Thank you for having me hear to speakMy nameI’m here on behalf of Kent Muhlbauer, world renowned leader on pipeline risk management. Mr Muhlbauer regrets that he cannot attend this important meeting and offers his email information here for any attendee to contact him.The work that we’re about to present is a collaboration between DNV and Kent MuhlbauerBefore EE slide, discuss why I’m hereWe’eve tried to ull strengths of all thee different risk assessments together and that’s what we call the essential elementsI’ve got a lot of material here that I’m going to throw at you quicklyMy objective is to throw a lot of stuff to you, so I’d like to march quickly through this material and hit you with a lot at once
In the US, we are currently at a cross roads of sorts. We have many older RA methodologies, not designed for IMP; we have industry standards like ASME B31.8S that have missed the mark a bit, regarding RA; we have a disconnect between what the objectives of the newer pipeline regulations and the currently available guidance documents.Our regulator, PHMSA, is concerned and has issued a warning to the industry that RA must be improved. In response to that and these other concerns, we have developed the EE’s.
Discuss PHMSA viewpoint?Not sure what to say hereFocus on ingredients, not recipesIn addition to local regs
Here we have an overview of the essential elementsThese essential elements are a foundation to build onFirst, Measurements in Verifiable Units - We want absolute values in real world units which can hold weight with regulatorsProper PoF Assessment – We want a probability of failure calculation which is grounded in engineering principles and takes into account exposure, mitigation, and resistanceCharacterization of Potential Consequences- Want to capture full range of consequence scenariosFull Integration of Pipeline Knowledge – We want to bring in every piece of information you haveSufficient Granularity – Want to capture any time the risk of your pipeline changes, this could be due to a single valve or a populated areaBias management – Want conservatism of the assessment to be fully transparentProfiles of Risk – We want a continuous profile of risk along the entire pipelineProper Aggregation – I will go over the equations we have at our disposal to properly aggregate risk and account for all threats impacting a pipelineNow I will dive a little deeper into each of these elements
We start with the first element - Measurements in Verifiable UnitsNeed to clearly define failure and consequenceThen measure or estimate its occurrence over time and spaceThis allows us to produce verifiable risk estimates, free of intermediate schemes such as scoring or point assignmentsI’ve listed some example units (read slide)We are still using probability times consequence, but we have real, tangible unitsUnits embody the definition of risk (WKM)
Our next element; Proper PoF Assessment-All plausible failure mechanisms, E-M-R-As shown on the graphic below, barrier analysis-Exposure, anything that is attacking the pipeline -Example units events/mi-yr or mils per year metal loss-Mitigation, anything you have in place to stop the exposure from ever reaching the pipe, can be multiple mitigations-Resistance, at this point the exposure has gotten past any mitigation, leaving just the pipe’s inherent ability to resist failure-The three things need to be measured independently (WKM)
Two main approaches to exposure estimationactual incident counts for first (Events per mile-year (mile-yr) for time independent mechanism)Third Party DamageIncorrect operationsWeather and land movementspotential damage rate for second (MPY for degradation mechanisms)CorrosionCrackingFatigue
Measuring mitigationWe want to give credit for any and all mitigations in place….. such asCPCoatingThis could be a single strong measure or several lesser measuresThere are simple equations to aggregate these mitigations and get a overall mitigation %Specify that this reduces the exposure by a certain %, the original unit remains (mpy/ events/mi-year)Limitation of previous methodologies had no or gate option (WKM)
Estimating ResistancePipe strength is at the heart of resistance measurementsWe can use original pipe specifications, WT, gradeAlso look at historical issues such low toughness or seam typesWe also want to look at current pipe specifications gathered from inspections / FEAAlso the pipe strength for internal and external loadings
Now that we’ve established exposure, mitigation, and resistance…. We can calculate probability of failure.We first use exposure and mitigation to calculate a probability of damageWe then use the probability of damage value and resistance to calculate probability of failure* Thankfully we don’t have a lot of failures to calibrate against. Calibration based on ILI can only be done if PoD is calculated separate.Need to say something about TTF, at core of model trying to calculate TTF for every type of threatWith that TTF we can then calculate a PoFMany different types of distributions available to do this, the Poisson distribution is shownCould call TTF remaining life instead
Here we have an example (read slide example)The point of the slide is that the math is very simple and intuitive
Now let’s move on to consequenceThe risk assessment must account all possible consequence scenariosThese must include most probable and worst case scenarios and account for both ignition and contaminationI’ve listed some consequences of interest which I’m sure you’re all familiar withWe want to account for all of these in the risk assessmentThe older models always focus on the worst case consequence which isn’t the full story (WKM) start with this
