Chemical Process HAZOP and

Risk Analysis (CHE 4413)

CLO 5 - Probability and frequency

data in risk analysis.

1
 Probability and Frequency Data in Risk Analysis
1. Review of Probability Theory: mathematics of
equipment failure
2. Event and Fault Tree: probabilistic methods
3. QRA (Quantitative Risk Analysis)
4. LOPA ( Layer Of Protection risk Analysis)

2
 Probability and Frequency Data in Risk Analysis
1. Review of probability theory: mathematics of
equipment failure
 Reliability (No failure)
 Unreliability (Failure Probability)
 Mean time between failures (MTBF)

3
 1) Probability Theory
• Equipment failures or faults in a process is result of a
complex interaction between the individual
components.
• The overall probability of failure depends on the nature
of this interaction.
• Data are collected on the failure of a particular
hardware component.
• This is called the average failure rate µ (faults/time).

4
 Probability
Theory
(continued)

• Example process
components and
their failure rate
are show in the
table:
5
 Probability Theory (continued)
• Average failure rate is µ (faults/time).
• The probability that the component will not fail during
the time interval (0, t) is given by a Poisson distribution:
(1) as t →α, R → 0
where R is the reliability, µ is the failure rate and t is time

• The speed at which this occurs depends on the value of

the failure rate µ.
• The higher the failure rate, the faster the reliability
decreases. 6
 Probability Theory (continued)
• The complement of the reliability is called the failure
probability P (or sometimes the unreliability) and it is
given by: (2)
• Failure density function (3)
• Area under the complete failure density function is 1.
• The failure density function is used to determine the
probability P of at least one failure in the time period.

7
 Probability Theory (continued)
• The time interval between two failures of the
component is called the mean time between failures
(MTBF) and is given by the first moment of the failure
density function: (4)
• Accidents in chemical plants are usually the result of a
complicated interaction of a number of process
components.
• The overall process failure probability is computed from
the individual component probabilities.
8
 Probability Theory (continued)
• The previous equations are valid only for a constant
failure rate µ.
• Many components exhibit a typical bathtub failure rate.
• The failure rate is highest when the component is new
(infant mortality) and when it is old (old age).
• Between these two

periods the failure rate

is reasonably constant
and equations are valid. 9
 Components in Parallel  Components in Series
• Any one of these • If any one of these components
components is enough for fail the system will fail.
the system to work.

• All these components have to

work for the system to work.

• Unlikely all these

components will fail in the
same time
10
 Probability Theory (continued)
• Process components interact in to different patterns.
• In some cases a process failure requires the
simultaneous failure of a number of components in
parallel.
• The P for the parallel system can be calculated using:
(5)
where n is the total number of components,
Pi is the failure probability of each components
• For components in parallel: (6)

11
 Probability Theory (continued)
• For components in series (one fail all fail):
(7)
• The overall failure probability (8)
• Example: Given handout (Safety System in a chemical
reactor)

ForStudents_Safet
y System in a chemical r
12
13
 QRA and LOPA
• What is risk?
• What is Quantitative risk analysis (QRA) and its steps?
• What is Layer of protection analysis (LOPA) and its
steps?
• Graphical representation of risk:
• Decision

14
 QRA and LOPA (continued)
• Risk is the product of:
 The probability of a release

 The probability of exposure and

 The consequences of the exposure

• Risk is usually

described graphically.
• All companies decide their levels of acceptable risk and
unacceptable risk.

15
 QRA and LOPA (continued)
• The actual risk of a process or plant is usually
determined using:
 Quantitative risk analysis (QRA) or
 Layer of protection analysis (LOPA).
• Other methods are sometimes used: however, QRA and
LOPA are the methods that are most common.
• In both methods, the frequency of the release is
determined using a combination of event trees, fault
trees or an appropriate adaptation.
16
 Relationship Between QRA and LOPA
• In general the relationship between QRA and LOPA is
that:
 They both are quantitative methods.
 QRA is a relatively complex quantitative procedure
that requires expertise and a substantial commitment
of resources and time.
 LOPA is a semi-quantitative technique for analysing
risk and it involves simplified methods to characterize
the consequences and estimate their frequencies.
17
 QRA (Quantitative Risk Analysis)
• QRA is a quantitative method that identifies where
operations, engineering or management systems can be
modified to reduce risk.
• The complexity of a QRA depends on the objectives of
the study and the available information.
• QRA is best to be used at the beginning of the project
(conceptual review and design phases) and are
maintained throughout the facility's life cycle.

