lable at ScienceDirect

Journal of Loss Prevention in the Process Industries 22 (2009) 373–380

Contents lists avai

Journal of Loss Prevention in the Process Industries

journal homepage: www.elsevier .com/locate/ j lp

ExpHAZOPþ: Knowledge-based expert system to conduct automated HAZOPanalysis

Shibly Rahman a, Faisal Khan b,*, Brian Veitch b, Paul Amyotte c

a Department of Computer Science, Memorial University, St. John’s, NL, Canada A1B 3X5b Faculty of Engineering & Applied Science, Memorial University, St. John’s, NL, Canada A1B 3X5c Department of Process Engineering and Applied Science, Dalhousie University, Halifax, NS, Canada B3J 2X4

a r t i c l e i n f o

Article history:Received 18 October 2007Received in revised form18 January 2009Accepted 28 January 2009

Keywords:HAZOPExpHAZOPþ

Knowledge-based expert systemInference engineoptHAZOP

* Corresponding author.E-mail address: fikhan@mun.ca (F. Khan).

0950-4230/$ – see front matter Crown Copyright � 2doi:10.1016/j.jlp.2009.01.008

a b s t r a c t

HAZOP (Hazard and Operability) is a preliminary and systematic approach for identifying hazards andsuggesting hazard mitigation measures in a process facility. A knowledge-based expert system,ExpHAZOPþ, has been developed to automate the manual HAZOP analysis and accelerate the process.ExpHAZOPþ comprises a graphical user interface (GUI), a knowledge-base and an inference engine. Oneof the unique features of ExpHAZOPþ is the fault propagation algorithm, an aspect of the inferenceengine, which defines the propagation of deviations to all downstream equipment. The dynamicknowledge-base of ExpHAZOPþ allows a user to update knowledge while performing the HAZOP analysisand to use that knowledge in the result. ExpHAZOPþ is easy to use and provides results in a standardreport format.

Crown Copyright � 2009 Published by Elsevier Ltd. All rights reserved.

1. Introduction

Process Hazard Analysis (PHA) ensures equipment safety andidentifies the possible hazards that may arise as a result of equip-ment malfunctions and deviations of process variables (tempera-ture, pressure, etc.) from normal operation. PHA uses differenttechniques such as fault tree analysis, event tree analysis, what–ifanalysis, and Hazard and Operability (HAZOP) analysis. HAZOP isa qualitative analysis and is used primarily for hazard identificationof a process plant before the setting up of equipment in the designstage (Khan & Abbasi, 1997a; Knowlton, 1997; Lawley, 1974;McKelvey, 1988; Sweeny, 1993). This is achieved using Piping andInstrumentation Diagrams (P&IDs), commonly referred to as Engi-neering Flow Diagrams (EFDs) that cover every vessel, conduit,valve and all control equipment in a process facility. To conducta HAZOP analysis, a P&ID is divided into different sections known asstudy nodes. A group of experts conducts brainstorming activitieswithin each study node. These experts are helped by guide words,which enable them to cover all possible malfunctions of a plant ina systematic way. The guide words often used are NONE, LESS,MORE, etc. When these guide words are applied to the processvariables (temperature, pressure, etc.) in any unit of a plant, one

009 Published by Elsevier Ltd. All

gets the corresponding process variable deviations such as MOREPRESSURE, MORE TEMPERATURE, NO FLOW, etc. These deviationsare used for detailed and focused HAZOP analysis.

In many process facilities, HAZOP analysis is conducted manu-ally. The results of such studies remain in paper form. As a result,important data are lost over time. Furthermore, the team membersperforming the analysis may become unnecessarily tied up withthe system complexities and may lose their focus. To overcomethese limitations, automated HAZOP analysis can be applied toimprove the following areas:

� significant saving of human effort and manpower cost byreviewing the most commonly occurring fault conditions;� integration of knowledge of the commonly occurring scenarios

in a current HAZOP study to be applied for future HAZOP study;� standardization of the HAZOP study process by automatically

recalling process parameters and reviewing the results;� easier tracking of the study through the automation of

commonly generated scenarios making the study morefocused.

A few tools and approaches, as described in the next section,have been developed in the past for automating the HAZOP anal-ysis. This paper aims to overcome some of the constraints of theprevious tools using a new tool: ExpHAZOPþ. ExpHAZOPþ performsautomated HAZOP analysis using a unique fault propagation

rights reserved.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380374

approach. It further uses a knowledge-base to retrieve relevantcauses and consequences for an operation or equipment failure.The overall methodology for ExpHAZOPþ is described in thesubsequent sections and illustrated using a simple case study.

