How to do a risk analysis in automation system, that can detect fragile points in automation system that may cause any sort of interruption in the equipment?

Has anyone done any think that may prevent any fragile point in the automation system and listed what is the actions to do when the problem happen?

I am tring to do that but I´d like to have some kind of start point.

Thanks for any help.

Leonardo Rosa Lemos

 

A couple of books that might be good starting points for risk analysis:
Guidelines for Safe Automation of Chemical Processes (AIChE)
Control Systems Safety Evaluation and Reliabilty (ISA)
I hope this helps.

Regards,
S.T.

 

Automation system risk to operations involves three components. First, is the mathematical probability of component failure - pure risk. Second, is the uncertainty involved in the automation systems that may cause downtime. Third, is the severity of the associated downtime to operations which is related to system disaster recovery. To lower the risk to operations from automation system failures you need to address each of these areas. A system audit to identify suspect areas, reduce uncertainty about the system, and reveiw disaster recovery plans is a good start.

See the link for an article about automation system risk. "www.sylution.com/audit.htm":http://www.sylution.com/audit.htm

Good luck,

K.Totherow

 

Then there is the risk from overall system design. I have seen a lot of systems where a single failure can create a serious problem. For instance, having but one hydraulic pump on a hydraulically operated machine means that even if the automation does not fail a $1,000,000 machine can fail just because a $500 pump went bad.

The other issue not often discussed is the human element. Its not easy to design something that is foolproof, since fools tend to be so ingenius!

Because of their constant exposure to a specific machine (for instance) operators often develop a keen insight into it. This often leads them to do things that seem like an improvement to them (such as adjusting setpoints to eliminate "nuisance" alarms), that may have unforseen consequences. Look at things from an operator's POV for a few days when doing any risk assessment.

You may well find that the biggest risks are not in the automation, but in how it is operated. I suggest a few things be considered here:

1. What protects the equipment if the operator decides to take a pump or other device out of auto and runs it manually?
2. What about taking a PID loop out of auto and running it in manual?
3. What happens if he decides that he can "fix" a problem by adjusting the setpoint or calibration on an instrument?
4. What if he enters a preset that is legal but really makes no sense (like allowing entry of a high level alarm setpoint that is lower then the low level alarm setpoint)?
5. What about "nuisance" alarms that just get acknowledged everytime they come up without doing any real investigation? Maybe this time its a "real" problem and not just a temporary thing.
6. What if he tweaks a process by some means that is not obvious, such as partially closing a manual valve?

Some of these things can be addressed by procedures and proper supervision, but in the real world, both of these things tend to be secondary to making product.

Bob Peterson

 

Risk Analysis isn't worth the paper it's written on! Jaundiced view? You bet it is when, even though I thought of it as a worthy discipline, the manager of a plant (refinery, in my case) says, "We're making money. Don't touch it!" Even operators and technicians, enticed by the reward of a profit-sharing program, ignore the "risk!"

Look at how company managers are rewarded today. Do whatever it takes to increase the "visible" worth of an industry, facility, or the like. Then, the renumeration "earned" by company "leaders" reaches obscene levels.

Risk is a matter of perception, not some "figure of merit!"

Personal negativity aside, if you would like a mathematical but proven approach, send for a copy of my paper... Probabilistic Risk Assessment of Safety Systems!

Regards,
Phil Corso, PE
(Boca Raton, FL)

 

Bob Peterson:
> The other issue not often discussed is the human element.

Indeed... as we see on the news...

> Look at things from an operator's POV for a few days when doing any
> risk assessment.

Definitely; if you manage to make it mutual, so much the better

> 1. What protects the equipment if the operator decides to take a pump or other device out of auto and runs it manually?

The real question should probably be `Why?'; taking a device out of auto should count as a deficiency report against the automation.

> 5. What about "nuisance" alarms that just get acknowledged everytime
> they come up without doing any real investigation? Maybe this time
> its a "real" problem and not just a temporary thing.

Nuisance alarms speak of bad design to begin with - whether they're a normal part of the cycle that never should've been an alert to begin with, problem detection with a ridiculously high rate of false alarms, or even true problems that the operators simply don't agree with (say statutory ones).

> Some of these things can be addressed by procedures and proper
> supervision, but in the real world, both of these things tend to be
> secondary to making product.

A couple of years back, there was a problem at a plant here in Victoria (Aus); it turned out on investigation that in the old, thick procedure manual, it did say that if the subsystem in question is down for five minutes, the whole section should be shut down. Nobody reads that any
more, though, and they were all busy fending off a more visible problem in the next section. Unfortunately, it was a petrochemical plant...boom!
Very public, too, being a utility (no hot water for weeks).

Jiri
--
Jiri Baum <[email protected]> http://www.csse.monash.edu.au/~jirib
MAT LinuxPLC project --- http://mat.sf.net --- Machine Automation Tools

 

Phil Corso:
> Risk Analysis isn't worth the paper it's written on!

The problem is that it's a field where success is largely invisible. Unless the system is large enough to have a residual death rate anyway
(roads, some medicine), risk reduction is only noticed when it fails.

The multitudes of people who worked on the Y2K problem, and licked it, got no thanks in return. The list could go on and on - a problem quietly solved is a problem that, in the minds of far too many, never existed.

What the solution is, I have no idea.

Evil tongues say that the police solves the same problem by counting arrests, ignoring (and/or subverting) actual crime reduction. Obviously, not a recommendable approach.

Goodness, I'm depressed today, aren't I?

Jiri
--
Jiri Baum <[email protected]> http://www.csse.monash.edu.au/~jirib
MAT LinuxPLC project --- http://mat.sf.net --- Machine Automation Tools