Professional Documents
Culture Documents
APPROVED BY
Signature:
Date: 27.09.2021
Revision Number 03
ACAL ID NA
This document belongs to Sakhalin Energy Investment Company Ltd. (Sakhalin Energy) and is intended for use by Sakhalin Energy
personnel only. This document can be provided for use to third parties under the agreement with Sakhalin Energy only. Title and all
rights to this document and information contained in the document are vested in to Sakhalin Energy. All rights reserved.
Decision on changes of the contents of this document can be made by Information Custodian only. The document control process
is regulated by the Procedure No. 0000-S-90-01-P-0501-00-E.
Current revision of this document is located in the controlled area in UNICA. Before using the copy of this
document, it is the User’s responsibility to ensure that it is current.
PAN ASSET OPERATIONS: GUIDE TO RISK ASSESSMENT
REVIEW LIST
TABLE OF CONTENT:
1 INTRODUCTION............................................................................................................... 6
PURPOSE ........................................................................................................... 6
SCOPE ................................................................................................................ 6
TERMINOLOGY .................................................................................................. 8
2 TASK RISK ASSESSMENT ............................................................................................. 9
1.1 DEFINITION AND RESPONBILITIES .................................................................. 9
1.2 TRA REPORTING ............................................................................................. 10
1.3 DYNAMIC RISK ASSESSMENT ........................................................................ 10
3 HAZID ............................................................................................................................. 11
SCOPE .............................................................................................................. 11
HAZID METHODOLOGY ................................................................................... 11
HAZID RESPONSIBILITIES............................................................................... 14
HAZID TASKS ................................................................................................... 15
4 HAZOP ........................................................................................................................... 19
METHODOLOGY............................................................................................... 19
HAZOP REQUIREMENTS AND GUIDELINES .................................................. 20
COMPETENCE REQUIREMENTS .................................................................... 20
Approved Facilitator (CHAIRMAN) ................................................................................... 20
Scribe .............................................................................................................................. 20
NODE SELECTION ........................................................................................... 20
HAZOP REPORTS ............................................................................................ 22
RULES FOR HAZOP ......................................................................................... 22
HAZOP DEVIATIONS ........................................................................................ 23
HAZOP KEY PHASES AND RESPONSIBILITIES ............................................. 23
5 DESKTOP SAFETY REVIEW (DSR) .............................................................................. 24
METHODOLOGY............................................................................................... 24
TEAM COMPOSITION....................................................................................... 25
FACILITATOR (CHAIRMAN) REQUIREMENTS ................................................ 25
LIST OF COMMON DEVIATIONS AND CONSEQUENCES. ............................. 25
DSR KEY PHASES AND RESPONSIBILITIES .................................................. 26
6 ALARP WORKSHEET .................................................................................................... 27
7 REFERENCES................................................................................................................ 28
APPENDIX A – MANDATORY HSSE&SP DELIVERABLES THROUGH PROJECT PHASES
............................................................................................................................................... 29
APPENDIX B – EXAMPLE OF HAZARDS AND EFFECTS REGISTER................................ 30
1 INTRODUCTION
PURPOSE
The purpose of this document is to provide necessary advisory guidance to Asset operations and Project
personnel for organising and implementing a risk assessment for new and existing installations, as defined
in the Sakhalin Energy Management Risk Standard [Ref.11]. This guide seeks to clarify the purpose,
scope and application of each form of qualitative risk assessment and the controls of usage in Sakhalin
Energy of:
• Task Risk Assessment
• HAZID
• HAZOP
• Desktop Safety Review
• ALARP Worksheet
Contractors may have risk assessment procedures as part of their management systems. Should
contractors use their procedures for work on Sakhalin Energy assets and projects, they shall be aligned
with the contents of this guide.
It is recommended that staff, involved in the above-mentioned reviews, receive training with regard to risk
management aspects.
This guide does not represent all qualitative risk assessments available in the industry, hovewer it focuses
on mostly used within Sakhalin Energy.
Information about various methods of risk assessment can be found in different industry practices, for
example GOST 12.0.230.5-2018 [Ref. 21] and ISO 17776 [Ref. 14] (RF equivalent is GOST R ISO 17776-
2012).