2. Past tools for automated HAZOP analysis

Parmar and Lees (1987a, 1987b) used a fault propagationapproach to perform automated HAZOP analysis, and applied it tothe hazard identification of a water separation system. They repre-sented the knowledge of each process unit using qualitative faultpropagation equations and event statements for the initiation andtermination of faults. The system was implemented using Fortran77and Prolog. The systemwas efficient in identifying immediate causesand consequences, but had limited effectiveness in propagatingdeviations. Also, the existing technology was not flexible enough forthe derivation of information from the knowledge-base.

Waters and Ponton (1989) attempted to automate HAZOPanalysis using a quasi-steady state qualitative simulation approach.The system was developed in Prolog and implemented on a Sun 3/50 workstation. The resulting system was time consuming even fora simple HAZOP analysis and was considered limited for practicalapplication.

A rule-based (if–then) expert system prototype called HAZOPEXwas developed using the korn shell by Karvonen, Heino, and Suokas(1990). In HAZOPEX’s system, the knowledge-base consisted of theinformation on the structure of the process system, and rules forsearching for causes and consequences. The rules in this systemdepended on the structure of the process. Thus, an increase in thenumber of processes increases the number of rules which reducesthe generality of the system. Furthermore, the identification ofabnormal causes was emphasized more than the consequences.

Nagel (1991) developed an inductive and deductive reasoning-based approach for automatically identifying hazards in chemicalplants caused by any hazardous reactions. This analysis consisted ofonly those hazards that have the possibility of causing chemicalreactions in chemical plants. Thus, the approach was limited to onlyone type of hazard.

Chae, Yoon, and Yoon (1994) have developed a rule-basedexpert system for HAZOP study. Although it incorporates sixdifferent equipment types, the knowledge-base consists of limiteddeviations, causes and consequences. Furthermore, it does not takeinto account the fault propagation from one unit to another andsome of the relevant equipment types were omitted.

Catino and Ungar (1995) developed a prototype for automatedHAZOP analysis called Qualitative Hazard Identification (QHI). QHIworks by exhaustively positing possible faults, automaticallybuilding qualitative process models, simulating them, and checkingfor hazards. Some HAZOP analyses using QHI took seconds whileothers took days (Catino & Ungar, 1995). Some of the faults gener-ated using QHI exhausted the memory of the Sun SparcStationbeing used. As a result, its industrial application was very limited.

Venkatasubramanian and Vaidhyanathan (1996) have devel-oped a knowledge-based expert system. This is by far the mostcomprehensive system developed to date and has been appliedsuccessfully in an industrial chemical plant. The system wasdeveloped in object-oriented architecture with the G2 expert shellsystem. However, the system requires significant memory, whichrestricts its use to large machines, and the knowledge-base creationis very complex and is not accessible to users for modification.

Suh, Lee, and Yon (1997) developed a knowledge-based proto-type expert system using Cþþ. The system consists of threedifferent knowledge-bases: the unit knowledge-base, the organi-zational knowledge-base and the materials knowledge-base.Deviation, malfunction and accident analysis algorithms were used

to develop the system. The models of some process units such aspipes and control valves were developed while others, however,were left incomplete.

Khan and Abbasi (1997b) proposed a knowledge-based softwaretool called TOPHAZOP for automated HAZOP analysis. The knowl-edge-base consists of two main parts: process-specific and process-general knowledge. The process-specific knowledge has beenclassified in two main groups: objects (process unit) and theirattributes, and causes and consequences. The objects are developedin a frame structure with attributes, while causes and consequencesare developed in rule networks attached to the frame. The genericknowledge in this tool is classified in two ways: generic causes andgeneric consequences.

EXPERTOP, the follow-up tool to TOPHAZOP, was developed byKhan and Abbasi (2000). This was coded in the visual Cþþ environ-ment. One of the main features of this tool was a revised knowledge-base. The revised knowledge-base has four main features: generalprocess causes, general process consequences, process-specific cau-ses, and process-specific consequences. One of the serious limitationsof EXPERTOP was the inability to propagate a deviation to all down-stream units for possible causes and consequences.

