TITLE THE ROLE OF TECHNICAL AUTHORITY IN MANAGING ASSET INTEGRITY By EMMANUEL MBATA B.Tech. Physics/Electronics Technology A dissertation submitted in partial fulfilment of the requirements of the award of Master of Science in Safety and Reliability Engineering at the University of Aberdeen September, 2013
DECLARATION I EMMANUEL MBATA declare that the presented and submitted work is my original work and has not been submitted for any other degree award to any University. i
ACKNOWLEDGEMENT I am most grateful to my supervisor Dr H. Tan for his kind words of encouragement, constructive feedbacks and support throughout this research. Most especially I want to thank you for your patience and understanding. My sincere appreciation to OPITO for the great opportunity granted me through the Piper Alpha Memorial Scholarship. My profound gratitude goes to Bruce Lawson for taking out time from your busy work schedule to guide me through this project work. I want to say a big thank you to Les Linklater (Team leader Step Change in Safety), Emily Taylor and Dr Gillian Simpson for your support and all the help rendered. I am sorry for all the inconveniences caused. The Asset Integrity Steering Group of Step Change in Safety for helping me ensure that the questionnaires where answered. I would also like to use this opportunity to thank Bob Taylor and Valerie Wilson for their valuable contribution to this work. To my Parents Mr & Mrs Robert Mbata, you are the best, thank you for going the extra mile to ensure that I do my Master s degree. To my family, friends and loved ones, thank you so much for your help, understanding and encouragement through it all. Most especially, I am grateful to God. ii
ABSTRACT The offshore oil and gas industry on the UK Continental Shelf (UKCS) is a dynamic and mature production area with an ageing infrastructure. Past and more recent accidents have alerted the oil and gas industry of the need to manage their assets and control the risks associated with production operations from design to abandonment. Asset integrity is the fitness of an asset to be operated as intended in an effective and efficient way with an acceptable risk of failure, and asset integrity management ensures that the people, systems, processes and resources that deliver integrity are available, functional and reliable over the whole life cycle of the asset. Essential for the integrity of an asset are the safety critical elements. These are components, systems (including computer programs) whose purpose is to control, prevent or mitigate major accident hazards, and whose failure can lead to or contribute substantially to a major accident. Ensuring the functionality, availability, survivability and reliability of the safety critical elements as offshore asset continually age is essential for an effective asset integrity management. This responsibility lies with the Technical Authorities who acts as backstop against continuous use of degraded safety critical elements. The main objective of this research is to understand the current implementations of the Technical Authority s role within operating companies in the UKCS via a questionnaire and the definition of key roles going forward. The findings of the research highlighted the strengthening of the Technical Authority s role within operating companies and provide an insight into their functions, roles and how they manage the integrity of assets. The key roles identified in this research to be performed by Technical Authority s going forward includes definition of performance standards for safety critical elements, ensuring the safety critical elements meets the defined performance standards, manage maintenance deferral of safety critical elements, review deviations from the defined performance standard, involve in accident/incident investigations and carry out reviews and audit activities as required. This will ensure the continuous fitness for purpose of the safety critical elements. iii
TABLE OF CONTENT DECLARATION... i ACKNOWLEDGEMENT... ii ABSTRACT... iii LIST OF FIGURES... vii LIST OF ABREVIATIONS... viii 1 INTRODUCTION... 1 1.1 Background... 1 1.2 Aims and Objectives... 2 2 LITERATURE REVIEW... 3 2.1 Introduction... 3 2.2 ASSET INTEGRITY MANAGEMENT (AIM)... 3 2.3 Asset Life Cycle... 4 2.3.1 Plan/Design Phase... 5 2.3.2 Construction Phase... 6 2.3.3 Commissioning Phase... 6 2.3.4 Operations Phase... 6 2.3.5 Decommissioning Phase... 7 2.4 Asset Integrity Elements... 7 2.4.1 Mechanical Integrity... 8 2.4.2 Operational Integrity... 8 2.4.3 Personnel Integrity... 8 2.5 Description of the Elements and the Intended Purposes... 9 2.5.1 Management of Change... 9 2.5.2 Assessment and Continuous Improvements... 10 2.5.3 Ownership and Accountability... 10 2.5.4 Asset register... 11 2.5.5 Risk Management and Hazard Evaluation... 11 2.5.6 Protective Systems... 11 2.5.7 Facilities Design and Construction... 12 2.5.8 Operation and Maintenance... 12 2.5.9 Incident/Accident Investigation and Prevention... 13 2.5.10 Leadership... 13 iv
2.5.11 Competency/Skills Assurance... 13 2.5.12 Emergency Management... 14 2.6 Risk based approach... 15 2.6.1 Risk Base Inspection (RBI)... 15 2.6.2 Reliability Based Maintenance (RBM)... 15 2.7 Safety Critical Element (SCE), Major Accident Hazard (MAH), Risk Based Inspections (RBI) and Performance Standard (PS)... 16 2.7.1 Safety Critical Element (SCE)... 16 2.7.2 Risk Based Inspections (RBI)... 19 2.7.2.1 RBI Process... 20 2.7.2.2 Risk Assessment Process... 20 2.7.2.3 Hazard Identification... 21 2.7.2.4 Frequency Assessment... 21 2.7.2.5 Consequence Assessment... 21 2.7.2.6 Risk Evaluation... 21 2.7.2.7 Action Forward... 25 2.8 Major Accident Hazards (MAH)... 25 2.9 Performance Standard (PS)... 26 2.9.1 Integrity Assurance... 27 2.9.2 Verification... 27 2.10 RBI, MAH, SCE and PS Loop... 28 3 METHODOLOGY... 30 3.1 Population and Sampling... 31 3.2 Data Collection Method... 31 3.2.1 Pilot Interview... 31 3.2.2 Questionnaire... 31 3.2.3 Unstructured Interview... 32 3.3 Data Analysis Method... 32 3.4 Research Ethics and Limitations... 33 3.4.1 Research Ethics... 33 3.4.2 Limitations... 33 4 DATA ANALYSIS AND DISCUSSION... 35 4.1 The Questionnaire... 35 4.1.1 The Organisations... 36 v
4.1.2 TA Standard/Framework... 37 4.1.2.1 TA Disciplines... 39 4.1.3 TA Role Definition and Organisational Approach... 42 4.1.3.1 Review and Audit... 44 4.1.3.2 Risk Assessments... 45 4.1.3.3 Defines Regional Technical Standard... 45 4.1.3.4 Endorse waiver to Technical Standard... 45 4.1.3.5 Interpretation of Good Engineering Practice... 45 4.1.3.6 Endorse Deviation from PS... 46 4.1.3.7 Strategic Maintenance... 46 4.1.3.8 Approves Key Engineering Drawing... 46 4.1.3.9 Ensure Conformity with Legislation and Standard... 46 4.1.3.10 Guidance, Mentoring and Training... 47 4.1.3.11 Investigations and Root Cause Analysis... 47 4.1.3.12 Review Suitability of SCE... 47 4.1.3.13 Defines PS... 47 4.1.3.14 Maintenance Deferral of SCE... 48 4.1.3.15 Review Changes and Modification... 48 4.1.3.16 Independent View on Safety and Operational Risk... 48 5 CONCLUSIONS... 50 6 RECOMMENDATIONS... 51 APPENDICES... 59 vi
LIST OF FIGURES FIGURE 2.1: IMPORTANT CONCEPT OF INTEGRITY MANAGEMENT... 4 FIGURE 2.2: ASSET LIFE CYCLE... 5 FIGURE 2.3: RELATIONSHIP BETWEEN ASSET INTEGRITY ELEMENTS... 7 FIGURE 2.4: COMPETENCY VERIFICATION SCHEME... 14 FIGURE 2.5: SCE GROUPS AND BOWTIE DIAGRAM... 18 FIGURE 2.6: MAJOR COMPONENT OF THE RISK EVALUATION PROCESS... 22 FIGURE 2.7: TYPICAL 4X4 RISK MATRIXES... 23 FIGURE 2.8: RISK RATINGS... 24 FIGURE 2.9: RBI, MAH, SCE AND PS LOOP... 28 FIGURE 3.1: OVERVIEW OF PROCESS... 30 FIGURE 4.1: PERCENTAGE DISTRIBUTION OF OFFSHORE PLATFORM ACROSS RESPONDENT... 36 FIGURE 4.2: FLOW DIAGRAM FOR TA REPORTING STRUCTURE INTO SENIOR MANAGEMENT... 37 FIGURE 4.3: THE BASIS FOR WHICH TA'S ARE SELECTED... 38 FIGURE 4.4: TA SELECTION BASIS % IN AGREEMENT... 38 FIGURE 4.5: TA DISCIPLINE WITHIN DUTY HOLDERS IN THE UKCS... 39 FIGURE 4.6: TA DISCIPLINE % OF RESPONDENT IN AGREEMENT... 40 FIGURE 4.7: TA ROLES/RESPONSIBILITIES... 43 FIGURE 4.8: TA ROLES/RESPONSIBILITIES % OF RESPONDENTS IN AGREEMENT... 44 FIGURE 4.9: PS DEVELOPMENT FLOW DIAGRAM... 47 LIST OF TABLES TABLE 2.1: DEFINITIONS OF LIKELIHOOD FOR TYPICAL 4X4 RISK MATRIX... 24 TABLE 2.2: DEFINITIONS OF CONSEQUENCE FOR TYPICAL 4X4 RISK MATRIX...... 25 vii
LIST OF ABREVIATIONS BP British Petroleum UKCS United Kingdom Continental Shelf HSE Health and Safety Executive OSD Offshore Division KP3 Key Programme 3 NUI Normally Unattended Installations FP Floating Production FPSO Floating Production Storage Offloading MAH Major Accident Hazards TA Technical Authority SMS Safety Management System LTI Lost Time Injury HAZOP Hazard and Operability QRA Quantitative Risk Assessment FMECA Failure Mode Effect and Criticality Assessments HIPPS High Integrity Pressure Protection System MOC Management of Change ESD Emergency Shutdown PSV Pressure Safety Valve PSD Pressure Safety Device RAM Reliability, Availability and Maintainability RBI Risk Based Inspections RBM Risk Based Maintenance UK United Kingdom AISG Asset Integrity Steering Group SIS Safety Instrumented System PA Public Address GA General Alarm BS British Standard PS Performance Standard ISO International Standard Organisation OPEX Operational Expenditure viii
ICP EPC P&ID MMS Independent Competent Person Engineering Procurement and Construction Piping and Instrumentations Diagram Maintenance Management Systems ix
1 INTRODUCTION 1.1 Background Long dismissed by many as a potential source of oil or gas, the North Sea has, over the last four decades, become the centre of one of the world most productive and dynamic energy industries. Gas was first found in commercial quantity in the Groningen area of The Netherlands in 1959. This was followed by the first British discovery of gas in the West Sole field, off the coast of East Anglia, by the British Petroleum (BP) jack-up drilling rig Sea Gem, late in 1965 [1]. The offshore oil and gas industry on the United Kingdom Continental Shelf (UKCS) of the North Sea is now a matured industry with about 107 oil platform and 181 gas platforms and many subsea installations. It operates in an increasingly more challenging business environment due to rising energy demands, declining oil and gas production rates and ageing infrastructures. It is a known fact today that more than 50% of the offshore oil and gas production facilities has exceeded their design life and this proportion is steadily increasing with time. About a decade ago, in response to the deteriorating nature of assets especially the Safety Critical Elements (SCE), the UK Health Safety Executives (HSE) Offshore Division (OSD) responded with the Key Programme 3 (KP3) which was directed more widely on asset integrity, and schedule to run between 2004 and 2007 [2]. The KP3 inspections were done by OSD s specialist and inspection management team in about a 100 offshore installations representing about 40% of the total infrastructures in the UKCS. These included all types of offshore installations Fixed, Manned and Normally Unattended Installations (NUI), Floating Production (FP), Floating Production Storage and Offloading (FPSO) vessels and Mobile drilling rigs [2]. The main focus of the KP3 was on the maintenance management of SCEs i.e. the management systems and processes which should ensure the reliability and availability of the SCEs. The SCEs are essential for the integrity of any installation, these are the parts of an installation or component (e.g. hardware, software, procedure etc.) which are designed to prevent, control or mitigate Major Accident Hazards (MAH) and the failure of which could cause or contribute substantially to a major accident [2]. 1
In November 2007 a report was published by HSE detailing the findings of the KP3. One of the main finding was that Technical Authorities (TAs) roles needs be strengthened in many companies [2]. Although referred to frequently in HSE documents, and adopted widely in operating companies within UKCS after the KP3, the role of the TA is not universally defined or implemented. This thesis will seek to assess and documents the implementation of TAs in duty holder organisations via an industrial questionnaire, to understand the role TA plays in managing asset integrity. 1.2 Aims and Objectives As the currently operating oil and gas installations in UKCS are ageing, it is very important to ensure that they are still capable of performing their intended functions in the safest possible manner to avoid any harm to personnel or the environment. It is therefore important that the role of the TA be universally defined and implemented because it acts as a backstop against degraded SCEs and safety related equipment and structures. My main aim in this work is to understand the current implementation of the TA s role with operating companies and definition of the key roles to be delivered by TA going forward. In an attempt to fully achieve the aim of this work, the objectives would be as follows; To review various asset integrity management techniques To understand the current implementation of the TA s role within operating companies in the UKCS To draw conclusions and make recommendations based on my findings 2
2 LITERATURE REVIEW This chapter seek to review different techniques employed in Asset Integrity Management. 2.1 Introduction Safe and reliable production is the cornerstone to efficient and profitable oil and gas production operations. As majority of the offshore oil and gas installations in the UK sector of the North Sea are operating beyond their design life, management and prevention of unwanted incident especially those involving hydrocarbons, is essential to achieving this desired safety and reliability. This sort of events can lead to multiple fatalities with respect to people, contamination of the environment, economic loss and reputational damage for example, the Texas City refinery disaster in 2005 and The Gulf of Mexico Oil Spill in 2010 [3]. The effective Asset Integrity Management (AIM) is critical to the control of MAH, preventing major accidents, improve availability, business and operational efficiency and increase reliability in oil and gas production operations. To achieve this, it is necessary that an aware workforce deploy quality practices to sound facilities [4]. 2.2 ASSET INTEGRITY MANAGEMENT (AIM) Management of asset integrity in modern oil and gas industry is a complex and a crossfunctional activity made up of many components covering many disciplines, and it is a birth to death journey for an asset. The UK HSE defined Asset Integrity as the ability of an asset to perform its required function effectively and efficiently whilst protecting health, safety and the environment and AIM as the means of ensuring that the people, systems, processes and resources that deliver integrity are in place, in use and will perform when required over the whole lifecycle of the asset [2]. According to Sutton [5], AIM should be a core element in companies' total management systems, strategies and activities. It seeks to ensure that all equipment, piping, instrumentation, electrical systems, and other physical items in a unit are designed, constructed, operated, inspected, and maintained to the appropriate standards. AIM is 3
