Journal of Loss Prevention in the Process Industries 22 (2009) 373380

Contents lists available at ScienceDirect

Journal of Loss Prevention in the Process Industries

journal homepage: www.elsevier.com/locate/jlp

ExpHAZOP: Knowledge-based expert system to conduct automated HAZOP

analysis
Shibly Rahman a, Faisal Khan b, *, Brian Veitch b, Paul Amyotte c
a

Department of Computer Science, Memorial University, St. Johns, NL, Canada A1B 3X5
Faculty of Engineering & Applied Science, Memorial University, St. Johns, NL, Canada A1B 3X5
c
Department of Process Engineering and Applied Science, Dalhousie University, Halifax, NS, Canada B3J 2X4
b

a r t i c l e i n f o

a b s t r a c t

Article history:
Received 18 October 2007
Received in revised form
18 January 2009
Accepted 28 January 2009

HAZOP (Hazard and Operability) is a preliminary and systematic approach for identifying hazards and
suggesting hazard mitigation measures in a process facility. A knowledge-based expert system,
ExpHAZOP, has been developed to automate the manual HAZOP analysis and accelerate the process.
ExpHAZOP comprises a graphical user interface (GUI), a knowledge-base and an inference engine. One
of the unique features of ExpHAZOP is the fault propagation algorithm, an aspect of the inference
engine, which denes the propagation of deviations to all downstream equipment. The dynamic
knowledge-base of ExpHAZOP allows a user to update knowledge while performing the HAZOP analysis
and to use that knowledge in the result. ExpHAZOP is easy to use and provides results in a standard
report format.
Crown Copyright 2009 Published by Elsevier Ltd. All rights reserved.

Keywords:
HAZOP
ExpHAZOP
Knowledge-based expert system
Inference engine
optHAZOP

1. Introduction
Process Hazard Analysis (PHA) ensures equipment safety and
identies the possible hazards that may arise as a result of equipment malfunctions and deviations of process variables (temperature, pressure, etc.) from normal operation. PHA uses different
techniques such as fault tree analysis, event tree analysis, whatif
analysis, and Hazard and Operability (HAZOP) analysis. HAZOP is
a qualitative analysis and is used primarily for hazard identication
of a process plant before the setting up of equipment in the design
stage (Khan & Abbasi, 1997a; Knowlton, 1997; Lawley, 1974;
McKelvey, 1988; Sweeny, 1993). This is achieved using Piping and
Instrumentation Diagrams (P&IDs), commonly referred to as Engineering Flow Diagrams (EFDs) that cover every vessel, conduit,
valve and all control equipment in a process facility. To conduct
a HAZOP analysis, a P&ID is divided into different sections known as
study nodes. A group of experts conducts brainstorming activities
within each study node. These experts are helped by guide words,
which enable them to cover all possible malfunctions of a plant in
a systematic way. The guide words often used are NONE, LESS,
MORE, etc. When these guide words are applied to the process
variables (temperature, pressure, etc.) in any unit of a plant, one

* Corresponding author.
E-mail address: khan@mun.ca (F. Khan).

gets the corresponding process variable deviations such as MORE

PRESSURE, MORE TEMPERATURE, NO FLOW, etc. These deviations
are used for detailed and focused HAZOP analysis.
In many process facilities, HAZOP analysis is conducted manually. The results of such studies remain in paper form. As a result,
important data are lost over time. Furthermore, the team members
performing the analysis may become unnecessarily tied up with
the system complexities and may lose their focus. To overcome
these limitations, automated HAZOP analysis can be applied to
improve the following areas:
 signicant saving of human effort and manpower cost by
reviewing the most commonly occurring fault conditions;
 integration of knowledge of the commonly occurring scenarios
in a current HAZOP study to be applied for future HAZOP study;
 standardization of the HAZOP study process by automatically
recalling process parameters and reviewing the results;
 easier tracking of the study through the automation of
commonly generated scenarios making the study more
focused.
A few tools and approaches, as described in the next section,
have been developed in the past for automating the HAZOP analysis. This paper aims to overcome some of the constraints of the
previous tools using a new tool: ExpHAZOP. ExpHAZOP performs
automated HAZOP analysis using a unique fault propagation

0950-4230/$ see front matter Crown Copyright 2009 Published by Elsevier Ltd. All rights reserved.
doi:10.1016/j.jlp.2009.01.008

