Professional Documents
Culture Documents
QP Philosophy For Hse Risk Management
QP Philosophy For Hse Risk Management
QP PHILOSOPHY FOR
HSE RISK MANAGEMENT
REVISION 1
TABLE OF CONTENT
Page No.
FOREWORD
1.0 INTRODUCTION............................................................................................ 5
1.1 QP POLICY REQUIREMENTS...................................................................... 5
1.2 QP HSE MANAGEMENT SYSTEM................................................................ 5
1.3 QP HSE RISK MANAGEMENT (HSE RM)..................................................... 6
1.4 OBJECTIVES................................................................................................. 9
1.5 QP HSE RISK MANAGEMENT PRINCIPLES................................................ 9
2.0 SCOPE………………………………………………………………..................... 10
10.0 RESPONSIBILITIES...................................................................................... 39
10.1 EXECUTIVE MANAGEMENT......................................................................... 40
10.2 DIRECTORS AND CORPORATE MANAGERS............................................. 40
10.3 LEADERSHIP (REGIONAL/ DEPARTMENTAL/ BUSINESS UNIT/ SITE)
MANAGEMENT.............................................................................................. 40
10.4 MANAGER, CORPORATE HSE SUPPORT (ST).......................................... 40
10.5 ENGINEERING............................................................................................... 41
10.6 CORPORATE HSE RISK MANAGEMENT STEERING COMMITTEE.......... 41
10.7 CORPORATE HSE RISK MANAGEMENT GROUP...................................... 42
10.8 REGIONAL HSE RISK MANAGEMENT TEAMS........................................... 42
10.9 ENTITY (BUSINESS UNIT/DEPARTMENTAL/SITE) LEVEL HSE RISK
MANAGEMENT WORKGROUPS.................................................................. 43
12.0 APPENDICES................................................................................................ 47
12.1 APPENDIX I – TABLE 2 GUIDANCE ON SELECTION OF TOOLS.............. 47
12.2 APPENDIX II – A TYPICAL HSE RISK REGISTER FORMAT....................... 48
FOREWORD
The document in its present form reflects, as far as possible, the Corporation‘s current
requirements taking into account current industry practices and applicable national and
international codes and standards.This document shall be subjected to periodical
review to re-affirm its adequacy to conform to any changes in the corporate
requirements and to include any new developments on the subject.
It is recognized that there will be cases where addenda or other clarifications need to
be attached to the standard to suit a specific application or service environment.
However, the content of the document shall not be changed or re-edited by any user.
Any addendum or clarifications entailing major changes shall be brought to the
attention of the Custodian Department.
1.0 INTRODUCTION
1.1 QP POLICY REQUIREMENTS
Qatar Petroleum is committed to the protection of the health and safety of its
employees, contractors and members of the public, as well as the protection of its
assets and the environment. QP‘s policy is to conduct its activities such that it strives
towards an incident free, secure, safe and healthy workplace with the objective of
doing no harm while conducting its business.
The Policy furthermore states that QP policy is to conduct its activities such that it;
Complies with all applicable legislation, regulations and relevant industry
standards,
Manages occupational health, safety, quality, environment and sustainable
development matters as an integral part of its business activities,
Promotes the health and safety of its employees, contractors, visitors and the
local community, and
Considers the environmental impact in all phases of QP business including
engineering design, construction, testing, commissioning, operations,
maintenance and decommissioning of plants, facilities and equipment.
On general HSE issues, QP manages all risks to a level which is ALARP.
The assessment and control of risk are essential requirements for proactive HSE
management. In order to make a value judgement and to decide acceptability of
risks, easily understood criteria should be set and rigorously followed. Risk criteria
are required to ensure consistency in evaluating the results of relevant studies and to
formulate a proactive approach to accident and incident prevention.
1.3 QP HSE RISK MANAGEMENT (HSE RM)
1.3.1 Organizational objectives relate to a range of the organization's activities; from
strategic initiatives to its projects, processes and operations, and be reflected in
terms of societal, environmental, technological, safety and security outcomes,
commercial, financial and economic measures, as well as social, cultural and
reputation impacts.
1.3.2 All activities of an organization involve HSE risks that need to be managed. The HSE
risk management process aids decision making by taking account of uncertainties
RISK ASSESSMENT
Identification of the Risks
What can happen?
How it can happen?
Identifying the source of risk,
events – their causes and
potential consequences
Communicate and Consult
Make decisions
on acceptability
1.3.8 This corporate HSE Risk Management philosophy is the overarching standard
establishing HSE Risk Management requirements to be followed throughout QP in
all its operations and activities.