18
 QRA (continued)
• The QRA method is designed to provide managers with
a tool to help them evaluate the overall risk of a
process.
• QRAs are used to evaluate potential risks when
qualitative methods can’t provide an adequate
understanding of risks.
• QRA is especially effective for evaluating alternative risk
reduction strategies.

19
 QRA (continued)
• The major steps of a QRA study include:
1. Defining the potential event sequences and potential
incidents,
2. Evaluating the incident consequences (typical tools for
this step include dispersion and fire and explosion
modelling),
3. Estimating the potential incident frequencies using event
trees and fault trees,
4. Estimating the incident impacts on people, environment
and property and
5. Estimating the risk by combining the impacts and
frequencies and recording the risk using a graph. 20
 QRA (continued)
• In general, QRA is a relatively complex procedure that
requires expertise and a substantial commitment of
resources and time.
• In some instances this complexity may not be
warranted; then the application of LOPA methods may
be more appropriate.

21
 LOPA (Layer of protection analysis)
• LOPA is a semi-quantitative technique for analysing and
assessing risk.
• It involves simplified methods to characterize the
consequences and estimate their frequencies.
• LOPA methodology is based on the assumption of
independence.
• Different layers of protection are added to lower the
frequency of the undesired consequences.

22
 LOPA (Layer of protection analysis)
• The protection layers may include: (See Figure on slide 26)
 Inherently safer concepts,
 Basic process control systems,
 Safety instrumented functions,
 Passive devices, such as dikes or blast walls,
 Active devices, such as relief valves and
 Human intervention.
• The combine effects of the protection layers and the
consequences are then compared against some risk
tolerant criteria. 23
 LOPA (continued)
• In LOPA,
 Consequences and effects are approximated by categories,
 Frequencies are estimated and
 Effectiveness of the protection layers is also approximated.
• The approximate values and categories are selected to
provide conservative results.
• Thus the results of a LOPA should always be more
conservative than those from a QRA.
• If the LOPA results are unsatisfactory or if there is any
uncertainty in the results, then a full QRA may be
justified. 24
 LOPA (continued)
• Important terms in a LOPA:

1. PFD* = (Probability of failure on demand) of the

protection layer (if it exists)
2. IPL = (Individual Protective layer):
 See and understand the explanation in your handout.

3. Scenario:
scenario = one cause  one consequence
 See and understand the explanation in your handout.
25
 LOPA (continued)
• Individual companies use different criteria to establish the
boundary between acceptable and unacceptable risk.
• The criteria may include:
 Frequency of fatalities
 Frequency of fires
 Maximum frequency of a specific category of a
consequence and
 Required number of independent layers of protection for
a specific consequence category.
• In summary the primary purpose of LOPA is to determine
whether there are sufficient layers of protection against a
specific accident scenario. 26
LOPA (continued)
• Layers of
protection to
lower the
frequency of a
specific accident
• Given LOPA
handout: Make
sure you
understand the
LOPA handout
Clearly.

LOPA_studentHa
ndout 27
 LOPA (continued)

