preparedness
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
25
Deepwater horizon, april 2010
Extent of the Disaster Drilling rig sank after
explosion and fire 11 fatalities Many injured
(126 total workers) Environment
major long-term devastation the largest offshore oil spill in
US history
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
26
Deepwater horizon Chronology of Events
20 April 2010 9:45: a geyser of seawater erupted from the marine riser onto the rig (73 m
into the air) Very soon: eruption of slushy combination of mud, methane gas and water The gas ignited into a series of explosions and firestorm Attempt to activate the blowout preventer failed and rig burned for 36 hours 22 April 2010 The rig sank The oil spill continued until 15 July when temporarily sealed by a cap Relief wells used to permanently seal the well 19 September 2010 – declared ‘effectively dead’!
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
27
Possible causes 2009 – ‘not required’ to
fill a ‘scenario for a potential blast’
Instructions to remove drilling mud from the riser prior to capping and replace with seawater
Declared the blowout preventer (BOP) ‘fail-safe’; Transocean listed 260 failure modes
2011 report – BP’s lack of safety culture
Disregarded ‘anomalous pressure test readings’ prior to explosion
The BOP had a ‘dead battery in its control pod’ and ‘leaks in its hydraulic test’
Maker of BOP
Flawed cementing job to cap the well just prior to blowout
The cement plug ‘was never set’
To be continued…RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
28
Fukushima, Japan, march 2011
Extent of the Disaster Level 7 nuclear disaster
Equipment failures Nuclear meltdowns Release of radioactive
materials No deaths or cases of radiation
sickness
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
29
Fukushima Chronology of Events
Earthquake – loss of power supply; reactors 1-3 shut down Emergency diesel generators started up
Two tsunamis (8 min apart) Submerged and damaged the seawater pumps required for condenser and
cooling circuits Drowned the diesel generators, inundated the electrical switchgear and
batteries Damaged and obstructed roads
Reactors isolated from any heat sink Nuclear emergency declared Evacuation
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
30
Fukushima
Lessons from the Incident Seismic design – countermeasures for the external power supply
were inadequate Tsunami – the scale considered in design was inadequate; poor
design of critical safety systems Station blackout – safety guidelines only assumed short term
blackout Loss of ultimate heat sink Accident management – inadequate for station blackout; confusion;
inadequate responsibility system Hydrogen explosion – outside the containment vessel, not taken
into consideration Safety design approach - inadequate
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
31
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
How to conduct a simple incident safety and risk assessment 32
US CHEMICAL PROCESS LOSSESDistribution (%)
20.9
23.441.6
14.1
Cost (%)
5.1
66.2
20.6
8.1
Cost (%)
6.5
73.2
20.1
0.2
Distribution (%)
13.8
51.4
33.3
1.5
All Losses
Losses > $100 000
Windstorm
All other
Explosion
Fire
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
33
LOCATION OF LOSSES
Fire incidents (%)
38.5
33.5
28.2
Explosion incidents (%)
66.7
20.1
13.2
Other
Enclosed building
Open structure
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
34
CAUSE OF LOSSES
Distribution (%)
44.2
23.5
32.3
Cost (%)
85.9
6.18
Other explosions (including vapour cloud explosions)
Chemical reaction
Boiler and furnace explosion
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
35
LOSS ANALYSIS – REACTION & EXPLOSION
Cause Frequency (%)
Accidental reactiona 33.3
Uncontrolled reactionb 40.0
Decomposition of unstable materials 13.3
Other causes 13.4
aDue to accidental contact of material(s)
bIntended reactions which become uncontrollable
Type of Process Frequency (%)
Batch reaction 60.0
Continuous reaction 13.6
Recovery unit 6.6
Evaporation unit 6.6
Other 13.2
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
36
MOTIVATION FOR RISK MANAGEMENT
Regulatory requirements International, national and state
Common Law Duty of Care Avoiding criminal liability
Commercial incentives Business continuity Corporate reputation
Evaluating alternatives for design and location
© Ian Cameron RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
37
HAZARD - DEFINITIONSHazard = a physical situation with a potential for: human injury,
damage to environment or both
Hazard analysis = the identification of undesired events that lead to materialisation of
hazard the analysis of the mechanisms by which these undesired events could
occur the estimation of the extent, magnitude & likelihood of any harmful
events
Skelton – chapter 1
KEY CONCEPTS
a potential for harm/loss NOT a realised harm/loss
RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
38
HAZARDS – CONTRIBUTING FACTORSMaterial factors
toxicity (LD50, TLV, ERPG, …)
flammability (Flash point, Auto-ignition, UEL/LEL)explosion (deflagration, detonation)
Operational factorsprocess deviations timesequencehuman factors
Environmental factors ignition densityweather/meteorology
Cameron – chapter 1RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
39KEY CONCEPTS
RISK - DEFINITIONS
Risk = the probability of occurrence of an event that could cause a specific level of harm to people, property, environment over a specified period of time
Process risk categories: Occupational risks - safety & risk of employees Plant property loss Environmental risk – s&h of public, heritage Liability risks - public, product, failure to service Business interruption risks Project risk – design, contract, delivery
Cameron – chapter 1RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
40KEY CONCEPTS
RISK – DEFINITIONS Two dimensions:
Severity / magnitude of the loss Likelihood / probability of occurrence
Broad concept: Risk = Undesirable consequences x
Uncertainty Risk = Hazard / Protective measures Risk = Hazard + Outrage
Cameron – chapter 1RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
41KEY CONCEPTS