built on the philosophy that prevention of major accident is reliant on the following principles that; The Plant or equipment are designed and continually assessed to ensure it is fitness for purpose (i.e. Mechanical integrity). The Process (including programme and procedures) are in place, in use, up to date and adhere to (i.e. Operational integrity). The People are trained and competent with regards to their safety critical duties (i.e. Personnel integrity). Figure 2.1: Important Concept of Integrity Management [6] For an effective integrity management of an asset, the people, plant and process needs to remain fit for purpose over the life cycle of the asset. 2.3 Asset Life Cycle The life cycle of an asset simply means the different phases/stages an asset goes through before it is no longer fit for service. Over the life of an asset, the design intentions or operational conditions may change. These changes can introduce risk or impose added 4
burden on the assets both in terms of operating practices as well as the asset reliability and integrity [7]. To ensure the life cycle integrity of the asset is managed and maintain, it is required that such changes are recognised and appropriate steps taking to mitigate the effect. This is dependent on good leadership, senior management commitment, effective maintenance and risk management conducted by a competent workforce for each phase of the asset life [8]. The main phases of an asset life are summarized in the figure 2.2; Design Construction Commissioning Operations Plan Decommissioning Each of these phases has an impact on the integrity of the asset and is of itself a significant event with the potential to change the risk profile of the asset [9]. These phases are discussed below; 2.3.1 Plan/Design Phase The plan/design phase is crucial and the most important phase of any asset. Integrity in design yields high reliability, availability, reduces downtime and cost of maintenance [10]. Dreher et al [11] explain that, the most effective manner in which to reduce the overall risk exposure for an asset is to reduce the risk during the planning and design phases. Implementing the inherently safe design concept will minimise the hazards to personnel during their operating phase and subsequent decommissioning. A variety of studies may be undertaken during this phase to identify risk in order to take appropriate step to mitigate the risk. These studies consider risk in a variety of areas, including project, safety, and operational risk. Asset Life Cycle Figure 2.2: Asset Life Cycle 5
These steps include, but not limited to the following; Project risk assessment Safety risk assessment e.g. Hazard Identification (HAZID), Hazard Analysis (HAZAN), Hazard and Operability Studies (HAZOP), Quantified Risk Assessments (QRA) etc. Operational risk assessments e.g. Failure Mode Effect (and Criticality) Analysis (FMEA/FMECA), Reliability and Availability Studies. 2.3.2 Construction Phase In this phase of an asset, a variety of risks can also be introduced. These ranges from occupational health and safety risks associated with injuries to major financial risks that may have the potential to change the objectives of the project. In addition to managing the lower level risks, it is essential to identify and address risks that have the potential to seriously impact the viability of the project [11]. According to Butler [9], the cause of the risk during the construction phase could be as a result of panic driven last minute changes, or the root of the problem coming from the engineering design. Steps should be taking during this stage to ensure that assets are constructed according to the design specifications. 2.3.3 Commissioning Phase De wardt et al [12] defines commissioning as the process by which a plant, facility, equipment (which is installed, or is complete, or near completion) is tested to verify if its functions according to its design objectives or specifications. During this phase of an asset life cycle, reviews are essential to ensure that the equipment and system has been manufactured (according to design specifications), connected and installed in a safe and reliable way. Integrity testing of mechanical equipment, Loop testing of control and Safety Instrumented Systems (SIS), etc. should be conducted to ensure that the installed design of the facility meets the specified performance parameter [13]. 2.3.4 Operations Phase When a plant has been commissioned and is in operations, the design and construction safety has to be maintained by structural inspection and maintenance regime [11]. Particular emphasis should be placed on control of changes to the facilities for example, changes in reservoir chemistry, or production parameters. Plant change control is essential to ensure that any modifications are considered at the correct technical level to 6
ensure that all potential risks are evaluated, if necessary by repeating the whole design control measures as in the earlier phases. 2.3.5 Decommissioning Phase Applying appropriate risk management during planning and design phases of an asset will anticipate potential problems and take them into consideration in the initial design of the facility. This can in the long run eliminate or reduce the issues associated with the decommissioning of the facility at the end of their useful life [11]. 2.4 Asset Integrity Elements The asset integrity major elements are; Mechanical Integrity Operational Integrity Personnel Integrity Mechanical Integrity Asset Integrity Personnel Integrity Operational integrity Figure 2.3: Relationship between Asset integrity Elements [14] The figure above shows the relation between asset integrity and its major elements, as well as the interrelation between the elements. The way each of the elements performs has effect on the others. The range for mechanical integrity is defined by the operations and both of these elements depend on the personnel involved in dealing with them. This enforces the requirement of personnel integrity to define asset integrity 7
comprehensively. Mechanical integrity is an important contributor to asset integrity, it ensures that equipment are designed, constructed, installed and maintained to minimise risk. The other two elements also have a potential influence on the integrity of an asset [14]. These elements are discussed below; 2.4.1 Mechanical Integrity Mechanical integrity is the ability of the asset to withstand the design load (i.e. design pressure/stress, design temperature, etc.). It is primarily concerned with the structural integrity, pressure containment and leak tightness, and focuses on pressurized equipment, piping systems and major structure [15]. According to Smallwood [16], to achieve optimum mechanical integrity for process fixed equipment, the following tasks must be used as applicable: Effective management of plant s operation, engineering and maintenance to achieve mechanical integrity Design mechanical integrity into a process plant during the design stage Know and understand equipment's type/condition e.g. degradation or failure mechanism Operate equipment within acceptable operating envelope Use secondary containment or other methods to diminish the effects of loss of containment. 2.4.2 Operational Integrity Operational integrity is the ability of the asset to perform its required functions effectively and safely. It is primarily concerns with the reliability of SCE such as Emergency Shutdown systems (ESD), critical process control systems, and hazard mitigation system (e.g. Fire/gas detection system, High Integrity Pressure Protection System (HIPPS), Safety valves etc.) [6]. Operational Integrity is about making sure the operating basis are in place, understood, supported and adhere to. 2.4.3 Personnel Integrity Personnel integrity is the ability of the asset personnel to operate the asset safely and effectively. It is primarily concerned with human factors issues such as operators 8
training, competency management systems, reporting systems, anomaly management, etc. [17]. The AIM program is intended to be applicable at all stages/phases of an asset life from design and construction to operation and decommissioning. It is a cradle-to-grave program that covers the full life cycle of an operational facility and is based on a continuous process of identification of potential hazards associated with such facility and the risk management and mitigation programs developed to control the hazard [18]. For a facility to perform its required function effectively and efficiently whilst protecting health, safety and the environment, the Mechanical, Operational and Personnel Integrity should be maintained throughout the life cycle of the operational facility. Listed below are the selected AIM elements to ensure that the Mechanical, Operational and Personnel Integrity are maintained over the life cycle of the asset [7]. Management of Change (MOC) Assessment and Continuous Improvements. Ownership and Accountability Asset register Risk Management and Hazard Evaluations Protective System Facility Design and Construction Operations and Maintenance Incidence Investigation and Preventions Emergency Management Competence/Skills Assurance Leadership 2.5 Description of the Elements and the Intended Purposes 2.5.1 Management of Change In AIM and major accident prevention, Management of Change (MOC) is one of the most important elements which are employed throughout the life cycle of the asset. It is simply about understanding changes and trying to control them. 9
One of the major threats to MOC is that a change might not be recognised in the first place, and this can be followed by the failure to identify the impacts of the change and implement appropriate actions that allow transition to the change [19]. This is evident from a number of globally reported major incidents, where it was revealed that failure to manage change was the root cause or a significant contributor. For example, Failure to manage temporary change led to the loss of containment, explosion, fire and fatalities at the Nypro plant at flixborough in 1974 [20]. In most cases, MOC is applied well to permanent visible physical changes to an asset. However, temporary or insidious changes are sometimes overlooked or not noticed. In addition, issues such as operations outside of acceptable operating envelops, chemical addition modifications, change in physical properties etc. are often missed. According to Ciaraldi [6], understanding what constitute a change and how different types of change are governed is important for an asset operator to establish an effective MOC process. To further improve the effectiveness of MOC, an audit procedure which feeds back into process modifications and clarifications should be employed [6]. 2.5.2 Assessment and Continuous Improvements Another important element in AIM is the assessment or evaluation of the changing condition of an asset and the continuous assurance and verification of its integrity. This can be achieved if performance measures are in place to monitor progress and determine if effective systems and procedures are in place [7]. The preservation of safety critical function of SCE to achieve the required level of asset integrity is achieved by a programme of planned inspection, testing and maintenance activities. This is supported by timely/focussed repairs, replacements and restoration of asset condition so that the asset remains fit for its operational purposes. Without this, asset will deteriorate, leading to degradation of performance, ageing and unreliability of its SCE. 2.5.3 Ownership and Accountability If the accountability is not defined, the ownership of any task or initiatives is diluted and progress will not be recorded. As such, for any integrity management plan or initiative to succeed, the responsibility for identifying the loop holes in the integrity of 10
the asset, the necessary actions required to close these identified gaps, monitoring of progress made in the corrective actions and maintaining of the desired level of performance must be defined [7]. 2.5.4 Asset register Palmer [21] explained that, data availability, accuracy and continued update are necessary for the implementation of AIM initiatives and measure of progress towards meeting the preset objectives. Without integrity management data, it will be difficult for asset management to monitor or to assert with any level of confidence that the plant or asset is in a safe condition or to complete meaningful predictive work that will ensure the long term reliability of the facilities. All supporting inspection, testing, investigative findings, modifications and maintenance database should be aligned with the asset register. Therefore, periodic reviews are required to ensure the asset register and supporting databases are maintained and always up to date [22]. 2.5.5 Risk Management and Hazard Evaluation The core of AIM is risk and hazards evaluation. These involves the process of planning, identifying, estimating, evaluating, selecting and implementing actions to prevent, minimize, control or eliminate harm to personnel, environment and assets [23]. This emphasizes the need for continuous process that establishes and progressively updates the understanding of the hazards and their management through the life cycle of each asset. The hazard analysis should produce a hazard register and SCE list (for prevention, control and mitigation of the hazards) that includes the level of criticality based on the likelihood and consequences of their failure in service [7]. 2.5.6 Protective Systems This are safety critical systems which contribute to preventing, detecting, controlling or mitigate a major accident and ensuring the survival of people and protection of assets. To ensure AIM, these systems should always be reliable, available and operational and their operational functions continually verified to ensure they meet the performance criteria. These systems include, 11
ESD Pressure Safety Valves (PSV) Gas detectors and fire alarms HIPPS Process Safety Devices (PSD) etc. 2.5.7 Facilities Design and Construction This means ensuring integrity of the assets during design in order to operate within acceptable safety margins and to ensure optimized economy throughout operational life. This is achieved by adopting inherent safe design, developing a safe layout integrating ergonomics (human factor) requirements right from design stage, selection of an appropriate material for sustained operations and carrying out Reliability, Availability and Maintainability (RAM) studies [10]. Laskar [15] explained that, the mechanical integrity of the asset is assured by construction and fabrication to a suitable design using appropriate materials, good workmanship and quality assurance in accordance with; Recognised codes and standards Good industry practises Regulatory requirements 2.5.8 Operation and Maintenance This element addresses the need to operate assets within the safe operating envelope and define the limits beyond which system integrity may be jeopardized. Mechanical integrity can be maintained by adhering to operating procedures and processes [7]. Asset integrity can be maintained when assets are; Operated within the original design parameters or through parameters defined through a MOC process that evolves as the facility moves through different phases of its life cycle. Inspected, maintained and repaired to a condition which is consistent with the original design or fitness for service criteria. 12
