Event tree analysis and risk assessment

Issue 00 Rev.0Course Title 1

PLANT INCIDENT INVESTIGATION

Issue 00 Rev. 0Course Title 2

Day -4

Accident investigation analytical techniques. Event tree analysis Risk analysis Systematic Cause Analysis Technique (SCAT) STEP (Sequential timed events plotting)

http://www.google.ae/imgres?imgurl=http://www.geeksquad.com/intelligence/wp-content/uploads/2009/12/laptop.jpg&imgrefurl=http://www.geeksquad.com/intelligence/blog/geek-squad-2mm-how-to-extend-the-life-of-a-laptop-battery/&h=350&w=380&sz=21&tbnid=1QmSgt_F12JOLM:&tbnh=113&tbnw=123&prev=/images%3Fq%3Dpicture%2Blaptop&zoom=1&q=picture+laptop&hl=en&usg=__-gmxLlb-U6W1yCc_3b2CLdz4fhY=&sa=X&ei=_74STZLOOceV8QPjg4CEBw&ved=0CCIQ9QEwAg



Accident investigation analytical techniques. (Cont.)

8. Event tree analysis:-(Quantitative Risk Analysis)An event tree is used to analyse event sequences following after an initiating event. The event sequence is influenced by either success or failure of numerous barriers or safety functions/systems. The event tree analysis is used to quantify the probability of the possible consequences.




8. Event tree analysis:-(Quantitative Risk Analysis)

When an accident or process deviation (i.e. an “event”) occurs in a plant, various safety barrier systems (both Engineering and Administration) come into play to prevent the accident from propagating.

These safety systems either fail or succeed.




Event trees are used to follow the potential course of events as it moves through the various safety systems.

The probability of success or failure of each safety intervention is used to determine the overall probability of the final outcome.

Event

Safety systems/ Barriers

Acc.fail

SafeShutdown (safely)

Continuous operation




An Event Tree is used to determine the frequency of occurrence of process shutdowns or runaway systems.

Inductive approachSpecify/Identify an initiating even and work forward.Identifies how a failure can occur and the probability of occurrence



8. Event tree analysis:-(Quantitative Risk Analysis)Steps to Construct an Event Tree:

A. Identify an initiating event of interest.B. Identify the safety functions designed to deal with the

initiation followed by the impact of the safety systemC. Construct the event tree.D. Describe the resulting accident event sequences.



8. Event tree analysis:-(Quantitative Risk Analysis)A.Identify an initiating event:

May have been identified during a HAZOP as a potential event that could result in adverse consequences.

Usually involves a major piece of operating equipment or processing step, i.e. a HAZOP “Study Node”.



8. Event tree analysis:-(Quantitative Risk Analysis)B.Identify safety functions:From PID, process flow sheet, or procedures find what safety systems are in place and what their functions are.These can include things such as automatic controllers, alarms, sensors, operator intervention, etc.On you Event Tree write across the top of the page in the sequence of the safety interventions that logically occur.Give each safety intervention an alphabetic letter notation.

automatic controllers alarms sensors operator

interventionEvent

A B C D



8. Event tree analysis:-(Quantitative Risk Analysis)Horizontal lines are drawn between functions that applyVertical lines are drawn at each safety function that applies

Success – upward Failure – downward

Indicate result of event Circle – acceptable result Cross-circle – unacceptable result

Safety Function

B

(Event A)

ProbabilityXA

XA (1- XB)

XB

Failure Probability

XA XB

XB is the safety function B failure probability or the unavailability of

XA is the Event failure probability

Compute frequency of failures



8. Event tree analysis:-(Quantitative Risk Analysis)Follow process through with each step to calculate the frequency of each consequence occurring.Typically three final results

Continuous operationShutdown (safely)Runaway or fail




Example:– Loss of coolant to reactor

Four safety interventions1. High temperature alarm2. Operator noticing the high

temperature during normal inspection

3. Operator re-establishes the coolant flow

4. Operator performs emergency shutdown of reactor




Example:– Loss of coolant to reactor

Assume loss of coolant occurs once per year (occurrence frequency 1/yr)Alarm fails 1% of time placed in demand (failure rate of 0.01 failures/demand)Operator will notice high reactor temperature 3 out of 4 times (0.25 failures/demand)Operator will successfully restart coolant flow 3 out of 4 times (0.25 failures/demand)Operator successfully shuts down reactor 9 out of 10 times (0.10 failures/demand)


Resulting Event Tree Analysis

Event Tree Analyses Example:

03.11.2011Course Title 15

Barriers H.T.Alarm

OP. NoticeH.T.

