The document provides a comprehensive overview of risk analysis, defining key concepts such as hazard, risk, reliability, and various risk assessment and management techniques. It highlights the importance of chemical risk analysis in the context of historical industrial accidents and establishes the procedural framework for analyzing risks through different methods, including qualitative and quantitative approaches. Additionally, it outlines regulatory standards for handling hazardous substances and techniques for implementing safety measures in industrial settings.

1. 244
RISK ANALYSIS
Prof. I. M. Mishra
Department of Chemical Engineering, IIT Roorkee, Roorkee, India – 247 667
SOME IMPORTANT DEFINITIONS
Hazard
A hazard is defined as a source of potential hazard
Risk
A measure of the potential for loss in terms of both the likelihood
(events/year) of the incident and the consequences (effects/event) of the
incident
Mathematically Risk = Σ probability of event × consequence of event
Risk Analysis
The development of a quantitative estimate of risk based on engineering evaluation
mathematical techniques for combining estimates of incident likelihood and
consequences
Risk Assessment
The process by which the results of a risk analysis (i.e., risk estimates) are
used to make decisions, either through relative ranking or through comparison
with risk targets
Risk Management
The planning, organizing, leading and controlling of an organization’s assets
and activities in ways, which minimize the adverse operational and financial
effects of accidental losses upon the organization
Reliability
It is defined as the extent to which the measurements of a test remain consistent over
repeated tests of the same subject under identical conditions
Mean-time-between-failure (MTBF)
It is the “average time between failures, the reciprocal of the failure rate in the special
case when failure rate is constant. Calculations of MTBF assume that a system is
“renewed, i.e. fixed, after each failure, and then returned to service immediately after
failure
Mathematically, MTBF = 1/λ, where λ is the failure rate.
Mean Down time is the average time between failure and being returned to service
Mean time to failure (MTTF)
It is the mean of distribution of times to failure of an item without repair

2. 245
Availability is The degree to which a system, subsystem, or equipment is operable
and in a committable state at the start of a mission, when the mission is called for at
an unknown, i.e., a random, time. Simply put, availability is the proportion of time
a system is in a functioning condition
Mathematically, A =
E [uptime]
E [uptime] E [downtime]
+
ENVIRONMENT (PROTECTION) ACT,1986
The central government, by notification in the official gazette, has notified under
Section 6(2)
(c) the procedures and safeguards for the handling of hazardous substances
(d) the prohibition and restrictions on the handling of hazardous substances in
different areas
(f) the procedures and safeguards for the prevention of accidents which may
cause environmental pollution and for providing for remedial measures for
such accidents
Under the Environment (Protection) Rules, 1986, Clause 13(l) the following factors are
to be considered while prohibiting and restricting the handling of hazardous substances
The hazardous nature of the substances in terms of its damage causing potential
to the environment, human beings, other living creatures, plants and property
The substances that may be or likely to be readily available as substitutes for the
substances proposed to be prohibited or restricted
The indigenous availability of the substitute, or the state of technology available
in the country for developing a safe substitute
The gestation period that may be necessary for gradual introduction of a new
substitute with a view to bringing about a total prohibition of hazardous
substances in question
Any other factor that may be considered by the central government to be
relevant to the protection of the environment
CODES STANDARDS FOR RISK ANALYSIS
American Institute of Chemical Engineers have Guidelines for Chemical
Process Quantitative Risk Analysis Hazard Evaluation Procedures, OSHA
has 29 CFR 1910.119, EPA Risk Management Plan (RMP)
Even in non chemical industries codes like Nuclear Regulatory Commission
NUREG/CR-2815 , IEC 61508, SEMI S10 - Safety Guideline for Risk
Assessment, S14 - Safety Guide for Fire Assessment Mitigation for
Semiconductor Manufacturing Equipment
India has its own BIS guidelines for risk assessment in BIS 18001 and also
guidelines by labor ministry, Factories act etc.
This standard prescribes requirements for an OHS Management Systems to
enable an organization to formulate a policy and objectives, taking into account
legislative requirements and information about significant hazards and risks,
which the organization can control and over which it can be expected to have
an influence, to protect its employees and others, whose health and safety may
be affected by the activities of the organization. All the requirements in this
standard are intended to be incorporated into any OHS management system.
This standard also provides imperative guidance on the use of the specification