Khan (2005) proposed a modified framework for automatedHAZOP analysis. The algorithm of this expert system consists ofthree different modules: inference engine module, knowledge-basemodule, and graphical user interface (GUI) module. The GUI is usedfor drawing P&IDs of a process system, and the inference engine ofthis system acts as a coordinator of the GUI and the knowledge-base system. However, this expert system lacks a fault propagationmechanism required for extracting the recommended causes andconsequences of process systems under study.

Even as each of these attempts has added to the precision andsophistication in automating HAZOP, a great deal remains to bedone. For example, the following limitations persist:

� the knowledge-bases for most of the systems are tied toa single process. Hence, the knowledge-base of one process iscompletely unrelated to the knowledge-base of anotherprocess;� the study node encompasses only a single piece of equipment;� the acquisition of knowledge is limited to only four types of

equipment (except the system of Chae et al. (1994) whichhandles six types of equipment);� there is no direct avenue to study fault propagation (deviation

propagation) from one unit to other;� large volumes of data regarding process and equipment have to

be keyed-in for analyzing a single deviation.

Table 1 shows all the distinguishing features of ExpHAZOPþ

compared to traditional HAZOP tools.The current work presents a comprehensive knowledge-based

expert system, with more focus towards offshore oil and gasindustries. Offshore oil and gas industries deal with processequipment that is unique to the installation. This equipment posessignificant hazards during operation. Further, as per regulatoryrequirements, offshore oil and gas process operations undergofrequent HAZOP analysis. ExpHAZOPþ can help to conduct moreeconomic, efficient and effective HAZOP studies in offshore oil andgas process plants.

3. optHAZOP

ExpHAZOPþ has its roots in the optHAZOP (optimum HAZOP)procedure developed by Khan and Abbasi (1997a). The algorithmfor the optHAZOP procedure is presented in Fig. 1. The mainelement of the optHAZOP procedure is a knowledge-based

Table 1Features comparison of ExpHAZOPþ with other traditional HAZOP tools.

HAZOP tool methodology ExpHAZOPþ tool Other traditional HAZOP tools

Graphical user interface � The study node can be defined by the user as a singlepiece of equipment or a set of equipment.� P&ID of process unit is user defined. The user can arrange

the equipment to generate different process scenarios.

� The study node consists only of a single piece of equipment.� P&ID of the process unit is application defined.

Knowledge-base system � Dynamic knowledge-base.� Dynamic update of the user-defined guide words, causes

and consequences for different sets of equipment.

� Static knowledge-base.� Update of guide words, causes and consequences

requires an expert.

Inference engine � The deviation can propagate within the study node.� The unique fault propagation algorithm helps examine the

effect of deviations to all downstream equipment forgeneral and process-specific performance.� The propagation of a deviation provides a logical relationship

between the effects of the deviation through different stages.

� Fault propagation is identified by cause and effect, graphtheory, or through cause/consequence analysis.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380 375

software tool that identifies all probable deviations in the func-tioning of a process facility. This knowledge-based software cutsthe total study time by more than 45% by identifying the failures,hazards and their causes (Khan & Abbasi, 1997a). It also reduces theexpert manpower required in manual HAZOP analysis. This enablesthe HAZOP analysis to be performed more economically andeffectively. ExpHAZOPþ enhances the idea of optHAZOP by propa-gating the deviation in any number of downstream equipmentitems in a given process facility. It also applies the concept of theknowledge-base described in optHAZOP.

4. Methodology of ExpHAZOPD

The architecture of ExpHAZOPþ consists of a graphical userinterface (GUI), a knowledge-base and an inference engine. The

Take one unit orstudy node at a

moment

Compare the studynode with unit ofINFORMATION

BASE

INFORMATIONBASE

Is the unitmatching?

Apply guidewords

Add or remove causes andconsequences due to special

behavior of unit

Are alldeviations

over?

Prepare HAZOPreport

STOP

Keep thisunit for

conventionalHAZOP

No

Yes

No NoYes

Yes

Analyze the causes andconsequences of the deviation drawn fromthe INFORMATION

BASE

Are allstudy nodes

over?

Fig. 1. The optHAZOP methodology (Khan and Abbasi, 1997a).

object-oriented architecture of ExpHAZOPþ is presented in Fig. 2.This figure demonstrates the interconnection between the threemain components.

4.1. Graphical user interface (GUI)

The GUI consists of an open interface in which users have theoption of drawing P&ID using pre-defined equipment or perform-ing the analysis using user-defined equipment. Each piece of theequipment is connected to its own knowledge-base. To add newequipment, the user inputs the equipment graphically along withthe relevant process variables, deviations, and their causes andconsequences. An example of a P&ID representing a process systemon the GUI is shown in Fig. 3.