The selection and application of different risk assessments is dependent on the complexity of the solution,
and Process Safety group could be contacted for further clarifications on suitable risk assessment
technique to use.
SCOPE
HSE risk in Sakhalin Energy is managed through Managing Risk Standard [Ref. 11], which set out to
achieve continuous improvement and to reduce HSE Risks in the red and yellow areas of the Risk
Assessment Matrix to levels As Low As Reasonably Practicable (ALARP) through application of the
Hazard and Effects Management Process (HEMP).
Process Safety risk assessment in Sakhalin Energy relates to Major Accident Hazard management and
is classified as either Quantitative Risk Assessment (QRA) or qualitative risk assessment. This guide
covers only application of qualitative risk assessment for projects and asset modifications.
Results of QRA for each asset may be found in the asset HSE Case and specialist quantitative studies
required for design HSE Cases for major projects. The HSE Case QRA is prepared as set out in the
Sakhalin Energy Managing Risk Standard [Ref. 11, Appendix 7].
Semi-quantitative risk assessment techniques used in Instrumented Protective Function assessments use
HEMP and Layers of Protection (LOPA) techniques which are covered by DEP 32.80.10.10 [Ref. 13].
Risk assessment is part of the HEMP process described as:
Figure 2. Risk Assessment During Design and Operate Phases (HSE Case Development process)
Deliverables supporting HSE Case development including risk assessments at each phase of the project
are defined in Project Standard 1 – Capital Project HSSE & SP Management [Ref. 17] and represented
in Appendix A. The process is shown in Figure 2 and required by the HSSE & SP Control Framework,
which Sakhalin Energy adopted.
Risk assessment associated with well design are also not included in this document and the reader is
referred to Sakhalin Energy Technical Directorate Management System [Ref. 12, Section 4]. Risk
assessments associated with operating a well with a known defect / issue need to follow this risk
assessment guide.
The application of the requirements in Sakhalin Energy as related to Process Safety in facilities design
are further set out in the Application of ALARP Framework within Sakhalin Energy Risk Management
Standard [Ref. 1]. Scaling of the Process Safety deliverables to the risk of the project as measured by
project cost and complexity, are agreed with the Process Safety TA2.
All changes in Sakhalin Energy are governed by Management of Change (MoC) process [Ref. 9]. Each
MoC is classified for implementation either as a project or a plant change. For project, there are different
executing parties in design phase e.g., International Design and Engineering contractors, Russian Design
Institutes (RDIs), Technical Advisors and OEM etc. Sakhalin Energy implements Plant Changes via
Engineering and Maintenance discipline engineers. Irrespective of whether project or plant change, the
Process Safety deliverables assuring adequate assessment of risk must be agreed with the Process
Safety TA2.
This document provides guidance to risk assessment in both design and in operations.
TERMINOLOGY
ALARP As Low As Reasonably Practicable
IA Impact Assessment
TA Technical Authority
Accountability for completeness and accuracy of the TRA remain with the issuer and authorizer of the
3 HAZID
SCOPE
HAZID is a technique for early identification of potential hazards, including Major Accident Hazards and
threats for greenfield project or brownfield modifications. The technique has two styles, Conceptual (Initial)
and Detailed (Main) and should be applied during the early stages of a project development / modification.
It is therefore likely to be the first formal HSE-related study for any new project, which provides essential
input to project development decisions.
The application of the hierarchy of risk controls, which starts with the controls perceived to be most
effective and moves down to those considered least effective (Figure 3), will lead to safer and more cost-
effective design options being adopted with a minimum cost of change penalty.
HAZID METHODOLOGY
The study method is a combination of identification, analysis and brainstorming based on the hazards
identified on the checklist.
Most hazard identification techniques rely on some form of checklist. Frequently the term HAZID is used
interchangeably with a checklist approach.
