Bringing together Operational Risk Management and Process Safety Management in a cohesive process will help organizations achieve Operational Excellence.
I recently attended a meeting in the Middle East to perform the final on-site testing of our Operational Risk Management software platform before signing off and handing it over to the client.
One of the comments the customer made reminded me of the huge differences between the paper-based system I had grown up with and the advanced risk-mitigation system we were handing over to them.
Having worked in the Oil & Gas industry for 40-plus years before my present job, I have seen a lot of changes.
Several years ago, I was issuing a “permit to work” in a liquefied petroleum gas (LPG) refrigeration unit, the permit was for a mobile crane to enter, to facilitate the removal of a propane pump to the workshop for an impeller inspection.
I had a paper permit in my hand with boxes to check off whether the company’s requirements were being met, such as isolation, personal protective equipment, flammable gas test, etc.
At that time, we relied on memory, and our waterproof pocket notebook, to ensure any additional hazards were addressed. As the permit to work issuer, I knew I was introducing an ignition source (the crane engine and hot exhausts) into a unit with highly flammable gases (butane and propane) flowing through the pumps, compressors and pipes.
I had seen the out-of-service list for the unit in the foreman’s log book and knew there was a fixed gas detector head (part of the gas detection array) with an intermittent fault.
As I carried out the job-site inspection (not wearing fire-resistant clothing) my mitigation responsibility was:
- To have the area atmospherically gas tested. Then, as the crane moved in, more gas tests were conducted, and they were continuously completed during the job. It’s not as easy as it sounds; in those days we had a hand-puffed gas test machine.
- To inform the control operator to inform us immediately if the fixed-gas detector array went into alarm.
- To perform a Job Safety Analysis, if lifting over in-service piping and equipment. This was not the case, so it was not needed.
The permit receiver and I checked the pump was correctly isolated, the breaker in the substation had its two locks and tags in place, and the pump isolation valves in the field had operations and maintenance locks and tags in place. We then tried the field-start switch to confirm the correct pump was isolated.
I went ahead with my checks on the crane: Was its load-monitoring system working? Were its windshield and mirrors clean and not cracked? Did the rigger and driver both have working radios? Was its inspection sticker up to date? Was the operator’s driver’s license valid for this size crane?
The word risk was never mentioned; the focus was: “Is it safe?”
I issued the permit right then and there in the field, and the receiver took it and hung it up at the job site.
We went ahead and, using the crane, removed the pump body onto a wheeled trolley, which was then pulled to the roadway to be transferred to a truck that would take it to the workshop.
The receiver brought me his copy of the permit to work to close out the job.
This was the procedure at the time.
If we jump forward to 2019, how has this job changed?
Industry 4.0, and the search for excellence have pushed the boundaries to be able to understand risk and therefore make this type of work safer.
Today, software platforms exist that contain amazing technology compared to how it was back then.
With the provided software platform, the incoming shift supervisor/permit to work issuer will log onto the dashboard.
The first task is to take the handover from the outgoing shift supervisor/permit to work issuer, they would go through all ongoing work and planned work, and the risk levels in their assigned work area.
Once the oncoming supervisor has taken the shift, they could begin to examine the operations dashboard.
There would be displays showing:
- A list of active permits that would need review and acceptance.
- A work order action log of jobs that were imported from the maintenance management system. These are ready for draft permit to work to be developed.
- A list of permits waiting for risk review. Risk assessments are stored in an easily retrievable system. The available technology retrieves data faster than trolling through dusty books on a shelf. Once retrieved for the same job or a similar job, a review is required before use to confirm any additional hazards and controls that are needed.
- A display showing PSM/ORM barriers at risk.
On the section assigned permit to work, there is a job for removal of a pump to the workshop for an impeller inspection. This job is planned to start at 9 o’clock and is at the ready to issue “stage as shown” on the time view, at that time the risk level in the LPG refrigeration unit moves to high, showing red on the map and time view.
By viewing the barrier management screen, they can understand what is driving the high risk., This screen shows the International Association of Oil & Gas Producers (IOGP) 8 fundamental barriers. It shows in detail:
- The Detection System barrier was activated by the intermittent fault in the gas detection array.
- The Ignition Control barrier was activated by the issuing of a “hot work” permit for the crane entry into the unit.
- The Emergency Response barrier is activated by the emergency drill for this unit being overdue.
At the time of planning and scheduling for removal of the pump job, the risk level was low because the fixed gas detection array did not have the intermittent fault.
