Chapter 6 - Risk Assessment Ghazi

OSH IN CHEMICAL INDUSTRIESCHAPTER 6

RISK ASSESSMENTSEM 1 1314

1

Contents

Introduction Fault Tree Analysis

ObjectivesObjectivesDescribe risk assessmentDevelop Fault Tree Analysis to assess

risk based on the identified top event.

2

INTRODUCTION

The term ‘risk assessment’ comes from the insurance industry & was one stage in their process of determining and spreading liabilities they carried.

Objective: to identify hazards so that action can be taken to eliminate, reduce or control them before accident that cause damage or injury occur.

3

What is Risk Assessment (RI) ?

RI includes incident identification and consequence analysis. Incident identification describes how an incident occurs. It frequently includes an analysis of the probabilities . Consequences analysis describes the expected damage.

This includes loss of life, damage to the environment or capital equipment, and days outage.

The hazard identification procedures (HAZOP) include some aspects of RI.

Cont…

4

What is Risk Assessment ? Cont…..

Risk assessment is the process where you: Identify hazards, Analyze or evaluate the risk associated with that hazard, and Determine appropriate ways to eliminate or control the

hazard.

In practical terms, a risk assessment is a thorough look at your workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening.

5

Why is Risk Assessment important?

Risk assessments are very important as they form an integral part of a good occupational health and safety management plan. They help to:

create awareness of hazards and risks, identify who may be at risk (employees,

cleaners, visitors, contractors, the public, etc), determine if existing control measures are

adequate or if more should be done, prevent injuries or illnesses when done at the

design or planning stage, and prioritize hazards and control measures.

6

What is the goal of Risk Assessment ?

The aim of the risk assessment process is to remove a hazard or reduce the level of its risk by adding precautions or control measures, as necessary. By doing so, you have created a safer and healthier workplace.

7

How do we do a Risk Assessment ?

Assessments should be done by a competent team of individuals who

have a good working knowledge of the workplace. Staff should be

involved always include supervisors and workers who work with the

process under review as they are the most familiar with the operation.

In general, to do an assessment, you should:

identify hazards,

evaluate the likelihood of an injury or illness occurring, and its severity,

consider normal operational situations as well as non-standard events

such as shutdowns, power outages, emergencies, etc.,

Cont……

8

Review all available heath and safety information about the

hazard such as MSDS(material safety data sheet), manufacturers

literature, information

from reputable organizations, results of testing, etc.,

Identify actions necessary to eliminate or control the risk,

monitor and evaluate to confirm the risk is controlled,

Keep any documentation or records that may be necessary.

Documentation may include detailing the process used to assess

the risk, outlining any evaluations, or detailing how

conclusions were made.

Cont…….

How do we do a Risk Assessment ? Cont…

9

How do we do a Risk Assessment? Cont……

When doing an assessment, you must take into account:

the methods and procedures used in the processing, use, handling or storage of the substance, etc..

the actual and the potential exposure of workers,

the measures and procedures necessary to control such exposure by means of engineering controls, work practices, and hygiene practices and facilities.

Cont…..

10

How do we do a Risk Assessment? Cont……

By determining the level of risk associated with the hazard, the employer and the joint health and safety committee can decide whether a control program is required.

It is important to remember that the assessment must take into account not only the current state of the workplace but any potential situations as well.

11

How are the hazards identified?

Overall, the goal is to find and record possible hazards that may be present in your workplace. As mentioned, it may help to work as a team and include both people familiar with the work area, as well as people who are not - this way you have both the "experienced" and "fresh" eye to conduct the inspection.

To be sure that all hazards are found:

1- look at all aspects of the work,

2- include non-routine activities such as maintenance, repair, or cleaning,

3- look at accident / incident / near-miss records,

Cont…..

12

How are the hazards identified?

4- include people who work "off site" either at home, on other job sites, drivers, teleworkers, with clients, etc.,

5- look at the way the work is organized or "done" (include experience and age of people doing the work, systems being used, etc),

6- look at foreseeable unusual conditions (for example: possible impact on hazard control procedures that may be unavailable in an emergency situation, power outage, etc.),

7- examine risks to visitors or the public,

8- include an assessment of groups that may have a different level of risk such as young or inexperienced workers, persons with disabilities, or new or expectant mothers.

Cont……

13

How do we know if the hazard is serious (poses a risk)?

