become increasingly complex and potentially very dangerous if not managed correctly.

58MARCH 2013 | HydrocarbonProcessing.com

Safety Developments

significant failing in just one critical barrier may be sufficient to give rise to a major accident. Continuously measuring and monitoring the actual real-time performance of these safety barriers ensures that operational integrity is not compromised due to degradation of barriers.

Leading and lagging indicators are set in a structured and systematic way for each critical risk-control system within the whole PSM system. In tandem, they act as system guardians, providing dual assurance to confirm that the risk-control sys- tem is operating as intended or providing a warning that prob- lems are starting to develop.

Leading indicators are an active monitoring form focused

on a few critical risk-control systems to ensure continued effec- tiveness. Leading indicators require a routine systematic check that key actions or activities are undertaken as intended. They can be considered as measures of process or inputs essential to deliver the desired safety outcome. The leading indicators iden- tify failings or “holes” in vital aspects discovered during routine checks on the operation of a critical activity within the risk- control system.

Lagging indicators are reactive monitoring methods re-

quiring the reporting and investigation of specific incidents and events to discover weaknesses within that system. These incidents or events do not have to result in major damage or injury or even loss of containment, providing they represent a failure of a significant control system that guards against or limits the consequences of a major incident. Lagging indicators show when a desired safety outcome has failed or has not been achieved. The lagging indicator reveals failings or “holes” in that barrier discovered following an incident or adverse event. The incident does not necessarily have to result in injury or environmental damage, and it can be a near miss, a precursor event or an undesired outcome attributable to a failing in that risk-control system.

Several organizations and standards recommend applying leading and lagging metrics to understand the quality of the PSM system. Several examples are:

• ISA 84.00.04—Recommended Practices for Guidelines for the

Implementation of ANSI/ISA-84.00.01-2004 (IEC 61511 Mod)

• CCPS

TABLE 1. Operator training simulator potential benefi ts

Potential PSM benefi ts

Assumptions Value estimates

Maximum sustainable daily rate (bpd) = 100,000 Margin ($/bbl) = $5 Notes Potential, $ Annual probability, % Actual cash, $ Benefi t type Loss avoidance 1. Catastrophic loss $39,860 4% $1,594

Human life 1 death + 5 serious injuries $20,000

Cleanup $660

Compensation to local businesses $200

Fines Punitive environmental fi ne $1,000

Equipment replacement 1 heater destroyed

Damage to 2 adjacent heaters Damage to reactor

Catalyst losses

$4,000

Loss of earnings 20,000 BPD of gasoline for 3 months $9,000

2. Reputation $7,513 4% $301

Loss of sales 5% of 70,000 bpd of fuel sales for 1 year $6,388

Hiring and retaining staff 3% Loss of total staff of 1,500 employees; Hiring Cost = $25,000/new employee

$1,125

3. License to operate $3,190 4% $128

Safety Additional sensors and safeguards; updated

HAZOP; revised ESD logic; additonal bunding

$2,690

Environmental Automated reporting system $500

Loss avoidance subtotal $50,563 $2,023

Improved economic performance

Productivity benefi ts 0.5% increase in output due to: $825 100% $825 Shorter startups

Fewer unplanned shutdowns Faster grade/throughput changes Better handling of process disturbances

Hydrocarbon Processing | MARCH 2013 59

Safety Developments

• The Energy Institute (EI), formerly known as the Petro- leum Institute.

The common theme of these metrics is applying key per- formance indicators (KPIs) generated from the management of the process/functional safety equipment and the people and processes that are used in terms of their competence, leader- ship and risk-management capabilities.

For example, the EI has published a Process Safety Manage-

ment framework, developed by the energy industry, for use by

various industry sectors.6 _{The framework is intended to be ap-}

plicable worldwide, to all process industries such as power, pe- troleum, chemicals, refining, etc. The framework encapsulates learning from people with practical experience of developing and implementing PSM as part of an integrated management system. It clearly sets out what needs to be done to ensure the integrity of the operation and define what measures should be in place and how they are performing. Note: It is not intended to replace existing process safety or health, safety and environ- mental (HSE) management systems.

