Chemical Engineering Plant Design

CHE 441

Lecture 4

Dr. Asim Khan

Assistant Professor
Email: alaeeqkhan@ciitlahore.edu.pk

Risk Assessment & Safety

Assignment Submission

https://www.easychair.org/conferences/?c
onf=cepd14

Hazard & Risk

Hazard
the property of a substance or situation
with the potential for creating damage.

Risk
the likelihood of a specific effect within
a specified period

complex function of probability,

consequences and vulnerability
4

Material Hazards

Short term (Safety hazard)

Long term (Health and hygiene hazard)
Permissible limits
LD50
Threshold

limit value

Sources of exposure
Inhalation

(Cutting, Grinding, volatile liquids, gases)

Pumps and valves
Filling of tanks
Maintenance of closed systems
Annual

MSDS

Fire and Explosion Hazard

Flammable liquids, gases, dust

Lower flammable limits (LFL)
Upper flammable limits (UFL)
Limiting oxygen index (LOI)
Auto ignition temperature (AIT)
Flash point

Fire and Explosion Hazard

Types of Fire

Description

ordinary combustibles including paper,

wood, clothe rubber and many plastics

petroleum or flammable liquids and

gases, paints, solvents and greases

energized electrical equipment/

circuits

Chemicals and metals like

magnesium, potassium, lithium and
Sodium

Fire fighting
Starving

Cooling
Smothering

Intensification of Hazards

Reactors
Runaway

reactions
Coolant failure
Rate of exothermic reaction and cooling with
temperature
Reducing inventory

Distillation column
Large

inventory at boiling
Sequencing

Intensification of Hazards

Heat transfer operations

Location

of production and consuming plants

Relief systems
Direct

discharge to atmosphere under dilution

conditions
Containment
Combustion in flare
Stronger design rather than relief systems

10

Risk Assessment
Risk Analysis
Hazard Identification

Hazard & Scenario Analysis

Likelihood

What if
HAZOP
ETA
FTA
FMEA

Consequences

Risk

11

I suppose that I
should have done that
HAZOP Study!

The HAZOP Method

systematic technique for identifying hazards

detect any predictable deviation (undesirable

event) in a process or a system.

systematic study of the operations in each

process phase.

13

HAZOP study team

Independent leader (e.g., not from plant studied)

Project engineer/Design Engineer

Plant operation

Discipline engineers

Provide engineering input

Operations representative

Preferred but complete independence not essential

Process
Instrument/ electrical
Mechanical/ maintenance

HAZOP minute recorder

One of the above

HAZOP Planning and Execution

REPORT
Action List
HAZOP
Report
TEAM
System
Assessment
Team Activity

15

PLAN
Select Team
Examine System
Keywords

TRACK
ACTIONS
HAZOP
Review
Meeting

CLOSE OUT
Record/File
Completed
Actions

HAZOP - Hazard and operability

HAZOP keeps all team
members focused on the
same topic and enables
them to work as a team
1+1=3
NODE: Concentrate on one location in the process
PARAMETER: Consider each process variable individually
(F, T, L, P, composition, operator action, corrosion, etc.)

GUIDE WORD: Pose a series of standard questions about deviations

from normal conditions. We assume that we know a safe normal
operation.
16

HAZOP - Hazard and operability

NODE: Pipe after pump and splitter

PARAMETER*: Flow rate
GUIDE WORD*: Less (less than normal value)

DEVIATION: less flow than normal

CAUSE: of deviation, can be more than one
CONSEQUENCE: of the deviation/cause

ACTION: initial idea for correction/

prevention/mitigation
17

All group
members focus
on the same
issue
simultaneously

Production of DAP (continuous process)

Valve A

Phosphoric Acid
Study line 1
Phosphoric acid delivery line

Valve C
Valve B
Ammonia
Diammonium
Phosphate
(DAP)
Reactor

HAZOP Study Report

Preliminary HAZOP Example

Monomer
Feed

Cooling
Coils

Refer to reactor system shown.

The reaction is exothermic. A cooling
system is provided to remove the excess
energy of reaction. In the event of cooling
function is lost, the temperature of
reactor would increase. This would lead
to an increase in reaction rate leading to
additional energy release.