374

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

approach. It further uses a knowledge-base to retrieve relevant

causes and consequences for an operation or equipment failure.
The overall methodology for ExpHAZOP is described in the
subsequent sections and illustrated using a simple case study.
2. Past tools for automated HAZOP analysis
Parmar and Lees (1987a, 1987b) used a fault propagation
approach to perform automated HAZOP analysis, and applied it to
the hazard identication of a water separation system. They represented the knowledge of each process unit using qualitative fault
propagation equations and event statements for the initiation and
termination of faults. The system was implemented using Fortran77
and Prolog. The system was efcient in identifying immediate causes
and consequences, but had limited effectiveness in propagating
deviations. Also, the existing technology was not exible enough for
the derivation of information from the knowledge-base.
Waters and Ponton (1989) attempted to automate HAZOP
analysis using a quasi-steady state qualitative simulation approach.
The system was developed in Prolog and implemented on a Sun 3/
50 workstation. The resulting system was time consuming even for
a simple HAZOP analysis and was considered limited for practical
application.
A rule-based (ifthen) expert system prototype called HAZOPEX
was developed using the korn shell by Karvonen, Heino, and Suokas
(1990). In HAZOPEXs system, the knowledge-base consisted of the
information on the structure of the process system, and rules for
searching for causes and consequences. The rules in this system
depended on the structure of the process. Thus, an increase in the
number of processes increases the number of rules which reduces
the generality of the system. Furthermore, the identication of
abnormal causes was emphasized more than the consequences.
Nagel (1991) developed an inductive and deductive reasoningbased approach for automatically identifying hazards in chemical
plants caused by any hazardous reactions. This analysis consisted of
only those hazards that have the possibility of causing chemical
reactions in chemical plants. Thus, the approach was limited to only
one type of hazard.
Chae, Yoon, and Yoon (1994) have developed a rule-based
expert system for HAZOP study. Although it incorporates six
different equipment types, the knowledge-base consists of limited
deviations, causes and consequences. Furthermore, it does not take
into account the fault propagation from one unit to another and
some of the relevant equipment types were omitted.
Catino and Ungar (1995) developed a prototype for automated
HAZOP analysis called Qualitative Hazard Identication (QHI). QHI
works by exhaustively positing possible faults, automatically
building qualitative process models, simulating them, and checking
for hazards. Some HAZOP analyses using QHI took seconds while
others took days (Catino & Ungar, 1995). Some of the faults generated using QHI exhausted the memory of the Sun SparcStation
being used. As a result, its industrial application was very limited.
Venkatasubramanian and Vaidhyanathan (1996) have developed a knowledge-based expert system. This is by far the most
comprehensive system developed to date and has been applied
successfully in an industrial chemical plant. The system was
developed in object-oriented architecture with the G2 expert shell
system. However, the system requires signicant memory, which
restricts its use to large machines, and the knowledge-base creation
is very complex and is not accessible to users for modication.
Suh, Lee, and Yon (1997) developed a knowledge-based prototype expert system using C. The system consists of three
different knowledge-bases: the unit knowledge-base, the organizational knowledge-base and the materials knowledge-base.
Deviation, malfunction and accident analysis algorithms were used

