HySafe Wiki | BRHS / Risk Assessment Methodologies

Status: Risk assessment methodologies are in principle applicable to any object or activity. Risk assessment methodologies are frequently applied for risk assessment of flammable gas applications, though there are not many examples of specific hydrogen studies so far.

Risk Assessment studies should preferably be undertaken by multidisciplinary teams, all though the effort should be in proportion to the risk being assessed. There are several risk assessment methods available, and one should select the method most applicable to the object analysed and the purpose of the assessment.

Risk assessment process:

The risk assessment process is an iterative process, as shown in the figure below: The risk is assessed, as well as the effect of risk reduction measures, until the risk inflicted by the system assessed (with implemented risk reduction measures) is evaluated as tolerable.

Fig 1: Risk assessment process

But even when the assessed risk is evaluated as tolerable, the risk assessment process is not finished. The society’s safety objectives and even an enterprise’s safety objectives are more ambitious than maintaining the risk at a fixed level: risk assessment and risk reduction is also an iterative process through time. Indeed, change in state of the art enabling further risk reduction will eventually lower the level of tolerable risk. Besides, new knowledge about the hazards evaluated may also render risk assessments obsolete.

Hazard identification methodologies

The hazard identification is the initial step in risk assessment, and thorough hazard identification is of indisputable importance to the worth of the risk assessment. The purpose of the hazard identification is to identify all hazards of relevance. Each hazard should be described in terms of accident(s) it may lead to. In order to identify the hazards which may arise, a systematic review should be made of technical as well as operational conditions which may influence the risk. Historical records and experience from previous risk analysis do provide a useful input to the hazard identification process. Examples of this type of methodology are checklists, hazard indices and review of historical occurrences.

The hazard identification should not only consider the initial events, but also include the chain of events causing local and remote impairment, loss or damage.

Hazard identification of a particular system, facility or activity may yield a very large number of potential accidental events and it may not always be feasible to subject each one to detailed quantitative analysis. In practice, hazard identification is a screening process where events with low or trivial risks are dropped from further consideration. However, the justification for the events not studied in detail should be given. Quantification is then concentrated on the events which will give rise to higher levels of risk.

Fundamental methods such as Hazard and Operability (HAZOP) studies, Fault trees, Event tree logic diagrams and Failure Mode and Effect Analysis (FMEA) are tools which can be used to identify the hazards and assess the criticality of possible outcomes. These methods also have the advantage of being sufficiently general for use on hydrogen facilities without specific adaptation.

The HAZOP technique consists of the application of a formal systematic detailed examination of the process and engineering intention of new or existing facilities to assess the hazard potential of operation outside the design intention or malfunction of individual items of equipment and their consequential effects on the facility as a whole. The technique is to divide the process into natural sub-section and use a set of guidewords to identify possible deviations with hazardous potential. The technique is well suitable for hydrogen applications, especially for the more complex systems.

The Failure Mode and Effects Analysis (FMEA) is a qualitative technique for systematically analysing each possible failure mode within a system, and identifying the resulting effect on that system, the mission and people. FMEA is highly suitable for reliability assessment and can e.g. be used for in depth study of a critical part of a system. The FMEA may be extended with a criticality analysis (CA); a quantitative procedure which ranks failure modes according to their probability and consequences (i.e. the resulting effect of the failure mode on system, mission or personnel) and is then named a Failure Mode and Effects Criticality Analysis (FMECA).

The FMEA and FMECA, were originally developed by the NASA as a means of assuring that hardware built for space applications had the desired reliability characteristics. In the offshore industry FMEA and FMECA have been increasingly utilised during the last years. FMECA was also used in the European Integrated Hydrogen Project (EIHP2) for development of guidelines for inspection and maintenance of hydrogen applications.

The initial step of an FMEA is a functional description of the system and the division of the system into subsystems and items. Each item is given an identification code. For each item the purpose/function of the item is then described, and possible failure modes are listed and analysed with respect to causes and possible consequences. Means for detection of failure modes and mitigation/repair are also analysed.

Risk analysis methodologies

The risk assessment tasks will depend on the purpose of the risk assessment. The risk assessment will normally involve a comparison of a calculated risk level with criteria for acceptable risk level. The acceptable or tolerable risk level would be based on the enterprise's own safety standards and/or risk criteria established by the authorities. The risk assessment may also include comparison of alternative designs or activity plans.

If the risk is not controlled (acceptance criteria are not met) or the objective is to reduce the risk further to a level as low as reasonably practicable (ALARP), options of risk reducing measures should be addressed and their desirable effect should be estimated. This should indeed be a multidisciplinary exercise, preferably involving people responsible for (future) operation of the object evaluated. The process of the risk assessment includes thus a re-evaluation of the risks and of risk reduction measures based on cost-benefit analysis.

If the risk is controlled and the acceptance criteria are met, the chosen concept including the assumptions might be acceptable, but not the optimum from a cost-benefit point of view. In order to optimise the design, sensitivity calculations may be carried out.

Risk analysis methodologies are often grouped into three categories: qualitative, deterministic and probabilistic. A qualitative analysis will normally characterise hazards with respect to likelihood and severity of consequences without quantification. A deterministic analysis will quantify the consequences of the most severe event possible, while the probabilistic analysis will quantify the probability and consequences of different scenarios developing from the possible initial events. The probabilistic analysis, also called quantitative risk analysis, is further described in Ch 4.4.

The qualitative analysis will normally include an element of rough quantification though, and the deterministic analysis will also have an element of probability evaluation involved in determination of which events are possible. The detailing level of the analysis will primarily depend on the anticipated risk, the knowledge of the system analysed and of the quality of data and models available. Indeed, a comprehensive and detailed analysis based on limited information, poor data or inadequate models would be a waste of resources.

Rapid Risk Ranking [5] is a semi-quantitative risk analysis methodology adapted for hydrogen applications in the European Integrated Hydrogen Project (EIHP2). The method involves elements of quantification for both likelihood and consequences, but the effort is focused on the most severe consequences, as well as the most likely outcomes of the initial events analysed. The risk is then presented visually in a way that facilitates risk evaluation and comparison of different applications/plants/installations analysed.

<< Definitions and Risk Assessment Principles | Content | Accident Database, Failure Rate Database >>