The Risk Management of Safety and Dependability_1 pot

Acknowledgements xii Preface xiii 1 Ever-present danger: an introduction to the principles 1.2 The principles of risk assessment 2 1.7 Examples of risk management failures 5 2 Ignorance

The risk management of safety and dependability

The risk management of

safety and dependability

A guide for directors, managers and engineers

W Wong

Oxford Cambridge New Delhi

© Woodhead Publishing Limited, 2010

Published by Woodhead Publishing Limited, Abington Hall, Granta Park,

Great Abington, Cambridge CB21 6AH, UK

First published 2010, Woodhead Publishing Limited and CRC Press LLC

© Woodhead Publishing Limited, 2010

The author has asserted his moral rights.

This book contains information obtained from authentic and highly regarded sources Reprinted material is quoted with permission, and sources are indicated Reasonable efforts have been made to publish reliable data and information, but the author and the publishers cannot assume responsibility for the validity of all materials Neither the author nor the publishers, nor anyone else associated with this publication, shall be liable for any loss, damage or liability directly or

indirectly caused or alleged to be caused by this book.

Neither this book nor any part may be reproduced or transmitted in any form

or by any means, electronic or mechanical, including photocopying, microfi lming and recording, or by any information storage or retrieval system, without

permission in writing from Woodhead Publishing Limited.

The consent of Woodhead Publishing Limited does not extend to copying for general distribution, for promotion, for creating new works, or for resale Specifi c permission must be obtained in writing from Woodhead Publishing Limited for such copying.

Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identifi cation and explanation, without intent

to infringe.

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library.

Library of Congress Cataloging in Publication Data

A catalog record for this book is available from the Library of Congress.

Woodhead Publishing ISBN 978-1-84569-712-9 (book)

Woodhead Publishing ISBN 978-1-84569-938-3 (e-book)

CRC Press ISBN 978-1-4398-2992-9

CRC Press order number: N10174

The publishers’ policy is to use permanent paper from mills that operate a sustainable forestry policy, and which has been manufactured from pulp which is processed using acid-free and elemental chlorine-free practices Furthermore, the publishers ensure that the text paper and cover board used have met acceptable environmental accreditation standards.

Typeset by Toppan Best-set Premedia Limited, Hong Kong

Printed by TJ International Limited, Padstow, Cornwall, UK

Acknowledgements xii Preface xiii

1 Ever-present danger: an introduction to the principles

1.2 The principles of risk assessment 2

1.7 Examples of risk management failures 5

2 Ignorance is no defence: legislation and the corporate

2.1 Introduction: management failures 192.2 An overview of the law in the UK 212.3 The Health and Safety at Work etc Act 1974 242.4 The Management of Health and Safety at Work

2.5 The Provision and Use of Work Equipment Regulations

2.6 The Reporting of Injuries, Diseases and Dangerous

Occurrences Regulations 1995 (RIDDOR) 262.7 The Control of Substances Hazardous to Health

vi Contents

© Woodhead Publishing Limited, 2010

2.8 The Supply of Machinery Safety Regulations 2008

(Machinery Directive 2006/42/EC) 272.9 The Electromagnetic Compatibility (Amendment)

2.13 The Equipment and Protective Systems Intended for Use

in Potentially Explosive Atmospheres Regulations 1996

(SI 1996/192) (ATEX Directive 94/9/EC, as amended 2001) 402.14 The Pressure Equipment Directive 1999 (PED) 422.15 The Pressure Systems Safety Regulations 2000 432.16 The Lifting Operations and Lifting Equipment Regulations

4 Human factors in risk management: understanding

why humans fail and are unreliable 72

5 Exposing hazards: techniques to fi nd possible risks

of unacceptable failures in procedures, machines

5.4 Failure mode and effects analysis (FMEA) 105

5.5 Hazard and operability studies (HAZOP) 110

6 Safe enough? Methods and procedures for

evaluating and reducing risk in the design of

processes, plant and machinery 119

6.10 Safety integrity level (SIL) 143

7.5 Hazardous area classifi cation 149

9 Asset integrity: learning about the cause and

symptoms of age and decay and the need for

maintenance to avoid catastrophic failures 188

9.3 Failure due to service deterioration 194

10 Coping with risk: how to ensure the health and

11 Management disasters: the lessons to be learnt

Appendix 3: Directory of bodies associated with risk

Index 287

About the author

William Wong was a visiting lecturer on safety and reliability at University College London from 1994 to 2008 He retired after 25 years at Bechtel in

