Chapter2. Risk Management Programs
2.1. Risk Management Programs
2.2. Risk Management
2.3. Risk Management Programs
2.4. Risk Management Program Includes...
2.5. Hazard Identification
2.6. Consequence Analysis
2.7. Control Procedures
2.8. Training
2.9. Emergency Planning
2.10. Accident Investigation
2.11. Audit Program
2.12. Current & Pending Regulation & Industry Guidance
2.13. Petroleum Industry Guidelines
2.14. Operating Procedures
2.15. Operating Procedures(contd.)
2.16. High Level Liquid Alarm
2.17. Operation Procedure for High Liquid Level Alarm
2.18. Operation Procedure for High Liquid Level Alarm(contd.)
2.19. Operation Procedure for High Liquid Level Alarm(contd.)
2.20. Operation Procedure for High Liquid Level Alarm(contd.)
2.21. Operation Procedure for High Liquid Level Alarm(contd.)
2.1. Risk Management Programs
A risk management program is required to identify and mitigate risks in operating a chemical plant or refinery. This section will review the elements in a risk management program.
2.2. Risk Management
A Management Tool
Ensures Consistent Response
A risk management plan is a management tool that provides responsible administrative control. Federal regulations require a risk management program in 40 CFR Part 68.
2.3. Risk Management Programs
Credible
Organized
Thorough (addressing public concerns)
Relevant
Doable & Economical
Based on Existing Technology
Publicized
These are the characteristics for a successful risk management program. The first four features are related. A relevant and thorough program is credible and organized. It must reach and obtain the support of all personnel at the site. The program identifies potential scenarios for accidental releases and consequences along with a plan to alleviate the problem. Also, it must be flexible and economically feasible.
2.4. Risk Management Program Includes...
Hazard Identification
Consequence Analysis
Control or Treatment Responses
Procedures
Training
Emergency
Planning
Accident Investigation
Audits
These elements are a necessary part of the risk management plan. Procedures should cover operations, maintenance, testing, inspection and change control. Following is a brief description of each of these elements. Subsequent sections will cover these topics in more detail.
2.5. Hazard Identification
What-If Analysis
HAZOP
Fault Tree Analysis (FTA)
Failure Modes and Effects Analysis (FMEA)
These are the main methods used for hazard identification. Each has its advantages and disadvantages. Screening and ranking methods are appropriate for early stages in a process design or evaluation.
2.6. Consequence Analysis
Determines the consequences of an undesired event identified by a hazard evaluation
Site Specific
Considers:
Hazard
Location
Population Density
Weather Pattern
Consider an explosion as an example. Consequence analysis would evaluate pressure wave and fireball radius, thermal radiation, fire, toxic releases, airborne concentrations, among others. Also, health and economic effects are evaluated. This provides the consequence part of risk which is defined as the probability of occurrence of an event and its consequences.
2.7. Control Procedures
Control potential releases and consequences
Control program
operations
maintenance
safety
training
audit
investigation
The potential for accidents will exist regardless of the safeguards installed. Provisions to control potential releases include scrubbing systems, flare systems, incinerators, etc. Procedures for administrative control must cover operations, maintenance, safety, training, audit, and investigation.
Also, communication procedures are of prime importance in case of an emergency.
2.8. Training
Human Error
Classroom vs. On-the-Job
Performance Evaluations
Refresher Courses
Instructors
Measure Effectiveness
Approximately two-thirds of accidents were a result of human error rather than equipment failure or design deficiency. Training encompasses that for new employees, and experienced operators and supervisors. It includes classroom, on-the-job and field-specific practices. Training should include oral and written performance evaluations.
Instructors must be qualified to teach the material. Effectiveness of the training program should be assessed. Experience has shown that a one year interval between refresher training courses is optimal. Skills deteriorate for activities that are performed infrequently.
2.9. Emergency Planning
Uses Consequence Analysis
Emergency Organization
Practice Emergency Response
Required by Federal Regulations
Consequence analysis is used as a basis for contingency plans. Personnel are trained in roles they will take in the event of an emergency. This includes communication and coordination with local government and volunteer agencies. An emergency response program is required by Federal regulations in 40 CFR Part 68.
2.10. Accident Investigation
Accident Investigation Team
Comprehensive Investigation
Determine cause and effect
Measures to prevent reoccurrence
Report detailing facilities operation, conclusions, recommendations, actions and resolution
An accident investigation team must be composed of experienced engineers and other knowledgeable plant personnel. The team has to work objectively using analytical tools to determine the root cause of the accident. This will lead to process and operations changes to prevent reoccurrence. An accident investigation report is prepared and includes a history of the facilities operations, conclusions recommendations, and actions to prevent reoccurrence. The report is not closed until all corrective action has been taken and documented that these procedures are successful.