to develop the system. The models of some process units such as

pipes and control valves were developed while others, however,
were left incomplete.
Khan and Abbasi (1997b) proposed a knowledge-based software
tool called TOPHAZOP for automated HAZOP analysis. The knowledge-base consists of two main parts: process-specic and processgeneral knowledge. The process-specic knowledge has been
classied in two main groups: objects (process unit) and their
attributes, and causes and consequences. The objects are developed
in a frame structure with attributes, while causes and consequences
are developed in rule networks attached to the frame. The generic
knowledge in this tool is classied in two ways: generic causes and
generic consequences.
EXPERTOP, the follow-up tool to TOPHAZOP, was developed by
Khan and Abbasi (2000). This was coded in the visual C environment. One of the main features of this tool was a revised knowledgebase. The revised knowledge-base has four main features: general
process causes, general process consequences, process-specic causes, and process-specic consequences. One of the serious limitations
of EXPERTOP was the inability to propagate a deviation to all downstream units for possible causes and consequences.
Khan (2005) proposed a modied framework for automated
HAZOP analysis. The algorithm of this expert system consists of
three different modules: inference engine module, knowledge-base
module, and graphical user interface (GUI) module. The GUI is used
for drawing P&IDs of a process system, and the inference engine of
this system acts as a coordinator of the GUI and the knowledgebase system. However, this expert system lacks a fault propagation
mechanism required for extracting the recommended causes and
consequences of process systems under study.
Even as each of these attempts has added to the precision and
sophistication in automating HAZOP, a great deal remains to be
done. For example, the following limitations persist:
 the knowledge-bases for most of the systems are tied to
a single process. Hence, the knowledge-base of one process is
completely unrelated to the knowledge-base of another
process;
 the study node encompasses only a single piece of equipment;
 the acquisition of knowledge is limited to only four types of
equipment (except the system of Chae et al. (1994) which
handles six types of equipment);
 there is no direct avenue to study fault propagation (deviation
propagation) from one unit to other;
 large volumes of data regarding process and equipment have to
be keyed-in for analyzing a single deviation.
Table 1 shows all the distinguishing features of ExpHAZOP
compared to traditional HAZOP tools.
The current work presents a comprehensive knowledge-based
expert system, with more focus towards offshore oil and gas
industries. Offshore oil and gas industries deal with process
equipment that is unique to the installation. This equipment poses
signicant hazards during operation. Further, as per regulatory
requirements, offshore oil and gas process operations undergo
frequent HAZOP analysis. ExpHAZOP can help to conduct more
economic, efcient and effective HAZOP studies in offshore oil and
gas process plants.
3. optHAZOP
ExpHAZOP has its roots in the optHAZOP (optimum HAZOP)
procedure developed by Khan and Abbasi (1997a). The algorithm
for the optHAZOP procedure is presented in Fig. 1. The main
element of the optHAZOP procedure is a knowledge-based

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

375

Table 1
Features comparison of ExpHAZOP with other traditional HAZOP tools.
HAZOP tool methodology

ExpHAZOP tool

Other traditional HAZOP tools

Graphical user interface

 The study node can be dened by the user as a single

piece of equipment or a set of equipment.
 P&ID of process unit is user dened. The user can arrange
the equipment to generate different process scenarios.

 The study node consists only of a single piece of equipment.

 P&ID of the process unit is application dened.

Knowledge-base system

 Dynamic knowledge-base.
 Dynamic update of the user-dened guide words, causes
and consequences for different sets of equipment.

 Static knowledge-base.
 Update of guide words, causes and consequences
requires an expert.

Inference engine

 The deviation can propagate within the study node.

 The unique fault propagation algorithm helps examine the
effect of deviations to all downstream equipment for
general and process-specic performance.
 The propagation of a deviation provides a logical relationship
between the effects of the deviation through different stages.

 Fault propagation is identied by cause and effect, graph

theory, or through cause/consequence analysis.

software tool that identies all probable deviations in the functioning of a process facility. This knowledge-based software cuts
the total study time by more than 45% by identifying the failures,
hazards and their causes (Khan & Abbasi, 1997a). It also reduces the
expert manpower required in manual HAZOP analysis. This enables
the HAZOP analysis to be performed more economically and
effectively. ExpHAZOP enhances the idea of optHAZOP by propagating the deviation in any number of downstream equipment
items in a given process facility. It also applies the concept of the
knowledge-base described in optHAZOP.
4. Methodology of ExpHAZOPD
The architecture of ExpHAZOP consists of a graphical user
interface (GUI), a knowledge-base and an inference engine. The
Take one unit or
study node at a
moment
Keep this
unit for
conventional
HAZOP

Compare the study

node with unit of
INFORMATION
BASE

No

INFORMATION
BASE

object-oriented architecture of ExpHAZOP is presented in Fig. 2.

This gure demonstrates the interconnection between the three
main components.
4.1. Graphical user interface (GUI)
The GUI consists of an open interface in which users have the
option of drawing P&ID using pre-dened equipment or performing the analysis using user-dened equipment. Each piece of the
equipment is connected to its own knowledge-base. To add new
equipment, the user inputs the equipment graphically along with
the relevant process variables, deviations, and their causes and
consequences. An example of a P&ID representing a process system
on the GUI is shown in Fig. 3.
Once the P&ID is drawn, a study node needs to be dened. In this
application, the study node is represented by a dotted rectangular
region (shown in Fig. 3). The study node encompasses one or more
pieces of equipment. Upon dening the study node and performing
the HAZOP analysis, users have the option to store the analysis for
later use or to generate a report. General functions such as saving,
opening a particular P&ID, and adding captions to the equipment
and lines for identication can also be performed in the GUI.
4.2. Knowledge-base

Is the unit
matching?