The HAZID technique is:
• a means of identifying and describing occupational HSE hazards and threats at the earliest
practicable stage of a project or for plant modification
• a meeting employing a highly experienced multi-discipline team using a structured brainstorming
technique, based on a checklist of potential HSE issues, to assess the applicability of potential
hazards
• a rapid identification and description process only, not a forum for trying to solve potential
problems
• actions developed from a HAZID should be listed, action parties and completion dates assigned
and tracked to closure
The methodology has been based on the HAZID Manual EP 95-312 [Ref. 6] and ISO 17776 [Ref. 14] and
diagrammatically can be shown in Figure 4.
important that worst case credible outcomes are not discounted because other barriers prevent or mitigate
the outcome. Beware of multiple barrier failure or the Swiss Cheese model of James Reason.
It has been often said that “no that can’t happen here because of double jeopardy” when what is being
said is that other barriers will prevent the consequence from materialising. Major accidents in industry
have shown that their causes have been failures of multiple barriers. Relying on other barriers is not
sufficient justification for allowing a barrier to be impaired or unavailable.
If no new hazards to those in the asset HSE case are envisaged, then a HAZID is not required for each
project or modification. If in doubt, the initiator should convene the HAZID with the appropriate technical
and operational personnel and confirm that this is the case. Managing Risk Standard – Appendix 5. Risk
Assessment Matrix Specification [Ref. 11] explains how to classify risk.
The inventory of generic hazards which should be consulted to ensure all hazards have been covered in
the HAZID can be found in Appendix C [Ref. 19].
Reporting of the HAZID should use the same format as the asset or project hazard and effect register
(see example in Appendix B).
HAZID RESPONSIBILITIES
8 Confirmation that proposed action meets intent raised in Chairman and Co-ordinator
review
HAZID TASKS
Task 1: Identify need for HAZID study and define scope
Accountability with Sponsor (Project Manager, Asset Leader or Activity Manager)
There are different justifications for HAZIDs. These include Project Gates, Management Of Change
procedures, HSE or Safety Case preparation or revisions, or any situation where there is concern over
controls and the level of risks in design, construct, operate or decommission phases. HSE critical activities
such as major construction, SIMOPS, marine operations and combined operations would generally
require a HAZID unless previous reviews were considered robust or standard controls, procedures and
safeguards are appropriate to the specific location and activities proposed.
A critical input to the Hazard Register is an Initial HAZID completed for the ORP Phase, Assess.
A Main HAZID may be completed for the ORP Phase, Select for a project but at any stage during the
Operate phase for a new activity.
Since HAZIDs are generally undertaken at the front end of projects the actions are expected to be closed
out during the project life. However, for projects or activities covered by generic HAZIDs it may be
appropriate to review the actions on a periodic basis.
The Sponsor should specify the scope of the HAZID in terms of facility or activity boundaries, workpacks,
activities, operating scenarios and the deliverables and timing.
A room of sufficient size and arrangements to ensure smooth running of Team sessions is essential. The
necessary arrangements include tables and seating, lighting, PC, screen, HVAC, catering, printing,
photocopying, telecoms, IT support etc.
An off-site venue usually provides these arrangements and limits the opportunities for team members to
absent themselves.
Chairman is accountable for the contents and technical accuracy of the report. The minimum contents for
a report are;
• Scope
• Objectives
• Team, place, date
• Action Summary
• Method and Guidewords
• Worksheets
• Appendices should include essential drawings or procedures and a listing of all documents (and
their revision status) considered in the sessions.
The Co-ordinator is responsible for circulating the draft report for comment, collecting comments and
distribution to the Chairman to enable him to incorporate or reject.
4 HAZOP
METHODOLOGY
HAZOP is a structured hazard identification and analysis tool in the design and operation of a facility. It is
the application of a formal, systematic examination of process and engineering intentions of new or
existing facilities to assess the potential of mal-operation or malfunction of individual items of equipment
and their consequential effects on the facility as a whole. HAZOPs are not design reviews and any design
issues raised are to be captured in close out and transferred back to design group.
The main difference between HAZID and HAZOP studies is that HAZID Study focuses on hazards outside
of pipes whereas HAZOP Study focuses on hazards inside the pipes. HAZID Study can be carried out
using PFS and without PEFS being available. However, HAZOP Study must be carried out using PEFS
being available.
Designers are expected to use this document as their base case Terms of Reference when developing
their own HAZOP TOR. This guide specifies requirements for Sakhalin Energy that are not addressed in
the Shell DEM1 DEP 80.00.00.15 HAZOP Study [Ref. 7] and sets the qualifications and approvals for
conducting a HAZOP as required by the DEM1 DEP. The custodian of this guide is the registrar of
competent HAZOP Facilitator qualified to chair HAZOPs in and/or for Sakhalin Energy.
