Design/Construction - Pipeline Risk

Key precepts underlying this discussion are:

Risk Implications of past and current design practice are key aspects of a risk assessment.

The design process itself is an exercise in risk management.

Design phase studies and documentation are rich sources of information for a risk assessment.

It is good practice to examine all design documents, no matter how old they may be, when conducting a risk assessment.

Decisions made in the design phase have to be based on some kind of risk assessment even if informal. Decision-making is made more consistent and formal when guided by a corporate risk strategy. Without such guidance, decisions tend to be subjective and inconsistent.

For example, imagine that a pre-construction geotech study has identified a seismic fault along the proposed route of a new pipeline. Preliminary calculations indicate a 0.01 recurrence interval for a potentially damaging fault movement. Given the current pipe specification, it is estimated that about 10% of such movements will result in pipeline failure. This means there is a 0.01 x 0.1 = 0.001/yr chance of pipeline failure due to fault movement at this location–one in a thousand chance. Many designers may opine that this is sufficiently safe. But this could be a premature decision based on incomplete information.

Let’s say a corporate risk control document is in place that dictates there should be no point along the pipeline that exposes the public to more than a one in a million chance of fatality. At the fault location, the fatality rate, per rupture scenario is 1/100. With an assumption that the fault-generated failures are mostly ruptures, the location carries 0.001 ruptures/yr x 0.01 fatalities per rupture = 1e-5/yr chance of fatality–unacceptable when compared to the 1e-6 criterion. The designer now recognizes that changes to mitigation and/or resistance are warranted at this location. The fault crossing will not be considered to be properly designed until supporting calculations demonstrate that the risk is below the corporate risk tolerance.

ALARP is also a valid component of the design process, adding consistency and defensibility to design decision-making even when corporate risk thresholds are being met.

Route Selection
Design documents
- Design basis
- Safety factors
- Loads/stresses
- Geohazard analyses
- Fatigue, surge analyses
- HAZOPS
- etc
Era of Manufacture
Era of Construction
Line Lowering
Bedding / Support
Coatings
Joining
- Welding
- Mechanical
- Fusing
HDD
Systems and Components
Material Selection
Pressure Testing
Design Life

A complete pressure test procedure has to include many aspects. Failure to properly conduct the test can have consequences beyond missing important evidence.

There have been several examples of heavily damaged pipe due to internal corrosion from pressure test water when the test water quality and removal times were not well handled .

As with other integrity assessments, pressure testing will inform the estimates of pipe wall available and degradation . The risk assessment should account for the evidence gained by the test–ie, how much structural integrity has been demonstrated by the successful test. That should include the chance of a pressure reversal which is related to the difference between the test pressure and the maximum operating pressure to which the component will be exposed.

The phenomenon of a pressure test reversal occurs when the component has been successfully pressure tested but then soon after fails at a pressure lower than the successful test pressure. Failure mechanisms such as quasi stable tearing have been attributed to this scenario. At a minimum the risk assessment should consider the pressure test date and the pressure level declared as the successful test pressure.

Design Documents

Procedures related to design.

Design phase studies and documentation are rich sources of information for a risk assessment. The design process itself is an exercise in risk management. Decisions made in the design phase have to be based on some kind of risk assessment even if informal. It is good practice to examine all design documents when conducting a risk assessment. Often an overall design basis document will discuss safety factors special geotechnical geohazard issues surge analysis fatigue analysis etc all of which are important inputs into a risk assessment. Load and stress calculations can inform resistance estimates . Geohazard analysis Can inform exposure levels — frequency or recurrence intervals– of certain phenomena as well as mitigation chosen and ability of the system to withstand geohazard phenomena. Sometimes overlooked contributors to failure such as surge and fatigue are not well handled in original design documents . In these cases, consideration should be given 2 conduct appropriate studies to fill in these gaps. The design documents will also instruct construction covering aspects such as betting and support , line lowering , joining buy welding or mechanical or fusions, horizontal directional drills, material selection and others.

Route selection is often an important part of the pipeline design process. As with other choices in mitigation and resistance , route selection is an exercise in risk management. Some threats and some higher consequence scenarios can be avoided via route selection. If route selection is part of the procured design deliverables then the costs and benefits–both quantified, preferably monetized–of alternative routes should be included as part of the analysis

Caution is advised when the phrase “design life” is encountered. A design life for a pipeline system is not normally linked to the life expectancy of the asset. The structural integrity of a pipeline is not compromised just because it has reached some specified age. The design life usually has more to do with the expected utility life of the pipeline meaning the time period for which it is believed the asset may be needed and used. This may be tied to, for example, the estimated production from a hydrocarbon reservoir or the intended use of the product being transported. Designlife may also refer to some aspects of the overall system that are intentionally consumable such as anode beds.

The designlife rarely if ever refers to a time period after which the asset is no longer serviceable. For example steel pipelines can have an indefinite lifespan as long as the known degradation mechanisms ( corrosion and cracking ) are mitigated. Very old steel pipelines have mechanical properties comparable to modern steel pipelines. Some properties even improve over decades. There is no reason to believe that a 100 or 200 year or more old steel pipeline cannot be utilized.

Again, the relationship between design and risk management is a two way street. Design practice informs risk assessment and risk assessment should drive design decision-making. Note also the concept of “design debt”. Defined as a low quality design that is likely to cause future costs. In other words, the design does not optimize risk management and the cost of future failures outweighs the cost of initial risk mitigation. The cost/benefit process should be an integral part of the design process.

Pressure Testing

Description for this block. Use this space for describing your block. Any text will do. Description for this block. You can use this space for describing your block. Description for this block. Use this space for describing your block. Any text will do. Description for this block. You can use this space for describing your block.

Pressure testing of pipelines and pipeline components is a long-used method to ensure integrity. By stressing components to levels above what they will see during their service lives, integrity is verified and a margin of safety is established. However, the higher stress levels during the test may also cause damages—growing some defects that might otherwise not grow. This leads to some controversy in the use of pressure testing.

A pressure test is one of the approved methods for integrity assessment according to US IMP regulations. The pressure test has some advantages and disadvantages over other integrity assessment techniques. One of the advantages is that it is a fairly comprehensive test in that it verifies that no critical weakness exists at the test pressure at the time of the test. Critics of pressure testing cite issues such as inability to detect subcritical defects (ie, no advance warning of growing defects) and also possible damage to the pipe caused by the pressure test itself. After all, a pressure test produces a large fatigue cycle which can grow defects to dimensions perhaps even approaching critical size.

The risk assessment should also account for failures caused by the test and defects that can survive the pressure test . As an extreme example a 90% through-wall defect could survive a pressure test if the defect was a very narrow dimensions such as a pinhole.

The risk assessment can begin with the date and test pressure level. A simple calculation produces an estimate of wall thickness required to hold the test pressure based on formulae such as the Barlow formula for hoop stress. Then, to account for surviving defects and possibly other loadings (longitudinal stresses, etc), a conservatism adjustment can be applied to the calculated wall thickness.

For instance, if the hoop stress calculation suggests a wall thickness of 0.200 inches is required to hold the pressure of the test then perhaps only 80 or 90% of this value is used as the wall thickness implied by the pressure test, eg 0.160″ to 0.180″, depending upon the level of conservatism desired.

For example, assume the pressure test was done 10 years ago and other parts of the risk assessment estimate a degradation rate of 10 mpy. Then the best estimate of pipe wall thickness today, based on the 10 year old pressure test would be the implied wall thickness (say 0.160″) less 10 * 10 = 100 mils so 60 mils of wall thickness remaining today (0.060″).