News & Events
- Publications
  - Bulletin
    - Archive
      - 2003 issues
        
        January/February
        
        Your CRP - your chance to make a difference
        
        Net Gains - Bulletin - January / February 2003
        
        Launchpad - Bulletin - January / February 2003
        
        Risk ... what risk? Assessing the risk in inspection planning
        
        Friction stir welding - How big is the process torque? - a simple prediction
        
        The changing worlds... Radical advances in both electron beam and friction welding come under the spotlight

Risk ... what risk?

TWI Bulletin, January - February 2003

Assessing the risk in inspection planning

John Wintle

John Wintle is Consultant Engineer for structural integrity and is a leader in the development of reliability engineering at TWI.

In 1999, the Health and Safety Executive (HSE) commissioned TWI and Royal Sun Alliance Engineering (RSAE) to prepare guidance on best practice for the inspection of pressure systems based on the risk of failure. After an in-depth study, the guidance was published in a best practice report in 2001. HSE has now made this report available to industry on its web site. John Wintle describes the project and how TWI is supporting industry in applying risk based inspection and dealing with the issues it raises.

Initially, HSE carried out a series of surveys to evaluate how industry was using risk assessments to plan inspection of pressure systems. Fifty companies were asked what they understood by risk based inspection (RBI) and whether they were applying it, while in a more detailed follow-up survey, five companies were interviewed about the methods they were using. The results showed there were widely varying views about the nature and practice of RBI, and that different methods were being applied.

It was evident that there would be benefit in trying to achieve a common understanding between regulators and owners and users (Duty Holders) of pressure systems about the processes of RBI and how it should be practised. Consequently HSE initiated the project with TWI and RSAE which resulted in the best practice report. The aims of the project were to define the processes of RBI, to give practical guidance and a case study on how best to implement RBI, and to provide an audit tool to enable companies and regulators to evaluate how well RBI is being applied.

UK regulation of pressure systems in-service

The UK statutory requirements for pressure systems are contained in the UK Pressure Systems Safety Regulations 2000 (PSSR). They define the responsibilities of Duty Holders to manage their systems safely, and in particular, cover the requirements for examination of equipment. The Regulations also define the duties of a Competent Person in relation to the planning, conduct and reporting of the examination.

Before a pressure system may be operated, the PSSR requires Duty Holders to have a written scheme of examination to be drawn up or certified as being suitable to prevent danger by a Competent Person. The scheme must cover all protective devices and every pressure vessel, pipeline and part of pipework in which a defect may give rise to danger to persons arising from the release of stored energy. The scheme must also define the nature and frequency of periodic examination and, where appropriate, provide for an examination before equipment is used for the first time.

The PSSR set the goal of preventing danger by means of a suitable scheme of examination, but do not prescribe the scope, nature or frequency. What constitutes a suitable scheme is up to the Competent Person and the regulator (and ultimately the courts) to judge. This leaves Duty Holders with the flexibility to plan inspections that are suitable to assure the safety of their systems from assessment of the risks of failure. In order to assist Duty Holders and Competent Persons to determine what is suitable, the Health and Safety Commission has an Approved Code of Practice (ACoP).

The ACoP provides guidelines on the parts of a system that should be included in the written scheme. In general, the scope of examination should include all protective devices, pressure vessels, and parts of pipework liable to deteriorate by corrosion, erosion or fatigue or where failure would result in a sudden release of stored energy. Pipework and parts of systems where a defect would not give rise to danger may, however, be excluded from the scheme providing that the decision to exclude has been justified and advice sought from a relevant technical expert.

With regard to frequency of examination, the ACoP states that the aim should be to ensure examinations are carried out at intervals that are sufficient to identify any deterioration likely to affect safe operation of the system. Different parts of a system may be examined at different intervals depending on the degree of risk associated with each part. All relevant factors need to be taken into account when deciding on an appropriate interval between examinations and the ACoP provides a list of some of them.

With this advice, Duty Holders have the flexibility to use methods to determine the scope and frequency of the examination based on whether a defect would give rise to danger and the risk of failure from defects associated with each part. Methods based on information generated from a risk assessment are therefore fully consistent with the Regulations and the ACoP. The difficulty arises in obtaining a consistent judgmental basis for RBI.

RBI best practice project

The project examined the application of RBI to pressure systems, including most vessels and piping, that are subject to in-service examination under the Pressure Systems Safety Regulations. It also covered equipment and systems containing hazardous materials, such as atmospheric storage tanks, that are inspected as a means to comply with the Control of Major Accident Hazards Regulations (COMAH). The principles of RBI for pressure systems are also applicable to the inspection of many other safety-related structures and equipment, for example, offshore structures, lifting equipment and fairground equipment although these were not specifically considered.

The project was primarily concerned with risks to health and safety. However, it recognised the additional responsibilities of Duty Holders to plan inspections to protect the environment and their operations and businesses from the consequences of failure. The guidance is aimed mainly at engineers responsible for planning inspection of safety critical plant, but regulators, safety managers and site inspectors will also find the results useful.

The risk of failure of an item of equipment is the combination of the probability of the failure occurring within a certain operating period and a measure, in financial loss, of the consequences resulting from that failure. When the probability and consequences are evaluated quantitatively, the risk is usually defined as a single value being the product of the probability and the measure of consequences. However the data and processing requirements for a fully quantitative assessment can be onerous, and this is normally only carried out for very high integrity systems such as nuclear plant.

It is often possible and more convenient to make a qualitative assessment of probability and consequences using a scale (usually three or five) of descriptive terms such as high, medium or low. In order to achieve consistency, the categorisation of probability and consequences by descriptive terms requires definition and a consistent judgmental basis. Results of these assessments are usually displayed as a cell within a risk matrix. The risk is then the combination of the probability and consequences descriptors, and number of risk combinations is obviously limited by the number of cells in the risk matrix. Qualitative assessments are best used in ranking or comparing risks of items of equipment.

RBI requires the Duty Holder to undertake a risk assessment for the system under consideration. The form of the assessment can vary depending on circumstances. Whatever approach is adopted, the risk assessment should be a structured process comprising the following six stages:

Identification of accident scenarios resulting from equipment failure
Identification of potential deterioration mechanisms and modes of failure
Assessment of the probability of failure for each mechanism/mode
Assessment of the consequences resulting from each failure mode
Determination of the risk of failure of the equipment by all modes
Ranking and categorisation of risk

The purpose of the risk assessment is first, to determine whether failure of the equipment from potential defects would give rise to danger and/or loss ( ie consequences from failure). Then it is to assess the likelihood of failure occurring during the operating period being considered. The key information required to assess integrity and consequences must be available, and when this is sufficient to show that the risk of failure is small, a suitable scheme of examination can be developed that is not unduly restrictive. When the risk assessment identifies that the key information required to assess integrity or consequences is lacking, the risk is higher and more inspection may be needed.

In terms of plant integrity, the key information is generated from the design specification and drawings, operational experience and inspection records, and knowledge of the deterioration mechanisms and the rate at which deterioration will proceed. This knowledge enables current and future fitness-for-service to be assessed. Information typically required to assess the consequences of failure includes the amount and characteristics of the fluid and energy released and the proximity of personnel and surrounding equipment.

The achievement of an effective and reliable examination is an essential requirement of RBI. The information generated in the risk assessment about potential deterioration mechanisms can be used to select examination methods that are effective to detect the type and level of deterioration anticipated. The report discusses the capability of various NDT methods, including acoustic emission, long range ultrasonics. Strategies that Duty Holders can use to assure themselves of the effectiveness and reliability of examination include building in diversity and redundancy and inspection qualification.

The assessments of examination results, fitness-for-service, and the risks associated with modifications and repairs are also an integral part of RBI. This requires uncertainties in these assessments to be determined so suitable decisions can be taken. Feedback and the re-assessment of risk during plant life are essential parts of the process and particularly pertinent when inspection intervals are long.

Audit tool

In addition to the guidance outlined above, the report provides an audit tool for Duty Holders and regulators to test whether best practice is being applied. This comprises a series of questions and a commentary relating to each stage of the process. The commentaries are intended to provide a benchmark of best practice against which the process of RBI can be evaluated.

For example, question B6.5 of the audit tool is 'What methods and factors are used to set inspections intervals?'. While the aim is not to be prescriptive, the commentary implies an expectation of the Duty Holder to have certain methods and information and to be able to justify the use of these. A remnant life calculation may allow the opportunity to extend examination intervals, but requires an assessment of uncertainties and limitations in the information available in order to determine an appropriate factor of safety.

RISKWISE - TWI's software to aid RBI

In order to aid the implementation of the guidance given in the report, TWI has, independently, developed a software package called RISKWISE. Initially, the software contains an empty database into which Duty Holders can input relevant data about the pressure equipment within their plant, eg design data materials specifications, operating conditions, known degradation mechanisms and inspection history and assessed effectiveness. The software also contains supporting technical information about different deterioration mechanisms to assist users identify vulnerable equipment.

