Early process-hazards analyses can lead to potential cost savings in project and plant operations
The chemical process industries (CPI) handle a wide variety of materials, many of which are hazardous by nature (for example, flammable, toxic or reactive), or are processed at hazardous conditions (such as high pressures or temperatures). The risks associated with CPI facilities not only extend to the plant personnel and assets, but can potentially affect the surrounding population and environment — sometimes with consequences having regional or international scale, as in the case of toxic vapor or liquid releases.
It is for this reason that process safety is recognized as a key element throughout the entire life of the plant, and several industry and professional associations and government authorities have issued norms, standards and regulations with regards to this subject.
Process safety, as defined by the Center for Chemical Process Safety (CCPS), is “a discipline that focuses on the prevention and mitigation of fires, explosions and accidental chemical releases at process facilities. Excludes classic worker health and safety issues involving working surfaces, ladders, protective equipment and so on.” [1] Process safety involves the entire plant lifecycle: from visualization and concept, through basic and detailed engineering design, construction, commissioning, startup, operations, revamps and decommissioning.
In each of the plant life phases, different choices are made by engineers that have a direct impact on the overall risks in the facility; however, the highest opportunities for cost-effective risk reduction are present in the earlier phases of the project. In contrast, the cost of implementing changes in the later stages of the project increases dramatically. Hence, it is important for the design team to identify risks, and implement effective design solutions as early as possible.
This article covers some of the typical decisions that the project design team has to make over the course of a project, with examples of how the incorporation of process safety throughout the entire design process can significantly reduce the risk introduced by a new CPI facility, while also avoiding potential cost-overruns, or unacceptable risk scenarios at later stages.
CPI project lifecycle
A project for a new chemical process facility usually involves different phases, which are outlined here:
A screening or visualization phase. In this phase, the business need for the plant is assessed. Typical choices at this stage involve defining plant throughput, processing technology, main blocks and plant location (high-level), with the goal of developing a high-level project profile, and a preliminary business case based on ball-park estimates, benchmarks and typical performance ranges, in order to identify project prospects.
A conceptual engineering phase.In this phase, the design team further develops the concept of the plant, leading to a more-defined project description, an improved capital-cost estimate, and a more-developed business model. At this stage, the process scheme is defined, along with the characteristics of the major pieces of equipment and their location on the layout (which would ideally be set over a selected terrain). The needs for raw materials, intermediate and final product inventories, as well as utility requirements are also established.
A basic engineering, or front end engineering design (FEED) phase. This sets the basis for the future engineering, procurement and construction (EPC) phase, by generating a scope of work that further develops the process engineering, and includes the early mechanical, electrical, instrumentation and civil/structural documents and drawings. This phase also serves to generate a budget for the construction.
An EPC phase. The EPC phase also includes the detailed engineering for the development of the “for construction” engineering deliverables, the procurement of equipment and bulk materials, the execution of the construction work, the pre-commissioning, commissioning and startup of the facilities.
Table 1 shows typical engineering deliverables, along with their degree of completion, for each phase of project development.
After the plant construction is finished, the facility enters the operations phase. At the end of its life, the plant is decommissioned.
It is a generally accepted fact in project management that decisions made earlier in the project lifecycle have the greatest impact on the total plant life cost; in contrast, the cost of implementing changes in the later stages of the project increases dramatically, as can be seen on Figure 1.
The same holds true for overall plant risk, as the impact of decisions on overall facility risk is greatest in the earliest stages of the project.
Figure 1. The relative influence of decisions on total life cost, and cost of implementing changes throughout the project lifecycle
Risks and hazards
A risk can be defined by a hazard, its likelihood (or probability) of occurrence, and the magnitude of its consequence (or impact).
A hazard, as defined by the Center for Chemical Process Safety (CCPS), is “an inherent chemical or physical characteristic that has the potential for causing damage to people, property or the environment” [2].
