See Risks More Clearly

Avoid a number of common errors that can blur your vision

By Angela Summers, SIS-TECH Solutions, LP

1 of 3 < 1 | 2 | 3 View on one page

The belief that all loss events are foreseeable, given sufficient analysis, is very alluring. Throughout the life of a manufacturing process opportunities exist to examine risk, apply more complex methods, and give hazard scenarios and their avoidance more thought. However, the reality is that most people have difficulty thinking outside the box and honestly looking at how the process can misbehave. It’s easy to accept that if nothing has happened before, nothing will happen in the future. The harsh truth is that a hazardous situation still can occur.

Omniscience isn’t possible — but you can see risk more clearly. So, let’s look at some of the challenges to achieving 20:20 vision.
We use hazard assessment methods to identify loss-event pathways and determine what must be done to prevent their occurrence. An inherent weakness of these methods is their vulnerability to lack of competency, incomplete information, and deficiencies in hazard awareness and design. Where there’s limited operational knowledge, there’s an associated limited awareness of how sensitive a process is to deviation. Successful operation of complex processes — no catastrophic incidents— sustains the belief that everything is safe as is. Clifford Nass, a Stanford professor who pioneered research into how humans interact with technology, warned, “denial is the greatest enabler.”

Risk analysis is a tool to ensure that an appropriate standard of care is applied, not to prove whether safeguards are needed or not [1]. It’s unrealistic to think that hazard and risk analysis identifies everything that could go wrong. An incident analysis [2] by the U.K.’s Health and Safety Executive (HSE) determined that more than 20% of loss events stem from an “organization failing to fully consider potential hazards or causes of component failure.” The vast majority of incidents (81%) resulted from the organization failing to adequately plan and implement procedures for risk control, including the design of the process (25.6%), the provision of operating and maintenance procedures (15.6% and 22.6%, respectively), the management of change (5.7%), a permit-to-work system (4.9%), plant inspections (3.5%),and ensuring competency (1.7%).

The American writer H. L. Mencken wrote, “For every complex problem there is an answer that is clear, simple, and wrong.” Consider the limits of what you know, then add a good-sized measure of bad luck. It’s wise to have a sense of vulnerability even when you’ve done your best to design a safe plant [1, 3, 4]. It’s sensible to implement safeguards that prevent the loss event rather than simply relying on probabilistic analysis. Every process needs a holistic loss-event prevention plan that includes:

Inherent safety —
 • Robust vessel and piping design so process deviation is tolerable.
Functional safety —
• A reliable control system that reduces the frequency of abnormal operation.
• An alarm system that notifies the operator when the process is experiencing abnormal operation.
• A shutdown system that sequences the process to a safe state when it reaches an unsafe condition.
• An emergency shutdown system that isolates the process from its supply when loss of containment occurs.
• Other safeguards as necessary to address loss of containment and event escalation.

The onion skin and Swiss cheese models of incidents are ubiquitous. These models typically serve as an analogy for layers of protection. On first glance, each shows the layers as independent of each other, i.e., the failure of one layer doesn’t impact the other. On further study, the graphics portray much more.

The onion skin visualizes the sequence of barriers that control, prevent and mitigate major accidents (Figure 1). Layers of protection are as independent as the layers of an onion. However, as any cook knows, the structural integrity of the onion depends upon keeping the layers attached to the base. The onion layers originate at the base and, without it, they fall apart. The integrity of the base of the layers of protection is determined by the safety management system applied to reduce human error and to sustain the fitness for service of safety equipment.

James Reason’s Swiss cheese model [5] has been adapted to illustrate each barrier as a cheese slice possessing holes that represent deficiencies in barrier performance due to random and systematic faults (Figure 2).Seemingly independent systems can fail due to common systematic mechanisms that degrade or disable multiple similar elements. The graphic emphasizes that barriers aren’t perfect over their life and that an accumulation of deficiencies (an increasing number of holes in each cheese slice) raises the likelihood that holes will line up, thus allowing an event to propagate past the barriers. The holes open and close dynamically as management systems identify and correct faults, so the better managed the barriers, the fewer, smaller and more transient the holes will be.

1 of 3 < 1 | 2 | 3 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments