The Weekly Reflektion 11/2024
A good risk assessment is an important factor before taking an action, starting an activity and before a decision is made. There are different techniques and methodologies used and these fulfill a specific purpose, e.g. design risk assessment, Total Risk Assessment (TRA), HAZOP, HAZID, pre job assessment, etc. An important prerequisite for any risk assessment is that the people that participate have the right competence. We often associate this with the right operational and technical competence however competence in the risk assessment technique itself is a key factor to facilitate the assessment. In the absence of guidance, the people attending will often adapt the assessment to something they are familiar with. Since the assessment is complete and the box ticked, the impression is created that the assessment objectives have been achieved, sometimes with disastrous consequences.
How do you ensure the right technique/methodology is used in your risk assessments?
During an operation to complete a subsea well a winch was used to install the subsea Xmas tree. While lowering the Xmas tree there was a significant deviation in the angle for the wire runnng over the pulley, see above figure. The wire was damaged on the pulley wheel and eventually broke resulting in the Xmas tree falling onto the subsea template. Luckily there were no injuries and there was only minor damage to the Xmas tree and the template.
The drilling rig was orginally designed for running and installing the Xmas tree from the rig floor. The winch was a modification that gave a significant reduction in rig time. Due to space restrictions the winch was a ‘special’ design. In order to maintain the correct angle for the wire as it ran over the pulley wheel, the cable drum moved left-right, powered by hydraulic cylinders. The position of the drum in relation to the pulley wheel was set by the number of turns of wire on each layer and the layer number. A sensor was used to ensure the drum moved to the correct position for each turn. Unfortunately the sensor that measured the drum position failed, and the control system moved the drum fully over to the right (reference figure) as it tried to find the required set point for the position. A similar situation in a process context would be a level measurement on a separator giving an incorrect high reading and the control system sending a signal to the outlet valve to open. This situation is normally assessed in a HAZOP and would often lead to an independent low level alam/trip to protect the system against a low level.
During the design of the winch a FMECA analysis was carried out that identified the possibility of a failure in the sensor. The probability was considered low and no further assessment of the failure and its consequences was made. This is not in accordance with the principle of no single failure should lead to unacceptable consequences. A risk assessment was also carried out that should have included a review of failure modes for the winch. Unfortunately this assessment was not facilitated properly and turned into a risk assessment for the lifting operation. The people attending were mainly operational people. While the possibility of the dum being in the incorrect position and the wire breaking was identified, the mitigation measure was that the winch was designed and approved in accordance with the relevant standards. Had a HAZOP approach been employed it is likely that the potential failure mechanism would have been noted and other measures identified, for example redundancy in the sensor, and/or and independent sensor for the cable position.