Controlling safety is of upmost importance in chemical manufacturing operations. Unfortunately, most chemical companies handle safety — primarily occupational safety, e.g., trips, slips and falls — as an adjunct to the business unit, not as a mainstream business operation. Typically, an environmental, health and safety organization manages safety across a company’s business units. Although this approach has worked well for the most part, making both process and occupational safety an integral aspect of every business unit should be the ultimate vision for industrial operations. Tying safety directly to the profitability of an operation can play a key role.
Traditionally, chemical makers relied on monthly data provided by their business reporting systems to manage the profitability of operations. However, over the past decade, some critical business variables that influence profitability have started to fluctuate more frequently than monthly. For example, the prices of electricity and natural gas on the open grids in the United States can change every 15 minutes. This, in turn, impacts the price of raw materials and products. Onsite storage of materials and products has tended to hide the effect of this real-time business variability at the operational level, often at the expense of a higher-than-desired expenditure of working capital.
The good news is that not all business variables associated with the profitability of an operation are experiencing real-time variation. In fact, in most operations only three critical business variables have tended toward real-time variation: energy costs, material costs and production value, i.e., the value of products being made. The primary objective of most chemical operations is to maximize production value while minimizing energy and material costs. In most cases, though, safety of the plant, personnel and the environment constrain the balancing of these three critical real-time business variables to maximize profitability. Figure 1 illustrates a simplified model of this relationship and underscores the direct linkage between profitability and safety.
DESIGN AND OPERATING ENVELOPES
Chemical processes are designed to operate within certain limits intended to enable both safe and profitable performance. These design limits determine the process equipment selected. Pushing the operation beyond these limits will exceed the design constraints of the operation and likely may result in an unsafe event occurring. The operational domain within the design limits can be thought of as the design envelope. It represents the operating limits at which the probability of an unsafe event approaches 1.0.
For safety reasons, chemical plants seldom, if ever, are pushed close to the design constraints. The operations and engineering teams must evaluate the safety risk of the operation and set a reasonable operating limit based on the probability an unsafe event will occur if operating at that limit for a given period of time. That probability is referred to as the safety risk of the operation. Whenever the plant is operating, there’s some degree of safety risk. Obviously, the objective is to avoid unsafe events to the highest degree possible while still running the facility in a profitable manner. Plants implement functional safety systems, e.g., emergency shutdown, fire and gas protection, to minimize the negative consequences of an unexpected process excursion or external event. These systems are reactive in nature and will shut down a process area or entire plant if unsafe operating conditions are detected. Such shutdowns prevent damage to people, the environment or equipment but at the cost of lost revenue.
At many plants, the operating envelope for staying within the acceptable safety risk varies over time. Unfortunately, the changes in the actual operating safety risk typically depend upon a number of factors such as the phase of operation (startup, shutdown, etc.), the condition of the equipment, the effectiveness of operators, and the timeliness and thoroughness of safety inspections. The operating domain in which the safety risk is maintained at an acceptable level is referred to as the operating window; it, of course, falls within the operating envelope (Figure 2). Most plants don’t measure the actual safety risk dynamically; instead, they set the operating window at the most conservative level that ensures staying within acceptable safety risk limits. It actually is the operating window that constrains the real-time profitability of the operation. The area between the operating window and the operating envelop represents the opportunity for driving improved profitability from the operation while still maintaining the appropriate safety risk.
A prerequisite for expanding the operating envelope is better and more-timely information about the ever-changing risk profile of the plant. Early identification, warning and correction of impending safety problems, before they become safety events, alleviate some of the uncertainty associated with “pushing the plant,” thereby giving management and operations personnel increased confidence in running closer to design limits.
MEASURING SAFETY RISK
The safety challenge in industrial operations is a control problem. As every control engineer realizes, the first step in being able to control any critical variable is measuring that variable. When dealing with the safety of an operation, the variable of interest is the safety risk. The opportunity to directly connect profitability and safety starts from being able to measure the actual safety risk continually and in real-time. This opens up the possibility of dynamically controlling the actual operating window of the plant to the acceptable safety risk level — and thus allowing operators to drive incremental profitability in a safe manner.
Estimating overall safety risk effectively and accurately requires evaluating both operational and conditional safety components. All too often, organizations rely heavily on failure data to monitor performance of operators and the control system, so improvements or changes only are determined after something has gone wrong. Frequently, whether a system failure results in a minor or a catastrophic outcome purely depends upon chance. Discovering weaknesses in the quality of the management of the process and control systems by having a major incident is too late and too costly. Early warning of dangerous deterioration within critical systems provides an opportunity to avoid major incidents.
