- 
Arabic
 - 
ar
Bengali
 - 
bn
English
 - 
en
French
 - 
fr
German
 - 
de
Hindi
 - 
hi
Indonesian
 - 
id
Portuguese
 - 
pt
Russian
 - 
ru
Spanish
 - 
es

RISK MANAGER’S PERSPECTIVE ON INHERENT SAFETY IN ENGINEERING DESIGN

They are the result of bringing together technologies to meet human needs or to solve problems. Sometimes a design is the result of someone trying to do a task more quickly or efficiently. Design activity occurs over a period of time and requires a step-by-step methodology.

We described engineers primarily as problem solvers. What distinguishes design from other types of problem solving is the nature of both the problem and the solution. Design problems are open ended in nature, which means they have more than one correct solution. The result or solution to a design problem is a system that possesses specified properties.

Solving design problems is often an iterative process: As the solution to a design problem evolves, you find yourself continually refining the design. While implementing the solution to a design problem, you may discover that the solution you’ve developed is unsafe, too expensive, or will not work. You then “go back to the drawing board” and modify the solution until it meets your requirements. For example, the Wright brothers’ airplane did not fly perfectly the first time. They began a program for building an airplane by first conducting tests with kites and then gliders. Before attempting powered flight, they solved the essential problems of controlling a plane’s motion in rising, descending, and turning. They didn’t construct a powered plane until after making more than 700 successful glider flights. Design activity is therefore cyclic or iterative in nature, whereas analysis problem solving is primarily sequential. The solution to a design problem does not suddenly appear in a vacuum. A good solution requires a methodology or process.

The five steps used for solving design problems are:

1. Define the problem.

2. Gather pertinent information.

3. Generate multiple solutions.

4. Analyze and select a solution.

5. Test and implement the solution.

 

PRODUCT SAFETY AND LIABILITY

 The primary consideration for safety in product design is to assure that the use of the design does not cause injury to humans. Safety and product liability issues, however, can also extend beyond human injury to include property damage and environmental damage from the use of your design. Engineers must also consider the issues of safety in design because of liability arising from the use of an unsafe product. Liability refers to the manufacturer of a machine or product being liable, or financially responsible, for any injury or damage resulting from the use of an unsafe product. The only way to assure that your design will not cause injury or loss is to design safety into the product.

To protect themselves in a product liability trial, engineers must use state-of-the-art design procedures during the design process. They must keep records of all calculations and methods used during the design process. Safety considerations must be included in the criteria for all design solutions. The designer must also foresee other ways people could use the product. If a person uses a shop vacuum to remove a gasoline spill, is the designer responsible when the vacuum catches fire? The courts can decide that a design is poor if the engineer did not foresee improper use of the product. It is imperative that you evaluate all of your alternative solutions against safety considerations.

 

THE NATIONAL SOCIETY OF PROFESSIONAL ENGINEERS (NSPE)

The National Society of Professional Engineers (NSPE) is the society for registered professional engineers which was founded in 1934 and has approximately 60,000 members. NSPE has articulated a Code of Ethics for Engineers that spans the entire range of engineering and is widely accepted by professional engineers. In the preamble to the code, the following statement is made: “…the services provided by engineers require honesty, impartiality, fairness and equity, and must be dedicated to the protection of the public health, safety, and welfare.” (emphasis added) The NSPE code of ethics lists six fundamental canons.

The FIRST of those canons is stated as follows: “Engineers, in the fulfillment of their professional duties, shall …hold paramount the safety, health and welfare of the public.” (emphasis added)

Associated with the first fundamental canon are five rules of practice, two of which are stated as follows:

a. If engineers’ judgment is overruled under circumstances that endanger life or property, they shall notify their employer or client and such other authority as may be appropriate. (emphasis added)

Engineers having knowledge of any alleged violation of this Code shall report thereon to appropriate professional bodies and, when relevant, also to public authorities, and cooperate with the proper authorities in furnishing such information or assistance as may be required. (emphasis added)

It is significant that the first duty of an engineer, according to the NSPE, is to be dedicated to the protection of the public health, safety, and welfare. This obligates a design engineer to assess potential failure modes and the resulting hazards to people for every design as part of the engineering design process.