Process hazards can be classified in terms of the following:
- Their dependence on design choices:
Intrinsic — not dependent on design decisions (that is, always associated with the operation or process). For instance, hazards associated with the chemistry of the materials being handled (flammability, toxicity, reactivity and so on); these properties cannot be separated from the chemicals
Extrinsic — dependent on design decisions. As an example: hazards associated with heating flammable materials with direct burners can be avoided by using indirect heating
- Their source:
- Process chemistry — associated with the chemical nature of the materials (for example, flammability, toxicity, reactivity and so on)
- Process variables — associated with the operating conditions (pressure, temperature), and material inventories. As general rules:
- higher pressures increase the impact of potential releases, whereas vacuum pressures increase the probability of air entering the system
- higher temperatures increase the energy of the system (and hazards, especially when near the flashpoint or self-ignition temperature), whereas very low temperatures could pose the risks of freezing, formation of hydrates, or material embrittlement
- higher material inventories increase the impact of potential releases, whereas lower material inventories reduce response times in abnormal operating conditions
- Equipment failures — associated with damages to plant equipment
- Utility failures — associated with failures in utilities supplied to the facility, such as electricity, cooling water, compressed air, steam, fuel or others
- Human activity — associated with activities by humans over the facility (for example, operator error, tampering with facilities, security threats and so on)
- Environmental — associated with environmental conditions (for example, earthquakes, hurricanes, freezing, sandstorms and so on)
The likelihood of a risk can be expressed in terms of an expected frequency or probability of occurrence. This likelihood can be either relative (low, medium, high), or quantitative (for instance, 1 in 10,000 years). Quantitative values of the likelihood of different categories of risk, or equipment failures, as well as risk tolerability criteria, can be obtained from literature sources, such as Offshore and Onshore Reliability Data (OREDA), American Institute of Chemical Engineers (AIChE), Center for Chemical Process Safety (CCPS), American Petroleum Institute (API), U.K. Health and Safety Executive (HSE), Netherlands Committee for the Prevention of Disasters by Dangerous Materials (CPR), or local government agencies, and they can be especially valuable when performing quantitative, or semi-quantitative studies.
The consequence of a risk can be expressed in terms of its impact on several recipients, such as assets, personnel, society and environment.
The combination of likelihood and consequence defines the risk. The risk is then analyzed versus tolerability criteria, either qualitatively (for example, in a risk matrix), or quantitatively (for example, in risk contours). Company management and the design team may then select measures to eliminate or reduce individual risks, if they are not in the tolerable range.
Process hazards identification
An experienced engineering design team, with proper design basis documentation, and working under approved industry standards and best engineering practices, is the first factor in ensuring that plant hazards can be avoided or reduced as early as possible in the design.
Aside from the experience of the team, it is generally accepted that different methodical approaches can be applied in a timely manner to the engineering design process, in order to detect possible hazards that were not addressed by the design team. These structured reviews are called process hazards analyses (PHAs), and are often conducted or moderated by a specialist, with participation of the design team, owner’s employees or experienced operators.
Several methodologies exist for conducting a PHA, each suitable for specific purposes, processes, and for certain phases of project development and plant lifecycle (Figure 2). Below is a brief description of some of the most used PHAs in the CPI.
Figure 2. Typical hazards analyses that are used throughout a CPI project lifecycle
Consequence analysis. This is a method to quantitatively assess the consequences of hazardous material releases. Release rates are calculated for the worst case and alternative scenarios, end toxic points are defined, and release duration is determined.
Hazard identification analysis (HAZID). HAZID is a preliminary study that is performed in early project stages when hazard material, process information, flow diagram and plant location are known. It’s generally used later on to perform other hazard studies and to design the preliminary piping and instrumentation diagrams (P&IDs).
What-if. This is a brainstorming method that uses questions starting with “What if…,” such as “What if the pump stops running” or “What if the operator opens or closes a certain valve?” It has to be held by experienced staff to be able to foresee possible failures and identify design alternatives to avoid them.