Most plants attempt to reduce their safety risk by performing detailed safety inspections on a well-defined schedule. Such an approach can lead to identifying and correcting potentially unsafe conditions before an unsafe event occurs. Operational risk increases if inspections are incomplete, aren’t performed in a timely manner or fail to reveal safety problems that must be addressed. Appropriately performing these safety inspections decreases the safety risk but doesn’t result in a specific measure of safety risk. At best, a plant could rate its risk on a simple scale: high, medium or low. If the inspections were done thoroughly on the right time schedule, for example, the operational safety risk would be set to low.
Most, if not all, investigations of industrial catastrophes have identified the failure to adhere to correct procedures as one of the primary contributing factors to such events. So, it’s prudent to consider the use of workflow automation technology to provide “procedural alarms” when safety-related procedures aren’t followed correctly or even ignored because of complacency (i.e., normalization of deviancy), ignorance or negligence.
Operational safety risk provides a partial view of the overall safety risk of a plant. Even when inspections are executed on time and thoroughly, conditions may arise within the operation that could lead to unsafe events; so, detecting the existence of potentially unsafe operating conditions is critical as well. One promising approach involves mining historical data for the particular operation and similar ones to try to identify any leading indicators for unsafe events. Often, these indicators have gone unnoticed because their significance wasn’t understood. Many plants have amassed years of historical data on electronic media. Current data analysis and big data approaches may allow effective mining of this information to identify both events and leading indicators. Then, for any indicators identified, automatic workflows can be developed to help spot them as they occur and notify the appropriate operations personnel of the probability of a potential event. Experience has demonstrated that leading indicators may be able to provide alerts to potential events days or even weeks prior to the occurrence of the event. Again, this information can be used to establish a simple high, medium or low measure of the conditional safety risk of the operation.
Combining the two simple measures of operational and conditional safety risk — in an appropriately conservative manner — enables developing a measure of overall safety risk. One effective approach has been to develop a composite measure that simply is equal to the highest of the determined operational and conditional safety risks (Figure 3). Such a suitable, although simplistic, measure can be used to help appropriately drive the profitability of the operation by applying effective control theory.
USING SAFETY RISK INDICATORS
Although the safety risk measurement approach presented above may be less sophisticated than what may be desired, it’s a definite advance over the traditional approach of setting static safety limits on the operation. Reasonable real-time safety risk measures allow developing a business control loop that enables operations to control the profitability of the business while effectively considering the safety risk. Figure 4 shows a profitability control loop tied to safety risk. Displaying real-time profit factors and safety risk on a dashboard on control system screens can empower operators. If the safety risk is relatively low, the operators can drive the profitability of the operation harder and gain measurable profit improvements. If the safety risk increases, the operators can back off the profitability a bit to bring the operation into the acceptable operating window.
Of course, this manual control approach isn’t the ultimate objective. With experience, as the sophistication of safety risk measurement increases with time (including the adoption of additional safety indicators), perhaps automatic control of profitability within an appropriate safety envelope will result and an automatic control approach will be implemented in the “improve” function of the model.
It’s important to find the right balance among the various possible safety indicators so process safety decisions accurately reflect the company’s desired operational risk profile. Although risk never can be eliminated, a variety of mechanisms can be put in place to balance desired safety outcomes with day-to-day business imperatives and pressures.
The knowledge that process risks are successfully controlled has a clear link with business efficiency, as several indicators can be used to show plant availability and optimized operating conditions. Effective management of major hazards requires a proactive approach to risk management, so information to confirm critical systems are operating as intended is essential. Leading indicators can provide an important step forward in the management of major hazard risks.
The main reason for measuring process safety performance is to provide ongoing assurance that risks are being controlled adequately. Directors and senior managers must monitor the effectiveness of internal controls against business risks. For chemical manufacturers, process safety risks are a significant aspect of business risk, asset integrity and reputation.
Connecting good safety practices and safety risk measures to the profitability of chemical operations can be a significant game-changer. Safety will become a mainstream business process. This should lead to both better industrial safety and better industrial profitability. Having safer, more profitable operations is really the end-in-mind for all chemical companies.
PETER G. MARTIN, PhD, is Foxboro, Mass.-based vice president of business value consulting for Schneider Electric. MARTIN A. TURK, PhD, is Houston-based global director, hydrocarbon processing industries for Schneider Electric. E-mail them at Peter.G.Martin@schneider-electric.com and Martin.firstname.lastname@example.org.