CEPA-FIMP-RP-1stEdition-2013.pdf

8/9/2019 CEPA-FIMP-RP-1stEdition-2013.pdf

1/57

Facilities Integrity

Management ProgramRecommended Practice,1st EditionMay 2013


2/57

CEPA Facilities Integrity Management Program Recommended Practice, 1st Edition, May 2013 Page 2 of 57 2013 Canadian Energy Pipeline Association aboutpipelines.com

Notice of CopyrightCopyright 2013 Canadian Energy Pipeline Association (CEPA). All rights reserved. Canadian

Energy Pipeline Association and the CEPA logo are trademarks and/or registered trademarks ofCanadian Energy Pipeline Association. The trademarks or service marks of all other products or

services mentioned in this document are identified respectively.

Disclaimer of LiabilityThe Canadian Energy Pipeline Association (CEPA) is a voluntary, non-profit industry

association representing major Canadian transmission pipeline companies. The Facilities

Integrity Management Program Recommended Practices (hereafter referred to as the Practices)were prepared and made public in effort to improve industry performance and communication of

expectations to stakeholders.

Use of these Practices described herein is wholly voluntary. The Practices described are not to beconsidered industry standards and no representation as such is made. It is the responsibility of

each pipeline company, or other user of these Practices, to implement practices to ensure the safe

operation of assets.

While reasonable efforts have been made by CEPA to assure the accuracy and reliability of the

information contained in these Practices, CEPA makes no warranty, representation or guarantee,

express or implied, in conjunction with the publication of these Practices as to the accuracy orreliability of these Practices. CEPA expressly disclaims any liability or responsibility, whether in

contract, tort or otherwise and whether based on negligence or otherwise, for loss or damage of

any kind, whether direct or consequential, resulting from the use of these Practices. ThesePractices are set out for informational purposes only.

References to trade names or specific commercial products, commodities, services or equipment

constitutes neither an endorsement nor censure by CEPA of any specific product, commodity,service or equipment.

The CEPA Facilities Integrity Management Program Recommended Practices are intended to beconsidered as a whole, and users are cautioned to avoid the use of individual chapters without

regard for the entire Practices.

Suite 200, 505-3rdSt. SWCalgary, Alberta T2P 3E6

Tel:403.221.8777Fax: 403.221.8760


3/57


Table of ContentsTable of Contents ....................................................................................................... 3

List of Tables ............................................................................................................. 5

List of Figures ............................................................................................................ 6

1. Definition of Terms .............................................................................................. 7

2. Introduction ........................................................................................................ 9

2.1. Importance of Terminology ............................................................................. 9

2.2. Revisions to this Recommended Practice ........................................................... 9

2.3. Background and Philosophy ........................................................................... 10

2.4. Framework .................................................................................................. 11

3. Scope .............................................................................................................. 13

3.1. Scope of Facilities and Equipment .................................................................. 13

3.2. Scope of Processes and Mechanisms .............................................................. 14

3.3. Prioritization of Equipment Types and Processes .............................................. 16

4. Corporate Policies, Goals, Objectives and Organization ........................................... 16

4.1. Policies, Goals and Objectives ........................................................................ 16

4.2. Organization ................................................................................................ 19

4.3. Performance Indicators and Targets ............................................................... 19

5. Description of Facilities ....................................................................................... 21

6. Records ............................................................................................................ 22

6.1. Facility Information ...................................................................................... 22

6.2. FIMP Information ......................................................................................... 23

7. Change Management ......................................................................................... 23

7.1. General ...................................................................................................... 23

7.2. Change Management Process Features ........................................................... 24

8. Competency and Training ................................................................................... 25

8.1. Establish Role Requirements.......................................................................... 25

8.2. Conduct Gap Analysis ................................................................................... 26

8.3. Execute Training Plan ................................................................................... 27

8.4. Undertake Follow-Up Discussion .................................................................... 27

9. Hazard Identification and Control......................................................................... 27

9.1. Choose Hazard Identification Method .............................................................. 28

9.2. Hazard Identification Exercise ........................................................................ 29

9.3. Review Potential Consequences ..................................................................... 29

9.4. Estimate Likelihood of Consequences .............................................................. 30

9.5. Conduct an Initial Assessment of Significance .................................................. 30


4/57


9.6. Determine Risk Assessment Needs ................................................................. 30

10. Risk Assessment ............................................................................................. 31

10.1. Risk Analysis ............................................................................................ 31

10.2. Data Availability ........................................................................................ 32

10.3. Organizational Maturity .............................................................................. 33

10.4. Goal of the Analysis .................................................................................. 33

10.5. Magnitude of the Decision .......................................................................... 33

10.6. Risk Evaluation ......................................................................................... 33

10.7. Risk Refinement ........................................................................................ 34

10.8. Risk Reduction Evaluation .......................................................................... 34

11. Options for Reducing Uncertainty, Frequency or Consequences of Incidents ........... 34

11.1. Monitoring and Inspection .......................................................................... 35

11.2. Mitigation ................................................................................................. 36

12. Planning and Executing .................................................................................... 3712.1. Plan and Execute Activities ......................................................................... 37

12.2. Evaluate .................................................................................................. 40

13. Repair ........................................................................................................... 41

13.1. Repair Identification .................................................................................. 41

13.2. Repair Execution ....................................................................................... 41

14. Continual Improvement ................................................................................... 41

14.1. Process Characteristics .............................................................................. 41

14.2. Specific Considerations .............................................................................. 42

15. Incident Investigations .................................................................................... 42A1. Illustrative Example of Equipment Classification Method....................................... 44

A2. Sample Performance Indicators ........................................................................ 50

A3. Guidance Regarding FIMP Documentation .......................................................... 52

A4. List of Hazards for Consideration ....................................................................... 54

A5. Monitoring and Inspection ................................................................................ 55

A6. Reference Documents ...................................................................................... 56


5/57


List of TablesTable 1: Comparison of Facility and Pipe IM Programs ................................................. 10

Table 2: Potential Basis for Initial Prioritization of FIMP Scope ....................................... 16

Table 3: Key FIMP Roles and Responsibilities for Consideration ..................................... 19Table 4: Two Types of Performance Indicators ............................................................ 20

Table 5: Considerations in Establishing Performance Targets ........................................ 21Table 6: Descriptive Parameters for FIMP Pipeline Systems .......................................... 22

Table 7: Recommendations for Data Capture for FIMP Assets ....................................... 23Table 8: Potential Triggers for Change Management Process ......................................... 24

Table 9: Minimum Features of Change Management Process ......................................... 24

Table 10: Considerations in Establishing Competency Requirements .............................. 26Table 11: Resources for Determining Training Needs ................................................... 26Table 12: Categorization of Qualification Gaps ............................................................ 26

Table 13: Mechanisms for Mitigating Qualification Gaps................................................ 27

Table 14: Objectives of Follow-Up Employee Discussion ............................................... 27Table 15: Additional Guidance for Establishing Significance of Risk ................................ 33

Table 16: Parameters for Risk Refinement .................................................................. 34

Table 17: Approaches for Managing Risk .................................................................... 35Table 18: Considerations for Selecting Monitoring & Inspection Activities ....................... 35

Table 19: Mitigation Activity Types ............................................................................ 36Table 20: Considerations for Determining Acceptable Mitigation .................................... 37

Table 21: Considerations for the Review of Current Assumptions ................................... 39Table 22: Considerations for Program Execution ......................................................... 39

Table 23: Considerations for Program Review ............................................................. 40Table 24: Considerations for Addressing Identified Anomalies ....................................... 40

Table 25: Considerations for Executing Corrective Actions ............................................ 41

Table 26: Elements of Continual Improvement Process ................................................ 41Table 27: FIMP Documentation and Reference Guideline ............................................... 52

Table 28: Sample List of Equipment Specific Considerations ......................................... 54

Table 29: Sample List of Monitoring and Inspection Goals ............................................ 55

Table 30: Industry Published Guidance Documents ...................................................... 56Table 31: Additional Guidance from Other References .................................................. 57


6/57


List of FiguresFigure 1: Relationship of FIMP to Existing Corporate Systems ........................................ 11

Figure 2: Facility Integrity Management Program Process .............................................. 12

Figure 3: Sample Equipment Classification High Level ................................................ 14Figure 4: Scope of Processes and Mechanisms for Consideration in FIMP ......................... 15

Figure 5: Translation of Corporate Priorities to Appropriate Integrity Activities ................. 17Figure 6: Consequence Categories for Consideration ..................................................... 18

Figure 7: Competency and Training Process ................................................................. 25Figure 8: Hazard Identification and Control Process ...................................................... 28

Figure 9: Critical Factors in Selecting a Risk Assessment Approach ................................. 32

Figure 10: Process for Planning and Executing ............................................................. 38Figure 11: Sample Equipment Classification Pipeline Breakdown .................................. 45Figure 12: Sample Equipment Classification Meter Breakdown .................................... 46

Figure 13: Sample Equipment Classification Station Breakdown .................................. 47

Figure 14: Sample Equipment Classification Storage Breakdown ................................. 48Figure 15: Sample Equipment Classification Common Systems & Facilities Breakdown ... 49


7/57


1. Definition of TermsThe following definitions apply in this document.

Asset: A generic reference to an arbitrary grouping ofcomponents, equipment or facilities where

groupings are usually defined based on rulesspecific to each Operating Company.

Cathodic Protection: A technique to prevent the corrosion of a metal

surface by making that surface the cathode of

an electrochemical cell.

Consequence: Describes the result of an accidental event. The

consequence is normally evaluated for human

safety, environmental impact and economicloss.

Engineering Assessment: A detailed technical analysis, as may berequired from time to time, to assess or

analyze whether a piece of equipment, orgrouping of equipment, is suitable for service in

its intended purpose or application.

Equipment:

Facilities Integrity

Management Program:

A grouping of individual components designedand assembled to serve and engineering

purpose (e.g., air compressor).

A documented program, specific to the facilities

portion of a pipeline system, that identifies the

practices used by the Operating Company to

ensure safe, environmentally responsible, andreliable service.

Facility: A grouping of individual pieces of equipmentdesigned and constructed to facilitate a larger

(engineering) process (e.g., compressor

station).

Hazard: A condition or practice with the potential to

cause an event that could result in harm to

people, the environment, the companysreputation, business or operation / integrity of

its facilities.

Integrity: Used in the context of managing pipelinesystems, a general understanding or definition

of integrity has to do with quality; that amechanical component meets or exceeds


8/57


design specifications for an intended purpose or

application1.

Integrity Management

Program

A documented program that specifies the

practices used by the Operating Company toensure the safe, environmentally responsible,

and reliable service of a pipeline system.2

Mitigation Activities to manage the risk exposure of aparticular pipeline system or its individual

components. Mitigation activities are broad

ranging and are specific to the context (i.e., thetype of equipment, its current state, and

operating conditions)3. Mitigation may be inthe form of threat mitigation or consequence

mitigation as discussed in Section11.

Operating Company: The individual, partnership, corporation, or

other entity that operates the pipeline system

or an individual facility.

Pipeline: Those items through which oil or gas industryfluids are conveyed, including pipe,components, and any appurtenances attached

thereto, up to and including the isolating valves

used at stations and other facilities4.

Pipeline Integrity

Management Program

A documented program, specific to pipelines,

that specifies the practices used by theOperating Company to ensure the safe,environmentally responsible, and reliable

service of a pipeline system.5

Pipeline System: Pipelines, stations, and other facilities requiredfor the measurement, processing, storage,

gathering, transportation, and distribution of oilor gas industry fluids.6

Risk: Strictly defined as the probability of an event or

occurrence multiplied by the consequence ofthat event as per Equation (1). A detaileddiscussion appears in Section10.

1Baker, H.F., Mechanical Reliability through Mechanical Integrity, Proceedings of 2011 API Inspection Summitand Expo, Galveston Texas, January 2011.2CSA Z662 Oil & Gas Pipeline Systems (CSA Z662-11)3Desjardins, G. & Sahney, R., Encyclopedic Dictionary of Pipeline Integrity, Clarion Technical Publishers, Houston,

Texas, February 2012.4CSA Z662 Oil & Gas Pipeline Systems (CSA Z662-11)5CSA Z662 Oil & Gas Pipeline Systems (CSA Z662-11)6CSA Z662 Oil & Gas Pipeline Systems (CSA Z662-11)


9/57


Risk Assessment: The detailed study undertaken to establish the

risk associated with a specific piece of

equipment, facility or pipeline system. Adetailed discussion appears in Section10.

Service Fluid: The fluid contained, for the purpose of

transportation, in an in-service pipelinesystem7.

Station: A facility used primarily to alter the pressure in

a pipeline system, including

a) piping;b) auxiliary devices such as pumps /

compressors, driver units, controlinstruments, enclosures, ventilating

equipment, and utilities; andc) any associated buildings other than

residences.

2. Introduction

2.1. Importance of TerminologyPart of the objective of this Recommended Practice is to provideclarity and consistency regarding terminology. As such, the reader isencouraged to review Section1 of this document with particular

attention to the following terms and their usage: Facilities Integrity Management Program;

Integrity;

Integrity Management Program; Mitigation;

Pipeline Integrity Management Program;

Pipeline; and

Pipeline System.

These particular terms are important to understanding the scope and

intent of the discussions throughout this recommended practice.

2.2. Revisions to this RecommendedPractice

This Recommended Practice has been developed by CEPAs PipelineIntegrity Working Group (PIWG). It will continue to evolve as newadvances and opportunities for improvement are recognized duringits use by CEPA member companies and from periodic reviews as

deemed necessary by CEPA and/or the PIWG.

7CSA Z662 Oil & Gas Pipeline Systems (CSA Z662 latest edition)


10/57


2.3. Background and PhilosophyThis recommended practice provides guidelines for developing,

documenting, and implementing a Facilities Integrity ManagementProgram (FIMP) for transmission pipeline related facilities. Specificguidance is provided regarding the development of goals and

objectives, as well as supporting programs and processes, toeffectively maintain facilities integrity. This document puts forth therecommendations to be included in an Operating Companys FIMPbased on leading industry practice and building on guidelines

established in CSA Z662 Annex N.

The objective of a FIMP is to provide Operating Companies with aformalized mechanism to maintain the integrity of the managed

assets that demonstrates a commitment to protect the health andsafety of the general public, employees and the environment.

Further, the guidelines are intended to allow flexibility in thedevelopment of a FIMP and to remain relevant to the Operating

Companys context while identifying leading practices in the area. The

FIMP is not intended to duplicate any systems, processes orinformation that may already exist. Thus, this recommended practice

is structured to allow Operating Companies the ability to acknowledgeany pre-existing body of work that have been incorporated into theirrespective processes or programs.