3. 246
WHY RISK ANALYSIS?
Chemicals have become a part of our life
Chemicals have their own inherent
properties and hazards and so do the
processes by which they are manufactured
Risks posed by these highlighted by
Flixborough (1974), Bhopal (1984), Piper
Alpha(1998) Other Accidents
Government regulations and public
awareness
HISTORY OF RISK RISK ANALYSIS
In 1654, a French duke asked the famous mathematician Pascal to solve a
problem of how to divide the stakes of an unfinished game of dice when one of
the players was ahead. The laws of probability were explored
The Dutch Tulip Bulb Futures market ( the first modern stock exchange)
Developed with focus on financial matters and gambling
Realisation with industrial revolution of risks posed due to technology used in
industry
Early emphasis on nuclear industry but importance realized by Chemical
industry due to accidents like Flixborough, Bhopal, VIZAG, Piper Alpha etc.
RISK ANALYSIS
A full analysis involves the estimation of the frequency and consequences of a
range of hazards scenarios and the damages expected.
Damages include injury and loss of life, damage to the environment and equipment,
loss of work, and finally also economic loss to the plant
Risk Management Procedure
Source: www.hse-databases.co.uk
Data Input
Identify
Estimate
Likelihood
Determine
Consequences
Risk Matrix
Accept
able
Operate
Reduce
Mitigate
Transfer
Yes
No
Data Input
Identify
Estimate
Likelihood
Determine
Consequences
Risk Matrix
Accept
able
Operate
Reduce
Mitigate
Transfer
Yes
No

4. 247
RISK MANAGEMENT
Hazard identification
Hazard quantification and risk identification
Risk analysis
Risk assessment
GENERAL STEPS IN RISK ANALYSIS
The general steps in any Risk analysis technique are:
Assembling a team
Collection of data
Deciding on level of detail
Applying the technique
Documenting the results
ASSEMBLING A TEAM
A risk analysis team generally consists of
Plant safety representative (PSR)
The concerned activity supervisors and operator or the technician or
contractor’s representative as the case may be
Safety officer
External experts based on the job requirement
Contractors supervisor ( in charge of the activity ) shall also be a team
member if the job is to be done involving contractors employees
DATA COLLECTION
Incident History
Industry Experience
Site Experience
Equipment Vendor Experience
Specialty Consulting Firm Experience
Component Failure Rate Data, Handbooks
Non-electronic Parts Reliability Data
LEVEL OF DETAIL
Level of detail to be worked on is decided upon
Depends upon data and resource availability
At various stages various amount of details about the process are available and
different types of results required according to which the technique is selected
For some methodologies, the operational application is difficult to realize
because of the lack of description
APPLICATION OF TECHNIQUES
Type of technique to be applied is decided upon
A set of undesirable end states (adverse consequences) is defined, e.g., in terms
of risk to the public, loss of crew, and loss of the system
For each end state, a set of disturbances to normal operation is developed
which, if uncontained or unmitigated, can lead to the end state. These are called
initiating events (IEs)
Event tree and fault tree

5. 248
Accident scenarios are generated
These scenarios include hardware failures, human errors, fires, and natural
phenomena
The probabilities of these scenarios are evaluated using all available evidence,
primarily past experience and expert judgment
The accident scenarios are ranked according to their expected frequency of
Occurrence and represented on a risk matrix
The results are then documented according to standard procedures
SOURCES OF DATA INPUT
Chemical Usage, Contractor Activity, EHS Policies, Equipment Reliability,
External Events, Facility Process Descriptions, Historical Accident, Human
Reliability
Manuals for Policies Procedures, Engineering Design, Safety, Maintenance
and data from Material Usage, Meteorological, Population etc
METHODS FOR RISK ANALYSIS
Risk analysis can be carried out by a number of methods
Cause-Consequence Analysis, Checklist, Event Tree Analysis Failure Modes,
Effects and Criticality Analysis (FMECA) Fault Tree Analysis (FTA), Hazard
Operability Analysis (HAZOP), Bow Ties, Petri nets
Method usage depends on level of detail and resources available
CLASSIFICATION OF METHODS
The methods can be classified in to the following categories:
Qualitative
Quantitative
These can further be divided into:
Deterministic
Probabilistic
Methods for Risk Analysis
The deterministic methods take into consideration the products, the equipment
and the quantification of consequences for various targets such as people,
environment and equipment
The probabilistic methods are based on the probability or frequency of
hazardous situation apparitions or on the occurrence of potential accident
The probabilistic methods are mainly focused on failure probability of
equipment or their components
Classification of Techniques
Further classification can be done into experience based methods and
predictive methods
Experienced based methods involve use of previous experiences and results and
may not require an in depth knowledge of plant and components
The predictive methods use the knowledge of component behavior and cause
and effect relationships to develop quantifiable accident scenarios

