Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376

Contents lists available at ScienceDirect

Process Safety and Environmental Protection

journal homepage: www.elsevier.com/locate/psep

Inherent risk assessment—A new concept to evaluate risk

in preliminary design stage

Azmi Mohd Shariff ∗ , Chan T. Leong

Process Safety Research Group, Department of Chemical Engineering, Universiti Teknologi PETRONAS, 31750 Tronoh, Perak, Malaysia

a b s t r a c t

Quantitative Risk Assessment (QRA) has been a very popular and useful methodology which is widely accepted
by the industry over the past few decades. QRA is typically carried out at a stage where complete plant has been
designed and sited. At that time, the opportunity to include inherent safety design features is limited and may
incur higher cost. This paper proposes a new concept to evaluate risk inherent to a process owing to the chemical
it uses and the process conditions. The risk assessment tool is integrated with process design simulator (HYSYS) to
provide necessary process data as early as the initial design stages, where modifications based on inherent safety
principles can still be incorporated to enhance the process safety of the plant. The risk assessment tool consists of two
components which calculate the probability and the consequences relating to possible risk due to major accidents. A
case study on the potential explosion due to the release of flammable material demonstrates that the tool is capable
to identify potential high risk of process streams. Further improvement of the process design is possible by applying
inherent safety principles to make the process under consideration inherently safer. Since this tool is fully integrated
with HYSYS, re-evaluation of the inherent risk takes very little time and effort. The new tool addresses the lack of
systematic methodology and technology, which is one of the barriers to designing inherently safer plants.
© 2009 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.

Keywords: Quantitative Risk Assessment; Inherent risk; Inherent safety; Consequence estimation; Inherently safer
design

1. Quantitative Risk Assessment (QRA)
Quantitative Risk Assessment or commonly known as QRA
has gained a wide acceptance as a powerful tool to identify and
assess the significant sources of risk and evaluate alternative
risk control measures in chemical process industries. QRA is
a part of Process Safety Management System (CCPS, 2000) and
considered as a valuable tool in decision-making processes,
to communicate among the experts involved, to quantify
opinions and to combine them effectively with available sta-
tistical data. Shell International Exploration and Production
B.V. (1995) views this technique as a systematic approach
to identify hazards, potentially hazardous events and esti-
mate likelihood and consequences to people, environment
and assets, of incidents developing from these events. Lees
(1996) in his review of various studies, concluded that QRA is
an element that cannot be ignored in decision making about
risk as it is the only discipline capable of enabling a num-
ber to be applied and comparisons to be made in quantitative
manner.
Many governments and local authorities require industries
which are hazardous in nature to produce a document to
demonstrate that risks are as-low-as-reasonably-practicable
(ALARP). In the UK, the QRA found its principal application in
process industries safety cases (Lees, 1996). In Malaysia, the
industries classified as Major Hazard Installation as defined
by the Control of Industrial Major Accident and Hazards
(CIMAH) Regulations, 1996, are required to submit a written
Safety Report to the Director General at least 3 months before
commencing the industrial activity (or before introducing haz-
ardous substances into the plant). QRA is a component of
the Safety Report and it can be prepared using any suitable
method (International Law Book Services, 2000).
Lees (1996) noted that there are considerable variations
between one QRA to another mainly due to the specific prob-
lems they try to address and the boundaries of the problems.

∗
Corresponding author. Tel.: +60 05 3687570; fax: +60 05 3656176.
E-mail address: azmish@petronas.com.my (A.M. Shariff).
Received 15 September 2008; Received in revised form 24 April 2009; Accepted 14 August 2009
0957-5820/$ – see front matter © 2009 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
doi:10.1016/j.psep.2009.08.004
372 Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376