The knowledge-base consists of information derived from past

HAZOP analyses related to process operations, process equipment,
operating problems, failure modes, and failure frequencies. It also
includes corrective actions required to reduce the risks of a process
facility. The information is collected using practical industrial case
studies of various offshore oil and gas process facilities.

Analyze the causes and

consequences of the
deviation drawn from
the INFORMATION
BASE

Yes

Apply guide
words

Add or remove causes and

consequences due to special
behavior of unit

Graphical User Interface

(GUI)
Graphical editor to
draw industrial flow
diagram

No

Are all
deviations
over?

Yes

Are all
study nodes
over?

No

User

Input / Output
device

Report generation
(Process general and
specific knowledge)

Yes

Prepare HAZOP
report
STOP
Fig. 1. The optHAZOP methodology (Khan and Abbasi, 1997a).

Inference Engine
Method for finding abnormal causes and
consequences
Method for propagation of deviation

Knowledge Base
Process
Specific
Knowledge

Fig. 2. The architecture of ExpHAZOP.

Process
General
Knowledge

376

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

Knowledge-base
General Process Knowledge

Specific Process Knowledge with Attributes

Equipment

Equipment

Deviation in Parameters

Available User Deviations

Rule Network for General

Causes and Consequences
Suggested Solution for Hazard
Prevention

Rule Network for Specific

Causes and Consequences
Suggested Solution for
Hazard Prevention

Fig. 4. The architecture of the knowledge-based system.

Fig. 3. The graphical user interface.

One of the observations made from previous accident analysis is

that the cause of an equipment failure does not vary signicantly
from one facility to another, although the consequences vary based
on the operating conditions, chemicals involved, and surroundings
of the facility. Therefore, the consequence is a function of the
process type, the process condition, and the chemical in use.
The knowledge-base is characterized by seven different operations commonly present in a process facility. These include:
 mass transfer operation units involving the transfer of one or
more components from one stream to another stream (e.g.
extractor, adsorber, dust collector, electrostatic precipitator,
lter);
 heat transfer operation units involving transfer of heat from one
stream to other streams (e.g. air-cooled exchanger, carbon
block exchanger, shell and tube exchanger, plate and frame
exchanger);
 mass and heat transfer combined units involving both molecular
and heat transfer (e.g. distillation column);
 reaction units involving chemical transformations including
oxidation (e.g. continuous stirred tank reactor, plug ow
reactor, autoclave);
 transportation units involving transfer or movement of chemicals from one place to another (e.g. piping, compressor, pump,
valve);
 storage units storing bulk chemicals (e.g. vessel);
 other physical operations, such as mixing, compression, relief
venting, purging, relief device, etc.
The existing knowledge-base consists of 19 different pieces of
equipment. The pieces of equipment are: adsorber, air-cooled
exchanger, blower, compact heat exchanger, centrifuge,
compressor, cyclone, distillation column, dust collector, electrostatic precipitator, extractor, lter, heat exchanger, piping, pump,
reactor, temperature sensor, temperature controller, and valve.
The architecture of the knowledge-base is shown in Fig. 4 (Khan
& Abbasi, 1997b, 2000). This gure describes the hierarchy or the
organization of the knowledge. The knowledge-base is separated
into process-general and process-specic knowledge. Each piece of
equipment consists of a set of deviations. Each set of deviations
consists of a set of causes. Each cause corresponds to a consequence.
4.2.1. Process-general knowledge
The process-general knowledge is the information that has been
collected over the years for a particular equipment type

independent of the operation it performs. There is no attribute

attached to the equipment. This information consists of equipment
deviations with corresponding generic causes and consequences.
The parameters associated with process-general knowledge are:
(1)
(2)
(3)
(4)

equipment and their capacities;

physical state of the chemicals;
characteristics such as ammability, toxicity, etc;
physical and chemical properties of chemicals such as
vapor pressure, heat of combustion, etc.

