Front Cover 1
Process Risk and Reliability Management 4
Copyright Page 5
Contents 6
Preface 14
1 Risk Management 16
Introduction 16
Technical, Process, and Occupational Safety 18
Historical Development 19
1. Safety as a Value 20
2. Codes and Standards 20
3. Workers’ Compensation 20
4. Occupational Safety 20
5. Systems Analysis 21
6. Regulations 21
7. Management Systems 21
8. Behavior-Based Safety 23
9. Safety Culture 24
Major Events 24
Health, Safety, and Environmental Programs 25
Environmental/Sustainability 25
Health 26
Safety 26
Prescriptive/Nonprescriptive 26
Safety Management Programs 28
Regulations 28
The Regulator’s Dilemma 29
Process Safety Management 29
Definition of PSM 31
Safe Limits 31
Set Point Values 33
Operating, Safe, and Emergency Limits 34
Measurement Strategies 36
Involvement 40
Thoroughness 40
Holistic 40
Environment 41
Quality Management 41
Statistical Process Control 41
ISO 9000/14001 42
Six Sigma 42
Risk 42
Components of Risk 43
Hazards 44
Consequence 44
Predicted Frequency 45
Safeguards 45
Presence of Persons 46
Single Contingency Events 47
Economies of Scale 47
Common Cause Events 48
Fukushima–Daiichi 48
Examples 48
Utility Failure 48
Instruments on Manual 48
Instrument Pluggage 49
Vibration 49
External Events 49
Maintenance Availability 49
Human Error/Untrained Personnel 49
Subjective Nature of Risk 49
Degree of Control 50
Familiarity with the Hazard 50
Direct Benefit 51
Personal Impact 51
Natural vs. Man-Made Risks 51
Recency of Events 51
Perception of the Consequence Term 51
Comprehension Time 53
Randomness 53
Regression to the Mean 53
Bias Toward Positive Evidence/Prior Beliefs 53
Availability 54
Quantification of Risk 54
Mathematical Terms 54
Frequency 54
Predicted Frequency 55
Probability 55
Likelihood and Failure Rate 55
Error/Statistical Significance Confidence 55
Failure/Fault 56
Independence and Randomness 56
FN Curves 56
Limitations 56
Acceptable Risk 58
The Third Law 59
Perfection as a Slogan 59
As Low as Reasonably Practical 60
De minimis Risk 61
Citations/“Case Law” 61
RAGAGEP 62
Indexing Methods 62
Risk Matrices 62
Consequence Matrix 62
Worker Safety 63
Public Safety and Health 63
Environmental Impact 63
Economic Loss 64
Frequency Matrix 64
Risk Matrix 65
A—(Red) Very High 66
B—(Orange) High 66
C—(Yellow) Moderate 66
D—(Green) Low 66
Other Categories 66
Limitations of Risk Matrices 67
Low-Hanging Fruit 68
Prepare for the Worst Case 68
Expensive Good Ideas 68
Black Swan Events 68
Different Industries 69
Oil Refineries 69
Offshore Oil and Gas 70
Lack of Escape Routes 71
Persons on Board 71
Cyclones/Hurricanes 72
Downers and Leaners 72
Blowouts 73
Hydrogen Sulfide 73
Dropped Objects 73
Helicopters 74
Ship Collision/Mooring Failure 74
Spill Response 74
Pipelines 74
Examples 75
Example 1—Facility Design 75
Example 2—Process Flow 76
Example 3—Heat Exchanger 77
Example 4—Risk Management Workflow 77
External Standard 78
Guidance 78
Risk Analysis Plan and Implement 78
Audit/Deltas 78
Success/Continuous Improvement 78
Example 5: Significant Potential Incident 79
2 Compliance and Standards 80
Introduction 81
Regulations 81
Rule-Based Approach 82
Goal-Driven Approach 83
Process Safety Regulations 84
Codes and Standards 85
Development of a Standard 86
Standards Organizations 87
American Chemistry Council/Responsible Care® 87
American National Standards Institute 89
American Petroleum Institute 89
American Society of Mechanical Engineers 90
International Organization for Standardization 90
National Fire Protection Association 92
Other Industry Sources 92
Center for Chemical Process Safety 92
Center for Offshore Safety 93
Chemical Safety and Hazard Investigation Board 93
Company Standards 93
Industry Information 94
Regulatory Guidance 94
Open Literature 94
Commercial Information 95
Analysis 95
United States Federal Regulations 95
The Regulatory Process 95
Code of Federal Regulations 96
General Duty Clauses 97
The Tenth Amendment to the United States Constitution 97
The EPA 98
The Occupational Safety & Health Administration
OSHA Inspections 99
Variances 100
Enforcement 100
The Entry Process 101
Fatality/Catastrophe 101
Programmed Inspections 101
Complaints 102
Citations 102
Willful 102
Serious 103
Other-than-Serious 103
Repeat and Failure-to-Abate 104
OSHA Standards 104
Part 29 104
Subparts of Part 29 104
Sections of Subparts 106
Interpretations and Guidance 106
The OSHA PSM Standard 108
Covered Processes 108
Other Standards 109
Audit Guidelines 109
National Emphasis Programs 109
Proposed Update 111
1. Atmospheric Storage Tanks 112
2. Oil and Gas Well Drilling and Servicing 112
3. Oil and Gas Production Facilities 112
4. Reactivity Hazards 113
5. Highly Hazardous Chemicals 113
6. Management System Elements 113
7. RAGAGEP 113
8. Definition of RAGAGEP 113
9. Safety Critical Equipment 114
10. Organizational Changes 114
11. Emergency Planning 114
12. Third-Party Compliance Audits 114
13. Explosives, Blasting Agents, and Pyrotechnics 114
14. Flammable Liquids and Spray Finishing 114
15. Ammonium Nitrate 114
16. Retail Facilities 115
