Procedures, PO’s, RFP’s

This section provides ideas for frequently needed procedures, purchase orders, and RFP’s (request for proposal) related to risk management. The objective is to point out common deficiencies and provide guidance for those seeking to understand what a certain procedure should entail and how to seek assistance from outside experts.

Procedures and contracting for services are related, of course. In many ways, the RFP can be seen as requesting a vendor’s plan to execute a company’s procedure. That means that there should be an underlying company procedure upon which the RFP is based.

When services are being requested, the PO should have sufficient details to ensure the service complies with all aspects of an underlying procedure.

Important

The intent of this discussion is NOT to provide an exhaustive list of elements but rather to address common gaps (that are critical for understanding risk) in procedures and requests for services, especially those more technical in nature. For example, aspects of procedures and procurement of services that should be addressed but are NOT covered here include:

- - personnel safety
  - protecting property and environment
  - responsibilities of all parties
  - confidentiality
  - records retention
  - ownership of intellectual property
  - etc

Databases

Databases will be a part of many product and service deliverables in a modern risk management environment. Some vendors will insist on a certain database schema such as PODS and may even charge extra fees for compliance with this specified schema. It is important to note that most uses of the database–such as risk assessment–can easily accommodate any properly designed database schema. It is often a waste of resources to modify a decently structured existing database just to conform with a vendors preferred schema. This impacts projects such as data management. Risk assessment, ILI, GIS, and many other risk management related tasks.

ILI Related

ILI results are essential datasets for a modern pipeline risk assessment. Key inputs from ILI to the risk assessment include:

- - - Anomaly identification and characterization
    - Probability of missing and mischaracterizing anomalies
      - tool technology
      - tool set up
      - run characteristics (speed, magnitization, debris, rotation, etc)
      - post run validations

While resistance estimates are the primary focus of the ILI, both mitigation and exposure estimates are also informed by the results. This is why an ILI can often dramatically change the risk estimates.

ILI can be an especially challenging service to procure optimally. Some of the nuances that are sometimes missed when procuring the service include the following

- - a standardized nomenclature for the findings
  - a clear statement of the sizing and detection capabilities
  - and a detailed guidance 4 loss of detection and sizing capabilities for excursions such as speed magnetisation and sensor loss.

The procurement of services should also provide for subsequent validation of the ILI run. That is, after the owner/operator has completed their verification digs, the information collected shows if the ILI run was within specifications. In case that data demonstrates that the tool’s performance is suspect, the contract needs to clearly state who is responsible for determining acceptability of the run and deciding if subsequent actions must be taken and who must pay for those.

Issues especially relevant to risk management include:

- - Contracting for ILI services
    - Tool selection
    - Tool performance limitations
    - Reporting
      - type and timing
      - standardized format and vocabulary
  - Accuracies and confidence levels
  - Excursions and their impact

The pipeline operators forum has some good guidance documents on contracting for ILI services. Those guidance documents cover all aspects of the service. Here we have only noted some important risk related aspects that are sometimes overlooked when requesting these services.

Anomaly characterization

ID, Orientation, Dimensions

Anomaly characterization is currently very challenging with some ILI reports. Pipeline operators forum has suggested a consistent way to describe anomalies based on their length width and orientation. The important thing is that some consistent characterization is employed . The risk assessment will treat each anomaly type differently depending on its ability to withstand loadings or degrade. The accuracy of the ILI will also be linked to anomaly configurations. Ideally, the ILI vendor will specify the detection accuracy and sizing accuracy for each anomaly type as well as the amount of accuracy that may be lost due to an excursion such as excessive speed under magnetization or loss of sensors.

Followup Services

More to come, covering…

- - Validation
  - CGR analyses,
  - RunComs
  - Anomaly management

Follow up services that are becoming more common include corrosion growth rate (CGR) analysis, run comparisons where recent ILI findings are compared to previous findings. This can be challenging since the ILI technology is constantly evolving and accuracies are improving. The locational accuracy of previous findings may make run comparisons of little value.

These follow-up services may be best procured via separate contract from the procurement of the yli itself.

Risk Assessment

More to come, covering…

- - Quantitative vs ‘other’
  - Probabilistic
  - ‘Map Point’ Test
  - conservatism
  - Database structure, environment, management
  - Defaults
  - Algorithms
  - RA Maintenance Tools
  - RM Tools
  - Presentation Tools

HCA / MCA Analyses

More to come, covering ….

