See also Data Integration, GIS, Profiles
As noted in Mechanics of Risk Assessment, pipelines are structures that are collections of components. Performing a risk assessment on any structure is an exercise in assessing each component’s contribution to risk and then aggregating the results.
Analyses of long, linear assets like pipelines require special techniques for segmenting the pipeline.
The segmentation process is also a key step towards risk management, where a profile, emerging from the segmentation, is a starting point for reacting to the risk estimates.
Segmentation
The conditions along a pipeline route are variable – the hazard potential is not constant – and for this reason a pipeline’s risk must be evaluated by examinations of individual components’ risks. This makes risk assessment of long, linear assets like pipelines different from, say, nuclear reactors or chemical plants, as is detailed in our discussion of profiling.
A mechanism is required to document the changes along a pipeline and assess their individual and combined impact on failure probability and consequence. Lengths of pipeline (or other components) with similar characteristics are identified and assessed. Ideally, a new segment is created when any risk condition changes, so each pipeline segment has a set of conditions unique from its immediate neighbors. A segment is not necessarily unique within the population of segments—only different from each of its adjacent neighbors.
Each segment will receive its own risk estimate, based on its conditions and characteristics. Therefore, segmentation plays a critical role in risk assessment. Segmentation supports the creation of profiles—a critical element of risk management.
The risk evaluator must decide on a strategy for creating these sections in order to obtain an accurate risk picture. Breaking the line into many short sections increases the accuracy of the assessment. Longer sections, generated by ignoring changes in risk, reduce accuracy because average or worst case characteristics must be used to approximate the changing conditions within the section, rather than assessing the actual changes within the section.
Historically, the creation of shorter segments to gain accuracy sometimes resulted in higher costs of data collection, handling, and maintenance. This is no longer the case. Especially with modern computing environments, a dynamic segmentation approach, shown to be the best option, is both more accurate and usually more efficient.
Segmentation Strategies
Segmentation is a key part of pipeline risk assessment. Three segmentation strategies have historically been used in pipeline risk assessment: fixed-length, manual, and dynamic segmentation. Only the last, dynamic segmentation, is appropriate for a modern risk assessment. The others are noted here, for perspective, but produce inappropriate section breaks leading to often serious weaknesses in a risk assessment.
Inappropriate section break points limit the model’s usefulness and hide risk hot spots if conditions are averaged in the section, or risks will be exaggerated if worst case conditions are used for the entire length. It will also interfere with an otherwise efficient ability of the risk model to identify risk mitigation projects.
If long segments are artificially created, then each pipeline segment would usually have non-uniform characteristics. For example, the pipe wall thickness, soil type, depth of cover, and population density might all change within a segment. If the segment was evaluated as a single entity, the non-uniformity had to be eliminated. This was typically done by using the average or worst case condition within the segment. This obscured actual risks. This significantly weakens the assessment. As an example, consider a 1,000 ft segment to be assessed. This 1,000 ft has one 100 ft cased crossing within. Under a older segmentation strategy, the assessment must assume either all 1,000 ft is cased or all is uncased. Neither is correct nor appropriate. The reality is that 90% of this segment is uncased and 10% is cased and the only way to fully assess the situation is to treat the uncased differently from the cased.
Fixed-length approach
In the first of the three historical segmentation approaches, an artifact of old risk assessment practice, some predetermined length such as 1 mile or 1000ft or even 1 ft is chosen as the length of pipeline that will be evaluated as a single entity. A new pipeline segment will be created at these lengths regardless of the pipeline characteristics. A fixed-length method of sectioning also included lengths based on rules such as “between pump stations” or “between block valves”. This was a popular method in the past and is sometimes proposed even today. While such an approach may be initially appealing (perhaps for reasons of consistency with existing accounting systems or corporate naming conventions), it will reduce accuracy and increase costs in risk assessment.
Attempts to avoid errors inherent to this approach by using short, but still fixed, lengths also resulted in inefficiencies, albeit less serious than inaccuracies produced when using longer lengths. If a shorter segment length was used, then processing inefficiencies resulted, with commercial software packages requiring days of continuous processing time to perform risk estimates even for relatively few miles of pipeline. The analyses had to deal with many unnecessary segments based on an arbitrarily chosen short segment length selected, for example, 1 ft, while still requiring averaging or worst-case compromises when even shorter features, such as ILI-detected anomalies, were present.
Manually establishing sections
Another previous approach, now also outdated, involved using a pre-determined list of criteria by which to create segments. Modern computational power has eliminated the need to segment the pipeline manually, but a look at the process is useful in understanding of the need for the superior technique that has replaced it.
