The Use of a Ranking Matrix
and Recommendation Prioritization System
For Process Hazard Analysis Studies
David A. Moore, PE, CSP
100 Pine Street, Suite 2240
San Francisco, CA 94111
OSHA regulations for Process Safety Management (PSM) (29 CFR § 1910.119) and proposed EPA regulations addressing risk management programs (RMP) for chemical accidental release prevention (to be codified at 40 CFR Part 68) require industry to identify and analyze potential process hazards. This effort, known as the Process Hazard Analysis (PHA) element of the PSM standard involves the use of one of six qualitative hazard identification or analysis techniques acceptable to OSHA.
While these methodologies are useful for assessments, neither they, nor other PSM requirements define a model for making risk management decisions. In the absence of formal, approved risk management tools, it is recommended that individual companies adopt a standard, defensible ranking scheme to provide a common basis for decision-making, based on the companys defined safety goals. This paper discusses an approach, common to many companies, that qualitatively ranks the risk of identified scenarios. This paper also discusses the possible problems of using various ranking schemes and risk criteria.
ELEMENTS OF PSM REGULATIONS
A PSM program is comprised of various elements, or program components, each of which must be implemented and integrated with the others to manage process risk. The fourteen elements from the OSHA regulation are employee participation, process safety information, process hazard analysis, operating procedures, training, contractors, pre-startup safety review, mechanical integrity, hot work permit, management of change, incident investigation, emergency planning, compliance audits, and trade secrets. As the underlying basis of all program elements is to manage the hazards of chemical processes, the PHA element is often referred to as the foundation of the PSM program.
The fundamental principle followed during the development of the regulation was that it should be performance-oriented, and not prescriptive to the approach which industry should follow in managing risks. No specific guidance is given on safety controls, design features, and management practices. Instead, a management model was prescribed offering only very general guidelines for a PSM program. OSHA only demands that industry has an appropriate and effective PSM program in place at the facilities that handle specific highly hazardous chemicals, and that the program comply with all fourteen elements of the standard. The OSHA regulation represents a very practical approach to risk assessment, where it is assumed that management will take prudent measures to reduce risk to an "acceptable" level. "Acceptable" is not defined, although it is assumed that a PSM program will ensure that the likelihood of any catastrophic accident will be sufficiently low.
THE NEED FOR A RANKING SYSTEM
While industry has always had programs to address process safety, a comprehensive PSM program represents a major change from the traditional practices of many companies. PSM requires that process risks be managed in a more formalized, systematic, and creative manner. A major management challenge of the PSM regulations is the increased accountability for process safety within a regulatory environment. This accountability requires employers to determine and justify acceptable risk, and make more formal risk management decisions, including the decision to make safety improvements.
One of the most significant challenges is the determination of "acceptable" risk. None of the currently enacted regulations give specific guidance or risk criteria for risk decision-making; the burden is on the employer. Once risk scenarios have been documented, employers are faced with a number of recommendations for addressing them. While OSHA holds employers accountable for addressing each recommendation in a timely manner and resolving difficult risk issues, most employers are new to the concept of formal PHA studies; the number of recommendations that often result overwhelm them.
A formal risk ranking and recommendation prioritization system is often used during PHA studies to offer management a way to organize team recommendations and process safety hazards. Assignment of ranking and priorities provide management with additional information from the PHA team on their perception of the importance of hazards and of the subsequent recommendations, and on the order in which the recommendations should be addressed. If used properly, a ranking captures the opinions of the team members regarding the likelihood and consequences of each recognized hazard scenario.
Ultimately, these are management decisions; the priorities identified should only be considered suggestions. Recommendations are commonly made by the team without extensive engineering study during the PHA meeting. Furthermore, the team is not always aware of all of the issues facing management, such as resource allocation or future operating plans.
TYPICAL RISK RANKING/PRIORITIZATION SYSTEM
In the absence of risk criteria, either approved by an appropriate agency or industry standards, employers have been using risk ranking systems. A matrix-based system with three to five levels of likelihood and severity is commonly used. Figure 1 provides an example of such a scheme.
The ranking system is an inclusive selection process; i.e., if any of the criteria on the higher level of severity or likelihood is met, then the criteria for that level is met. Most ranking systems place the highest priority on the likelihood of fatality or serious injury to workers and the public. Also included is consideration of direct property damage, environmental damage, and business interruption. Some ranking systems also include quality issues such as efficiency of the process or interruption to customer supply, but this is outside the scope of PSM.