Each hazard should be studied to determine its' level of risk. To research the hazard, you can look at:

product information / manufacturer documentation, past experience (workers, etc), legislated requirements and/or applicable standards, industry codes of practice / best practices, health and safety material about the hazard such as material

safety data sheets (MSDS), or other manufacturer information,

information from reputable organizations, results of testing (atmospheric, air sampling of workplace,

biological, etc), the expertise of a occupational health and safety professional, information about previous injuries, illnesses, "near misses",

accident reports, etc. Cont…

15

How do we know if the hazard is serious (poses a risk)? Cont…..

Remember to include factors that contribute to the level of risk such as the:

work environment (layout, condition, etc.), capability, skill, experience of workers who do the work, systems of work being used, or range of foreseeable conditions.

16

How do we rank or prioritize the risks?

Ranking or prioritizing hazards is one way to help determine which hazard is the most serious and thus which hazard to control first ? Priority is usually established by taking into account the employee exposure and the potential for accident, injury or illness. By assigning a priority to the hazards, you are creating a ranking or an action list. The following factors play an important role:

percentage of workforce exposed, frequency of exposure, degree of harm likely to result from the exposure, probability of occurrence.

There is no one simple or single way to determine the level of risk. Ranking hazards requires the knowledge of the workplace activities, urgency of situations, and most importantly, objective judgment.

17

What options exist to rank or prioritize risks?

One option is to use a table similar to the following as established by the British Standards Organization:

18

Cont….

What options exist to rank or prioritize risks? Cont…

Definitions for Likelihood of Harm

Very Likely - Typically experienced at least once every six months by an individual.

Likely - Typically experienced once every five years by an individual.

Unlikely - Typically experienced once during the working lifetime of an individual.

Very unlikely - Less than 1% chance of being experienced by an individual during their working lifetime.

Cont….

19

What options exist to rank or prioritize risks? Cont….

Definitions for Severity of Harm

Potential severity of harm - When establishing potential severity of harm, information about the relevant work activity should be considered, together with:

a) part(s) of the body likely to be affected;

b) nature of the harm, ranging from slight to extremely harmful:

1. slightly harmful (e.g., superficial injuries; minor cuts and bruises; eye irritation from dust; nuisance and irritation; ill-health leading to temporary discomfort)

Cont…..

20


2. harmful (e.g., lacerations; burns; concussion; serious sprains; minor fractures; deafness; dermatitis; asthma; work-related upper limb disorders; ill-health)

3. extremely harmful (e.g., amputations; major fractures; poisonings; multiple injuries; fatal injuries; occupational cancer; other severely life shortening diseases; acute fatal diseases)

Cont….

21


Definition for Risk Level - Tolerability Guidance on necessary action and timescale

Very low - These risks are considered acceptable. No further action is necessary other than to ensure that the controls are maintained.

Low - No additional controls are required unless they can be implemented at very low cost (in terms of time, money, and effort). Actions to further reduce these risks are assigned low priority. Arrangements should be made to ensure that the controls are maintained.

Cont…

22


Medium - Consideration should be as to whether the risks can be lowered, where applicable, to a tolerable level and preferably to an acceptable level, but the costs of additional risk reduction measures should be taken into account.

The risk reduction measures should be implemented within a defined time period.

Arrangements should be made to ensure that controls are maintained, particularly if the risk levels area associated with harmful consequences.

Cont…..

23


High - Substantial efforts should be made to reduce the risk.

Risk reduction measures should be implemented urgently within a defined time period and it might be necessary to consider suspending or restricting the activity, or to apply interim risk control measures, until this has been completed.

Considerable resources might have to be allocated to additional control measures.

Arrangements should be made to ensure that controls are maintained, particularly if the risk levels are associated with extremely harmful consequences and very harmful consequences.

Cont….

24


Very high - These risk are unacceptable. Substantial improvements in risk control measures are

necessary so that the risk is reduced to a tolerable or acceptable level.

The work activity should be halted until risk controls are implemented that reduces the risk so that it is no longer very high. If it is not possible to reduce the risk, the work should remain prohibited.

Note: Where the risk is associated with extremely harmful consequences, further assessment is necessary to increase

confidence in the likelihood of harm.

Cont….

25


Other options include using tables such as Table 3 below

26

Cont…


OR option as Table 4 below (1 = extremely important to do something as soon as possible, 6 = hazard may not need immediate attention)

27

What are methods of hazards control?