This guide sets requirements for any deviation from the HAZOP as required by the HAZOP DEP. The
HAZOP waiver process must be followed as per the form attached in Appendix D of this guide.
Sakhalin Energy has modifications which are executed through Brownfield projects where for the
application of HAZOP workshops the external facilitation is required.
The aim of HAZOP is to review and verify approved Process Engineering Flow Schemes (PEFS) against
the standards adopted for the project in relation with Technical Safety issues as a whole, in particular
process safety and to identify any weaknesses in the safety features and safeguards.
The method is equally applicable to major Greenfield developments, Brownfield projects, small plant
modifications or operating procedures. The concept is to break the system selected for study into small
sections (‘nodes’) and then to identify hazards by examining each section and using a series of parameter
and guide word filters to structure the brainstorming process (Figure 6).
COMPETENCE REQUIREMENTS
HAZOP participants are encouraged to go through HAZOP Awareness course and will be formally
registered in write-protected HAZOP Competence Register and kept by the custodian of this document.
Competence training is made available to identified personnel and they will be the only signatories of
HAZOP close out report. Personnel such as TAs who have currently contributed to HAZOPs will be
included in the HAZOP Competence Register without the need for formal training.
Approved Facilitator (CHAIRMAN)
The HAZOP Chairman shall be independent of the project team organization (design contractor). In this
context, independent means a Chairperson has a reporting line separate from the project organisation.
External HAZOP facilitators will be in the register recognized by company name. The company shall
provide the proposed CVs to Process Safety TA2 for review and approval.
Internal facilitators will be required to go through HAZOP Leadership course with qualifications provided
in Shell DEM1 DEP 80.00.00.15 [Ref. 7] and verified competent by Process Safety TA2.
Scribe
The Scribe is the person who records the minutes of the HAZOP Study. The HAZOP Recorder/Scribe
should be an experienced disciplines or operations professional who has participated in HAZOP before
and is able to articulate participant's discussions in write-up.
NODE SELECTION
The selection of nodes is carried out by the facilitator and identified on the Process Engineering Flow
Scheme (PEFS) drawings and approved by Sakhalin Energy Process Engineer TA2.
An example is given in Figure 7 below where the node selected will be identified on each PEFS by number
and colour.
A node represents a section of a process in which conditions undergo a significant change. For example,
a pump system will be a node because liquid pressure is increased, a reactor is a node because chemical
composition changes, and a heat exchanger is a node because it causes changes in fluid temperatures.
In practice, a single node will frequently involve more than one process change. For example, the node
for a chemical reactor will include changes to pressure, temperature and composition.
Figure 6 shows how a PEFS can be divided into three nodes. Each node has been circled with a cloud
line.
• Node 1 (blue line) is the Tank, T-100, with its associated equipment and instrumentation (the
process change is level in the tank).
• Node 2 (red line) incorporates two pumps, P-101 A/B, and the flow control valve, FCV-101 (the
process changes are flow rate and liquid pressure).
• Node 3 (green line) includes the pressure vessel, V-101, with its associated relief valve, and other
instrumentation (the process changes are pressure, chemical composition and level).
HAZOP REPORTS
The draft HAZOP Report should be issued within a week after the HAZOP session. The final HAZOP
Closed-Out Report should be issued after proper closure of all action items.
HAZOP’s on Brownfield projects including Wells and facilitated by the Designer, the final HAZOP Close-
Out will be tracked by HAZOP Co-ordinator using the agreed company’s or contractor’s assurance
system. The HAZOP Closed-Out Reports must be approved by the relevant Process Safety Discipline TA
or business equivalent competent person to ensure the intent of the original actions is fully satisfied.
HAZOP Close-out is a SoF requirement and could prevent handover and start-up.
If actions are not closed-out by a pre-determined date, all the outstanding actions will be included in the
Fountain Action. A Fountain Assurance Coordinator will be appointed by the Process Safety TA2. The
Fountain Assurance Coordinator will track all the open actions to closure and Process Safety TA2 will be
approving all these fountain actions.