Once the P&ID is drawn, a study node needs to be defined. In thisapplication, the study node is represented by a dotted rectangularregion (shown in Fig. 3). The study node encompasses one or morepieces of equipment. Upon defining the study node and performingthe HAZOP analysis, users have the option to store the analysis forlater use or to generate a report. General functions such as saving,opening a particular P&ID, and adding captions to the equipmentand lines for identification can also be performed in the GUI.

4.2. Knowledge-base

The knowledge-base consists of information derived from pastHAZOP analyses related to process operations, process equipment,operating problems, failure modes, and failure frequencies. It alsoincludes corrective actions required to reduce the risks of a processfacility. The information is collected using practical industrial casestudies of various offshore oil and gas process facilities.

User

Graphical editor todraw industrial flowdiagram

Graphical User Interface(GUI)

Input / Outputdevice

Report generation

Inference EngineMethod for finding abnormal causes and

consequences

Method for propagation of deviation

(Process general andspecific knowledge)

Knowledge Base

ProcessSpecificKnowledge

ProcessGeneralKnowledge

Fig. 2. The architecture of ExpHAZOPþ.

Fig. 3. The graphical user interface.

Knowledge-baseGeneral Process Knowledge

Equipment

Deviation in Parameters

Rule Network for GeneralCauses and Consequences

Suggested Solution for HazardPrevention

Specific Process Knowledge with Attributes

Equipment

Available User Deviations

Rule Network for SpecificCauses and Consequences

Suggested Solution forHazard Prevention

Fig. 4. The architecture of the knowledge-based system.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380376

One of the observations made from previous accident analysis isthat the cause of an equipment failure does not vary significantlyfrom one facility to another, although the consequences vary basedon the operating conditions, chemicals involved, and surroundingsof the facility. Therefore, the consequence is a function of theprocess type, the process condition, and the chemical in use.

The knowledge-base is characterized by seven different opera-tions commonly present in a process facility. These include:

� mass transfer operation units involving the transfer of one ormore components from one stream to another stream (e.g.extractor, adsorber, dust collector, electrostatic precipitator,filter);� heat transfer operation units involving transfer of heat from one

stream to other streams (e.g. air-cooled exchanger, carbonblock exchanger, shell and tube exchanger, plate and frameexchanger);� mass and heat transfer combined units involving both molecular

and heat transfer (e.g. distillation column);� reaction units involving chemical transformations including

oxidation (e.g. continuous stirred tank reactor, plug flowreactor, autoclave);� transportation units involving transfer or movement of chem-

icals from one place to another (e.g. piping, compressor, pump,valve);� storage units storing bulk chemicals (e.g. vessel);� other physical operations, such as mixing, compression, relief

venting, purging, relief device, etc.

The existing knowledge-base consists of 19 different pieces ofequipment. The pieces of equipment are: adsorber, air-cooledexchanger, blower, compact heat exchanger, centrifuge,compressor, cyclone, distillation column, dust collector, electro-static precipitator, extractor, filter, heat exchanger, piping, pump,reactor, temperature sensor, temperature controller, and valve.

The architecture of the knowledge-base is shown in Fig. 4 (Khan& Abbasi, 1997b, 2000). This figure describes the hierarchy or theorganization of the knowledge. The knowledge-base is separatedinto process-general and process-specific knowledge. Each piece ofequipment consists of a set of deviations. Each set of deviationsconsists of a set of causes. Each cause corresponds to a consequence.

4.2.1. Process-general knowledgeThe process-general knowledge is the information that has been

collected over the years for a particular equipment type

independent of the operation it performs. There is no attributeattached to the equipment. This information consists of equipmentdeviations with corresponding generic causes and consequences.The parameters associated with process-general knowledge are:

(1) equipment and their capacities;(2) physical state of the chemicals;(3) characteristics such as flammability, toxicity, etc;(4) physical and chemical properties of chemicals such as

vapor pressure, heat of combustion, etc.