17. Concentrations of Highly Hazardous Chemicals 115
The EPA 115
The EPA Risk Management Program—40 CFR 68 115
Tiering/Program Levels 116
Covered Chemicals 116
Formal Management System 116
Worst Case Release 116
Emergency Plan 117
Five-Year Accident History 117
BSEE 117
State Regulations 118
New Jersey Toxic Catastrophe Prevention Act 118
Delaware/Nevada 119
The Safety Case Regime 119
Elements of a Safety Case 120
Duty-Holder Responsibility 120
Responsibility of the Auditor/Assessor 120
Risk Management System 120
Management Systems 120
Living Document 121
Structure of a Safety Case 121
1. Facility Description 121
2. Safety Management System 121
3. Formal Safety Assessment 122
Preparation and Implementation 123
Assessment 123
Performance Measurement 124
International Agencies 125
Elements of PSM 125
1. Employee Participation 125
Written Plan of Action 126
Consultation 126
Access to Information 126
2. Process Safety Information 127
3. Process Hazards Analysis 129
Initial Hazard Analysis 131
Methodology 131
Issues to Address 131
Team 132
Revalidation 132
4. Operating Procedures 132
Written Down 134
Initial Startup 134
Temporary and Emergency Operations 134
Certification 134
5. Training 135
6. Contractors 137
Application 138
Employer Responsibilities 138
7. Prestartup Safety Review 139
Process Safety Information 139
Construction and Equipment 140
Procedures 140
New/Modified Facilities 140
8. Mechanical Integrity 140
Application 142
Written Procedures 142
Training 142
Inspection and Testing 143
Deficiencies 143
Quality Assurance 143
9. Hot Work 143
10. Management of Change 144
Employer Responsibility 145
Written Down 145
Replacement In-Kind 146
Factors that Affect Change 146
Training and Participation/Accountability 146
Information Base 146
Operating Procedures 146
Making the Change 147
Training/PSI/Operating Procedures 147
11. Incident Investigation 147
Investigation 148
Timing 148
Team 148
Report 148
Follow up 148
Participation 148
12. Emergency Planning and Response 148
13. Compliance Audits 151
Certification 153
Technical Qualifications 153
Report 153
Response 153
Retention of Reports 153
3 Culture and Participation 154
Introduction 154
Regulations and Standards 155
BSEE Standard for Culture 155
HSE and Culture 157
National Energy Board 157
Survey 158
Warning Flags over Your Organization 158
Flag One—Unrealistic Stretch Goals 159
Production Creep 159
Production Records 159
Initiative Overload 160
Flag Two—Excessive Cost Reduction 160
Reduction of “Nonessentials” 162
Reductions in Workforce 162
The “Big Crew Change” 163
Flattened Organizations 163
Aging Infrastructure 164
Outsourcing 164
Not Enough Time for Detailed Work 164
Project Cutbacks 164
Organizational Spread 165
Flag Three—Belief That “It Cannot Happen Here” 165
Lack of Direct Experience 165
Good Occupational Safety Performance 165
Failure to Learn from Near Misses 166
Failure to Draw on Experience Elsewhere 166
Flag Four—Overconfidence in Rule Compliance 166
Flag Five—Departmentalized Information Flow 166
Critical Safety Information Is Buried, Lost, or Diluted 167
Team Player Culture 167
Fear of Litigation 168
Mergers, Acquisitions, and Divestitures 168
Flag Six—Ineffective Audit Process 168
Softened News to Senior Managers 168
Failure to Identify Root Causes 169
Inadequate Follow-Up 169
Thinking Backward 169
Imagination 170
Culture Matrices 170
Elements of Culture 171
Ongoing and Consistent 171
Actions and Words 172
External Evaluation 172
Learning from Incidents 172
Attention to Basics/Housekeeping 173
Mergers and Acquisitions 173
Generational Differences 174
Measurement 174
Key Performance Indicators 175
Lagging and Leading Indicators 175
Lagging Indicators 176
OSHA Recordable Rate 177
Process Safety 177
Leading Indicators 178
Near Misses 179
Unplanned Maintenance 179
Process Safety Incident 179
KPI Limitations 180
Activity and Quality 180
Quality of Reporting 180
Management Elements 181
API RP 754 181
Tiers 182
Tier 1—Process Safety Event 183
Tier 2—Process Safety Event 184
Tier 3—Challenge to Safety Systems 184
Tier 4—Operating Discipline and Management System Performance 184
Data Submission 184
Selection of KPIs 184
Surveys 185
Creating a Strong Culture 186
Mission Statement 186
Guiding Tenets 187
Detailed Program 187
Behavior-Based Safety 188
Observed Hazard Card 189
Five by Five Policy 189
Off-the-Job Safety 190
Pointless Activities 190
Employee Participation 190
Developing Employee Participation 191
Safety Committees 191
Involvement in PSM elements 191
Difficulties with Workforce Involvement 192
Inefficiencies 192
Unwillingness to Accept Change 192
Labor/Management Relations 192
Stakeholder Outreach 192
4 Technical Information 194
Introduction 194
Table of Contents 195
Process Description 197
Flowsheets 197
Block Flow Diagrams 197
Process Flow Diagrams 198
Piping & Instrument Diagrams
Design Phases 200
Equipment and Line Designations 200
Instrument Designations 201
Updating P& IDs
Editing Engineering Information 201
Materials of Construction Table 202