If during discussion it is evident that the point raised is a design issue it is to be captured as action and
move on.
HAZOP review session should ideally not exceed six hours per day. This is particularly relevant for larger
studies which are run over several days or weeks where team fatigue and other work priorities may
accumulate. This could cause a reduction in quality and possibly extend the overall time requirements.
HAZOP Facilitator should use his/her discretion when planning the HAZOP Study.
Facilitators and attendees must be listed in competence register as highlighted in section 3.3 of this
document.
HAZOP DEVIATIONS
In some cases where there is no process engineering involved, deviation from HAZOP requirements can
be sought and approved by Process Safety TA2. HAZOP waiver is required (via HAZOP Request Form)
which is to be signed by engineering contractor’s Lead Technical Safety Engineer and Project Engineer.
A form (HAZOP Request Form) is attached in Appendix D as an example.
The HAZOP waiver process must be followed as per the form attached (as an example) in this guide.
METHODOLOGY
Determining ALARP throughout the Management of Change (MoC) [Ref. 9] phase for Operating facilities
requires a different approach from that used in the project phase established in Sakhalin Energy, and
requires a documented review of the risk posed by the change (permanent, temporary and emergency).
This includes the following essential items:
• risks identified;
• auditable link to a documented risk assessment;
• actions required during implementation phase to mitigate risks of change itself or in physically
implementing the change;
• any additions checks/requirements to the implementation phase.
Desktop Safety Review (DSR) is one of the HEMP qualitative tools commonly used in Sakhalin Energy to
document risk assessments of minor plant modifications (i.e. plant changes through MoC process with
ample design and operating experience is available) or operating procedures. This guideline outlines the
process that need to be followed during the risk assessments including approved leader to facilitate the
DSR and relevant participants experience.
The decision to use the Desktop Safety Review process and any deviations from it requires the approval
of the Process Safety Team as identified in DAM.
Technical Desktop Safety Review is a line-by-line multiple-discipline review of the MoC initiated redline
marked-up Process Engineering Flow Schemes (PEFS) for the process, off-plot and utility under the lead
of an experienced facilitator.
The aim of this review is to verify the PEFS against the standards adopted in relation with Technical Safety
issues as a whole, in particular process safety and to identify any weaknesses in the safety features and
safeguards. This is to ensure that the plant will handle all foreseeable operating conditions, including
maintenance, start-up and shut-down (both normal and emergency), in a safe, healthy and reliable
manner, with minimum environmental impact. To facilitate progress, reviewed systems will be marked in
an easily identified color on the PEFS studied by the team leader.
DSR should only be carried out for those processes, which are well known in the Company. Where
insufficient design and operating experience is considered to be available, HAZOP studies are
recommended instead.
The Desktop Safety Review shall be performed in a similar manner as a HAZOP review by following the
guidance provided in DEM1 DEP 80.00.00.15 [Ref. 7], however the methodology does not rely on the
formal use of a list of guidewords - such as for the HAZOP review - to generate deviations from the design
intent, but relies on the experience of the review team to identify such deviations. This is considered
acceptable for those processes for which ample design and operating experience is available in the
Company and, more importantly, in the review team.
There two subtle differences between the DSR and HAZOP as follows:
• DSR takes advantage of the experience and technical safety expertise of the facilitator, and
allows the facilitator the flexibility to skip or minimize the discussion for the guideword-parameter
combinations that the facilitator doesn’t see significant safety implication. Operability issues those
do not have the potential to lead to safety concerns are also skipped. This allows much stronger
focus on safety related scenarios. The time saved is used for more in-depth discussion and
analysis of the major hazardous scenarios identified in the review to ensure there are sufficient
and robust safeguards present, and also used for coming up with robust recommendations.
• Unlike HAZOP that documents discussions for every Guideword-Parameter combination, DSR
mostly documents exceptions or gaps unless full documentation is specifically requested.
Documentation for only gaps works well for processes that Company has already had significant
operational experiences so that most of the hazards have been understood and operating
procedures and manuals have covered the hazards and precautions needed.