It should be noted that an integrity management program forfacilities is, by definition, quite different from an integrity

management program (IMP) for a pipeline. These differences are

driven by the nature of the assets to be managed (scope) and theresulting objectives (program purpose) for those assets as well as

vastly differing life cycles. These key differences are identified and

summarized inTable 1.Table 1: Comparison of Facility and Pipe IM Programs

Parameter IMP FIMP

Scope Assets relatively uniform (i.e., pipeline(s)of varying grades, wall thicknesses anddiameters).

Disparate asset types.

Program Goal The safe, environmentally responsible,and reliable service of pipeline(s) byworking towards minimizing loss ofservice fluid containment.

The safe, environmentallyresponsible, and reliable service of allpipeline system facilities, exclusive ofpipelines, by striving to ensure controland containment of service fluids and

Equipment meets or exceeds designlife given its intended purpose and

actual operating conditions.

Asset Life Cycle Long lifecycle. Life cycles vary significantly and

Assets with long life cycles oftencontain numerous components withshort lifecycles.

Each Operating Company will select processes appropriate for its

situation, associated with a FIMP, and separate these from its Pipeline


11/57


Integrity Management programs. Where relevant, existing reliability

programs and prescribed equipment management programs can be

referenced by the FIMP and may continue to exist with theappropriate linkages to FIMP processes.

More specifically, and as illustrated inFigure 1,the FIMP is intended

to encompass all of an Operating Companys facilities with theexception of the pipeline (which would be covered by a Pipeline

Integrity Management Program). However, it is fully expected thatOperating Companies would then refer to any existing programs,

processes and databases, where appropriate, within the FIMP

document. In effect, the FIMP is an umbrella document referring topre-existing material for the vast majority of facilities that may

already be managed through existing systems leaving only a limitedscope of facilities and / or equipment (if any) to be formally managed

through the FIMP process itself.

Figure 1: Relationship of FIMP to Existing Corporate Systems

2.4. FrameworkThis document builds on the framework outlined in CSA Z662

Annex N as a basis for providing guidance on developing a FIMP.Specifically, the following major elements detailed in Figure N1

(reproduced here asFigure 2)of CSA Z662 Annex N (2011 Edition)are described and discussed in the context of FIMP development:

a) Section3:FIMP Scope;

b) Section4:Corporate Policies, Objectives and Organization;c) Section5:Description of Facilities;

d) Section6:Program Records;e) Section7:Change Management;

f) Section8:Competency and Training;

g) Section9:Hazard Identification and Control;h) Section10:Risk Assessment;i) Section11:Options for Reducing Uncertainty, Frequencies and

Consequences;

j) Section12:FIMP Planning and Execution;k) Section13:Repair;

l) Section14:Continual Improvement; and

m) Section15:Incident Investigations.

FacilitiesIntegrity

ManagementProgram(

FIMP)

Incorporates existingprograms by reference

Incorporates existingprocesses by reference

Incorporates existing data /documentation by reference

Assets directly managedthrough FIMP document


12/57


Figure 2: Facility Integrity Management Program Process8

8Adapted from CSA Z662 Oil & Gas Pipeline Systems (CSA Z662-11) Figure N1

Section 3: Integrity management program

scope

Section 4: Corporate policies, objectives,

and organization

Section 5: Description of pipeline systems

Section 6 to 8: Integrity management program records,

change management, competency and training

Identify potential hazards

Risk assessment

Section 15: Incident

Investigations

Can the hazard lead to

significant consequences?

Perform risk

assessment?

Choose to

refine risk

analysis?

Is risk

significant?

Select control

measure(s) for riskreduction

Select control

measure(s) for risk

reduction

Establish, plan, and

schedule activities

Review and evaluate

program control

methods and risk

management cycle

Implement activities Changes?

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Section 9: Hazard

Identification and

Control

Section 11:

Options for

Reducing

Uncertainty,

Frequency or

Consequences of

Incidents

Section 10: Risk

Assessment

Section 12 & 13:

Planning, Executing &

Repair

Section 14: Continual

Improvement


13/57


3. ScopeFIMP documentation must clearly define the scope of facilities and equipment

(and associated processes) managed directly by the FIMP document versus the

assets managed through other systems and documents (as perFigure 1).Where equipment is managed through other systems and documents, the FIMP

should clearly refer to the relevant documentation. Additional guidanceappears in the remainder of this Section.

3.1. Scope of Facilities and EquipmentThis document uses a definition of Facilities and Equipment derived

from usage of the terms: Pipeline Systemand Pipelinein CSA Z662

(2011 Edition). That is, a Facilities Integrity Management Program(FIMP) is intended to address all components of a Pipeline System,

with the exclusion of the Pipeline itself (to be covered by a Pipeline

Integrity Management Program). Any asset types covered by new orexisting programs, that are supportive of the objectives and goals ofthe FIMP, may be incorporated into the FIMP by reference.

Further, given the nature of the FIMP and the need to address a widevariety of asset and equipment types, the Operating Company should

use a systematic and consistent classification method as a

mechanism for addressing all asset classes. The classification methodmay be based on a number of approaches one of the most commonexamples is the use of an equipment hierarchy. Such structures are

typically used in the corporate Computerized MaintenanceManagement System (CMMS). In the absence of a pre-existingclassification methodology, the systems (or function-based) approach

shown inFigure 3 could be adapted.


14/57


Figure 3: Sample Equipment Classification High Level

Additional levels of detail for such an Equipment ClassificationHierarchy, while not exhaustive, are illustrated in AppendixA1.

Further details can be developed based on the hierarchy as needed

and appropriate for the facility.

3.2. Scope of Processes and MechanismsA FIMP shall be documented and consider the methods for collecting,integrating, and analyzing information related to the processes and

mechanisms identified inFigure 4,as appropriate for the type of

facility and the operating companys operations. The approach shouldbe consistent withFigure 2 and as holistic as possible that is,

incorporate the entire lifecycle to the extent possible. Thus, the

process is fundamentally a variant of the Plan-Do-Check-Act cycledeveloped by Deming9.

One of the key implications of adopting a life cycle approach is toensure that hazard management (as per Section9)is an inherentpart of each major stage of the pipeline system project (e.g., design,

construction, operations etc.,).

9Ronald D. Moen, R. & Norman, C.,Circling Back Clearing up myths about the Deming cycle and seeing how itkeeps evolving, Quality Progress, Published by American Society for Quality, Nov 2010.Accessed Dec 2012.

Pipeline System

Stations Meter Station

Pipeline (significantelements managed

through parallel IMP)Storage

Common Systemsand Equipment
http://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.htmlhttp://asq.org/quality-progress/2010/11/basic-quality/circling-back.html


15/57


Figure 4: Scope of Processes and Mechanisms for Consideration in FIMP

Plan

Optimize life cycle

cost

New technology

Integration of newfacilities intoexisting pipelinesystems

Design

Expected damage

and deteriorationmechanisms

Expected

inspectiontechniques

Materialspecification(s)

Optimize life cyclecost

MaterialPurchase

Manufacturing

imperfections(manufacturinginspections)

Material testreports

Safehandling/shippingprocedures

Receipt inspections

Storage methods

Construct

Construction /

installation defects(constructioninspection)

Commissioning

Turn-over

Operate

Expected damage

and deteriorationmechanisms

Damage incidents

Failure incidents

Conditionmonitoring

Maintenance,repair andreplacement

Operational /Asset Changes

Change operating

conditions

Change of servicefluid

Addition of newfacilities/facilitytypes

Deactivate /Reactivate

Deterioration

mechanisms

ConditionMonitoring

Decommission/ Abandon

In-situ

abandonment

Removal /reclamation


16/57


3.3. Prioritization of Equipment Types and

ProcessesWhile attempting to formulate the initial version of a FIMP, theOperating Company may need to prioritize certain equipment types

and processes. This initial prioritizationTable 2,can be based on anumber of approaches (or combination thereof) based on what is

most relevant for the Operating Company. Table 3 provides asuggested approach.