1.4 OBJECTIVES
1.4.1 The primary objective of this philosophy is to describe the HSE risk management
concepts, principles and processes which are the minimum recommended for use
within the QP Businesses, Functions and Business Units (Regions, Directorates and
Departments, Projects, etc.). The objective is also to identify the risk tolerability
criteria which shall, as a minimum, be used within QP Businesses, Functions and
Business Units.
1.4.2 The objective is further to provide an efficient and effective HSE risk management
process for planning, identifying, analyzing, mitigating and responding to HSE risks
throughout the life cycle as well as setting out a control mechanism for minimizing /
eliminating HSE risks events impacting the QP.
1.4.3 This philosophy specifically aims:
To introduce a common and consistent approach to HSE risk management
throughout QP Businesses, Functions and Business Units.
To introduce common risk terminology as a basis for sharing of the principles,
training methods, ideas and resources throughout QP Businesses, Functions
and Business Units.
To highlight techniques used to arrive at the qualitative and quantitative risk
assessments of QP Businesses, Functions and Business Units.
To set the basis for risk acceptance criteria and to set specific and consistent
tolerability criteria for qualitative and quantitative assessment of risk levels which
are applicable throughout the QP Businesses, Functions and Business Units.
1.4.4 The principles of HSE risk management as outlined in this philosophy are meant for
all QP Managers and Supervisors. The philosophy should assist management in
making critical HSE decisions as well as assist line supervision in the day to day
management of site HSE risks.
1.4.5 Since QP HSE MS Element 5 requires all QP businesses to have systems which
identify, assess, and manage risks, this document will be used during the
development and updating of risk management systems and procedures.
1.4.6 This philosophy does not aim to provide detailed guidance on specific hazard/
aspect identification (e.g. HAZOP, HAZAN, HAZID, ENVID) or risk assessment
techniques (e.g. QRA, EIA). Reference should be made to other referred detailed
documentation available either as corporate standards, guidelines or inter
departmental procedures.
1.5 QP HSE RISK MANAGEMENT PRINCIPLES
The following are the HSE Risk Management principles to which QP commits to comply:
a. HSE Risk Management creates and protects value.
b. HSE Risk Management is an integral part of all organizational processes.
c. HSE Risk Management is part of decision making.
d. HSE Risk Management explicitly addresses uncertainty.
c. HSE Risks associated with Refining operations and activities such as value
addition to crude and condensate, management of reactor catalyst, blending, risk
based inspections of static equipment and pipelines, LPG filling plants and bulk
loading facilitates, including storage of refined products.
d. Operational HSE Risks associated with Onshore and Offshore operations
including operation and maintenance of well heads and well head treatment
plants, injection Stations, Gas Separation, stripping and recycling. This covers
inspection & monitoring of the Gas Distribution System (GDS) to domestic supply
and refinery facilities, and provision of helicopter services.
e. HSE Risks associated with Export & Storage facilities including export terminals,
ports & jetties and Storage terminals, islands and SBMs together with the
necessary logistical support of the activities undertaken there.
f. Marine activities – HSE risks associated with providing of marine logistics sub
sea inspection and diving services repair and non routine maintenance of fixed
offshore structures, SBMs and maintenance of tankers.
g. HSE Risks involved with Administrative Directorate Activities such as
Schooling and Corporate training,
Housing and office accommodation (including housekeeping),
Building maintenance, catering, transportation, recreation facilities,
Provision of primary healthcare, medication, health surveillance and
integrated emergency medical responses.
1
The key elements of the project risk management process are specified in an inter-
departmental procedure, IP-ENG-030.
4.0 TERMINOLOGY
4.1 DEFINITIONS
ACCIDENT See ‗incident‘.
AS LOW AS A term used to define tolerable risk acceptable only where risk
REASONABLY reduction is impracticable or cost benefit analysis is carried
PRACTICABLE out and judgment made that cost of risk reduction is grossly
disproportionate when compared to the actual risk reduction
that would be achieved. ALARP means to reduce a risk to a
level which is ‗as low as reasonably practicable‘ and involves
balancing reduction in risk against the time, trouble, difficulty
and cost of achieving it. This level represents the point,
objectively assessed, at which the time, trouble, difficulty and
cost of further reduction measures become unreasonably
disproportionate to the additional risk reduction obtained.
AUDIT Systematic, independent and documented process for
obtaining audit evidence and evaluating it objectively to
determine the extent to which an audit criteria is fulfilled
CAUSE Factor contributing alone or in combination with others to a
Deviation and its Consequences.
CONSEQUENCES Consequences are the results of the failure of controls (or the
absence of controls) to prevent an incident. They are usually
expressed in terms of injury, loss or damage to People,
IDENTIFY RISKS
ANALYSE RISKS
EVALUATE RISKS
TREAT RISKS
Some methods, widely made use of, during each step of overall risk assessment
process are listed below Fig. 5.
Theoretical Evacuation
Modelling Modelling
Helicopter
crash/impacts
The numeric value of individual risks, which are regarded as intolerable for
QP is 10-3 per year for existing (In operation Pre 2003) installations and 10-4
per year for new installations (In operation after 2003).
IR value falling within the band between broadly acceptable and unacceptable is
TOLERABLE OR ALARP region, requiring ALARP demonstration, by either
qualitative or quantitative Cost Benefit Analysis (CBA).
Based on above, the Individual Risk Criteria for QP is defined in three regions viz;
the UNACCEPTABLE region, the TOLERABLE OR ALARP region and the
BROADLY ACCEPTABLE region, as depicted in Fig. 6.
Based on the ALARP principle, which underlines the risk tolerance, the Individual
Risk Criteria for QP is as follows:
a. Individual Risk Tolerability Criteria for Workers (Including contractor
employees)
For existing (In operation Pre 2003) installations, Individual risk levels above
1x10-3 per year will be considered unacceptable and will be reduced,
irrespective of cost.
For new installations (In operation after 2003), Individual risk levels above
1x10-4 per year will be considered unacceptable and will be reduced,
irrespective of cost.
Individual risk levels below 1x10-6 per year will be deemed acceptable.
For existing (In operation Pre 2003) installations, Individual Risk levels
between 1x10-6 and 1x10-3 per year and for new (In operation after 2003)
installations, Individual Risk levels between 1x10-6 and 1x10-4 per year will
be reduced to levels as low as reasonably practicable (ALARP). That is the
risk within this region is tolerable only if further risk reduction is considered
impracticable because the cost required to reduce the risk is grossly
disproportionate to the improvement gained.
b. Individual Risk Tolerability Criteria for Public (All those not directly
involved with QP activities)
For existing (In operation Pre 2003) installations, Individual risk levels above
1x10-4 per year will be considered unacceptable and will be reduced,
irrespective of cost.
For new (In operation after 2003) installations, Individual risk levels above
1x10-5 per year will be considered unacceptable and will be reduced,
irrespective of cost.
Individual risk levels below 1x10-7 per year will be deemed acceptable.
The above Individual Risk Tolerability Criteria for QP is depicted in Figs 7 & 8.
Fig. 7: Risk Tolerability Criteria for Individual Risk to Workers and Public –
Existing (In operation pre 2003) Installations
Fig. 8: Risk Tolerability Criteria for Individual Risk to Workers and Public – New (In
operation after 2003) Installations
For the interpretation in QP, societal risk shall be used to encompass both public and
worker risk and is expressed in the form of F-N curves.
For societal risk, criteria are the demarcation or bands on an F-N curve, as illustrated
in Fig. 9, showing the cumulative Frequencies (F) of events involving N or more
fatalities. The F-N Curve represents societal risk for a single fixed installation only,
like a refinery, a process plant or a platform.
Calculated risk profiles that fall above the top line are considered unacceptable and
must be reduced to tolerable levels immediately, irrespective of cost or alternative
ways of carrying out the operation or activity should be investigated. If there are no
alternatives, then the operation or activity should not proceed. An activity is
considered undesirable above the top line, even if the individual risk criteria are met.
Profiles found below the bottom line require no further mitigation. For profiles
between the lines, additional mitigation should be done, with the goal of moving the
profile closer to the tolerable region.
To illustrate an example of societal risk, note the ‗A‘ in the upper portion of the graph
which is marked ―Unacceptable Risk‖. The ‗A‘ is located at the axis of the lines
‗1x10-4‘ (1 in 10,000 years) and 10 fatalities. The ‗A‘ thus represents an event which
would kill 10 people at a frequency of once in 10,000 years. This is unacceptable.
This principle of societal risk indicates that society‘s tolerance for risk decreases as
fatalities increase.
Fig. 9: F-N Curve: Societal Fatal Risk Tolerability, Single Fixed Installation Only
All thermal radiation modeling must take into account Solar radiation (=986 W/m 2) in
the consequence estimation.
7.1.4.4 Toxic gas exposure
The consequence distances should be identified for the following levels of H2S gas:
10 ppm - Alarm set point for H2S gas detection
100 ppm - Indicative of ~1% fatality probability (for 30 min exposure)
1000 ppm - Indicative of 50% fatality probability (for 15 min exposure)
7.1.4.5 Flammable Gas dispersion
The consequence distances should be identified for the following:
Lower Explosive Limit
50% Lower Explosive Limit
20% Lower Explosive Limit
7.2 QUALITATIVE CRITERIA LEVELS
7.2.1 Risk Assessment Matrix (RAM)
The Risk Assessment Matrix (Fig. 10 below) is a tool that standardises qualitative
risk assessment, facilitates the Qualitative categorisation of HSE risks and, where
appropriate, used for prioritisation of activities and resources. The matrix axes,
consistent with definition of risk, are Consequences (Impacts) and Probability
(Likelihood). For different applications different overlays can be used.
Risk Assessment Matrix (RAM)
INCREASING LIKELIHOOD/PROBABILITY
CONSEQUENCES A B C D E
Never heard of Has Occurred Has Occurred Occurs Occurs
Potential Asset damage
Environmental Reputation in Industry in Industry in QP several times several times
Severity People & business
effect Impact a year in QP a year at this
losses
site
INCREASING SEVERITY
After assessing the potential consequence, the likelihood on the horizontal axis is
estimated on the basis of historical evidence or experience that such consequences
have materialised within the industry, QP as Corporation or at a QP location. Note
that this should not be confused with the likelihood of the hazard being
realised or the event (incident) occurring; it is the likelihood of estimated
potential consequences occurring.
Estimation of likelihood and consequences is not an exact science. The
consequence estimates are based on envisaged scenarios of what might happen
and likelihood estimates are based on historical data and/or experience that such a
scenario has happened under similar condition, knowing fully well that circumstances
will never be exactly the same. Assessing the risk of a particular scenario should be
done in the above sequence, i.e. first the potential consequences are estimated and
only thereafter the likelihood of such consequences occurring are estimated.
7.2.1.1 Assessment of potential consequences
The consequences of a release of a hazard are identified in each of the four
categories (harm to people, asset damage, adverse environmental effect and
company reputation) by selecting an appropriate description of the vertical axis of the
matrix. Consequences should be estimated as the consequences that could have
resulted from the released hazard if circumstances had been less favourable. On the
basis of what might have resulted under slightly different circumstances.
Examples are:
A crane drops a load one Damage to load Fatal injury if a person had
Meter away from a person been under the load
Car rolls over on a desert road Damage to car, no injury Serious injury of fatality
(seat belt worn)
Operator opens wrong valve; Minor pollution Major effect if the spill had
Diesel fuel polluting seashore; not been noticed so quickly
Quickly spotted by someone else
horizontal axis is defined in general terms as well as average industry figures from
historical data.
This assessment is indicative of likelihood of undesired consequence materialising.
Note that this should not be confused with the likelihood of the hazard being realised
or the event (incident) occurring; it is the likelihood of estimated potential
consequences occurring.
7.2.1.3 Risk ranking
Using theRisk Assessment Matrix, HSE risk is ranked (rated) by three characters
made up as follows:
The first character is a measure of the likelihood of an undesired event: A to E
The second character is the consequence severity that could occur with that
event: 0 to 5
The third character shows to which consequence category the assessment
pertains:
- People (P), Asset (A), Environment (E) and Reputation (R)
The intersection of the chosen column with the chosen row is the risk rating.
Incidents can have same consequences in all the four categories. For the same
scenario, different classifications may apply to P, A, E and R. the overall risk of an
incident is classified as to which of the consequences has the highest rating.
7.2.2 Use of RAM in QP HSE Risk Management
A suitable application for using the Risk Assessment matrix as an element of QP
HSE Risk Management system to identify and reduce risks to As Low As
Reasonably Practicable (ALARP) is shown in Fig. 11.
A B C D E
Environment
Reputation
damage &
business
lossess
Never heard in Has occurred in Has occurred in Occurs several Occurs several
impact
People
Asset
effect
2 Minor injury Minor damage Minor effect Minor impact (Blue Zone)
or Health (between QR
effects 35,000 and
350,000)
3 Major injury Moderate Moderate Moderate Incorporate risk
or Health damage effect impact
effects (between QR
reduction measures,
350,000 and and demonstrate
3.5 Million)
4 Single Major damage Major effect Major impact ALARP Intolerable,
fatality or (between QR
permanent 3.5 Million and
Reduce to Yellow Zone
total 35 Million) (Yellow Zone) before the activity or
disability operation takes place,
5 Multiple Massive Massive Massive
investigate alternatives,
fatalities damage impact impact
(> QR 35 (Red Zone)
Million)
The QP Risk Assessment Matrix shown above is a useful tool that will help line
management in understanding HSE risk related statements in policy, procedures and
strategic objectives, and their interpretation (in terms of tolerable HSE risk) in their day-
to-day operations and assets.
Tolerable HSE risk should be separately assessed for People, Assets, Environmental
and Reputation Impact. The shading shown in the above figure is the recommended
minimum practice.
The focus provided by using the QP RAM enables QP line management to determine
whether the HSE risk levels arrived at in the QP‘s operations and activities are tolerable
and whether they fit with current corporate policies and procedures. For example, if an
operation or activity would result in scenarios that lie in an area on the QP RAM that the
QP would normally regard as ‗unacceptable‘ in policy terms (Red Zone), then alternative
ways of carrying out the operation or activity should be investigated. If there are no other
alternatives, then the operation or activity should not proceed.
Risk will always have to be reduced to a level that is both tolerable and As Low As
Reasonably Practicable (ALARP); however, in the yellow and red shaded areas a
documented demonstration is required.
The QP RAM can also be used on a scenario-by-scenario basis to prioritise HSE risk
reduction efforts. It is adaptable to varying levels of information and depths evaluation. It
has a built-in presentation format that lends itself to the review. Because it is qualitative,
expert knowledge is not required, however experts can reach risk understanding fairly
quickly.
The matrix should be used for defining which operations or facilities require a
quantitative risk assessment. If the risks of an installation would initially, without special
measures, end up in the red area, an assessment would be required to demonstrate that
controls for high risks are in place, and to show that the risks are tolerable and have
been reduced to ALARP.
If there are no risks in the red area, a documented assessment should demonstrate that
existing risks are tolerable and reduced to ALARP.
Major Installation Never heard Has occurred Has occurred Occurs several Occurs several
e.g. Offshore in our industry in our industry in QP times a year in times a year this
Platform, LNG QP location
Plant, Refinery etc.
Process Has not Has occurred Has occurred Has occurred Occurs several
Downstream, occurred in in our industry once in QP several times times in one of
Storage, our industry in QP since the units of QP
Loading areas, company
Export Terminals, existence
Ports
Drilling rig Credible but Has occurred Has occurred Has occurred Occurs several
not heard of in drilling industry in a major more than 1/yr times per year on
in drilling drilling in a major a drilling rig
industry company drilling rig
Transportation Has not Has occurred Has occurred Has occurred Has occurred
Activities occurred in in industry in in QP in last 3 in QP in last 1 more than once
industry last 5 years years year in QP in last year
c. Environmental effect
No. Description
0 No effect – No environmental damage
1 Slight effect – Slight environmental damage, contained within the premises,
2 Minor effect – Minor environmental damage, but no lasting effect
3 Moderate effect – Limited environmental damage that will persist or require cleaning up
4 Major effect – Severe environmental damage that will require extensive measures to
restore beneficial uses of the environment
5 Massive effect – Persistent severe environmental damage that will lead to loss of
commercial or recreational use or loss of natural resources over a
wide area
d. Reputation
No. Description
a. General
b. Projects
c. Operations
d. Contractor activities
e. Processes
f. New ventures / Acquisitions
g. Closure
h. Miscellaneous
8.1 GENERAL
All the activities undertaken or overseen by QP Directorates and/or Departments are
covered under this category. Some of the examples of Departmental activities are as
below.
Schooling
Corporate training
Housing and office accommodation (including housekeeping),
Building maintenance
Catering
Transportation
Recreation facilities
Providing of marine logistics
Subsea inspection and diving services
Repair and non routine maintenance of fixed offshore structures
Maintenance of tankers
Provision of primary healthcare, medication, health surveillance and integrated
emergency medical responses
It is a requirement that HSE Risk Assessment will be carried out for all these
activities using any one of or a combination of different methodologies / tools /
techniques before undertaking the activity. Table-2 in appendix-I provides the
guidance on selection of the tools.
8.2 PROJECTS
This category covers all the activities undertaken through projects including, but not
limited to, all capital projects executed by the Technical Directorate, all projects
executed by Operation Engineering, and projects resulting from Plant Change
Requests (PCRs).
Various HSE Risk Assessments are envisaged to be performed throughout all
phases of project execution i.e. starting from Project Initiation to handover and
completion (Project Stage 1 to Project Stage 5) given below.
Project Stages 1 to 5
Project Initiation
Concept Definition (Feasibility studies and concept optimization)
Engineering definition (FEED)
Implementation (EPIC)
Handover and completion
During execution of a project, management of Health and Safety hazards and
related risks, throughout the project life cycle, shall be carried out by various H&S
direct and indirect causes, immediate and remote factors, basic and underlying
causes, latent failures and, or root causes.
Use of Risk Assessment Matrix for incident management shall be in compliance with
QPR-STM-001 Corporate Procedure for Incident Management. As per the
procedure, significant Incidents are those within High and above on the Risk
Assessment Matrix (RAM).
Periodic HSE Auditing is undertaken throughout QP at both, specific internal to
business units / Department / sites (First Party) and Corporate (Second Party).
Corporate HSE, being the conscience keeper on behalf of the MD conduct second
party HSE RM Audit of all locations and facilities to; ensure compliance with
corporate requirements, identify improvement opportunities and devise intervention
measures.