Let’s continue our pervious example where we calculated a 0.14% PoF/mi-yrNow this section of the pipeline is near a highly populated area, an environmentally sensitive area, and a commercially navigable waterwayEach of these receptors will have a unit value or $/unit as well as a density or number of units/ft^2We need to calculate a hazard area for both ignition and contamination, with corresponding damage rates for eachIf you look at the image to the right of the slide you can see the hazard areas and how they intersect the pipelineWe can then use the probabilities of ignition and contamination along with the corresponding hazard areas and damage rates to get a potential lossFinally we can use our original probability value of 0.14% with our newly calculated potential loss of roughly $700,000 to get an expected loss of $7.6/year for 1 joint of pipeConsequence assessment has a lot of moving parts but it isn’t very complicatedBusy slide but the point I want to make is we have GIS tools so we can intersect square footage of all receptors, and we can tabulate all that so it comes out to simple math
The next element is the integration of pipeline knowledgeThe RA is the engine by with you can make IM decisions, however if you’re not including the right info you’re setting it up for failureWe need to bring all available information into the risk assessmentInspectionGISSMEsWe want the assessment to use all the information in that same way an SME uses the informationLots of lists in existing standards about what info to included, collective intel of organization is to be captured
We also need to ensure sufficient granularity in the risk assessmentWe do this with dynamic segmentationAny time the risk of a pipeline changes..This could be a WT change, a location class change, an environmental change..For any of these or other changes we need to capture it using a new segmentMost pipelines need at least 10 to 20 segments per km with some requiring thousands per kmYou could have 200 layers of information that are all producing their own segmentation which is why we want to use the computer to do this
Another essential element of risk assessment is Bias ManagementThe risk assessment must state the level of conservatism present in all componentsWe know that there is uncertainty surrounding every measurementWe should choose to adopt a methodology of:increased uncertainty means increased riskInappropriate bias must not be present in the assessmentFor example, historical failure frequencies may misrepresent important threats for your pipelineWe can communicate conservatism using P50, P90, or P99.9This tells us where we are on the curveModel has to state what level of conservatism it’s usingManagement or public p50Doing risk management p90 or p99.9
Now we move onto Profiles of RiskLet’s first consider the example shownWe have two very different pipelines listed hereFor scenario 1 we have an oil pipeline in a remote location with coating failure and a river running parallelFor scenario 2 we have a high pressure, large diameter gas pipeline in a high population area with 2 shallow cover locationsEven from these brief descriptions, you can easily recognize different threats, different consequence potential between the twoWe must recognize all of these changes in characteristics of the pipe and its surroundingsIn order to do this the risk assessment must produce a continuous profile of changing risks at all points along the pipelineThese 2 pipelines might have exactly the same expected loss, but the picture shows you that the risk is widely different and the risk management strategy needs to be widely differentLooking at these profiles, some risk management is obvious, but not all is obvious, you can’t begin to do risk management until you understand the profiles
This test is often overlooked. Basically, it means that you should be able to pull out a map of your system, put your finger on any point along the pipeline and determine the risk at that point—either relative or absolute. Furthermore, you should be able to find out specifically the corrosion risk, the third party risk, the types of receptors, the spill volume, etc. This may seem an obvious thing for a risk assessment to do, but you’d be surprised how many cannot do this. Some have pre-determined their risk areas so they know little about other areas (and one must wonder about this pre-determination). Others do not retain information specific to a given location. Others don’t role up risks into summary judgments. The risk information should be a characteristic of the pipeline at all points.Alert them that this is what we're teaching our auditors to do
Finally we must properly aggregate risksWe must avoid simple statistics that may mask the actual risks presentWe cannot add the probabilities; this only works for very small probabilities and will go over 100% if any threats have high probabilitiesWe also don’t want to take an average of probabilities; this will mask any outliers and hide the true risksWe must aggregate the risks using AND gates and OR gatesThe overall probability of failure is the probability of failure of one threat OR the nextThe overall probability of surviving us the probability of surviving one that AND the nextThis gives us an equation shown at the bottom of the slide to properly aggregate risks
- Incidentsper mile-year,Fatalitiesper km-year,Costs per mile-decadeOur objective is the highlighted one, it’s what everybody wantsAlong the way we’ve got these other benefits while not forcing a cookbook approach