Beruflich Dokumente
Kultur Dokumente
a r t i c l e i n f o a b s t r a c t
Article history: Shortly after initiating a Management of Change instance, the owner develops a list of action items that
Received 28 February 2012 need to be accomplished in order to successfully complete the MOC. This activity is termed “scoping the
Received in revised form MOC”. A well-scoped MOC is efficient and lower risk; a poorly-scoped MOC is inefficient and higher risk.
29 June 2012
The quality of MOC scoping depends largely on the methodology used, with different sites using
Accepted 4 July 2012
anything from no scoping at all, guesswork approaches, checklist approaches, to very sophisticated asset-
based scoping.
Keywords:
This paper reviews the various scoping methodologies using examples from actual MOC processes
Management of Change
MOC
currently in use at chemical plants and refineries. The scoping techniques are then evaluated in terms of
Scoping cost and error susceptibility of the resulting MOCs, using quantitative assessment tools. The results of
Optimization this research provide specific guidelines on how to optimize scoping for small, medium and large MOCs.
Checklist Ó 2012 Elsevier Ltd. All rights reserved.
0950-4230/$ e see front matter Ó 2012 Elsevier Ltd. All rights reserved.
http://dx.doi.org/10.1016/j.jlp.2012.07.007
500 R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510
risk. Gorovitz and MacIntyre (1976) identified two causes of human These different approaches are described in the following
failure: sections.
Their interpretation of “ignorance” is strict, inasmuch as the In “explicit” scoping, the initiator1 is provided no information
knowledge doesn’t exist anywhere in the world. Normally, in plant about how to proceed with scoping the MOC. The MOC form simply
MOC applications, the expectation is that the knowledge exists to requests the inclusion of “all action items”, as shown in Table 2.
properly and safely conduct a change, and that the MOC process In order to consider the MOC properly scoped, the initiator must
should guide the user to avoid failures caused by ineptitude. MOC produce exactly the list of items (without asterisks) shown in
processes often use checklists for scoping purposes: Table 1. The biggest risk in this scenario is that action items are
overlooked.
A checklist is a type of informational job aid used to reduce It’s possible to make a rough estimate of the probability that the
failure by compensating for potential limits of human memory MOC will be properly scoped using the explicit approach. But, in
and attention. It helps to ensure consistency and completeness order to develop a realistic estimate, it is necessary to characterize
in carrying out a task (Wikipedia). how the (potentially overlooked) action items relate to the MOC,
and whether there are any mitigating circumstances.
As indicated in Table 3, the relationship between the action
items and the MOCs is characterized as follows:
2. Ensuring that all action items are present Inherent Action Items: These “inhere” or are part of the
process. The MOC process triggers a PHA, a PSSR, an area manager
MOC scoping can be accomplished in several different ways, approval, and so on. So the probability of omitting these action
which can be labeled: items is 0%.
Critical Path Action Items: These action items are always per-
1. Explicit scoping: starting from essentially a blank sheet formed, because the change cannot proceed without them. For
2. Guided scoping: a traditional checklist instance, if the change is to install an instrument, the change
3. Asset-based scoping: a checklist with an intelligent ruleset doesn’t happen unless the instrument is installed. Installation can’t
proceed unless the instrument is procured (either ordered or
retrieved from the warehouse). However, even though these action
items must eventually be performed, it is possible for them to be
Table 1 overlooked during the initial attempt at completing the MOC. This
List of action items for a hypothetical MOC.
does not result in a compliance problem (since the oversight is
Action item Type of Execution state Role eventually discovered); this results in an economic problem in as
action item much as schedules are disrupted when parts are not available (due
Redline P&ID Perform Change Design Owner to them never having been ordered). The probability of missing
Redline instrument Perform Change Design Owner a critical path action item is c%.
loop diagram
Supportive Action Items: These action items support the
Conduct PHA* Perform Impact Analysis Process
Engineer implementation of the change. For instance putting instruments on
Conduct environmental Perform Impact Analysis Environmental a P&ID and an instrument loop diagram make the procurement and
analysis Rep. installation of the instrument easier. However, it is physically
Review MOC Review Approvals Process Engineer
possible to install an instrument without it ever appearing on
Approve MOC* Sign-off Approvals Area Manager
Procure instrument Perform Implementation Purchasing Rep.
a drawing (although that immediately creates Process Safety
Install in facility (usually Perform Implementation Maintenance Information management violation). If a Supportive Action Item is
triggered by a omitted, early in the MOC process, it is normally discovered during
work order) the PHA. The PHA team would send the MOC back to the respon-
Obtain instrument Perform Implementation Owner
sible person with the direction to redline a P&ID and a loop sheet
spec. sheet
Conduct PSSR* Perform PSSR PSM Coordinator (in this example). So, it is unlikely that the P&ID redlining will be
Update instrument Perform Close-out Owner totally omitteddthe more common case is where the redlines are
database overlooked and then must be redone in response to a request from
Update fugitive Perform Close-out Environmental
emission database rep.