The EI’s framework consists of three levels: focus areas, ele- ments and expectations. The focus areas set out the high-level components of the PSM framework. Within each of the focus areas are a number of elements. Each element contains expec- tations defining what organizations need to do properly to meet the intent of each element. Details for EI’s PSM elements set four key operating aspects that organizations should do to ensure the integrity of the operations:

• Process safety leadership

0 Leadership commitment and responsibility

0 Identification and compliance with legislation and in- dustry standards

0 Employee selection, placement, competency and health assurance

0 Workforce involvement

0 Communication with stakeholders

• Risk identification and assessment

0 Hazard identification and risk assessment

0 Documentation, records and knowledge management

• Risk management

0 Operating manuals and procedures

0 Process and operational status monitoring, and handover 0 Management of operational interfaces

0 Standards and practices

0 Management of change and project management 0 Operational readiness and process startup 0 Emergency preparedness

0 Inspection and maintenance

0 Management of safety-critical devices

0 Work control, permit to work and task risk management 0 Contractor and supplier, selection and management

• Review and improvement

0 Incident reporting and investigation

0 Audit, assurance, management review and intervention.

FIG. 4 shows the proposed PSM framework—based on in-

dustry guidelines—and the associated components of a well- designed PSM system to enable real-time measurement and monitoring of a plant’s risk profile. It provides actionable infor-

Customer self assessment Solution design Corporate and site management Operations, maintenance and engineering Dashboards leading and lagging KPIs

Safety performance indicator calc. engine Industry

guidelines Integrated information and workflow platform

PSM support applications/solutions Solution implementation _Servic es Soft war e PSM fr amew ork

FIG. 4. PSM framework and components.

Complacency Process plant PSM Key performance Designed risk +–

FIG. 5. PSM control loop.

Plant

SPI Asset risk LOE KPI Asset risk LOPs KPIs

FIG. 7. Plant-safety model with KPIs and SPI.

Plant 1

KPI framework LOE 1

LOP LOP LOP LOP LOPs

LOE 2

Plant 2 Plant 3

60MARCH 2013 | HydrocarbonProcessing.com

Safety Developments

mation that can be used to prevent catastrophic events. Where an organization has an existing HSE or PSM system, it may be useful to benchmark against the framework or to carry out a risk assessment vs. the expectations of each element and identi- fy any aspects of the existing system that may need enhancing. Implementing such a PSM system establishes the founda- tion of a PSM “control loop.” FIG. 5 _{illustrates such a control}

loop to prevent complacency from increasing the probability of a catastrophic event due to plant personnel ignoring leading and lagging indicators about degradation of protection levels provided by risk-control loops.

During plant operations, systems are modified to adapt to the changing system needs. Systems and procedures can deteri- orate over time, and system failures discovered following a ma- jor incident frequently surprise senior managers, who sincerely believed that the controls were functioning as designed. Used

effectively, process safety KPIs can provide an early warning that critical controls have deteriorated to an unacceptable level.

Measuring performance to assess how effectively risks are being controlled is an essential part of an HSE system. This can be accomplished in two ways:

• Active monitoring. It provides feedback on perfor-

mance before an accident or incident

• Reactive monitoring. It involves identifying and re-

porting on incidents to check that the controls in place are ad- equate, to identify weaknesses or gaps in control systems and to learn from mistakes.

SPIs and incremental value-at-risk. After a set of KPIs

have been adopted, the asset owner’s management is respon- sible for monitoring these KPIs and responding to deviations from their baselines. At higher management levels, the rel- evance of the KPIs associated with managing plant equipment can be lost. Therefore, it becomes necessary to translate the individual equipment level KPIs and their business impact into plant-level safety performance indicators and its business im- pact. This concept can be extended to any number of facilities enabling upper management to understand the quality of PSM across the enterprise.

Using the individual equipment KPIs, a new approach allows an asset owner to understand the overall safety state of the plant and its economic impact on the business. In addition, this ap- proach is tied to the existing LOPA and financial impact analysis. KPI metrics are gathered based on the asset owner’s manage- ment of the plant equipment, capability of employees and pro- cesses followed to manage process safety. Typically, 10–20 key metrics can be covered and include 1) management of safety-re- lated equipment (e.g., completion of periodic field-device proof tests associated with a distillation column), 2) competence of plant personnel (e.g., their level of training and skills testing), 3) adherence to established procedures (e.g., near-miss inves- tigations) and 4) leadership (e.g., involvement of leadership in periodic, formal safety reviews). These metrics can originate from management based on the layers of protection (LOPs) as- sociated with the different lines of equipment, from at a LOP level (e.g., SIS) or at the line of equipment level (leadership).

The safety performance indicator (SPI) is an aggregation of the individual KPIs into a single number. The SPI can be calculated at the equip- ment level (equipment SPI) and at the plant level. FIG. 6 illustrates the owner

safety model for an enterprise’s global assets. This model can consist of plants distributed over different geographic re- gions. A plant is decomposed into lines of equipment (LOE), which have LOPs associated with the plant-safety model, as shown in FIG. 7.

Underlying the plant-safety model is a safety related KPI framework; it addresses the management of process safety related to plant equipment, business processes, and procedures used to manage the equip- ment and the capabilities of employees applying these processes and procedures.

Corporate

In document Hydrocarbon Processing 03 2012 (Page 62-65)