Audited to provide assurance of conformance and identification of nonconformance for corrective action and this corrective action is assigned ownership and target date to ensure it is carried out. Atherton [24] explains that a successful AIM programme requires comprehensive knowledge of the asset, including its actual condition, all operations and activities conducted in the life of the asset. Rahum et al [25] also added that the core element in managing an asset or operations is based on a good Maintenance Management System (MMS). Proper asset maintenance requires proactively planned maintenance programmes and this can significantly reduce the overall operating cost and increase the efficiency and productivity of the asset. 2.5.9 Incident/Accident Investigation and Prevention The thorough investigation and analysis of incidents and accidents (both actual events and near misses), along with the appropriate follow-up to prevent recurrence, provides one of the most effective means of improving the safety and reliability of an asset [26]. Every unexpected asset failure or damage present an opportunity to learn about the integrity of the assets, determine the root cause of the failure, developing action plan to prevent recurrence, track the progress of these actions and communicate lessons learned throughout the asset [7]. 2.5.10 Leadership Leadership at all level of an organisation is a necessary start to good AIM. The senior leadership has the key function of improving understanding, simplification, challenge and learning in major hazard control and ultimately in performance [25]. When the leadership visibly and openly display passion for integrity management, this will pervade through the organisation and promote the development of a similar zeal within the workforce [6]. 2.5.11 Competency/Skills Assurance According to Esaklul [7], one of the most overlooked requirements for integrity management is the assurance that all personnel are trained and competent for their job. It is a dangerous assumption to believe that an operator is competent to operate a unit because he/she has operated a similar unit in another plant. It should be noted that, 13
competency is not about training, intelligence or education level, but it is about the specific skills required to properly do a particular job and the individual s level of expertise. Managing people s competence is a critical part of managing overall safety and integrity of an asset. Wherever people interface with complex work systems, skilled knowledge and skilled performance are vital to operational integrity [29]. A proper competency assurance program defines the skills required for each job and the minimum level of competency necessary to carry out the job. Additionally, there must be a means in place to continually assess the individual skills of a worker so that deficiencies may be identified and corrected with targeted training and testing [30]. See figure 2.4 Figure 2.4: Competency Verification Scheme [6] 2.5.12 Emergency Management Tveiten et al [27] defines emergency management as the total activities (both administrative routines and informal processes) conducted in a more or less coordinated way to control emergencies before, during and after an event. This includes analysis, planning, training, handling, learning, anticipation and monitoring. This is the last line of defence in an AIM plan, the ability to reduce the effect or mitigate the consequences of an accident. It is essential that assets are reliable and 14
available and can respond quickly to mitigate the effect of an undesired event by having robust emergency management plan. In addition to having the plans in place, they should be regularly reviewed to be able to adapt to changes in the identified hazards, be fully understood by all those likely to be impacted and regularly exercised and tested through drills [28]. 2.6 Risk based approach Risk based approach provides a detailed evaluation of failure modes and the assessment of their corresponding likelihood and consequences if the failure eventually occurs. Leading and lagging indicators are then developed to monitor the performance of the asset to prevent potential incidents [31]. Two types of risk based approach are discussed below. 2.6.1 Risk Base Inspection (RBI) Risk Based Inspection (RBI) methodologies are becoming standard industrial practice for the management and planning of in-service inspection activities. According to Horrocks et al [32], these methodologies seek to define and manage the risk associated with individual equipment, such that items that constitute the highest risk receive the greatest attention from a planned inspection program. RBI provides detailed evaluations of the mode of failure, the barriers to prevent, control or mitigate these failures, and results in an inspection programme to effectively identify potential failure before they occur at reduced cost [33]. RBI is discussed later in details. 2.6.2 Reliability Based Maintenance (RBM) The oil and gas process plants and facilities require essential targeted continuous maintenance to ensure high levels of reliability and safety. A Risk Based Maintenance (RBM) strategy is a useful tool to plan and design a cost effective maintenance schedule [34]. The unexpected failures, the down time associated with such failures, the loss of production and, the higher maintenance costs are major problems in any process plant. RBM approach helps in designing an alternative strategy to minimize the risk resulting from breakdowns or failures [35]. The RBM methodology is comprised of four modules; Identification of the scope of maintenance Risk assessment 15
Risk evaluation Maintenance planning. Krishnasamy et al [36] explained that, using this methodology, one is able to estimate risk caused by the unexpected failure as a function of its probability and consequence. Critical equipment can be identified based on the level of risk and a pre-selected acceptable level of risk. Maintenance of equipment is prioritized based on the risk, which helps in reducing the overall risk of an asset. 2.7 Safety Critical Element (SCE), Major Accident Hazard (MAH), Risk Based Inspections (RBI) and Performance Standard (PS) 2.7.1 Safety Critical Element (SCE) SCEs as defined earlier are those systems and components (including computer programmes, hardware, procedures etc.) designed for the purpose of preventing, controlling or to mitigate major accident hazards (MAHs) and the failure of which could cause or contribute substantially to a major accident. These include SIS, structures, fire and gas detection, and ESD, blow down, temporary refuge etc. According to HSE [2], the term contribute substantially to a major accident is intended to include within the category of SCE those parts whose failure would not directly initiate a major accident but would make a significant contribution to the chain of events which would result in a major accident. As assets age, it is very important to ensure that the SCEs are still capable of performing their intended functions efficiently and effectively whilst protecting health, safety and the environment. Marty et al [37] explained that in AIM, duty holders must ensure that the SCE lifecycle management should involve identification of the MAH, selection of the SCEs by identifying structures and plant which can cause, contribute to, prevent or mitigate a major accident event and develop Performance Standards (PS) for the identified SCEs. This management plan should involve alignment of planned targeted maintenance, inspection and testing etc. required to ensure the SCE meet it s required PS. Unnikrishnan [38] added that managing deviations or changes and impacts on MOC is also a critical part of the lifecycle management of SCEs. The continual monitoring of the status of the hardware barriers and performance assurance task (using a feedback 16
loop) enable management and operators to analyse the ongoing conformance of the SCEs with their PS. This provides opportunity for improvement and possibilities for further risk reduction. A comprehensive risk assessment is the best practice approach for the identification of the SCE and the eventual definition of the required PS. This involves the detailed identification of all hazards associated with different phases of the asset life [39]. This is achieved by performing a number of HAZID exercises and representing the information from the HAZID workshops using Bowtie diagram. Bowties are graphical representations providing information related to hazard with threats which could release the hazard s potentials on the left hand side of the graph and the consequences on the right hand side [40]. On each threat branch of the bowtie, there are shown barriers which are control measures provided to prevent the threat from arising. Similarly, on each consequence branch, there are mitigation barriers and recovery control measures which are considered to provide risk reduction from the consequences [41]. The Figure 2.5 shows the barriers (SCE) on both sides of the top event (Hazard) 17
Figure 2.5: SCE groups and Bowtie diagram [40] The Swiss cheese model at the top of the bowtie diagram in figure 2.5 shows the realisation of the hazardous event if all control safety barriers fails and the escalation of the consequences if all mitigating safety barriers fails For an effective life cycle management of SCE, the following point should be noted [41]; The PS for the SCE should be defined based on the MAH (more on PS in the next sub-heading). The PS which describes the equipment operating parameters at which the safety system fulfils its safety functions, should be defined for the SCE based on recognised industry standards e.g. The British Standard (BS), International Standard Organisation (ISO) etc. To ensure the continuous integrity of the asset, it is important that correct maintenance verification and test frequency is assigned to each SCE. 18
SCE s should be graded based on the risks associated, this assists in prioritizing maintenance. It is important also to monitor the maintenance of non SCE s because their failure can increase the workload of the SCE eventually resulting in major accident. The reliability and availability target for the SCE should be specified. The best approach to achieve this is to use the risk based approach by performing Safety Integrity Level (SIL) calculations. In order to avoid ambiguity, the PS should have a clear pass/fail criterion. This would assist the verification operator to document the results clearly which could be used for further analysis of the performance of the SCE. 2.7.2 Risk Based Inspections (RBI) The scope of an inspection and frequencies has traditionally been time based and driven by statutory regulation or insurance requirements and industry practices. Major shutdowns were planned to take place at particular fixed intervals, and it was normal practise to open, clean and inspect all equipment irrespective of its condition or necessity. The inspections when completed were often unfocused and indiscriminate, resulting in large amounts of data which are in most cases irrelevant. These practices, although inflexible, have to an extent, provided adequate safety and reliability. They just have not been cost effective or efficient [42]. The Risk Based Inspection (RBI) approach is an effective inspection planning tool supporting the engineers in their quest to focus the inspection and maintenance efforts into the high risk operating assets, while assigning an appropriate effort to the lower risk equipment. The end deliverable of RBI is a comprehensive inspection plan developed through a risk management process that aims at ensuring the integrity of an asset in the most cost effective manner [43]. RBI is an integrated methodology that factors risk into inspection and maintenance decision making. It is a systematic and structured approach for developing inspection plans using risk management techniques that identify the probability/likelihood of failure and the consequences of such failure from the human, environmental, assets and reputational viewpoints [44]. Overall, since a relatively large percentage of risk is associated with a small percentage of equipment, the RBI methods improve the management of risk through closely 19
focussing on the critical areas of the asset, and reducing efforts on the non-critical areas i.e. inspection effort is proportional to the criticality of the operating asset [45]. The RBI methodology provides a logical, documented and repeatable system for making informed decisions on inspection frequencies, details of inspection, inspection scope etc. 2.7.2.1 RBI Process According to Peterson et al [42] The RBI process consists of; Carrying out a Risk assessment on the asset Using the results of the assessment to determine the inspection frequencies and scopes. Before performing a criticality risk assessment, three basic questions should be asked, this are; What can go wrong or what are the potential failures? What are the probabilities or likelihood of the failure events occurring? What are the possible consequences of these failures? 2.7.2.2 Risk Assessment Process Risk assessments are fundamental tools in the safety community. They help make and implement decisions regarding safety, which in effect prevent accidents, improve safety performance, and reduce Operational Expenditure OPEX by systematically identifying and evaluating hazards concerning the design and potential failures [46]. To conduct a risk assessment, the following process has been developed; Identify the hazards Frequency assessment Consequence assessment Risk evaluation Action forward 20
2.7.2.3 Hazard Identification The first and most important step in any risk management program is to identify any possible hazards associated with your activities. Unless hazards are identified, consequence and likelihood reduction cannot be implemented. Hazards identification is the act of recognising the failure conditions or threats, which could lead to undesirable events. The main item to determine the hazards is the amount of information which is known about the equipment or conversely the identification of where there is a lack of information. Even when information appears to be known, the risk based approach requires the quality and accuracy of the information be tested and validated. Risk increases when there is a lack of, or uncertainty in the information required to assess the equipment integrity [42]. Information about the asset can be gathered from the design specifications, fabrication records, operational experience, maintenance records, inspection records, the knowledge of material degradation methods and the rates at which material degradation will, or has occurred. 2.7.2.4 Frequency Assessment This is the likelihood of the undesired event occurring and the rate at which these specified events would be expected to occur in a specified period of time. 2.7.2.5 Consequence Assessment This can involve the use of analytical models to predict the effects of different scenarios or consequence of a failure event. Information exists describing the effects of hazardous materials on humans, fire and blast effects on buildings and structures, dispersion and environmental effects, etc. 2.7.2.6 isk Evaluation Risk evaluation is used to determine the significance of a risk to the organization and whether each specific risk should be accepted. The value indicating a risk and its associated implications are arguably subjective but are nonetheless important for assessing the risk status [47]. 21