6. 249
SOME QUALITATIVE METHODS
Preliminary Risk Analysis
In this technique, the possible undesirable events are identified first and then
analyzed separately
For each undesirable events or hazards, possible improvements, or preventive
measures are then formulated
The result from this methodology provides a basis for determining which
categories of hazard should be looked into more closely and which analysis
methods are most suitable
With the aid of a frequency / consequence diagram, the identified hazards can
then be ranked according to risk, allowing measures to be prioritized to prevent
accidents
Hazard and Operability Study
This technique is usually performed using a set of guidewords: NO / NOT,
MORE / LESS OF, AS WELL AS, PART OF REVERSE, AND OTHER
THAN
From these guidewords, scenarios that may result in a hazard or an operational
problem are identified
The consequences of the hazard and measures to reduce the frequency with
which the hazard will occur are then discussed
This technique had gained wide acceptance in process industries
Consider the following polymerisation reactor with cooling coils where an exothermic
reaction is underway

7. 250
Example of HAZOP applied cooling water system of previous figure
SOME QUALITATIVE METHODS
Failure Modes and Effects Analysis (FMEA)
This method was developed in the 1950s by reliability engineers to determine
problems that could arise from malfunctions of military system
Failure mode and effects analysis is a procedure by which each potential failure
mode in a system is analyzed to determine its effect on the system and to
classify it according to its severity
When the FMEA is extended by a criticality analysis, the technique is then
called failure mode and effects criticality analysis (FMECA)
Severity class is a measure of how a failure effects on an item
Severity classes can be generally be classified accordingly:
Critical failure: A failure which causes immediate and complete loss of an
item’s capability of providing its output
Degraded failure: A failure which is not critical, but which prevents the item
from providing its output within specifications. Such a failure would usually,
but not necessarily, be gradual or partial, and may develop into a critical failure
in time
Incipient failure: A failure which does not immediately cause loss of an item’s
capability of providing its output, but which, if not attended to, could result in a
critical or degraded failure in the near future
Unknown: Failure severity was not recorded or could not be deduced
Deviation
Possible
Causes
Potential
consequences
Recommendations
No Cooling
Failure of control
valve
Plugged cooling
line
Cooling water
failure
Controller failure
Temperature Runaway
Install back up control
valves
Filter to prevent debris
Back up controller
High temperature
emergency shut down
More Cooling
Valve fails open
Controller fails
Reactor cools leading to
reactant buildup and
runaway
Back up controllers
Instruct operators on
appropriate procedure
Less cooling
Partially plugged line
Partial water failure
Same as “No” Same as “No”
As well as Cooling
water in reactor
Lowering of pressure
Leaks in coils
Dilution of contents
Product spoilage
Level alarms
Relief check valves
Proper Maintinence
Deviation
Possible
Causes
Potential
consequences
Recommendations
No Cooling
Failure of control
valve
Plugged cooling
line
Cooling water
failure
Controller failure
Temperature Runaway
Install back up control
valves
Filter to prevent debris
Back up controller
High temperature
emergency shut down
More Cooling
Valve fails open
Controller fails
Reactor cools leading to
reactant buildup and
runaway
Back up controllers
Instruct operators on
appropriate procedure
Less cooling
Partially plugged line
Partial water failure
Same as “No” Same as “No”
As well as Cooling
water in reactor
Lowering of pressure
Leaks in coils
Dilution of contents
Product spoilage
Level alarms
Relief check valves
Proper Maintinence