Cooling
Water
to Sewer

Coolin
g Water
In

T
C

The result could be a runaway reaction

with pressures exceeding the bursting
pressure of the reactor. The temperature
within the reactor is measured and is
used to control the cooling water flow
rate by a valve.
Thermocoupl
e

Perform HAZOP Study

HAZOP on Reactor
Guide Word
NO

REVERSE

MORE

AS WELL AS

OTHER THAN

Deviation

Causes

Consequences

Action

HAZOP on Reactor
Guide Word

Deviation

Causes

Consequences

Action

NO

No cooling

Cooling water
valve malfunction

Temperature
increase in reactor

Install high
temperature
alarm (TAH)

REVERSE

Reverse
cooling flow

Failure of water
source resulting
in backward flow

Less cooling,
possible runaway
reaction

Install check
valve

MORE

More cooling
flow

Control valve
failure, operator
fails to take action
on alarm

Too much cooling,

reactor cool

Instruct
operators on
procedures

AS WELL AS

Reactor
product in
coils

More pressure in
reactor

Off-spec product

Check
maintenance
procedures and
schedules

OTHER THAN

Another
material
besides
cooling water

Water source
contaminated

May be cooling
ineffective and
effect on the
reaction

If less cooling,
TAH will detect.
If detected,
isolate water
source. Back up
water source?

HAZOP Criticality analysis

Criticality - combination of severity of an effect and the probability
or expected frequency of occurrence.
The objective of a criticality analysis is to quantify the relative
importance of each failure effect, so that priorities to reduce the
probability or to mitigate the severity can be taken.
Example formula for Criticality:
Cr = P B S
Cr: criticality number
P: probability of occurrence in an year
B: conditional probability that the severest consequence will occur
S: severity of the severest consequence

Example values for P, B and S

Categories
Probability
P
Very rare 1

Cond. Probabil
B
Very low
1

Severity
S
Low
1

Rare

Low

Significant

Likely

Significant

High

Frequent

high

Very high

Decision making
Criticality

Judgement

Meaning

Cr < X

Acceptable

No action required

X < Cr < Y

Should be mitigated within a

Consider
modification reasonable time period unless costs
demonstrably outweight benefits

Cr > Y

Not
acceptable

Should be mitigated as soon as

possible

The values X and Y have to be determined by a decision-maker. It

might be necessary to formulate some additional criteria, for instance:
every deviation for which the severity is classified as very high
severity shall be evaluated to investigate the possibilities of reducing
the undesired consequences.

Fault Tree Analysis

Graphical representation displaying the relationship

between an undesired potential event (top event) and
all its probable causes

top-down approach to failure analysis

starting with a potential undesirable event - top event

determining all the ways in which it can occur

mitigation measures can be developed to minimize the

probability of the undesired event

Fault tree construction

AND gate
The AND-gate is used to show that the output event occurs only if
all the input events occur
OR gate
The OR-gate is used to show that the output event occurs only if
one or more of the input events occur
Basic event
A basic event requires no further development because the
appropriate limit of resolution has been reached
Intermediate event
A fault tree event occurs because of one or more antecedent
causes acting through logic gates have occurred
Transfer
A triangle indicates that the tree is developed further at the
occurrence of the corresponding transfer symbol
Undeveloped event
A diamond is used to define an event which is not further
developed either because it is of insufficient consequence or
because information is unavailable

Basic FTA example: A barrel is being filled from pipe B and Pipe C.

Example Fault Tree

Procedure
Procedure for Fault Tree Analysis
Define TOP
event

Define overall
structure.

Explore each
branch in
successive level
of detail.

Perform
corrections if
required and
make decisions

Solve the fault

tree

Procedure
Define Top Event:

Use P&ID, Process description etc., to define the top event.

If its too broad, overly large FTA will result. E.g. Fire in process.

If its too narrow, the exercise will be costly. E.g. Leak in the valve.

Some good examples are: Overpressure in vessel V, Reactor high

temperature safety function fails etc.,

Procedure
Procedure for Fault Tree Analysis
Define TOP
event

Define overall
structure.

Explore each
branch in
successive level
of detail.

Perform
corrections if
required and
make decisions

Solve the fault

tree

Procedure
Procedure for Fault Tree Analysis:
Define TOP
event

Define overall
structure.

Explore each
branch in
successive level
of detail.

Perform
corrections if
required and
make decisions

Solve the fault

tree

Procedure
Procedure for Fault Tree Analysis:
Define TOP
event

Define overall
structure.

Explore each
branch in
successive level
of detail.

Perform
corrections if
required and
make decisions

Solve the fault

tree

Event Tree Analysis

Event tree analysis evaluates potential accident
outcomes that might result following an equipment
failure or process upset known as an initiating
event. It is a forward-thinking process, i.e. the
analyst begins with an initiating event and
develops the following sequences of events that
describes potential accidents, accounting for both
the successes and failures of the safety functions
as the accident progresses.