For a given risk event (e.g. accidental hydrocarbon release), each of the release criteria is evaluated based on the likelihood and consequence. Likelihood is the probability of occurrence and Consequence is the severity of impact. In quantitative risk assessment, the risk is the product of the numerical consequence and the probability of occurrence [48]. (See figure 2.6). According to Clare et al [48], Consequence and likelihood can each be assessed using various methods of varying complexity, ranging from qualitative to quantitative. Figure 2.6: Major Component of the Risk Evaluation Process [48] 22
Consequence Minor (1) Marginal (2) Serious (3) Very serious (4) The simplest form of reporting risk is by simply grading the possible consequences and likelihood of the failure events as high, medium or low. The preferred approach is to use a Risk matrix to assign risk. An example of a typical Risk Matrix is shown in Figure 2.7 below. Each asset will fall within a cell in the matrix corresponding to the likelihood and consequences of failure. Risk = Likelihood Consequences 4 8 12 16 3 6 9 12 2 4 6 8 1 2 3 4 Low (A) Medium (B) High (C) Likelihood Figure 2.7: Typical 4x4 Risk Matrixes Very High (D) 23
Unacceptable Urgent Attention Undesirable Action Acceptable Monitor Desirable No action Figure 2.8: Risk Ratings Table 2.1 and Table 2.2 show sample definitions for Likelihood and Consequence for 4X4 Risk Matrix Table 2.1: Definitions of Likelihood for Typical 4X4 Risk Matrix Likelihood Ranking Likelihood Category Definitions A Low Not likely B Medium May occur C High Probable Occurrence D Very high Occurred/Occurring 24
Table 2.2: Definitions of Consequence for Typical 4X4 Risk Matrix [42] Consequence Ranking Consequence Category Impact 1 Minor First aid, little/no response, minor equipment cost 2 Marginal Medical aid, limited response, equipment repairs, minor losses. 3 Serious Serious injury(s), major response, major downtime, expenses. 4 Very serious Fatality(s), long term environmental, permanent shutdown 2.7.2.7 Action Forward The underlying implicit assumption is that in a competent organisation, findings from the RBI will be followed by proper actions that will actually reduce equipment risk and ensures the integrity of the asset [42]. The action plan may include one or a combination of the following activities [42]; Follow up inspection Asset monitoring Asset replacement Operational procedure changes Use of upgraded materials Instrumentation upgrade 2.8 Major Accident Hazards (MAH) Major Accident can be thought of as an occurrence such as major emissions, spill, fire or explosion resulting from uncontrolled developments in the course of operations and can lead to multiple fatalities or serious danger to the environment. MAH are hazard that has the potential of resulting to a major accident e.g. hydrocarbon releases [49]. Craddock [50] explains that, major accident occurs because of failure to identify or recognise MAH and take adequate steps to manage the associated risks. Major accidents 25
are low frequency very high consequence events requiring careful management. This needs to be supported by a safety culture that has all levels of an asset organisation engaged in the common goal of major accident prevention. This starts with committed leadership. Leadership that is complacent about low frequency high consequence events will be leading an organisation that is closer to triggering a major incident than a leadership that is mindful about such events. It is important to recognise that for this class of failures, the primary risk control measures are built into the system at the planning selection, design, construction, and installation phases (i.e. ensuring the integrity of the asset in all phases). Major incidents are not driven by operational considerations i.e. they do not necessarily require operational failures to be realise, and may occur even if a system is operated within its design envelop [51]. 2.9 Performance Standard (PS) PS are statements which can be expressed in quantitative or qualitative terms, of the performance required of a system, item or equipment, person or procedure, and which is used as the basis of managing the hazard e.g. planning, measuring, control or audit through the life cycle of the asset (SCE). Or, they are documents describing the criteria for the assessment of the asset (SCE) for compliance with minimum requirement to asset operations and characterizing its performance criteria [41, 40]. Marty et al [37] explains that, The PS standard defines the following criteria for each of the SCE; Functionality of the SCE i.e. response time of the SCE Availability of the SCE i.e. the handiness of the SCE Reliability i.e. the ability of the system to perform its required functions when it s needed. Survivability i.e. the ability of the element to deliver its function if exposed to an undesired event e.g. fire, blast, vibrations, etc. Interdependency i.e. other systems necessary for the function of the SCE to perform adequately e.g. emergency power supply for SIS [37]. 26
2.9.1 Integrity Assurance These are assurance activities performed to confirm that the asset meets the required PS during design and throughout the operational lifetime of the asset. At the design stage, such assurance is undertaken through the use of appropriate design codes and standards, best practise, risk based approach, design review etc. by suitable qualified, experience and competent persons [37]. Assurance activities during operational stage include inspection, test and maintenance. The activities mentioned above are required in other to enable; 2.9.2 Verification Verification tasks are carried out in order to verify that the previously defined PS for the SCE is achieved. According to Dhar [41], this is system of independent and competent scrutiny of the suitability of SCE throughout its life cycle. The process of identifying SCEs, producing PS and performing Assurance is monitored and verified by an Independent Competent Person (ICP). Verification is a sampling process and includes document review, checks using calculation, physical examination, testing or witnessing of tests, audit, and confirmation of records during the operational life of the asset. 27
2.10 RBI, MAH, SCE and PS Loop An Asset Major Accident Hazard (MAH) Risk based inspection (RBI) to classify MAH Safety Critical Element (SCE) to Prevent Major Accident Major accident Occurs Safety Critical Element (SCE) to mitigate the effect of Major Accident Definitions of Performance Standards (PS) for the SCE Figure 2.9: RBI, MAH, SCE and PS Loop The flow chart above shows the relationship between RBI, MAH, SCE and PS. For an effective AIM, a RBI is carried out on the asset in other to identify MAH associated with the asset. Then the SCE are grouped into barriers for preventing, controlling or mitigating the consequences from a major accident. The PS is specified for all the identified SCE first to ensure the suitability of the SCE in the design and construction 28
phase and secondly the performance criteria that ensures the on-going suitability of the SCE in the operational phase. The defined PS detail the goal of the SCE, functionality, suitability, availability, reliability and interdependency and also the acceptance pass/fail criterion for which the performance of the SCE will be measured and recorded. 29
3 METHODOLOGY This chapter includes a review of the research method and design appropriateness, a discussion of the population and sample, methods used in the collection of data, the approach used in the analysis of collated data, ethical consideration and limitations. This research was carried out in three main parts. The first was aimed at identifying key background issues/studies relating to AIM. The second concentrated on the collation and assimilation of available data. Specifically, it examined information relating to the KP3 reports, review and studies on integrity management together with the data from the questionnaire and notes made from the unstructured interviews with some TAs and asset integrity managers. The final phase involved the analysis of all of the available data, draw conclusions and make recommendations based on the findings. An overview of the process is shown below with colour codes representing the different parts. TASK 1 Literature Review TASK 2 Pilot interview/brainstorming Section with AISG TASK 3 Source for Information from Duty-Holders via Questionnaire TASK 4 Sort Data from Duty- Holders/Unstructured Interviews TASK 5 Analysis and Discussions TASK 6 Conclusions & 30 Recommendations Figure 3.1: Overview of Process
3.1 Population and Sampling The main focus of this research was on the UK oil and gas industry. This involves dutyholders operating in the UKCS of the North Sea. A form of sampling was introduced. As explained by Silvermann [52], the purpose of this sampling was to study a representative subsection of a precisely defined population in order to make inferences about the whole population. Within the duty holders, the participant includes Asset Integrity managers and TAs. The above participants were chosen because of their relevance and experience to answer the research question. It was necessary to employ this form of sampling techniques because of the time and resources available to the research. 3.2 Data Collection Method 3.2.1 Pilot Interview A pilot interview was done prior to administering of the questionnaire to inform me on the approach to take in the design of the questionnaire. As described by Punch [53] it is a small-scale trial before the main investigation with the intention of assessing the adequacy of the research design and of the instruments to be used for data collection. The pilot interview studies was crucial to this research which was primarily based on questionnaire to gather data, since there will not be an interviewer present to clear up any confusion when the participant are trying to answer the questions. 3.2.2 Questionnaire This phase of data collection involves generating of questions to design the questionnaire based on the findings from the pilot interview, brainstorming section done with the Asset Integrity Steering Group (AISG) of Step Change in Safety and findings from the literature review. The designed questionnaire was forwarded via an e-mail to the participating companies. This method of distribution was preferred because it was easier to reach a larger population. Though questionnaire was seen as the best method of gathering data for this research considering the time available, it is not without its own pros and cons. The pros include, it was cheap particularly for group administered, it is far quicker to conduct, absence of interviewers effect, and at the convenient for respondent. 31
Nevertheless, the cons also include, the response rate was low, the fear of given some confidential documents out and there were no one present to help the respondents if they are having difficulty answering questions. In other to mitigate some of the cons, a good covering letter explaining the reasons for the research, why it is important and why the recipient has been selected and a guarantee of confidentiality was attached to the questionnaire (see Appendix A). Furthermore, a simple questionnaire with clear instructions and an attractive layout was designed. The questionnaire contains 22 questions in total including open and close -ended questions. It is assumed that the likelihood of response to this format considering their busy schedule is more compared to using all open-ended questions. In addition, the weakness associated with either form of question is the strength of the other. The administration of the questionnaire to the target participants and the persistent contact of the respondent to ensure quick response to the questionnaire were made possible through the AISG of Step Change in Safety. 3.2.3 Unstructured Interview These involved informal interviews and discussions conducted to explore or get a wider understanding on the topic being researched. There was no predetermined list of questions to work through in this situation, just knowledge of the aspect I want to explore. As mentioned earlier, the interview was purely informal. The interviewee is given the opportunity to talk freely about events, behaviour and beliefs in relation to the topic area [54]. I was able to have three different unstructured interviews, two of which were from TA working in the UK and the third was with TA in the United State of America. The information obtained from this interviews where used to explore and explain themes that have emerged from the use of the questionnaire. 3.3 Data Analysis Method Various methods of data collection produce different types of data that requires different handling strategies. The main method of data collection for this research was the use of the questionnaire and an unstructured interview to explore on findings. 32
First step involves reproducing the collated data so that they provide a fair summary of what has been studied and so that they can be analysed readily to answer the researcher s questions. The questionnaire as stated earlier, contains both closed and open-ended question, the first step was to code this data, i.e. transforming the data from the questionnaire into a form in which we can analyse efficiently. For the unstructured interviews, the analysis of the data was a bit challenging since there was no interview agenda. This was finally overcome by constantly visiting the note made from the discussions and ideas that form in my head. This process continued until I felt fairly confident that I had identified the set of variables that I needed and could measure, and had also identified some of the main categories of each variable. The data extracted was also coded. The themes arising from the coded data will be linked to the research objective in analysis providing a framework with which findings will be reported and discussed. The data was analysed using EXCEL, a personal computer based analysis software. This was chosen because it is particularly useful in basic statistical analysis. 3.4 Research Ethics and Limitations 3.4.1 Research Ethics During the period of this research, careful steps were taken to ensure that the way the research was design is both methodologically sound and morally defensible to all those who are involved. A confidentiality agreement was signed with the participant and also a cover letter detailing what the research is about, the aims and objective of the research and statements on the use of the data assuring confidentiality and anonymity of the respondents (see Appendix A). 3.4.2 Limitations The major limitation of this work is the poor access to primary data and time. Due to the busy schedules of the target respondent, it was difficult to get them to respond to the questionnaire. Likewise, it was impossible getting approval for interview with representatives from the respondents, HSE, asset integrity managers and TAs as proposed to clarify some of my findings. This limited the number of data and the amount of respondent. To help overcome this limitation, a meeting with the members of 33