8. 251
A Typical FMEA Sheet
Some Qualitative Methods
Checklists
A list of possible problems and areas
to be checked and reminds the
reviewer of potential problem areas
Easy to apply and assessment can be
performed by inexperienced
practitioners
Assessment will only be as complete
as the list used and difficulties faced
in novel process
PROS AND CONS OF QUALITATIVE TECHNIQUES
The three techniques outlined above require only the employment of hardware
familiar personnel
FMEA tends to be more labor intensive, as the failure of each individual
component in the system has to be considered
A point to note is that these qualitative techniques can be used in the design as
well as operational stage of a system
QUANTITATIVE TECHNIQUES
Quantitative methods are being given more stress
They allow for a better comparison of risk levels
Reduce subjectivity in decision making process
Important Concepts in Quantitative Risk Analysis
Reliability is defined as the extent to which the measurements of a test remain
consistent over repeated tests of the same subject under identical conditions
Mathematically
R(t) exp ( t)
= = λ
Failure
mode
Causes Effects Detection
method
Safety
provisions
Severity
class
Comments
Valve
Fails
open
Internal
Mal-
function
Operator
error
Toxic
release
Pressure
indicators
PRV II Prevent
operator
error
Valve
fails
closed
Internal
Mal-
function
Operator
error
Flow
stopped
Pressure
indicators
None IV Check for
over
Pressure
Failure
mode
Causes Effects Detection
method
Safety
provisions
Severity
class
Comments
Valve
Fails
open
Internal
Mal-
function
Operator
error
Toxic
release
Pressure
indicators
PRV II Prevent
operator
error
Valve
fails
closed
Internal
Mal-
function
Operator
error
Flow
stopped
Pressure
indicators
None IV Check for
over
Pressure
Simple Checklist for long
drive in a car
Check oil
Check tire air pressure
Check radiator fluid
Check air filter
Check head and tail lights
Check exhaust
Check petrol

9. 252
where R(t) is the reliability. The complement of reliability is called the failure
probability or unreliability, P(t), i.e.,
P(t) 1 R(t) 1 exp( t)
= − = − −λ
The failure density function, f(t), is the derivative of the failure probability
dP(t) dR(t)
f(t) exp ( t)
dt dt
= = − = λ −λ
The probability of at least one failure at a time is obtained as
1
0
t
0 1 0 1
t
P(t t ) f(t) dt exp( t ) exp ( t )
− = = λ − −λ
∫
The time interval between two failures of the component is called the mean time
between failures (MTBF) and is applied only when there is repair of the components,
equipment or systems. These are other means times too.
Failure Rate Data for Some Process Components
Interaction Between process Equipment and Instruments or Units for series
systems
n
i
R R i
= ∏
n
i
P t (1 P i)
= − −
∏
For exponential (Poisson) distribution,
n n
1 1
i 1
i
R exp ( t ) exp t
=
 
= −λ − λ
 
 
 
∑
∏ exp ( t)
= −λ
Interaction Between process Equipment and Instruments or Units for parallel
systems
For parallel systems, the system failure probability is the product of the failure
probabilities of individual components, i.e.,
Instrument Faults/year
Controller
Control valve
Flow measurement (fluids)
0.29
0.60
1.14
Flow measurement (solids)
Flow switch
Gas - liquid chromatograph
3.75
1.12
30.6
Hand valve
Indicator lamp
Level measurement (liquids)
0.13
0.044 1.70
Level measurement (solids) Oxygen analyzer pi I
meter
6.86 5.65 5.88
Pressure measurement Pressure relief valve Pressure
switch
1.41
0.022
0.14
Instrument Faults/year
Controller
Control valve
Flow measurement (fluids)
0.29
0.60
1.14
Flow measurement (solids)
Flow switch
Gas - liquid chromatograph
3.75
1.12
30.6
Hand valve
Indicator lamp
Level measurement (liquids)
0.13
0.044 1.70
Level measurement (solids) Oxygen analyzer pi I
meter
6.86 5.65 5.88
Pressure measurement Pressure relief valve Pressure
switch
1.41
0.022
0.14