Hazard and operability study (HAZOP). This technique has been a standard since the 1960s in the chemical, petroleum and gas Industries. It is based on the assumption that there will be no hazard if the plant is operated within the design parameters, and analyzes deviations of the design variables that might lead to undesirable consequences for people, equipment, environment, plant operations or company image. If a deviation is plausible, its consequences and probability of occurrence are then studied by the HAZOP team. Usually an external company is hired to interact with the operator company and the engineering company to perform this study. There are at least two methods using matrices to evaluate the risk (R): one evaluates consequence level (C) times frequency (F) of occurrence; and the other incorporates exposition (E) as a time value and probability (P) ranging from practically impossible to almost sure to happen, in this method, the risk is found by Equation (1):
R = E × P × C ( 1)
Layer-of-protection analysis (LOPA). This method analyzes the probability of failure of independent protection layers (IPLs) in the event of a scenario previously studied in a quantitative hazard evaluation like HAZOP. It is used when a plant uses instrumentation independent from operation, safety instrumented systems (SIS) to assure a certain safety integrity level (SIL). The study uses a fault tree to study the probability of failure on demand (PDF) and assigns a required SIL to a specific instrumentation node. For example in petroleum refineries, most companies will maintain a SIL equal to or less than 2 (average probability of failure on demand ≥10−3 to <10−2), and a nuclear plant will tolerate a SIL 4 (average probability of failure on demand ≥10−5 to <10−4).
Fault-tree analyses. Fault-tree analysis is a deductive technique that uses Boolean logic symbols (that is, AND or OR gates) to break down the causes of a top event into basic equipment failures or human errors. The immediate causes of the top event are called “fault causes.” The resulting fault-tree model displays the logical relationship between the basic events and the selected top event.
Quantitative risk assessment (QRA). QRA is the systematic development of numerical estimates of the expected frequency and consequence of potential accidents based on engineering evaluation and mathematical techniques. The numerical estimates can vary from simple values of probability or frequency of an event occurring based on relevant historical data of the industry or other available data, to very detailed frequency modeling techniques [4]. The events studied are the release of a hazardous or toxic material, explosions or boiling liquid expanded vapor explosion (BLEVE). The results of this study are usually shown on top of the plot plan.
Failure mode and effects analysis (FMEA). This method evaluates the ways in which equipment fails and the system’s response to the failure. The focus of the FMEA is on single equipment failures and system failures.
When to use a given method
Some studies have more impact in some phases than in others. For example, if a consequence analysis is not performed in a conceptual or pre-FEED phase, important plot plan considerations can be missed, such as the need to own more land to avoid effects over public spaces; or the fact that the location might have a different height with respect to sea level than surrounding public places impacted by a flare plume.
Some other studies, like HAZOP, cannot be developed without a control philosophy or P&IDs, and are performed at the end of the FEED or detailed engineering (for best results, at the end of both) to define and validate pressure safety valves (PSVs) location and other process controls and instrument safety requirements. QRA or LOPA (or both) are done after HAZOP to validate siting and define safety instrumented systems SIL levels, and finally meet the level required by the plant.
Figure 2 shows the typical CPI project phases, with a general indication of when it is recommended to conduct each study; however, this may vary depending on the specific industry, corporate practices, project scope and execution strategy. AIChEs CCPS [ 2 ] has an Applicable PHA technique table that indicates which study to perform in each project phase, which also includes research and development (R&D), pilot plant operations, and other phases not covered in the present article.
Table 2 includes some real-life examples of how the results of some of these studies can impact the development of the plant design at different project phases.
