lecture-4 risk assessment and safety

8/9/2019 Lecture-4 Risk Assessment and Safety

1/49

Chemical Engineering Plant DesignCHE 441

Dr. Asim Kh an

Assistant ProfessorEmail: [email protected]

Lectu re 4


2/49

Risk Assessment & Safety


3/49

Assignment Submission

https://www.easychair.org/conferences/?conf=cepd14

3

https://www.easychair.org/conferences/?conf=cepd14https://www.easychair.org/conferences/?conf=cepd14https://www.easychair.org/conferences/?conf=cepd14https://www.easychair.org/conferences/?conf=cepd14https://www.easychair.org/conferences/?conf=cepd14


4/49

Hazard & Risk

Hazardthe property of a substance or situation

with the potential for creating damage.

Risk

the likelihood of a specific effect within

a specified period complex function of probability ,

consequences and vulnerability

4


5/49

Material Hazards

5

Short term (Safety hazard)

Long term (Health and hygiene hazard)

Permissible limits

LD50

Threshold limit value Sources of exposure

Inhalation (Cutting, Grinding, volatile liquids, gases)

Pumps and valves

Filling of tanks

Maintenance of closed systems

Annual

MSDS


6/49

Fire and Explosion Hazard

6

Flammable liquids, gases, dust

Lower flammable limits (LFL)

Upper flammable limits (UFL)

Limiting oxygen index (LOI)

Auto ignition temperature (AIT) Flash point


7/49


8/49

8


9/49

Intensification of Hazards

9

Reactors

Runaway reactions Coolant failure

Rate of exothermic reaction and cooling with

temperature

Reducing inventory

Distillation column

Large inventory at boiling Sequencing


10/49

Intensification of Hazards

10

Heat transfer operations

Location of production and consuming plants

Relief systems

Direct discharge to atmosphere under dilutionconditions

Containment

Combustion in flare

Stronger design rather than relief systems


11/49

Risk Assessment

11

Risk Analysis

Hazard Identification

Hazard & Scenario Analysis

Likelihood Consequences

Risk

• ”What if” • HAZOP

• ETA• FTA• FMEA


12/49

I suppose that I

should have done that

HAZOP Study!


13/49

The HAZOP Method

13

systematic technique for identifying hazards detect any predictable deviation (undesirable

event) in a process or a system.

systematic study of the operations in eachprocess phase.


14/49

HAZOP study team

Independent leader (e.g., not from plant studied) Preferred but complete independence not essential

Project engineer/Design Engineer Provide engineering input

Operations representative Plant operation Discipline engineers

Process

Instrument/ electrical

Mechanical/ maintenance HAZOP minute recorder

One of the above


15/49

15

HAZOP Planning and Execution

PLAN

Select Team

Examine System

Keywords

CLOSE OUT

Record/File

Completed

ActionsTRACK

ACTIONSHAZOP

Review

Meeting

TEAM

System

Assessment

Team Activity

REPORT

Action List

HAZOP

Report


16/49

16

HAZOP - Hazard and operability

HAZOP keeps all team

members focused on the

same topic and enables

them to work as a team

1 + 1 = 3

NODE: Concentrate on one location in the process

PARAMETER : Consider each process variable individually(F, T, L, P, composition, operator action, corrosion, etc.)

GUIDE WORD: Pose a series of standard questions about deviationsfrom normal conditions. We assume that we know a safe “normal”

operation.


17/49

17

HAZOP - Hazard and operability

NODE: Pipe after pump and splitter

PARAMETER*: Flow rate

GUIDE WORD*: Less (less than normal value)

• DEVIATION: less flow than normal

• CAUSE: of deviation, can be more than one

• CONSEQUENCE: of the deviation/cause

• ACTION: initial idea for correction/

prevention/mitigation

All group

members focus

on the sameissue

simultaneously


18/49

Production of DAP (continuous process)

Ammonia

Valve B

Reactor

Diammonium

Phosphate

(DAP)

Valve C

Valve A

Phosphoric Acid

Study line 1Phosphoric acid delivery line


19/49

HAZOP Study Report


20/49

Preliminary HAZOP Example

T

C

Cooling

Coils

Monomer

Feed

Cooling

Water

to Sewer

Coolin

g Water

In

Thermocoupl

e

Refer to reactor system shown.

The reaction is exothermic. A coolingsystem is provided to remove the excessenergy of reaction. In the event of cooling

function is lost, the temperature ofreactor would increase. This would leadto an increase in reaction rate leading toadditional energy release.

The result could be a runaway reactionwith pressures exceeding the bursting

pressure of the reactor. The temperaturewithin the reactor is measured and isused to control the cooling water flowrate by a valve.