Arising from such factors, Shell International Exploration and difference is the stage when the methods are applied. Tra-
Production (1995) noted QRA studies can take between 40 and ditional QRA is applied after a detailed engineering design
1500 manhours depending on the level of details. Despite has been completed when Process & Instrumentation Diagram
the manhours spent, it is important to understand that the (P&ID) is fully available. QRA also takes into considera-
methods like QRA cover only specific elements of the aspects tion the historical site-specified weather condition and plant
involved in the safety of a plant. layout. In contrast to this, the IRA technique that was
CCPS (2000) established a general guideline for QRA. Indi- developed in this research can be used as early as pro-
vidual organizations and companies may have procedures cess simulation begins during the preliminary design stage
that are specific to their respective needs. Generally for a QRA in parallel with the selection of process route and develop-
to be meaningful, it is carried out after significant process ment of heat and material balances. Unlike QRA, the IRA
design and main equipment layout tasks have been com- does not account for safety control measures such as pro-
pleted. cedures and instrumented protective functions. It merely
reflects the inherent risk due to the inherent properties
of the chemicals involved and process conditions of the
2. Inherent risk assessment (IRA)
design.
Owing to the different timing that the two assessments are
From the above deliberation, it has been observed that by the
carried out, the results are used for different purposes. More
time QRA is carried out, much of the design work has been
often than not, QRA results are used for reasons presented in
completed. For example, equipment layout has been deter-
Section 1 above, while results for IRA can be used to provoke
mined and to a large extent, some already have the operating
design modifications for inherently safer design options dur-
philosophy been set. At this juncture, one of the most com-
ing process simulation stages. Process design engineers have
mon methods to mitigate risk and its consequences is by
considerable flexibility to improve the design in simulation
means of adding protection devices such as instrumented pro-
stage as the manhours and cost to do so are relatively small.
tective functions or mechanical protection devices such as
IRA results are suitable to be used as a quantitative method to
relief valves, etc. These protective measures which are added
screen processes and provide judgments for design improve-
late in the design often require regular preventive mainte-
ments at early design stage.
nance to detect revealed failures. The preventive maintenance
Since QRA exercise is very extensive in nature and requires
throughout the life of the plant, adds to the operating cost as
significant amount of time to produce; only few selected cred-
well as necessitating repetitive training and documentation
ible cases are studied and documented. Due to the lack of
upkeep. The lifetime preventive maintenance coupled with
integration between risk assessment software and process
good plant operation and management could prevent catas-
design simulator, all the information for process conditions
trophic events. Even though the added protective functions
needs to be manually transferred. The IRA can be effectively
can reduce the risk, the hazards still exist.
implemented using risk models if it is fully integrated with
In order to detect hazards proactively early in the design
process design simulator such as HYSYS. Data is automatically
stage and to allow for the opportunity to proactively reduce
transferred from the process design simulator to the risk mod-
their magnitude or likelihood of occurrence, this paper pro-
els hence reducing the chances of error. With the integrated
poses a new concept to evaluate inherent risk. This technique
model, inherently safer design options can be quickly eval-
is possible by utilizing the integrated risk quantification tool
uated in a short time. For instance, inherent risk before and
with process design simulator. With the integration, process
after pressure modification of a unit operation can be promptly
design engineers can assess the risk which is inherent to their
assessed. Due to the different requirements and purpose, IRA
design from the beginning of the design stages. With the early
cannot be used to replace QRA but they are meant to comple-
detection, proactive measures to eliminate or minimize risk
ment each other and are used in different timing along with
based on inherent safety principles can be implemented. This
the process design stages. Table 1 summarizes key distinction
new concept is named as inherent risk assessment (IRA) which
between QRA and IRA.
adopts similar approach to the conventional QRA for easy
The inherent risk level calculated by IRA needs to be pre-
adaptation by the industries.
sented in a comprehensive and easily understood manner to
Inherent safety is a proactive approach for hazard/risk
promote its adoption by the industries. Since the 3-region FN
management during process plant design and operation.
curve has commonly accepted criteria against which the result
Inherent safety aims to reduce or eliminate the root causes
of a QRA is judged, the same concept is used in IRA to repre-
of the hazards by modifying the design (hardware, controls,
sent the inherent risk. A 3-region FN curve based on Malaysian
and operating conditions) of the plant itself instead of rely-
limits is shown in Fig. 1. However, for IRA, a slight modifica-
ing on additional engineered safety systems and features, and
tion is proposed in which the FN curve uses only two regions
procedural controls which can and do fail. Kletz (1991) for-
instead of three regions. It can be noted that the region below
malized several principles defining inherent safety (IS) which
the diagonal line in Fig. 2 covers the two regions on “Tolerable
include intensification, substitution, attenuation, simplifica-
if ALARP” and “Tolerable” of Fig. 1. These two regions are not
tion, limitation of effects and error tolerance. Inherent safety
separately represented in an IRA result because during this
has become an important aspect and is recognized as the best
stage, safety measures and control mechanisms are not yet in
method to design a plant safe for operation while minimizing
place to reduce risk to ALARP.
impact to the environment and health.
Fig. 2 is developed based on the numerical limits dividing
intolerable and tolerable regions set by the Malaysian author-
2.1. Similarity and comparison with QRA ities. Should the inherent risk of a process route fall above the
top diagonal line, then it is clear that the route is not accept-
Even though IRA adopts the structured approach from QRA, able unless subsequent modifications can bring it below the
the two methodologies have fundamental differences. The key line. For designs that have risk level below the line initially,
 Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376 373

