Risk assessment process should emphasize preparation, participation, technical content to maximize effectiveness
By Wael Abouamin, Energy Risk Consulting
Building a deepwater rig that incorporates the latest technical and automation innovations requires planning, coordination and a thorough understanding of the limitations of people and machines. Implementing a risk assessment and management program is an essential part of the rig-building process. Consider some of the challenges in the construction of a sixth-generation ultra-deepwater rig:
• Highly complex systems designed and manufactured by multiple vendors;
• Integrating complex systems with the shipyard-built systems;
• Highly automated systems that require coordination and integration;
• Highly automated systems that need to be operated by rig personnel;
• Highly automated systems that need to be maintained (and, if required, repaired) by rig personnel; and
• Maximize uptime and minimize downtime while maintaining safety and equipment integrity.
The primary objective of a risk assessment is to identify, understand and implement measures to mitigate the risks associated with the design and operation of the rig, systems and equipment.
Risk assessment is a broad term that is used in many contexts: financial, technical, project management, design, manufacturing, etc. It is important to define what is meant when using the term risk assessment. In the context of this article, the following broad steps comprise the risk assessment process: hazard assessment, risk evaluation and risk mitigation.
The objective of this article is not to explain in detail the risk management strategy that can be implemented. This article presents the risk assessment process based on numerous past projects and experiences. The primary tool utilized was the failure modes, effects and criticality assessment (FMECA). This is a well-established methodology that was developed for the aerospace and military industries to analyze complex systems. The methodology was modified to suit the particular needs of the systems and situations to be reviewed for the project. This modification included emphasis on preparation, participation and technical content, particularly in the function description of components. Figure 1 portrays the FMECA process.
The following typical questions were asked during the risk assessment:
• What are the major components in the system?
• How can those components fail?
• What root causes create those failures?
• How can those failures affect the performance of the component?
• How can those failures affect the performance of the system?
• How can those failures affect the performance of the rig?
• What can be done to eliminate the failure?
• What can be done to minimize the likelihood of the failure occurring?
• What can be done to reduce the consequences if the failure occurs?
• Can you detect the failure? (Is it a hidden failure?)
• What is the required maintenance and inspection on the system components?
• How can you improve the system performance?
The modified process emphasized preparation, participation and technical content. This approach maximized the value of the participants’ time in the session and extracted the most relevant information. To demonstrate the level of detail that is involved, Table 1 shows a sample truncated line item in the FMECA spreadsheet describing a temperature transmitter on an electric motor. It indicates the detailed description and emphasis on technical content in the sessions. It also shows the level of preparation that is required to maximize effectiveness.
The FMECA is a bottom-up approach. To ensure that systems are integrated correctly, failure escalation from component to sub-system to system to the entire rig was emphasized.
Participation is also an important factor in the success of the risk assessment. This refers to participation from the equipment manufacturer and the rig crews. Determining the level of participation and the personnel to participate is based on the system or systems being analyzed. Participation of the rig crew also serves as an excellent training and educational opportunity. As the components, systems and rig are analyzed, detailed discussions inevitably arise, leading to improved understanding of the design, operation and maintenance of the systems. It also potentially leads to improvements in the design based on feedback from the equipment users to the manufacturer.
Timing of the risk assessment is another critical factor to ensure success. This refers to the timeframe between detailed design and manufacturing. During this time, there is enough detail in the design to have a thorough and proper analysis, yet it is not too late (or too expensive) to modify the design if any flaws are discovered, improvements suggested or recommendations proposed.
Once the hazard identification and risk evaluation have been carried out, the final step in the process is to implement mitigations to address the identified risks. Generally, the hierarchy of approach is:
A. Implement measures to eliminate the risks.
B. Implement measures to reduce the likelihood of the risks.
C. Implement measures to reduce the consequence.
Eliminating the identified risk can occur in many forms and via many techniques and processes. This can be accomplished through physical changes, such as structural design modifications or adding or removing components, such as valves, sensors, pumps, etc. It is important to note that implemented changes need to be incorporated into the risk assessment. Otherwise, new hazards that have not been evaluated can be introduced.
