HS&E in Design: An Approach for Russia

Background
Earlier work by the Tyumen Task Force (TTF) in 1992/3 identified the importance of re-establishing a Health, Safety and Environment (HS&E) culture in the prolific oil and gas operations of Western Siberia with the idea of developing and modernising oilfields within the flood plain of the Ob river and its tributaries.

TTF conducted field surveys and assessment studies in order to scope the content and location of model oil and gas field developments in the Region, in addition to providing loans to qualifying production associations for the following activities:

• modernisation of wells above a certain Productivity Index (PI) and abandonment of wells below a certain PI;
• provision of reliable metering facilities;
• replacement of key sections of flowline;
• injection of corrosion inhibitor chemicals;
• the provision of emergency response equipment.

Qualification included the drawing up of plans to:

• complete environmental baseline surveys and environmental impact assessments;
• involve local communities and institutions in the approval process for new developments;
• promote modern technologies and operating practices;
• re-establish the importance of the materials selection and quality assurance processes;
• encourage cooperation between neighbouring production associations in matters of emergency response.

Objectives of this Article
The objective of this article is to draw on this earlier TTF experience in Western Siberia and to outline how the timely and effective use of Hazard Identification (HAZID), Value Engineering and Risk Assessment studies in the design process can be central to establishing sustainable development and operating practices for oil and gas projects in the Region.

The article aims to show the potential for the following:

• Hazard Identification Study to draw on regional knowledge and project experience to minimise the potential for major accident hazards;
• Hazard and Operability Study (HAZOP) to systematically identify effective process safeguards;
• Quantitative Risk Assessment Study (QRA) to gauge the success of the development against established industry and society assessment criteria.
• Verification process to ensure ongoing system integrity through the life of the development;
• Value Engineering Workshop to identify alternative technologies and development methods that can improve the performance of the project.

This article lists the streams in the HS&E in Design process and gives examples where the above studies have been successful in locations bordering Russia as well as in Russia itself.

The example for the HAZID Study is taken from a major infrastructure project in Italy. For this project, latent hazards in the onshore natural environment are identified and analysed.

HS&E in Design is incorporated into projects in five parallel streams:

• Hazard Identification and Risk Assessment;
• Value Engineering;
• Loss Prevention and procurement of HS&E equipment;
• Impact on the Natural Environment;
• Working Environment Assessments.

The scope of work represented by these streams is then applied to produce deliverables at key milestones in the project lifecycle:

• Feasibility study;
• Concept selection;
• Concept definition;
• System definition;
• Detail engineering;
• Follow-on and commissioning;
• Operation and modification; and
• Decommissioning and abandonment.

Front End Engineering Design (FEED) corresponds with the preparation of the technical and economic basis, is completed during the system definition phase of a project, and at a point agreed with the Client.

Hazard Identification, Risk Assessment and Value Engineering
HAZID Studies are held as early as Concept selection when the hazard profiles of development options are compared. They are refined in successive project phases to meet defined quality levels.

The HAZID is concerned with potential major accident hazards, which as a minimum can be defined as:

• Personnel safety : Major injury or major impact to health.
• Assets: Local damage including part shutdown.
• Environment: Limited discharges of known toxicity.
• Reputation: Regional public concern.

Also the identification of the safety and environmental critical elements that are required to arrest a major hazard developing into a major accident or incident.

HAZOP Studies are scheduled for Concept definition and Detail design. The objective of a HAZOP can be summarised:

• Check the design and consider whether any deviation from design intent, which can occur through malfunction or mal-operation could cause a hazard.
• Check whether the precautions or safeguards incorporated into the design are sufficient to either prevent the hazard occurring or to reduce the consequences to an acceptable level.
• Confirm that operability is satisfactory and appropriate to the design intent.
• Provide input to a study that determines Safety Integrity Level requirements for safety instrumented systems.