Table 1 – Comparison between QRA and IRA.

Criteria QRA IRA

Stage to be applied After completion of detailed engineering design During preliminary design/simulation stage
Purpose To demonstrate or prove “safety case” as required by To proactively identify risk inherent to the design
regulatory agencies and guide its reduction by adopting inherent safety
principles
Regulatory requirements Required by regulatory agencies, for example Presently, there is no regulatory requirement
Department of Occupational Safety & Health in
Malaysia and the Health and Safety Executive in the
UK
Information required Process & instrumentation diagrams (P&ID), detailed Simulation data and predicted piping and
historical weather data equipment sizing
Scenario Only few credible scenario to be studied in detail Basic scenario such as pipe or equipment leak
Duration of analysis Relatively long. Ranging from 40 to 1500 manhours Relatively quick as it is carried out in parallel with
simulation work
Result representation 3-Region frequency–number (FN) curve 2-Region frequency–number (FN) curve

there is still room for further improvement, again by adopting

the principles of inherent safety.

2.2. Determination of inherent risk during design

stage

CCPS (2000) defines risk as a measure of human injury, envi-

ronmental damage or economic loss in terms of both the
incident likelihood and the magnitude of the loss or injury. The
Health and Safety Executive UK (2001) refers risk as the chance
that someone or something that is valued will be adversely
affected in a stipulated way by the hazard. Wentz (1999) once
proposed risk as a mathematical function as follows:

Risk = f (probability or frequency, consequences) (1)

From the above definitions, it can be concluded that in one

Fig. 1 – Malaysian FN curve (DNV, 1993).
way or another, risk has components of probability (uncer-
tainty) of the event and consequences (effects) resulting from
the event. It may be difficult to precisely quantify the risk
parameters, e.g. consequences of an explosion, so they must
be estimated by adopting a systematic approach as described
in detail by Crowl and Louvar (1990) in their work.
In order to estimate risk, consequences and probability
models developed in MS Excel are used. This spreadsheet
based tool is integrated with process design simulator, HYSYS
for seamless transfer of process data for quick and efficient
estimation of risk. The technique behind the integration has
been deliberated by Mohd Shariff et al. (2006). The same paper
also provided examples of estimation of consequences due
to explosion from process streams. The early quantification
of explosion consequences was used as a guide to determine
location of control building. The concept was extended by
Leong and Mohd Shariff (2008, 2009) to include inherent safety
index module for quantification of inherent safety level. It
was shown that the process conditions can be improved at
the simulation design stage to produce a safer process plant.
The same concept is expanded in this paper to include the
probability component thus allowing risk estimation as per
Eq. (1).