RISKWISE then assists the user to assess qualitatively the probability and consequences of failure from deterioration during a specified time interval to the next inspection. The user answers a series of multiple choice questions and a scoring system is used to convert the answers into numerical values representative of the probability and consequences. These are then plotted on a five point risk matrix and multiplied to produce a single risk index value.

The process can be repeated by reconsidering the probability and consequences questions over different time intervals as new knowledge is gained about the equipment, its conditions and the rate of deterioration. Using RISKWISE, items of equipment can be ranked according to their relative risk using the risk indices. RISKWISE is thus an intuitive tool that helps the RBI team determine whether a plant item needs inspecting and the interval to the next inspection.

Specific versions of RISKWISE are available for pressure vessels and process plant, storage tanks and piping systems, since the data relevant to the risk of failure varies in each case. For proper application, RISKWISE requires judgements by experienced people. It is of greatest value when it is used with TWI experts as part of the RBI team.

Issues arising with RBI

The decision of whether to introduce risk based inspection raises a number of issues for Duty Holders. The first of these is whether the effort required to justify potentially longer operating intervals is going to be cost effective against the upfront investment in people's time. For all but the most simple systems, RBI requires a multi-disciplinary team of qualified staff and the Competent Person, possibly with additional assistance of independent external consultants.

The team has to gather the relevant data, often from sources that may be difficult to access, and this data has to be analysed. Several meetings of the team may be necessary to make the risk assessment and plan the examination. In order to provide an audit trail for regulators, formal records of meetings and decisions are needed.

Another issue is the availability and reliability of the data required to make the risk assessment. This may apply particularly to older and second hand equipment if the original design and manufacturing drawings has been lost. If the original design thickness and welding quality are unknown, extra in-service inspection may be necessary to establish these again.

One issue whose importance is being increasingly recognised is that of accrediting the competence of the individuals taking part in risk based inspection. In the UK there are no formal competence requirements, except for Competent Persons, although Duty Holders have a general duty to use suitably qualified staff. In future, independent organisations like TWI may have an increasing role in accrediting the competence of engineering and technical staff making safety sensitive assessments. Regulators and other interested parties may welcome the involvement.

Case study

This case study illustrates how RBI can be applied to justify extending examination intervals. The aim was to determine the requirements for the next scheduled inspection, and, given satisfactory results, whether the interval until the following inspection could be increased from 26 months to 48 months.

A multi-disciplinary team undertook the study comprising:

- Consultant Engineer
(Team Leader)

- Plant Engineer

- Production Engineer

- Health and Safety Adviser

- Metallurgist

- NDT Engineer

The team first identified the extent of the system and its inter-relationship with other systems. The design of the system and mode of operation was considered under both normal and postulated fault conditions. A wide range of documentation was reviewed including the maintenance and previous inspection reports during eight years of service. Very little information was found on the original design and construction of the reflux drum, which had not been examined in-service.

A review of deterioration mechanisms found that the only mechanisms that needed to be considered were internal corrosion, fatigue and stress corrosion cracking. The probability of failure was assessed on a five point scale in terms of:

The remaining life until exhaustion of the corrosion allowance
The fraction of design fatigue life remaining
The extent to which SCC had been experienced in similar vessels of the same age.

The most severe of the three assessments was used.

Consequence of failure was assessed on a five point scale by evaluating the cumulative impact on production, personnel, surrounding equipment, and the fluid characteristics, contents and pressure.

From the risk assessment, it was clear that all items would give rise to danger if a defect was present and the probability of a defect existing was such that it should be subject to examination. Examinations were then specified for each item, the nature of which addressed the uncertainties associated with each deterioration mechanism identified.

After the examination, the probability of failure from defects was re-assessed. This was used as the basis for a decision to extend the interval until the next examination from 26 to 48 months for the catalytic column and other vessels which were found to be in a satisfactory condition.

The lack of previous examination reports and manufacturing information about the reflux drum had a negative effect even though the amount of corrosion detected appeared to be small. For the reflux drum one good examination was not sufficient to establish the corrosion rate. The interval between inspections was to remain at 26 months until the corrosion rate could be established with confidence.

Conclusion

This article highlights the flexibility that exists within the UK regulations for pressure systems safety. Duty Holders and Competent Persons can determine a scheme of examination that is appropriate to each item of equipment. Inspection intervals may be set depending on the degree of risk associated with each item, but Duty Holders and Competent Persons must be able to justify that the scheme is suitable.

The project carried out by TWI and Royal Sun Alliance Engineering will assist Duty Holders and regulators identify best practice for risk based inspection. An audit tool and a case study provide a benchmark against which current practice can be evaluated. The case study shows how risk assessment may be used to justify extending examination intervals for some items of equipment.