Out of the previously mentioned studies, a properly timed HAZOP, at the end of the basic engineering phase, is key to identifying safety and operability issues that have been overlooked by the engineering design team, especially when involving an experienced facilitator and plant operators in the study, given that they have a fresh, outsiders’ view of the project, and they can provide input on daily operating experience. Also, the deviations identified in the HAZOP can serve to detect the need for additional safeguards that were not considered by the design team. When the recommendations are implemented correctly, and no other changes to the process or plant are done between the preparation of the basic engineering design book and the EPC phase, then a HAZOP significantly reduces the probability of significant cost impacts in the latter as a result of changes due to additional PHAs.
Even though what-if, HAZID and consequence analyses have impact on the capital cost of the project, the cost of implementing their modifications to the design are typically included on the EPC bidding process, as they are realized at the beginning of the project lifecycle. Fault-tree analysis and LOPA are used to define the redundancy level of controls and instrumentation. The changes derived from these studies generally represent a minor portion of the total capital expenditure. That leaves HAZOP and QRA as the most important studies to identify design improvements to prevent process hazards in the latter project phases.
Safe-design options
At the early project phases, it is not possible to identify all possible risk-reduction measures that could be included in the design. However, a safety-oriented design team might be able to pinpoint sources of project risk due to lack of data, and opportunities for risk reduction that could be evaluated in later stages, as the design progresses and further details are known.
Some large organizations have collected the pool of their experiences within risk checklists and proprietary design standards, thus paving the way for future work. Where organizations have not established their own standards and engineering practices, the design team should look for accepted codes and standards that are the result of best engineering practices in a particular field or industry.
The design options include, in descending order of reliability: inherently safer design, engineering controls (passive and active) and administrative controls (procedural).
Inherently safer design involves avoiding or reducing the likelihood of a hazard in a permanent or inseparable fashion. For example, when designing a centrifugal pump discharge system, an inherently safer design would be to specify the design pressure at the centrifugal pump shut-off pressure, thereby largely reducing the risk that an increase in the pump discharge pressure (for example, due to a blocked outlet) could cause a rupture in the pipes with consequent loss of containment.
Engineering controls are features incorporated into the design that reduce the impact of a hazard without requiring human intervention. These can be classified as either passive (not requiring sensing and or active response to a process variable) or active (responding to variations in process conditions). In the previous centrifugal pump example, a passive solution would be to contain possible leaks within dikes, and with adequate drainage. Examples of active solutions could be: a) providing a high-pressure switch associated with an interlock that shuts the pump down; and b) providing a pressure safety valve (PSV) designed for blocked outlet.
Administrative controls require human intervention. These are the least reliable, because they depend on proper operator training and response. In the previous example, an administrative control would be to require operators to verify that the valves in the pump discharge lines are open.
Throughout the engineering phases leading to the EPC phase, different safe-design choices can be made, as further information is made available. Figure 3 shows some of the typical design choices made by the engineering team throughout a chemical process plant lifecycle, which have direct impact on lifecycle cost and risk.
Figure 3. Typical design decisions affecting cost and risk throughout a CPI project lifecycle
In the visualization phase, safety can be included in the analysis as a factor to decide key items, such as production technology and plant location. These key items are typically selected based on other technical criteria, such as overall efficiency, production cost, or vicinity to either raw materials, or markets (or export facilities). For instance, when selecting a technology, health, safety and environmental concerns could be included as a criteria on the evaluation matrix, by adding positive points to technologies that reduce risks to their environment by using less-toxic materials, operating at lower pressures or temperatures, or yielding non-toxic byproducts. When selecting a high-level plant location, management could opt to locate the plant away from large population centers, in order to minimize risks to communities. In this case, planning authorities also have an important role in defining allowable land-uses.
In the conceptual engineering phase, safety can be included in the analysis, for example, in the following ways:
- Defining a simple, yet functional process scheme, as relatively simple processes have less equipment and consequently lower failure probability (this can conflict with other design goals); also, the types of equipment selected can have an important effect on process safety (for example, selecting indirect over direct heating).