Findings from HSE Auditing shall be classified in accordance with the QP Risk
Assessment Matrix (Fig. 11) and the Rating Level table (Table-3 below) in line with
QP HSE Risk Management Auditing Standard (To be developed)
All findings are to be classified during brainstorming session of the auditing team,
based on their professional judgment. While classifying the findings, the risk criteria
{e.g. P(people)-4B, A(Asset)-3D) etc.} shall be included in the report. The primary
criteria for rating each finding shall be the risk to achieve the entity‘s business
objectives.
8.6 NEW VENTURES/ ACQUISITIONS
All the new ventures and/or acquisitions, green field as well as brown field sites,
either fully owned or managed by QP, or in joint venture with any other organization,
are covered in this category.
It is a requirement that appropriate HSE Risk Assessment, commensurate with the
complexity and details of the venture, will be carried out for all the new ventures
and/or acquisitions using most appropriate and applicable methodologies / tools /
techniques, at an early stage of finalizing the venture.
used. Blue is used to denote risks where management considers the risk is broadly
acceptable.
For risks that are not acceptable, time de-limited actions are required that will result
in the risk being acceptable (the ―get-to-blue goal‖).
Three generic actions can be taken to manage risks.
a. Avoid or reduce the risk: Use alternatives, put in place appropriate controls
(preventative and detective) to manage the risk to maximise value.
b. Transfer and/or share risk: Some risks are transferred (for example to an
insurance company) or shared (for example with contractors or joint venture
partners).
c. Terminate or forego activity: Risks are avoided, for instance by stopping an
activity or withdrawing from a project or operation. Generally, risks are retained
and managed when an entity (e.g. Business Unit / Department / Site) has the
capability to manage it better than others and is sufficiently rewarded for that.
Alternatively, risk is transferred or shared when others are better able to manage
the risk at an acceptable cost.
The implications of transferring risks to a third party are assessed as part of this
decision. For example, in most of the QP‘s projects, contractors are involved to
provide goods and services. The assessment of the capabilities of contractors and
their selection is therefore a key factor in managing HSE risk. A decision to transfer
risk to a contractor takes into account the contractor‘s ability to manage that risk and
their willingness to accept the risks.
The impact of the actions being taken and/or changes in the risk environment will
change the acceptability of the risk. For example if a risk is assessed as ―yellow‖ and
―improving‖ for several consecutive periods a re-assessment of its acceptability level
is needed, which may lead to a change in acceptability to ―blue‖.
9.1 SELECTION OF RISK TREATMENT OPTIONS
Selecting the most appropriate risk treatment option, either individually or in
combination, involves balancing the costs and efforts of implementation against the
HSE benefits derived, with regard to legal, regulatory, and other requirements such
as social responsibility, values and perceptions of stakeholders and the protection of
environment.
Risk treatment itself can introduce risks. A significant risk can be the failure or
ineffectiveness of the risk treatment measures. Monitoring needs to be an integral
part of the risk treatment plan to give assurance that the measures remain effective.
Risk treatment can also introduce secondary risks that need to be assessed, treated,
monitored and reviewed. These secondary risks should not treated as a new risk &
be incorporated into the same treatment plan as the original risk. The link between
the two risks should be identified and maintained.
9.2 PREPARING AND IMPLEMENTING RISK TREATMENT PLANS
The purpose of risk treatment plans is to document how the chosen treatment
options will be implemented.
The information provided in treatment plans should include:
the reasons for selection of treatment options, including expected benefits to be
gained;
responsible for
implementing the plan;
proposed actions;
resource requirements including contingencies;
performance measures and constraints;
reporting and monitoring requirements; and timing and schedule.
Treatment plans should be integrated within the management processes and
discussed with appropriate stakeholders. Decision makers and other stakeholders
should be aware of the nature and extent of the residual risk after risk treatment. The
residual risk should be documented and subjected to monitoring, review and, where
appropriate, further treatment.
9.3 REQUIREMENTS
9.3.1 Unacceptable Region / Red Zone / High Risk
This level of risk exposes QP to intolerable consequences on People, Assets,
Environment or Reputation. The hazard should be eliminated or its risk reduced to
tolerable levels immediately or alternative ways of carrying out the operation or
activity should be investigated meaning that ACTION MUST BE TAKEN
IMMEDIATELY TO REDUCE THE RISK IRRESPECTIVE OF COST. If there are no
other alternatives, then the operation or activity should not proceed.
9.3.2 Tolerable or ALARP Region / Yellow Zone / Medium Risk
This level of risk exposes QP to moderately tolerable consequences on People,
Assets, Environment or Reputation. The hazard(s) must be managed to reduce the
frequency and/or the severity of the hazardous events and the risk must be reduced
to levels as low as reasonably practicable (ALARP). That is the risk within this region
is tolerable only if further risk reduction is considered impracticable because the cost
required to reduce the risk is grossly disproportionate to the improvement gained.