the AISG was organised to brainstorm on the available data and make relevant contributions. 34
4 DATA ANALYSIS AND DISCUSSION In 2009, following the findings from KP3 as regards the declining nature of the influence of the TAs; the OSD of HSE conducted a review of the industry s progress. The review concluded that there have been real changes to, and strengthening of, the TA functions in a number of companies which are showing tangible benefits. The challenge remaining for the industry according to OSD is to ensure that the enhancements to the TAs role and resources are replicated uniformly and consistently across the industry [56]. Based on the findings of the OSD of HSE, a questionnaire was developed to understand the current implementation of the role of TAs across duty holders in the UKCS. This chapter contain the data presentation, analysis and discussion of the findings. 4.1 The Questionnaire The questionnaire is structured into 3 sections; The organisation: To understand the organisational structure TA Standard/Framework: To understand the TA s discipline and the basis within which TA s are selected The role definition and organisation approach: To understand the implementation of the TAs within the organisation This section details the findings from the questionnaire after coding of the data into the different sections. (See Appendix B) A total of 7 duty-holders responded to the questionnaire, with a combined total of 44 operating platforms within the UKCS. The platform includes FP, FPSO, Manned and NUI platforms. The respondents are involved in explorations and productions, consultancy, Engineering Procurement and Construction, project management. To ensure anonymity, the respondent are hereafter referred to as Company A, B, C, D, E, F and G. The pie chart below shows the percentage distribution of the offshore platforms across the respondents. 35
` Figure 4.1: Percentage Distribution of Offshore Platform across Respondent 4.1.1 The Organisations The question around the organisation was asked based on the findings by OSD in 2009 that.much needs to be done to strengthen this TA function and wider consideration needs to be given as to the role of the TA function at senior levels in companies. [2]. In order to understand how this has been incorporated into the industry, the duty holders were asked to describe the company structure within which the TAs seats in, and how they report into the senior management level. 36
The flow chart below summarises the responses. Figure 4.2: Flow Diagram for TA reporting Structure into Senior Management The flow diagram shown in figure 4.2 above summarises the organisational structure within which the TAs seat in, and how they report into the senior management within the respondent organisation. The responses show a strengthening of the TAs within the organisational structure of the respondent. 4.1.2 TA Standard/Framework The TA in a company as mentioned by HSE act as a backstop against continuing operations with degraded SCE, their function is to provide expertise and judgement on key operational engineering issues [2]. This is an important strategic role particularly in decision making relating to the continuing operations with degraded SCE, equipment integrity and MAH management. To get a clear understanding about TAs and the required qualification for this strategic role, the duty holders were asked to state the basis upon which they select their TA s. 37
The stacked bar chart below (figure 4.3) summarises the responses from the respondents with the colour code matching each respondent, and the bar chart in figure 4.4 showing the percentage of respondent in agreement. Figure 4.3: The Basis for Which TA's are Selected Figure 4.4: TA Selection Basis % in Agreement From the bar chart above in figure 4.4, it can be inferred that the TAs are recognised engineers in their various discipline appointed by the organisation within a specific technical discipline to provide independent technical advice. 38
4.1.2.1 TA Disciplines The duty holders where ask to list the TA s discipline within their organisation. This question was asked to have an understanding on the critical discipline occupy by TAs across the industry. The stacked bar chart below (figure 4.5) summarises the responses from all respondent and the bar chart in figure 4.6 shows the percentage of respondent in agreement. Figure 4.5: TA Discipline within Duty Holders in the UKCS 39
Figure 4.6: TA Discipline % of Respondent in Agreement 40
As stated earlier, the duty holders are involved in various operational activities within UKCS; this explains the weak percentage of agreement notice in most of the TA s discipline. Different organisations select their TA s discipline based on their specific MAH operational activities or the relevance of the discipline to the organisation. Nevertheless, there were some TA s disciplines that had strong agreement across all respondents, disciplines such as the mechanical/pressure vessels TA, structural TA, electrical, instrumentation and control TA, process/technical safety TA, materials and corrosion TA. These are disciplines with high potential of resulting in major accident if not properly managed and they are susceptible to degradation as asset age. An explanation of the TA s discipline is given below; The Mechanical/Pressure vessel TA: This TA is accountable as the company s authority for providing technical expertise to other departments on piping, valves and vessel engineering issues with special emphasis on pressure containment and vibration issues. It is a known fact that the effective pressure containment of vessels and pipe work is essential to minimising the risk of hydrocarbon releases. Maintaining the mechanical integrity of a vessel is a significant factor in ensuring contained fluids is not accidentally released. Structural TA: According to the HSE, TA act as a backstop against degraded SCE, safety related equipment s and structures. In other to prevent MAH, the structural TA should have a good understanding of the behaviour of the structure, and the degradation and failure mechanisms of critical structural elements. This is necessary to prevent structural failures leading to hydrocarbon releases or other catastrophic consequences which can lead to multiple fatalities [2]. Structural integrity management is the principal barrier to safeguard assets and those working offshore from MAH. The integrity of this offshore structures depend on the structural TA getting it right at the design and construction stage, and keeping it right over the life cycle of the structure. Electrical, Instrumentation and Control TA: As offshore infrastructure age, there is an increased risk of ignition of electrical infrastructure in the event of a major loss of hydrocarbon containment if not managed adequately. The Electrical, Instrumentation and Control TA discipline is responsible to ensure that critical power generation and distribution, well-related SIS, process and emergency 41
support systems such as ESD and public address/general alarm (PA&GA) are reliable and available when called upon. Process/Technical Safety: Process safety management involves the prevention of uncontrolled loss of containment of flammable hydrocarbons, which may result in a fire and/or explosion. Process/technical safety TA should be able to recognise changes made to production rates, operating parameters, plant modifications, operating procedures and key drawings, and training needs during the lifetime of the process plant. If used correctly, the process/technical safety TA has a vital role in managing cumulative risk. Materials and Corrosion TA: If corrosion is not controlled, it can lead to the loss of hydrocarbon containment and structural failure, with the possibility of resulting in major accident with serious human, asset, environmental and reputational implications. The Materials and Corrosion TA are accountable for ensuring that adequate systems are in place for the control and monitoring of plant, pipe work corrosion and selection of suitable materials in the design of site modifications, or projects. For example, the close relationship between the Materials and Corrosion TA and chemist to manage the chemical injection systems to ensure adequate protection against corrosion 4.1.3 TA Role Definition and Organisational Approach In this section, duty holders were asked to describe the role and accountabilities of the TAs within their organisation. This was followed by some specific questions based on the findings by HSE in 2007 on the poor performance of maintenance strategy of SCE by duty holders (see Appendix C). The areas with worst performance include; Maintenance of SCEs Backlog Deferrals Measuring compliance with performance standards Corrective maintenance The specific questions were tailored to understand the industry s step in improvement this areas of poor performance. (See Appendix B section 3). 42
The summary of the roles/responsibilities from the respondent are shown in the stacked bar chart in figure 4.7 below. Figure 4.7: TA Roles/Responsibilities 43
Figure 4.8: TA Roles/Responsibilities % of Respondents in Agreement The bar chart in figure 4.8 above shows the roles/responsibility of the TAs and percentage of respondents in agreement. The roles are each considered in turns; 4.1.3.1 Review and Audit This is an important role to ensure the integrity of an asset over its life cycle as discussed in the literature review (chapter 2). Reviewing and monitoring enables the duty holders to understand how well the organisation is managing its asset integrity and an understanding of the present risk level in the asset. For continuous management of the integrity of an assets, periodic reviews is advised even on approaches introduced for risk managements, this activity ensures that changes are understood and the selected barrier are still effective. 44
On the other hand, auditing is done to identify loop holes or cracks on the safety equipment s. 4.1.3.2 Risk Assessments Understanding of hazards present in an asset or operation is the first step in managing it. It is a process of identifying hazards, the consequence if the hazard is released, the likelihood that the hazard will be released, and the risk to personnel, environment, assets, reputation and taking step to set up barriers to ensure the risk is reduced to a level that is as low as reasonably practicable. Risk assessment is also a continuous process done over the life cycle of an asset to ensure that hazards are identified over the different phases of the asset. 4.1.3.3 Defines Regional Technical Standard Technical Standard is the established norm or requirements for technical systems/assets. This is an important role because all operational integrity and process safety plans are built on a foundation of complete, accurate, and timely technical information [55]. For example, for a proper HAZOP studies to identify possible deviations (in a process plant), it is required that up to date and accurate Piping and Instrumentations Diagrams (P&IDs) be provided to the team, operating procedures require information about process limits, and the AIM plan requires information about equipment and piping. Also with a good written technical standard, it is easier for duty holders or outside auditors to evaluate the status of the integrity management systems [55]. 4.1.3.4 Endorse waiver to Technical Standard Waiver to technical standard is a sensitive activity that requires an engineering authority with an understanding of the associated risks. The endorsement of waiver requires proper risk assessments to determine the risk associated with the activity in other to have proper barriers in place. Waivers to technical standards are issued on special circumstances to allow certain critical equipment to continue to be on service provided controls are in place. Each waiver to the technical standard should be recorded in the asset register and subjected to regular review. 4.1.3.5 Interpretation of Good Engineering Practice Sharing of good engineering practice is a good way of enhancing cross industrial learning. The understanding of the good engineering practice from the industry by the TAs will ensure proper implementation to manage the integrity of their assets. 45
4.1.3.6 Endorse Deviation from PS As discussed in the literature, PS details the performance required of a system after all major hazards scenario has been identified. PS generally describe the functionality, survivability, reliability, availability and interrelation with other asset of the system. Deviation from this standard will require risk assessments to ascertain that such deviations will not lead to major accident. 4.1.3.7 Strategic Maintenance Maintenance of an asset or installation is an on-going activity. Inadequate strategic maintenance has been a contributory factor in many major accidents and incidents (e.g. Piper Alpha). As assets continually age, there is an increasing need to strategically maintain SCE whose purpose is to prevent, control or mitigate the consequence of a major accident. Strategic maintenance could be; Corrective Maintenance: This strategy involves carrying corrective maintenance on an asset until it eventually fails. Preventive Maintenance: This strategy involves the carrying out of maintenance on an asset to prevent possible degradation of the asset with time i.e. prolong component life cycle minimizing asset failure. Reliability Centred Maintenance: This maintenance strategy is done to prevent failures whose consequences can be fatal. The maintenance interval is based on the actual system criticality and performance data. The understanding when to apply each of this strategy is essential for AIM. 4.1.3.8 Approves Key Engineering Drawing Integrity in design will ensure integrity during operations. Proper risk assessments are done on key engineering drawings (e.g. P&ID) to ensure risk are identified and proper steps are taking to manage it. 4.1.3.9 Ensure Conformity with Legislation and Standard Standards and Legislations have been developed to guide duty holders on various areas exploration, development, operations, design, construction, procedure etc. for example, the ISO standard. They are crucial for the technical definition of oil and gas 46