MSDS or Safety Data Sheet 202
Global Harmonization System 205
The Safety Diamond 205
5 Hazard Identification 208
Introduction 208
Hazards Management Process 210
Step 1. Identify the Hazards 211
Creative/Imaginative Techniques 212
Experience Based 213
Logical/Rational 214
Step 2. Risk Rank 214
Step 3. Eliminate or Substitute the Hazard 214
Step 4. Remove the People 214
Step 5. Reduce the Consequence 215
Step 6. Reduce the Likelihood 215
Step 7. Install Safeguards 215
Organization of a Hazards Analysis 215
Charge/Scope Letter 217
Objective 217
Physical Scope 217
Method(s) To Be Used 217
Assigned Personnel 217
Risk Management Guidance 217
Schedule and Reporting 218
Abandoned Equipment 218
Preparations 218
Logistics 218
Meeting Protocol 219
Location of the Meeting 219
Projection of Notes 219
Documentation Requirements 220
Security of the Information 220
Time Required 220
Kick-Off and Close-Out Meetings 221
The Team 222
Leader/Facilitator 223
Process Knowledge 223
Stimulate Thinking 224
Creative Thinking 224
Casual Remarks 224
“If We had Unlimited Money” 225
Generalizations 225
Team Management 225
Knowledge of Actual Incidents 226
Lawyer-like Behavior 227
Persona 227
Personal Preparation 227
Engineering Standards 227
The Scribe 228
Operations/Maintenance Expert 228
Process and Instrument Experts 228
Specialists 228
Use of Sophisticated Language 229
The One-Minute Engineering Department 229
Results of the Analysis 230
Findings 230
Recommendations 230
Action Items 231
Risk Register 232
Finding Number and Date 232
Hazard 232
Source 233
Consequence(s)/Likelihood/Risk 233
Follow-up 233
The Hazards Analysis Report 233
Completeness of the Notes 234
Cross-Reference 235
Anonymity 235
Findings Terminology 235
Completeness 236
Nonfindings 236
Appearance 236
Pictures 236
Report Distribution 236
Communication with the Public 237
Table of Contents 237
1. Disclaimer 237
2. Executive Summary 238
3. Objectives of the Analysis 238
4. Summary of Findings 238
5. Method Used 239
6. Risk Ranking 239
7. The Team 239
8. Regulations and Standards 240
9. Attachments 240
10. Meeting Notes 240
Development of the Report 240
Step 1. Notes Cleanup 241
Step 2. Team Review 241
Step 3. Draft Report 242
Step 4. Client Review 243
Step 5. Final Report 244
Step 6. Risk Register 244
Legal Issues 244
Need to Act on Findings 246
Informal Notes 246
Internal Communication 246
PHA Leadership 247
Special Types of Hazards Analysis 247
Temporary and Transient Operations 248
Nonprocess Applications 248
Decommissioning/Demolition 248
Revalidation Hazards Analyses 249
Benefits and Limitations of Hazard Analyses 250
Strengths 250
Providing Time to Think 251
Challenging Conventional Thinking 251
Cross-discipline Communication 251
Education 251
Development of Technical Information 251
Economic Payoff 251
Limitations and Concerns 252
Imprecision in Defining Terms 253
Multiple Contingencies 253
Complexities and Subtle Interactions 253
Dynamic Conditions 254
Knowledge of Safe Operating Limits 254
Lack of Quantification 254
Team Quality 254
Personal Experience 255
Boredom 255
TRIZ 255
Confusion with Design Reviews 256
False Confidence 256
Equipment Orientation 257
Interfaces 257
Human Error 257
HAZID/MHS 258
The HAZOP Method 259
Step 1. Node Selection and Purpose 260
Selection of Nodes 261
Pressure/Spec Breaks 262
Step 2. Process Guideword/Safe Limits 262
Step 3. Identification of Hazards and their Causes 263
Step 4. “Announcement” of the Hazard 265
Step 5. Consequences 265
Step 6. Identification of Safeguards 266
Step 7. Predicted Frequency of Occurrence of the Hazard 267
Step 8. Risk Rank 268
Step 9. Findings 268
Step 10. Next Process Guideword/Node 268
Effectiveness of HAZOPs 268
Checklists 269
Checklist Categories and Guidewords 269
Structure of a Checklist 269
The What-If Method 270
Node/Functional Area Review 274
Equipment and Function Review 275
Ignition Source Controls 275
Instrumentation and Control Systems 275
Human Factors 276
Process Upsets 276
Siting 276
Structured What-If 276
Utility Systems 277
Batch Processes 277
Operating Procedures 278
Layout Reviews 278
What-If/Checklist Method 278
Failure Modes And Effects Analysis 279
Bow Tie Analysis 280
Indexing Methods 282
Interface Hazards Analysis 284
6 Operating Procedures 287
Introduction 288
Definition of Operating Procedures 292
Operations 292
Written Instructions 293
Design or Operating Intent 293
Definition of Maintenance Procedures 294
Terminology 294
Engineering the Solution 294
Quick Assessment of Operating Procedures 298
The Users 300
Experienced Technicians 300
Less Experienced Technicians 300
Engineering/Management 300
DCS/SCADA Programmers 300
Auditors, Regulators, and Inspectors 300
Translators 300
Elements of Operational Integrity Management 301
Workforce Involvement 301
Knowledge Management 301
Hazard Identification and Risk Management 303
Management of Change 303
Operational Readiness 303
Emergency Management 303
Technical Information 304
Types of Operating Procedure 304
Steady-State Operating Procedures 304
Types of Steady-State Procedure 304