4.2.2. Process-specic knowledge

Process-specic knowledge is the additional knowledge
provided by an expert or HAZOP team (henceforth referred to as
expert) using ExpHAZOP. Upon identifying the plant operations
and the corresponding equipment, the expert adds specic attributes and knowledge as well as additional equipment required to
perform the operation. Process-specic knowledge varies from
plant to plant and depends on the type of operation performed in
the plant. The knowledge-base for process-specic units is implemented in the form of objects and rule networks (Khan & Abbasi,
1997b). Objects are developed using frame structures with
attributes, whereas causes and consequences are developed using
an ifelse rule network. The attributes associated with specic
knowledge-bases consist of:
(1)
(2)
(3)
(4)
(5)
(6)
(7)

types of operation;
equipment (operational units);
operating conditions;
atmospheric conditions;
chemicals in use and their properties;
inventories of chemicals in use;
interaction among different units.

4.3. Inference engine

The inference engine is an intermediary between the knowledge-base and the GUI. It acts as a search engine, which searches
the causes and consequences for the user-selected deviations
throughout the study node. The inference engine uses the fault
propagation algorithm to propagate a deviation and to identify its
causes and consequences.
Once a user draws the P&ID and selects the study node, the
inference engine is used to perform a search within each piece of
equipment in the study node. This search is performed-based on
the user-specied deviation for both process-general and process-

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

specic knowledge. After the user chooses the starting and the
ending equipment along with the deviation, the deviation can
propagate all the way downstream or to the last piece of equipment
specied by the user. If the knowledge-base does not have the
information for the user-chosen deviation of a specic piece of
equipment, then that equipment does not produce any output.
However, as a result of propagation, the next equipment item that
might have that deviation in its knowledge-base will generate an
output. In the end, the output result identies all the possible
causes and consequences that might result in the failure of equipment due to the user-dened deviation. The fault propagation
algorithm used to identify these deviations is described in the next
section.

377

Start

Select the study node to

perform HAZOP analysis
Select the starting and ending unit and
initialize process variable deviation
For each
equipment
between
start and end

Select the deviation to be applied

5. Fault propagation algorithm

The central idea of fault propagation is not based on any
particular propagation equation or event statement but on the
basic assumption that faults can propagate through pipelines that
are connected to the pieces of equipment. A fault can be in the form
of an increase or decrease in a process parameter such as the set
temperature, pressure, or ow that is designed to perform an
operation in a process facility. Moreover, all pieces of equipment
and pipes also have a set temperature and pressure; above or below
these set temperatures or pressures, an accident may occur. When
this capacity is exceeded due to an anomaly in the process facility,
there is a possibility that the deviation can propagate from one
piece of equipment to another. However, to perform a HAZOP
analysis based on this consideration, it is important to identify all
the connecting equipment and pipelines in the analysis.
Furthermore, the knowledge associated with all the equipment
in the P&ID in terms of the causes and consequences of such
deviations is also required. The knowledge-base required and the
inference engine performing the search have been described in
Sections 4.2 and 4.3, respectively. The fault propagation algorithm
uses the knowledge-base to generate the output results based on
the input deviation and equipment arrangement in the P&ID. Fig. 5
shows the fault propagation algorithm for ExpHAZOP. In earlier
studies, the developed fault propagation algorithms for HAZOP
analysis performed only a forward search to nd the causes of the
deviation and then a backward search to nd the consequences as
a result of a deviation. The algorithm in ExpHAZOP combines both
forward and backward search techniques for nding the connectivity of all pipes and equipment and extracting the causes and
consequences of deviation for each piece of equipment. This allows
propagation of the deviation for the identied fault to all downstream units.

NO

Is the
deviation
processspecific?

Is the
deviation
processspecific?

NO

YES

YES
Apply propagation
method to identify
general causes and
consequences

Apply propagation
method to identify
specific causes
and consequences

NO

Is this the last

equipment?
YES
End

Fig. 5. Fault propagation algorithm for ExpHAZOP.

a user needs to provide the equipment gure data and input

parameter. The equipment data is updated to the knowledge-base.
6.3. Selection of study node

The algorithm for HAZOP analysis implemented in ExpHAZOP

comprises the following steps.

ExpHAZOP has the extended capability to perform HAZOP

analysis on more than one piece of equipment dened in the study
node. The study node is selected by the user to perform the HAZOP
analysis. All equipment and pipes are entered in a data structure to
identify the connectivity of the equipment and pipes inside the
study node. Only the pieces of equipment inside the study nodes
are considered as the starting and ending points of analysis.

6.1. Development of P&ID

6.4. Performing HAZOP analysis

The piping and instrumentation diagram (P&ID) varies from one

process facility to another. In order to perform the HAZOP analysis,
the user must have all equipment data. The HAZOP analysis may be
performed on connected equipment as well as on individual
equipment.