Table 2: Potential Basis for Initial Prioritization of FIMP Scope

Description Approach

Industry Incidents and Failures Industry experience with similar facilitiesspecifically damage incidents,failures and associated consequences.

Company Incidents and Failures Corporate experience with similar facilitiesspecifically damageincidents, failures and associated consequences.

Corporate Policies and Objectives Could vary significantly but examples include:

o Facilities critical to ensuring business continuity ando Equipment nearing end of design life (but perhaps no damage or

failure incidents).

Obviously, once the FIMP has been established, priorities will be

established based upon the process itself (specifically, the

identification of areas of significant risk as per Section10.6).

4. Corporate Policies, Goals,

Objectives and Organization4.1. Policies, Goals and Objectives

A FIMP is a key mechanism for translating corporate priorities intoappropriate activities and tasks for execution as identified inFigure 5.


17/57


Figure 5: Translation of Corporate Priorities to Appropriate IntegrityActivities

A FIMP is a key mechanism for translating corporate priorities intoappropriate activities and tasks for execution as identified inFigure 5.

The FIMP document should contain, or appropriately referencedocuments describing relevant guiding corporate policies, values,

objectives and performance measures. It would be expected thatbroadly these would commit to operating pipeline systems in a

manner that protects the safety of the public, Operating Company

employees and protection of the environment.

Any specific facility integrity related goals and objectives would bedescribed in detail in the FIMP and be aligned with the overarching

corporate policies and objectives. Since goals and objectives are

often defined in terms of potential outcomes, guidance should extendto the different types of consequences that are to be considered and

the relative significance of those consequences (see Section 10.6).Potential consequences categories, aligned with CEPAs Integrity

First Program, are provided in Figure 6.

Facilities Integrity Management Plan

Integrity relatedpolicies

Integrity related goalsIntegrity related

objectivesIntegrity related

performance measures

Corporate priorities

Policies Values Objectives


18/57


Figure 6: Consequence Categories for Consideration10

10Adapted fromCEPA Integrity First(Accessed December 2012)

Consequence

Categories

Safety

Public Safety EmployeeSafety

EmergencyMgmt

Preparedness

Response

Repair &Reclamation

Environment& Land

Land

Ground

Distrubance

GroundContaminatio

n

Air

Total

Emissions

Ambient AirQuality

Water

Watershed

Disruption

WaterCrossings

Water Quality

Flora & Fauna

Habitat &

MigrationDisruption

Impact toSpecies

Noise

Impact of

Operations

Socio-Economic

Land Use

Landowner

Relations

AboriginalRelations

Land Use

Agreements

Heritage Sites

Workforce

Safety Culture

Business

SystemRelaiability

Service

Disruption

CustomerService

Financial

Revenue

OperatingBudgets

CapitalExpenditure
http://www.cepa.com/about-us/cepa-integrity-firsthttp://www.cepa.com/about-us/cepa-integrity-firsthttp://www.cepa.com/about-us/cepa-integrity-firsthttp://www.cepa.com/about-us/cepa-integrity-first


19/57


4.2. OrganizationA critical element of successfully implementing the processes andactivities associated with a FIMP will be a clear articulation of rolesand responsibilities of Operating Company personnel for each aspect

of the program. While organizational structures will vary across

Operating Companies, the following functions typically associatedwith a management systems approach should be identified andassigned to appropriate individuals, groups or departments.

Table 3: Key FIMP Roles and Responsibilities for Consideration

Category Description

FIMP Accountability The accountable individual(s), to whom the Operating Company delegates authority, should beclearly identified:

o These functions are responsible for ensuring that appropriate human and financial resourcesare assigned to establishing, implementing, and maintaining the facility integrity managementprogram.

ProgramDevelopment andImprovement

These functions are responsible for the development of the FIMP, identification of hazards and

associated risk assessments and identification of hazard control activities as well as oversight ofthe FIMP processes.

A critical element is the identification of key roles, outside of traditional integrity groups, thatsupport FIMP.

Specifically Sections:3to5,7to11 and14.2.

RecordsManagement

These functions are responsible for ensuring that adequate records are maintained in support ofFIMP development, implementation and associated activities.

Due to the potentially large breadth and depth of these activities, this function may be dispersedacross a number of departments and groups within the Operating Company.

Specifically Section6.

Program Planning,implementation andReporting

These functions are responsible for planning and executing integrity related work along withdocumentation and analysis of results.

Specifically Sections12 through to13.

Program Audits,Reviews andEvaluations

These functions work closely with the Program Development and Improvement functions toreview, audit and assess the effectiveness of the FIMP and supporting activities.

Specifically Section14.

Communications Communications are critical through all stages of FIMP development, execution and managementof change. As such, responsibil ities for communicating, and nature of such communications,shall be established and documented for each stage of the FIMP process.

4.3. Performance Indicators and TargetsAs identified inFigure 5,a key element of successfully translating

relevant corporate direction to a FIMP is to establish performanceindicators (and associated targets). Further, the definition and

monitoring of performance indicators provides a mechanism tomonitor whether the FIMP is functioning effectively.

4.3.1. Performance IndicatorsIn general, effective performance indicators should bereliable, repeatable, consistent, comparable, and

appropriate to the intended need.


20/57


There are two main types of performance indicators:

Leading and Lagging. These are described in further detail

inTable 4 with examples provided in AppendixA2. Ingeneral, a well-structured approach would be comprised of

both indicator types.

Table 4: Two Types of Performance IndicatorsCategory Description

Leading Indicators Leading indicators measure the performance of a management system element orprocess, operating or maintenance procedure, control, mitigation, or evaluation inpreventing incidents or loss of integrity events. These indicators look forward and arefocused on prevention.

Lagging Indicators Lagging indicators look at performance that can be measured in relation to the past.They evaluate events that have already occurred, such as leaks, ruptures, fires, andinjuries, and the data collected as a result of these events can be utilized to preventrecurrence of similar events in the future. Lagging indicators are typically within anoperators control to collect, are relatively easy to measure, and are typically comparableto industry data.

4.3.2. Performance TargetsTargets for performance must be established against whichthe chosen performance indicators can be measured. Fromthe comparison of results against targets, trends can be

identified that can be used to modify or enhance FIMPactivities (as warranted). In establishing realisticperformance targets, a number of factors need to be

considered. These are described in further detail inTable 5.


21/57


Table 5: Considerations in Establishing Performance Targets


Current State of Facilities The current state of facilities (or to the extent this can be inferred), is a critical inputparameter in establishing practical performance targets. For example, it is unlikely thatpoorly maintained equipment can be expected to perform to the same level as wellmaintained equipment.

Corporate Objectives Corporate objectives are a critical input to establishing relevant performance targets inthe FIMP. For example, it is likely unrealistic to expect significant gains in a specificarea of equipment performance if underlying funding is not available.