 

THE ENGINEERING DESIGN PROCESS

The engineering design process is part of the overall product or process realization process which takes an idea from conception through implementation to obsolescence. It involves a very detailed cradle to grave analysis. Once a decision has been made to develop a new product or process, the engineering design process to achieve it may be described as follows:

1.Conceptual design/Taguchi systems design– generate multiple potential solutions. Perform “quick and dirty” initial analyses of each potential solution. Benchmark the potential solutions against a common set of requirements and select the most promising.

2.Detailed design/Taguchi parameter and tolerance design – perform detailed analyses on the selected solution to determine functionality, geometry, size, fit, finish, tolerances, human interface, safety, etc. Develop all of the models, specifications, drawings and plans necessary for production, distribution, use and disposal.

The conceptual design step is characterized by the generation of multiple potential product or process ideas. These ideas may come from the natural evolution of existing products or processes, benchmarking competing products or processes, market surveys, new knowledge, or the generation of new and different ideas (brainstorming). Each of these ideas undergoes preliminary analysis to create a common basis for comparison. The ideas are then compared against each other (a benchmarking process) and the idea judged to have the highest probability of success is selected for further development.

The detailed design process then fleshes out the idea into a workable design and produces all of the information necessary to implement the selected design. Problems that are solved very early in the design process incur insignificant development cost and provide very large potential revenue gains through simplified production, increased consumer satisfaction, increased market share, and reduced product liability. Problems that are solved late in the design process or after production has begun usually incur substantial development cost and implementation delay.

 

SELLING SAFETY IN THE DESIGN

Traditionally, engineers design a facility, a piece of machinery, or an entire process for the occupants, operators and end-users. While this design work must occur, the negative side to the traditional practice is the lack, or even absence, of consideration of other people who inevitably will be affected by the design. Another area that typically receives insufficient attention during the design stage is the impact a design will have on production, equipment, the environment and public relations as it relates to this “other” group of people.

This has become a significant issue for several reasons:

The majority of engineers do not take courses on safety in school nor do they attend safety seminars or conferences after they graduate. The National Safety Council’s Institute for Safety Through Design found that 80 percent of engineers had not taken any safety courses in college, and 70 percent had not attended any safety seminars or conferences.

Design codes and standards are predominantly written for building occupants and users, not the people who assemble and maintain buildings and equipment. While an emergency light placed high above a stairwell will prove helpful to the building occupants in the event of an emergency, it’s a different story altogether for the contractor who must install it and the maintenance personnel who must test and service the light periodically.

Management does not realize the total cost associated with the traditional design process or is unduly influenced by short-term requirements. One global industrial firm reviewed their data to determine costs associated with safety and the design process and took into account:

  • Costs associated with safety elements when they were integrated into the original project program.
  • The costs of incorporating safety elements after the design drawings were completed.
  • The cost of adding safety elements during the installation process.
  • Costs associated with adding safety elements after the process was in production.

The results of their analysis showed that the cost of adding in safety elements was over 1,000 times more expensive after the process was running than if those same safety considerations had been included in the original project design program.

Another company was about to receive some new equipment when they realized the equipment required lockout/tagout components. The cost of adding these components at the factory was $350 per machine. Had they waited until the equipment was delivered, the cost would have been $3,800 per machine.

Effective communication between engineering and safety, training engineers in basic safety principles, and management support are all key to designing and engineering for safety. Engineering for safety is not a quick fix: it is a commitment to an innovative and more inclusive design approach.

 

DESIGN FOR SAFETY

Design for Safety is a design methodology that protects the health, safety and welfare of the customer, the public, and the workers who manufacture and distribute the product. It requires that the potential hazards inherent in the manufacture, distribution, use, and disposal of a product be identified in the design phase and mitigated as much as possible. While it may not be possible to remove all hazards from a product, the number and severity of the hazards should be minimized and the customer warned about the hazards that remain.