Shift Change 305
Start-Up Procedures 305
Shutdown Procedures 307
Levels of Shutdown 308
Standby 308
Unit Shutdown 308
Facility Shutdown 308
Emergency Shutdown 308
Turnaround 309
Troubleshooting Procedures 309
Elements of Troubleshooting Procedures 310
Structure of Troubleshooting Procedures 311
Temporary Operating Procedures 311
Batch Procedures 312
Standard Operating Procedures 313
Maintenance Procedures 317
Job Safe Practices 317
Software Analogy 317
Modular Design 319
Connecting the Modules 320
If/Then/Else Instructions 321
Modular operating manual 321
Database Structure 322
Top-Down Development 323
Prototyping 326
Limitations of Modularity 328
Design of an Operating Manual 328
Adding and Removing Modules 331
Numbering the Modules 332
Module Design 332
The Title Block 333
Procedure name 334
Module number 335
Purpose of the procedure 335
Revision number 335
Date of revision 335
Covered persons 335
Company/Facility 336
Safe upper and lower limits 336
Special safety items 336
Equipment information 336
Training 336
The Operating Task Instructions 336
Step number column 337
Person 337
Action 338
Discussion/Illustration 338
The Authorization Block 338
Written by 339
Approval—superintendent 339
Approval—manager 339
Authorization sheet 340
Overall Module 340
Links to Other Procedures and Manuals 340
Links to Technical Information 340
Training 342
Two-Page Modules 342
Content Development 344
Level of Detail 344
Level 1—overview/checklists 344
Level 2—equipment description 345
Level 3—valve detail 345
Sources of Information 346
Existing procedures 346
Technician interviews 346
Engineering information 346
Vendor manuals 346
Process hazards analyses 347
The Procedures-Writing Team 347
Writing and Publishing 347
Project Organization 348
1. Define the Scope of Work 348
Physical Area/Equipment Covered 349
Users 349
Types of Procedure 349
Job Task Analysis 349
Design of the Manual 350
Regulations/Standards 350
Writer’s Guide 350
2. Create the Team 350
Steering Committee 350
Project Manager 351
Project Lead 351
Technicians 351
Technology Expert 352
Interviewer-Writers 352
Publisher/Webmaster 352
3. Develop a Detailed Plan 352
Schedule and Progress Metric 353
Budget 354
Prepare the SOPs 355
4. Collect Information 355
Operator Interviews 355
Existing Procedures/Vendor Manuals 355
Logbooks 356
5. Write the Procedures 356
Draft Releases 356
Plan to Throw One Away—You Will Anyway 357
6. Review and Sign 357
7. Publish 357
Potential Difficulties 358
Poorly Defined Goals 358
Too Many People 358
Extended Review Cycle 358
Lack of Signatures 359
Maintaining the Procedures 359
Procedures Modification Process 361
Organization 361
Writing Guidelines 362
Vigorous Writing 363
Minimalist Writing 363
Short, Pithy Instructions 364
Avoid Repetition of Instructions 364
Omit Needless Words 364
Omit Adverbs 364
Short and Old Words 365
Avoid Wordy Phrases and Padded Syllables 366
Writing Style 366
Imperative Tense 367
Active Voice 367
Reading Grade Level 368
List Instructions Singly 369
Implied Instructions 369
Bulleted Lists 369
Conditional Instructions 369
Positive/Negative Instructions 370
Vocabulary 370
Identification of Equipment 371
Consistency 371
Should/Would/Could 371
The Word “You” 372
The Word “This” 372
Arabic Numerals 372
Adverbs and Adjectives 372
Articles 373
Humor 373
Spelling 373
Latinate Abbreviations 374
Apostrophes 375
Ambiguous Words 375
Repetition of Messages 376
Danger, Warning, Caution, Note 376
Proofreader Marks 377
Illustrations 377
Photographs 378
P& IDs
Iconic Flow Diagrams/Schematics 378
Maps/Plot Plans 379
Publishing 380
Color 380
White Space 381
Fonts 381
Paragraph Formatting 381
Emphasis Techniques 382
Heading 382
Page Numbering 383
Single-Sided Versus Double-Sided Printing 383
Indexing 383
Glossary 383
The Binder 383
Multiple Languages 384
7 Training and Competence 385
Introduction 385
Levels of Competence 386
Level 1—Basic Skills 386
Level 2—Certification 386
Level 3—Master Technician 387
Elements of a Training Program 387
Orientation 387
Initial/Basic Training 388
Site Training 389
Abnormal Situation Management 389
Refresher Training 389
SEMS (BSEE) 390
PSM (OSHA) 390
Procedures and Training 394
Management of a Training Program 395
Training Matrix 396
Budget Allocation 396
Measuring Progress 397
Economics of Training 398
Process Simulators and Emulators 399
Features 399
Benefits 399
Simulator Design 400
Testing and Certification 402
SafeGulf 403
Pipeline Operator Training 404
8 Prestartup Reviews 405
Introduction 405
What the Review Is Not 406
Regulations 407
OSHA’s PSM 407
(i) Construction and equipment 407
(ii) Procedures 408
(iii) New/modified facilities 408
SEMS 408
Types of Review 409
Review Not Required 409
Small Projects/Engineering Changes 409
Medium Size 409
Large Projects 409
Restart Reviews 410
Organizational Responsibility 410
Time Required 411
Team Structure 411
Using the Elements of PSM 411
Knowledge Management 411
Operating Procedures 412
Asset Integrity/Reliability 412
Training/Performance 412
9 Asset Integrity 413