- Including safety concerns in the early layout definition. For instance, a design by blocks — keeping the main process, storage, and utility areas separate from each other — can reduce overall risk. Other good practices include: maintaining an adequate separation between pieces of equipment; separating product inventories taking into account their flammability, toxicity or reactivity, and considering dikes around tanks containing dangerous materials; placing flares and vents in locations separate from human traffic, taking into account wind direction (for example, so that flames or plumes are directed farther from personnel or population); and allowing sufficient plot space for an adequate exclusion area.
- Keeping flammable and toxic material inventories to the minimum required to maintain adequate surge/storage capacity and flexibility in shipping.
In the basic engineering or FEED phase, many design choices are made over the specific mechanical, piping, electrical, automation and civil design that impact on the overall facility risk. The first decision involves selecting the codes and standards that will be used for design, and defining the design basis and criteria for each engineering discipline. Then, throughout the design, some other decisions may include: selecting between automated and manual operation, setting equipment and piping design conditions, defining the electrical area classification, designing or specifying equipment, structures and buildings, defining control and emergency systems (including appropriate redundancy, where applicable), and designing appropriate relief systems, among others. Then, there are equipment and system-specific hazards and available safeguards that need to be considered. Ref. 2 contains a comprehensive list of hazards and safeguards for various types of unit operations.
When hazards have been properly identified and addressed in the earlier design phases, this reduces the probability of significant costly changes being made during the EPC phase as a result of unsafe process conditions.
Addressing hazards early
When hazards are identified, and proper design choices are taken early in the engineering design to address them, significant benefits can be obtained.
Table 3 compares the additional cost of changes arising from recommendations made during a HAZOP at the EPC phase. The costs are expressed as a percentage of the budget that was approved during the bidding stage, of projects of different scope and plant type, executed by different companies in different countries, including the U.S. and Latin America, with approved budgets between $5 million and $200 million.
The projects are divided into two categories: a) projects where the design contractor applied best engineering standards and employed PHAs at optimum points during the conceptual engineering and FEED phases; and b) projects where adequate PHAs and safe-design practices were not applied in the previous design phases.
As can be seen in Table 3, there is a significant difference between the cost of the changes arising from HAZOP recommendations when proper safe-design practices and PHAs were applied during the FEED phase, and when they were not.
For the first category, changes were typically in the range of 1 to 3%. In the upper end of this category, changes were higher when the owner requested some minor modifications to the FEED design without properly assessing the risks associated with said changes.
As an example, the heavy crude oil dehydration unit (Project 8) was designed according to best engineering practices, and adequate analyses (HAZOP, LOPA) were conducted during the engineering phase. However, the owner decided to implement changes in the design in order to compress the schedule, by removing several long-lead items that included emergency shutdown system (ESD) valves and components, without updating the PHAs. With the unit in operation, the owner asked the contractor to include the ESD items that were in the original design.
For the second category, changes exceeded 5%, and in one case reached as high as 35% of the approved budget. Below is a description of what went wrong in each of these projects:
The refinery gas concentration unit revamp (Project 12) FEED considered hand operations in key pieces of equipment. As a result of a HAZOP during the EPC, the operations had to be automated, which changed the equipment specifications and design. The number of loops added after the HAZOP exceeded the capacity of the controller, and another one had to be installed.
The extra-heavy oil deasphalting unit (Project 13) was designed during the basic engineering phase as a mostly hand-operated facility, with minimum supervisory controls. As a result of a HAZOP during the EPC, the risk was not tolerable to the owner, and the whole unit had to be automated.
The demineralized water plant (Project 14) was delivered by the vendor as a package unit, and no PHAs were conducted by the vendor. When received, the plant had many safety and operability issues and a number of important modifications had to be made, including: additional lines, block and control valves, relief valves and associated lines, among others. Aside from the costs associated with the changes, the project was delayed by six months.
