Risk Mangement

1
RISK MANAGEMENT
Hazard & Risks
Pooya Arjomandnia 2015

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2
LECTURE 2 PLAN:
Some history why risk management?
Hazard and risk the concepts
Terminology, a way of thinking
Risk perception
RESOURCES USED FOR

DISCUSSIONS
Books & Journals
Skelton, Bob Process Safety Analysis: an

introduction chapters 1 & 2
Cameron I and Raman R. - Process Systems Risk

Management chapter 1
Lees loss prevention in the process industries:

hazard identification, assessment and control,
edited by Sam Mannan, free electronic resource at
Curtins library Ch. 1, 2 & Appendices
NATURAL DISASTERS
Ian Cameron
INDUSTRIAL DISASTERS
Atofina, Toulouse
Ian Cameron
SOME MAJOR DISASTERS - CASE

STUDIES
Flixborough, UK, 1974
PEMEX, Mexico City, 1984
UCIL, Bhopal, India, 1984
Piper Alpha, UK, 1988
Deepwater Horizon, 2010
Fukushima Daiichi, Japan,

2011
FLIXBOROUGH, UK 1974
The Process
Manufacture of caprolactum via the oxidation of liquid
cyclohexane. Reaction product contained 94% cyclohexane
which was subsequently separated.
Reaction carried out in six reactors (20 tonnes each) in series,
operating at 8.8 barg and 155C.
Heat of reaction removed via vaporization of cyclohexane
which was recovered from the off-gas system by condensation.
Atmosphere in reactors controlled via nitrogen supply
Safety valves (11 barg) vented vapour into the relief header of
the flare system
Trip to operate if high oxygen level encountered in the off-gas.
Ian Cameron
Chronology of Events
27 March: crack located in 13mm steel plate of Reactor 5.
Decision to take Reactor 5 out of service.
A by-pass constructed between Reactors 4 and 6. Done with
500mm pipe. Openings were 710mm. Dog-leg design, because
of different reactor levels. Bellows installed at each end. Bypass pneumatically tested to 9.0 barg.
29 May: Isolation valve leaking. Shutdown for repairs.
1 June: Startup of plant. Reactors subjected to higher than
normal design pressure.
early am: sudden rise to 8.5 barg in Reactor 1 during
startup
late am: pressure reaches 9.1-9.2 barg at normal
operating temperature
late pm: vapour release via pipe rupture
4.53 pm: massive vapour cloud explosion (VCE)
Ian Cameron
Extent of Disaster
Death and Injury
28 killed (within plant)
54+ injured
Plant and Equipment

complete destruction of
processing facilities ($60-70
million)
Plant Environs
1821 houses badly damaged
167 shops damaged
Ian Cameron
10
(Lees, 1996)
11
(Lees, 1996)
12
Lessons from the Incident:

1. Inventory of Hazardous Materials
large volumes stored on site
(1.5 million litres cyclohexane plus 450,000 litres of other highly
flammables)
2. Design and location of control room and other buildings

18 out of 28 deaths were in the control room
3. Siting of Major Hazards

higher casualties avoided due to relative isolation
4. Public Controls of Major Hazard Installations

ACMH (Advisory Committee on Major Hazards) also CIMAH (Control of
Industrial Major Accident Hazards) regulations
5. Management Aspects
safety versus production
hazard analysis of modifications
management safety system essential
planning for emergencies
Ian Cameron
PEMEX, MEXICO CITY, 1984
13
Extent of Disaster
Death and Injury
542 killed (mainly outside plant)
> 7000 injured
Plant and Equipment

majority of LPG installation destroyed
Plant Environs
severe damage area out to 400m
fragments out to 1200m
100 delivery trucks destroyed
200 houses destroyed
1800 houses damaged
200,000 evacuated
Ian Cameron
Ian Cameron
14
15
The Facility
LPG storage and distribution centre, located in a north-eastern
suburb of Mexico City.
Storage at San Juan Ixhuatepec was:
Type
Number
Capacity
(tonnes)
Pressure
(bar)
Total
(tonnes)
bullet
bullet
sphere
sphere
44
4
4
2
50
90
575
1250
9
9
13.5
13.5
2200
360
2300
2500
54
7360
Surrounding residential area started 130m from storage tanks

Feed via 3 underground lines (300mm) from refineries up to 500
km away
LPG distributed to local gas companies and others via
underground lines, cylinders and rail-tankers.
Ian Cameron

Sunday18 November, late pm: facilities almost empty.
Afternoon shift begins tank filling from refineries.
Monday 19 November, early am: filling of bullets and 2
largest spheres completed; 2 smaller spheres about 50%
full.
Sudden pressure drop at pumping station 40 km away.
Rupture of an 8 in. pipe between a sphere and cylinders
5.20 am: escape of liquefied gas with deafening noise 2m
high cloud 200m x 150m
5.40am: cloud ignited by flare at bottling plant. Flash fire
and local overpressures
5.45am: first major explosion (BLEVE)
5.46 am: first small sphere explodes with 300m fireball.
Raining LPG.
up to 7.30am: 9 major explosions
Ian Cameron
16
17
Lessons from the Incident