4.2.2. Process-specific knowledgeProcess-specific knowledge is the additional knowledge

provided by an expert or HAZOP team (henceforth referred to asexpert) using ExpHAZOPþ. Upon identifying the plant operationsand the corresponding equipment, the expert adds specific attri-butes and knowledge as well as additional equipment required toperform the operation. Process-specific knowledge varies fromplant to plant and depends on the type of operation performed inthe plant. The knowledge-base for process-specific units is imple-mented in the form of ‘‘objects’’ and ‘‘rule networks’’ (Khan & Abbasi,1997b). Objects are developed using frame structures withattributes, whereas causes and consequences are developed usingan if–else rule network. The attributes associated with specificknowledge-bases consist of:

(1) types of operation;(2) equipment (operational units);(3) operating conditions;(4) atmospheric conditions;(5) chemicals in use and their properties;(6) inventories of chemicals in use;(7) interaction among different units.

4.3. Inference engine

The inference engine is an intermediary between the knowl-edge-base and the GUI. It acts as a search engine, which searchesthe causes and consequences for the user-selected deviationsthroughout the study node. The inference engine uses the faultpropagation algorithm to propagate a deviation and to identify itscauses and consequences.

Once a user draws the P&ID and selects the study node, theinference engine is used to perform a search within each piece ofequipment in the study node. This search is performed-based onthe user-specified deviation for both process-general and process-

Start

Select the starting and ending unit andinitialize process variable deviation

Select the deviation to be applied

Is this the lastequipment?

End

For eachequipmentbetweenstart and end

NONO

NO

YES

YES YES

Is thedeviationprocess-specific?

Is thedeviationprocess-specific?

Apply propagationmethod to identifyspecific causesand consequences

Apply propagationmethod to identifygeneral causes andconsequences

Select the study node toperform HAZOP analysis

Fig. 5. Fault propagation algorithm for ExpHAZOPþ.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380 377

specific knowledge. After the user chooses the starting and theending equipment along with the deviation, the deviation canpropagate all the way downstream or to the last piece of equipmentspecified by the user. If the knowledge-base does not have theinformation for the user-chosen deviation of a specific piece ofequipment, then that equipment does not produce any output.However, as a result of propagation, the next equipment item thatmight have that deviation in its knowledge-base will generate anoutput. In the end, the output result identifies all the possiblecauses and consequences that might result in the failure of equip-ment due to the user-defined deviation. The fault propagationalgorithm used to identify these deviations is described in the nextsection.

5. Fault propagation algorithm

The central idea of fault propagation is not based on anyparticular propagation equation or event statement but on thebasic assumption that faults can propagate through pipelines thatare connected to the pieces of equipment. A fault can be in the formof an increase or decrease in a process parameter such as the settemperature, pressure, or flow that is designed to perform anoperation in a process facility. Moreover, all pieces of equipmentand pipes also have a set temperature and pressure; above or belowthese set temperatures or pressures, an accident may occur. Whenthis capacity is exceeded due to an anomaly in the process facility,there is a possibility that the deviation can propagate from onepiece of equipment to another. However, to perform a HAZOPanalysis based on this consideration, it is important to identify allthe connecting equipment and pipelines in the analysis.

Furthermore, the knowledge associated with all the equipmentin the P&ID in terms of the causes and consequences of suchdeviations is also required. The knowledge-base required and theinference engine performing the search have been described inSections 4.2 and 4.3, respectively. The fault propagation algorithmuses the knowledge-base to generate the output results based onthe input deviation and equipment arrangement in the P&ID. Fig. 5shows the fault propagation algorithm for ExpHAZOPþ. In earlierstudies, the developed fault propagation algorithms for HAZOPanalysis performed only a forward search to find the causes of thedeviation and then a backward search to find the consequences asa result of a deviation. The algorithm in ExpHAZOPþ combines bothforward and backward search techniques for finding the connec-tivity of all pipes and equipment and extracting the causes andconsequences of deviation for each piece of equipment. This allowspropagation of the deviation for the identified fault to all down-stream units.

6. HAZOP analysis with ExpHAZOPD

The algorithm for HAZOP analysis implemented in ExpHAZOPþ

comprises the following steps.

6.1. Development of P&ID

The piping and instrumentation diagram (P&ID) varies from oneprocess facility to another. In order to perform the HAZOP analysis,the user must have all equipment data. The HAZOP analysis may beperformed on connected equipment as well as on individualequipment.

6.2. Selection of process-general and process-specific equipment

The process-general equipment is already available as menubuttons on the GUI. In the case of the process-specific equipment,

a user needs to provide the equipment figure data and inputparameter. The equipment data is updated to the knowledge-base.