Perform HAZOP Study


21/49

HAZOP on Reactor

Guide Word Deviation Causes Consequences Action

NO

REVERSE

MORE

AS WELL AS

OTHER THAN


22/49

HAZOP on Reactor

Guide Word Deviation Causes Consequences Action

NO No cooling Cooling watervalve malfunction

Temperatureincrease in reactor

Install hightemperature

alarm (TAH)

REVERSE Reverse

cooling flow

Failure of water

source resulting

in backward flow

Less cooling,

possible runaway

reaction

Install check

valve

MORE More cooling

flow

Control valve

failure, operator

fails to take action

on alarm

Too much cooling,

reactor cool

Instruct

operators on

procedures

AS WELL AS Reactor

product in

coils

More pressure in

reactor

Off-spec product Check

maintenance

procedures andschedules

OTHER THAN Another

material

besides

cooling water

Water source

contaminated

May be cooling

ineffective and

effect on the

reaction

If less cooling,

TAH will detect.

If detected,

isolate water

source. Back up

water source?


23/49

Criticality - combination of severity of an effect and the probability

or expected frequency of occurrence.

The objective of a criticality analysis is to quantify the relative

importance of each failure effect, so that priorities to reduce the

probability or to mitigate the severity can be taken.

Example formula for Criticality:

Cr = P B S

Cr : criticality numberP: probability of occurrence in an year

B: conditional probability that the severest consequence will occur

S: severity of the severest consequence

HAZOP Criticality analysis


24/49

Categories

ProbabilityP

Cond. ProbabilB

SeverityS

Very rare 1 Very low 1 Low 1

Rare 2 Low 2 Significant 2

Likely 3 Significant 3 High 3

Frequent 4 high 4 Very high 4

Example values for P, B and S


25/49

Criticality Judgement Meaning

Cr < X Acceptable No action required

X < Cr < Y Consider modification

Should be mitigated within a

reasonable time period unless costsdemonstrably outweight benefits

Cr > Y Notacceptable

Should be mitigated as soon aspossible

The values X and Y have to be determined by a decision-maker. Itmight be necessary to formulate some additional criteria, for instance:

every deviation for which the severity is classified as “very high

severity” shall be evaluated to investigate the possibilities of reducing

the undesired consequences.

Decision making


26/49

Fault Tree Analysis

Graphical representation displaying the relationship

between an undesired potential event (top event) and

all its probable causes

top-down approach to failure analysis

starting with a potential undesirable event - top event

determining all the ways in which it can occur

mitigation measures can be developed to minimize the

probability of the undesired event


27/49

Fault tree construction

AND gateThe AND-gate is used to show that the output event occurs only if

all the input events occur

OR gate

The OR-gate is used to show that the output event occurs only if one or more of the input events occur

Basic event

A basic event requires no further development because theappropriate limit of resolution has been reached

Intermediate event

A fault tree event occurs because of one or more antecedentcauses acting through logic gates have occurred

Transfer

A triangle indicates that the tree is developed further at theoccurrence of the corresponding transfer symbol

Undeveloped event

A diamond is used to define an event which is not further developed either because it is of insufficient consequence or because information is unavailable


28/49

Basic FTA example: A barrel is being filled from pipe B and Pipe C.


29/49

Example Fault Tree


30/49

Procedure

Procedure for Fault Tree Analysis

Define TOP

event

Define overall

structure.

Explore each

branch in

successive levelof detail.

Solve the fault

tree

Perform

corrections if

required and

make decisions


31/49

Procedure

Define Top Event: Use P&ID, Process description etc., to define the top event.

If its too broad, overly large FTA will result. E.g. Fire in process.

If its too narrow, the exercise will be costly. E.g. Leak in the valve.

Some good examples are: Overpressure in vessel V, Reactor hightemperature safety function fails etc.,


32/49

Procedure

Procedure for Fault Tree Analysis

Define TOP

event

Define overall

structure.

Explore each

branch in

successive level

of detail.

Solve the fault

tree

Performcorrections if

required and

make decisions


33/49

Procedure

Procedure for Fault Tree Analysis:

Define TOP

event

Define overall

structure.

Explore each

branch in


Solve the fault

tree

Perform

corrections if

required and

make decisions


34/49

Procedure

Procedure for Fault Tree Analysis:

Define TOP

event

Define overall

structure.

Explore each

branch in


Solve the faulttree

Perform

corrections ifrequired and

make decisions


35/49

Event tree analysis evaluates potential accident

outcomes that might result following an equipment

failure or process upset known as an initiatingevent. It is a “forward-thinking” process, i.e. the

analyst begins with an initiating event and

develops the following sequences of events that

describes potential accidents, accounting for boththe successes and failures of the safety functions

as the accident progresses.