10. 253
n
i
P P i
= ∏
n
i
R 1 (1 Ri)
= − −
∏ =
n
1
i
1 [ 1 exp i ( t)]
= − −λ
∏
QUANTITATIVE TECHNIQUES
Fault Tree Analysis
A fault tree is a logical diagram which shows the relation between system
failure, i.e. a specific undesirable event in the system, and failures of the
components of the system
It is a technique based on deductive logic. An undesirable event is first defined
and causal relationships of the failures leading to that event are then identified
Fault Tree analysis
Fussel (1976) notes that the fault tree analysis is of major value in
Directing the analyst to ferret out failures deductively
Pointing out the aspects of the system important in respect of the failure of
Interest
Providing a graphical aid giving visibility to those in system management who
are removed from system design changes
Providing options for qualitative on quantitative system reliability analysis
Allowing the analyst to concentrate on one particular system failure at a time
Providing the analyst with genuina insight into system behaviour
Basic Rules For Fault Tree Construction
Ground Rule 1
Write the statements that are entered in the event boxes as faults; state precisely what
the fault is and when it occurs
Ground rule 2
If the answer to the question, Can this fault consist of a component failure? is Yes,
classify the event as a stat-of-component fault. If the answer is No”. Classify the
event as a state-of-system fault
No Miracles Rule
If the normal functioning of a component propagates a fault sequence, then it is
assumed that the component functions normally
Generating Fault Trees
Complete-the-Gate rule
All inputs to a particular gate should be completely defined before further
'analysis of anyone of them is undertaken.
No Gate-to-Gate Rule
Gate inputs should be properly defined fault events, and gates should not be
directly connected to other gates

11. 254
Define precisely the top event. Events such as HIGH REACTOR TEMPERATURE
or LIQUID LEVEL TOO HIGH are precise and appropriate
Events such as EXPLOSION OF REACTOR or FIRE IN PROCESS are too vague
Define the existing event. What conditions are sure to be present when the top event
occurs?
Define the un allowed events that are unlikely or are not under consideration at the
present. This could include wiring failures, lightning, tornadoes, hurricanes, and so
forth
Define the physical bounds of the process. What components are to be considered
in the fault tree?
Define the equipment configuration. What valves are open or closed? What are the
liquid levels? Is this a normal operation state?
Define the level of resolution
Draw Fault tree using standard symbols
SYMBOLS USED IN FTA
Consider the following polymerization reactor with cooling coils
Primary Event
Block
Classic FTA
Symbol
Description
Basic Event A basic initiating fault (or failure event).
External Event
(House Event)
An event that is normally expected to occur.
In general, these events can be set to occur or not occur,
i.e. they have a fixed probability of 0 or 1.
Undeveloped Event
An event which is no further developed. It is a basic event
that does not need further resolution.
Conditioning Event
A specific condition or restriction that can apply to any
gate.
Primary Event
Block
Classic FTA
Symbol
Description
Basic Event A basic initiating fault (or failure event).
External Event
(House Event)
An event that is normally expected to occur.
In general, these events can be set to occur or not occur,
i.e. they have a fixed probability of 0 or 1.
Undeveloped Event
An event which is no further developed. It is a basic event
that does not need further resolution.
Conditioning Event
A specific condition or restriction that can apply to any
gate.
Name of Gate
Classic FTA
Symbol
Description
AND The output event occurs if all input events occur.
OR
The output event occurs if at least one of the input events
occurs.
Inhibit
The input event occurs if all input events occur and an
additional conditional event occurs.
Priority AND
The output event occurs if all input events occur in a
specific sequence.
XOR The output event occurs if exactly one input event occurs.
Name of Gate
Classic FTA
Symbol
Description
AND The output event occurs if all input events occur.
OR
The output event occurs if at least one of the input events
occurs.
Inhibit
The input event occurs if all input events occur and an
additional conditional event occurs.
Priority AND
The output event occurs if all input events occur in a
specific sequence.
XOR The output event occurs if exactly one input event occurs.