This step involves selecting the starting and ending equipment

for which HAZOP analysis is to be performed. The process variable
deviation applied to all equipment during the deviation propagation is also selected in this step. The deviation propagation algorithm described in Fig. 5 is applied at this step.

6.2. Selection of process-general and process-specic equipment

6.5. Selection of path for HAZOP analysis

The process-general equipment is already available as menu

buttons on the GUI. In the case of the process-specic equipment,

There can be more than one possible path from the starting
equipment to the ending equipment. This path is sorted out once

6. HAZOP analysis with ExpHAZOPD

378

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

the user enters the starting and ending equipment for HAZOP
analysis. If there is more than one path, then all the paths are
shown to the user so that the user can choose a specic path for
HAZOP analysis. The equipment knowledge-base is accessed for all
equipment present in the selected path. The user performs the
desired analysis on the selected path.
6.6. Report generation
In this step, the nal result of the analysis is a report formatted
in Microsoft Word. The results of the analysis can be used by an
expert for audit or review purposes. This enables a given HAZOP
analysis to be more focused and less time consuming.
Fig. 7. Starting and ending equipment selection for HAZOP analysis.

7. Case study
The case study involves a HAZOP study of a hot nitric acid
cooling process system. The hot nitric acid cooling process was rst
studied by Lapp and Powers (1977) and subsequently used by Wang
(2004) in his doctoral thesis for fault tree analysis. As this is a welltested and widely discussed study, it has been used to test and
validate ExpHAZOP in the current work.
7.1. Process description
The P&ID of the hot nitric acid cooling process is shown in Fig. 6.
The nitric acid in this process is rst cooled in the heat exchanger.
The water owing through the pump is used to cool and control the
temperature of the hot nitric acid through the heat exchanger.
Valve 1 regulates the ow of hot nitric acid to the heat exchanger.
After sensing the temperature, the temperature controller sends
a signal to valve 2 to maintain water ow. This keeps the hot nitric
acid at a desired temperature. The cold acid is then nally sent to
the reactor to react with benzene to form nitrobenzene. The functions of each piece of equipment shown in Fig. 6 are described
below:
(1) valve 1 (V1): regulates the ow of hot nitric acid into the
heat exchanger;
(2) pump (PU): maintains the circulation of water and supplies
the water to the heat exchanger;
(3) heat exchanger (HE): lowers the temperature of the hot
nitric acid using the water supplied by the pump;

Fig. 6. P&ID for the nitric acid cooling process.

(4) valve 2 (V2): regulates the ow of water entering the heat

exchanger from the pump;
(5) temperature sensor (TS): detects the temperature of the
nitric acid and sends a signal to the temperature controller
if the desired temperature is not maintained;
(6) reactor (REA): assists the reaction between nitric acid and
benzene to obtain nitrobenzene. The reaction must take
place at a specied temperature and pressure. High
temperature or pressure in the nitric acid reactor feed could
cause a reactor runaway.
HAZOP analysis is performed by using ExpHAZOP on the nitric
acid plant in accordance with the steps described in Section 5.
7.1.1. Development of P&ID
A P&ID (Fig. 6) is drawn according to the above process
description using the ExpHAZOP graphical user interface. The
equipment used in this case are valves, pump heat exchanger,
temperature sensor, temperature controller and reactor.
7.1.2. Selection of process-general and process-specic equipment
All pieces of equipment used in this case study are classed as
process-general because the data for this equipment are already
available in the knowledge-base.
7.1.3. Selection of study node
The study node is marked as a dotted rectangle in Fig. 6. Control
of the temperature of hot nitric acid within the reactor is required
to run the process facility within safe limits. Excessive heat in the
reactor is caused by the high ow of hot nitric acid through valve 1.
The study node is thus marked from valve 1 to the reactor for this
case study.

Fig. 8. Path selection for HAZOP analysis.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

379

Table 2
Results of the HAZOP analysis by ExpHAZOP.
Item
Valve1
Valve1
Heat exchanger
Heat exchanger
Heat exchanger
Heat exchanger
Temperature sensor
Temperature sensor
Temperature sensor
Reactor
Reactor
Reactor
Reactor

Connect. equip.

