WIXLIB

Pipeline Risk AssessmentFundamentalsBanff Pipeline Workshop 2019Alex Tomic, P.Eng. TransCanadaDan Williams, P.Eng. Dynamic Risk

Agenda Introductions Risk Definitions and Concepts Pipeline Risk Assessment Concepts Guidance from Standards Pipeline Risk and Reliability ModelingoEstimating Likelihood of FailureoEstimating Consequence of FailureoCase StudiesoSocietal Risk and Individual Risk Risk Presentation Methods Risk and Reliability Acceptance Criteria Integrating Risk Results into IntegrityManagement

Risk Definitionsand Concepts

Risk Defined Risk is “The chance of loss”(Concise Oxford Dictionary) This definition involves:LossAdverse consequencesChanceUncertainty regarding the loss

Risk DefinedRisk of a person dying in a car accident1 in 11,000 per yearRisk of a person dying in a plane crash1 in 300,000 per yearRisk of a person dying by lightning strike Recent 2018 Mariner East 2 Pipeline (NGL)report (public record) indicates that theaverage person’s exposure to a fatal trafficaccident is about 20 times greater than thefatality risk to someone standing above thepipeline 24/7 in Delaware County.1 in 5,000,000 per year

Risk as Defined in CSA Z662 CSA Z662-15 – Annex BoRisk: a compoundmeasure, eitherqualitative or quantitative,of the frequency andseverity of an adverseeffect.

Risk as Defined in ASME B31.8S oASME/ANSI B31.8SRisk: measure ofpotential loss in terms ofboth the incidentprobability (likelihood) ofoccurrence and themagnitude of theconsequences.

Risk Measure Risk likelihood of failure x consequence of failure

Likelihood of FailureLikelihood: The chance of something happening, whetherdefined, measured, or determined objectively orsubjectively, qualitatively or quantitatively, and describedusing general terms or mathematically (such as aprobability or frequency over a given time period).PHMSA Draft Pipeline Risk Modeling Report 2018oLikelihood indexoProbabilityoFrequencyoReliability

Likelihood: Probability & Frequency Likelihood Index: a non-quantitative relative ranking orrating number representing the likelihood of failure level Probability: likelihood, or measure of the chance ofoccurrence expressed as a number between 0 and 1,where 0 is impossibility and 1 is absolute certainty. Frequency: Number of events or outcomes per definedunit of time. Frequency can be applied to past events orto potential future events, where it can be used as ameasure of likelihood / probability.

Likelihood: Probability & Frequency Probability:o2/10 chance (0.2, 20%) of failing Frequency: 2/10 chance (0.2, 20%) of failing per yearo2/10 chance of failing per year per kilometer

Likelihood: Reliability Reliability: the probability that a component or systemwill perform its required function without failure duringa specified time interval (usually taken as one year),equal to 1.0 minus the probability of failure. Reliability 1- probability of failureo8/10 chance (0.8, 80%) of not failing

Consequence of FailureConsequence: Impact that a pipeline failure could have onthe public, employees, property, the environment, ororganizational objectives.PHMSA Draft Pipeline Risk Modeling Report 2018

Pipeline RiskAssessmentConcepts

Risk Assessment as DefinedIn CSA Z662-15 oCSA Z662-15 – Annex BRisk assessment: theprocess of risk analysisand risk evaluation.

Risk Assessment as Defined inASME/ANSI B31.8S oASME/ANSI B31.8SRisk assessment: systematic process in whichpotential hazards from facility operation areidentified, and the likelihood and consequences ofpotential adverse events are estimated. Riskassessments can have varying scopes, and can beperformed at varying level of detail depending onthe operator’s objectives (see section 5).

Risk Assessment withinRisk Management RiskManagement is the integratedprocess of Risk Assessment andRisk Control Risk Assessment is a component ofRisk Management Risk Assessment incorporates RiskAnalysis and Risk Evaluation

Risk Assessment Objectives Identify highest risk pipeline segmentsHighlight pipeline segments where the risk is changingIdentify gaps or concerns in data quality andcompletenessSupport risk management: Calculate the benefit of risk mitigation activities Support decision making and program development Improve system reliability Minimize risk to as low as reasonably practicable andeliminate high impact events

Guidance fromStandards

Guidance from Canadian StandardsRisk Assessment – Canadian Pipelines CSA Z662-15ooAnnex B – Guidelines for risk assessment ofpipelinesAnnex H - Pipeline failure records: provides aclassification of the causes of pipeline failureincidents that can lead to hazards

Guidance from Canadian Standards oCSA Z662 Annex HHazard — a condition orevent that might cause afailure or damageincident or anything thathas the potential tocause harm to people,property, or theenvironment

Guidance from U.S. StandardsRisk Assessment - U.S. Pipelines 49 CFR Part 192 (Gas Pipelines)oSubpart O Section 192.917(a)Threat identification. An operator must identify and evaluate all potential threats to eachcovered pipeline segment. Potential threats that an operator must consider include,but are not limited to, the threats listed in ASME/ANSI B31.8S (incorporated byreference, see § 192.7), section 2, which are grouped under the following fourcategories:(1) Time dependent threats such as internal corrosion, external corrosion, and stresscorrosion cracking;(2) Static or resident threats, such as fabrication or construction defects;(3) Time independent threats such as third party damage and outside forcedamage; and(4) Human error.

Guidance from U.S. StandardsRisk Assessment - U.S. Pipelines 49 CFR Part 192 (Gas Pipelines)oSubpart O Section 192.917 (cont’d)(c) Risk assessment. An operator must conduct a risk assessment thatfollows ASME/ANSI B31.8S, section 5, and considers the identifiedthreats for each covered segment. An operator must use the riskassessment to prioritize the covered segments for the baseline andcontinual reassessments ( §§ 192.919, 192.921, 192.937), and todetermine what additional preventive and mitigative measures areneeded ( § 192.935) for the covered segment.