The hydrogen compression unit (Project 15) basic engineering design did not address all of the safety considerations associated with hydrogen handling. Some of the modifications recommended by the HAZOP/LOPA studies during the EPC phase included changing the compressor specification, and increasing the SIL of the SIS from SIL-1 to SIL-3.
Final remarks
Hazards are present in the CPI; some are avoidable, while others cannot be separated from the plant, as they are tied to the very nature of the chemicals or the unit operations, or both. However, a proper design team, one that is trained to identify hazards, and address them using the best engineering practices in safe-design from early on in the project lifecycle, along with properly timed and executed PHAs, can be very valuable in avoiding costly changes during the EPC phase, or even worse: potential damages to persons and the environment.
Edited by Gerald Ondrey
References
1. Center for Chemical Process Safety (CCPS), Guidelines for Investigating Chemical Process Incidents, 2nd edition, CCPS, AIChE, New York, N.Y., 2003.
2. CCPS, Guidelines for Engineering Design for Process Safety, 2nd ed., CCPS, AIChE, New York, N.Y., 2012.
3. AACE International Recommended Practice No. 18R-97, Cost Estimate Classification System – As Applied in Engineering, Procurement, and Construction for the Process Industries.
4. American Petroleum Institute (API) Recommended Practice (RP) 752, Management of Hazards Associated with Location of Process Plant Permanent Buildings, 3rd ed., 2009.
5. U.S. Environmental Protection Agency (EPA), Risk Management Program Guidance For Offsite Consequence Analysis, March, 2009.
6. EPA, Chemical Emergency Prevention & Planning Newsletter, Process Hazard Analysis, July – August, 2008.
7. Occupational Safety and Health Administration (OSHA) 29 CFR 1910.119. Process Safety Management of Highly Hazardous Chemicals.
Authors
Sebastiano Giardinella is the vice president and co-owner of the Ecotek group of companies (The City of Knowledge, Bldg. 239, 3rd floor, offices A and B, Clayton, Panama City, Republic of Panama; Phone: +507-203-8490; Email: [email protected]). He has experience in corporate management, project management, project engineering and process engineering consulting in engineering projects for the chemical petrochemical, petroleum-refining, oil-and-gas and electrical power-generation industries. He is a certified project management professional (PMP), has a M.Sc. in renewable energy development from Heriot-Watt University (Scotland, 2014), a master’s degree in project management from Universidad Latina de Panamá (Panama, 2009), and a degree in chemical engineering from Universidad Simón Bolívar (Venezuela, 2006). He is also professor of project management at Universidad Latina de Panamá, and has written a number of technical publications.
Mayra Marchetti is a senior process engineer, currently working as independent consultant (Coral Springs, Fla.; Email: [email protected]), with more than ten years of experience in the oil-and-gas, petrochemical, petroleum-refining and pharmaceutical industries, and has participated in the development of conceptual, basic and detail engineering projects. She specializes in process simulation, plant debottlenecking and optimization, and relief systems design. She has a master’s degree in engineering management from Florida International University (Florida, 2008), and a degree in chemical engineering from Universidad de Buenos Aires (Argentina, 1996). She has published articles and delivered worldwide seminars focused in the use of simulation tools for the process industry.
Alberto Baumeister is the CEO and co-owner of the Ecotek group of companies (same address as above; Email: [email protected]). He has experience in corporate management, project management, and senior process consulting in engineering projects for the chemical, petrochemical, petroleum-refining, oil-and-gas, electrical power-generation and agro-industrial industries. He has a specialization in environmental engineering (gas effluents treatment) from the Universidad Miguel de Cervantes (Spain, 2013), a master’s diploma in water treatment management from Universidad de León (Spain, 2011), a specialization in management for engineers at Instituto de Estudios Superiores de Administración (Venezuela, 1990), and a degree in chemical engineering from Universidad Metropolitana (Venezuela, 1987). He was professor of the Chemical Engineering School at Universidad Metropolitana between 1995 and 2007, and has written a number of technical publications.