6.3. Selection of study node

ExpHAZOPþ has the extended capability to perform HAZOPanalysis on more than one piece of equipment defined in the studynode. The study node is selected by the user to perform the HAZOPanalysis. All equipment and pipes are entered in a data structure toidentify the connectivity of the equipment and pipes inside thestudy node. Only the pieces of equipment inside the study nodesare considered as the starting and ending points of analysis.

6.4. Performing HAZOP analysis

This step involves selecting the starting and ending equipmentfor which HAZOP analysis is to be performed. The process variabledeviation applied to all equipment during the deviation propaga-tion is also selected in this step. The deviation propagation algo-rithm described in Fig. 5 is applied at this step.

6.5. Selection of path for HAZOP analysis

There can be more than one possible path from the startingequipment to the ending equipment. This path is sorted out once

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380378

the user enters the starting and ending equipment for HAZOPanalysis. If there is more than one path, then all the paths areshown to the user so that the user can choose a specific path forHAZOP analysis. The equipment knowledge-base is accessed for allequipment present in the selected path. The user performs thedesired analysis on the selected path.

6.6. Report generation

In this step, the final result of the analysis is a report formattedin Microsoft Word. The results of the analysis can be used by anexpert for audit or review purposes. This enables a given HAZOPanalysis to be more focused and less time consuming.

Fig. 7. Starting and ending equipment selection for HAZOP analysis.

7. Case study

The case study involves a HAZOP study of a hot nitric acidcooling process system. The hot nitric acid cooling process was firststudied by Lapp and Powers (1977) and subsequently used by Wang(2004) in his doctoral thesis for fault tree analysis. As this is a well-tested and widely discussed study, it has been used to test andvalidate ExpHAZOPþ in the current work.

7.1. Process description

The P&ID of the hot nitric acid cooling process is shown in Fig. 6.The nitric acid in this process is first cooled in the heat exchanger.The water flowing through the pump is used to cool and control thetemperature of the hot nitric acid through the heat exchanger.Valve 1 regulates the flow of hot nitric acid to the heat exchanger.After sensing the temperature, the temperature controller sendsa signal to valve 2 to maintain water flow. This keeps the hot nitricacid at a desired temperature. The cold acid is then finally sent tothe reactor to react with benzene to form nitrobenzene. The func-tions of each piece of equipment shown in Fig. 6 are describedbelow:

(1) valve 1 (V1): regulates the flow of hot nitric acid into theheat exchanger;

(2) pump (PU): maintains the circulation of water and suppliesthe water to the heat exchanger;

(3) heat exchanger (HE): lowers the temperature of the hotnitric acid using the water supplied by the pump;

Fig. 6. P&ID for the nitric acid cooling process.

(4) valve 2 (V2): regulates the flow of water entering the heatexchanger from the pump;

(5) temperature sensor (TS): detects the temperature of thenitric acid and sends a signal to the temperature controllerif the desired temperature is not maintained;

(6) reactor (REA): assists the reaction between nitric acid andbenzene to obtain nitrobenzene. The reaction must takeplace at a specified temperature and pressure. Hightemperature or pressure in the nitric acid reactor feed couldcause a reactor runaway.

HAZOP analysis is performed by using ExpHAZOPþ on the nitricacid plant in accordance with the steps described in Section 5.

7.1.1. Development of P&IDA P&ID (Fig. 6) is drawn according to the above process

description using the ExpHAZOPþ graphical user interface. Theequipment used in this case are valves, pump heat exchanger,temperature sensor, temperature controller and reactor.

7.1.2. Selection of process-general and process-specific equipmentAll pieces of equipment used in this case study are classed as

process-general because the data for this equipment are alreadyavailable in the knowledge-base.

7.1.3. Selection of study nodeThe study node is marked as a dotted rectangle in Fig. 6. Control

of the temperature of hot nitric acid within the reactor is requiredto run the process facility within safe limits. Excessive heat in thereactor is caused by the high flow of hot nitric acid through valve 1.The study node is thus marked from valve 1 to the reactor for thiscase study.

Fig. 8. Path selection for HAZOP analysis.

Table 2Results of the HAZOP analysis by ExpHAZOPþ.

Item Connect. equip. Deviation Causes Consequences

Valve1 More temperature from V1 Too hot supply of nitric acid Flow rate increaseValve1 More temperature from V1 Valve 1 stuck Heat exchanger temperature increaseHeat exchanger From equipment V1 pipe 1 More temperature from V1 Internal fouling occurs Reactor too hot (reactor runaway)Heat exchanger From equipment V1 pipe 1 More temperature from V1 Large external temperature Excess flow from pumpHeat exchanger From equipment V1 pipe 1 More temperature from V1 External fire Equipment/instrument damageHeat exchanger From equipment V1 pipe 1 More temperature from V1 Valve 2 stuck Temperature control failureTemperature sensor From equipment HE pipe 2 More temperature from V1 Sensor improperly operating High temperature in coolerTemperature sensor From equipment HE pipe 2 More temperature from V1 Temperature sensor stuck Improper coolingTemperature sensor From equipment HE pipe 2 More temperature from V1 Temperature sensor failure Pump load increaseReactor From equipment TS pipe 3 More temperature from V1 Heat exchanger failure Reaction temperature increaseReactor From equipment TS pipe 3 More temperature from V1 Hot nitric acid flowing Reactor runawayReactor From equipment TS pipe 3 More temperature from V1 Pump failure Reactor ruptureReactor From equipment TS pipe 3 More temperature from V1 Temperature sensor/controller failure Exceed design temperature and pressure

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380 379

7.1.4. Performing HAZOP analysisIn this case study, valve 1 is selected as the starting equipment

and the reactor is selected as the ending equipment. ‘‘MoreTemperature’’ is chosen as the deviation to be propagated fromvalve 1 to the reactor. This is done because the analysis is beingperformed for the causes and consequences of deviation due to theincrease of temperature for hot nitric acid. The input to performHAZOP analysis with ExpHAZOPþ for the case study is shown inFig. 7.

7.1.5. Selection of path for HAZOP analysisThis particular ExpHAZOPþ analysis of the nitric acid plant

generates one path from valve 1 to the reactor, which is shown inFig. 8. Each piece of equipment is represented by its symbols (e.g.valve 1 is represented by V1, heat exchanger by HE, etc.). Theconnecting pipes within the equipment are labeled by the user atthe time they are entered in the P&ID.

7.1.6. Report generationThe results for the deviation propagation of ‘‘More Tempera-

ture’’ are shown in Table 2. As valve 1 has no connecting equipment,the appropriate cells are left blank in Table 2.

7.2. Results of ExpHAZOPþ analysis

Lapp and Powers (1977) and Wang (2004) used the Fault TreeAnalysis (FTA) technique to identify and quantitatively analyze thecauses of supplying hot nitric acid to the reactor in a nitric acidcooling facility. Wang (2004) found a set of important basic causes(temperature sensor failure, temperature controller failure, anda large external fire) resulting in hot nitric acid being fed into thereactor, along with their probability of occurrence (quantitativeresults). ExpHAZOPþ analysis identified the same causes (withoutquantitative results) and also the potential consequences of theconditions.

As mentioned earlier, ExpHAZOPþ has been embedded witha fault propagation algorithm which extends its ability to map thelogical sequence of basic causes leading to an unwanted conditionin a process facility. Therefore, ExpHAZOPþ serves two purposes:first it identifies the logical sequence of basic causes for a deviation;second it identifies the ultimate consequences of the deviation(impact of deviation in one unit on others). Both of these assess-ments are qualitative, unlike FTA which is quantitative. Adding faultpropagation in the HAZOP procedure provides a more in-depthanalysis of hazard identification at an early stage of a processfacility when FTA is not generally feasible to apply due to limitedavailable data or imprecise data.

After comparing the results of FTA and ExpHAZOPþ for the samecase study, it is observed that ExpHAZOPþ identified the same

potential causes along with secondary causes (temperature sensorfailure, temperature controller failure, and reaction temperatureincrease to supply hot nitric acid into the reactor). The reportgenerated in Table 2 by ExpHAZOPþ also shows the possible causesand consequences (valve stuck, internal fouling in heat exchanger,improper temperature sensing) for other equipment in the process.It may be observed that ExpHAZOPþ provides an in-depth analysisof causes and consequences through a qualitative assessment at thestage when quantitative tools such as FTA have limited application.

8. Conclusion

An expert tool, ExpHAZOPþ, has been developed to conductautomated HAZOP analysis using a knowledge-based expertsystem. The aim of the ExpHAZOPþ tool is to integrate the expertknowledge-base with an efficient fault propagation algorithm,which can significantly reduce the expert time and effort andmanpower cost, thus improving the effectiveness of automatedHAZOP analysis by reducing repetitive work. The study nodeselection of ExpHAZOPþ enhances the user’s flexibility to analyzeprocess scenarios through which a deviation may propagate; thecorresponding causes and consequences may thus be identified.Finally, to implement the developed ExpHAZOPþ framework intoa tool, this work uses software engineering methodologies in everystage of its implementation, including the design of the architec-ture, development of the code base, and testing of the software. Thedeveloped ExpHAZOPþ tool has the following features compared toprevious automated tools.