2.3. The integrated explosion event tree

This paper has been customized to demonstrate the risk due to

explosion hence the spreadsheet has been developed to deter-
mine probability of an explosion event and consequences
Fig. 2 – FN curve to represent inherent risk. should such event occur. This section describes the probability
374 Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376
Fig. 3 – ETA for potential explosion due to the release of flammable gas from pipe rupture.
model used in the IRA for the selected case study illustrated
in this paper.
The two most popular methodologies to determine proba-
bility of accident are Event Tree Analysis (ETA) and Fault Tree
Analysis (FTA). In this work, the ETA is chosen over FTA due
to its advantages in modeling events like explosion, which are
sequential in nature. FTA implies sequence of event as irrele-
vant and has less obvious logic (Smith, 2003) compared to ETA.
Furthermore, ETA has been used by many authoritative publi-
cations in this area of research including Lees (1996) and CCPS
(2000) to describe fire and explosion events.
In order to ensure consistency in terms of factors being
considered in one case to another, this paper applies the
Event Tree Analysis (ETA) shown in Fig. 3 in all its analyses.
It presents a simplified basis to describe the probability of
an explosion in the event of loss of containment. However,
it is important to note the possibility for mechanisms in any
other explosion case to deviate from the one presented here.
Consistency is important so that various process options and
modifications can be compared on equal basis from the event
sequence aspect leaving only the chemical and process condi-
tion aspects as variables in the IRA. The sequence used in the
ETA blocks in Fig. 3 is unsuitable for modeling of other forms
of hazards.
The frequency and probability data shown in Fig. 3 is only
for illustrative purposes and are based on information in
example described here. It is important to note that during
the simulation stage, the actual sizing of pipe diameter and
length is not yet available. Therefore, a good engineering judg-
ment and estimation is required to determine the length and
diameter to be used in the simulation.
A case of a rupture in a 25 m long 300 mm diameter pipe is
used here as an illustration. Base failure frequency is referred
from database provided by Allen (1998) and CCPS (1989). From
the calculation below, the exposure frequency is expected to
be 2.5 × 10−6 per year.
Exposure frequency = base failure frequency × length
= 1 × 10−7 failure year−1 m−1 × 25 m
= 2.5 × 10−6 per year
Cox et al. (1990) concluded that there is a 0.9 chance for
operator failure to respond within 5 min. The probability of
explosion in Fig. 3 is calculated from Eq. (2), based on data
provided by Withers (1988) on ignition and explosion of leaked
hydrocarbon.
mf 0.4582
Pex = 0.00175 × (0.9999) × (mf )
where
Pex = probability of explosion.
mf = mass of combustible material.
In this illustration, 100 tons of flammable material deter-
mined from HYSYS is used to estimate the probability of
explosion. The probability of the explosion is calculated as
0.15. The frequency of an explosion resulting from an event
due to operator failure to respond and probability of explosion
is 3.4 × 10−7 per year as given in Fig. 3.
2.4. The integrated consequence estimation tool
Following Eq. (1), another component to determine risk is the
consequence aspect. In order to quantify inherent risk, it is
therefore crucial to estimate the consequence of an incident.
An explosion consequence model is developed in a spread-
sheet which is integrated with HYSYS for ease of data transfer
and to reap benefits of the built-in database within HYSYS.
The steps taken to estimate the consequences of an explosion
adopted in the tool are provided in Fig. 4. A detailed explana-
tion of the explosion consequence model used in this tool is
available from Leong (2008).
3. Case study
This case study aims to evaluate inherent risk from all streams
within a simulation of a hydrocarbon fractionation plant. The
simulation is at the initial stage of a design where a series
of distillation columns are used to separate different compo-
nents of hydrocarbons as given in Fig. 5. This simulation has
27 process streams that undergo a screening process to rel-
atively rank streams according to their potential of causing
damages in cases of explosion. The top five streams from that
rank are further analyzed for their respective inherent risk
based on the inherent properties of the chemicals used and
process conditions of the design.
The same potential accident scenario is selected as a
basis to evaluate the inherent risk, which in this case is a
catastrophic rupture of a 300 mm diameter pipe resulting in
hydrocarbon leakage for 1 min. Owing to the different process
parameters such as pressure and composition of each stream,
the amount of hydrocarbon leaked differs. This in turn influ-
ences the probability, the consequence (overpressure) of the