Benchmark Data In the absence of clear performance targets, or in the situation where an OperatingCompany wishes to gauge its performance relative to its peers, industry benchmarkingmay also be considered. While this approach can be expensive and time consuming(i.e,. use of specialists in this area is warranted), it does allow the Operator a broaderperspective with respect to Corporate Performance. Data sources may include (but arenot limited too):

o API Pipeline Performance Tracking System (PPTS)for liquid pipelines and APImembers only;

o The Health Safety Executive which regulates off-shore hydrocarbon systems in theUnited Kingdom has managed a hydrocarbon release database as of October 1,1992. Thedatabaseis intended as an industry information source to support the

management of hydrocarbon releases. Direct database access may be granted ona discreet basis potentially for a fee as described in the databaseFAQ;and

o CONCAWE11The organization is an industry supported research group with ascope that has expanded to track and asses oil pipeline performance in Europe.

5. Description of FacilitiesAfter articulating the scope of equipment and facilities encompassed by the

FIMP, Operating Companies should develop and maintain a detailed inventoryof the relevant facilities and equipment falling under the FIMP. The use of asystematic and consistent classification method will provide a mechanism for

addressing all equipment types (as per Section3.1). This inventory may existin a number of forms; however, it is most likely to exist as part of a corporateComputerized Maintenance Management System (CMMS) system or its

equivalent. Further, the inventory should include, or have clearly associated

with it, appropriate descriptive parameters. Table 6 provides a suggested list ofsuch information.

11TheOil Companies' European Association for Environment, Health and Safety in Refining and Distribution
http://www.hse.gov.uk/offshore/statistics/hsr2002/section3.htmhttp://www.hse.gov.uk/offshore/statistics/hsr2002/section3.htmhttp://www.hse.gov.uk/offshore/statistics/hsr2002/section3.htmhttps://www.hse.gov.uk/hcr3/help/help_public.asp#FAQhttps://www.hse.gov.uk/hcr3/help/help_public.asp#FAQhttps://www.hse.gov.uk/hcr3/help/help_public.asp#FAQhttp://www.concawe.be/Content/Default.asp?http://www.concawe.be/Content/Default.asp?http://www.concawe.be/Content/Default.asp?http://www.concawe.be/Content/Default.asp?https://www.hse.gov.uk/hcr3/help/help_public.asp#FAQhttp://www.hse.gov.uk/offshore/statistics/hsr2002/section3.htm


22/57


Table 6: Descriptive Parameters for FIMP Pipeline Systems

Parameter Description

Equipment type The use of a standardized hierarchy, or equipment breakdown structure (such as thatused in corporate CMMS systems) should be used.

In the absence of an internal breakdown structure, while not exhaustive, the structureoutlined in Section3.1 and AppendixA1 could be adapted to suit corporate

requirements.Function Where it is not obvious, the purpose of the equipment should be identified; similar to

equipment type, descriptions should be standardized.

Location May or may not be geospatially referenced.

Should have unique asset tags / IDs.

Dimensions / materialcharacteristics

Key parameters, specific to the type of equipment, should be captured. Examples ofthese parameters include: coating type, pressure rating, temperature rating etc.

Operating conditions Key parameters, specific to the type of equipment, should be captured. Examples ofthese parameters include: service fluid, operating pressure, temperature range,operating limits etc.

Physical surroundings /boundaries

Both manmade (e.g., buildings) and natural (e.g., sensitive habitat) risk receptorsshould be identified and considered and

Both manmade (e.g., wildlife fencing) and natural (e.g., ridge) barriers should be

identified and considered.

6. Records

6.1. Facility InformationOperating Companies shall assemble and manage records related to

facility design, material selection, purchasing, construction, operation,

and maintenance that are needed for performing the activities

included in their facilities integrity management program for theequipment included in the FIMP as outlined in Section3. For newfacilities, the process of accumulating this information should be built

into and documented in an Operating Companies projects

development practices. It is much more efficient and accurate tocompile this information while such projects are active than toundertake it after the fact.

For existing facilities, the availability of records will vary from facilityto facility and within types of equipment; items to be considered for

inclusion should include as much of the information identified in

Table 7 as possible and as appropriate for the type of facility andequipment included. Where data gaps are identified due to legacy

issues, Operating Companies should take reasonable steps to gather,reproduce/revalidate the needed records or otherwise show that ithas sufficient information to make effective FIMP related decisions.The information described inTable 7 would be considered the

minimum data set necessary to adequately support a FIMP.


23/57


Table 7: Recommendations for Data Capture for FIMP Assets

Parameter Description / Examples

Location With respect to third party line crossings, nearby land developments (includegeotechnical assessments and environmental assessments) and other environmentalreceptors;

Terrain, soil type, backfill material, and depth of cover for any buried facility piping;

Class Location as per CSA Z662; andActivities in the area surrounding the facility that may become consequence receptors or

increase the risk of external interference.

Construction Records Physical attributes and characteristics;

Age/date of installation;

Physical location of the equipment along with orientation and configuration;

Coating type and thickness for piping;

Material of construction; and

Construction quality control documents (e.g. material test reports, NDT reports,hydrotest records).

Operating Conditions Design limits on pressure, temperature, loading, and other operating conditions vs.,actual limits;

Product corrosivity (water and debris, bacteria, chlorides, etc.);

Product (wet or dry gas, oil, condensate, water, etc.); Operating history (where available, records regarding pressure, temperature, flow rates

immediately prior to failure as well as longer timelines); and

Anomalous weather conditions.

Maintenance / testrecords

CP Monitoring for buried facilities;

Repair history;

Maintenance and inspection records; and

Pressure test records for piping and equipment (e.g. hydrotest records, valve bodyfactory tests).

Incidents Incidents and near misses related to facility integrity.

6.2. FIMP InformationIn addition to the foundational equipment information identified inSection6.1,Operating Companies should assemble and managerecords related to FIMP activities and processes outlined in this

document. Additional guidance regarding recordkeeping, with regard

to the process outlined in this document, is provided in AppendixA3.

7. Change Management

7.1. GeneralOperating Companies shall develop and implement a changemanagement process for changes that have the potential to affect theintegrity of their facilities or their ability to manage known hazards.

The triggers for such changes can be grouped into two categories and

applied as appropriate for the type of facility:


24/57


Table 8: Potential Triggers for Change Management Process

Nature of Trigger Examples / Description

Internal The ownership of a facility;

The organization and personnel of the Operating Company;

The organization and personnel who operate and maintain the facility;

Facility equipment and control systems;

Facility operating status, such as idling, facility shutdown, or decommissioning canintroduce temporary hazards not expectedduring normal operations;

Operating conditions;

Product characteristics;

Methods, practices, and procedures related to facility integrity management; and

Program execution findings (see Section14).

External Standards and regulations related to facilities integrity management;

Other installations (e.g., power lines) that cross piping and other equipment or facilities;

Environmental factors, such as flood, fire, ground movement, if changes to the facilitymust be made to account for these factors; and

Adjacent land use and development.

7.2. Change Management Process FeaturesThe change management process shall have procedures in place to

address and document the following, as appropriate, for the type offacility:

Table 9: Minimum Features of Change Management Process

Element Description

Definition of Change The change management process should define what constitutes a change. This maytake several forms:

o Based on a specific incident, trigger (new regulation comes into force);

o Could be based on a threshold (i.e., if failure frequency of a particular piece ofequipment exceeds a predetermined value); and

o Cost or financial impact that exceeds a predetermined value.

Monitoring for Change Method of monitoring for and identifying anticipated and actual changes that affectfacility integrity.

Establishing RACI Identification of responsibilities for identifying, approving, and implementing changes.

Reason for change Reasons for changes.