- - Hazard Zone
  - Techniques (ground, aerial imagery, etc)
  - Confirmations
  - CoF
  - Conservatism

Leak Detection Capability Analyses

More to come, covering…

- - Assumptions
  - Conservatism
  - Cost/Benefit
  - Industry standards
  - Tools

EFRD Analyses / ASV-RCV Analyses

EFRD And leak detection capability analyses are required by some regulations and are always a good idea even when not required. Both of these are consequences mitigation measures . They do not impact the probability of failure, they only serve to potentially minimize consequences of a failure by potentially reducing spill/release size and, hence, hazard zone size.

These analyses are often completed as a service that is outsourced by an owner operator. Common deliverables include analysis of drain or blowdown volumes, siphoning effects, time to halt pumps or compressors, leak detection reaction times, manual valve closure times, over land spill analysis, consequence quantification, and others. Since most of these aspects have a large degree of associated probability, a statement of conservatism employed is essential.

Consequence quantification is a part of risk assessment and may not be part of a service providers deliverables unless that service provider is also conducting the risk assessment.

One of the common gaps in a deliverables from service providers is an actual cost/benefit calculation of additional capability. Per US IMP regulations a decision basis must be included with this analysis. Therefore the owner operator is obliged to examine scenarios of changing capabilities in order to determine if establishment of any new capabilities is appropriate. While regulations seldom specify the decision basis, a cost/benefit analysis is the most widely accepted means of objective decision making. Coupled with ALARP type thinking a formal cost benefit analysis can also demonstrate when risks are already’ safe enough’–ie, no further action is warranted.

When outsourced, the owner operator should expect to obtain from the service provider a list of scenarios and a formal cost benefit analysis demonstrating the costs and benefits of each enhancement scenario. Then the owner operator can then determine if taking action on any of these scenarios is warranted.

More to come, covering…

- - Assumptions
  - Conservatism
  - Cost/Benefit

Pressure Testing

Pressure testing of pipeline components has been done for decades. As a confirmation of integrity and, partially, safety margin, the results of the pressure test are important inputs into a risk assessment.

While it has now become common for an engineering stamp or other certification to be a part of a pressure test, sometimes the request for pressure test does not include the insistence on a pressure volume plot along with an expert’s interpretation . This plot allows more detailed confirmation of how the pipe is behaving under the increased stress and whether or not tiny leaks may be present.

A complete pressure test procedure has to address many aspects.

- - What kind of test is it a hydrostatic test (with water as the test medium)
  - or is it a pneumatic test (air or gas as test medium).
  - What is the pressure test level and hold time?
  - if it’s a hydrostatic test what is the quality of the water or other test medium?
  - from where will the water be obtained?
  - how will the quality control of the test medium be conducted (to avoid, for example, corrosion)?
  - for how long may the test water remain in the pipeline?
  - and how will the water be disposed of?.
  - What kind of equipment will verify the test?
  - Who will certify the test especially if test medium has to be extracted due to temperature changes?

Additional aspects include:

- - Safety
  - clean up
  - reporting
  - instrument calibration
  - Leak declaration and detection
  - Retesting

Type (hydrostatic, pneumatic, spike, etc), parameters, media sourcing/disposal, corr control,

- - Instrument Calibration records
  - Technician certifications / PE Certification
  - Deadweight testing
  - Electronic and paper recordings
  - Pressure/Volume Plot with interpretation

Failure to properly conduct the test can have consequences beyond missing important evidence.

There have been several examples of heavily damaged pipe due to internal corrosion from pressure test water when the test water quality and removal times were not well handled .

Design / Construction

The design process is in itself an exercise in risk management. The provider of design services should quantify risk at every opportunity. Some designers only state regulatory safety factors without quantifying the actual amount of risk based on chosen parameters.

Similarly, construction practices can have lasting and long-reaching impacts on risk.

Both design and construction are more fully explored elsewhere on this site. Here we focus on the procurement of such services.

Designers of pipeline facilities should understand and utilize the three aspects that comprise failure probability: exposure, mitigation, and resistance. Documents produced should quantify each of these for the threats covered by the design process.