Deviation

From equipment
From equipment
From equipment
From equipment
From equipment
From equipment
From equipment
From equipment
From equipment
From equipment
From equipment

More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature
More temperature

V1 pipe 1
V1 pipe 1
V1 pipe 1
V1 pipe 1
HE pipe 2
HE pipe 2
HE pipe 2
TS pipe 3
TS pipe 3
TS pipe 3
TS pipe 3

from
from
from
from
from
from
from
from
from
from
from
from
from

V1
V1
V1
V1
V1
V1
V1
V1
V1
V1
V1
V1
V1

Causes

Consequences

Too hot supply of nitric acid

Valve 1 stuck
Internal fouling occurs
Large external temperature
External re
Valve 2 stuck
Sensor improperly operating
Temperature sensor stuck
Temperature sensor failure
Heat exchanger failure
Hot nitric acid owing
Pump failure
Temperature sensor/controller failure

Flow rate increase

Heat exchanger temperature increase
Reactor too hot (reactor runaway)
Excess ow from pump
Equipment/instrument damage
Temperature control failure
High temperature in cooler
Improper cooling
Pump load increase
Reaction temperature increase
Reactor runaway
Reactor rupture
Exceed design temperature and pressure

7.1.4. Performing HAZOP analysis

In this case study, valve 1 is selected as the starting equipment
and the reactor is selected as the ending equipment. More
Temperature is chosen as the deviation to be propagated from
valve 1 to the reactor. This is done because the analysis is being
performed for the causes and consequences of deviation due to the
increase of temperature for hot nitric acid. The input to perform
HAZOP analysis with ExpHAZOP for the case study is shown in
Fig. 7.

potential causes along with secondary causes (temperature sensor

failure, temperature controller failure, and reaction temperature
increase to supply hot nitric acid into the reactor). The report
generated in Table 2 by ExpHAZOP also shows the possible causes
and consequences (valve stuck, internal fouling in heat exchanger,
improper temperature sensing) for other equipment in the process.
It may be observed that ExpHAZOP provides an in-depth analysis
of causes and consequences through a qualitative assessment at the
stage when quantitative tools such as FTA have limited application.

7.1.5. Selection of path for HAZOP analysis

This particular ExpHAZOP analysis of the nitric acid plant
generates one path from valve 1 to the reactor, which is shown in
Fig. 8. Each piece of equipment is represented by its symbols (e.g.
valve 1 is represented by V1, heat exchanger by HE, etc.). The
connecting pipes within the equipment are labeled by the user at
the time they are entered in the P&ID.

8. Conclusion

7.1.6. Report generation

The results for the deviation propagation of More Temperature are shown in Table 2. As valve 1 has no connecting equipment,
the appropriate cells are left blank in Table 2.
7.2. Results of ExpHAZOP analysis
Lapp and Powers (1977) and Wang (2004) used the Fault Tree
Analysis (FTA) technique to identify and quantitatively analyze the
causes of supplying hot nitric acid to the reactor in a nitric acid
cooling facility. Wang (2004) found a set of important basic causes
(temperature sensor failure, temperature controller failure, and
a large external re) resulting in hot nitric acid being fed into the
reactor, along with their probability of occurrence (quantitative
results). ExpHAZOP analysis identied the same causes (without
quantitative results) and also the potential consequences of the
conditions.
As mentioned earlier, ExpHAZOP has been embedded with
a fault propagation algorithm which extends its ability to map the
logical sequence of basic causes leading to an unwanted condition
in a process facility. Therefore, ExpHAZOP serves two purposes:
rst it identies the logical sequence of basic causes for a deviation;
second it identies the ultimate consequences of the deviation
(impact of deviation in one unit on others). Both of these assessments are qualitative, unlike FTA which is quantitative. Adding fault
propagation in the HAZOP procedure provides a more in-depth
analysis of hazard identication at an early stage of a process
facility when FTA is not generally feasible to apply due to limited
available data or imprecise data.
After comparing the results of FTA and ExpHAZOP for the same
case study, it is observed that ExpHAZOP identied the same