installations, regardless of whether they are regional, international or industry standard. Standards and Legislation are also called recommended practices, specifications, bulletins, technical reports etc. Standards and Legislation play an important role in the regulators technical definition of the safety level of oil and gas installations they regulate and also in guiding the duty holders to achieve the accepted level of safety. Conformity to standards and legislation is important to ensure the assets are designed, installed and operated within the international recognise standards and best practices. 4.1.3.10 Guidance, Mentoring and Training To prevent major accidents such as the 1998 Esso Longford gas explosion and the 2005 BP Texas city fire, proper training, guidance and mentoring to ensure competency is necessary. 4.1.3.11 Investigations and Root Cause Analysis Preventing the next accident is a key issue in a high risk industry with ageing infrastructures such as the UK oil and gas industry. As discussed in the literature review (chapter 2), accident investigation and root cause analysis is the most efficient way of preventing recurrence and improving on the hazard and risk management strategies. 4.1.3.12 Review Suitability of SCE Integral to the integrity of assets are the SCEs. Reviewing the suitability of the SCE is measuring the SCE against the pass/fail criterion of the PS to ensure conformity with the required standard. This is essential to ensure continual fit for purpose of the SCEs over its life cycle. 4.1.3.13 Defines PS These are standard that can be expressed in both quantitative and qualitative terms of the performance required of an SCE. It is developed after the hazardous scenario has been identified and safety strategies developed as shown in the figure below. 47
HAZARD IDENTIFICATION Determine Safety Strategy e.g. the role and need for the risk reducing measure QRA or any other risk analysis of safety studies Define Specific Safety PS (i.e. Functionality, Reliability, Survivability, Availability etc.) Figure 4.9 PS development flow diagram 4.1.3.14 Maintenance Deferral of SCE Deferral of maintenance is needed when management system has not provided resources for the maintenance. The deferral process is recognition that there is potential for degradation of the SCE. It should provide the means to compensate for the degradation and the potential increase in risk [2]. 4.1.3.15 Review Changes and Modification The understanding of risk associated with changes and modifications is essential for effective integrity management. As discussed in the literature review in chapter 2, each changes and modification can change the risk profile of an asset. Review of changes and modification enables duty holders to understanding risk and take necessary steps to prevent, control or mitigate the consequences. 4.1.3.16 Independent View on Safety and Operational Risk Operational safety addresses the need to operate assets within the safe operating envelope and define the limits beyond which system integrity may be jeopardized. Mechanical integrity can be maintained by adhering to defined operating procedures and processes. The bar chart in figure 4.8 shows the percentage of respondents agreeing to the listed roles/responsibilities. Though most had low percentage of the respondent in agreement, there has been considerable strengthening of the roles of TA within the industry. This is obvious in the considerable improvement on the areas with poor maintenance strategies 48
discovered by OSD of HSE in 2009. As asset continues to age, more needs to be done in other to ensure effective integrity management. 49
5 CONCLUSIONS The finding of this research has given an insight into the current implementation of the Technical Authority s role within operating companies in the UKCS. It highlighted key roles, functions and how they manage the integrity of assets. Based on the findings, it is seen that the Technical Authority s role has been strengthened and embedded into the organisational structure of operating companies within UKCS. The Technical Authorities are engineers whose combination of education, experience and ability to lead make them the most appropriate person to provide advice, guidance and decision making in their technical disciplines. They occupy strategic technical disciplines within the operating companies with key roles of evaluating and making engineering and other technical judgements as well as providing advice and guidance on key operational issues. They also ensure major accident hazards are managed by defining performance standards for safety critical elements and ensuring they remain fit for operational purposes. There is still need for the industry to ensure consistent and uniform implementation of the Technical Authority s role within operating companies to ensure integrity of assets are continually managed even as assets age. 50
6 RECOMMENDATIONS Based on understanding of Major Accident Hazards, Safety Critical Elements, Risk Based Inspections and Performance Standard loop discussed in the literature review and the findings from this research, the recommended roles and responsibilities to be implemented by Technical Authorities going forward are; Define performance standards for safety critical elements. The performance standard details the performance required of the safety critical elements after the major accident hazards have been identified. As asset age, a program of planned assurance and verification activities should be carried out to ensure the safety critical element meets the required performance standard. This will ensure the continual fit for purpose of the SCE over its life cycle. Manage maintenance deferrals for safety critical elements. This is to ensure deferral arrangements are better controlled and risk assessed Review the suitability of safety critical elements. This should involve periodic audit and review to ensure the safety critical elements meets the required performance standards Review changes and modifications to understand the risk associated with such activities and take necessary steps to control, prevent or mitigate them Investigation and root cause analysis. This help to prevent recurrence of an accident and improve on the performance standards. Technical authorities should be involved in risk assessments of critical operations to identify the major hazards associated with such operations and define the performance required of the safety critical elements. The Technical Authorities should define technical standard at regional level and ensure they remain fit for purpose. Technical Authorities should provide guidance, mentoring and training across installations where required The Technical Authorities should approves key engineering drawing to ensure design integrity 51
The Technical Authorities should carry out review and audit activities as required ensuring the safety critical equipment meet the required performance standards. In order to ensure consistent and uniform implementation of the technical authority role across operating companies, the industry should develop a central reference standard defining the role of Technical Authorities. This will guide operating companies within the UKCS. 52
REFERENCES [1] University of Aberdeen., The Project: Brief History of the UK North Sea Oil and Gas Industry. [Online] Available at: http://www.abdn.ac.uk/oillives/about/nsoghist.shtml [Accessed 20 June 2013]. [2] HSE. (2007) Key Programme 3-Asset Integrity Programme, A report by the Offshore Division of HSE s Hazardous Installations Directorate, 5-10. [3] Ciaraldi, S. W. (2009) Practical aspects of integrity management for large oil and gas production infrastructures, Society of Petroleum Engineers - SPE/IATMI Asia Pacific Health Safety, Security and Environment Conference and Exhibition 2009, APHSSEC 09. [4] Rao, A. R., Rao, S. S., Sharma, T., Krishna, K. R. (2012) Asset integrity management in onshore & offshore-enhancing reliability at KGD6, Society of Petroleum Engineers - SPE Oil and Gas India Conference and Exhibition 2012, OGIC - Further, Deeper, Tougher: The Quest Continues. [5] Sutton, I. (2010) CHAPTER 6 - Asset integrity. Process Risk and Reliability Management,. pp. 301-346, William Andrew Publishing, Oxford, UK. [6] Ciaraldi, S. W. (2005) The essence of effective integrity management-people, process and plant, 2005 SPE Asia Pacific Health, Safety and Environment Conference and Exhibition - Proceedings. [7] Esaklul, K. A., Al-Adsani, A. M. (2006) Integrity management in KOC, 8th SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2006. [8] Cutts, S. (2005) Offshore safety division's response to concerns about installation integrity on UKCS, Offshore Europe Conference - Proceedings. 53
[9] Butler, S. (2005) 12 Life cycle risk management tools. In: Cameron I,T., Raman R, editors., Process Systems Engineering, Volume 6,. pp. 469-514, Academic Press. [10] Baby, R. (2008) Integrity management during design stage, Society of Petroleum Engineers - 13th Abu Dhabi International Petroleum Exhibition and Conference, ADIPEC 2008. [11] Dreher, L. G., Jarman, M. F. (2004) Application of "life cycle" concept for asset risk management, SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production. [12] De Wardt, J., Moore, T., McKenzie, A. (2011) FMECA and commissioning - Guidelines to effectively deliver technology and systems for successful drilling automation, SPE/IADC Drilling Conference, Proceedings. [13] Al-Bidaiwi, M., Beg, M. S., Sivakumar, K. V. (2012) Deal with start-up and commissioning threats and challeges at an early stage of the project for a sucessful handover and project completion, SPE Production and Operations Symposium, Proceedings. [14] Hassan, J., Khan, F. (2012) Risk-based asset integrity indicators, J Loss Prev Process Ind, 25. (3) 544-554. [15] Laskar, L. (2013) A Novel Methodology for Maintaining Mechanical Integrity of High Pressure Relief Systems, 6th International Petroleum Technology Conference, 2013, Beijing, China, 26th - 28th March 2013. International Petroleum Technology Conference. [16] Smallwood, R. E. (2004) Equipment Integrity In The New Millennium, CORROSION 2004, New Orleans, La, 28th March - 1st April 2004. NACE International. [17] Adair, S., Filmalter, E., Mahlangu, F. (2008) Asset integrity management in the digital age, Energy Institute - 19th World Petroleum Congress 2008: A World in Transition: Delivering Energy for Sustainable Growth. [18] Lawson, B. (2012) Managing asset integrity in the UK continental shelf. 54
[19] Julaihi, S., Jaafar, A. T., Bakar, N. A. A. (2010) Management of change, key component of an effective HSE management system, Society of Petroleum Engineers - SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2010. [20] Ritchie, D. M. (2011) The role of asset integrity and life extension in major accident prevention, Society of Petroleum Engineers - Offshore Europe Oil and Gas Conference and Exhibition 2011, OE 2011. [21] Palmer, G. A. (2011) Confidence in data aids improved asset value, Society of Petroleum Engineers - SPE Asia Pacific Oil and Gas Conference and Exhibition 2011. [22] Daoud, M., Mohamed, A., Drahib, S., Badyab, A. (2012) ADCO's assets integrity requirements during projects execution, Society of Petroleum Engineers - Abu Dhabi International Petroleum Exhibition and Conference 2012, ADIPEC 2012 - Sustainable Energy Growth: People, Responsibility, and Innovation. [23] Khalaf, F., Abu El Ela, M. (2008) The risk management Process - An overview, Society of Petroleum Engineers - 9th International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2008 - "In Search of Sustainable Excellence". [24] Atherton, J. (2008) Incidents that define process safety. Hoboken, N.J. : Wiley, Hoboken, N.J. [25] Rahim, Y., Refsdal, I., Kenett, R. S. (2010) The 5C model: A new approach to asset integrity management, Int J Pressure Vessels Piping, 87. (2 3) 88-93. [26] Sutton, I. (2010) Chapter 12 - Incident investigation and root cause analysis. Process Risk and Reliability Management,. pp. 575-654, William Andrew Publishing, Oxford, UK. [27] Tveiten, C. K., Albrechtsen, E., Wærø, I., Wahl, A. M. (2012) Building resilience into emergency management, Saf Sci, 50. (10) 1960-1966. [28] Jones, D. S. (2007) Occupational health aspects of emergency preparedness and response, Society of Petroleum Engineers - Asia Pacific Health, Safety, Security and 55
Environment Conference and Exhibition 2007 - "Responsible Performance: Are We Doing the Best We Can". [29] Sandra, L. (2013) The Competence Part of a High Integrity Process, ERM, Peter Hill, Warwickshire Oil Storage Ltd. [30] Oliver, M. H. (2002) Plant Integrity Management Reviews, Abu Dhabi International Petroleum Exhibition and Conference, Abu Dhabi, United Arab Emirates, 13th-16th October 2002. Society of Petroleum Engineers. [31] Sepeda, A. L. (2009) A risk based maintenance approach (for facilities complying with the US OSHA PSM regulation), J Loss Prev Process Ind, 22. (6) 680-684. [32] Horrocks, P., Adair, S. (2010) 4.34 - Risk Based Inspection. In: Editor-in- Chief: Tony J.A. Richardson, editor., Shreir's Corrosion,. pp. 3084-3101, Elsevier, Oxford, UK. [33] Kapusta, S. D., Reynolds, J. W. (2008) Plant integrity and reliability are the keys to improving profitability, International Petroleum Technology Conference, IPTC 2008. [34] Wang, Y., Cheng, G., Hu, H., Wu, W. (2012) Development of a risk-based maintenance strategy using FMEA for a continuous catalytic reforming plant, J Loss Prev Process Ind, 25. (6) 958-965. [35] Willcocks, J. (2000) Risk-Based Inspection And Integrity Management of Pipeline Systems, The Tenth International Offshore and Polar Engineering Conference, 28 May- 2 June. The International Society of Offshore and Polar Engineers, Washington, USA. [36] Krishnasamy, L., Khan, F., Haddara, M. (2005) Development of a risk-based maintenance (RBM) strategy for a power-generating plant, J Loss Prev Process Ind, 18. (2) 69-81. [37] Marty, J., Theys, S., Bucherie, C., Bolsover, A., Cambos, P. (2010) Independent verification of safety critical elements, Society of Petroleum Engineers - SPE Russian Oil and Gas Technical Conference and Exhibition 2010, RO and G 10. [38] Unnikrishnan, G. (2006) Management of change - Systems approach with applications, 8th SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2006. 56
[39] Wayne, C., Christensen, P. E. (2001) Risk Assessment: Why & What You Need To Know! Part 1 - Risk Assessment: Why? CSP-ASSE Conference Paper. [40] Derevyakin, E. M. (2010) Systematic Approach Ensuring Asset Integrity, Equipment Reliability and Process Safety, SPE Russian Oil and Gas Conference and Exhibition, Moscow, Russia, 26th-28th October 2010. Society of Petroleum Engineers. [41] Dhar, R. (2011) Performance standards for safety critical elements - Are we doing enough? Society of Petroleum Engineers - SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2011. [42] Peterson, R., Jablonski, R. (2003) Risk Based Inspection - As Part of an Overall Inspection Management Program, CORROSION 2003, San Diego Ca, March 2003. NACE International. [43] Dos Santos, A., Al Hajri, A. (2000) Risk Based Inspection - A Valuable Approach, Abu Dhabi Interntional Petroelum Exhibition and Conference, Abu Dhabi, United Arab Emirates, 13th-15th October 2000. Society of Petroleum Engineers. [44] Reynolds, J. T. (2000) Risk Based Inspection - Where Are We Today? CORROSION 2000, Orlando, Fl, 26th - 31st March 2000. NACE International. [45] Al-Mithin, A. W., Sardesai, V., Al-Harbi, B., Murthy, H. S., Hannan, A. S. A. (2011) Risk Based Inspection (RBI) of Aboveground Storage Tanks to Improve Asset Integrity, International Petroleum Technology Conference, Bangkok, Thailand, 7th-9th February 2012. International Petroleum Technology Conference. [46] Hassenzahl, D. M., Finkel, A. M. (2008) Risk Assessment, Environmental/Occupational. In: Editor-in-Chief: Kris Heggenhougen, editor., International Encyclopedia of Public Health,. pp. 590-600, Academic Press, Oxford, UK. [47] Bae, Y. M., Lee, Y. H. (2012) Integrated framework of risk evaluation and risk allocation with bounded data, Expert Syst Appl, 39. (9) 7853-7859. [48] Clare, J. B., Armstrong, L. (2006) Comprehensive risk-evaluation approaches for international E&P operations, 8th SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2006. 57