Once you have established your top priorities, you can decide on ways to control each specific hazard. Hazard control methods are often grouped into the following categories:

elimination (including substitution), engineering controls, administrative controls, personal protective equipment.

28

Why is it important to review and monitor your assessment?

It is important to know if your risk assessment was complete and accurate.

It is also essential to be sure that changes in the workplace have not introduced new hazards or changed hazards that were once ranked as lower priority to a higher priority.

It is good practice to review your assessment on a regular basis to be sure that nothing has changed and that your control methods are effective.

Cont….

29

Why is it important to review and monitor your assessment? Cont…

Triggers for a review can also include: the start of a new project, a change in the work process or flow, a change or addition to tools, equipment, machinery

(including locations or the way they are used), new employees, moving to a new building or work area, introduction of new chemicals or substances, when new information becomes available about a current

product.

30

What documentation should be done for a risk assessment?

Keeping records of your assessment and any control actions taken is very important. You may be required to store assessments for a specific number of years. Check for local requirements in your jurisdiction.

The level of documentation or record keeping will depend on:

level of risk involved, legislated requirements, and/or requirements of any management systems that may be

in place. Your records should show that you: conducted a good hazard review, determined the risks of those hazards, implemented control measures suitable for the risk, reviewed and monitored all hazards in the workplace.

31

FAULT TREE ANALYSIS (FTA)

32

Fault Tree Analysis (FTA)

Fault Trees originated in the aerospace industry and have been used extensively by the nuclear power industry to qualify and quantify the hazards and risks.

Fortunately, this approach lends itself to computerization with a variety of computer programs commercially available.

33

Fault Tree Analysis (FTA)

Fault Tree is a method by which a particular undesired system failure mode can be expressed in terms of component failure modes and operator actions.

The system failure mode to be considered is termed the “top event” and fault tree is developed in branches below this event showing it causes.

34

Fault Tree Procedure

1. Draw the top event2. Determine major events that contribute to

the top event◦ Intermediate, basic, undeveloped or external

events

3. Parallel – AND; Series – OR4. Consider the intermediate events, what

events must occur to contribute to that intermediate event?

5. Continue until all the branches terminated by basic, undeveloped or external events.

35

Fault Tree Preliminary Steps1. Define top event

◦ High reactor temperature◦ Liquid level to high◦ Not; explosion of reactor or fire in

process2. Define existing event3. Define unallowed events4. Define physical bound of the process5. Define equipment configuration6. Define the level of resolution

36

FTA analysis involves five steps:

1 - Define the undesired event to study Definition of the undesired event can be very

hard to catch, although some of the events are very easy and obvious to observe.

An engineer with a wide knowledge of the design of the system or a system analyst with an engineering background is the best person who can help define and number the undesired events.

Undesired events are used then to make the FTA, one event for one FTA; no two events will be used to make one FTA.

37


2 - Obtain an understanding of the system Once the undesired event is selected, all causes

with probabilities of affecting the undesired event are studied and analyzed.

Getting exact numbers for the probabilities leading to the event is usually impossible for the reason that it may be very costly and time consuming to do so.

38

FTA analysis involves five steps: Cont.

Computer software is used to study probabilities; this may lead to less costly system analysis.

System analysts can help with understanding the overall system.

System designers have full knowledge of the system and this knowledge is very important for not missing any cause affecting the undesired event.

For the selected event all causes are then numbered and sequenced in the order of occurrence and then are used for the next step which is drawing or constructing the fault tree.

39


3 - Construct the fault tree After selecting the undesired event and

having analyzed the system so that we know all the causing effects (and if possible their probabilities) we can now construct the fault tree. Fault tree is based on AND and OR gates which define the major characteristics of the fault tree.

40


4 - Evaluate the fault tree After the fault tree has been assembled for

a specific undesired event, it is evaluated and analyzed for any possible improvement or in other words study the risk management and find ways for system improvement. This step is as an introduction for the final step which will be to control the hazards identified. In short, in this step we identify all possible hazards affecting in a direct or indirect way the system.

41


5 - Control the hazards identified

This step is very specific and differs largely from one system to another, but the main point will always be that after identifying the hazards all possible methods are pursued to decrease the probability of occurrence.

42

Graphic Symbols

The basic symbols used in FTA are grouped as events, gates, and transfer symbols. Minor variations may be used in FTA software.

Event Symbols Event symbols are used for primary events and

intermediate events. Primary events are not further developed on the

fault tree. Intermediate events are found at the output of a

gate.