ETA Procedure
Step 1: Identification of the initiating event
Step 2: Identification of safety function
Step 3: Construction of the event tree
Step 4: Classification of outcomes
Step 5: Estimation of the conditional probability of each branch

Step 6: Quantification of outcomes

Step 7: Evaluation

Example Event Tree

Step 1 Identify the initiating event

system or equipment failure

human error

process upset

[Example]
Loss of Cooling Water
to an Oxidation Reactor

Cooling Coils

Reactor Feed

Cooling Water Out

Cooling
Water In

Reactor
TIC
Temperature
Controller

Shutdown at
T2

Alarm
at
T1

TIA
Thermocouple
High Temperature Alarm

Step 3: Construct the Event Tree

a. Enter the initiating event and safety functions.

Oxidation reactor
high temperature
alarm alerts
operator
at temperature T1

SAFETY
FUNCTION

Operator
reestablishes
cooling water flow
to oxidation
reactor

Automatic
shutdown system
stops reaction at
temperature T2

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

FIRST STEP IN CONSTRUCTING EVENT TREE

Step 3: Construct the Event Tree

b. Evaluate the safety functions.

SAFETY
FUNCTION

Oxidation reactor
high temperature
alarm alerts
operator
at temperature T1

Operator
reestablishes
cooling water flow
to oxidation
reactor

Automatic
shutdown system
stops reaction at
temperature T2

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s

Failure

REPRESENTATION OF THE FIRST SAFETY FUNCTION

Step 3: Construct the Event Tree

b) Evaluate the safety functions.

SAFETY
FUNCTION

Oxidation reactor
high temperature
alarm alerts
operator
at temperature T1

Operator
reestablishes
cooling water flow
to oxidation
reactor

Automatic
shutdown system
stops reaction at
temperature T2

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s

Failure

If the safety function does not affect the course of the

accident, the accident path proceeds with no branch
pt to the next safety function.

REPRESENTATION OF THE SECOND SAFETY FUNCTION

Step 3: b. Evaluate safety functions.

SAFETY
FUNCTION

Oxidation reactor
high temperature
alarm alerts
operator
at temperature T1

Operator
reestablishes
cooling water flow
to oxidation
reactor

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s

Failure

Completed !

COMPLETED EVENT TREE

Automatic
shutdown system
stops reaction at
temperature T2

Step 4: Describe the Accident Sequence

Oxidation reactor
high temperature
SAFETY
alarm alerts
FUNCTION
operator
at temperature T1
B

Operator
reestablishes
cooling water flow
to oxidation
reactor

Automatic
shutdown system
stops reaction at
temperature T2

D
A Safe condition,
return to normal
operation
AC Safe condition,
process shutdown

INITIATING EVENT:
ACD Unsafe condition,
runaway reaction,
operator aware of
problem
AB
Unstable condition,
process shutdown

Loss of cooling water

to oxidation reactor
A

ABD Unsafe condition,

runaway reaction,
operator unaware
of problem

ACCIDENT SEQUENCES

Failure Mode and Effect Analysis (FMEA

Specific equipment related

Evaluates the frequency and consequences of
failure
Only focuses on component failure and does not
consider operators mistakes

46

Production of H2 from biogas

47

Failure Mode and Effect Analysis (FMEA

N
o
.

Failure mode

Biogas line leak

prior to the
compressor

Desulphurization
Unit Failure

Desulphurization
Unit Failure

Cause

Effects

Controls

Combustible gas
detectors and
Potential
ventilation
Mechanical failure
L
fire/explosion
systems,periodic
line inspection and
maintenance
High flow shutdown
Unable to remove
High Biogas flow
system to the
the heat of
Rate or high level
desulphurization
L
adsorption resulting
of contaminants
unit, measurement
in fire in the unit
of impurities level
Unable to remove
contaminants,
poisoning the
reformer and shift
Deactivation of the reactor's catalysts.
Catalyst in the
Reduction in
Switch to the
L
desulphurization
hydrogen
standby system,
unit
production and
increase in purge
system resulting in
temperature
increase

Recommendations

Safe Shutdown of the

system

Control the amount of

contaminants in the
biogas feed to the
desulphurization unit

48

Failure Mode and Effect Analysis (FMEA

N
o
.

Failure mode

Effects

Controls

Recommendations

Instrument failure

Overpressure in
the reformer

Opening of
pressure relief
valve on the
compressor and
reformer

No Steam

Mechanical failure,
failure in utility
system

No steam in the
reformer, plugging
of the catalyst and
coke formation in
the tube side,
resulting in tube
side failure

Shutdown of the
system

Increase redundancy
in the instrumentatrion
system

Low quality steam

Failure in
deionization unit of
the utility system

Congestion of the
catalyst in the
reactors, plugging
in the pipelines

Installing
conductivity
analyzer in the
steam inlet

Biogas Compressor
4
high discharge
pressure

Cause

49