Process and guidewords for procedural HAZOPs
Introduction
When organisations develop new processes or procedures or revise existing ones, there is great value in stress-testing the proposed new arrangements to ensure they will work as intended, and will not generate unintended adverse consequences. Procedural HAZOPs provide one way of doing this. This technical note outlines the process we use for procedural HAZOPs and the guidewords we recommend for such studies.
Background
The hazard and operability (HAZOP) process has been applied traditionally to chemical, petrochemical and related processing plants and systems. There it is used to investigate the causes, controls and consequences of events or circumstances that might cause the system to function outside its designed ‘normal’ and ‘safe’ operating states.
Despite its origins in the chemical and petrochemical sector, the HAZOP process works very well for all systems and processes, both technical and non-technical. It is now applied in diverse range of applications such as software development, procedure writing, contract development and organisational change.
The HAZOP process examines each of the critical properties of a system in turn. It stresses each one by discussing what could cause that property to move outside the envelope that is regarded as safe. This facilitates the specification and design of controls that ensure the system never becomes ‘unsafe’. Unsafe in this context means unacceptable in terms of performance when compared with the organisation’s objectives.
Stress testing a procedure
Stress testing is achieved by asking questions based on a set of guidewords. Each guideword is a combination of words that describe a critical property or parameter of the system and how it might deviate from normal or expected behaviour.
- Key parameters are commonly related to system properties like ‘action’, ‘time’ and so on
- Deviations are commonly expressed in terms of words like ‘no or not’, ‘more’, ‘less’, ‘as well as’, ‘part of’, ‘reverse’ and ‘other than’
- For example, in a classical HAZOP of a fluid flow system, where flow is a key parameter, combining deviations with the parameter ‘flow’ generates guidewords like ‘no flow’, ‘more flow’, ‘less flow’, ‘reverse flow’ and so on
- In a HAZOP of a procedure, where action is a key parameter, combining deviations with the parameter 'action' generates guidewords like ‘no action’, ‘more action’, ‘less action’, ‘wrong action’ and so on.
Most organisations rely on procedures to ensure their activities are undertaken consistently and to acceptable standards. Despite the significance of procedures in terms of business performance, few organisations undertake formal or systematic risk assessments before they are introduced, or monitor their performance regularly once they are in place. Many organisations have felt the adverse effects of procedures that have been poorly designed or poorly implemented.
Risk management is concerned with adding value and providing the means for managers to make confident and soundly based decisions. A HAZOP study is a form of risk assessment that can be applied to procedures, whether they are being designed, being implemented or already in place and working.
A HAZOP study provides a check on a procedure’s resilience by testing how it responds to stresses or excursions outside normal conditions, as represented by the guidewords. This can assist in:
- Identifying the possible consequences of a new procedure or a procedural change
- Indicating where the design of a procedure might be improved, either to prevent a failure or under-performance, or to capture and lock in better performance than expected
- Developing additional actions to ensure that the change is successful, in the sense of achieving the organisation’s objectives effectively and efficiently.
Conducting a procedural HAZOP
Preparation
Like any form of risk assessment, the context for the procedure should be established in terms of:
- Its purpose and how it is intended to contribute to the organisation’s overall objectives
- Its scope of application
- The stakeholders associated with the procedure and their objectives
- The external and internal factors that might influence the procedure and the way it works.
Establishing the context takes place before the risk assessment, and it only involves a few people for a few hours. The outcomes should be recorded in a briefing note for the HAZOP workshop participants.
Before the workshop, the procedure should be split into ‘key elements’ to facilitate a comprehensive examination. Often the most appropriate key elements are the steps in the procedure. The elements may be extended to include the application of the procedure in different circumstances, supporting processes or equipment, phases of the proposed implementation or other aspects such as publicity, morale or supervision.
Participants
A HAZOP workshop requires a trained facilitator and a recorder.
The other participants in a workshop should be selected from:
- Those who typically will have to follow or operate the procedure
- Those who must review or monitor the operation of the procedure, including managers and supervisors and, in some circumstances, members of the internal audit team
- Specialists from such areas as safety, legal or engineering who can offer a different perspective.
Conduct
Typically, a HAZOP workshop takes from two to four hours, depending on the complexity of the procedure.