12. 255
Simple FTA for Reactor Overpressure
1 2 3 4
Reactor Overpressure
And
Alarm Failure Failure of Emergency
Shutdown
Pressure
Switch I
Fails
Pressure
Indictor
Fails
Pressure
Switch II
Fails
Solenoid
Valve
Fails
Or Or
1 2 3 4
Reactor Overpressure
And
Alarm Failure Failure of Emergency
Shutdown
Pressure
Switch I
Fails
Pressure
Indictor
Fails
Pressure
Switch II
Fails
Solenoid
Valve
Fails
Or Or

13. 256
SOLVING FAULT TREES
Consider previous figure
Two events must occur for over pressuring
Failure of the alarm indicator and failure of the emergency shutdown system.
These events must occur together so they must be connected by an AND
function
The alarm indicator can fail by either a failure of pressure switch or the alarm
indicator light. These must be connected by OR functions
Similarly, the emergency shutdown system can fail by either a failure of
pressure switch #2 or the solenoid valve. These must also be connected by an
OR function
In general, the top event could occur by a variety of different combinations of
events
The different unique sets of events leading to the top event are the minimal cut
sets
The minimal cut sets are very useful for determining the various ways in which
a top event could occur
These are mathematically solved using failure rates and theory of reliability
To estimate the overall failure probability the probabilities from the cut sets are
added together
For the above example, either events 1,3 or 2,3 or 1,4 or 2,4 could cause the top
event
For this case
P(l AND 3) = (0.13) (0.13) = 0.0169
P(2 AND 3) = (0.04) (0.13) = 0.0052
P(l AND 4) = (0.13) (0.34) = 0.0442
P(2 AND 4) = (0.04) (0.34) = 0.0136
TOTAL: 0.0799
SOME QUANTITATIVE TECHNIQUES
Event Tree Analysis
Event tree analysis - consists of an analysis of possible causes starting at a
system level and working down through the system, sub-system, equipment and
component, identifying all possible causes. (What faults might we expect? How
may they be arrived at?)
Assessment methods which allow quantifying the probability of an accident and
the risk associated with plant operation based on the graphic description of
accident sequences employ the fault tree or event tree analysis (FTA or ETA)
techniques
Typical Steps in Generating Event Trees
Identify an initiating event of interest
Identify the safety functions designed to deal with the initiating event
Construct the event tree
Describe the resulting accident event sequences

14. 257
Example of ETA Applied With Loss Of Cooling in a Polymerisation Reactor as an
Initiating Event
SOME QUANTITATIVE TECHNIQUES
Cause Consequence Analysis
Cause-consequence analysis (CCA) is a blend of fault tree and event tree
analysis. This technique combines cause analysis (described by fault trees) and
consequence analysis (described by event trees), and hence deductive and
inductive analysis is used
The purpose of CCA is to identify chains of events that can result in undesirable
consequences. With the probabilities of the various events in the CCA diagram,
the probabilities of the various consequences can be calculated, thus
establishing the risk level of the system
Typical Cause Consequence Analysis
Continue Operation
Shut Down
Shut Down
Runaway
Safety Functions: High Temp Operator Restarts Operator Shuts Result
Alerts Cooling Down Reactor
No
Yes
Loss of cooling
Consequence Consequence
Initiating event
Fault Tree
Yes No
Event Tree Side
Consequence Consequence
Initiating event
Fault Tree
Yes No
Event Tree Side

15. 258
SOME QUANTITATIVE TECHNIQUES
Bow Tie
Bow-Tie PHA methodology represents a combination of two powerful
conventional system safety techniques Fault Tree Analysis and Event Tree
Analysis
Name derived from the typical shape the diagram takes. Faults are identified
after FTA and consequences of these faults predicted sing ETA
Can be used to identify and evaluate various recovery paths from deviations and
impairments of safeguards
A Typical Bow Tie Diagram Involving an Unintended Run
Management Oversight Risk Tree
MORT is a diagram which arranges safety program elements in an orderly and
logical manner
Its analysis is carried out by means of fault tree, where the top event is
Damage, destruction, other costs, lost production or reduced credibility of the
enterprise in the eyes of society
The tree gives an overview of the causes of the top event from management
oversights and omissions or from assumed risks or both
Safety Management Organization Review Technique
This technique is structured by means of analysis levels with associated
checklists
The SMORT analysis includes data collection based on the checklists and their
associated questions, in addition to evaluation of results
The information can be collected from interviews, studies of documents and
investigations. It also serves well as a method for safety audits and planning of
safety measures
Unintended
isotherm
Heat Removal
Problem
Agitation
Failures
Misc
Causes
Mis
-Charging
Critical Checklist
Lab Analysis
Online Analysers
Operator
Overpressure
Flammable
Release
Ignition
Bad News
Coverage
Regulatory
Agency Action
Non-Ignition
Overpressure
Flammable
Release
Ignition
Bad News
Coverage
Regulatory
Agency Action
Non-Ignition