Figure 1 - Typical Risk Ranking/Prioritization System
Example Severity Definitions
|1 - Very high||- Fatality
- Public fatalities
- Extensive property damage
- Major environmental damage
- Extended downtime (more than 2 days)
- Customer Downtime
|2 - High||- Lost Time Injury
- Public injuries or public impact
- Significant property damage
- Environmental permit violation
- Downtime (1 to 2 days)
|3 - Medium||- Minor Injury
- Moderate property damage
- Moderate environmental impacts
- Downtime (4 to 24 hours)
- Off spec product
|4 - Low||- No worker injuries
- Minor property damage
- Minor environmental impacts
- Downtime (< 4 hours)
- Quality variation
|5 - Very Low
||- No worker injuries
- No property damage
- No environmental impacts
- Recoverable operational problem
Example Likelihood Definitions
|1 - Very high||Possible to occur frequently (1/year)|
|2 - High||Possible to occur occasionally (1/5 years)|
|3 - Medium||Possible to occur under unusual circumstances (1/15 years)|
|4 - Low||Possible to occur over the lifetime of the plant (1/30 years)|
|5 - Very Low||Could occur however not likely over plant life (1/100 years)|
Figure 2 - Risk Ranking Matrix
The matrix resulting from the combination of the various levels of severity and likelihood is then given a ranking which corresponds to the risk of each individual scenario. This, again, is up to the employer to define. For the matrix shown in Figure 2, five levels of risk are defined. The combinations which result in an equivalent risk are given the same risk ranking. The levels chosen for the matrix are an indicator of the employers risk tolerance. These values can vary greatly from one company to another.
Some employers have then set a priority system based solely on the resulting ranking. For example, they have set a priority such as shown in Figure 3.
Figure 3 - Management Decision-Making Rules for PHAs
|Must be mitigated with engineering and administrative controls before continued operation|
|Must be mitigated by engineering controls within six months|
|Must be mitigated by administrative controls within six months|
|Mitigation is optional depending on cost-benefit|
|No mitigation required|
Alternatively, other ways of ranking recommendations and setting priorities do exist. AIChE guidelines for hazard evaluation techniques list practical categories for dividing lists of safety improvements.4 In general, the decisions are a function of:
- The severity and likelihood of the hazard or operability problem (risk ranking);
- Feasibility of making the change;
- Effectiveness of the recommendation;
- The stability of the recognized hazard; and
- Importance of the recommendation (the number and reliability of other safeguards available for managing the hazard scenario).
Other factors, which should be considered but are given less priority, are cost, ease of completion, scheduling issues, and public or worker perception of the risk or of the value of a safeguard. Management needs to weigh these factors when determining the follow-up schedule.
All priorities are also based on whether the recommendation is to provide further study, to investigate alternatives, or to install an engineered change. Further analysis should be given a higher priority, because there may still be some doubt about the hazard or there may be a need to confirm the necessity for additional safeguards. Investigating alternatives may be of high, medium, or low priority, based on the adequacy of existing safeguards.
Whatever risk ranking system is used, it has two key advantages over using OSHA PSM methodologies without them: it outlines relative risks to facilitate decision-making and improves the consistency of decision-making.
It is recommended that companies adopt a standard, defensible ranking scheme to allow for a common basis for decision-making. This scheme should be based on the companys defined safety goals.
Industry needs additional guidance on risk management, but not new regulatory specifications. Government agencies could develop more guidance on their expectations, although this has proven to be a complex process if it is imposed as a regulation.
Industry trade associations could provide industry with more guidelines for making risk management decisions, including such potential areas as: guidelines on credible hazards, qualitative and quantitative acceptable risk criteria, a standard risk ranking protocol for use during hazard identification, and better examples of acceptable risk management practices.
1. OSHA 29 CFR §1910.119, "Process Safety Management of Highly Hazardous Chemicals," Federal Register, May 26, 1992.
2. EPA rule 40 CFR Part 68, "Risk Management Programs (RMP) for Chemical Accidental Release Prevention."
3. Preamble to OSHA 29 CFR §1910.119, "Process Safety Management of Highly Hazardous Chemicals," Federal Register, May 26, 1992.
4. "Guidelines for Hazard Evaluation Procedures, 2nd Edition", American Institute of Chemical Engineers, New York, 1992.
5. "Tools for Making Acute Risk Decisions," American Institute of Chemical Engineers, New York, 1995.