In a manual segmentation, the risk evaluator would choose factors that he thinks are most impactful on risk in the pipeline system being studied and rank those items with regard to magnitude of change and frequency of change. This ranking would be subjective and incomplete, but it could serve as a basis for sectioning the pipeline(s).
Sections were then divided based on their priority rank of risk factors beginning from the top of the list. The resulting number of sections may have become too large; however, in which case the number of factors on the list was reduced by eliminating some of the low-ranking factors until a cost-effective sectioning—accommodating the computing power of the time—had been achieved.
Dynamic segmentation approach
The third strategy is the most robust approach while also being the most efficient. The modern segmentation strategy, and the only really correct approach, is dynamic segmentation. The idea is for each pipeline section to be unique, from a risk perspective, from its immediate neighbors. When any characteristic changes, a new segment is created. This ensures that every risk variable, and only the risk variables themselves, determine segment breaks.
So, the full risk assessment solution to any variation in any risk variable is to ‘dynamically segment’ on that variation. This means that a new segment should be created for any feature or length of pipe that has different characteristics from its neighbors. Every change in any aspect creates a new segment, reflecting a different crack potential, corrosion potential, ability to resist external force, consequence, or any of dozens of other factors. This will generate many segments.
Since the risk variables measure unique conditions along the pipeline they can be visualized as bands of overlapping information. Under dynamic segmentation, a new segment is created every time any condition or characteristic changes, so each pipeline segment has a set of conditions unique from its adjacent neighbors. The data determines the number and location of segment breaks. The length of a segment depends on frequency of condition changes: segments where variables change frequently may be an inch or less; segments with relatively constant conditions may be hundreds of feet in length.
Segments created with a dynamic segmentation process are iso-risk, ie, as far as all collected data and knowledge can determine, there are no changes in risk along a segment’s length. So, within a pipeline section, we recognize no differences in risk, from beginning to end. Each foot of pipe is the same as any other foot, as far as we know from our data. Should changes be later identified, then the segment should be further subdivided.
We also know that the neighboring sections do differ in at least one risk variable. It might be a change in pipe specification (wall thickness, diameter, etc.), soil conditions (pH, moisture, etc.), population, or any of dozens of other risk variables, but at least one aspect is different from section to section.
For some aspects of a risk assessment, conditions will remain constant for long stretches, prompting no new section breaks. Aspects such as training or procedures are generally applied uniformly across an entire pipeline system or at least within a single operations area. Section length is not important as long as characteristics remain constant. There is no reason to subdivide a 1-mile section of pipe if no real risk changes occur within that mile. However, it would be very rare for a 1 mile stretch of pipeline to have no changes in risk. Afterall, every road crossing, every creek crossing, every change in soil, population density, pressure profile, etc, causes some change in risk. Long section lengths suggest incomplete data and casts suspicion on the entire risk assessment.
Normally, there are many real and significant changes along a pipeline route, warranting many dynamic segments.
For purposes of risk assessment, dividing the pipeline into segments based on any criteria set other than all risk variables will lead to inefficiencies in risk assessment. Use of any segmentation strategy other than full dynamic segmentation compromises the assessment.
A computer routine can replace a rather tedious manual method of creating segments under a dynamic segmentation strategy. Related issues such as persistence of segments and cumulative risks are also more efficiently handled with software routines. A software program to be used in risk assessment should be evaluated for its handling of these aspects. Modern GIS software typically has this type of functionality built in. Alternatively, simple programming code performs this task in a variety of software environments.
A potential (and unwarranted) criticism to this high-resolution approach is that ‘management of such a high count of segments is problematic’. The response is direct and intuitive—these segments are currently already being ‘managed’ in the real world. Each segment really does have failure issues distinct from the adjacent pipe and must be managed accordingly. The risk assessment should acknowledge this reality. Furthermore, with today’s computers, high segment counts causes no real efficiency issues.
Eliminating unnecessary segments
There will be instances where data, collected at regular intervals (for example, pipe-to-soil voltages in a close interval survey, pressure changes every 100 ft, soil resistivity readings, depth of cover, etc), have changes that are insignificant from a risk standpoint. Capturing every minor change as a new dynamic segment is not necessary and leads to inefficiency. A useful ‘rule of thumb’ for when a minor change can be ignored is:
If an SME would not be interested in the minor difference between two measurements, then the risk assessment probably also should not react to the difference. Therefore, the data can be grouped or categorized to minimize unnecessary segment breaks.
For instance, typical pipe-to-soil voltage readings (a measure of CP performance) measurements such as 0.879, 0.882, and 0.875 are probably not different enough to warrant any action. They could be placed into a category of “0.850 to 0.900” and only values falling into categories outside of this range, warrant special attention. This does not eliminate all unnecessary segments, since values very close to boundaries of categories are arguably also not requiring discrimination. Nonetheless, such ‘bucketizing’ of values can improve data processing efficiency.