16. 259
Petri Nets
A graphical methodology based on ARTIFEX software package
A circle represents a place and a rectangle represents a transition
A Petri Net is composed of four parts, A set of places, A set of transitions, An
input function, An output function
Either bottom-up or top-down
Other techniques like GO, Diagraph modeling, Markov modeling
A Petri Net Diagram
PROS AND CONS OF QUANTITATIVE METHODS
These methods are mainly used to find cut-sets leading to the undesired events
Event tree and fault tree have been widely used to quantify the probabilities of
occurrence of accidents and other undesired events leading to the loss of life or
economic losses in probabilistic risk assessment
However, the usage of fault tree and event tree are confined to static, logic
modeling of accident scenarios. In giving the same treatment to hardware
failures and human errors in fault tree and event tree analysis, the conditions
affecting human behavior can not be modeled explicitly
QUALITATIVE VS QUANTITATIVE
Qualitative methodologies though lacking the ability to account the
dependencies between events are effective in identifying potential hazards and
failures within the system
The Quantitative techniques addressed this deficiency by taking into
consideration the dependencies between each event
The probabilities of occurrence of the undesired event can also be quantified
with the availability of operational data
RISK FROM HUMANS
Human error contributes to accident development with percentages higher than
80% for two main reasons:
Very High reliability of mechanical and electronic components
Normal Operations
Transitions
Reduced
operations

17. 260
New role of human operators in complex systems
Application of new control design principles and the extensive use of
automation have strongly modified the role of operators
Cognitive functions and organisational factors affect risk analysis much more
than behavioral and physical performances
HUMAN RELIABILITY ANALYSIS
Human Hazards Identification (Task Analysis)
Identify hazards occurring due to human error while performing standard
procedures
The task is a set of operations/actions required to achieve a set goal and assesses
what people might do while performing the operations
Questions such as “What actions do the operators perform ?”, “How do
operators respond to different cues in the environment ?”
Main limitation being that it is only applicable to human interaction with the
process
Hierarchical Task Analysis
Same methodology as task analysis, but a hierarchy is placed on the order of the
tasks to be investigated
Methodology produces either a tree structure, with the most complex task on the
top and the simplest on the bottom, or a list of steps that are required to be
performed in order to produce the required goal
The technique provides an easily understandable breakdown of the tasks and
order of which they are to be performed
Other techniques such as Human Interaction with Machine (HIM), Human Error
Analysis (HEA)
Difficult To Get Accurate Data
Data accuracy a major concern
Acquiring data a long term and tedious process
Data usually not available for novel processes
Data interpretation requires experienced personnel
Wrong assumptions may lead to overlooking of a risk or gold plating a process
Use of Risk Analysis Data
Avoidance
Discontinue the practice that creates the risk
Mitigation
Implement strategies to reduce the impact
Transfer
Purchase financial relief (Insurance)
Acceptable risk and concept of ALARP

18. 261
Fatality Statistics for common industrial and non-industrial activities
Simplified Quantitative Risk Analysis
CCPS has come out with Layer of Protection Analysis (LOPA)
LOPA is a simplified for of QRA
A layer of protection analysis (LOPA) is a powerful analytical tool for assessing
the adequacy of protection layers used to mitigate process risk
LOPA builds upon well-known process hazards analysis techniques, applying
semi-quantitative measures to the evaluation of the frequency of potential
incidents and the probability of failure of the protection layers
LOPA
LOPA can be used at any point in the lifecycle of a project or process, but it is
most cost effective when implemented during front-end loading when process
flow diagrams are complete and the PIDs are under development
Concept of independent protection layers and safety integrity level
Variations of LOPA have been devised for hazard and scenario specific studies
recent example being exLOPA for explosion risk assessment. The exLOPA is
based on the original work of CCPS for LOPA but takes into account some
typical factors appropriate for explosion