RISK REDUCTION MEASURES TO ALARP LEVELS MUST BE PLANNED AND
DOCUMENTED.
9.3.3 Broadly acceptable Region / Blue Zone / Low Risk
This level of risk exposes QP to broadly acceptable consequences on to People,
Assets, Environment or Reputation. Though these are generally accepted without
any further action, it is a QP requirement to manage low risks for continuous
improvement.
Risk will always have to be reduced to a level that is both tolerable and As Low As
Reasonably Practicable (ALARP); however, in the yellow and red shaded areas a
documented demonstration is required.
The documented assessment demonstrating ALARP shall include;
Agreed actions, responsible person(s), and completion date(s).
Assurance activities to regularly follow the progress to ensure actions are closed
per the plan.
9.4 DEMONSTRATING ALARP
ALARP is considered demonstrated if alternatives have been considered and it is
concluded that further risk reductions are impracticable and the cost thereof are
grossly disproportionate to the HSE benefit gained.
In all cases consideration should be given to reducing risk to ALARP reflecting the
balance of cost and HSE benefit. To reduce a risk to ALARP involves balancing
reduction in risk to a level, objectively assessed, where the cost of further reduction
measures becomes unreasonably disproportionate to the risk reduction obtained.
Demonstrating ALARP requires consideration of all the hard and soft issues related
to a range of options. It requires a judgmental decision with the full knowledge of all
options, associated risks and costs.
Specifically in the context of engineering, ALARP is not just a demonstration that
risks of the preferred or selected option are considered acceptable and/or
comparable to other similar developments. Demonstrating ALARP requires
consideration of fundamentally different options to provide assurance that QP gets
best value for money over the lifetime of a facility or operation.
In defining ALARP risk reduction measures, the potential for changes in risk
tolerability criteria with time should be borne in mind for those projects or operations
with a considerable life span. Rather than applying fit-for-purpose now, the
contingency should be built-in which allows for seamless ALARP upgrade without
costly retrofits. What is considered ALARP today may no longer be acceptable in
the future, for example:
a) the applicable legislation may change,
b) public awareness may increase and/or tolerance may decrease,
c) QP‘s HSE objectives may become more stringent.
Determining the exact level of ALARP is difficult and depends on many factors such
as internal/external influences and the nature of the hazards and associated risks.
One may arrive at different ALARP definitions for identical risks which occur at
different locations. As such it is critically important to fully understand the effects of
risk reduction measures, specifically for those risks which require multiple measures
to achieve ALARP. The effects of the individual measures should be fully explored
with a view to avoiding potential clashes and/or overlaps.
Every effort should be made to ‗design out‘ rather than add on mitigating
controls/measures. In the various attempts to achieve ALARP one should be
cautious and not over-complicate:
equipment and process control/shutdown system designs,
procedures for systems and processes, and
personnel training and qualification criteria.
Specifically for projects, ALARP should be pursued with risk reduction measures that
have obvious, clear and measurable effects on the estimated risk level. Application
of these measures may initially appear expensive but should have preference over
combinations or multitudes of measures which, albeit easier and at less cost from a
project perspective, have obscure effects or require significant
operations/maintenance effort in the medium/long term. In addition to the long term
cost liability, there is the danger that some of these overlapping measures become
neglected with time and possibly excessive reliance is put on what are deemed to be
the key risk reduction measures.
Where quantitative risk assessment is used, then the costs of the various options
can be compared with the respective risks. In qualitative analysis, ALARP is
established using standards, legislative requirements and judgement based on
evaluation of measures to avert loss of life requires ‗Valuation of life‘ for which
different figures have been used by various industries and countries.
QP does not specify a common ‗Valuation of life‘ criterion which is to be applied
throughout QP. It will be acceptable to use British Health & Safety Executive (UK
HSE), or individual entity defining appropriate criteria, which match industry
standards as pertaining to their specific business. A significant consideration in this
is the QP expectation that QP Businesses / Functions / Directorates should
continually improve their performance towards meeting or exceeding their particular
industry benchmarks, standards and expectations.
10.0 RESPONSIBILITIES
Ultimate responsibility for effective management of HSE risks rests with the
executive management. The leadership should ensure that HSE risk management is
fully integrated across the organisation and into all its activities. Line management in
Businesses, Functions and Business Units (Regions, Directorates and Departments,
Projects, etc.) has the responsibility to implement this philosophy.
region. Corporate HSE Manager, in consultation and association with the Directors,
shall designate the Regional HSE Risk Management Teams – one each for
Mesaieed, Ras Laffan, Offshore, Dukhan and Doha with one of the members of the
team as leader. Their responsibilities shall include the following:
Team leaders to represent the region on the corporate HSE Risk Management
Steering Committee.