Auditing Support
Statistics on segment length are also useful auditing tools. As previously noted, long average lengths or maximum lengths of segments are suspicious. A pipeline in a natural environment would logically have conditions changing regularly along its length solely from changes in its surroundings—soil types, creek crossings, elevation changes, road crossings, population density changes, etc. Additional changes due to design specifications, hydraulic profile, installation specifics, and others, suggest that at least dozens of segments per kilometer would be expected for most pipelines. It is not unusual for a modern assessment to generate thousands of segments per kilometer when detailed inspection data such as from ILI is available. A high segment count should not be worrisome. It results in increased accuracy, normally without increased data or modeling costs. It should also not be viewed as excessive. After all, it is actually only a few millimeters of pipeline component that actually fails in most incidents, sometimes a few meters, when the failure forces are exceptional. When inspection data identifies a few millimeters of possible weakness, such as a metal loss feature, that information should be integrated into the risk assessment.
Segmentation of Facilities
Facilities also require segmentation in order to fully assess risk. Geographical or functional groupings (for example, tank batteries, pump houses, manifold area, truck loading area, injection facility, etc.) are commonly used for aggregation of risk results. However, individual components and even sub-components will still require risk assessments. For example, a pump can fail in a variety of ways, involving its casing, impeller, seals, flanges, shaft, and any other component. Which subcomponent failed and the manner in which it failed may have a significant impact on the subsequent consequences of the pump failure. A full understanding of risk requires knowledge of pump failure potential which requires at least cursory attention to the failure potential of each sub-component of the pump.
A challenge in facility risk assessment will be in inventorying. Especially for large, complex, or older facilities, complete databases of all components may not be available.
Ideally, so-called ‘smart CAD’ (computer assisted drawing) files will be available to not only have a complete and tabulated inventory of components but also to show the interconnectivity of those components (so that flow pathways are known).
If a PPM (Predictive Preventative Maintenance) program is in place, that may provide good segmentations of key equipment. Since a PPM program is designed to account for differences in failure potential for all components, it parallels a risk assessment in an important way.
Segmentation for Service Interruption Risk Assessment
When failure is defined to include service interruption risk, some new dynamic segmentation considerations appear. Consistent with all risk assessments, the data collected to assess the risk will also inform the dynamic segmentation. However, since this expanded definition of ‘failure’ can make the risk assessment considerably larger and more complex, some segmentation shortcuts such as grouping leak/rupture PoF values, might be appropriate. See full discussion in Chapter 12 .
Sectioning/Segmentation of Distribution Systems
Dynamic segmentation is the preferred approach for assessing all types of pipeline systems including distribution systems and other networked components.
Due to sometimes weak data availability for older distribution systems, it may not be practical to identify and assess each component, at least not for an initial risk assessment. Since dynamic segmentation is based on location-specific data, temporary alternative segmentation strategies might be needed, pending more data availability. This is especially true for older gathering and distribution systems.
As work-arounds to lack of location-specific information, screening approaches have historically been used to focus resources on portions of the system believed more likely to harbor higher risk. Therefore, areas with a history of leaks, materials more prone to leaks, and areas with higher population densities often already have more resources directed toward them.
Such screening approaches should not be considered to be complete risk assessment foundations. They are based on an initial bias—the pre-determined list of perceived priority risk elements—and will often miss important, but rare and non-obvious failure and consequence potential. A detailed, location-specific risk assessment can identify subtle interactions between many risk variables that will often point to areas that would not have otherwise been noticed as being higher risk. High level screening approaches should be thought of as only intermediate steps, sometimes required pending more data availability, towards the full risk assessment. Some of the possible, interim segmentation strategies such as a non-contiguous, characteristic-based or a geographical segmentation strategy are discussed in PRMM.
Persistence of segments
Under a dynamic segmentation strategy, segments are subject to change with each change of data. This results in the best risk assessments, and does not interfere with tracking changes in risk over time. The risk associated with any stretch of pipeline can always be determined and compared with previous estimates. The user simply picks the ‘from’ and ‘to’ boundaries of the section of interest and then obtains the total risk, the total PoF, the maximum CoF, or any other aspect of interest. This involves a summarization or roll up of the dynamic segments that make up the section of interest.