explosion incident and the overall event frequency (F) calcu-
lations. The number of fatality (N) can be obtained by further
(2) assuming that 100 workers are exposed to the hazard due to
 Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376
Fig. 4 – Integrated consequences estimation tool for
explosion study.
the explosion. The number of workers exposed is an arbitrary
assumption in this case study. It is recommended that actual
headcount to be used in the real assessment.
The FN values representing the inherent risk due to explo-
sion for all the top five streams are given in Fig. 6. It is found
that all the calculated risks are below the intolerable region
set by Malaysian definition. It can be interpreted that the
design does not have any streams that breach the Malaysian
FN limits. Therefore, further improvement of the design is
not really required at this juncture. However, further consid-
eration should be given to assess inherent risk due to other
forms of accident such as fire, toxic release, etc. if necessary.
If the evaluated inherent risk is above the intolerable region,
therefore it is necessary to improve the design by applying the
Fig. 5 – Hydrocarbon fractionation plant simulation.
375
Fig. 6 – Example of FN curve for given simulation case.
inherent safety principle. By implementing this new concept
in the design stage, perhaps potential major accidents can be
eliminated or reduced.
As mentioned earlier, the IRA only assesses initial accept-
ability of the design based on safety aspects. It is expected that
as the design progresses with more detail design information
available, more safety features, process control measures and
work procedures will be put in place to ensure risk is as-low-
as-reasonably-practicable (ALARP).
4. Conclusion
This paper proposed and demonstrated a new concept to
quantify risk which is inherent to the process condition and
stream composition early in process design stage. It is done
by means of integration of risk quantification model with pro-
cess design simulator for seamless data transfer thus allowing
early determination of the associated risks. The inherent risk
assessment will allow process designers to proactively con-
sider and implement modification to improve the safety of
the process plant.
376 Process Safety and Environmental Protection 8 7 ( 2 0 0 9 ) 371–376
Acknowledgements
This paper was presented at 23rd CCPS International Con-
ference, 4th Global Congress on Process Safety, AIChE Spring
National Meeting, Ernest N. Morial Convention Center, New
Orleans, Louisiana, 6th–10th April 2008.
References
Allen, D., (1998). Web-Based Process Engineering Risk Calculator.
(accessed 20 February 2007).
http://www.cheque.uq.edu.au/ugrad/theses/1998/DaveA/
index.html
Center for Chemical Process Safety (CCPS)., (1989). Guidelines
Process Equipment Reliability Data with Data Tables. (American
Institute of Chemical Engineers, New York).
Center for Chemical Process Safety (CCPS)., (2000). Guidelines for
Chemical Process Quantitative Risk Analysis (2nd ed.). (American
Institute of Chemical Engineers, New York).
Cox, A.W., Lees, F.P. and Ang, M.L., (1990). Classification of
Hazardous Locations. (Institute of Chemical Engineers, UK).
Crowl, D.A. and Louvar, J.F., (1990). Chemical Process Safety:
Fundamentals with Applications. (Prentice Hall, USA).
DNV, 1993, MLNG Tiga QRA Report, Malaysia.
Health and Safety Executive UK (HSE-UK)., (2001). Reducing Risk,
Protecting People. (HSE’s Decision Making Process, Crown,
United Kingdom).
International Law Book Services., (2000). Occupational Safety and
Health Act 1994 and Regulations and Orders. (International Law
Book Services, Kuala Lumpur, Malaysia).
Kletz, T.A., (1991). Plant Design for Safety—A User Friendly Approach
(2nd edition). (Taylor and Francis).
Lees, F.P., (1996). (2nd edition). Loss Prevention in Process Industries,
vol. 1 (Butterworth Heinemann).
Leong, C.T., 2008, Inherent Safety Intervention Framework, PhD
Thesis, Universiti Teknologi PETRONAS, Malaysia.
Leong, C.T. and Mohd Shariff, A., 2008, Inherent Safety Index
Module (ISIM) to assess inherent safety level during
preliminary design stage. Process Saf Environ Protect,
86(2008): 113–119.
Leong, C.T. and Mohd Shariff, A., 2009, Process Route Index (PRI)
to assess level of explosiveness for inherent safety
quantification. J Loss Prevent Process Ind, 22: 216–221.
Mohd Shariff, A., Rusli, R., Chan, T.L., Radhakrishnan, V.R. and
Buang, A., 2006, Inherent safety tool for explosion
consequences study. J Loss Prevent Process Ind, 19(2006):
409–418.
Shell International Exploration and Production B.V., (1995).
Quantitative Risk Assessment, vol. 3. (Shell International
Exploration and Production B.V, The Hague, Netherlands).
Smith, D.J., (2003). Reliability, Maintainability and Risk (6th ed.).
(Butterworth Heinemann, Great Britain).
Wentz, C.A., (1999). Safety, Health and Environmental Protection.
(McGraw Hill, New York).
Withers, J., (1988). Major Industrial Hazards: Their Appraisal and
Control. (Gower Technical Press, England).