Introduction 413
Engineering Standards 413
Inherent Safety 414
Eliminate 414
Remove equipment 415
Remove people 415
Minimize 416
Substitute 416
Moderate 416
Equipment modification 417
Spacing 417
Underground location 417
Simplify 417
Applying Inherent Safety 418
Law of Unintended Consequences 419
Serendipity 419
Undesirable outcome 420
Original situation worse 420
Passive Safety Systems 420
Active Safety Systems 420
Administrative Safety Systems 421
Safety Critical Items 421
Priority 1 421
Priority 2 422
Priority 3 422
RAGAGEP 422
10 Management of Change 423
Introduction 423
Benefits of MOC 424
Increased Production, Productivity, and Quality 424
Maintenance Expense and Safety 424
Environmental Performance 424
Personal Reputation 425
Definition of MOC 425
Deviation Beyond Limits 426
Impact on Other Process Safety Elements 426
Critical Changes 426
In-Kind/Not-In-Kind Change 427
Same Specification 427
Same Service and Materials of Construction 428
Same Storage and Handling Process 428
Procedural Replacement 428
Process Chemistry 428
Instrumentation and Control Systems 429
Types of Change 429
Initiated Equipment Change 429
Large and small changes 430
Turnarounds 430
Field change 430
Noninitiated Equipment Change 430
Overt change 431
Covert change 431
Temporary Changes 432
Emergency Changes 433
Administrative and Organizational Change 434
Reorganization 435
Management by contractors 435
Informal Aspects of MOC 435
The MOC Process 437
Section A—Initiator Request 437
Initiator 438
Personal recognition 438
Company loyalty 438
Safety 438
Sponsor 439
Request Process 439
Step 1—problem/opportunity identified 440
Step 2—need for change 440
Step 3—corrective action 440
Step 4—system change 441
MOC Form—Section A 441
Name of the Sponsor/Initiator(s)/date 441
Description of problem and its consequences 441
Proposed change 441
Justification 443
Emergency change/temporary change 443
Previous actions taken 443
Section B—First Review 444
In-Kind/Not-In-Kind Change 445
Selecting the First Reviewers 445
MOC Form—Section B 446
Name/date 446
Discussion 446
Suggested modifications 446
Section C—Detailed Evaluation 447
Review Process 447
Information only 447
Approval 447
Modify the document 447
MOC Coordinator 449
Review Team 449
Process manager 449
Engineering manager 449
Operations manager 450
Builders 450
Project Team 450
Software 451
Reviewers 451
1. Confirm the problem 451
2. Problem analysis 451
3. Identify possible solutions 451
Qualifications 451
Experience 452
Technical knowledge 452
Feasibility 452
“Out-of-the-Box” thinking 452
Recommendations 453
MOC Form—Section C 453
Section D—Formal Approval 453
MOC Committee 453
Operations 455
Maintenance 455
Technical 455
Engineering/construction 455
Process Hazards Analysis 455
Variance Procedures 456
Section E—New Limits/Process Safety Update 456
Section F—Notification 457
Section G—Implementation 458
Section H—Follow-Up 458
11 Incident Investigation and Root Cause Analysis 460
Introduction 460
Management Level 461
Line Supervision 462
Facility Management 462
Executive Management 462
Industry Regulations and Standards 463
Incident Investigation and Analysis Philosophy 463
Trust and Candor 464
Listen to the Facts 465
Technical Expertise 465
Root Cause Analysis 465
Difficulties with “root cause” 466
Ockham’s Razor 467
Project Management 468
Attorney–Client Privilege 468
Blame and Fault Finding 468
Management Trust 469
Early Reporting of Bad News 469
Management Pressure 469
Safety as a Cause of Incidents 470
Communications 470
Technicians 470
Mid-Level Managers 471
Senior Managers 471
Definitions 471
Incident 471
Accident 472
Near Miss/Hit 472
Potential Incident 472
High Potential Incident 473
Incident Investigation Steps 473
Step 1—Initial Investigation 474
Step 2—Evaluation and Team Formation 474
Step 3—Information Gathering 475
Step 4—Timeline Development 476
Step 5—Root Cause Analysis 476
Step 6—Report and Recommendations 476
Step 1. Initial Investigation 476
The “Go Team” 476
Immediate actions 477
Team preparation 477
Drug and Alcohol Testing 478
Incident Report Form 478
Incident number 478
Title 479
Location, date, and time of event 480
Duration of event 480
Date and time of report 480
How observed 480
Person(s) reporting 480
Preliminary ranking 480
Incident type 480
Incident flags 480
First description of event 480
Immediate corrective actions taken 481
Witnesses 481
Contractor involvement 481
Detailed location 481
Consequences 481
Emergency response 482
Security issues 482
System alert 482
Incident owner/department 482
Notes and attachments 482
First Management Report 482
Step 2. Evaluation and Team Formation 483
Evaluation 483
Team Formation 484
Outside Investigators 484
Corporate Support 485
Team Members 485
Sponsor 485
Incident owner 485
Facility manager 485
Lead investigator 486
Administrator 486
Area supervisor 486
HSE representative 487
PSM coordinator 487
Employee representative 487
Process/facilities engineer 487
Maintenance technicians 487
Subject matter experts 487
Contractors/vendors 487
