Dive right in – a thorough approach to process safety
29 October 2015
Is your Process Safety Management (PSM) audit uncovering noticeable improvements? Or, could an accident be just around the corner? Here, ABB Consulting’s Conrad Ellison makes a case for the ‘Deep Dive Audit’ approach and explains how it can be used to test safety critical element performance and identify the holes which can lead to a major hazard.
Managing process safety is never ending and requires constant attention. It’s necessary for those in leadership to routinely review what constitutes best practice in order to ensure that they are doing everything possible to prevent a major accident from occurring.
According to a report issued by the HSE, following the Buncefield court case five years ago, it was stated that: “Good process safety management does not happen by chance – it requires constant active engagement. Safety management systems at COMAH sites should specifically focus on major hazard risks and ensure that appropriate process safety indicators are used and maintained.” Organisations therefore need to ask themselves whether they are focusing on major accident scenarios and if more could be done.
A Process Safety Management System (PSMS) provides a framework of high level procedures (or risk control systems), in order to maintain protective equipment and operations in a healthy state. It is often expected that a PSM audit showing year-on-year improvement is good news. However, it can be an indication that performance has reached a plateau, which is cause for concern as a serious incident could happen at any time. Operators therefore need to consider ways in which their process safety performance can be made even more thorough and comprehensive.
To begin with, thought needs to be given as to whether the issues covered by the audit on a yearly basis are in fact the right ones. If they are not, you won’t see any improvements in the number of process safety incidents. You’re likely to find that leading Process Safety Performance Indicators (PSPIs) are not consistent with the audit performance, and the lagging indicators show a concerning trend with the number of incidents remaining the same or even increasing.
Such incidents are usually caused by failures of multiple risk control systems at a detailed level. The potential interactions between risk control systems are often not visible at the level of the PSMS, which is constructed of distinct generic elements such as mechanical integrity, incident investigation or management of change.
This means interactions may be missed in accordance with the ‘Swiss Cheese Model’ of accident causation. This is where an organisation's defences against failure are modelled as a series of barriers, represented as slices of cheese. The holes in the slices represent weaknesses in individual parts of the system and are continually varying in size and position across the slices. The system produces failures when a hole in each slice momentarily aligns, permitting what’s described as ‘a trajectory of accident opportunity’, so that a hazard passes through holes in all of the slices, leading to a failure.
The Deep Dive Audit
Figure 1: The main differences between the two types of process safety audit
With this in mind, auditing PSM system elements may not actually identify the potential for a process safety incident. What is needed is an assessment of specific accident scenarios and the verification of these specific barriers. A Deep Dive audit is therefore the solution.
It’s a holistic approach, combining safety and integrity management. The method entails a sample detailed inspection of key elements of the operation’s basis of safety, diving deeply into specific hazard scenarios. It involves identifying layers of protection and verifying that these layers are correctly in place, in use and are effective. The findings can be extrapolated to reach conclusions on the effectiveness of some elements of the PSMS.
This method provides assurance that process safety is being managed appropriately. It aims to complement conventional PSM audits without replacing them. It takes them on to the next level and identifies issues that wouldn’t normally be picked up on from a regular audit (Figure 1 above). This type of audit can be undertaken in approximately three days whereas the PSM audit can take up to three weeks. This makes it a rapid and practical assessment process. Crucially, it identifies if PSM is delivering on site and does so in a collaborative way, which requires minimal preparation from the operators.
As mentioned, the main focus of a Deep Dive audit is to analyse major accident scenarios and their associated barriers and to provide rigorous assurance that they are working effectively. In summary, this type of audit is designed to:
• establish all major accident scenarios;
• confirm the basis of safety (BoS) is robust;
• check that the design of barriers allows for the required risk reduction and that they are installed correctly;
• ensure barriers are appropriately maintained and tested; and
• confirm workforce competency with barrier management.
Collectively the above provides an overview of the process safety ‘vital signs’ and ensures that best practice in management systems is being achieved. A benefit of the Deep Dive approach is that it’s applicable to Seveso Directive and non-Seveso Directive facilities with process safety issues. It identifies specific actions relating to scenarios as well as generic site-wide issues and the methodology aligns to that employed by regulatory bodies during interventions. It’s an approach which can be used to benchmark across a number of sites.
Deep Dive Audit activity timeline
DAY 1 – Understanding
How does the site manage its process safety?
A range of hazard analysis reports such as HAZID and HAZOP reports must be reviewed to identify major accidents and the required barriers. Based on these, a list of varying high-risk scenarios for the detailed Deep Dive audit can be established with a view to assessing the different types of prevention, control and mitigation barriers.
DAY 2 – Verification and field visit
What layers of protection are in place for the key scenarios?
Verification is then sought for the effective functioning of each scenario and its associated barriers. There are three foci to this stage: barrier verifications; processes and the people operating them.
Experience has shown that the best results can be obtained by deploying two process safety specialists as assessors; one with a PSMS and operations background and the other with a plant engineering and asset integrity management background.
Figure 2: The top 10 findings uncovered through Deep Dive Audits
Onsite process engineers, operating managers and maintenance engineers, also provide a valuable source of knowledge to help with the understanding of major accident scenarios.
Part of this process is conducting a field visit which focuses on verifying specific barriers. This has two purposes, firstly to physically check that safeguards are installed in line with the design intent, for example that relief devices are in place and that passive fire protection and secondary containment are in good condition. Photographs of deficiencies provide high-impact evidence to site management. The second purpose is to talk to operators and maintenance technicians about their understanding of the process and of the major accident hazard that is being assessed. This gives an insight into the quality and experience of staff and the quality of process-specific training that they have received.
Through conducting such visits, ABB Consulting has had several cases where we’ve found operators are unaware of the emergency procedures necessary for preventing the escalation of incidents. Other issues regularly highlighted at the verification stage have included: inhibited alarms, non-Atex approved equipment in hazardous areas and gaps in earth and lightning protection testing (Figure 2 above).
DAY 3 – Reporting
Carrying out additional verifications and forming feedback
The audit report provides details of the assessment for each barrier, along with a decision on whether it is working effectively or whether a related weakness needs to be addressed. This could relate to the plant, processes or people involved.
Preventing process incidents from occurring is at the heart of process safety management. Therefore it makes sense to devote some assurance effort directly to the scenarios themselves, focusing on the specific risks and layers of protection.
This is why more operators are choosing to carry out Deep Dive audits across several global sites in order to provide a time efficient snapshot of performance, and to benchmark sites in order to identify those requiring greater senior management attention.
Unlike conventional PSM audits the findings are at a detailed level, and can benefit not only the scenarios under assessment, but many similar scenarios by discovering weaknesses in the generic risk controls. For example, the findings that a relief system has used an out-of-date sizing method may result in an action to look at a number of similar pressure relief systems.
Although the scope of the Deep Dive audit is limited when compared to a conventional PSM audit, it provides a high degree of confidence that barriers are working effectively. It helps to maintain a focus on major accident hazards and improve the understanding of site personnel and standard of documentation. It aligns with line management responsibilities for specific processes and assets, and it directly exposes risks of major accident hazards, thus providing real time assurance to senior management. It is fast becoming a necessary accompaniment to the traditional audit, as it takes process safety onto the next level.
About the author:
Conrad Ellison is Principal Safety Consultant at ABB Consulting, UK. He is a Fellow of the Institution of Chemical Engineers and has 27 years of process engineering and process safety experience.
Contact Details and Archive...