Quantitative Risk Assessment is used to enumerate risk levels to persons, the environment and investment, chiefly for comparison with corporate and regulatory acceptance criteria. For each potential major accident hazard, which qualifies for QRA, the frequency of its occurrence is calculated from Industry data and using fault tree analysis. The consequences of the unfolding accident or incident are then evaluated via event trees using impairment data and rule sets.
For a successful development, QRA is used to demonstrate that the residual risk levels to working groups, the average individual or to society as a result of a petroleum development or an oil and gas field operation are as low as reasonably practicable (ALARP).

ALARP statements are first developed during the concept selection process and are refined through the project lifecycle.

Verification activities ensure that safety and environment critical elements identified during HAZID and HAZOP and evaluated in QRA are suitable and sufficient and can and do continue to meet the Performance Standards required of them in their role of safeguarding against potential major accident hazards.

Performance Standards specify the requirements for: Functionality; Availability; Survivability; and Interaction with other safety critical systems.

Value Engineering Workshops are used as part of the concept selection process and at the close of the concept definition phase to analyse the primary functions of the project, with a view to attaining the lowest lifecycle costs without compromising safety, schedule or client goals
and targets.

A multi disciplinary team including project and client personnel is led by an experienced facilitator to identify and study alternatives such as:

• design concepts;
• equipment and processes;
• materials of construction;
• construction and operating methods;

through following a Value Engineering process as outlined in the figure below.

Example Studies
A) GALSI Project: Hazard Identification Study
The table opposite is an extract from the Hazard Register created interactively during the Concept definition phase HAZID for the GALSI Project. The table provides details of the Natural Environment Hazards with the potential to impact the onshore section of a major gas pipeline.
A later HAZID, which is scheduled for Detail Design will:

• review the currency of this HAZID and close out or reactivate earlier actions, as appropriate;
• update the Hazard Register to include findings of completed risk assessment studies and geotechnical surveys;
• define outline performance standards on a hazard by hazard basis for the environment critical elements, which are referred to as controls or safeguards.

B) Ukraine Gas Field and CPFs: HAZOP Studies
A programme of Hazard and Operability (HAZOP) studies for the revamp and modernisation of gas fields and Central Processing Facilities (CPF) in the Ukraine enabled actions to be identified and taken to systematically review, and where required upgrade, the system of process safeguards and operating procedures for these facilities.

Process units that were subject to HAZOP included wellheads and wellpad manifolding, product storage and truck loading facilities and tie-ins to existing export pipelines and central processing facilities. Some facilities were designed to be operated manually and other larger facilities via Distributed Control Systems (DCS).

HP/LP interfaces were identified and safeguarding options identified to permit the production of new, more productive wells through existing facilities. Tie-ins to existing facilities were analysed to ensure that facilities engineered to different codes and standards could be connected and integrated safely.

For field shutdown valves and plant pressure safety valves, outline Failure Modes and Effect Analyses (FMEAS) were carried out by the HAZOP Team in order to fully understand the performance of the device during an upset condition.

An overall system of nodes was designed to provide the ability to compare the findings of the HAZOP Study for a manually operated CPF with its automated counterpart.

Cause and Effect Charts were compared and analysed and recommendations were made for subsequent studies aimed at determining the required Safety Integrity Level (SIL) of safety instrumented systems.

C) Sakhalin II: Risk Assessment of Deferred Hydrotesting
The pipelines’ pre-commissioning plan for the Sakhalin Phase II development called for each pipeline section to be flooded with treated water, cleaned, gauged and hydrotested immediately after pipelay during the ice free period of the year. This required review, as disposal of this treated water was out to sea and licenses were not forthcoming.

A risk assessment was commissioned to analyse and identify risk reduction measures for an alternative pre-commissioning strategy where the pipeline sections installed in the ice free period would be left air filled during the ice season, awaiting completion the following summer. This air-filled period could last as long as 16 — 18 months.