(1) Enhanced graphical user interface: requires minimumexpertise by a user to perform HAZOP analysis for anyprocess plant.

(2) Method of identifying a study node: allows a user to drawstudy nodes consisting of a single piece of equipment ora process consisting of multiple pieces of equipment.

(3) Dynamic knowledge-base: allows a user to update knowl-edge as an addition to the existing knowledge.

(4) Fault propagation algorithm: identifies the causes andconsequences for all downstream equipment due to anunwanted event upstream.

(5) Report generation: automatically generates the outputreport for HAZOP analysis.

Acknowledgement

The authors acknowledge with gratitude the financial supportprovided for this project by Petroleum Research Atlantic Canada(PRAC). Special thanks are extended to Mr. Refaul Ferdous forhelping to prepare the manuscript.

S. Rahman et al. / Journal of Loss Prevention in the Process Industries 22 (2009) 373–380380

References

Catino, C., & Ungar, L. H. (1995). Model based approach to automated hazardidentification of chemical plants. American Institute of Chemical EngineeringJournal, 41, 97–109.

Chae, H., Yoon, Y. H., & Yoon, E. S. (1994). Safety analysis using an expert system inchemical processes. Korean Journal of Chemical Engineering, 11, 153–161.

Karvonen, I., Heino, P., & Suokas, J. (1990). Knowledge-based approach to supportHAZOP studies. Technical Research Center of Finland. Research Report.

Khan, F. I. (2005). Knowledge-based expert system framework, systems, manage-ment, and cybernetics. IEEE International Conference, 3, 2274–2280.

Khan, F. I., & Abbasi, S. A. (1997a). OptHAZOP – an effective and optimum approachfor HAZOP study. Journal of Loss Prevention in the Process Industries, 10, 191–204.

Khan, F. I., & Abbasi, S. A. (1997b). TOPHAZOP: a knowledge-based software tool forconducting HAZOP in a rapid, efficient yet inexpensive manner. Journal of LossPrevention in the Process Industries, 10, 333–343.

Khan, F. I., & Abbasi, S. A. (2000). Towards automation of HAZOP with a new toolEXPERTOP. Environmental Modelling and Software, 15, 67–77.

Knowlton, R. E. (1997). The widespread acceptability of hazard and operabilitystudies. In K. V. Raghvan, & G. Sawminathan (Eds.), Hazard assessment anddisaster mitigation. New Delhi: Oxford & IBH Publishing Company Pvt. Ltd.

Lapp, S. A., & Powers, G. J. (1977). Computer aided synthesis of fault trees. IEEETransactions Reliability, R26, 2–12.

Lawley, G. (1974). Operability studies and hazard analysis. Chemical EngineeringProgress (Loss Prevention), 70, 45–55.

McKelvey, C. (1988). How to improve the effectiveness of hazard and operabilityanalysis. IEEE Transactions Reliability, 37, 167–170.

Nagel, C. J. (1991). Identification of hazards in chemical process systems. Ph.D.Thesis, USA, MIT.

Parmar, J. C., & Lees, F. P. (1987a). The propagation of faults in process plants: hazardidentification. Reliability Engineering, 17, 277–302.

Parmar, J. C., & Lees, F. P. (1987b). The propagation of faults in process plants: hazardidentification for a water separator system. Reliability Engineering, 17, 303–314.

Suh, J. C., Lee, S., & Yon, E. S. (1997). New strategy for automated hazard analysis ofchemical plant, part 1 & 2. Journal of Loss Prevention in the Process Industries, 10,113–134.

Sweeny, J. C. (1993). ARCO chemical’s HAZOP experience. Process Safety Progress, 12,83–90.

Venkatasubramanian, V., & Vaidhyanathan, R. (1996). Experience with an expertsystem for automated HAZOP analysis. Computers and Chemical Engineering, 20,1589–1594.

Wang, Y. (2004). Development of a computer-aided fault tree synthesis method-ology for quantitative risk analysis in the chemical process industry. Ph.D.Thesis, USA, Texas A & M.

Waters, A., & Ponton, J. W. (1989). Qualitative simulation and fault propagation inprocess plants. Chemical Engineering Research & Design, 67, 407–422.