Recent publications on pipeline risk assessment methodologies highlight some confusion regarding tools and models. There are many useful risk analyses tools that are not risk models — that is, they cannot be used to produce a full risk assessment.
See section 3.1 in the text for a complete discussion, but in a nutshell, techniques such as HAZOPS, event trees, fault trees, and many others are important tools in understanding aspects of risk and drilling into certain specific issues. They provide a foundation and inputs for subsequent risk modeling and risk assessments. They are NOT, however, techniques that can be efficiently broadcast along long lengths of pipeline and complex facilities with multiple threats typical of most pipeline systems. They cannot comply with even the simplest test of a risk assessment versus a tool: the ‘map point test’.
A complete risk assessment allows one to select any point on any pipeline system map and obtain answers to any risk question: what is the dominant failure mechanism here? what is the worst case consequence here? what is the internal corrosion PoF here? and countless others. If a technique cannot fully facilitate this simple requirement, it is not fully capturing risk and should not be considered to be a complete risk assessment.
Even so, it might still be an important risk analysis tool. This distinction is critical since attempting to use a tool as a substitute for a risk assessment will be unworkable.