Guidance from N.A. StandardsASME/ANSI B31.8S – Managing System Integrity of GasPipelines Provides general guidance on risk assessment approaches Provides specific guidance on threats, safety consequencesand data elements to consider Incorporated by reference in 49 CFR Part 192 Referenced in API 1160 (Managing System Integrity forHazardous Liquid Pipelines)

Guidance from U.S. StandardsRisk Assessment – U.S. Pipelines 49 CFR Part 195 (Hazardous Liquid Pipelines)oSubpart F Section 195.452 and Appendix Cto Part 195Provide guidance on risk factors to consider

Guidance from N.A. StandardsAPI 1160 - Managing System Integrity for HazardousLiquid Pipelines Provides general guidance on riskassessment approaches Provides specific guidance onthreats, spill consequences anddata elements to consider References ASME/ANSI B31.8S Much overlap with API 1160 andASME B31.8S; however, the factthat there are both physical andregulatory differences betweengas and liquid pipelines makes itnecessary to alter the threatcategories to some extent.

Guidance from InternationalStandardsInternational - ISO Risk Assessment Standards ISO 31000:2018, Risk management – Guidelines,provides principles, framework and a process formanaging risk. It can be used by any organizationregardless of its size, activity or sector. Using ISO 31000 can help organizations increase thelikelihood of achieving objectives, improve theidentification of opportunities and threats andeffectively allocate and use resources for risktreatment.

Guidance from StandardsInternational - ISO Risk Assessment Standards (cont’d) IEC 31010:2009, Risk management – Riskassessment techniques focuses on risk assessment.Risk assessment helps decision makersunderstand the risks that could affect theachievement of objectives as well as the adequacyof the controls already in place. IEC 31010:2009focuses on risk assessment concepts, processesand the selection of risk assessment techniques.

Questions?

Pipeline Risk and ReliabilityModeling

Pipeline Risk Modeling Evolution

Pipeline Risk Modeling OverviewGeneral Process Overview Risk Evaluationoooooo Determine failure modes whichmaterially contribute to failureData collection, integration andanalysisDetermine failure likelihoodDetermine consequencesConduct risk assessmentPrioritize where to conduct riskmitigationRisk MitigationoooooDetermine risk acceptabilityIdentify segments requiring riskreductionPerform risk mitigationEstablish performance metricsMeasure performance of IMP

Pipeline Risk Modeling OverviewRisk f(Failure Likelihood, Consequences) Failure LikelihoodoConsideration of all viable threats o External corrosionInternal corrosion3rd party damageManufacturingIncorrect operationsEtc.Establish failure likelihood for each viable threat as functionof design, installation and operating environmentConsequencesoTypes of consequences: oSafetyEconomicEnvironmentalRegulatoryCorporate ImageUtilize impact chart as means of equatingconsequences from various sources andestablishing quantifiable impacts

Pipeline Risk Assessment Scope Types of Risk Assessment:oSite or project specific (QRA)oSystem wideoNew construction; risk based designoAsset acquisition; due diligenceoSupport of engineering assessmentThe risk assessment approach needs to align with thepurpose of the assessment and the supporting dataavailable.

Pipeline Risk Assessment Scope CSA Z662 requiresconsideration ofrisk assessment aspart of engineeringassessments forexisting pipelines:

Pipeline Risk Modeling ContinuumRisk Modeling Continuum: Risk modeling is a continuum utilizing a range ofqualitative and quantitative approaches and measures ofrisk Recent guidance on risk modeling (PHMSA Risk ModelingWork line Risk Modeling Technical Information Document 05-09-2018 Draft 1.pdf

Pipeline Risk Modeling Continuum Qualitative: Quantitative Characterizes risk level without quantifying itCalculates risk level based on quantifiedestimates of probability and consequenceSemi-quantitative: One of either probability or consequence is basedon quantified estimates while the other is notquantified

Pipeline Risk Modeling ntalIndex MethodsIncreased accuracyrequires increaseddata availability,accuracy, lyticalProbabilisticMethods

Pipeline Risk Modeling - QualitativeQualitative Methods: Risk Indices or Categories Assign subjective scores based on pipelineattributes, e.g.:oFailure Likelihood: Probability Score 1-10 Rare, Unlikely, Possible, Likely, Almost CertainoConsequence: Impact Severity Score 1-10 Insignificant, Minor, Moderate, Major, CatastrophicoRisk: Risk Score 1-100 Low, Moderate, High, Extreme

Pipeline Risk Modeling - Qualitative Advantages:oEasy to understand, use and communicateoUseful for prioritizationoReadily accommodates a broad range of risk attributes Limitations:oSubjective assignment of attribute weights could be inaccurateoDifficult to establish acceptability thresholdsoProvides relative measure only within a specific system; notcomparable outside of the system

Pipeline Risk Modeling - QuantitativeQuantitative Methods: Failure Likelihood:o Consequences:o Failure Frequency (failures/km-yr or failures/yr)Numerical Consequences ( Impact, Fatalities, etc.)Risk:oNumerical Impact ( /km-yr, fatalities/km-yr,barrels/km-yr)

Pipeline Risk Modeling - Quantitative Advantages:oMaximizes use of inspection dataoConsistent basis for risk and feature responseoImpact of design, material and mitigation measures onrisk can be quantified Limitations:oInaccurate or missing data has a large impact on resultsoDifficult to combine different measures of risk

Pipeline Risk Modeling - Quantitative Available approaches:oReliability approachesoFault-tree and event tree approachesoIncident data-based approachesoExposure-mitigation-resistance approachesoGeohazard vulnerability approaches

EstimatingFailureLikelihood