43

event symbols

The event symbols are shown below:

The primary event symbols are typically used as follows: Basic event - failure or error in a system component or element

(example: switch stuck in open position) Initiating event - an external event (example: bird strike to aircraft) Undeveloped event - an event about which insufficient information

is available, or which is of no consequence Conditioning event - conditions that restrict or affect logic gates

(example: mode of operation in effect) An intermediate event gate can be used immediately above a

primary event to provide more room to type the event description. FTA is top to bottom approach.

44

Basic Initiating Undeveloped Conditioning Intermediate

Gate Symbols

Gate symbols describe the relationship between input and output events. The symbols are derived from Boolean logic symbols:

45

OR gate AND gate Exclusive OR gate Priority AND gate Inhibit gate

The gates work as follows:OR gate - the output occurs if any input occursAND gate - the output occurs only if all inputs occur (inputs are independent)Exclusive OR gate - the output occurs if exactly one input occursPriority AND gate - the output occurs if the inputs occur in a specific sequence specified by a conditioning eventInhibit gate - the output occurs if the input occurs under an enabling condition specified by a conditioning event

Transfer Symbols

Transfer symbols are used to connect the inputs and outputs of related fault trees, such as the fault tree of a subsystem to its system.

46

•

Transfer in

Transfer in Transfer out

Fault Tree Gates (Logic Transfer Components)

A gate is used to describe the relationship between the input and output events in a fault tree. Fault trees can have several different kinds of gates. Two kinds of gates are described and shown below

47

Other Fault Tree Logic Transfer Components

BASIC event

A fault event that needs no further definition

INTERMEDIATE

events

An event that results from the interaction of a number of other events

UNDEVELOPED event

An event that cannot be developed further due to lack of suitable information

EXTERNAL event

An event that is a boundary condition to the fault tree

TRANSFER symbols

Used to transfer the fault tree into and out of a sheet of paper

INHIBIT event

The output event will occur if the input occurs and the inhibits event occurs

OUT

IN

Inhibitcondition

48

FTA example 1 : Flat TireFlat Tire

Tire FailureRoad

Debris

Defective Tire

Worn Tire

Well defined accidents/Top event

Intermediate events

Basic events

Basic events

49

OR

OR

FTA example 2 (REFERENCE- failure rate data) Page 537

Instrument Failure rate , μController 0.29

Control valve 0.60

Flow measurement (fluids) 1.14

Flow measurement (solids) 3.75

Flow switch 1.12

Gas-liquid chromatograph 30.6

Hand valve 0.13

Indicator lamp 0.044

Level measurement (liquids) 1.7

Level measurement (solids) 6.86

Oxygen analyzer 5.65

pH meter 5.88

Pressure measurement 1.41

Pressure relief valve 0.022

Pressure switch 0.14

Solenoid valve 0.42

Stepper motor 0.044

Strip chart recorder 0.22

Thermocouple temperature measurement

0.52

Thermometer temperature measurement

0.027

Valve positioner 0.44

50

FTA example 2 (pg 540 & 556)

Components Failure rate, μ Reliability, R Failure probability, P

Pressure switch 1

0.14 0.87 0.13

Alarm indicator 0.044 0.96 0.04

Pressure switch 2

0.14 0.87 0.13

Solenoid valve 0.42 0.66 0.34

51

FTA example 2Overpressuring

of reactor

Failure of alarm indicator

Pressure

switch 1

failure

Pressure

indicator light failure

Pressure

switch 2

failure

Solenoid valve failure

Failure of emergency shutdown

P = 0.13, R = 0.87 P = 0.04, R = 0.96 P = 0.13, R = 0.87 P = 0.34, R = 0.66

P = 0.165, R = 0.835 P = 0.426, R = 0.574

P = 0.0702, R = 0.9298

52

Minimal Cut Sets

Once you have the fault tree, you can determine the min cut sets

It is the various sets of events that could lead to the top events

It can determine various combinations of events and probability of each set of events occurring

53

It begins with a top event

Its specific Used to determine min

cut sets Computer application

with reference libraries

For complicated processes, FT will be enormous

Will take a long time Not all failure modes

might have been considered

Possibility of a partial failure

Different structures if developed by different individual

Not all failure rates are known

Advantages Disadvantages

Advantages and disadvantages of FT

54

THANK YOU

……

55

Documents

Chapter 6 - Risk Assessment Ghazi