Exposure

Exposures as used here refers to any failure mechanism, any threat to the system integrity. The design basis documents should identify all possible failure mechanisms (all possible threats) and all loads and forces contributing to failure potential. So a complete inventory of all things that can go wrong over the lifetime of the designed system should be made a part of the design documentation. Some threats will require extensive independent analysis. It is common to have geohazard analysis as part of a design package for buried pipelines. A good design analysis will not only identify all of the threats over the asset’s lifetime but it will also quantify those threats before and after mitigation and safety factors have been applied.

Route selection is often an important part of the pipeline design process. As with other choices in mitigation and resistance , route selection is an exercise in risk management. Some threats and some higher consequence scenarios can be avoided via route selection. If route selection is part of the procured design deliverables then the costs and benefits–both quantified, preferably monetized–of alternative routes should be included as part of the analysis

Mitigation vs Resistance

Recall that the design process is a tradeoff between mitigation and resistance issues. That is, a component can be protected from damage or it can be built to withstand the damage. The designer should make it clear how he is balancing these requirements by noting all scenarios that can cause damage and failure and what mitigating measures are being specified or assumed in the design. Note the word assumed here. The designer may not know the future operations and maintenance protocols and may have to assume what kind of future protections will be in place for the components he is designing. For example, the design may specify a certain depth of cover over the pipeline in anticipation of other protective measures such as signs/markers, public education, one call systems, or even protective slabs, all of which may not be part of the original design and initial installation.

Construction

Construction risks include safety issues such as injuries to personnel and property damage as well as financial issues such as cost overruns, lawsuits, landowner disputes, regulatory permitting, etc . All of these risks can be assessed ijn a formal risk assessment. They are probably more efficiently assessed in a separate risk assessment from the risk assessment performed in support of integrity management.

relevant to the potential for leak/rupture during the lifetime of the asset are issues related to errors during installation. Errors can include

- - failure to comply with design documents
  - damaging/overstressing components during handling
  - use of incorrect materials
  - poor workmanship

These can be quantified and included in risk estimates over the life of the asset. The quantification can at least be an estimate rate of error events, based on things like crew experience, oversight, location-specific challenges (steep terrain, wetlands, urban, etc), environment conditions (rain, heat, cold, wind, etc), and others.

In addition to complying with regulatory and design requirements for installation the construction can be tailored to enhance future operations and maintenance. For example barcodes can be installed on every component in the pipeline and as the components are installed a database is created . This ensures a complete inventory of all components with their corresponding specifications are in a location specific database that can serve the owner operator for decades to come.

HDD

Horizontal directional drilling (HDD) is a very powerful construction technique that allows owner operators to overcome many otherwise insurmountable obstacles. It does come with its own set of special challenges though.

It may be wise to quantify the risk of the HDD installation. That is, not only does the completed HDD carry risk just as any other pipeline segment does, but the installation itself is prone to issues not seen in other, more mainstream installation techniques.

The installation risk assessment would take into account aspects such as the number and spacing of soil borings since this relates to the amount of uncertainty associated with the drill. For instance, the chance of a frac out is one of the more common elements of failure from an HDD installation. Frac out potential is directly related to the soil strata through which the drill is progressing . Hence more detailed knowledge of the soil strata leads to greater success potential. Other related factors include the amount of stress during the pullback operation .

At a minimum, the owner operator should seek from the HDD installer a list of things that can go wrong during installation and the mitigation measures that are to be employed against these scenarios.

- - Design services
    - Safety factors
    - Studies
    - Documents
    - All threats (fatigue, geohaz, etc)
    - Loads/forces/stresses
    - HAZOPS or equivalent
  - Installation (Construction) services
    - Materials procurement
    - Materials handling
    - Database inventorying
  - Special Installations
    - HDD
    - Geohazards and Anti-buoyancy
    - Facilities

See more at Design/Construction

DA (ECDA, IDCA, SCCDA)

Similar to other integrity assessment methods, the Direct Assessment (DA) type approaches are specialized service that should be performed only by qualified personnel.

More to come, covering…

- Ensure that all steps and all elements of NACE procedures are included. Common gaps include:

- - Failure to estimate TTF, sometimes simply opining that the maximum interval allowed by regulations is appropriate. This should not be accepted as sufficient. Rather estimates of remaining strength and degradation rates for each region should be offered.

- - Failure to separate possible degradation rates from mitigated degradation rates. That is, taking too much ‘credit’ for mitigation effectiveness.