TEAM COMPOSITION
To allow good focus and perform an effective DSR it is required from the team participants to be
knowledgeable in their field of expertise. The discussion will be led through the unit’s design, technology
and operability aspects.
The key team members involved in the review are:
• Team leader (Chairman)
• Process technologist / Process engineer
• Process automation and Control Engineer
• Process Safety engineer
• Operations representative
experience is available. However, HAZOP guidewords might be applicable for DSR as well.
Notwithstanding this, it is helpful if an informal list with key words is available, related to the most frequently
found deviations from design intent and consequences. This will assist further in guiding the creative
thinking process in identifying deviations and consequences.
This list may be different for different systems and assets and could be developed prior to or during the
review, as appropriate.
Common examples are:
6 ALARP WORKSHEET
The ALARP determination process is defined in Application of ALARP Framework within Sakhalin Energy
Risk Management Standard [Ref. 1]. The purpose of the ALARP worksheet is document decisions made
where there are options in design or in asset operations and to demonstrate that the risk of the selected
option cannot be reduced further without grossly disproportionate effort or cost.
The example of ALARP worksheet template is shown in Appendix G. The team composition and
facilitation of the ALARP worksheet preparation follows the HAZID rules in section 3 of this guideline.
Figure 9. Screening and Concept Selection Process (ISO 17776 [Ref. 14])
7 REFERENCES
1. Application of ALARP Framework within Sakhalin Energy Risk Management Standard, 1000-S-
90-04-O-0009
2. Asset Integrity Process Safety Manual, 1000-S-90-01-P-1404
3. Cumulative Risk Guidelines, Oil and Gas UK, Issue 1, ISBN 1 903 004 76 7, October 2016
4. Discipline Controls and Assurance Framework Standard, July 2016
5. HAZID Procedure, EPE Safety Engineering PR01, EP200801248658, Chris Wilson, 2007
6. HAZID, Shell HSE Manual, EP 95-0312
7. HAZOP Study, Shell DEM 1 DEP 80.00.00.15
8. HSE Case Specification, Appendix 7, Sakhalin Energy Managing Risk Standard, 0000-S-90-04-
O-0006
9. Management of Change Procedure, 0000-S-90-01-P-0268
10. Pan-Asset Application of Matrix of Permitted Operations (MOPO) Guideline, 1000-S-90-01-T-
0525-00
11. Sakhalin Energy Managing Risk Standard, 0000-S-90-04-O-0006
12. Sakhalin Energy Technical Directorate Management System, 1000-S-90-01-M-0086-00
13. Safety Instrumented Systems, DEP 32.80.10.10
14. Petroleum and natural gas industries – offshore production installations – Major accident hazard
management during design of new installations, ISO 17776
15. Permit to Work Manual: Integrated Safe System of Work (ISSOW), 1000-S-90-04-P-0031
16. Process Safety Events/ Wells Process Safety Incident Management Procedure, 1000-S-90-04-
P-0202
17. Project Guide 1 Capital Projects HSSE & SP Management (Health, Safety, Security, Environment
& Social Performance), Shell P&T
18. Tool Box Talk Procedure, Appendix 4, Sakhalin Energy Hazardous Activities Standard, 0000-S-
90-04-O-0261
19. HSE Specification: Hazard Inventory, EP2005-0300-SP-01
20. Production Directorate Operations Pan-Asset Procedure - Statement of Fitness, 1000-S-90-01-
P-0435-00
21. Occupational safety standards system. Нealth management systems. Risk assessment methods
to ensure the safety of work, GOST 12.0.230.5-2018
Hazard
Inventory.xlsm
[open attachment to access full list of hazards]
Risk_Assessment_Te
mplate.docx
[open the attachment to access the template]
Rev:
Date(s):
Background: Assessment Team:
Severity / RAM rating RED and yellow 5A/5B excluding consequential business loss.
Likelihood of
Occurrence A B C D E
1 May be acceptable; however, review task to see if risk can be reduced further.
2
Task should only proceed with appropriate management authorization after consultation with specialist personnel and assessment team.
3 Where possible, the task should be redefined to take account of the hazards involved or the risk should be reduced further prior to
commencement
4
Task must not proceed. It should be redefined, or further control measures put in place to reduce the risk. The controls should be re-assessed
5
for adequacy prior to task commencement.