Layout
PEMEX facilities very confined
cylinders very close and walled-in leading to increased overpressures
Location
closeness to major residential areas (130 metres)
local authority planning strategies
Maintenance
poor quality gas detection and emergency isolation
often postponed
seldom recorded
failure of the overall system of protection
Disaster Planning
total confusion reigned
inadequate disaster management
Ian Cameron
UCIL, BHOPAL, INDIA, 1984
18
Extent of the Disaster

Death and Injury
3000 fatalities
>250,000 injured
(159 orphaned children, 169
widows, 1000 cases of
blindness)
Plant and Equipment

closure of facility
Plant Environs
major long-term devastation of
local community
Ian Cameron
19
The Process
Tails
Phosgene
stripping
Tails
rude
Pyrolysis
MIC
MIC
refinin
g
Product
Residues
Phosgene
Reaction
system
MIC
storag
e
Monomethylamin
e
Chlorofor
m
Hydrogen
chloride
MIC
destruction
VGS/flare
Product
MIC
derivativ
es
Unit vents
20
Sunday 2 December
8.30pm: operator asked to wash piping around tank 610
10.55pm: pressure in tank 610 rises to 10 psig. Operator
assumes it is due to nitrogen pressurization
11.30pm: operators sense eye irritation due to small amount of
MIC
Monday 3 December
12.00 midnight: pressure continues to build. Water sprays used
to cool tank but ineffective
12.30 am: pressure rises to full scale . Bursting disc and safety
valve blows. MIC released via scrubber and vent (40 tonnes in
total) scrubbing, refrigeration & flare not working!
1.00am: alarm activated
Ian Cameron

Storage of hazardous
intermediates?
is it necessary?
Non-adherence to
recommended plant
procedures
Inoperative safety systems
vent gas scrubber
flare stack
water curtain
refrigeration system
Multinational safety
standards
common standards
worldwide
adequate training
Local Government actions
local community
awareness
suitably planned buffer
zones
Sabotage of operations ?
spare storage tank
21
Ian Cameron
PIPER ALPHA, UK, 1988
22
Extent of Disaster
major oil platform
destroyed
167 deaths
major oil production
disruption for Occidental
Petroleum
Cullen Report leads to
major off-shore safety
system changes
PIPER ALPHA, UK, 1988
23
The Process
platform operations separated fluid
from wells into gas, oil and
condensate
oil pumped to Flotta Terminal,
Orkneys
gas sent to MCP-01 platform for
compression for discharge to St.
Fergus
gas received from Tartan
gas line link to Claymore
Pipeline connections
(Lees, 1996)
PIPER ALPHA
24
Condensate pump was taken out of service for maintenance by
day shift
PSV of the pump was taken out of service; blind installed loosely
(bolts not tight)
21:45 2 condensate pumps tripped, one restarted by night shift
(not knowing what the day shift did)
Leak and large amount of condensate released vapor cloud
22:00 first explosion
22:20 - rupture of gas riser from Tartan
death in accommodation module
22:50 & 23:20 third and fourth explosion
24:15 - platform Piper disappears
PIPER ALPHA
25

quality of safety management lack of control, poor
permit to work systems
quality of safety auditing
isolation of plant for maintenance
training of contractors no proper training!
disabling of protective systems by fire/explosion
safe refuge for workers
planning for emergencies emergency induction not provided,
no drills of exercises to test emergency preparedness
Ian Cameron
Deepwater horizon, april 2010
Drilling rig sank after

explosion and fire
11 fatalities
Many injured
(126 total workers)
Environment
major long-term devastation

the largest offshore oil spill in
US history
26
Deepwater horizon
27
20 April 2010
9:45: a geyser of seawater erupted from the marine riser onto the rig (73 m into the air)
Very soon: eruption of slushy combination of mud, methane gas and water
The gas ignited into a series of explosions and firestorm
Attempt to activate the blowout preventer failed and rig burned for 36 hours
22 April 2010
The rig sank
The oil spill continued until 15 July when temporarily sealed by a cap
Relief wells used to permanently seal the well
19 September 2010 declared effectively dead!
Possible causes
2009 not required to fill a

scenario for a potential blast
Instructions to remove
drilling mud from the riser
prior to capping and replace
with seawater
Disregarded anomalous pressure

test readings prior to explosion
28
The BOP had a dead battery in

its control pod and leaks in its
hydraulic test
Declared the blowout

preventer (BOP) fail-safe;
Transocean listed 260 failure
modes
2011 report BPs lack of
safety culture
Maker of BOP
To be continued
Flawed cementing job to cap the well just prior

to blowout
The cement plug was never set
Fukushima, Japan, march 2011
29
Level 7 nuclear disaster
Equipment failures
Nuclear meltdowns
Release of radioactive materials
No deaths or cases of radiation
sickness
Fukushima
30
Earthquake loss of power supply; reactors 1-3 shut down

Emergency diesel generators started up
Two tsunamis (8 min apart)
Submerged and damaged the seawater pumps required for condenser and cooling
circuits
Drowned the diesel generators, inundated the electrical switchgear and batteries
Damaged and obstructed roads
Reactors isolated from any heat sink
Nuclear emergency declared
Evacuation
Fukushima
31