[49] Peball, U., Dragan, S. (2011) Addressing MAH (major accident hazards) - From assessment to actions, Society of Petroleum Engineers - SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production 2011. [50] Craddock, R. J. (2004) Avoiding a major accident event, International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production. [51] Smith, D., Zijlker, V. (2005) Managing major incident risks, 2005 SPE Asia Pacific Health, Safety and Environment Conference and Exhibition - Proceedings. [52] Silvermann, D. (2010) Doing a qualitative research: A practical handbook. 3rd ed., Sage, London, UK. [53] Punch, K. F. (2005) Introduction to Social Research: Quantitative and Qualitative Approaches. 2nd ed., Sage, London, UK. [54] Saunders, M., Lewis, P. Thornhill, A. (2007) Research methods for business students. 4th ed., Financial Times/Prentice Hall, Harlow. [55] Sutton, I. (2010) Chapter 5 - Technical information and industry standards. Process Risk and Reliability Management,. pp. 277-300, William Andrew Publishing, Oxford, UK. [56] HSE. (2009) Key Programme 3-Asset Integrity Programme, A review by the Offshore Division of HSE s Hazardous Installations Directorate, 5-36. 58
APPENDIX A APPENDICES COPY OF LETTER FROM STEP CHANGE IN SAFETY TO PARTICIPANT Technical Authority Capability for Operators Introduction As part of the STEP CHANGE Asset Integrity Workgroup, the Technical Authority Sub-Group have set an objective to define the key roles that need to be delivered by Technical Authorities (TA) in operating companies and to develop a Generic TA Model. Since a single organisational model across the industry is not practical, the objective is that each operating company will map their respective organisations on to the Generic TA Model to help identify potential gaps and so aid the development of a more consistent approach across the offshore oil and gas production industry. This questionnaire has been developed to determine the level and nature of TA capability in individual operators, and to identify the ways in which individual companies are assuring Asset Integrity through the TA model. The identities of individual operators will be treated as confidential and will not be disclosed in the results of the analysis. The information requested relates to operational engineering and excludes engineering design that may be undertaken by specialist engineering contractors, except where the engineering house is specifically contracted by an operator or licensee to undertake that function on behalf of an operator. Best Regards, (Anonymous) 59
APPENDIX B THE QUESTIONNAIRE Section A: Organisation RESPONDENTS QUESTION 1 Number of Separate offshore facilities operated in UK Company A 7 Company B 5 Company C 3 Company D 12 Company E 8 Company F 9 Company G Nil Company A Company B Company C Company D Company E Company F Company G QUESTION 2 Central TA Function covering assets? Yes Yes Yes Yes Yes Yes Yes for engineering and construction, not yet for operations (the Operations TA s are part of the operational contract at present but this is developing to a central resource) 60
Company A Company B Company C Company D Company E Company F QUESTION 3 Describe the organisation structure within which the TA function sits, in particular describe the reporting lines The Discipline Engineering TAs are shared across all facilities, and report through a Regional Engineering Authority to a Regional Vice President of Safety & Operational Risk. This reporting line (TA- EA-VP) is independent of the operations organisation, all the way up to the main board of the company. The Technical Authorities are resident within Facilities Engineering, Maintenance, Reliability and Integrity, Operations and Operational Excellence Functions. The TAs report into Discipline Section Heads who again reports into the Engineering & Maintenance Manager We have a central Operations TA Function covering all of the Assets stated above and our International Assets. Instrument, Mechanical and Electrical TA s report The Tas in operations report to the Engineering manager who reports to the Operations Director and then the MD. The TAs in Asset Integrity report to the AI manager, who reports to the SHE&I manager and then the MD. The TAs sit outside the asset in an engineering service organization reporting 61
to a service manager who has the same seniority as the asset managers. Minor project engineering and maintenance delivery sit in the production services dept providing a service to the assets. Major projects have a separate organization. Company G Company A Company B Company C Company D Company E Company F Company G Section B: Technical Authority Standard/Framework QUESTION 4 Do you have a job description of TAs? Yes Yes Yes Yes Yes Yes Yes Company A QUESTION 5 If so, describe the role and accountabilities of a TA A standard job description exists for all TAs, and includes, within their Engineering discipline, an accountability to drive safe, compliant and reliable operations through: 1. Setting the engineering practice (i.e. to defining the detail of the codes and standards that are to be used), 2. Providing deep technical capability, in particular around the interpretation of the engineering practice, 62
Company B 3. Providing an independent view on the health of safety and operational risk, in particular holding Agree rights over certain risk management decisions, and 4. Intervening and escalating as required to cause corrective action A Technical Authority framework is in place which describes the roles and responsibilities of the TAs, minimum qualifications and the process for nomination and approval. Roles and responsibilities are; 1. Technical screening of Management of Change requests. 2. Review and approval of Safety Case Risk Assessments. 3. Approval of system/discipline specific operating procedures. 4. Advise project staff in determining maintenance and operating philosophies and standards taking a whole of lifecycle approach. 5. Review and approve changes to Performance Standards. 6. Maintain an overview of the safe & correct operation of system(s). 7. Consult other Technical Authorities and SMEs as required. 8. Work with the Verification Coordinator and ICB, as required, to resolve verification scheme notes of concern and reservation. 9. Work with project teams to ensure that the project delivers equipment that meets the business unit s expectations. Attends Design Reviews and Peer Assists as required. 63
Company C Company D 10. Adopt and apply industry best practice. 11. Challenge the status quo to ensure the impact of boundary issues between disciplines or due to changes in other disciplines are not overlooked. 12. Continuously seek to identify opportunities to improve safety so far as is reasonably practicable through improved processes, systems or equipment. 13. Provide incident investigation and technical support to incident investigations. 14. Review and approve/reject requests for deferral of safety critical maintenance. 15. Review the suitability of the SCEs for which he is designated the Lead Technical Authority. 16. Maintain contact with Subject Matter Experts in ETC and external organisations. There is a generic job description for the Technical Authorities (attached) Also there is an informal this is what a TA do (also attached) A section of the Electrical TA Job Description is shown below: 1. Act as Principle Electrical Engineer in support of the wider asset base 2. Responsibility for assuring changes or modifications safeguard the integrity of the operated asset and ensure risks continue to be controlled to the principles of ALARP prior to commencement of operations. 3. Has responsibility for assuring the initial suitability of any changes or modification undertaken through the Engineering Change Control and Verification process. 4. Review the suitability of 2nd deferral Safety 64
Critical PM, CM & PMA s beyond their original scheduled due date. 5. Review impaired SCE ORA s beyond their original scheduled due date. 6. Review Remedial Action Recommendation (RARs) beyond their original scheduled due date. 7. Has responsibility to provide annual SCE fitness for purpose assurance statements. 8. Is responsible for reviewing and keeping up to date discipline related integrity assurance processes and procedures. 9. Assesses and determines the technical competence of Responsible Persons. 10. Be capable of applying sound independent judgment in support of a resolution to complex and non-routine problems 11. Provide influence and direction towards discipline based decisions that affect company policies and procedures and or significant capital commitments related to upgrades or new projects 12. Fully competent in respective discipline and be current in respect of advanced techniques/procedures and industry legislative requirements 13. Manage the strategic maintenance to ensure the availability/reliability of electrical systems to meet all safety, business/compliance targets/requirements. 14. Be the custodian for the Operations Electrical maintenance strategies and ensure they are reviewed and updated to reflect current practice. 15. Trend electrical system availability and review operational strategies accordingly to maximize electrical system availability and reliability. 65
Company E Company F 16. Ensure compliance with regulatory, corporate and business best practices. 17. Ensure appropriate contract management to ensure alignment with Operations business/compliance objectives Key responsibilities include owner of allocated SCE Performance Standards, approval of key engineering drawings, involvement in modification process, attendance at RCAs associated with failures of plant in service, etc, There are different levels of TA and responsibilities depend on the level. 1. TA0 is appointed by the Managing Director of the company and is responsible for implementation and assurance of the discipline controls framework. They appoint TA1s in conjunction with global discipline heads. 2. TA1s are responsible for setting the discipline standards at local level and appoint TA2s. They may approve deviations from their standard. 3. TA2s have the competence to approve work with a significant multi-disciplinary content and modifications. Company G 4. Establish and maintain consistent and legally compliant performance standards and provide technical leadership for the execution of GENERIC DISCIPLINE operations in the region 5. Establish and maintain consistent and legally compliant 66
performance standards and provide technical leadership for the recruitment and development of GENERIC DISCIPLINE operatives in the region 6. To advise HR, Functions and projects on the recruitment, selection, training and competency assurance of GENERIC DISCIPLINE operatives. 7. Ensuring compliance with all statutory, client and company requirements, assessing and approving any deviations from these requirements 8. Promoting the highest standards of safety and environmental performance at all times 9. Providing expertise to management and to individual projects as and when required 10. To support contracts in the planning, risk assessment and execution of critical GENERIC DISCIPLINE operations. 11. Protecting the reputation and interests of the clients and company at all times 12. To execute scope content and frequency of any technical audits of GENERIC DISCIPLINE operations in the region and advise the regional leadership team of corrective or preventative actions arising there from. 67
13. To review and endorse all proposed significant changes to or deviations from approved performance standards, technical guidance notes and standard operating procedures relating to GENERIC DISCIPLINE operations QUESTION 6 List which TA Disciplines are included in your operation, include both in-house and 3rd party TA services you contracted in. Company A Company B 15 staff TAs support UKCS offshore, plus in around half of the cases, they also support other hydrocarbon operations in the Region (including Norway and Onshore/Midstream): 1. Process Engineering 2. Process Safety 3. Mechanical Engineering 4. Instrument & Control 5. Electrical 6. Structural 7. Pipelines 8. Materials & Corrosion 9. Welding 10. Rotating Equipment 11. Production Chemistry 12. Flow Assurance 13. Floating Systems 14. Inspection 15. Subsea Hardware (currently vacant) 1. Communications 68
Company C 2. Control & Instrumentation 3. Diving 4. Electrical 5. Helideck 6. HVAC 7. Lifting Equipment 8. Marine Systems 9. Materials 10. Pipelines & Risers 11. Piping 12. Pressure Vessels (External) 13. Process Engineering - All assets* 14. Process Engineering - Captain 15. Process Engineering - Alba/Erskine 16. Rotating Equipment 17. Structural (External) 18. Subsea Control Systems 19. Subsea Wells 20. Technical Safety 21. Well Integrity & Control All TAs are staff employees and sits inhouse There is only one TA per discipline Company D In-house: 1. Electrical 2. Mechanical 3. Instruments & Controls 4. Technical Safety 5. Subsea 6. Integrity 7. Pipelines, Structural 8. Rotating Equipment 69
Company E Company F Company G 9. Metering 10. 3rd Party 11. Lifting 12. Telecoms 13. HVAC We currently have 17 TAs defined in our organisation, all of which are in house. 1. Process Engineering 2. Structures 3. Static equipment 4. Rotating equipment 5. Inspection and materials 6. Electrical 7. Instrumentation and control 8. Pipelines 9. Operations 10. Maintenance 11. Non facilities- subsurface e.g. Wells, logistics etc. There are a total of 29 disciplines with TAs. All in-house, we have three types of technical authority: We have design focussed TA, Commission construction focussed TA s and Operational TA s. 1. Electrical Design, Electrical Operations 2. Mechanical Design, Mechanical Operations 3. Structural Design, Structural Operations 4. Lifting and Rigging in Construction 70
(covers ops and design also) 5. Production Operations (supports design also) 6. Piping Design, Piping Operations (close contact with Integrity and corrosion) 7. Process Design, Process operations 8. Instrument Design, Instrument Operations 9. Metering Design, Metering Operations 10. Welding Construction 11. Technical Safety Design, Technical Safety Operations Metals, Metallurgy, Corrosion in Design and Operations QUESTION 7 What is the basis upon which you select TA's? Company A Company B TAs are required to be recognised company experts in the relevant engineering specialty and should be degree-level engineers, professionally accredited to an international standard. There is a formal competency assessment protocol for each engineering discipline that they need to complete before they are accepted into the role. TAs are primarily selected on the basis of being the most senior person within their 71
