Why Hazops fail the SFAIRP test & why this is important
R2A recently presented a free webinar; Why Hazops fail the SFAIRP test. It is one of the more frequently asked questions we receive as Due Diligence Engineers.
Hazops are a commonly used risk management technique, especially in the process industries. In some ways the name has become generic; in the sense that many use it as a safety sign-off review process prior to freezing the design, a bit like the way the English hoover the floor when they actually mean vacuum the floor.
Traditionally, Hazop (hazard and operability) studies are done by considering a particular element of a plant or process and testing it against a defined list of failures to see what the implications for the system as a whole might be. That is, they are bottom-up in nature and so provide a detailed technical insight into potential safety and operational issues of complex systems. They can certainly produce important results.
However, like many bottom-up techniques they have problems with identifying high-consequence common-cause and common-mode failures. This arises simply because the Hazop process is bottom-up in nature rather than top-down.
A detailed assessment of individual components or sub-systems like Hazops examine how that component or sub-system can fail under normal operating conditions.
Hazops do not examine how a catastrophic failure elsewhere (like a fire or explosion) might simultaneously affect this component or the others around it.
Such ‘knock-on’ effects are attempted to be addressed in Hazops by a series of general questions after the detailed review is completed, but it nevertheless remains difficult to use a Hazop to determine credible worst-case scenarios.
This is exacerbated by the use of schematics to functionally describe the plant or equipment being examined. Unless the analysis team has an excellent spatial / geographic understanding of the system being considered, it’s very hard to see what bits of equipment are being simultaneously affected by the blast, fire or toxic cloud.
This means that it is difficult to use a Hazop to determine credible worst-case scenarios and ensure SFAIRP has been robustly demonstrated for all credible, critical hazards.
For a limited time, you can watch the webinar recording of the presentation on Why Hazops cannot demonstrate SFAIRP here.
If you’d like to discuss any aspect of this article, your due diligence / risk management approaches, or how we can conudct an in-house briefing on a particular organisational due diligence issue, contact us for a chat.
Engineering As Law
Both law and engineering are practical rather than theoretical activities in the sense that their ultimate purpose is to change the state of the world rather than to merely understand it. The lawyers focus on social change whilst the engineers focus on physical change.It is the power to cause change that creates the ethical concerns. Knowing does not have a moral dimension, doing does. Mind you, just because you have the power to do something does not mean it ought to be done but conversely, without the power to do, you cannot choose.Generally for engineers, it must work, be useful and not harm others, that is, fit for purpose. The moral imperative arising form this approach for engineers generally articulated in Australia seems to be:
- S/he who pays you is your client (the employer is the client for employee engineers)
- Stick to your area of competence (don’t ignorantly take unreasonable chances with your client’s or employer’s interests)
- No kickbacks (don’t be corrupt and defraud your client or their customers)
- Be responsible for your own negligence (consulting engineers at least should have professional indemnity insurance)
- Give credit where credit is due (don’t pinch other peoples ideas).
Overall, these represent a restatement of the principle of reciprocity, that is, how you would be expected to be treated in similar circumstances and therefore becomes a statement of moral law as it applies to engineers.