As the desire for more robust pipeline risk management grows, so too does the need for superior risk assessment. A formal risk assessment provides the structure to increase understanding, reduce subjectivity, and ensure that important considerations are not overlooked. Associated decision-making is therefore more consistent and reliable when formal techniques are used.
But has pipeline risk assessment been improving? Not according to some regulators. As a result of increased scrutiny brought about by IMP in the US, PHMSA notices (ANPRM) in Jan 2011, followed by public meetings in June 2011, showcased that regulator’s increasing skepticism regarding how pipeline operators are measuring risks.
This column seeks to address this situation by offering insights into risk concepts, especially efficient and appropriate ways to measure pipeline risk. Tackling specifics of pipeline risk in bite-sized portions will hopefully make this challenging subject more approachable to those not yet well initiated.
We begin with the immediate concern of how to help ensure efficient regulatory oversight. PHMSA’s recent criticisms are not unjustified. There is currently great disparity in approaches and level of rigor applied to risk assessment by pipeline operators. This is largely due to the absence of complete standards or guidelines covering this complex topic. The disparity leads to inconsistent and problematic oversight by regulatory agencies. Without some standardization or at least consistency of understanding, auditors cannot readily determine where deficiencies may lie. On the other hand, too much standardization—a mandated, prescriptive approach—is inefficient and stifles innovation in this complex arena.
Formal risk assessment is relatively immature in most industries including pipelining. Many relative risk assessment techniques in current use by pipeline operators were developed before formalized and regulated IMP was established. As such, the assessments often do not meet the demanding objectives of the more recent regulatory initiatives. As the author of one of the most widely used indexing models, I can attest that such models were not designed for many of the applications now envisioned by regulatory IMP or other uses of risk assessment that are becoming commonplace today. The simplicity offered by relative or scoring type risk assessment models has made their use widespread. However, most of the early models will indeed require modifications in order to keep up with the new demands.
So, back to the issue of regulatory oversight. A mandated risk assessment approach would introduce a prescriptive element with substantial ‘overhead’ related to the establishment and documentation of the approach. A better solution is to establish guidelines of essential ingredients necessary in any pipeline risk assessment. Critical elements would be identified and it would be left to the operator SME’s to detail those elements.
Properly crafted, defining essential ingredients in a risk assessment would introduce a beneficial amount of standardization without becoming prescriptive. Specifying that all risk assessments contain, at a minimum, a short list of essential ingredients ensures that regulators and regulated are ‘on the same page’. For example, possible essential elements include the following:
- A definition of ‘failure’ to accompany a measurement of ‘probability of failure’ (PoF)
- A measure of consequence potential, separate from the PoF measurement
- Production of a risk profile–all failure mechanisms and consequence potential must be measured at all points along a pipeline, showing changes in risk along the entire route.
- Sufficient resolution—the risk assessment must divide the pipeline into segments where risks are unchanging. While modern risk assessment routinely produces hundreds of segments per km, my rule of thumb is a minimum of 5-10 segments per km.
- All inputs and results must be measurements or estimates expressed in commonly used and verifiable units. The use of measurements (eg, events/km-year, mpy, etc.) instead of points or scores reduces subjectivity and complexity (yes, its actually simpler once the scoring system is discontinued) and allows validation.
- Measurements or estimates of the three key aspects of PoF—ie, the attack, the effectiveness of each of the defenses, the resistance to failure if all defenses are breached—are required for every failure mechanism. Without an estimate of each PoF ingredient independently, a full understanding of PoF is not possible.
- A theoretical remaining life estimate for each time-dependent failure mechanism is required. Without this, how can an integrity re-assessment interval be defensible?
- A target level of conservatism for inputs and other model aspects must be defined. For example, an assessment might reflect P50 (most likely) or, alternatively, P99 (worst case) risks. Note that both are useful but for different applications.
Perhaps all can agree that, regardless of specifics of modeling, a list of essential elements such as these must be a part of an analysis. The essential elements recommended here are actually very simple concepts and easy to implement. As a side benefit, potential modeling issues surrounding aspects such as ‘threat interaction’ and ‘proper aggregation of risk results’ largely disappear when these elements are present.
When all parties agree on what is essential and everyone measures those essential things in some fashion, then everyone is ‘speaking the same language’. A limited amount of standardization in measuring risk is therefore appropriate and useful to all stakeholders. Expectations are managed, audits run smoother, info sharing is improved, and risk management becomes more efficient.
Published March 2012