Op.ReOp.Cooling

Op. MakeS/D Results

Loss ofCooling

Event

One Occurance /yer

X

X

X

Failure Demand 0.01 0.25 0.25 0.1

Continuance Operation

Safe S/D

Runaway

Failure Demand

1

E

A B C D

E (1-A)

EA

0.99

0.01

0.7425

0.2475

0.005625

0.001875

0.001875

0.000625

0.022275

0.02475

0.00016875

0.0001875

0.00005625

0.0000625

0.9

0.0075

0.0025

Safe S/D


Failure Demand

Safe S/D


0.1

0.09

0.1

0.09

0.1

0.75

0.25

0.25

0.75

0.75

0.25

0.25

0.75


8. Event tree analysis:-(Quantitative Risk Analysis)Mean time between Shutdown:– Mean Time Between Shutdown, MTBS is calculated from:

MTBS=1/occurrences of shutdowns

Mean Time Between Runaway, MTBR is calculated from:- MTBR=1/ occurrences of runaways




Example – Possible outcomes:–The lettering is used to identify each final outcome.

For instance, ABDE

Indicates that after Initiating event A occurs, that safety

system B failed (high T alarm), that safety system D failed

(the operator was unable to re-start the coolant) and safety

system E failed (the operator was unable to successful shut

down the reactor).




Example – Determination of MTBS:–For Mean Time Between Shutdowns take the reciprocal of the

sum of all sequences that resulted in a shutdown. (Example gives

1/.225 = 4.4yrs)

For Mean Time Between Runaway do the same thing with all

sequences that resulted in a runaway. (Example gives 1/0.250 =

40yrs)


In Class Example

Construct an Event Tree and determine the MTBS and MTBR for a loss of coolant for the reactor shown in Figure 11-8. Assume loss of coolant occurs once every three years.

Alarm fails 0.1% of time placed in demand

Operator will notice high reactor temperature 3 out of 4 times

Operator will successfully restart coolant flow 4 out of 5 times

Operator successfully shuts down reactor 9 out of 10 times

Solution – Construct Event Tree

Solution Continued – Occurrence Frequency

Event A 0.999 0.8 0.7992Event AD 0.999 0.2 0.9 0.17982Event ADE 0.999 0.2 0.1 0.01998Event AB 0.001 0.75 0.80 0.0006Event ABD 0.001 0.75 0.20 0.9 0.000135Event ABDE 0.001 0.75 0.20 0.10 0.000015Event

ABC 0.001 0.25 0.00025

Solution Continued – Mean Time Between Events

Mean Time Between Shutdowns1

Occurences of Shutdown1 5.56

0.17982 0.000135

Mean Time Between Runaways1

Occurences of Runaways1 49.4

0.01998 0.000015 0.00025

MTBS

MTBS yrs

MTBR

MTBR yrs


9. Risk Analysis:-(Qualitative risk Assessment)

A Quantitative Risk Assessment (QRA) is a technique offers guidelines to help you conduct your own step-by-step analysis. It is used to analyses and recognize workplace hazards so you can reduce, control and report them.

It s a valuable tool used to demonstrate the risk caused by the activity and to provide the competent authorities with relevant information to enable decisions on the acceptability of risk related to the activates.




Hazard:Something with the potential to cause harm (such as electricity, working on a ladder or with dangerous machinery)

Danger: Likelihood of harm or injury.

Risk:Risk is the likelihood that harm will actually result in particular situation or circumstance . Probability that a hazard will result in an accident .

Controls: The measures or methods that we use to control the risk.




Hazard, Risk and Danger:

Hazard means anything that can cause harm (eg

chemicals, electricity, working from ladders, etc) risk is

the chance, high or low, that somebody will be harmed

by the hazard. Danger is a situation where hazards is

involved.




Risk Assessment Principles:•Risk Assessments shall be performed before any work commences by all projects, departments, units and on all worksites where hazards have been identified or potential hazards are thought to exist.•Risk Assessments should be kept short and simple and MUST be recorded.




