AIE provides safety engineering services for a range of clients across the MENA region. We implement these services following a structured framework which links the maintenance and integrity systems together. The below question set communicates some of our basic principles and understanding regarding the subject.

Why and how are Major Accident Hazards identified?

Major Accident Hazards (MAH) are an inherent aspect of oil and gas production and processing operations; the exploitation of hydrocarbon reserves is inherently dangerous, by virtue of the energy density of the hydrocarbon fluids which are produced and/or processed, being typically flammable and potentially explosive in nature. Uncontrolled releases of the production fluids give rise to the increased possibility of fires and/or explosions, and the consequent considerable loss of human life, destruction of plant and major environmental damage.

The operation of Major Accident Hazard facilities requires a clear understanding of the potential causes of harm and the safeguards and/or barriers that are necessary in order to ensure that the potential for harm is eliminated, managed or reduced to a level which is as low as reasonably practicable (ALARP).

AIE considers that the identification of MAHs is one of the fundamental pillars in the safety management process for any given offshore or onshore oil and gas production facility; AIE’s methods for hazard identification provides the basis for the evaluation and definition of the dormant potential for harm that may be present in one form or another, however our primary object extends beyond simple identification. We extend our analyses to include the evaluation of the possible scenarios that could lead to the unwanted consequences of each MAH event, as well as the identification thereof. The nature of each inherent hazard is then subject to rigorous assessment in order to establish risk condition status; in so doing, AIE works to ensure that the barriers that are in place that serve to prevent the hazard from becoming manifest, or to mitigate the effects of the hazard should it become manifest, are properly identified and understood.

AIE’s methods are specifically structured and systematic, and involves the sub-division of major accident hazards into four specific categories:

1. Process major accident hazards, which are potentially caused by the mal-operation of the plant;
2. Hardware major accident hazards, which are potentially caused by the failure of process equipment;
3. Controls major accident hazards, which are potentially caused by control systems malfunctions;
4. Human factors major accident hazards, which are potentially caused by human error.

There are a number of specific tools and/or analytical processes that are employed in the formal identification and evaluation of Major Accident Hazards; these typically include, but are not strictly limited to hazard checklists, cause-consequence analysis, functional integrated hazard analysis, concept hazard analysis, reliability analysis, method organised systematic analysis of risk (MOSAR), human hazards identification, hierarchical task analysis, predictive human error analysis and the like.

What is a Bowtie Risk Assessment, what information does it contain and why are they used?

Major Accident Hazard causation models are useful illustrations of the primary protective and preventative barriers that are in place to prevent or control a given hazardous event; such models serve to provide a broad overview of ‘layered security’ or ‘defence in depth’, where each of the layers constitute defensive barriers which serve to either prevent the incidents from occurring, or to limit the effects of the event should it occur. The barriers in the accident causation illustration below, which are preventative and protective, contain discrete holes which serve to represent the inherent weaknesses in barrier effectiveness, on the basis that absolute or perfect prevention or protection in the real world is not achievable. The accident causation model demonstrates that weaknesses in any given barrier do not allow the hazard to materialise as other barriers also exist; for the hazard to materialise, multiple barriers are required to be breached. The illustration below forms the basis of Bowtie Risk Assessments.

Figure 1: Major Accident Hazard Causation (or ‘Swiss Cheese’) Model

Bowtie risk assessments are a visual means of representation of the primary initiators of a given Major Accident Hazard event and the associated consequences. The barriers that are present, whether inherent (as a consequence of the design process) or physical (such as instrumented protective systems) or interventional (such as planned maintenance) are also presented on the basis of the lines of defence, or more appropriately the layers of protection that each constitutes in the prevention, detection or mitigation of the primary hazard event. Unlike traditional risk assessment tools, the Bowtie risk assessment method makes the link between the risk control measures that are in place and the primary risk management system that is in use.

Figure 2: Bowtie Risk Assessment

The example Bowtie risk assessment which is presented above is a simple illustration; the primary hazard event is shown in the center of the illustration (the summary narrative which is bounded by the circle; the specifics of the hazard and the initiating event are also shown), whilst the initiating events (i.e. the primary threats associated with each hazard) are shown on the left and the associated consequences are displayed on the right; the respective layers of protection, in the form of barriers are also included on the display (with barrier effectiveness highlighted as a score from 1 to 5, with 5 being representative of the fully functional and effective state).