An expert tool, ExpHAZOP, has been developed to conduct

automated HAZOP analysis using a knowledge-based expert
system. The aim of the ExpHAZOP tool is to integrate the expert
knowledge-base with an efcient fault propagation algorithm,
which can signicantly reduce the expert time and effort and
manpower cost, thus improving the effectiveness of automated
HAZOP analysis by reducing repetitive work. The study node
selection of ExpHAZOP enhances the users exibility to analyze
process scenarios through which a deviation may propagate; the
corresponding causes and consequences may thus be identied.
Finally, to implement the developed ExpHAZOP framework into
a tool, this work uses software engineering methodologies in every
stage of its implementation, including the design of the architecture, development of the code base, and testing of the software. The
developed ExpHAZOP tool has the following features compared to
previous automated tools.
(1) Enhanced graphical user interface: requires minimum
expertise by a user to perform HAZOP analysis for any
process plant.
(2) Method of identifying a study node: allows a user to draw
study nodes consisting of a single piece of equipment or
a process consisting of multiple pieces of equipment.
(3) Dynamic knowledge-base: allows a user to update knowledge as an addition to the existing knowledge.
(4) Fault propagation algorithm: identies the causes and
consequences for all downstream equipment due to an
unwanted event upstream.
(5) Report generation: automatically generates the output
report for HAZOP analysis.
Acknowledgement
The authors acknowledge with gratitude the nancial support
provided for this project by Petroleum Research Atlantic Canada
(PRAC). Special thanks are extended to Mr. Refaul Ferdous for
helping to prepare the manuscript.

380

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373380

References
Catino, C., & Ungar, L. H. (1995). Model based approach to automated hazard
identication of chemical plants. American Institute of Chemical Engineering
Journal, 41, 97109.
Chae, H., Yoon, Y. H., & Yoon, E. S. (1994). Safety analysis using an expert system in
chemical processes. Korean Journal of Chemical Engineering, 11, 153161.
Karvonen, I., Heino, P., & Suokas, J. (1990). Knowledge-based approach to support
HAZOP studies. Technical Research Center of Finland. Research Report.
Khan, F. I. (2005). Knowledge-based expert system framework, systems, management, and cybernetics. IEEE International Conference, 3, 22742280.
Khan, F. I., & Abbasi, S. A. (1997a). OptHAZOP an effective and optimum approach
for HAZOP study. Journal of Loss Prevention in the Process Industries, 10, 191204.
Khan, F. I., & Abbasi, S. A. (1997b). TOPHAZOP: a knowledge-based software tool for
conducting HAZOP in a rapid, efcient yet inexpensive manner. Journal of Loss
Prevention in the Process Industries, 10, 333343.
Khan, F. I., & Abbasi, S. A. (2000). Towards automation of HAZOP with a new tool
EXPERTOP. Environmental Modelling and Software, 15, 6777.
Knowlton, R. E. (1997). The widespread acceptability of hazard and operability
studies. In K. V. Raghvan, & G. Sawminathan (Eds.), Hazard assessment and
disaster mitigation. New Delhi: Oxford & IBH Publishing Company Pvt. Ltd.
Lapp, S. A., & Powers, G. J. (1977). Computer aided synthesis of fault trees. IEEE
Transactions Reliability, R26, 212.

Lawley, G. (1974). Operability studies and hazard analysis. Chemical Engineering

Progress (Loss Prevention), 70, 4555.
McKelvey, C. (1988). How to improve the effectiveness of hazard and operability
analysis. IEEE Transactions Reliability, 37, 167170.
Nagel, C. J. (1991). Identication of hazards in chemical process systems. Ph.D.
Thesis, USA, MIT.
Parmar, J. C., & Lees, F. P. (1987a). The propagation of faults in process plants: hazard
identication. Reliability Engineering, 17, 277302.
Parmar, J. C., & Lees, F. P. (1987b). The propagation of faults in process plants: hazard
identication for a water separator system. Reliability Engineering, 17, 303314.
Suh, J. C., Lee, S., & Yon, E. S. (1997). New strategy for automated hazard analysis of
chemical plant, part 1 & 2. Journal of Loss Prevention in the Process Industries, 10,
113134.
Sweeny, J. C. (1993). ARCO chemicals HAZOP experience. Process Safety Progress, 12,
8390.
Venkatasubramanian, V., & Vaidhyanathan, R. (1996). Experience with an expert
system for automated HAZOP analysis. Computers and Chemical Engineering, 20,
15891594.
Wang, Y. (2004). Development of a computer-aided fault tree synthesis methodology for quantitative risk analysis in the chemical process industry. Ph.D.
Thesis, USA, Texas A & M.
Waters, A., & Ponton, J. W. (1989). Qualitative simulation and fault propagation in
process plants. Chemical Engineering Research & Design, 67, 407422.