1. Bowtie Analysis – An Effective Risk Management
Hindustan Petroleum Corporation Limited
Corporate HSE Department
By
Murthy V S S Malyala
Manager –HSE
2. Contents
Risk analysis –background
Incidents in Oil Industry
Bowtie – a visual risk evaluation tool
Terminology
Development of Bowtie
Case study – Gas fired Pipe heater explosion modelling
Barriers for controlling incidents
Barrier Effectiveness
End users of Bowtie
Better than other Hazard identification Techniques
4. Vapor cloud explosion ( Explosion
during start up)
Mexico (1984)
Flixborough (1974)
Piper Alpha 1988
LPG Leakage –
Sampling/ water
draining
18 fatalities and 81 injured
Feyzin, France
- 1966
28 fatalities and 36 injured
500 fatalities and terminal destroyed
Rupture of 8 inch LPG pipeline
Leakage from pump discharge
relief valve
167 fatalities and platform destroyed.
Bhopal Gas Incident- 1984
Operating
Procedure
Management Of Change Assert
Integrity
Emergency Preparedness
MOC
Staffing
Multiple Failures
Work permit system
Hazard communication
3000 fatalities
MIC Release
Decades of learning from disasters
Years of learning
Loss
–
Human
&
Property
5. 5
Pasadena 1989
Esso Longford (1998)
BP Texas (2005)
Buncefield (2005)
Jaipur
Terminal
(2009)
overfilling of a large
storage tank
Over filling of column.
Fatalities 15. Over 170 injured
Leakage occurred during
maint. work on valve.
Fatalities 23. Over 130 injured
2 fatalities and 8 injured
Catastrophic failure of heat exchangers
Maintenance practices
Assert Integrity
Operating Discipline
Contractor Safety
Hazard Analysis
Years of learning
Loss
–
Human
&
Property
Operating Discipline
Decades of learning from disasters
6. The Bow-tie Diagram is a user-friendly, graphical illustration of how
hazards are controlled.
Bowtie …. A simplified fusion of
Fault Tree Analysis and Even Tree Analysis
FTA + ETA = Bowtie
Effective risk management is only possible if people are assigned
responsibilities for controls via HSE-Critical Tasks
Visible links are made to HSE-critical systems and competencies
Bowtie methodology demonstrates not only what controls are in
place today and their effectiveness
Used in Oil & gas , Aerospace, Railways
6
Bowtie Analysis
10. Terminology
Top event - no catastrophe yet but the first event in a chain of
unwanted events.
Threats - The top event can be caused by (sufficient or necessary
causes).
Consequences - The top event has the potential to lead to
unwanted consequences.
Barriers - Preventive or mitigate measures taken to prevent threats
from resulting into the top event.
Escalation factor - a condition that defeats or reduc
es the effectiveness of a barrier.
10
11. Bowtie analysis – Development
Describe unwanted event for the Bowtie Knot
Determine scope of analysis – operational boundries
Identify threats that could cause the event
Identify possible consequence of the event
Select the optimum set of control to manage the
causes and consequence of the event
Identify failure mode for important control
Determine items for control assurance management
25. Why incidents happen
.
Swiss cheese model
- Organisations manage risk using ‘barriers’
- Barriers – use of equipment, design of plant (redundancy, overflows, etc.),
following rules, procedures, standards …… usually barriers are people doing a
job
- Barriers are ‘functions’
26. Why do barriers fail? & Weakness in Incident causation path
An organisation
Error /
violation
promoting
conditions
That influences the person
Creates To take
action or
inaction
That causes
barriers to fail
That
result in
Accidents, incidents
and business upsets
• SMS
• Leadership
• Culture
• Performance influencing
factors (PIFs)
- Competence
- Fatigue
- Environment
- Supervision
- Task
- Etc.
• Human action or inaction
• slips, lapses,
mistakes, violations
Underlying
causes
Immediate
causes
Preconditions
28. End users of Bowtie Analysis
Bow tie is Visual risk depiction tool for a failure mode situation
Technician – Look for Hardware controls –active & passive
Supervisor – Look for administrative controls - Health of
controls
Manager - Identify weak links in controls & monitor
Sustained Operational discipline & timely
maintenance & Skill development.
32. HAZARD IDENTIFICATION Techniques
Commonly used :
HAZOP- Identifies “process plant” type incidents(time consuming)
What If Analysis- Possible outcomes of change(high dependency of skills)
FMEA/FMECA-Equipment failure causes (Extremely time consuming)
Task Analysis-(JSA ) Maintenance etc, incidents (Does not address process
deviations
Fault Tree Analysis-Combinations of failures(identified the incident first&
difficult to update )
Checklists-questions to assist in hazard identification(no new hazard types are
identified)
HAZAN -Risk ranking tools are used Dow index OR MOND index