Countless tools are available, depending on which phase of engineering the project is at and the hazard management policy defined. These tools may be HAZID/HAZOP studies, Failure Mode Effects Analysis (FMEA), SIL analysis, Quantitative Risk Analysis (QRA), RAMS Analysis or Risk-Based Inspections (RBI).

While national regulations do not require the application of these tools, an ever-growing number of companies in the sector are undertaking these studies in order to meet the standards governing the international Oil &Gas sector. This article offers an introduction to the most common tools that have been used and fully tested over the years.

HAZOP (HAZards and OPerability) Analysis

Due to its systematic approach and multidisciplinary nature, HAZOP analysis has for decades been the most widely used tool for identifying and mitigating hazards in industry. The objective of the technique is to identify all deviations from design conditions for the lines and elements belonging to a specific process unit that may lead to accidents or serious operability issues, with special focus on deviations that could cause accidents with serious consequences.

This identification of undesired consequences enables companies to define recommendations to improve a facility’s operability and safety, resulting in optimal efficiency and productivity. In this sense, the proposed modifications could affect monitoring and emergency systems, the conditions of line, equipment and instrument design and written procedures. Recommendations for specific detail studies could be derived from these proposals.

Failure Modes and Effects Analysis (FMEA)

Failure Modes and Effects Analysis is a formal methodology for identifying potential failure modes and their associated hazards which is suitable for detailed engineering design of a product or process. The steps are as follows:

1. Describe the system or process whose failure modes are sought.

2. Identify the ways in which the system or process might fail. These failure modes may be identified by historical data, personal experience, or a process similar to brainstorming.

3. Identify the symptoms of each failure mode that might aid in detection.

4. Determine the effects of each failure mode should it occur – look at property damage and hazard to people.

5. Assess the probability of each failure mode occurring. A qualitative ranking may be used if statistical data is not available – a low ranking means a low probability of occurrence.

6. Assess the risk (probability) of personal injury and property damage for each failure mode. Again, a qualitative ranking may be used in the absence of statistical data.

7. Compute a “danger index” from the numbers assigned in steps 5 & 6 – multiply the probabilities or rankings together.

The FMEA is normally presented as a table. The danger index is a ranking of the risks associated with each design. The failure modes should be examined for possible mitigation through design changes starting with the highest danger index and proceeding to the lowest. It is usually not possible to completely eliminate all failure modes from a consumer product but the hazard to people should be minimized as much as possible. This process should also minimize the exposure of the manufacturer to product liability litigation.

A risk priority number (RPN) is computed as follows: RPN = (failure severity) X (probability of occurrence) X (probability of detection)

The failure modes should be ranked in descending order by RPN and those at the top of the list should be addressed first. A high RPN indicates a significant risk of system failure and hazard that should be mitigated if possible by redesigning the system to reduce effect severity, reduce the probability of occurrence, and increase the probability of detection. Once changes have been made to the design, the severity, occurrence, detection, and RPN values are recomputed for the affected failure modes. All potential failure modes cannot be eliminated from all systems, but the goal of the design process should be to minimize RPNs of the system. A minimum RPN should correspond to maximum public safety and minimum exposure to litigation.

SIL (Safety Integrity Level) analysis, SIL verification and SRS (Safety Requirement Specifications)

The handling and movement of hazardous substances at facilities requires safety measures with demanding criteria for the infringement of pre-set conditions, in order that the process be run in conditions of safety for people, the environment and infrastructure. This translates to a need to implement special systems that are independent of any other system, in order that they may act in the event of other prevention systems failing and make the process safe.

These systems are called safety instrumented systems (SIS). The nature of these systems means they must have sufficient conditions of safety and reliability to ensure they function properly when they are required. This is the reason for the SIL analysis, which calculates the SIL (safety integrity level) index in order to assess the safety level required of those systems and verifies that they meet the required level.

Quantitative Risk Analysis (QRA)

Quantitative risk assessment (QRA) is a formal and systematic risk analysis approach to quantifying the risks associated with the operation of an engineering process. The results quantitatively address the risk to people, the environment, or the business.