discipline within the organisation. In exceptional cases where a suitable individual is not available then a TA is sourced from within the Engineering Services contractor. All TAs must hold an industry recognised academic engineering qualification and should preferably be chartered. A nomination and approval process verifies the qualifications and allows senior management to review the suitability of the TA. Company C Company D Company E Company F Company G Must be a lead engineer or above (detailed selection criteria is specified) plus corporate approval of candidates TA s are selected through a clear process defined in our: OPERATIONS TECHNICAL AUTHORITIES & RESPONSIBLE PERSONS STRATEGY. The selection is based on years of experience in specific discipline, qualifications and status i.e. Chartered Eng. TAs are generally Chartered Engineers who have been selected as TAs on the basis of knowledge and experience. Technical qualifications and experience The appointment process is being changed in 2013 and will include a formal technical assessment and structured interview by 72
more senior TAs. Section C: Role definition and organisational approach QUESTION 8 Who defines and controls updates to the technical content of individual performance standards for the Safety Critical Equipment? Company A Company B The Document Custodian of the Performance Standards for Safety-Critical Equipment on each facility is the relevant TA, who controls the detailed technical content. The Issuing Authority is the Duty-holder. Each Performance Standard is mapped to a primary Technical Authority who has responsibility ensuring its suitability and for approving any updates. Company C The so-called SCE Owner which for 95% of the SCEs is a dedicated TA Company D Company E Our Operations Technical Authorities are responsible for the control and update of performance standards for their specific disciplines Technical Authorities are allocated specific Performance Standards and as such they are accountable for the content 73
and approval of them. Company F Company G TA2 does the work, TA1 approves. The TA under whom the SCE falls. If the SCE is a mechanical device then it falls under the Mechanical TA 74
QUESTION 9 State the number of persons in each of the TA disciplines Company A Company B The latest data I have for the size of the Discipline Engineering Community for UKCS Offshore activity, by TA discipline, is as follows: 1. Process Engineering (97) 2. Process Safety (10) 3. Mechanical Engineering (83) 4. Instrument & Control, including Measurement (71) 5. Electrical (28) 6. Structural (13) 7. Pipelines (14) 8. Materials & Corrosion (14) 9. Welding (1) 10. Rotating Equipment (11) 11. Production Chemistry (4) 12. Flow Assurance (1) 13. Floating Systems (1) 14. Inspection (3) 15. Subsea Hardware (32) In general there is a single TA in each discipline. The exception to this is Process Engineering which has asset level TAs and a cross-asset Lead TA. We are currently reviewing options for providing continuity of TA support when the primary TA is unavailable. 75
Company C We don t have TA disciplines but engineering sections. The Head of Section is not the TA There are following TAs Company D Company E Company F 1. Mechanical (static) Mechanical & Piping Section 2. Mechanical (rotating) Mechanical & Piping Section 3. Instrument & Control E&I Section 4. Electrical E&I Section 5. Process & Chemistry Section 6. Structural Marine & Structures Section 7. Marine / Naval Architecture Marine & Structures Section 8. Welding & Metallurgy Marine & Structures Section 9. Technical Safety Technical Assurance Section 10. Subsea Subsea Section We have 1 individual covering each of the Operations Technical Authority Disciplines There is one TA per discipline who has remit for the entire operated assets Varies according to discipline from about 30 (process engineering) to 6 for the 76
smaller disciplines. Not all people in a TA discipline are TAs. Company G We have several TA disciplines but each only has one person. They often cover more than their own group, i.e. the engineering design TA may also cover the operational role and vice versa. QUESTION 10 For each TA discipline area describe who is accountable for ensuring that equipment meets the KPI. Company A Company B Company C Across all TA discipline areas, the Operations organisation is accountable for ensuring that equipment meets the required KPI. The TA independently assures that this activity is being carried out correctly, and provides technical expertise to contribute to a successful outcome. The maintenance of equipment and the completion of Performance Assurance activities are managed via the CMMS (SAP) or, integrity management database (for piping/pressure vessels). The TA is engaged in the review of any deferral of maintenance of Safety Critical Equipment and the assessment of any failure of the equipment to meet its Performance Standard. System Owner for Equipment Systems, 77
SCE Owner for Safety-Critical Elements both Company D Company E Company F Company G The Asset Discipline Team is responsible for ensuring equipment meets the required KPI. The Operations TA s are responsible for verifying Within Company E we have specific allocated "Guardians" for each SCE and they are accountable for ensuring that equipment meets the performance standard Asset Maintenance Delivery Not clear. I haven t come across a defined assurance loop but I believe it is CMMS driven and managed by the associated functional manager (Operations, maintenance etc.) QUESTION 11 For each TA discipline how many people fill this role in your company? Company A Company B Company C Company D For UKCS offshore there is one individual allocated to each TA discipline area. See previous We have one and only one TA per discipline It depends on the size of the Asset 78
Company E Company F Company G Nil There is 1 TA1 and the number of TA2s is typically 2 to 3/discipline One (but the disciplines are defined as operations, design or construction) so there could be three for electrical for example, but each has a specific remit and focus QUESTION 12 In relation to modifications, at the highest level who/what function reviews the technical content of the Statement of Requirements (SOR) for a discipline perspective? Company A Company B The technical content of the SOR for modifications is owned by the Operations organisation, who have the technical capability to verify that it is correct. The role of the TAs is to assure that this is effective, and for risks above a certain level (of severity and likelihood) they have a formal role as reviewer. A higher threshold exists at which the Engineering Authority is required to be included as a reviewer. The Management of Change Process requires the first approver (generally the Facilities Engineering Manager or Offshore Team Lead) to identify the Technical Authorities who must review the 79
change before it can be implemented. This is normally done in conjunction with the Change Owner and the review is usually completed on the basis of the Statement of Requirements for detailed design. The pre-start up safety review ensures that all actions specified by the TA have been completed prior to bringing the equipment into service. Company C Company D Company E Company F Nil Nil The documents are reviewed by many functions, however, the Tas are involved in review on a discipline basis, respecting the scope of the proposed modification. Not familiar with the terminology but generally the TA2 approves the scope of modifications and the TA1 if there is a deviation from corporate engineering standards. Company G Design TA reviews but the Operational TA has involvement with the HAZOP QUESTION 13 On a discipline basis how many people fill 80
this job role in your company? Company A Company B Company C Company D Company E Company F No data. The bulk of the engineering activity for modifications is carried out on our behalf by an Engineering Contractor. Nil Nil Nil One per discipline where a TA has been identified. Nil Company G 1 QUESTION 14 Who defines your company engineering technical standards? Company A Company B The TAs define which technical practices are to be used at a Regional level, plus any local variations, but the technical content is owned by a globally centralised team outside of the North Sea Region. Engineering Standards are generated by Subject Matter Experts who generally work in the corporation s Engineering Technical Centre. The relevant TAs are given the opportunity to provide input to these standards when they are revised. Where necessary, local addenda are put in place to reflect the requirements for design 81
and operation of the equipment within the UK/EU. Local addenda are endorsed by the Technical Authority and/or corporate Subject Matter Expert and Approved by the Facilities Engineering Manager Company C Company D Company E Company F Company G Combination of various inputs, but overall a line responsibility N/A This is done by a mixture of local standards which will involve the TA and Group Rules which are defined by the discipline head in HQ, which may also involve the TA in the UK depending on experience and knowledge in the area in question. Standards are set by central engineering organization. The appropriate discipline TA QUESTION 15 On a discipline basis how many people fill this job role in your company? Company A Company B Company C Company D At a UKCS Offshore level, the same number as there are TAs (15) Nil Nil Nil 82
Company E 17 Company F Company G One per discipline One per discipline QUESTION 16 Do you have a process for approving exceptions to your company technical standards? Company A Company B Company C Company D Company E Company F Company G Yes. This process is formalised at three levels, the lowest of which is at the level of the North Sea Region. It is a corporate requirement that any waivers or exceptions are endorsed and approved by appropriate personnel. Chevron Upstream Europe is currently implementing a process in which the Technical Authorities and/or Corporate SMEs endorse any waivers or exceptions to the standards. Waivers and Exceptions will then be approved by senior management Yes and only TAs can approve waivers from technical standards Nil Nil Yes- by TA1 We have a technical deviation process 83
QUESTION 17 Do you have a competency scheme for your engineering staff and if so is it based on the principles of CPD? Company A Company B Company C Company D Company E Company F Yes Company B sets and verifies minimum qualification requirements for it engineering staff. New graduates undergo a formal four year training program. Career development for engineering disciplines is managed through technical career ladders which set expectations of competency for each engineering grade and demonstration of these competencies is required prior to approving promotions. No but aim to develop Nil We have a competency scheme for all our staff. Internal training courses Accredited graduate schemes with institutions such as IChemE and IMechE Company G Yes QUESTION 18 If not, what is it based on and is it 84
accredited and to whom? Company A Company B Company C Company D Company E Company F Company G The competency development scheme for engineering staff early in their career is formally defined and accredited by each of the Engineering Institutions (IET, IMechE, IChemE etc) out to the milestone of Chartered Status. The development programme is being extended to cover the first 10-12 years after graduation. Thereafter competency development is an expectation, but for discipline engineers is not supported by a formalised framework. Competency assessment is a requirement for TAs, along with other roles. Nil Nil Nil Nil Nil Nil QUESTION 19 In relation to assurance to Safety Critical Elements (SCEs), who approves maintenance deferrals? Company A Approval of the first deferral of maintenance for safety critical is delegated from the TA to the relevant (named) 85
discipline engineer in the Operations organisation. Second deferrals can only be approved by the relevant TA, and any third or subsequent deferrals by the EA. Company B Company C Initial deferrals of SCE maintenance are countersigned by the Technical Authority and approved by the OIM. Fundamentally we don t do maintenance on SCEs, but on Equipment Systems. We assurance test SCEs against performance standards. Deferral of maintenance or assurance testing is approved by TA in their roles as System Owner and/or SCE Owner Company D Company E Company F Company G All maintenance deferrals for Safety Critical Elements are approved by the Operations Technical Authority s The TA will be involved in approval of deferrals of PMs on SCEs. TA2 Deferrals based on time and within an acceptable band (controlled by CMMS) are approved by the maintenance or operations manager. Deviations from the performance standard are assessed and approved by the TA. This normally involves the instigation of some form of mitigation, which is executed through the maintenance manager or operations team (for changes to process such as dropping 86
vessel pressures etc.) QUESTION 20 Does the deferral process involve documenting a risk assessment of the deferral? Company A Company B Company C Company D Company E Company F Company G Yes, this is formalised as part of the deferral process. All SCE maintenance deferrals are risk assessed using the ISSOW tool. Yes Yes Yes Yes Yes Company A QUESTION 21 Is there an escalation process for the approval depending on time? No. The approval of deferrals is based on the risk exposure associated with the timescale until it is anticipated that the maintenance will be completed. Escalation occurs only once this predicted timescale is exceeded, whatever it has been set at. 87
Company B Company C Company D Company E Company F Yes The default time is 90 days but this can be reduced by the TA. A process is in place to escalate subsequent deferrals to senior management Yes Yes No If an item is deferred more than 3 times, it must be approved by the discipline TA1. Fourth time must be approved by TA0 and Asset Manager. Company G There s an escalation process for subsequent deferrals and deviations and one based on time. Company A Company B QUESTION 22 If so is this done on a discipline basis, by whom and how many of these job positions do you have on a discipline basis? N/A The escalation process includes the Maintenance Reliability and Integrity Manager, Operations Manager, General Manager Operations and ultimately Managing Director. It is normal for these individuals to discuss the deferral and associated risk assessment with the relevant technical authority and Installation Manager at each stage. 88
Company C Company D Company E Company F Company G Each installation holds a fortnightly video conference between the Offshore Leadership Team and Technical Authorities/onshore operations to review live risk assessments and execution plans for deferrals and SCE non-conformances. N/A N/A N/A N/A All of the operational TA s APPENDIX C FINDINGS FROM HSE OSD 2009 89
HSE Traffic Light Definition 90