Bowtie risk assessments facilitate the ready assimilation and comprehension of the significance and effectiveness of the hazard prevention and protection measures that are in place at any given facility. They are particularly useful in helping to understand the functional interactions and inter-dependencies of the primary barriers that are in place, their potential decay (or failure) modes and the secondary barriers that are in place and their relative effectiveness in the context of safe operations. The visual representation of the primary hazards, threats and barriers is particularly useful given that the removal of a barrier or set of barriers for maintenance purposes, or where barriers may have malfunctioned or degraded, the effects in terms of the possible weakening of the protective functions or safety measures then becomes readily evident.

The prevention or protection barriers are generally constructed in order to reflect the nature of which each constitutes, typically adopting specific nomenclature to reflect barrier status – i.e. fully functional, partially functional or non-functional. We consider that knowledge of the nature of the inherent hazard and the type and number of barriers in place is vital in the assessment of risk and in the formulation of risk management measures. We take care to ensure that once the hazards and risks are known, that each satisfy the ALARP condition, where options for further risk reduction are explored in detail but that the appropriate checks and balances are made to ensure that those risk reduction measures do not become grossly disproportionate (i.e. certain risk reduction measures may constitute a substantial cost penalty which may be disproportionate in the context of the degree of risk reduction which may be realised and accordingly may be dispensed with as a risk management option).

What are the benefits of Bowtie Risk Assessments as a Management Tool?

Bowtie risk assessments are particularly useful given that they provide a demonstrable link between the various major accident scenarios that are identified and the measures which are in place to defend against them. There are other means by which such a link can be demonstrated (such as Safety Assessments, Safety Cases and the like) however there are considerable benefits of adopting the Bowtie approach as these provide the clearest graphical illustration which is readily understandable and is very quick to assimilate.

AIE’s well established and well developed Bowtie risk analysis process can be effectively used to develop a risk-based platform for the ongoing management and prevention of Major Accidents. Such an approach is very strongly advocated by AIE, the benefits of which are summarised as follows:

1. Bowtie risk assessments visually demonstrate and communicate the link between the controls that are in place and the associated Safety Management System.
2. Bowtie risk assessments readily facilitate risk reduction by identifying where measures and resources should be deployed (i.e. on risk prevention or risk mitigation, or both).
3. The methodology is readily employable and is extremely effective in demonstrating what controls are in place and why.
4. Bowtie risk assessments clearly demonstrate the relative importance of maintaining the effectiveness of each of the primary barriers that are in place and in understanding the effects that degraded barriers have on safety. They also assist in the targeting of maintenance, inspection and testing activities on critical preventative and mitigation barriers.
5. Bowtie risk assessments raise awareness and improve understanding and knowledge among plant personnel of the potential Major Accidents that could occur and the reliance on critical controls that prevent those Major Accidents from occurring.
6. Bowtie risk assessments enable proper and effective risk management to be demonstrated; they are also known to be very useful in contributing to, or the demonstration of, regulatory compliance.

How are Major Accident Hazards, Bowtie Risk Assessments and Safety Management Practices and Processes linked and why?

The primary requirement for any operator of Major Accident Hazard facilities is to ensure that all measures that are deemed necessary in order to prevent Major Accidents from occurring, or those measures that are aimed at limiting the potential consequences are properly and effectively implemented.

Figure 3: Major Accident Hazards, Bowtie Risk Assessment and Safety Management System

There are three key elements to the safe operation of Major Accident Hazard facilities:

1. Identify all Major Accident Hazards;
2. Assess Hazards and Risks;
3. Proactively Manage the Risks.

Identification of the Major Accident Hazards which could arise is an essential prerequisite in determining the measures that are deemed effective and suitable in order to reduce the risk. However, in order to understand the use and application of Bowtie risk assessments as part of the wider safety management measures, the transition must be made from MAH identification to the assessment and management of risk. Such a process would require the orderly, systematic examination of causes leading to potential releases of hazardous substances and what safeguards must be implemented to prevent and mitigate a loss of containment that may result in personnel fatalities, major environmental impact, or asset destruction. Such an approach, as is outlined in Figure 3 above, provides a clear demonstration that Major Accident Hazards have been identified and that Major Accident risks are being proactively managed.

If you would like to understand how our team can support your MAH, Bowtie or other service requirements, please visit our contact us page and we will promptly respond to your enquiry.