QRA studies are typically required for production and processing facilities, high-pressure pipelines, and storage and importation sites, including liquefied natural gas (LNG). They contribute to improved decision-making by highlighting the accident scenarios that contribute most to overall risk. This is carried out in order to demonstrate if the acceptability criteria have been met and that the residual risks are as low as reasonably practicable (ALARP).

A QRA study normally comprises the following:

• Identification of hazards by using a technique such as hazard and operability (HAZOP) study method.

• Safety integrity level (SIL) study using layers of protection analysis (LOPA) methods for the safety instrumented functions (SIFs) associated with the prevention of loss of containment from the facilities under consideration (e.g., loss of containment due to overpressure causes).

• Frequency estimation of the identified scenarios that can cause loss of containment from the facilities under consideration.

• Consequence analysis to determine the severities associated with each hazardous effect for the identified scenarios.

• Quantitative risk assessment to calculate and determine the safety risks to persons in the proximity of or affected by the facilities under consideration.

 

Historical Failure and Hazard Information

Historical information on the performance and problems of existing products and processes is useful to the design engineer. Such information is available in customer service departments and repair facilities as part of their normal activities. It need only be collected and archived for future reference. It may also be collected as part of a market survey. In addition, litigation filed for personal injury and product liability can be scanned for cases involving similar products or processes and the allegations can be examined. A significant number of similar complaints about a product or process may indicate a problem that should be addressed in the next redesign cycle. By systematically removing potential hazards from a product or process it is made safer and therefore more desirable to the customer, assuming the price does not increase significantly beyond inflation. In addition, the exposure to litigation is reduced, thereby saving additional costs.

RAMS analysis

RAMS refers to Reliability, Availability and Maintainability Study which is a decision making tool used to identify how to increase the availability of the system, and thus increase the overall profit as well as reducing the life cycle costs. Reliability is defined as the fraction or percentage of time that an item is available to response to a demand placed upon it. Various techniques are such as Reliability Block Diagrams (RBDs) and Fault Tree Analysis (FTA) can be used to determine Reliability. Availability is defined as a fraction or percentage of time that an item has not failed and thus available for a demand. Based on this particular approach, unavailability can be defined as a fraction or percentage of time that an item has failed. Active and Reactive maintenance programs are required in order to ensure reliability of equipment and thus reliability and availability of Safety Instrumented Functions.

RAM analysis can be applied at various stages of the life cycle:

·       Pre-FEED (i.e. design conceptualisation) – RAM analysis can be used to compare various design options that are being considered through quantification of the production output of each option. Conducting a RAM analysis at this stage, while the design is still being finalised is known to reduce the cost and schedule impact on the project than if conducted at a later stage.

·       FEED – At the FEED stage, critical equipment’s are identified which could cause significant production losses. A RAM analysis would normally be conducted on these critical equipment’s in order to optimise the equipment configuration and identify the requirements of any further spares or equipment redundancies in order to optimise the availability of the system.

·       Detailed Engineering – At the detailed engineering stage it is likely that the design is frozen with minimal changes. A RAM study at this point would allow the client to identify performance targets that must be met by the equipment, which can be used as part of the equipment design specification during procurement.

·       Process Operation – While the process is in operation, conducting a RAM study using the data of the as-built facility can bring the benefit of identifying unreliable equipment which are leading to production losses.

 

 

Risk-Based Inspections (RBI)

Risk-Based Inspections (RBI) is a Total Quality Assurance approach that minimizes downtime and ensures equipment longevity for oil and chemical plants. Analysis of fixed equipment, piping, pipelines, and pressure relief devices at a facility using an RBI approach can increase the effectiveness of the mechanical integrity inspection program while minimizing risk to Health, Safety and the Environment (HS&E) and maximizing resource utilization. Through the application of RBI analysis, process variables and materials of construction are considered to identify the type of damage that can lead to failure, where it may occur, the frequency of inspections that should take place, and appropriate and cost-effective inspection techniques. As a result, items with a high probability of failure and subsequent impact are given a higher priority for inspection than items that are of low impact, allowing for a more rational application of inspection resources. The entire process results in focusing resources on specific assets that are most likely to pose a risk to the facility.

Facebook
Twitter
Email
Print
Scroll to Top