2.11. Audit Program
Review of operations and maintenance procedures
Inventory of records
Physical inspections
Review of documentation
Administrative procedures for tracking and checking program implementation
Performed yearly
Audits are used to evaluate the effectiveness of the risk management program. Typically, operations and maintenance procedures are reviewed along with associated records and checklists. Also, the administrative controls are evaluated for performing necessary tracking and checking program implementation.
Over 14,500 facilities have submitted Risk Management Plans to EPA as required by the Risk Management program regulation 40 CFR Part 68. The EPA Regional Office or designated state agency is required to audit these plans as specified in 40 CFR 68.220. These audits are to help ensure compliance with the Risk Management Program, and EPA can require companies to modify their plan to meet regulation requirements.
2.12. Current & Pending Regulation & Industry Guidance
State Regulations
Federal Clean Air Act Amendments (CAAA)
Occupational Safety & Health Administration (OSHA)
Industry Guidelines
State and Federal regulations undergo almost continuous modification. The Federal regulations covering Chemical Accident Prevention are given in 40 CFR Part 68. These regulations cover hazard assessment, program prevention, emergency response, accidental release prevention and risk management plan. OSHA regulations are given in 29 CFR 1910. Chemical industry guidelines include the Responsible Care Program of the American Chemistry Council.
2.13. Petroleum Industry Guidelines
The American Petroleum Institute is the comparable organization for the petroleum industry as the American Chemistry Council is to the chemical industry. The API has issued a management of process hazards report with recommended practices, referred to as API 750. This report covers the topics listed here.
2.14. Operating Procedures
A key element of risk management is plant operating procedures
Design and plant engineers are responsible for providing clear instructions for both normal operating conditions and any foreseen emergency conditions
Operating procedures are the most important part of a risk management program, Part of an engineer's task is to prepare operating procedures and instructions for a process. These procedures are for both normal operating conditions and emergency situations.
2.15. Operating Procedures
Write operating procedures for “high liquid level alarm sounds” for the knock-out vessel. The alarm on the liquid level controller is set for no more than 20% liquid in the vessel.
At this point, stop and develop operating procedures for the process flow diagram of the knock-out vessel and flare. The next slide will give an outline to follow.
2.16. High Level Liquid Alarm
1. Confirm liquid level is actually high: Describe how to determine actual level
2. Check liquid level control unit: Describe action to be taken
3. Check outlet path: Describe possibilities and actions
4. Check inlet path: Describe possibilities and actions
5. Describe action to be taken and who is to be notified
The high liquid level alarm sounds. Develop operating instructions using the following outline.
1. Confirm that the liquid level is actually high. A sight glass is available for visual inspection.
2. Check liquid level control unit. Describe actions to be taken if high level is or is not confirmed.
3. Check outlet path. Describe actions to be taken based on this inspection.
4. Check inlet path. Describe actions to be taken based on this inspection.
5. Describe action to be taken and who is to be notified.
2.17. Operation Procedure for High Liquid Level Alarm
1. Confirm that liquid level actually is high. The level might be OK.
Instruments may not be 100% reliable.
Check sight glass on vessel to confirm high level.
A. If high level is confirmed, go on to 2.
B. If high level does not exist, check and repair liquid level alarm unit.
A typical set of operating procedures would include the following steps. This set of operating procedures is one of hundreds of such sets that are needed to operate a modern, complex process plant.
The first step confirms the conditions in the vessel.
2.18. Operation Procedure for High Liquid Level Alarm
2. Check liquid level control unit. The controller may be malfunctioning.
A. If controller is OK, go to 3.
B. If controller is faulty, shift operation to manual control and repair level controller.
The second step checks the liquid level control unit.
2.19. Operation Procedure for High Liquid Level Alarm
3. Check outlet path. The outlet path may be blocked.
Inspect for blockages and sources of back pressure between vessel and waste liquid recovery unit.
A. If no blockage, go on to 4.
B. If blockage exists, arrange for clearance and repair.
The third step checks for problems upstream of the unit.
2.20. Operation Procedure for High Liquid Level Alarm
4. Check inlet path. There may be excessive flow to the unit.
A. If no flow, go on to 5.
B. If flow is satisfactory, check with unit operators to see if excessive amounts of liquid are expected.
(1) If unit operators know excessive amounts of liquid are being sent to flare, determine expected time for vessel to fill. Find out from unit operators whether their problem will be under control by then.
(2) If unit operators are not aware of excessive flow, assist them in determining source.
The fourth step checks for problems downstream of the unit.
2.21. Operation Procedure for High Liquid Level Alarm
5. Inform unit operators that there is no vapor vent flow to flare. Be sure that everyone involved knows the conditions of the system.
A. If unit operators are aware of this and unit is under control (or shut down), allow vessel liquid level to stabilize.
B. If unit operators are not aware of problem, assist as needed to get unit operating properly.
The fifth step ensures that the persons who need to know are aware of conditions.
Significant amounts of time and effort are put into preparing operating procedures for process plants. A common problem, however, is that the procedures are not kept up to date when minor plant modifications or process changes are made.