Emergency response specialists 487
Attorneys 488
Charter/Terms of Reference 488
Team Member Qualifications 488
Objectivity 488
Common sense 488
Jumping to conclusions 489
Haughtiness and empathy 489
Understand incident investigation methodology 490
You do know what you don’t know 490
Understand process systems 490
Logical thinking/painstaking 490
Step 3. Information Gathering 490
Interviews 491
Interview Guidelines 492
Regulatory/Legal Interviews 494
Witness Interviews 495
Interviewer Attributes 496
Rapport and trust 496
Technical skills 497
Critical factors recognition 497
Objective 497
Effective note taking 497
Management interviews 497
Documentation 497
Engineering Information 498
Operating Information 498
Instrument records 498
Log books, maintenance records, and JSAs 498
Hazards analysis reports 498
MOC records 498
Operating manuals/procedures 498
Incident investigations and audits 499
Vendor Data 499
Field Information 499
Damage Assessment 499
Photographs and DVDs 499
Closed Circuit Television 500
Instrument Records 500
Testing/Lab Analysis 500
Step 4. Timeline Development 500
Timeline Steps 501
Section 1—Events prior to the incident 501
Section 2—The incident 501
Section 3—Postincident response 501
Timeline Construction 502
Conditions 503
Multiple Timelines 503
Timeline Table 505
Background Information 506
Step 5. Root Cause Analysis 506
Levels of Root Cause 507
Single incidents 508
Multiple incidents 508
Types of Root Cause Analysis 509
Argument by Analogy: Story Telling 509
False extrapolation 510
Linearity 510
World views 510
Safeguards 511
Management Action 511
Categorization 512
Equipment failure 512
Human error as a root cause 513
Process systems failure 513
System Analysis 513
Why Trees 513
Single chain of events 514
Wrong chain 514
Fault Tree Analysis 515
Linkage of Fault Trees to the Timeline 518
Common Cause Events 518
Step 6. Report and Recommendations 519
Levels of Recommendation 520
Short-term recommendations 520
Intermediate recommendations 520
Long-term recommendations 521
Industry guidance 521
Report Structure 521
Executive summary 521
What happened? 522
What could have happened? 522
What was the cause? 522
What actions should be taken? 522
Recognition 523
Terms of reference 523
Reason for selection 523
Sequence of events 523
Consequences 523
Root causes 524
Other hazards 524
Recommendations 524
Attachments 524
Attachment A—Regulations and standards 524
Attachment B—Root cause analysis 524
Attachment C—Organization chart 524
Attachment D—Review of similar events 524
Attachment E—Investigation team 525
Attachment F—Review of modern designs 525
Attachment G—Index to pictures and documents 525
Attachment H—Detailed timeline 525
Issuing the Report 525
Writing the report 525
Presenting the report 525
Follow-up and recommendations tracking 526
Legal issues 526
Information Security and Chain of Custody 527
Record Retention 527
Removing Evidence 527
File Systems 527
Incident/Risk Register 529
Feedback 530
Incident Databases 530
National Response Center 531
Accidental Release Information Program (ARIP) Database 531
Census of Fatal Occupational Injuries (CFOI) 532
Major Accident Reporting System (MARS) 532
Marsh and McLENNAN Reviews 533
Annual Loss Prevention Symposia 533
Process Safety Beacon 533
Government Agencies 533
12 Emergency Management 534
Introduction 534
Abnormal Situation Management 535
Human Response 536
Human Error Rate 536
Fixation 536
Heroism and Buddy Loyalty 537
Troubleshooting 537
Levels of Emergency 538
Cause of Emergency 538
Emergency Operations 539
Local Emergency Response 540
General Emergency Response 540
Recovery Operations 541
Investigation and Follow-Up 541
Emergency Planning 541
Organization and Personnel 541
Emergency Response Manual 541
Emergency Procedures 543
Emergency Response Training 543
Communications 544
Emergency Shutdown 545
ESD Hierarchy 545
Shutdown Zones 545
System Reset 546
Fire and Gas Detection 547
Fire Detection 547
Fire Eyes/Flame Detectors 547
Smoke Detectors 548
Heat Detectors 549
Fusible Links 549
Low Oxygen Detectors 549
Combustible Gas Detectors 549
Manual Call Points 550
Toxic Gas Releases 550
Escape Routes 550
Firefighting 551
Single Fire Concept 551
Deluge Systems 551
Fire Zones 551
13 Audits and Assessments 553
Introduction 553
Formal Audits 555
Reasons for Audits 556
Accident follow-up 556
Regulatory/standards compliance 556
Stakeholder outreach 556
Voluntary check 556
Insurance and business security 557
Audit Standards 557
Regulations 557
Reporting requirements 557
Industry standards 558
Internal standards 558
Audit Frequency 558
Audit Personnel 558
Outside auditors 559
Internal auditors 559
Team composition 560
Auditor Attributes 560
Audit service providers 560
Interview skills 561
Technical knowledge 561
Writing skills 561
Demeanor 561
The Host Company 562
First impressions 562
Employees 563
Planning the Audit 563
Goals 563
Determine the audit standard 564
Scope 564
Budget 565
Schedule 565
One-point contact 566
Preaudit activities 566
Audit Forms 566
Conducting the Audit 567