Process
Hazards

Protective Layers 1, 2 and 3

28
 LOPA (continued)

Process
Hazards

Protective Layers 1, 2 and 3

29
 LOPA (continued)

Process
Hazards

Protective Layers 1, 2 and 3

30
 LOPA (continued)

Process
Hazards

Protective Layers 1, 2 and 3

31
 LOPA (continued)
• As illustrated in Figure , many types of protective layers
are possible.
• Figure does not include all possible layers of protection.
• A scenario may require one or many layers of
protection, depending on the process complexity and
potential severity of an accident.
• Note that for a given scenario only one layer must work
successfully for the consequence to be prevented.
• Because no layer is perfectly effective, however,
sufficient layers must be added to the process to reduce
the risk to an acceptable level. 32
 LOPA (continued)
The major steps of a LOPA study include:
1. Identifying a single consequence.
2. Identifying an accident scenario and cause associated with
the consequence (the scenario consists of a single cause-
consequence pair, this means: scenario=one
cause  one consequence).
3. Identifying the initiating event for the scenario and
estimating the initiating event frequency ().
4. Identifying the protection layers available for this
particular consequence and estimating the probability of
failure on demand (PFD) for each individual protection
layer (IPL). That is finding ∏PFD. 33
 LOPA (continued)
5. combining the initiating event frequency () with the
probabilities of failure on demand (PFD) for the
independent protection layers to estimate a mitigated
consequence frequency for this initiating event ().
6. Plotting the consequence versus the consequence
frequency to estimate the risk (the risk is usually shown in
a figure similar to the one shown before) and
7. Evaluating the risk for acceptability (if unacceptable,
additional layers of protection are required ).
The process is repeated for other consequences and
scenarios. A number of variations on this procedure are 34
 LOPA (continued)
PFD important note:
It is important to note that if no other information is
given about the type of IPL (or name of IPL) then use a
PFD of 10-2 because in general, but not all the time, the
PFD is usually 10-2 .

35
 LOPA (continued)
• Before explaining the steps we need to introduce the
equation for the frequency of the consequence of a
specific scenario end point (see handout also):
i
Normal failure f i C  f i I x  PFDij Protection layer
j 1
benefit to reduce fiC
 fiC is the consequence frequency for an initiating event i.
 fiI is the initiating event frequency for the initiating event i.
 PFDij is the probability of failure on demand of the j th IPL
that protects against the specific consequence and the
specific initiating event i.
 The PFD is usually 10-2 if no information is given about
what the ILP is.
36
 LOPA (continued)
i
f i  f i x  PFDij
C I

j 1

Steps explanation: see below and Handout given: LOPA Study

1. Identifying a single consequence: We will use the semi-
quantitative approach (Table 11-2 in your handout).
2. Identifying an accident and cause associated with the
consequence (See handout 2nd page under Consequence)
3. Estimate the initiating event frequency (fiI) using Table 11-3
4. Estimate the probability of failure on demand (PFD) using
tables 11-4 or 11-5
5. Calculating fiC from the above formula
6. Plot the consequence versus the consequence frequency
37
7. Evaluating the risk for acceptability
 LOPA (continued)
Important Note:
• When there are multiple scenarios with the same
consequence, each scenario is evaluated individually
i
using Equation;
f i  f i x  PFDij
C I

j 1

• then the frequency of the consequence is subsequently

determined using; I
f   fi
C C

i 1

38
 Frequency Notes
• In calculations, make sure you know the difference between:
 Frequency (f), Consequence frequency (f c), Initiating event frequency (f I)
• If necessary make sure to adjust the frequency to include the
demand as follows: (see LOPA handout 2nd page): BE VERY
CAREFUL HERE: after determining the failure frequency of the
initiating event, you may have two different possible adjustments
to make:
1. Adjust the frequency to include the demand. Example: If a
reactor is only used 1 month in a year (i.e. 1/12 of the year),
divide the failure frequency by 12. If used 3 times in the year
then what?
2. Frequencies are adjusted (reduced) per preventative
maintenance. Example: if a control system is given preventive
maintenance 4 times each year, then its failure frequency is
divided by 4.
39
 LOPA EXAMPLES
1. Determine the consequence frequency for a cooling
water failure if the system is designed with two IPLs.
The individual protection layers are human interaction
with about 10 min response time and a basic process
control system (BPCS).
2. If an atmospheric tank has a failure frequency of 0.001
(from table 11-3). What will be the frequency if the
atmospheric tank is only used 1 month per year?
3. If an atmospheric tank has a failure frequency of 0.001
(from table 11-3). What will be the frequency if the
atmospheric tank is given preventative maintenance 4
times each year? 40
LOPA Assignment

END

41