0% found this document useful (0 votes)

25 views99 pages

Lecture 6 - Risk - Assessment

The document outlines the process of hazard analysis and risk assessment, emphasizing the identification of potential hazards, assessment of risks, and implementation of measures to reduce risks. It discusses the importance of thorough analysis before design begins and the necessity of documenting results to verify effectiveness. Additionally, it highlights case studies of disasters to illustrate the consequences of inadequate hazard management.

Uploaded by

abidprove7

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

25 views99 pages

Lecture 6 - Risk - Assessment

Uploaded by

abidprove7

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 99

Quantitative Risk

Assessment
Hazard analysis: What is it?

Hazard: Potentially dangerous condition, which is triggered by

an event, called the cause of the hazard.

Risk: hazard that is associated with a severity and a probability

of occurrence.
Hazard analysis: What is it?

Hazard analysis: Identify all possible hazards potentially

created by a product, process or application.

Risk assessment: It is the next step after the collection of

potential hazards. Risk in this context is the probability
and severity of the hazard becoming reality.
Hazard analysis: What is it?

When performed:
Before the design begins.

Information used:
· Literature,
· Scenarios,
· Expert opinions,
· Personal experience.
Hazard analysis: What is it?

E s ta b li s h A n a lys is P a r a m e te rs

Id e n tify H a z a r d s These parameters can be limits of

the machine or design, limits on
A s s e s s R is ks
uses, limits on the scope of the
D e riv e R i s k R a tin g analysis, or other limits.
R e d u ce R i s ks

V e rify E ffe c tiv e n e ss

D o c u m e n t R e s u lts
Hazard analysis: What is it?

E s ta b li s h A n a lys is P a r a m e te rs

Id e n tify H a z a r d s The nature of this step lends

itself to a team approach such
A s s e s s R is ks
as brainstorming.
D e riv e R i s k R a tin g

R e d u ce R i s ks

V e rify E ffe c tiv e n e ss

D o c u m e n t R e s u lts
Hazard analysis: What is it?

E s ta b li s h A n a lys is P a r a m e te rs
Risk matrix:
Id e n tify H a z a r d s Severity Category
Probability Level Catastrophic Critical Marginal Negligible
A s s e s s R is ks Frequent High High Serious Serious
Probable High High Serious Low
D e riv e R i s k R a tin g Occasional High Serious Low Low
Remote Serious Low Low Low
R e d u ce R i s ks Improbable Serious Low Low Low

If the risk is determined to not be acceptable, it is necessary to reduce

V e rify E ffe c tiv e n e ss
that risk by implementing protective measures.

D o c u m e n t R e s u lts
Hazard analysis: What is it?

E s ta b li s h A n a lys is P a r a m e te rs
Remedy actions are taken to reduce risks
Id e n tify H a z a r d s following the hazard hierarchy:

A s s e s s R is ks
• Eliminate hazards through the design
D e riv e R i s k R a tin g · Protect
· Warn the user
R e d u ce R i s ks · Train the user(s)
· Personal protective equipment
V e rify E ffe c tiv e n e ss

D o c u m e n t R e s u lts
Hazard analysis: What is it?

E s ta b li s h A n a lys is P a r a m e te rs

Id e n tify H a z a r d s This assessment verifies that the

remedy actions have reduced the
A s s e s s R is ks
risks to an acceptable level.
D e riv e R i s k R a tin g

R e d u ce R i s ks

V e rify E ffe c tiv e n e ss

D o c u m e n t R e s u lts
Hazard analysis: What is it?

When to stop:

There is no zero risk, always some residual risk

remains.

If the residual risk is acceptable, then the risk

assessment process is completed.
Hazard analysis: What is it?

Caution:
Any hazard, which is not identified, will not be addressed
by safety measures and will not be detecting during testing.

Hazard not identified during this analysis can create

substantial risk to users of the design.
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e

Concept Definitions

Hazard – An intrinsic chemical, physical, societal, economic or political

condition that has the potential for causing damage to a risk
receptor (people, property or the environment).

A hazardous event requires an initiating event or failure and then either failure of
or lack of safeguards to prevent the realisation of the hazardous event.

Examples of intrinsic hazards:

• Toxicity and flammability – H2S in sour natural gas
• High pressure and temperature – steam drum
• Potential energy – walking a tight rope
12
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e

Concept Definitions

Risk – A measure of human injury, environmental damage or

economic loss in terms of both the frequency and the
magnitude of the loss or injury.

Risk = Consequence x Frequency

13
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e

Concept Definitions

Risk

Intrinsic Undesirable Consequence

Hazards Event s
Likelihood Likelihood of
of Event Consequences

Example Loss of life/

Storage property,
tank with Spill and Environmental
flammabl Fire damage,
e Damage to
material reputation of
facility 14
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e

Concept Definitions

Risk

Intrinsic Undesirable Consequence

Hazards Event s
Cause
s Likelihood Likelihood of
of Event Consequences

15
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e

Concept Definitions Layers of Protection are used to

enhance the safe operation. Their
Risk Layers of Layers of primary purpose is to determine if
Protection Protection there are sufficient layers of
protection against an accident
scenario – Can the risk of this
scenario be tolerated?
Intrinsic Undesirable Consequence
Hazards Event s
Cause
s Likelihood Likelihood of
of Event Consequences

Preparedness,
Prevention Mitigation,
Land Use Planning,
Response, Recovery

16
Japan’s Nuclear Crisis: 11 March,
2011
Bangladesh
• Electricity consumption (2003) 16,196 GW·h
Fukushima I (Daiichi) Nuclear Power Plant
• Annual generation 29,891 GW·h
Fukushima I NPP, 2004

Source: Digital Globe, First Watch, Imagery Report, Japan Earthquake/Tsunami, March 2011
18
March 14