1999 and has held many positions in industry, up to management level, fulfi lling many different roles as a professional engineer for over half a century He has worked on a wide range of projects: in the design and construction of North Sea platforms, a fl oating production vessel, petro-chemical plants, LNG plants, power stations, gas and oil transmission pipe-lines, air separation cryogenic plants and a wind tunnel In his early years

he worked in manufacturing He worked in the aerospace industry on engine development, and then in the oil industry on the design, manufactur-ing and testing of gas turbines and process gas compressors

© Woodhead Publishing Limited, 2010

Acknowledgements

This book has originated from the book How did that happen? published

in 2002 It has mostly been rewritten to refl ect the developments and changes in the EU regulations since that time It could not have been written without experience gained from teaching the subject at University College London to students from a modern generation that is ignorant of engineering concepts, emphasising the need to make the subject easy to understand

I would like to acknowledge the help from:

Bechtel Ltd for part-time secondment to UCL as a visiting lecturer up until

my retirement

Members of the present IMechE Safety and Reliability Group for their helpful comments: R Denning, N Stewart, J Lewis, R May, C Vaughan.Philip Highe for updating the notes on radiation

Liz Brueck of Health and Safety Laboratories for help in updating the notes

on noise

Mike McCarthy of Reliasoft for help with Weibull analysis and data processing

Dr Jian-Zong Zhang for his help on metallurgy

Reliasoft Corporation for the use of software for producing the life acteristic graphs

char-Professor Strutt for his advice on extending the contents of the book.Professors R Bea and J Bray for permission to use material from their report on the New Orleans Flood disaster

Smit International for the photo of the Herald of Free Enterprise.

Hertfordshire Fire & Rescue Service for the photo of Buncefi eld

Professor S Richardson, Imperial College, for the photos (copyright unknown) and his notes on Piper Alpha

Roland Pruessner, GE Power Systems, Essen, Germany for providing examples of computer control screens

R Flood and J Wilkinson for proof reading and comments

HMSO for the picture of the Nimrod XV230 (Charles Haddon-Cave QC

(2009), The Nimrod Report, HMSO, London ISBN 978010296265 Crown

Copyright)

xii

In this modern world people live and work in a man-made jungle rounded by dangers unseen and unheard The complexity of this world is ever increasing as man builds more and more facilities to counter the effects

sur-of global warming, increasing and ageing populations and the need for sustainability Once in a while disaster strikes and people wonder, how did that happen? So often it happens because a number of seemingly unimport-ant events happen to coincide It may appear that it is because of someone’s mistake However when all the facts are known, ignorance, bad manage-ment and poor engineering are also to blame

Unlike Little Red Riding Hood, people need to be made aware of and kept alert to the dangers that may face them Laws and regulations are enacted to protect the health and safety of people with measures to mini-mise the risks to life and limb These matters are the responsibility of direc-tors, managers, engineers and safety practitioners, but everyone has a role

to play

It is important to understand the relationship between reliability, ability, maintainability and safety; that nothing is perfect, and that age and decay must be recognised so that ill effects can be prevented before they occur Because of this, people, engineered systems and devices need man-agement attention to ensure their dependability

avail-This book has been written for the benefi t of all as a guide to these matters It provides a comprehensive introduction to all the basic principles that can be applied across all industries It is intended to assist the mission

of the Health and Safety Executive, and to further that of the Safety and Reliability Group of the IMechE, in ensuring a safer world It exceeds the recommended syllabus on the subject by the Hazards Forum (the inter institutional group on health and safety established by the Institutions of: Civil Engineers, Mechanical Engineers, Engineering Technology, and Chemical Engineers) and follows the guidelines issued by The Engineering Council

William Wong

© Woodhead Publishing Limited, 2010

1

1

Ever-present danger: an introduction to the

principles of risk management

Abstract: People live with a constant risk of disaster This chapter

explains how risks are managed by risk assessment, risk evaluation and taking measures to control risk These measures have to be dependable

to be effective, as measured by their reliability, maintainability and availability All these matters are part of the process of managing risk and these concepts are explained in simple terms with easy to understand examples from real life disasters Some guidance on general precepts is given to underline the principles involved.

Key words: risk, assessment, evaluation, control, process, management

failures, New Orleans, space shuttle, Railtrack, Buncefi eld, air collision, general precepts.