Event Tree Analysis


36/49

Step 1: Identification of the initiating event

Step 2: Identification of safety function

Step 3: Construction of the event tree

Step 4: Classification of outcomes

Step 5: Estimation of the conditional probability of each branch

Step 6: Quantification of outcomes

Step 7: Evaluation

ETA Procedure


37/49


38/49

Example Event Tree


39/49

Step 1 Identify the initiating event

system or equipment failure

human error

process upset

[Example]

“Loss of Cooling Water”

to an Oxidation Reactor


40/49

Reactor

TIA

TIC

AlarmatT1

Cooling Coils

Thermocouple

High Temperature Alarm

TemperatureController

Reactor Feed

Cooling Water Out

CoolingWater In

Shutdown atT2


41/49

Step 3: Construct the Event Tree

a. Enter the initiating event and safety functions.

SAFETYFUNCTION

Oxidation reactor

high temperature

alarm alerts

operator

at temperature T1

Operator

reestablishes

cooling water flow

to oxidationreactor

Automatic

shutdown system

stops reaction attemperature T2

INITIATING EVENT:

Loss of cooling waterto oxidation reactor

FIRST STEP IN CONSTRUCTING EVENT TREE


42/49


b. Evaluate the safety functions.

SAFETYFUNCTION

Oxidation reactorhigh temperature

alarm alerts

operator

at temperature T1

Operatorreestablishes

cooling water flow

to oxidation

reactor

Automatic

shutdown system

stops reaction at

temperature T2

INITIATING EVENT:

Loss of cooling water

to oxidation reactor

REPRESENTATION OF THE FIRST SAFETY FUNCTION

Succes

s

Failure


43/49


b) Evaluate the safety functions.

SAFETYFUNCTION

Oxidation reactor

high temperaturealarm alerts

operator

at temperature T1

Operator

reestablishescooling water flow

to oxidation

reactor

Automaticshutdown system

stops reaction at

temperature T2

INITIATING EVENT:



REPRESENTATION OF THE SECOND SAFETY FUNCTION

Succes

s

Failure

If the safety function does not affect the course of the

accident, the accident path proceeds with no branch

pt to the next safety function.


44/49

Step 3: b. Evaluate safety functions.

SAFETYFUNCTION

Oxidation reactor


operator

at temperature T1

Operator


to oxidation

reactor

Automaticshutdown system

stops reaction at

temperature T2

INITIATING EVENT:



COMPLETED EVENT TREE

Succes

s

Failure

Completed !


45/49

Step 4: Describe the Accident Sequence

SAFETYFUNCTION

Oxidation reactor


operator

at temperature T1

Operator


to oxidation

reactor

Automatic

shutdown system

stops reaction at

temperature T2

INITIATING EVENT:



ACCIDENT SEQUENCES

Safe condition,return to normaloperation

Safe condition,process shutdown

Unsafe condition,runaway reaction,

operator aware ofproblem

Unstable condition,process shutdown

Unsafe condition,runaway reaction,operator unawareof problem

B

A

C D

A

AC

ACD

AB

ABD


46/49

Failure Mode and Effect Analysis (FMEA

46

Specific equipment related

Evaluates the frequency and consequences of

failure

Only focuses on component failure and does not

consider operators mistakes


47/49

47

Production of H2 from biogas


48/49

48

N

o

.

Failure mode Cause Effects Controls F C Recommendations

1

Biogas line leak

prior to the

compressor

Mechanical failure Potential

fire/explosion

Combustible gas

detectors and

ventilation

systems,periodic

line inspection and

maintenance

L H Safe Shutdown of the

system

2

Desulphurization

Unit Failure

High Biogas flow

Rate or high levelof contaminants

Unable to remove

the heat of

adsorption resultingin fire in the unit

High flow shutdown

system to the

desulphurizationunit, measurement

of impurities level

L

H

-

3 Desulphurization

Unit Failure

Deactivation of the

Catalyst in the

desulphurizationunit

Unable to remove

contaminants,

poisoning the

reformer and shift

reactor's catalysts.

Reduction in

hydrogenproduction and

increase in purge

system resulting in

temperature

increase

Switch to the

standby system,L H

Control the amount of

contaminants in the

biogas feed to thedesulphurization unit



49/49

N

o

.

Failure mode Cause Effects Controls F C Recommendations

4

Biogas Compressor

high discharge

pressure

Instrument failureOverpressure in

the reformer

Opening of

pressure relief

valve on the

compressor and

reformer

L H -

5 No Steam

Mechanical failure,

failure in utilitysystem

No steam in the

reformer, plugging

of the catalyst and

coke formation inthe tube side,

resulting in tube

side failure

Shutdown of the

system L M

Increase redundancy

in the instrumentatrionsystem

6 Low quality steam

Failure in

deionization unit of

the utility system

Congestion of the

catalyst in the

reactors, plugging

in the pipelines

Installing

conductivity

analyzer in the

steam inlet

L L -


lecture-4 risk assessment and safety

Documents