Analysis The analysis carried out to identify the implications and effects of the changes.Communication Method of communication of changes to affected parties.

Close out Close-out procedures as a means for reinforcing the changes required (includingdocumentation requirements).


25/57


8. Competency and TrainingCompetency and training is a critical element of the FIMP Framework. As such,

a standalone scalable process for managing competency and training of those

individuals responsible for administering and carrying out FIMP related activitiesis described herein. Given that corporate performance management systems

as well as learning and development philosophies vary greatly from oneOperating Company to another, it is acknowledged that this process represents

a leading practice approach for a standalone process and that individualoperators will need to execute elements of this recommendation within the

constraints of their existing processes, initiatives and systems or develop new

practices related to competency and training in support of their FIMP. Aprocess map appears inFigure 7;details regarding the process appear below inthe remainder of this Section.

Figure 7: Competency and Training Process

8.1. Establish Role RequirementsThe first step in establishing appropriate competency for individualsinvolved with FIMP related work is to establish a clear role description.

More specifically, FIMP related tasks should be clearly identified for

each role additional detail is provided below inTable 10.

Begin Section 8.0: Competency & Training

Process

Section 8.1: Establish Role Requirements

Section 8.2 Conduct Gap Analysis

Update on

Routine Basis

Section 8.3 Establish Training Plan

Section 8.4 Undertake Follow Up

Discussion

Section 8.5: Execute Training Plan

End Section 8.0 Competency & Training

Process


26/57


Table 10: Considerations in Establishing Competency Requirements

Competency / TrainingRequirement

Description

Basic FIMP Awareness Existing job descriptions updated for any reorganization and personnel changes.

Task Specific Training For Design, Procurement , Construction, Operations, Maintenance and Inspectionpersonnel (both company employees and contractor personnel).

Ongoing Training andDevelopment

For those responsible and accountable for elements of the FIMP.

8.2. Conduct Gap AnalysisThe gap analysis entails a cross-referencing and documentation of the

employees qualifications relative to the requirements of the currentrole as well as the expected future needs of the role in light of FIMPrequirements. In undertaking this analysis, a number of sources can

be used the primary resources are listed in the table below.

Table 11: Resources for Determining Training Needs

Source Description

Job Description Existing job descriptions updated for any reorganization, responsibility and personnelchanges.

Employee Resume Should be current and include formal education/training, experience and listing of otherrelevant skills.

Employee TrainingRecords

Internal records.

Discussion with SeniorTechnical Staff

Senior technical staff may be in a position to provide a long term perspective on FIMPrelated skills requirements and how this may affect the nature and size of staff requiredgoing forward.

Annual goals andobjectives

Existing staff performance management related documentation.

Once gaps have been identified, the items need to be categorized and

prioritized. Categorization of gaps can be based on one of twoparameters:

Table 12: Categorization of Qualification Gaps


Current A gap identified based on the current job description where no alternative is available forperforming the given function or task and

Gap to be addressed within 12 months or less.

Development A gap identified based on the longer term Employee career goals and/or FIMP medium to longterm projected needs and

Gap does not need to be addressed within 12 months.

While the prioritization will need to be specific to each case, typically

requirements for immediate / ongoing operations should beprioritized ahead of longer term requirements. Additional factors inestablishing a prioritization include: access to alternative resources,

feasibility as well as availability of training.


27/57


8.3. Execute Training PlanThe Training Plan is a clear articulation of how the gaps identified in

Section8.2 will be mitigated. A number of mechanisms to addressgaps appear in the table below.

Table 13: Mechanisms for Mitigating Qualification Gaps

Mitigation Type Description

Formal training /Education

Can be comprised for formal courses delivered either by academic institutions, industryfor-profit providers or in-house staff.

Length and nature of training varies significantly and can be accessed through existingofferings or custom training solutions.

On-the-job Training Training largely accomplished through work experience.

Requires that senior technical resources are available and accessible to facilitate learning,mentoring and oversight within the context of the project.

Formal Mentoring Employee may be formally assigned a mentor for some, or al l aspects, of their role .

Nature of mentoring (access, frequency, and scope) is to be agreed in advance.

Self-directed Learning Informal learning that can be facilitated a number of ways such as reading technical books,journals and articles.

Discussions with senior technical individuals or industry experts (not in formal mentoringrelationships), attendance of works shops and conferences would also fall into thiscategory.

8.4. Undertake Follow-Up DiscussionOnce a Training Plan has been articulated, further discussionsbetween the supervisor and employee are needed. The objectives of

this discussion are described in the table below.

Table 14: Objectives of Follow-Up Employee Discussion

Objective Description

Confirmation of understanding Confirm employee understands FIMP current and future (anticipated)

needs and Review gap analysis and identify and disconnects

Discussion / agreement of path forward Review and agree that Training Plan is relevant and practical

9. Hazard Identification and ControlThe Hazard Identification and Control aspect of FIMP is a combination of asignificant number of procedures and activities. As such, a standalone scalableprocess for managing this element of FIMP execution is described herein. It is

important to note that the process(es) developed must be suitable for use at all

stages of a facilities life-cycle as described inFigure 4. Hazard Identification

and Control is not a process that is only applied during the operating life of afacility.

Given that corporate tools, practices and philosophies vary greatly, it isacknowledged that this process represents a leading practice approach for a

standalone process and that individual operators will need to execute elementsof this recommendation within the constraints of their existing processes,initiatives and systems. Thus, Operating Companies should develop a formal


28/57


written process to identify and address hazards that have the potential to

impact the integrity of facilities and equipment. The adequacy of any hazard

controls implemented shall be periodically reviewed. A process map appears inFigure 8;details regarding the process appear below in the remainder of this

Section.

Figure 8: Hazard Identification and Control Process

9.1. Choose Hazard Identification MethodAppropriate tools or methods shall be used to identify hazards andthreats. The tools and techniques chosen shall be suited to the typesof risks that are expected to be identified, and shall achieve thedesired level of granularity and output.

There are a wide range of hazard identification techniques describedin the literature; however, with a few exceptions (e.g., HAZOPtechniques), there is a general lack of formal guidance to support

Begin Section 9.0: Hazard Identification

Section 9.1: Choose Hazard Identification

Method

Section 9.2 Conduct Hazard Identification

Activity

Perform risk

assessment?

No

Yes

Section 9.3 Review Potential

Consequences

Section 9.4 Estimate Likelihood of

Consequences

Section 9.5: Conduct Initial Assessment of

Significance

Section 9.6: Determine Risk Assessment

Needs

Proceed to Section 11: Options for

Reducing Uncertainty, Frequency or

Consequences of Incidents

Proceed to Section 10: Risk Assessment


29/57


these techniques. An extensive literature review, published by the UK

Health and Safety Executive12, can be used as a starting point for

selecting an appropriate Hazard Identification Method.

The document provides extensive discussion on the topic; however, ingeneral, the document provides a review of ~40 hazard identification

methods; these techniques have been divided into four categoriesdepending on the area in which they are predominantly applied:

a)Process hazards identification;b)Hardware hazards identification;

c)Control hazards identification; and

d)Human hazards identification.

Further guidance regarding hazard identification can be found inAPI 75013as well as CSA Z66214.

9.2. Hazard Identification Exercise

9.2.1. Gather ResourcesDepending on the Hazard Identification Method chosen,significant resources may need to be gathered. These

resources may in the form of data and/or subject matter

experts (SME) as well as additional support tools andresources.