Auditor preparation 568
Kick-off meeting 568
Plant tour 569
Information collection 569
Role of personnel 569
Interviews 569
On-site inspection 570
Closeout meeting 571
Report 571
Draft report 571
Generalities 572
Report distribution 572
Letter of certification 572
Audit verification 572
Positive findings 573
Report retention 573
Findings 574
Follow-Up 574
Unannounced Audits 574
The SEMS Audit Rule 575
SEMS II 582
Audit Requirements 582
Independent Third-Party Auditors 584
I3P Qualifications 584
National Emphasis Program 585
Reviews and Expert Assessments 585
Review Issues 586
Management systems effectiveness 586
Workforce involvement 587
Real-world usefulness 587
“Learned to live with it” problems 587
Lessons learned 587
Reviewer Attributes 587
Management Elements Assessment 588
Level 1: Risk Management 589
Level 2: Management Element Spreadsheet 589
Level 3: Detailed Questions 591
Scoring Template 592
Guidance 593
Benefits of the Elements Assessment Approach 593
Independent of events 593
Handling abstraction 594
Smoothing of results 594
Objectivity 594
14 Consequence Analysis 595
Introduction 595
Range of Consequences 596
Safety 597
Health 598
Environmental 598
Economic 598
Effect of a Release 598
Hole Size 599
Fires 599
Flammable Range 599
Ignition Temperature/Energy 600
Spontaneous Combustion 601
Ignition Sources 602
Vacuum trucks 602
Radiant heat 602
Static electricity 602
Lightning 603
Pyrophorics/iron sulfide 604
Flammability Hazard Ranking 604
Passive Fire Protection/Fireproofing 604
Explosions 605
Physical Explosions 606
Vapor Cloud Explosions 606
Deflagrations and Detonations 606
Blast Effects 607
BLEVEs 607
Dust Explosions 608
Toxic Gas Releases 608
Gas Release Modeling 608
Effect of Toxic Gases 610
Probit Equations 611
Short-Term Exposure Limits 611
Emergency response planning guidelines 612
Immediately dangerous to life and health 613
Permissible exposure limits 613
Threshold limit values 614
Short-term exposure limit 614
Levels of concern (EPA) 615
Acutely toxic concentration/levels (New Jersey/Delaware) 615
Substance hazards index 615
Location of Monitors 616
15 Frequency Analysis 617
Introduction 617
The Pareto Principle 618
Importance Ranking 618
Fault Tree Analysis 619
Gates 621
OR Gate 621
AND Gate 622
VOTING Gate 626
Events 627
Top Event 627
Intermediate Events 628
Base Events 628
House Event 629
Top-Down Development of a Fault Tree 629
1. Define the Top Event 630
2. Build the Tree 630
3. Identify the Cut Sets 633
4. Eliminate Repeat Sets 637
5. Eliminate Repeat Events in a Set 638
6. Eliminate Redundant Events 638
7. Quantify the Risk 640
Mathematics of an OR Gate 640
Mathematics of an AND Gate 641
Mathematics of a Voting Gate 642
Cut Set quantification 642
8. Risk Rank 643
Event contribution 643
Important few 644
Unimportant many 644
Power of the AND Gate 645
Importance equalization 645
Cost–benefit analysis 645
Importance Ranking Using Cut Sets 645
Birnbaum factor method 645
Fussell–Vesely method 646
Perturbation method 646
Common Cause Events 646
Fukushima-Daiichi 647
Generic Fault Trees 648
Generic safety fault tree 649
Generic reliability fault tree 652
Discussion of the Fault Tree Method 652
Qualitative FTA 653
Event Tree Analysis 653
Quantification of an Event Tree 654
Scope of Event 657
Combining Event Trees and Fault Trees 657
Short Sequence of Events 658
Many Events 658
Partial Success 659
Discrete Event Analysis 659
Nonlinearities and Complexities 659
Conveying Statistical Uncertainty 660
Monte Carlo Simulation 660
Random Number Generators 660
Seed Numbers 661
Speeding the Simulation 661
Markov Models 661
Top-Down/Bottom-Up Approach 664
Top-Down 664
Bottom-Up 664
Qualitative Insights 664
Limitations to Quantification 665
Mathematical Understanding 665
Value-Laden Assumptions 666
Lack of Exhaustivity 666
Human Behavior 666
Data Quality 666
Safeguards 667
Safeguard Level 1: Normal Operations 668
Safeguard Level 2: Procedural Safeguards 669
Safeguard Level 3: Safety Instrumented Systems 669
Safeguard Level 4: Mechanical Safeguards 670
Safeguard Level 5: Passive Safeguards 670
Safeguard Level 6: Emergency Response 670
Layer of Protection Analysis 670
The LOPA Process 671
Single Scenarios 672
IPLs 672
Specific 673
Independent 673
Dependable 673
Auditable 674
Human Response 674
Implementing LOPA 674
Team makeup 674
Timing 674
Tools 674
Procedures and inspections 674
Risk criteria 675
Failure Rate Data 675
Conditional Probability/Bayes’ Theorem 675
Evaluation of Tests 676
Sequential Observations 677
Combining Data Sources 677
16 Reliability, Availability, and Maintainability 682
Introduction 682
Benefits of a RAM Program 684
Increased Production and Profitability 684
Increased Productivity 685
Reduced Investment 685
Lower Maintenance Costs 686
Lower Inventories 686
Enhanced Customer Satisfaction 686
Personal Recognition 686
Personal Life 686
Improved Public Perception 686
Reliability and Safety 687
Hazardous Operations 687
Unsafe Process Conditions 687
Safety Bypasses 687
Transient Stresses 687
Reduced Chance of Catastrophic Losses 687