Timing Of Risk Assessments:• Risk Assessment should be undertaken prior to:

•Performing any non-routine activity,•Performing a new task,•When new people are involved,•When third party people are involved,•When major changes to the work/system are considered




How to assess the risks in your workplace

• The Risk Assessment procedure comprises 6 main key steps:1. Identify task (breakdown the job into tasks)2. Identify Hazard associated with each task3. Identify who/what might be harmed4. Apply existing control measures5. Measure the risk6. Reappraising the residual risk by applyingadditional control measures. (ensuring that residual risks are As Low As Reasonably Practicable -ALARP)




Evaluation of Risk:-Unfortunately, there are no standard criteria for the acceptability of risk. However, it may be possible to:

1. Compare the level of risk with existing codes and practices, or

2. Compare the level of risk with existing situations in similar industries, or

3. To set your own criteria of acceptability.




Evaluation of Risk:-Stage 1 - Task identification

review the job steps with the employee to make sure you have not omitted something.

reviewing the procedures to discussing associated hazards in each task step.

Involve staff, so that you can be sure that what you propose to do will work in practice and won’t introduce any new hazards.




Evaluation of Risk:-Step 2 - Identify the hazards:

• Identify hazards for each task (use checklist)• Identify where the hazard is relative to the task• Does checklist cover all hazards• Add to your hazard checklist




Evaluation of Risk:-Step 2 - Identify the hazards:

• Identify hazards for each task (use checklist)• Identify where the hazard is relative to the task• Does checklist cover all hazards• Add to your hazard checklist


Checklist of Hazards

The following list acts as a guide to identifying potential hazards: Slip/trip/Fall Hazards Flammable materials Chemicals/Pollution/Contaminants Moving/Swinging objects Moving parts of machinery/vehicles Ejection of material welding/grinding) Pressure/Vacuum Electricity Working at height (over side) Noise Dust Fumes / Noxious Gases Position Manual handling Poor lighting Low/High temperature Low oxygen environment Radiation Vibration Hydrocarbons Restricted access Tasks with RSI potential Single Point Posture Weak structures Unstable objects Y2K Bug Explosives Crane operations Weather conditions



Evaluation of Risk:-Step 3 - For each hazard you need to be clear about who might be harmed:

(People, Assets, Environment and Company Reputation).

Think about people who may not be at the work place at the time, e.g. cleaners, visitors, contractors, and members of the public, etc. Is there any chance that they might be harmed by the activities?




Evaluation of Risk:-Step 4 – Add existing control:

Having spotted the hazards, you then have to decide what to do about them. The law requires you to do everything As Low As Reasonably Practicable’ to protect people from harm.

Think about what existing controls you have in place and how the work is organized.

List existing control measures against each hazard Then compare this with the good practice and see if there’s

more you should be doing to bring yourself up to standard.




Evaluation of Risk:-Step 5 - Measure the risk:

Risk is comprised of both Severity (S) and Likelihood or consequences (L)

often expressed as...

Risk = S x L





Severity or Consequences:The consequences that could have resulted from the

hazard if things went out of control injury or illness to people, r property damage to Assists, or environmental impact, or company reputation

which is reasonably predictable.





Likelihood or Probability:likelihood is defined as: the chance that a given

event will occur; We can estimate the probability based on the following:

Number of employees exposed;

Frequency and duration of exposure;

Proximity of employees to the danger zone;





Perception of Risk: Risk is often viewed very differently from individual to

individual base on individual perception. Perception is the way one looks at things. someone's ability

to notice and understand things that are not obvious to other people, based on his/her First impression, Previous experience, and Culture.

Peoples perceptions change as familiarity with hazards increases and the risks evaluation changes.

Perception

A pen in the

the PocketA book on the the disk

A bird on

the tree

41

The first impression of a person




Likelihood Rating GuidanceLikelihood Rating Guidance:The degree of likelihood is split into five categories:

(A) : VERY UNLIKELY Little or no chance of occurrence, (B) : UNLIKELY Conceivable, occurrence would require multiple failures of systems and controls(C) : POSSIBLE Could happen, easy to assume a feasible scenario where the situation would occur (D) : LIKELY Not certainty but such an event have occurred and represents a credible scenario (E) : VERY LIKELY Almost inevitable




SeveritySeverity Rating Guidance Rating Guidance: Severity is the degree of harm arising from the

hazard, which is reasonably predictable; Areas affected by risk are:

9.People Injury or illness (P), 10.Assists or Properties damage (A), 11.Environment impact (E),12.Reputation of the Company (R).




