How would you answer the following question:
Is refinery A safer than refinery B?
I know a few of you would recommend quantifying risks in each refinery. This will enable us to estimate how many fatalities (on-site and off-site) can occur in the two refineries. We can thus use the predicted risk levels refinery operation to compare risks. For the sake of discussion, let us assume you performed a quantitative risk analysis and came up with following individual risk levels:
- Individual risk (IR) for Refinery A – 1 fatality every 1000 years
- Individual risk (IR) for Refinery B – 0.5 fatalities every 1000 years
Does this mean Refinery B is safer than Refinery A?
Should the workers in Refinery A be paid more for accepting additional risks?
Is risk in Refinery A unacceptable?
In order to answer the above questions, we need to look closely at the basis for estimating these risks.
Quantitative Risk Assessment (QRA)
Before getting into details here’s a quick background on Quantitative Risk Assessment (QRA). It is also referred to as Probabilistic Risk Assessment (PRA)
QRA is an accepted methodology used to quantify risks in chemical plants. Typically, in a refinery QRA you model initiating events (e.g. loss of containment) that can lead to incidents. You then estimate fatalities from fire, explosion or toxic gas exposure. The initiating event can be equipment failure or events based on scenarios from the hazard identification study such as HAZOP/HAZID/PHA.
Let us take a closer look at estimation of initiating events (the probabilistic piece of the analysis) – equipment failure and incident scenarios.
Predicting Equipment Failure
Typically, for a refinery QRA generic equipment failure data forms the basis for probabilistic estimation of loss of containment. This is historic failure data and thus represents an aggregate of equipment of various sizes and various failure modes.
For example, in an earlier post I discussed failure rate for an Above Ground Storage Tank (AST) is once every 67 years. Does it mean you will not see a failure for 67 years? Is this failure rate same for every AST? How will this failure rate be modified based on contents in the tank? What about quality of workmanship? How will maintenance and inspection affect this failure rate?
With generic failure data you cannot predict the likelihood of failure in your refinery unless you closely start analyzing the possible failure modes in details. A detailed analysis of failure modes is worthwhile for inherently high-risk operations such as chemical weapons destruction or nuclear industry. However, given the constraint on resources and data availability, one cannot do a detailed analysis of failure modes for equipment in a refinery.
This implies that failure rate being used in a QRA represents certain aggregate failure rate and is NOT representative of failures you will see in your plant. Consequently, the QRA does not an accurate representation of your plant’s risk profile.
For a major catastrophe to occur four to five things have to go wrong. Therefore, major accidents are rare events and follow unique trajectories. So even if you had identified plausible catastrophic scenarios in HAZOP and want to quantify these high-consequence scenarios using QRA…these will contribute minimally to risks in the QRA due to the fact that they have a very low likelihood.
Current State of QRA
QRAs are mandated by law in parts of Europe and I know QRAs are being performed for upcoming projects in middle-east. But as I have pointed out in the earlier paragraphs most QRAs being performed today for chemical plants and refineries are not representative of the risk profile of the plant. A QRA framework is excellent IF you are trying to compare relative risks. For example, if you are comparing risks between two configurations, two designs, two options. So besides compliance it is difficult for me to gauge benefits of performing a refinery QRA using generic failure data.
One can develop sound risk mitigation strategies even without the QRA step.