Seismic design countermeasures for the external power supply
were inadequate
Tsunami the scale considered in design was inadequate; poor
design of critical safety systems
Station blackout safety guidelines only assumed short term
blackout
Loss of ultimate heat sink
Accident management inadequate for station blackout; confusion;
inadequate responsibility system
Hydrogen explosion outside the containment vessel, not taken
into consideration
Safety design approach - inadequate
How to conduct a simple incident safety and risk

assessment
32
US CHEMICAL PROCESS LOSSES

All
Losses
Explosion
Fire
All other
Windstorm
Losses > $100 000
Ian Cameron
33
LOCATION OF LOSSES
34
Enclosed
building
Open
structur
e
Other
Ian Cameron
CAUSE OF LOSSES
35
Chemical reaction
Boiler and furnace explosion
Other explosions (including vapour cloud
explosions)
Ian Cameron
LOSS ANALYSIS REACTION &

EXPLOSION
Cause
Frequency (%)
Accidental reactiona
33.3
Uncontrolled reactionb
40.0
Decomposition of unstable materials
13.3
Other causes
13.4
Due to accidental contact of material(s)
Intended reactions which become uncontrollable
Type of Process
Frequency (%)
Batch reaction
60.0
Continuous reaction
13.6
Recovery unit
6.6
Evaporation unit
6.6
Other
13.2
Ian Cameron
36
MOTIVATION FOR RISK

MANAGEMENT
37
Regulatory requirements
International, national and state
Common Law Duty of Care

Avoiding criminal liability
Commercial incentives
Business continuity
Corporate reputation
Evaluating alternatives for design and location
Ian Cameron
KEY CONCEPTS
38
HAZARD - DEFINITIONS
Hazard = a physical situation with a potential for: human injury,
damage to environment or both
Hazard analysis =
the identification of undesired events that lead to materialisation of
hazard
the analysis of the mechanisms by which these undesired events could
occur
the estimation of the extent, magnitude & likelihood of any harmful
events
a potential for harm/loss NOT a realised

harm/loss
Skelton chapter 1
KEY CONCEPTS
39
HAZARDS CONTRIBUTING FACTORS
Material factors
toxicity (LD50, TLV, ERPG, )
flammability (Flash point, Auto-ignition, UEL/LEL)
explosion (deflagration, detonation)
Operational factors
process deviations
time
sequence
human factors
Environmental factors
ignition density
weather/meteorology
Cameron chapter 1
KEY CONCEPTS
40
RISK - DEFINITIONS
Risk = the probability of occurrence of an event that could
cause a specific level of harm to people, property,
environment over a specified period of time
Process risk categories:
Occupational risks - safety & risk of employees
Plant property loss
Environmental risk s&h of public, heritage
Liability risks - public, product, failure to service
Business interruption risks
Project risk design, contract, delivery
Cameron chapter 1
KEY CONCEPTS
41
RISK DEFINITIONS
Two dimensions:
Severity / magnitude of the loss
Likelihood / probability of occurrence
Broad concept:
Risk = Undesirable consequences x Uncertainty
Risk = Hazard / Protective measures
Risk = Hazard + Outrage
Cameron chapter 1
42

Risk Mangement

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Mangement

Uploaded by

Copyright:

Available Formats

1

Pooya Arjomandnia 2015

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RESOURCES USED FOR

Books & Journals

Skelton, Bob Process Safety Analysis: an

Cameron I and Raman R. - Process Systems Risk

Lees loss prevention in the process industries:

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

SOME MAJOR DISASTERS - CASE

PEMEX, Mexico City, 1984

UCIL, Bhopal, India, 1984

Piper Alpha, UK, 1988

Deepwater Horizon, 2010

Fukushima Daiichi, Japan,

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

Plant and Equipment

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

Lessons from the Incident:

2. Design and location of control room and other buildings

3. Siting of Major Hazards

4. Public Controls of Major Hazard Installations

PEMEX, MEXICO CITY, 1984

Plant and Equipment

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

PEMEX, MEXICO CITY, 1984

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

PEMEX, MEXICO CITY, 1984

Surrounding residential area started 130m from storage tanks

PEMEX, MEXICO CITY, 1984

PEMEX, MEXICO CITY, 1984

Lessons from the Incident

UCIL, BHOPAL, INDIA, 1984

Extent of the Disaster

Plant and Equipment

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

UCIL, BHOPAL, INDIA, 1984

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

UCIL, BHOPAL, INDIA, 1984

UCIL, BHOPAL, INDIA, 1984

spare storage tank

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

PIPER ALPHA, UK, 1988

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

PIPER ALPHA, UK, 1988

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

Lessons from the Incident

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

Deepwater horizon, april 2010

Extent of the Disaster

Drilling rig sank after

major long-term devastation

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

RISK MANAGEMENT AND PROCESS SAFETY Lecture 2

2009 not required to fill a

Disregarded anomalous pressure

The BOP had a dead battery in

Declared the blowout

Flawed cementing job to cap the well just prior