9.2.2. Conduct Hazard Identification ExerciseConduct the hazard identification activity using the chosen

tool(s). Consider typical hazards and incident history, aswell as encouraging out-of-the-box thinking to identifyhazards that may not be obvious. When identifying hazards,

consideration should be given to failure causes andassociated events as those listed in AppendixA4. This isnot an exhaustive list; however, it provides a starting point

for consideration.

It should also be noted that in some cases, sufficient information maynot be available to identify all of the relevant hazards. In these

situations, an Operating Company may choose to conduct additional

monitoring and inspection, as per Section11.1,before returning tothis activity.

9.3. Review Potential ConsequencesWhether conducted as part of the Hazard Identification Exercise (asper Section9.2)or separately, Operating Companies should also

consider the range of potential consequences they could face in light

12Glossop,M.., Ioannides, A., and Gould, J., Review of Hazard Identification Techniques, Health and SafetyLaboratory, An agency of the Health and Safety Executive, United Kingdom, HSL/2005/58, 2000.13API RP 750: Management of Process Hazards14CSA Z662 Oil & Gas Pipeline Systems (CSA Z662 latest edition)
http://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdfhttp://www.hse.gov.uk/research/hsl_pdf/2005/hsl0558.pdf


30/57


of the identified hazards in a systematic and consistent way. The

framework for assessing consequences is expected to be Operating

Company specific; however, material provided inFigure 6 may beused as the basis for this framework. . The magnitude and

significance (as per Section10.6) of these consequences should alsobe established.

Depending on the nature of the risk analysis method(s) anticipated

(as per Section10), there may be some need at this stage toestablish a common currency for estimating the magnitude of

consequences. Facilities under a FIMP will in all likelihood be situated

at different geographical locations. Therefore in order to makereasonable comparisons between the facilities a common risk

comparator will be required. The most common basis for establishingconsequence values is in monetary terms; however, based on the

nature of the risk analysis to be undertaken (e.g., use of qualitativeor points-based relative methods), monetary valuation of

consequences may not always be appropriate.

9.4. Estimate Likelihood of ConsequencesWhether conducted as part of the Hazard Identification Exercise (asper Section9.2)or separately, Operating Companies should also

estimate the likelihood of various consequences it could face in lightof those identified in Section9.3. This can be done using historical or

probabilistic approaches depending upon the nature of the availableinformation.

9.5. Conduct an Initial Assessment of

SignificanceOnce a basic understanding of potential consequences and theirfrequencies have been established, the Operating Company will be in

a position to determine if the consequence is considered to besignificant, and document the supporting rationale, using the definedrisk criteria. This may be done using a risk ranking, consequence

ranking, or description of what the Operating Company considers to

be significant (as per the application of Sections4.1 and10.6);however the Operating Company may choose to define criteria moreconservatively for this stage of evaluation based on the uncertainty of

the assessment (availability of data, quality of data, disagreementbetween Subject Matter Experts (SMEs), etc,).

9.6. Determine Risk Assessment NeedsIf the hazard(s) is determined to not have the potential to result in asignificant consequence, a full risk assessment may not be required;however, Operating Companies shall develop a formal written process

to monitor the controls that are currently in place, and confirm they

are adequately maintained to continue managing the hazard. If aconsequence is determined to be significant, Operating Companies


31/57


should assess the risks associated with the hazards as noted in

Section10 of this document.

10. Risk Assessment

10.1.Risk AnalysisAfter having identified the hazards that have the potential to affect

facilities, the likelihood that these hazards will lead to a failure or

damage incident should be determined by the Operating Companythrough a risk assessment process. There are numerous literaturesources and/or consultants that can provide detailed direction

regarding the overall risk analysis process including Annex B of CSA

Z662. In general, the risk analyses considered will fall into one ofthree categories:

Qualitative risk assessment;

Semi-quantitative risk assessment; and

Quantitative risk assessment.

For the purposes of this document, recall that risk is defined as:

( ) (1)

However, risk can still be determined either qualitatively orquantitatively through a broad range of methodologies. There is a

broad range of philosophies regarding the best approach to employ

when conducting a risk assessment. The variations betweenphilosophies and methodologies can lead to significantly different

data requirements, resource needs and skills required. The nature ofthe output from different approaches also varies significantly in terms

of level of detail, confidence level and robustness of the output. Inthe final analysis, the most appropriate risk assessment method is

highly dependent on the specific situation / context that the

Operating Company is working in, but the considerations in choosingthe optimal risk assessment are consistent.

Generally speaking, due to practical considerations, the coarsest level

of detail possible, that will still fulfill output requirements, shouldunderpin the initial risk assessment. The initial assessment can then

guide the Operating Company to areas where a more refined, ordetailed, risk assessment (as per Section10.7)is warranted. For

example, an Operating Company may choose to undertake riskassessments at a facility level prior to determining which pieces ofequipment (or types of equipment) require more detailed analysis.

There are a number of industry-published documents available on riskassessment methodologies and techniques. A partial list of thesedocuments appears in Appendix0. The applicability of each

methodology will depend on the facility type, the equipment under


32/57


consideration as well as company policies and objectives. However,

in general, four of the most critical factors in selecting a risk

assessment method are data, organizational maturity, the goal(s) andthe magnitude of the decision associated with the risk analysis. This

is described further inFigure 9 and the remainder of this section.

Figure 9: Critical Factors in Selecting a Risk Assessment Approach

10.2.Data AvailabilityIn general, a more complex method of risk assessment, particularlyquantitative approaches, has a corresponding need for more data andhigher data quality (i.e. increased data granularity as well as a

greater volume and quality of data). There can often be a significantcost associated with gathering, validating and managing data.Careful consideration of data requirements and availability is critical

in optimizing the choice of a risk assessment method as data is

Magnitudeof decision

Organi-

sationalMaturity

Dataavailability

Goal of

decision


33/57


typically the limiting factor in choosing a more complex analysis

approach.

10.3.Organizational MaturityOrganizational maturity can be considered in terms of three main

dimensions: people, processes and tools. In general, more complex

risk methods require a higher employee skill level (technical skills aswell as understanding of risk based concepts at the seniormanagement level), more mature processes (e.g., for data collection

as well as use and communication of results). Additionally, greaterresources are required to undertake the analysis depending on thecomplexity of the tools used ((e.g., customized software vs. internally

developed spreadsheets).

10.4.Goal of the AnalysisThe goal of the analysis is also an important consideration. For

example, if simple prioritization of activities is the goal a qualitative

approach may suffice. However, if the intent is to integrate resultswith financial and/or corporate risk assessments, a quantifiedapproach (normalized to some comparable parameter) may be

required.

10.5.Magnitude of the DecisionGenerally the business implication of the decision (including

consideration of safety, environment, cost, etc.,) factors into howmuch effort is expended in undertaking the risk assessment. Minor orless significant decisions do not require extensive analysis. It should

be noted that even if a decision is significant, analysis should be

limited to those factors that are material to the decision in order to

optimize resources (e.g. reduce data collection).

10.6.Risk EvaluationThe Operating Company should set acceptance criteria and risktolerance that is relevant and consistent with policies, goals and

objectives identified as per Section4 of this document. The criteria

should be established by evaluating what level of risk is acceptableconsidering the range of consequences that an Operating Company

faces in light of its identified hazards.

Table 15 lists a number of sources (and associated descriptions) thatprovide varying levels of guidance regarding the evaluation of risk.

Table 15: Additional Guidance for Establishing Significance of Risk

Document Description

CSA Z662 (2011 Edition) Detailed guidance is available in Clause B.5.3.