1.1 Introduction

In the 21st century more and more people live and work in a man-made environment They depend on engineering and the application of science and technology for housing, electrical and gas supplies, water supplies, the processing of sewage and refuse, transport, communications, the produc-tion of raw materials, and even the way food is produced The effects of global warming, the need to reduce carbon dioxide (CO2) emissions and the rising world population will intensify this situation They already under-stand the impact on the environment due to the use of hydrocarbon fuels for transportation and the generation of electricity People need to under-stand the risks to their health and safety

The dependability of public services is usually taken for granted, and that all needs will be fulfi lled as and when required However, the ever-present dangers that people live under are mostly unseen and unheard until disaster strikes But, once in a while, the public are shocked out of their compla-cency with industrial disasters that affect whole towns and communities For example the railway accidents that occurred in the United Kingdom (UK) during the years 1998–2008, with many dead and injured, had an immediate effect and resulted in a complete reorganisation of the railway infrastructure and management

2 The risk management of safety and dependability

Concern over industrial accidents and the pollution from its waste and emissions has resulted in legal requirements that have now extended to every situation to protect the health and safety of workers and the general public Over the years it has become recognised that the duty of care has to be a team effort that extends up to senior management In recognition of this, the

UK in 2007 established the criminal offence of corporate manslaughter and corporate homicide to deal with failings in risk management In risk manage-ment the initiating action required is that of risk assessment

An approach suitable for assessing risk in the work place is a fi ve-step procedure:1

• Identify the hazards

• Decide who might be harmed and how

• Evaluate the risks and decide on precautions

• Record the fi ndings and implement them

• Review the assessment and update as necessary

However, the general principle of risk assessment in industry2 is based on the key elements as follows:

• Identifying hazards, which have a potential for harm

• Risk is defi ned as the probability that a hazardous event could occur

• Consequence is the harm resulting from a hazardous event occurring

• Risk assessment is the consideration of risk and the consequences of a hazardous event in order to decide if any action is necessary to avoid or

to reduce the risk

• Record the results of the risk assessment and the action taken

These are very simple concepts to put in place and yet a doctor was heard

to say that if she were to worry about risk nothing would ever be done A headmaster thought that risks should be avoided by cancelling all school excursions These attitudes, which are all too prevalent, completely miss the point People need to stop, and think of what could go wrong, and think of measures that will help to prevent those that are unacceptable from happening

Every time someone crosses a busy road they make a risk assessment If they are elderly and cannot move very fast they wait until there is no traffi c Younger people will assess the speed and distance of the oncoming traffi c,

to judge if they can safely cross Once in a while a young man jogging across

a common, runs out across a major road without stopping to make a risk assessment and gets killed by oncoming traffi c; people need to stop and think

An introduction to the principles of risk management 3

© Woodhead Publishing Limited, 2010

In industry there are many complex situations that need to be managed, for these a risk matrix is useful as a qualitative method for conducting a risk assessment to determine its acceptability Typically this risk assessment process is carried out by a team of multi-discipline engineers and can also involve specialist engineers for more complex situations The views of each team member and the collective judgement in reaching decisions are essen-tial to ensure all risks are fully understood and recognised

The risk assessment matrix is carried out by formulating a severity level table and a likelihood table so that the selection of the value from the two then provides the risk ranking, which gives an indication of its acceptability

1.3.1 Severity level

The severity level table can be used for many different situations and the level criteria formulated to suit For example if it is to do with physical danger to a person it could be based on the level of injury Table 1.1 shows

a typical severity level table

1.3.2 Likelihood

Table 1.2 shows a typical likelihood table This shows four levels but sometimes using fi ve may be more appropriate depending on the circumstances

Table 1.1 Severity level

Class Level Defi nition (any one or more)

1 Serious In-plant fatality; public fatalities; extensive property

damage; serious and long-term environmental damage; 2 or more days extended downtime

2 High Lost time injury; public injuries or impact; signifi cant

property damage; environmental impact exceeding regulation standards; downtime of 1–2 days

3 Medium Minor injury; moderate property damage; minimum

short-term environmental damage; 4–24 hours downtime; disruption of product quality

4 Low No worker injuries; minor property damage; no

environmental impact; downtime less than 4 hours

5 Minor No worker injuries, property damage or environmental

impact; recoverable operational problem