Incidents / Investigations

Incident Investigation

Incident investigation is both a useful input into a risk assessment and a consumer of risk assessment results. In the former, learnings from the incident are almost always relevant to other portions of other pipelines. In the latter, especially when responsibility (blame) is to be assigned, what should have been known, via risk assessment, prior to the incident is almost always relevant. From this, the risk management decision-making will normally be challenged by parties having suffered damage from the incident.

What could or should have been know prior to the incident?

Retro-fitting a risk assessment for this type of application uses the same steps as any other risk assessment. Care must be exercised to not introduce hindsight, if the assessment is to truly reflect what was/should-have-been known immediately prior to the incident.

When evaluating what should have or ‘could have’ been known and what should have (or ‘could have’) been done prior to an accident, the investigation often seeks to determine if decision-makers acted in a reasonable and prudent manner. For more extreme behavior, the legal concept of negligence may also be applicable and some investigations will seek to demonstrate that.

The risk aspect of the investigation can focus on these issues by including the following:

1. The robustness and appropriateness of the risk assessment that was in place and being used prior to the incident.
2. List of evidence available prior to incident. This includes information that was readily available to decision-makers prior to the incident. Less available information—determining to what extents research, data collection, investigation, etc, should have been done—is a later consideration.
3. Risk implications of this evidence. This can be demonstrated via a translation, showing how each piece of evidence is translated into a measurement of exposure, mitigation, resistance, or consequence.
4. P50 and P90+ risk assessments prior to incident, using all available information, again, prior to incident. The assessments should model uncertainty as increased risk, reflecting a prudent decision-making practice of erring on the side of over-protection.
5. Decision-making context. Here, the risk assessment puts the results into context for the reader. This can include at least two types of context:

Relative: how did the risk of the subject segment—the failed component—compare to other risks under the control of the risk manager, immediately prior to the incident? Should this have been a priority segment for the decision-makers? Did the failure mechanism that actually precipitated the event appear as a dominant threat? Should it have, given the information available at the time?

Acceptability Criteria: immediately prior to the incident, would the risk from this segment have been deemed ‘acceptable’ by any common measure of risk acceptability? Even when numerical criteria for ‘risk acceptability’ or ‘tolerable risk’ are unavailable for a specific pipeline, inferred and comparative criteria are always available. Examples are numerous and include:

• Risk criteria used in similar applications; for example, siting of pipelines near public schools.
• General industrial risk criteria used in other countries; for example, ALARP
• Land use and setback criteria suggested in some guidelines [1047] and applied in some municipalities
• Risk criteria employed in other industries
• Suggested target reliability levels.

Risk criteria often use fatalities as the consequence of interest. So, even if not directly applicable to the subject pipeline, the fact that a fatality-based risk level is tolerable (or not) in a similar area or for a similar application, may be relevant to the subject incident.

Care should be exercised to emphasize the probabilistic nature of a risk assessment. A risk assessment can easily fail to highlight a threat that later turns out to cause the next failure. But that does not mean that the assessment is incorrect. A 1% probability event can occur before a 90% probability event, but they may still be accurately depicted as 1% and 90% probability events, respectively. Of course, if several events assessed at 1% each happen before the 90% event, the assessment results should become increasingly suspect.

1. Mitigation options prior to the incident. A listing of all risk reduction opportunities available to decision-makers prior to the incident will be useful to the analyses. The reasonableness of each should not be a consideration at this stage—rather the focus should be on a comprehensive list.
2. Cost/benefit analyses of available mitigation prior to the incident. This addresses reasonableness and is also captured in ALARP. See . While spending to prevent consequences that are difficult to monetize (for example, fatality, threatened and endangered species harm, etc) evokes emotionalism in decision-making, there is nonetheless a concept of reasonableness in spending to prevent any type of potential loss. Monetization of all types of consequence is becoming more common. But even expressed in qualitative (non-monetized) ways, the costs of opportunities for consequence avoidance prior to the incident, will still be of use in the investigation.