Approved By:
Sign:
Date:
DSR TS assessment
Worksheet - template.xlsx
[open the attachment to access the template]
Site:
Project:
Unit / Equipment / Line:
Design intention:
Drawings:
Cause / Safeguards /
Item Deviation / Hazard Consequence Comments Recommendations Action party
Threat Barriers
1
2
4
5
6
7
8
TITLE
PROBLEM DEFINITION
IDENTIFY
OPTIONS CONSIDERED
Option 1
• HSE risk,
• Cost, Schedule,
• Production Impact,
• Resources required
Option 2
• HSE risk,
ASSESS
• Cost, Schedule,
• Production Impact,
• Resources required
Option 3
• HSE risk,
• Cost, Schedule,
• Production Impact,
• Resources required
TITLE
Example 1. LOPC.
Offshore platform. Crude Oil leak (100 kg) though a seal of a crude oil pump. This resulted in a spill around
the pump and all Oil was contained in hazardous drain system. (Note, see page 7 for guidance on People
Potential from LOPC)
Some of the potential Consequences could be:
a) Crude oil spill into the sea from the drain system damaging the environment and requiring oil spill
cleanup response with adverse impact on the Community;
b) Ignition of the crude oil resulting in a small fire around the pump;
c) Inadequate firefighting and escalation of the fire to the point where other process equipment fails
and a major fire and explosion occurs resulting in injuries or even fatalities.
Remember that in most cases Potential Consequences are higher than actual.
1. Think whether those Consequences are credible.
Always think "What if other Controls didn't work right or failed". At the same time avoid too many 'what if's'.
Let's try to consider credibility of Consequences listed above.
a) Crude oil spill into the sea. If leak would be much smaller and maximum possible quantity of a spill
would be relatively small and limited – possibility of oil getting into the sea from drain would probably
be not credible. Still a spill from a drain system to the sea, like in our example can be treated as a
credible scenario.
b) Ignition of crude can be treated as credible only if circumstances of incident could contribute to it.
Generally hazardous assets have multiple Controls over sources of ignition. Still if in the past you
heard of such Consequences or for example there were cases of permit to work incompliances
during hot work execution or there were incidents with sources of ignition in process areas or for
example ex integrity of equipment or seal failure in the past resulted in overheating of bearing –
such Consequence can be considered to be credible.
c) Inadequate firefighting and escalation. Consequence of major accident happening from described
above case can hardly be called credible unless you have objective reasons to call it so. Still always
remember that LOPC is a C5 risk for Offshore Installation. Remember in Risk Assessment the
causes of Major Industry incidents like "Piper Alpha". It was between 50 and 70 kg's of condensate
released which caused 167 fatalities and complete loss of Piper Alpha installation.
For example, if in the past you had a leak from oil pump, but from flexible hose body - not from a seal.
Should likelihood be B instead of C? This is a same system so likelihood would probably be C.
For example, in the past you had a leak from other rotating equipment and liquid was different, but
Consequences were similar – leak into the sea of hazardous substance. Should likelihood be 'B' instead of
'C'? It still should be 'C'. But if you have strong justification that circumstances were absolutely different it
can be B. Experience plays a part here. Group discussion is important.
Notes:
What likelihood would it be if this incident was not with an ordinary wire melted but with some very specific
electrical equipment burnt and you never heard of such equipment causing Consequences of 5. Should it
be A5? - In our case this incident is equal to LSR#2 likelihood should be B by default (See C-HSE User
guide for LSR RAM assessment). If you know of such events happening in the Organization or > 1 year in
industry – likelihood may become C.
4. Estimate Risk. For Consequences (b) described above risk will be – 5B People (Yellow).
Notes:
For example, you heard of helicopter crashes with similar consequences happening > once a year in a
different industry, not oil and gas. Would likelihood be A instead of C. Probably not. When we are looking at
common industry-wide situations such as helicopter transfers, an incident in aviation is just as relevant as
an incident in our industry.
For example, you have heard of helicopter crashes, but not sure if Hydraulic system failure was the cause.
Should Likelihood be B instead of C. Probably a fair rating should still be C, unless you are sure that causes
of previous crashes were absolutely different.