Increased Safety May Reduce Reliability 687
Loss of Experience 688
Engineering Practices 688
Daily Operations 688
Definitions 688
Reliability 688
Availability 689
Effectiveness 690
Maintainability 690
Failure Modes 691
Equipment Description 691
Primary, Secondary, and Command Failures 691
Catastrophic, Degraded, and Incipient Failures 692
Real Failures/Necessary Replacements 692
Failure Rates 692
Constant/Exponential Distribution 694
Lognormal Distribution 694
Bathtub Curve 694
Early failures 695
Constant failure rate 695
Wear-out failures 696
Reliability Block Diagrams 696
Active/Standby Redundancy 698
Quantification of Block Diagrams 698
Human Reliability 700
Types of Human Error 701
Errors of intent 701
Mistakes 701
Slips 701
Fixation 702
Error in an emergency 702
Incorrect response 702
Human Reliability Analysis 702
THERP 703
17 Managing a Risk Program 704
Introduction 704
Clients/Customers 704
Senior Management 704
Facility Managers 705
Project Managers and Design Engineers 705
Regulators/Auditors 705
Program Organization 705
Step 1—Determine the Objectives 706
Step 2—Set Up an Organization 706
Management 706
Steering committee 706
Coordinator 707
Subcommittees 708
Operating binders 708
Step 3—Create the Metrics and Baseline 710
Step 4—Develop a Plan 711
Goals 712
Resources needed 712
Develop a schedule 712
Reviews and signatures 713
Step 5—Implement the Plan 713
Step 6—Audit/Improve 714
18 Project Management 715
Introduction 715
Phase/Gate System 715
Hazards Analysis on Projects 716
Phase I—Concept Selection 718
Documents 719
Hazards Analysis 719
Phase II—Preliminary Design (FEED) 720
Documents 720
Hazards Analysis 721
Phase III—Detailed Engineering 722
Documents 722
Hazards Analysis 722
Phase IV—Fabrication and Construction 722
Precommissioning 723
Punch lists 723
Transfer of Care, Custody, and Control 724
Documents 724
Turnover packages 724
Procedures 727
Hazards Analysis 727
Phase V—Commissioning and Start-Up 727
Commissioning 727
Operational Readiness Review 727
Start-up and Line Out 728
Documents 729
Start-up procedures 729
Acceptance test 729
Warranty 729
Hazards Analysis 729
Project Organization 729
19 Contractors 731
Introduction 731
Regulations and Standards 733
OSHA PSM Standard 733
OSHA PSM Guidance 734
Application 735
Employer responsibilities 735
BSEE SEMS 735
API RP 76 736
Types of Contractor 736
Contract Companies 738
Selecting a contract company 738
Contractor HSE program 739
Design Companies 740
Subcontractors 740
Contract Workers 740
Maintenance Contractors 741
Visitors/Consultants 741
Bridging Documents 741
Operator/Contractor Bridging Document 741
Bridging Through a Regulation 742
Contractor Management 743
Contractor Selection 743
Record Keeping 744
Contractor Training 744
Safety Meetings 744
USE OF Equipment 745
Contractor Evaluation 745
Infractions 746
Contractor Training 746
Safety Meetings 746
20 The Risk Management Professional 748
Introduction 748
Attributes 749
Education and Certification 749
Technical Knowledge 749
Holistic 749
Numerate 750
Communication Skills 750
Industrial Experience 750
Knowledge of Past Events 750
Professional Involvement 751
Network 751
The Resumé/CV 751
Level of detail 751
Publications 752
Gaps/negative facts 752
Multiple resumés 752
Declining experience 752
Professional Engineer 752
Consultants 753
True Expertise 753
The Consultant as Outsider 753
Consultants—Not Contractors 754
Cuts Gordian Knots 755
Quick Study 755
Role of the Client 755
Response to Criticism 756
Marketing 756
Communicating with Management/Clients 756
Presentations 756
Meetings 757
Report Writing 757
Draft Report 758
Language of the Report 759
Completeness/Thoroughness 759
Personal Information 759
Writing Style 759
Nonemotional language 760
Minimalist writing—Make every word tell 760
Omit needless words/tautologies 760
Short, simple words 760
Minimize “soft” materials 761
Eschew obfuscation 761
Develop a theme 761
Modifiers 762
No typos 763
Date format 763
Active/passive voice 763
He/she 763
You/I 764
Choice of words 764
Use of humor 764
Copyright 765
Responsible Document Creation 765
Anecdotes/Storytelling 766
Stories 767
Elements of a Story 767
Characters 767
Setting 767
Plot 767
Conflict 768
Resolution 768
Sensitivity 768
Communicating with the Public 768
The Community 769
Other Businesses 770
The Media 770
Regulators/Nongovernmental Organizations 770
Types of Public Communication 770
Developing a Risk Communication Program 771
Communicating New Paradigms 771
Trade Secrets (OSHA) 771
Litigation Support 775
Use of Legal Services 775
Types of Litigation 776
The Participants 776
Timeline/Story Line 776
Documentation 776
The Discovery Process 777
Depositions 777
Witnesses to Fact 778
The Expert Witness 778
Acceptance by the Court 779
Daubert and Frye Rules 780
Prior Testimony 780
Timeline/Story Line 780
The Report 780
Attributes of an Expert Witness 781
To thine own self be true 781
Be prepared 781
Be a true expert 781
Be a teacher 781
“Reasonable” risk 782
Privilege 782
References 784
Index 788