Facilitate and support implementation and maintenance of an appropriate HSE
Risk Management system for the QP entity.
Ensure that adequate auditing resources are identified and appropriate HSE RM
audits are completed, as per HSE RM Audit Program.
Review, analyse and trend the audit results from entity level HSE risk
management auditing process and propose interventions for improvement
Coordinate and support corporate level HSE risk management process audits.
Coordinate HSE RM information exchanges through HSE Risk Management,
Corporate HSE Support.
Corporate HSE Risk Management group through Manager, Corporate HSE Support,
shall present a QP wide summary status report to executive management every six
months.
11.2 HSE RISK REGISTER
Various Safety studies and Risk/Impact assessments will generate large amounts of
information, both quantitative and qualitative, that must be systematically recorded.
Wherever possible, an electronic database shall be used for recording the
information. The advantage of using such a database is that the data can be readily
retrieved or reported.
A HSE Risk Register is a management tool that enables the user to manage and
present Risk Assessment information. This is a consolidated repository for risk
information across all areas of activity and various phases of the assets.
In order to instill an effective and structured integrated process for the management
of HSE risks, an HSE Risk Register is a logical starting point. For a QP entity, HSE
Risk Register shall be unique. However, the information recorded may be linked to
QP wide corporate HSE risk register, in a formal and structured manner. This will be
a corporate repository and will assist in management demonstration of HSE risk
control. The HSE Risk Registers will serve as a useful internal communication and
management tool. HSE Risk Registers will also be useful for training and education
of operators, engineers and maintenance personnel.
11.3 HSE RISK REGISTER REQUIREMENTS
Every QP entity shall prepare and maintain an up-to-date HSE Risk register. In
operating assets, an HSE Risk Register may be prepared from inputs of Risk
Assessment work, from Audits and from incident investigations, recorded in
whatever existing formats. Recently published corporate Guidelines for recording
Hazards & Effects (QP-GDL-S-050) requires recording of output of related safety
studies in Hazards & Effects register. Relevant details from Hazards & Effects
register will be linked to HSE Risk Register.
An example of the HSE Risk Register is appended in Appendix II.
The HSE Risk Register for each entity shall be prepared by the members of
respective HSE Risk Management workgroup. The same shall be reviewed by the
HSE Risk Management workgroup and signed-off by its leader, before being finally
approved and signed-off by the respective Manager. The register shall be updated
as and when significant Risk Assessment results are to be incorporated. However
the maximum periodicity shall be two years.
The updated & current version of the HSE Risk register shall be kept as a controlled
copy with the entity‘s HSE Risk Management workgroup leader and concerned
Manager. A secondary copy shall be given to the HSE Risk management group in
Corporate HSE Support by the respective approving authority.
11.4 MONITORING & TRACKING OF HSE RISKS & RECOMMENDATIONS
The HSE Risk Register of a QP entity provides line managers with a high level
overview of the entities‘ risk status at a particular point in time and becomes a
dynamic tool to monitor and track risks, risk controls, actions to be taken and
residual risk.
This shall form the basis for management information on HSE Risks and regular
summary reporting to Leadership / Executive Management. It shall provide HSE Risk
Management workgroups with a mechanism & tool for tracking and monitoring risks
and risk controls.
Corporate HSE Risk management group shall also monitor and track status of critical
recommendations at a six monthly periodicity. Corporate HSE Support shall provide
a status report to Executive Management, through Corporate HSE Risk management
group, at a six monthly periodicity.
12.0 APPENDICES
12.1 APPENDIX I : TABLE 2 GUIDANCE ON SELECTION OF TOOLS
Qualitative Assessment/
Stage
Activities undertaken or
overseen by QP Directorates
and Departments
Project Initiation
Concept Definition
(Feasibility studies and
concept optimization)
Projects
Engineering definition
(FEED)
Update Update QRA
Implementation (EPIC) HAZOP
HAZOP on
Start-up startup
procedures
QP Risk Assessment Requirements
Routine activities
Non-routine / hazardous or
critical activities
Plant Changes
Audits
Acquisition
New
Acquisitions
Decommissioning,
dismantling and removal
LEGEND
QP requirement and/or is specified in QP Corporate documentation as "Mandatory"
Applicable, specified in Corporate documentation as "If Applicable"
Not Applicable, specified in QP Corporate documentation as "Not Applicable"
Medium Low
3.0 Health
3.1
Medium Low
Note:
The revision history log shall be updated with each revision of the document. It shall
contain a written audit trail of the reason(s) why the changes/amendments have occurred,
what the changes/amendments were and the date at which the changes/amendments
were made.