Aggregation / Results roll-ups
Having employed the modern dynamic segmentation approach, the risk assessment is ready to produce estimates of risk at many specific locations along the pipeline. However, any stretch of pipeline can now also be represented by summary risk values. The risk details—sometimes hundreds or thousands of segments per mile—will need to be summarized for many risk management activities. Valve-to-valve, trap-to-trap, accounting-based sections, and any other sectioning scheme, can be readily applied to the full risk assessment results in order to produce summary values for many management purposes.
It is common practice to report risk results in terms of fixed lengths such as “per mile” or “between valve stations,” after a dynamic segmentation protocol has been applied. This “rolling up” of risk assessment results is necessary for summarization, reporting, establishing risk management strategies, and perhaps linking to other administrative systems such as accounting or geographic responsibility boundaries.
Summarizations of risks, if not done properly, can be very misleading. Many summarizing strategies will mask important information. Masking occurs when the important details of a collection of numbers is hidden by a summary value that purports to characterize that collection. Several masking scenarios are possible. One simple example is a short section of pipe with an extraordinarily high PoF—perhaps in a landslide zone or a location of CP interference causing corrosion. This problematic segment will often be masked in the summation of the other segments. Viewing a single value purporting to represent the risk of the entire length of pipe (collection of pipe segments) will not reveal to the observer the presence of the extraordinarily high PoF of the short segment unless an aggregation strategy is designed to avoid the masking.
It can be tempting to use an average risk value to summarize. This will clearly mask higher risk portions when most portions are lower risk. Length-weighted averages will also be misleading. A very short, but very risky stretch of pipe is still of concern, but the length-weighting masks this.
For example, the risk per mile of a 10 feet long component might be much higher than the risk per mile for any other segment. Since it is only 10 feet long, it’s contribution to overall risk is perhaps tolerable. But it is important to know that a high rate of risk is indeed being tolerated.
It may also be tempting to employ a ‘weakest link in the chain’ analogy and simply choose the maximum risk segment to represent the risk for the entire collection of segments. As a sole method of aggregation, this is not satisfactory strategy. Examples of difficulties include:
Seg A max = Seg B max but Seg A has only 1% of its length showing that high risk while Seg B has 80% of its length showing ‘high risk’.
Seg A max = Seg B max and each have the same length with the higher risk, but the rest of Seg A is only 1% better while the rest of Seg B is 50% better than its ‘high risk’ length.
Similar difficulties arise if averages or other summary statistics are used—masking of extremes and/or insufficient consideration of non-extremes are both errors in analyses. Simple summations of risk scores from certain older risk assessment methodologies are especially unsatisfactory since they often do not consider lengths of individual segments.
A system of calculating cumulative risk that will avoid all masking, all under-reporting, and over-reporting of risk, is needed. That system is simply an aggregation of all of the underlying segments comprising the section of interest. The aggregation is done by simple summation when elements are additive, such as EL and frequencies, or the application of OR gate summation when probabilities are combined, as in PoF.
See also the discussion of Cumulative Risk in .
Length Influences on Risk
For long, linear systems like pipelines, risk is sensitive to length. When all other aspects are equal, a longer pipeline segment will always show higher risk than a shorter.
The total risk generated by a segment uses the actual length. That is important to risk management decisions. However, the rate of risk—risk per unit length—is also important to decision-makers. It is important to understand that Segment A is higher risk than Segment B because Segment A is longer. Subtly different is the critical understanding that Segment B may be less risky ONLY because it is shorter; for example, Segment B actually has a higher risk-per-unit length (for example, risk per km), but its short length makes its total risk low.
The segment with the highest risk value will often not be the same pipe segment when reported on a unitized basis versus a length basis. The riskiest length of pipe in the system is not necessarily the segment with the highest rate of risk, ie, risk per foot. It may actually have very low risk per foot, but simply be longer than other segments.
For example, the risk per mile of a 10 feet long component might be much higher than the risk per mile for any other segment. Since it is only 10 feet long, its contribution to overall risk is masked, unless the rate of risk is examined. As previously noted, a very short, but very risky stretch of pipe is still of concern, even if the length-weighting masks this.
This is why both the segment’s risk and its risk-per-unit-length values should be reported by the risk assessment. This is also true for all of the risk sub components since decision-making will also eventually focus on each PoF individually.
CoF is an element of risk that is not pipe length sensitive. CoF in ‘per incident’ units (for example, $/incident, fatalities/incident, etc) makes CoF a length independent measurement. The maximum CoF in a collection of segments (ie, a stretch of pipeline) will be of interest since it shows the worst consequences that could occur (to a certain PXX) in that collection. It may also be of interest to know when a system has a higher proportion or more overall length of higher CoF values than a system with lower CoF’s and/or less length of high CoF. In this case, a length-weighted average CoF, used to supplement the maximum CoF, could be meaningful.