Chemistry Industry Association of Canada Responsible CareManagement System Approach.

UK Health & Safety Executive Concept of As Low as Reasonably Practicable(ALARP).
http://www.ccpa.ca/ResponsibleCareHome/ResponsibleCareBREthicPrinciplesBR.aspxhttp://www.ccpa.ca/ResponsibleCareHome/ResponsibleCareBREthicPrinciplesBR.aspxhttp://www.hse.gov.uk/risk/theory/alarpglance.htmhttp://www.hse.gov.uk/risk/theory/alarpglance.htmhttp://www.hse.gov.uk/risk/theory/alarpglance.htmhttp://www.hse.gov.uk/risk/theory/alarpglance.htmhttp://www.ccpa.ca/ResponsibleCareHome/ResponsibleCareBREthicPrinciplesBR.aspx


34/57


It should also be noted that in some cases, sufficient information may

not be available to confidently undertake a risk evaluation. In these

situations, an Operating Company may choose to conduct additionalmonitoring and inspection, as per Section11.1,before returning to

this activity.

10.7.Risk RefinementUpon completion of the Risk Evaluation (detailed in Section10.6), a

risk may still be considered to be significant and it may be necessaryto refine the risk assessment in order to clearly identify the driversfor use in formulating an appropriate management strategy.

Table 16: Parameters for Risk Refinement

Document Description

Additional data collection In some cases additional data collection will allow a more rigorous orcomprehensive analysis to be undertaken.

Alternative analysis methods In some cases alternative methodologies (typically more rigorous) can beused to refine risk calculations.

Use of more detailed data In some cases, detailed data may already exist but may not have been used(due to increased time / complexity of analysis).

10.8.Risk Reduction EvaluationThe final stage of the risk analysis is to identify the appropriate risk

management method (as per Section11.2)and to undertake analysisto confirm that the selected option manages risk in an optimal

manner.

11. Options for Reducing Uncertainty,

Frequency or Consequences of

IncidentsBased on the risk assessment process, an Operating Company may identify theneed to reduce risk levels. This may be undertaken in a number of ways.Recalling Equation 1 (see Section10.1)and recognizing that:

( ) (2)

Two main approaches for managing risk become apparent: monitoring and

mitigation. This categorization, described inTable 17,provides the framework for further guidance (in this document) onhow to manage risk.


35/57


Table 17: Approaches for Managing Risk


Monitoring / Inspection In some situations, insufficient information regarding the equipment, or its current state,limits the ability to conduct meaningful analysis regarding the nature of the risks

associated with it. In these situations, additional data gathering through monitoring andinspections is a critical part of managing risk and can be used to reduce uncertainty.

Where an Operating Company has made a baseline assumption regarding the risklevel, additional information may result in an increase (or decrease) in the assessed risklevel.

The goal of various monitoring/inspections programs varies by equipment type andexamples of these, while not exhaustive, appear in AppendixA5.

Mitigation Mitigation can act upon two parts of the risk equation:

1) Threat Mitigation: the reduction in the probability of an event occurring by influencingthe:

o The number of threats and

o The severity of a given threat.

2) Consequence Mitigation: the reduction in the potential consequences by influencingoutcomes should an event occur.

11.1.Monitoring and InspectionIn order to facilitate the selection of appropriate inspection methods,Operating Companies should identify the types of inspection actions

that are deemed appropriate for its facilities. The methods and

procedures used to conduct inspections, testing, patrols, andmonitoring should be executed according to industry standards

(where applicable) and documented.

When the timing or frequency of inspection, testing, patrols, or

monitoring is not specified through industry practice (e.g., regulations,recommended practice etc), the methods used to determine the

timing or frequency shall be documented. Consideration shall begiven to the guiding principles identified inTable 18 for choosing themethod and frequency of facility equipment inspection.

Table 18: Considerations for Selecting Monitoring & Inspection Activities

Type Description

New Hazards Operating Companies shall ensure mitigation and repair activities do not introduce new hazards.

Regulation Some monitoring and inspection activities may be established through regulation, code orindustry guidance documents.

Technology Where indirect methods of inspection are used, consideration to supplemental inspection using

direct methods should be considered.

CorporateConsiderations

Corporate risk tolerances (such as definitions of significant as per Section10.6)may drive anOperating Company to increase the frequency of inspections and / or implement multipleinspection methods.

Types of Hazards The type of inspection chosen should be matched to the types of conditions and/or imperfectionsthat are intended to be detected and

Experience related to the rate or timing of changes in the imperfections or conditions (and theeffect of such changes on the estimate risk of failure incidents).


36/57


Type Description

Influence of OtherFIMP RelatedDecisions

The options selected to estimate the risk level (see Section10 and Section11)and

The options selected to mitigate hazards (see Section11.2).

11.2.MitigationIn order to facilitate appropriate mitigation and repair actions,Operating Companies should review mitigative actions that aredeemed acceptable on its facilities.

Within the context of mitigation, there are three main types ofactivities than can be used for risk management: engineeringsolutions, process solutions and administrative solutions. These are

described, in conjunction with the manner in which they reduce risk,

with examples, inTable 19 below.

Table 19: Mitigation Activity Types

Type Description Threat Mitigation Examples Consequence Mitigation

ExamplesEngineering Mitigation solutions that

primarily rely ontechnology or physicallyimpacting the propertyor equipment tomanage risk

Cathodic protection design and monitoring;

Use of increased pipe and vessel wallthickness;

Regular maintenance (e.g., valve lubrication);

Increase depth of cover;

Supplemental markers on pipeline ROW;

Installation of structures or materials (e.g.,concrete slabs, steel plates, or casingsassociated with pipe);

Site selection away from potential or existingthreats;

Process and facility equipment upgrades;

Adding site security & monitoring infrastructure

Site signage upgrades; and

Emergency design and methods for site accessand egress.

Use of higher toughnessmaterials for pipe and vessels;

Install protective housings andstructures;

Improved methods for recoveryand clean-up of liquid releases;and

Use of remotely operated valvesto limit product release.

Process Mitigation solutions thatrely on how theequipment is operated(or the conditions underwhich it is operated) asthe primary mechanismto manage risk

Use of corrosion inhibitors and

Modify operating parameters (e.g., reduction ofpressure, temperature to mitigate threat ofinternal corrosion).

Reduce operating pressure.

Administrative Mitigation solutions thatdo not physically impactthe equipment or

operating conditionsrather the solution isprimarily procedural oradministrative

Training and competency development;

Modify maintenance practices (e.g.,requirements for work permits, lockout / tag-out

procedures); Improved public awareness programs;

Enhancement of procedures for pipeline systemlocation and excavation;

Implementation of quality managementsystems;

Site security and monitoring practices; and

Facility patrols and frequency.

Limit presence of personnel inhigh risk locations;

Improved emergency response

procedures; and Purchase of insurance.


37/57


38/57


Figure 10: Process for Planning and Executing

12.1.1. Confirm Current AssumptionsPrior to undertaking detailed planning, the data and

assumptions used for the risk assessment should beverified to identify any significant changes or

inaccuracies. This review could include a number of

parameters, identified inTable 21,as appropriate to thesituation.

Begin Section 12.1: Plan and Execute

Activities

Section 12.1.1:Confirm Assumptions

Section 12.1.2 Confirm Monitoring,

Inspection and Mitigation Methods

Section 12.1.3 Establish Execution Plan

Section 12.1.4 Execute

Secti