This high-risk situation needs further actions. In this case they would open the risk assessment template for the hot work permit and confirm that additional controls are needed or not as in the initial example.
| Have the area under continuous gas testing with Wi-Fi-enabled, portable gas detectors while the crane is in the unit during the job. |  |
| Inform the control operator to immediately inform them if there are any changes to fixed-gas detector alarm levels. |  |
| Monitor risk levels on an intrinsically safe mobile device while they are in the field supervising the job. |  |
| Review the risk assessment template when the crane arrives on-site for use in an operating area. |  |
So, what is going on in the background to feed the dashboard?
Behind this dashboard is a data-processing engine that is turning data into actionable insights.
The Process Safety risk visibility:
- The barrier was automatically activated by the intermittent fault in the gas detection array.
- The Ignition Control barrier was activated by issuing a hot work permit for the crane entry into the unit.
- The Emergency Response barrier is activated by the emergency drill for this unit being overdue, as entered manually by the safety department engineer.
These highlight major accident hazard event pathways as they start to build.
This graphic below is of the refined “Swiss cheese” barriers; some installations use a modified bowtie graphic.
Operationalizing the schedule to minimize Operational Risk:
- At the planning and scheduling stage when the work orders are brought in from the maintenance management system, they appear on the time view at the time and date assigned by the maintenance planner, and the dashboard screen offers a “list of approved work orders to action.”
- As each job is opened, and the location is confirmed for the job and the risk assessment is performed, a risk profile starts to build.
- While performing the risk assessment/Job Safety Analysis, a work-type template is selected, which in some cases will activate the related barrier and highlight the risk at the location the work is to be performed. (e.g hot work will affect the Ignition Control barrier)
- At this stage, conflicts will appear, such as the intermittent fault on the gas detection array that could have affected the Detection System barrier. To be able to bring this job forward, they will need to review the “list of approved work orders to action” to see if that job is on the list as it was previously waiting for the materials to facilitate the repair.
- They can move the job to another time and adjust the schedule with drag and drop. However, because people and materials are scheduled at the workshop this would increase costs.
- In this case, we could instigate the additional hazard controls and perform the work before the gas detection array is repaired back to its original state.
However, there are still doubters who ask, “Why change?”
A good example from my own personal experience is the recognition, adoption and value placed on fire-resistant clothing. Driven by various incidents around the world, different countries have introduced regulations while other countries leave it to the companies involved.
Having seen people exposed to burns wearing ordinary clothing and when wearing fire-resistant clothing, I can testify to the value of protective clothing. The difference is quite substantial, and there’s an increased survival rate.
I have shared a photo of myself (below) at work in a gas plant. My clothing was heavy cotton jeans and a short-sleeved cotton shirt, there were no rules on fire-resistant clothing at the time in the company I worked at.
Even in the U.K. chemical company where I worked in the ’70s, cotton coveralls were all that was required.
The second picture shows me in fire-resistant clothing as required at a job in 2015.
The third picture below shows a typical plant notice board requiring fire-resistant clothing among other things.
 |
 |
 |
If we can make such jumps in workplace personal protective equipment to protect our colleagues, we can make even larger jumps using technology to protect our assets.
What drives change?
Industrial disasters, such as Seveso, a chemical plant in Italy, 1976; Bhopal, a chemical plant in India, 1984; Piper Alpha, a production platform in the U.K. North Sea, 1988; and, more recently, Deepwater Horizon, floating drilling rig, in the U.S. Gulf of Mexico, 2010, all were investigated and legislative changes were introduced to try and prevent reoccurrence.
There is a gradual realization that digital technology can help in the prevention.
- In India, there is a big push to digitize Process Safety Management.
- In Europe, chemical plants are starting to invest in risk management technology.
- Most of the platforms in the North Sea now use this type of risk management technology.
- In the U.S., several hydrocarbon facilities have adopted technology to manage risk.
In conclusion: The concept of safety is inconsistent. Risk can be measured, and mitigation can lower risk levels and ensure everyone makes better operational decisions.
There is a lot of interest around the world in changing from the old adage “safety first” to understanding risk and its drivers in a move toward Operational Excellence. There is also resistance/reluctance to change. Those companies that have adopted technology to manage risk defiantly do see the benefits.
From the surveys we have performed, it is clear there is an appetite for change and recognition that real-time risk management technology is a key enabler.
To take part in the “2019 Process Safety and Operational Risk Management” survey, please click here.
The benefits of what digital technology brings to the table:
- Visibility of risk is available to everyone in the organization.
- Rather than make decisions on the day, they can be made at the planning stage.
- Additional/missing activities can be determined.
- Work packs are kept from previous iterations of this or similar jobs.
- Isolation plans and missing operational activities can be added.
- A digital reference library for Job Safety Analysis from past jobs.