The workshop should start with a quick review and update to the statements in the briefing note. The base guideword set shown in Table 1 below is then used to prompt risk identification. The facilitator may choose to add guidewords that are relevant for the organisation or the specific application.
The facilitator should help the team work through the guideword list and apply each guideword to each of the key elements in turn. Some guidewords may be irrelevant for some key elements and they can be omitted. In each case, the team should discuss:
- What might cause the circumstances described by the guideword
- The nature and extent of the consequences if that situation occurred
- The controls in place to change the likelihood of that situation arising or the consequences if it did arise
- Any further controls that would be required to treat the risk
- The priority for risk treatment action, using the organisation’s normal risk rating process.
Outcomes
The outcome of the workshop should be a list of amendments to the procedure, together with any ancillary actions to reduce the risk and ensure the organisation is successful and achieves its objectives.
The amendments and actions might involve:
- The re-wording of instructions for steps in the procedure
- The re-ordering of steps or instructions
- The addition of warning or ‘watch-out’ notes to the procedure
- A revised assessment of factors that could affect the performance of those who must follow the procedure and that might lead to changes in training, workplace design, skills assessment or supervision.
More radical solutions might involve greater automation rather than manual processing, or even stopping the process or the procedural change if it were judged that the risk remained too high.
All proposed risk treatment actions should be costed, and the costs should be considered in the overall cost benefit analysis that is used to justify the procedure or the procedural change. Where the costs and benefits are not tangible or cannot be expressed easily in a single metric, such as dollars, then qualitative cost benefit analysis should be applied.
Guidewords for a procedural HAZOP
Table 1 lists typical guidewords for a procedural HAZOP study. Each guideword is accompanied by topics that might be considered and discussed in a HAZOP workshop when the guideword is applied to a key element or step in the procedure.
Guide word |
Topics for discussion |
---|---|
Purpose |
Is the step needed? Is the intent of this step clear? Can this step be mis-applied? |
No action |
Step is missed or omitted; intended operation did not occur (hardware failure); action impossible; system not ready |
More action |
Operator does more than intended; other actions occur affecting this operation. |
Less action |
Operator does less than intended; hardware does not perform as required; not enough time to complete the step |
Wrong action |
Operator does the wrong thing, starts the wrong job, reads the wrong instructions; personnel perform different or out of date procedure; performs two or more steps at the same time |
Part of action |
Operator only completes part of a composite action (misses out middle part, or final part) |
Extra action |
Operator assumes something is required in addition to what is specified; other procedures interfere; other personnel in wrong area; poor communications; others don't perform as required; a step is repeated |
Other action |
Operator misunderstands instruction and does something completely different; remembers a similar procedure and follows that instead |
Out of sequence |
Operator misses out a step; carries out a step before it should occur, or after it |
More time |
Operator takes longer than necessary over action (leaves something running and gets distracted); starts next action later than expected |
Less time |
Operator carries out action too quickly; starts next action earlier than expected |
More information |
Procedure includes information that is unnecessary and could lead to confusion; contains information that contradicts other information |
Less information |
Necessary information is missing from the procedure; especially information about the starting condition; information which allows operator to check progress, or to identify errors and correct |
No information |
No information or feed back from the process; procedure does not specify expected performance; no specified actions for emergencies |
Wrong information |
Information provided is wrong, out of date or contradictory (oral instruction vs. written, other procedures or steps within this procedure) |
Clarity |
Step is confusing; words are confusing; readability; poor procedure form layout; written in plain English; clearly understandable |
Training |
Adequate training; level of certification required and provided for this step; procedure control (issuing, up-dating, revisions, overriding, communication, distribution and acknowledgment, retraining) |
Abnormal conditions |
Emergencies; recovery from abnormal situations; utility failure; severe or unusual weather; deviation from procedure; make-shift operations |
Maintenance |
Work permits required; equipment condition; recalibration; interface with operations and other parts of the organisation |
Safety |
Personnel protection; OH&S law compliance; industrial hygiene issues; environmental considerations; fire, explosion or chemical release potential |
References
The international standard IEC 61882-2016 Hazard and operability studies (HAZOP studies) - Application guide describes the HAZOP process id detail, with a focus on production and related technical systems. Procedural HAZOP follows the same principles, with a slightly different focus.