19
What Happened?
 The earthquake caused all operating reactors to
automatically shut down (control rods are
inserted, which stop the nuclear fission reaction
by absorbing neutrons)
 Emergency diesel generators, which started to run
the cooling system after the electrical power grid
failed, shut down about an hour after the
earthquake
 When cooling fails in a fully operational reactor or
shortly after shutdown, the water quickly boils off
creating increasing steam pressure in the core
containment vessel and exposing the dry fuel
assembly to increasing temperatures and
radiation. The zirconium metal assembly reacts
with the steam to give hydrogen and oxygen, an
explosive mix
Responses to the Threat

 First, the plant’s operators attempted to pump cold sea

water directly into the reactors to replace the boiled-off
coolant water. (Sea water is very corrosive and will
undoubtedly damage the metal parts of the reactor, and
its complex mixture of contents will also complicate the
cleanup. This means to never running it again without a
complete replacement of its hardware. As an added
precaution, the seawater was spiked with a boron
compound in order increase the absorption of neutrons
within the reactor).
 Next, the bleeding off of some pressure from the reactor
vessel in order to lower the risk of a catastrophic failure.
(This was also an unappealing option, given that the Seawater pump
steam would necessarily contain some radioactivity.
Still, it was considered a better option than allowing the
container to burst)
Design Errors
 The electrical rooms at these plants are
at the basements
 Although the plant was ready for an
extreme event, it clearly wasn’t
designed with a tsunami in mind—it is
simply impossible to plan for every
eventuality. However, this seems to be a
major omission given the plant’s
location. It also appears that the fuel
storage areas weren’t nearly as robustly
designed as the reactors
Design Errors (cont’d)

 However it is human nature for the less immediate

backup systems to be not well designed or maintained as
the primary backups, one example is the temporary
holding ponds. temporary storage pool for reactor #4 to
which the fuel had been transferred while maintenance is
performed is a much smaller one near the top the
reactor. Unlike the 15-metre deep permanent storage
pools
 Another example is that the backup portable generators –
planned for when the batteries were exhausted – which is
the 3rd (or 4th ) backup for power generation – had the
wrong connectors and so could not be used
Case History 1: ( Washington DC, Manufacturing
Chemists’ association)

 Static Electricity :Tank car loading explosion

 Two plant operators were filling a tank car with vinyl
acetate. After few seconds the contents of the tank
exploded, one operator died from fractured skull and
body burns
 Caused by a static spark jumped from the steel nozzle to
the tank car
Case History 2: ( Washington DC, Manufacturing
Chemists’ association)

 Chemical Reactivity
 Bottle of isopropyl ether; A chemist twisted
the cap of a bottle of isopropyl ether to open
it. As the cap broke loose, the bottle exploded.
The man died due to massive internal
hemorrhage.
 Caused by rapid decomposition of peroxides,
which formed in the ether while the bottle sat
in storage.
Case History 3: ( Washington DC, Manufacturing
Chemists’ association)
 System Design
 Ethylene oxide explosion: A process storage tank
contained 6500 gal of ethylene oxide. It was
accidentally contaminated with ammonia. The tank
ruptured and dispersed ethylene oxide into the air. A
vapor cloud was formed and immediately exploded.
One person was killed and nine were injured;
property losses $16.5 million
 Lack of design protection to prevent back up of
ammonia into the storage tank.
Case History 4: ( Washington DC, Manufacturing
Chemists’ association)

 System Procedure
 Man working in a Vessel: two maintenance
workers were replacing part of a ribbon in a
large ribbon mixer. The main switch was left
energized, the mixer was stopped with one of
three start-stop buttons. The operator by
mistake pushed one of the start stop button ,
the mixer started and the mechanic inside
was killed.
Example of Disaster: Bhopal, India (December
3, 1984)
 Plant Location: Madhya Pradesh,
central India; nearest inhabitants
were 1.5 miles away, but a shanty
town grew nearby.
 Produced Pesticides; owned by
Union Carbide and partially owned
locally
 Intermediate compound methyl iso-
cyanate (MIC): reactive, toxic,
volatile, flammable and vapor
heavier than air. Union Carbide Corporation
 MIC unit was not operating because
of labor dispute
Bhopal Disaster PLANT VIEW
Toxic Materials in Soil and Water
Victims
Bhopal Disaster

MIC STORAGE TANK

Picture shows the tank as it is today.
Gas Vent Scrubber Gas Vent Scrubber Stack
Bhopal Disaster

PLANT VIEW
Picture shows the plant as it is today.
Example of Disaster cont’d

 Accident:
 Storage tank containing large amount of MIC became contaminated
by water, heated by reaction; vapor traveled through pressure relief
system into a scrubber and flare system that was not operating
 25 tons toxic MIC vapor released, spread to the adjacent town
killing over 2000 civilians and injuring 20,000 more. No plant
workers were killed.
 Recommendation:
 Alternative reaction scheme or redesigning of the process with
reduced inventory of MIC (less than 20 pounds)
CO2 Stripper Failure of UFFL- 1991
(Ghorashal)
 CO2 stripper contains carbamate solution,CO2 and
ammonia and runs under high pressure
 Stripper column exploded and split into two halves
in middle section during trial run
 11 deaths including the project director
CO2 Stripper Failure of UFFL- 1991
(Ghorashal)
 Accident due to fabrication defect-crack in welding joint.
Safety valve did not blow and the pressure was within
permissible limit
 Field test was not done, vendors carried out the test
 Power generation system tripped, no emergency light,
rescue team arrived after more than an hour,
colleagues in nearby residence did not come out
Hazardous Modelling Quantitativ
Risk Final
Review Material e Frequency
Consequenc Source Hazard Effect Estimation Thoughts
Release Analysis
e