A key corrosion risk reduction measure was to vacuum dry the pipelines after installation, leak test and then pack them with Nitrogen to 0.35 bar. The benefit of this risk reduction measure can be seen in the chart below in terms of how the residual risk is driven to the left.

D) Shah Deniz: Shipping Risk Assessment
A QRA was performed for the near shore sections of oil, gas and condensate pipelines in order to evaluate the hazards posed by shipping in Sangachal Bay:

• ship grounding;
• anchor dragging;
• ship sinking.

Justifiable expenditures for eliminating these hazards were calculated based upon the estimated annual damage frequencies and the lifetime damage costs due to these hazards.

Effective risk reduction measures for each hazard were identified and costed. Analysis showed that the risks associated with ship grounding determined the cost effective water depth to which pipeline trenching and backfill should be provided.

The original near shore approach specification stated that pipelines were to be trenched and backfilled to the 11m water depth. QRA showed that the water depth up to which this protection could be justified could be reduced to 8.4m. The near shore shelf has a very gradual slope in this area of the Caspian Sea; thus the QRA enabled some significant and justifiable cost savings to be made.

With this risk reduction measure in place, as well as the steps of:

• updating nautical charts;
• meeting with harbour masters and ships’ masters regarding anchoring;

These being in place, residual risks to these hydrocarbon pipelines due to shipping hazards in Sangachal Bay were demonstrated to be as low as reasonably practicable (ALARP).

The justifiable spend to protect the pipelines from a sinking ship was shown to be significantly below the cost of implementing additional risk reduction measures.

E) Shtokman Development: Verification Scheme
A Verification Scheme was prepared for the Safety Critical Elements identified as being suitable and sufficient safeguards to prevent, detect, control, mitigate and enable recovery from potential major accident hazards identified during the FEED HAZID for the onshore and offshore sections of the Shtokman trunklines.

Each Safety Critical element has a performance standard associated with it, which provides engineering details regarding the following:

• its functionality;
• the survivability of the element during the major accident it is designed to safeguard against;
• an availability and reliability specification;
• interaction requirements with other safety critical systems.

For each Safety and Environmental Critical Element, the Verification Scheme details the independent assurance and examination activities required to assure and verify that the performance standard can be evaluated and attained during:

• Detail Design;
• Testing and commissioning;
• Operation;
• Decommissioning and plant retiral, if required.

The Verification Scheme also provides a means of controlling any subsequent addition to or modification of the safety critical system.

F) Republic of Korea: EPC Value Engineering Workshop
Details are confidential, however, Critical Success Factors for a major refinery revamp and modernisation project were agreed with the managing contractor to include:

• Meeting the start-up date;
• Meeting performance guarantees;
• No cost overruns;
• Synchronisation with upstream facilities;
• Secure construction manpower in adequate numbers;
• Construct and commission with no Lost Time Injuries;
• Obtain early approval from the Regulator of Environmental Impact Assessments.

An analysis of the Primary EPIC Functions led by the workshop facilitation team as shown in the figure below identified opportunities which were still achievable at the close of FEED to:

• reduce equipment costs through questioning the number of cross-overs in the process plant;
• increase float in the project schedule through streamlining the procurement process;
• optimising offsite fabrication and the use of PAUs.

Some other value improving practices could not be incorporated into this project due to time pressures, but remained available as best practices for incorporation in similar future projects.

Conclusions and Summing up
This article has discussed the potential of effective hazard management and value engineering programmes in the design process to make a positive impact to oil and gas field developments in the challenging natural, working and business environment of Russia.

A map of the Hazard Management Process is shown below, which shows the role and position of HAZID, HAZOP and QRA in the process. A key component of the ALARP Assessment is the verification that the safety critical elements are suitable and sufficient and will remain as such through the project lifecycle.

Any practices and processes adopted by the project from a Value Engineering workshop are then subjected to HAZID and HAZOP.

Topical examples have been used to highlight the possibilities that these studies and workshop can have, particularly when regional knowledge and project experience are considered.