Implementing measures to reduce the likelihood of events occurring can also be carried out in different ways. Examples include increased maintenance and inspection frequency. Another technique is to increase capacity to a particular system, such as additional pump to a hydraulic system. Operational procedures can be updated or modified to reduce the load on a system, such as the electrical generation on the rig.
Reducing the consequence can be accomplished by providing additional components (reduction in downtime due to inadequate spares), increased training (leading to faster troubleshooting and fixing of failures), increased in maintenance and inspection, testing frequency, etc.
Implementation of recommendations can take the form of:
• System design changes;
• Software changes;
• Changes to factory acceptance testing;
• Changes to commissioning testing;
• Changes to system integration testing;
• Updates of the critical spare parts list;
• Update of maintenance procedures;
• Update of operational procedures.
Risk assessment examples
The following three example findings were chosen to demonstrate the benefit of carrying out an FMECA-based risk assessment.
1. Water mist system redundancy
In this example based on a newbuild rig, a risk assessment was carried out on the fire-fighting system. Included in the assessment was the water mist system covering several critical spaces (in this case, the engine room). During the FMECA, it was identified that two pumps were installed in the system, one as primary and one as a backup. After further scrutiny, however, the FMECA team discovered that there was no automatic switch-over to the backup pump. In a fire scenario, a failure of the primary pump would have required that rig personnel manually switch over to the backup pump. The result was a relatively minor modification to have an automatic switch-over system installed. This minor modification, however, resulted in a significant reduction in risk by substantially increasing the expected availability of a critical firefighting system.
2. Pipe-handling system failure escalation
This example highlights the importance of rig personnel understanding the systems that they are using. This was based on a real situation where a hydraulically operated pipe-handling system had contamination in the hydraulic oil. This led to frequent stoppages due to inconsistent movement. The rig crew did not understand the problem, and their attempt to troubleshoot the root cause of the failure was incorrect. They opened the machine’s electrical panel and pushed the “reset” button in the hopes that would restart the system and solve the issue. The “reset” button, however, also served as the calibration reset. Repeated and incorrect use resulted in a total failure of the pipe-handling system. The result was the need for support from an OEM technician to resolve the issue. Due to the time involved with securing the OEM technician, the consequence of the failure was escalated from a few hours of downtime (to flush out the hydraulic system and clean it) to four or five days of downtime (to send the OEM technician and troubleshoot the system). This serves as an example of reducing the consequence of failure with the correct training and system knowledge.
3. Anti-collision system fault leading to drawworks stoppage
This example demonstrates the importance of thorough system integration assessments and the complexity of interrelationships between systems on automated rigs. While a rig was tripping out of the hole (the drawworks hoisting drill pipe at high speed and low load), a faulty sensor in a different system (in-line compensator, which was not being used) triggered an anti-collision system shutdown. The led to the emergency brakes on the drawworks engaging very quickly, which led to a very fast stoppage of the drawworks drum at high speed, leading to the continued upward movement of the traveling block.
This led the wire rope (fast-line) to move from its grooves on the crown-block. This critical failure had the potential to part the wire rope, which could have resulted in injuries or fatalities and/or significant equipment damage. A detailed risk assessment would have identified the critical shutdown signals from other systems and would have identified that the commands from these signals that should be ignored while these systems are not in use.
This article has attempted to demonstrate the importance and need for a well-planned risk assessment process during the design and construction of deepwater rigs. This is especially true for rigs that are highly automated with complex systems. The benefits include significant risk reduction, better system integration and detailed training and understanding of these systems by the rig crews.
This article is based on a presentation at the 2015 IADC Asset Integrity and Reliability Conference, 16-17 September, Houston.