19. 262
Risk Matrix
Intelligent Systems : The Way Ahead!
The estimated cost of risk reviews in the CPI is about 1% of sales or about 10%
of profits
An intelligent system can help
Reduce the time effort and expense involved in a PHA review
Make the review more thorough, detailed, and consistent,
Minimize human errors
Free the team to concentrate on the more complex aspects of the analysis
which are unique and difficult to automate
An example is the HAZOPExpert a model-based, object-oriented, intelligent
system for automating HAZOP analysis
Generic models for routine cause and effect analyses are used for reduction of
time and for integration of process specific component knowledge
A two-tier framework is used decomposing the knowledge base into process
specific and process general knowledge, represented in an object-oriented
architecture
Its objective is to automate the routine aspects of the analysis as much as
possible, thereby freeing the team to focus on more complex aspects of the
analysis that can not be automated
Also, can be integrated with CAD systems and used during early stages of
design, to identify and decrease the potential for hazardous configurations in
later design phases where making changes could be economically prohibitive
Other well known software packages include HAZTEC, CARA BRAVO,
CAFTAN, RISKMAN, QRAS
Never Heard
on .. In
indus try
Heard on .. In
indus try
Incident
occ urred in
our company
Happens
Several times
Happens
Several times
in a location
PEO PLE AS S ET
ENVIO RM
ENT
REPUTATI
O N
A B C D E
0
No health
effect/
Injury
No damage No effect No Impact LOW
1
Sligh t
Health
effect/
injury
Sligh t
Damage
Slight effect
s ligh t
Impact
RISK
2
M ino r
Health
effect/
injury
M ino r
Damage
M ino r
effect
Limited
impact
3
M ajo r
Health
effect/
injury
Localis ed
Damaged
Localis ed
effect
Cons id erabl
e impact
MEDIUM RISK
4
1 to 3
fatalities
M ajo r
Damage
major effect
Nat ional
impact
HIGH RISK
5
M ultiple
Fatalities
Extensive
Damage
M as sive
effect
in ternationa
l impact
LIKELYHOOD
CO NS EQ UENCES
SEV
ER
IT
Y

20. 263
CONCLUSIONS
Risk is a subjective concept varying according to context
In actual industry a number of variations are applied to methods of risk analysis
and sometimes steps are completed simultaneously or given a miss according to
need and resources present
Risk analysis can be qualitative as well as quantitative. Quantitative methods
are being given more stress since they allow for a better comparison of risk
levels and reduce subjectivity in decision making process
Probabilistic risk analysis is perhaps the best methodology available at present
for application of low probability high impact systems like CPI
Intelligent systems hold the key to reduction in resource utilization and
increasing accuracy of risk analysis and hence risk assessment
There is no possibility of eliminating all hazards completely and concept of
allowable risk becomes important
END GAME
Hazards and overall risk associated with technology is a crucial element for
triggering regulatory action, public protest and a host of other problems, so it is
of utmost importance to find the origins of risks, to strengthen safeguards and
thus preserve the acceptability of hazardous facilities or activities. It constitutes
a real need then, to provide a coherent strategy to maximise performance and
minimize risk
REFERENCES
• Center for Chemical Process Safety (CCPS). Guidelines for Hazard Evaluation
Procedures, Second Edition with Worked Examples; Publication G18; American
Institute of Chemical Engineers, New York (1992)
• Lees, F. P. Loss Prevention In The Process Industries: Hazard Identification,
Assessment And Control. (2001) (3rd Ed). UK: Butterworth- Heinemann
• Crowl D, Louvar J. Chemical process safety fundamentals with applications.
(1990). Prentice Hall
• Bernstein PL . “Against the Gods: The Remarkable Story of Risk”. (1996). Wiley
New York.
• Nivolianitou Z.S. Comparison Of Techniques For Accident Scenario Analysis In
Hazardous Systems. Journal of Loss Prevention in the Process Industries, (2004), v-
17, pp- 467–475
• Wells G., Whetton C. Preliminary Safety Analysis. Journal of Loss Prevention in
the Process Industry, (1993), v-6, no 1, pp-47-60
• Venkatasubramanian V., Zhao J. Viswanathan S . Intelligent Systems For Hazop
Analysis Of Complex Process Plants. Computers and Chemical Engineering
(2000),v-24, 2291–23
• Cacciabue, P. C. Human Factors On Risks Analysis Of Complex Systems. Journal
of Hazardous Materials (2000), v-71, 101–116.
• Robert D. Choosing The Level Of Detail For Hazard Identification. Process Safety
Progress (1995), v-14, no 3