SeveritySeverity Rating Guidance Rating Guidance:Rate Severity meaning

0 Nothing happen Nothing.

1 Negligible Injuries Would require first aid and return to work.

2 Minor Injuries Typically a reversible injury or damage to health needing less than three days away from work to recover.

3 Major Injuries Injury or damage to health requiring extended time off work

4 Fatal Death for one person

5 Multiply Fatality Death for more than one

Never heard ofin

EP industry

A

Has occurred inEP industry

B

Has occurred inAFPC

C DHappens

several times ayear in AFPC

EHappens

several times ayear in the

facility

00

Severity

11

22

33

44

Noinjury

PPeople

Slightinjury

Minorinjury

Majorinjury

SingleSinglefatalityfatality

Nodamage

AAssets

Slightdamage

Minordamage

Local damage

Majordamage

Noeffect

EEnv.

Slighteffect

Minoreffect

Localizedeffect

Majoreffect

Noimpact

RReputation

Slightimpact

Minorimpact

Considerableimpact

Nationalimpact

55 MultipleMultiplefatalitiesfatalities

Extensivedamage

Massiveeffect

Internationalimpact

likelihoodlikelihood

Continuous I

mprovemen

t

Medium ALARP

Serious

46

Level of Risk Meaning Control required

Low Risk is accepted

Operation continue considering existing barriers and control measures are emplace and maintained

MediumALARP*

Further risk reduction measures must be

considered

A full demonstration that all risks are managed to ALARP is required.

High Intolerable Risk Risk unacceptable.

Operation should not be started, Consult specialists

RISK CLASSES CRITERIA

Task Assessment:

ALARP

Risk

Cost/Benefit

Resid

ual

Risk

” A level of risk that is tolerable and cannot be reduced further without the expenditure of costs that are disproportionate to the benefit gained or where the solution is impractical to implement”

Cont

rolle

d Ri

sk

High Risk with low cost

Low R

isk w

ith H

igh co

st

Cost

Risk cost benefit.



Evaluation of Risk:-Step 6 – Reappraisal residual risk:

Risk controlRisk control: Once the risk is decide unacceptable, then additional corrective measures are

required either to reduce the probability of the hazard occurring (by improving the system reliability) or by mitigating the consequences of the hazard.

When making a risk assessment all the aspects of likelihood and consequences should be taken into consideration.

Accid

ent R

ate

Job Steps

Preparation Execution Completion

Lack Of Supervision

When making a risk assessment all the aspects of likelihood and consequences should be taken into consideration.

The Aspect of Risk Management

Severity

Relative Frequency of Occurrencelikelihood

Evolutionary of RiskEx

istin

g C

ontro

lM

easu

res &

SO

P

EMERGENCY PREPAREDNESS

CatastrophicLow

High

ContinuesImprovement

Methods for reducing risk

Increase reliability

Mitigate consequenc

e

By design By procedure

Fail safe principle

Protective systems

Emergency preparedne

s


Elimination Substitution Isolation Tolerate

Engineering Controls Administrative Controls

Provide Special Personal Protective Equipment. Transfer (Contractor / Insurance) .

HIERARCHY OF CONTROL MEASURES


Identify source of Hazard Evaluate Risk

Hierarchy of risk control strategy

Terminate

Take action Substitution or Replace

TransferTolerate

Verify

Contractor/Insurance

Engineering Controls

S.PPE

Administrative Controls

Yes

No

Yes

No

Yes

NoIsolate

YesNo

Risk Assessment Form

No Task Hazard Consequences

ExistingControl

Measures

Risk Analysis (existing controls) Required

AdditionalControl Measures

Risk Analysis (with extra controls)

S L Risk S L Risk

Completed by: Activity:

Checked by:

Line Manager:

Affe

cted

par

ty

Res

idua

l ris

k

Rule No.1

Never trust anyone

Rule No.2

Never assume anything

Class Exercise 1 Horse Hot Stamping

Group Exercises


Thank You

Education

Event tree analysis and risk assessment