Update P&ID (incorporate Perform Close-out Drafting rep.
1
redlines, as-builts) For the purposes of this discussion, it is assumed that the MOC initiator
Update instrument Perform Close-out Drafting rep. conducts the scoping activity, although scoping can be performed by any compe-
loop diagram tent resource. Use of the term “user” is avoided, since that term tends to be used
Gather metrics* Perform Close-out MOC Coordinator more in computerized MOC applications. Although the author is very supportive of
Close-out the change* Sign-off Close-out MOC Coordinator electronic MOC applications, the discussion in this paper is independent of
implementation technology.
R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510 501
accrue if the item is actually on the list. This can be expressed Table 6
mathematically using: Asset-based scoping. Example ruleset.
Redline P&ID
Redline instrument loop diagram
2.3. Asset-based scoping .
types [including information-only]). However, in practice, only 15 list of action items. Every MOC goes through a PHA process (usually
scoping question configurations were seen. HAZOP). It’s up to the PHA team to decide what “really” needs to be
The most common kinds of scoping questions symbols are listed done on this MOC. The obvious flaws from this process are:
in Appendix A.
1. the PHA isn’t conducted until after the important drawings are
redlined, so redlining of some design documents may be
3.3. Analysis
overlooked, and,
2. the PHA team is (appropriately) focused on safety, so admin-
The scoping items were analyzed for 15 companies and plotted
istrative aspects of the change (e.g. update the PSV database)
in Fig. 5e7. The symbols are scaled so that the area is proportional
may be overlooked.
to the number of items. For example, a triangle with a base length of
0.100 represents 1 item, while a triangle with a base length of 0.200
represents 4 items. The largest blue triangle for Company N
3.3.3. Inspection as the key to success
represents 221 items; the large information symbol for Company O
Company E also runs a similarly-sized refinery to Company D.
represents 428 items.
The design work is “stateless”; the scoping process does produce
a list of what documents need to be updated, and by whom, but not
3.3.1. Minimalist scoping approach
when the updates are supposed to occur.
Companies A, B and C have a very minimalist approach to MOC.
Recall that Company D used the PHA as the “sanity check” on the
The MOC Initiator creates a list of things to do, guided by a checklist.
MOC; similarly Company E uses inspection as a sanity check on the
Since there’s no indication of who, why or when the action items
MOC. Inspections are identified and scoped at a very granular level,
are to be conducted, we can only assume that the Initiator acts as
project manager and schedules all the tasks individually.
Fig. 3. Scoped action item symbol, showing the meaning of the shaded regions. Fig. 4. Color code for scoped action item symbol shading.
R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510 505
including making over 100 inspection forms available via the MOC 3.3.5. Approvals as the key to success
process. Companies G, H and J all depend on the approvers to assure the
success of an MOC, so a great deal of effort is spent on identify the
3.3.4. Always the same approvers proper approvers based on the characteristics of the change.
One might wonder why there aren’t any approval actions indi- Company G represents the first rather complete example of
cated for companies AeE? The reason is that a specific set of scoping, since action items are created for all states. The MOC
approvers is specified by the MOC procedure, and the same procedure at Company H gathers a lot of information (see large
approvers sign-off on every MOC. So, the approvers are not selected stateless information symbol), but makes no attempt at scoping the
by scoping; a standard set of approvers is simply part of the process. MOC beyond the reliance on approvers.
The obvious shortcomings of a static approver list are:
3.3.6. Impact Analysis as the key to success
Not enough approvers: New circumstances may arise, that Company K’s MOC process is singularly focused on risk avoidance.
require additional approvers. No doubt the extra person (s) are The scoping process identifies lots of things that need to be looked at
invited into the process, which is technically a process during the impact analysis state. Specifically, the scoping activity
exception. identifies items of concern for the PHA, the environmental review, the
Too many approvers: Oftentimes, approvers sign-off on MOCs personnel safety review, the industrial hygiene review, etc. The
that have little to do with their specific area of expertise. impact analyses are then reviewed by a standard set of approvers.
506 R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510
Interestingly, the scoping activity doesn’t provide any helpful Company M indicates that the technical concerns are considered at
guidance on what documents need to be updated, or any activity a very granular level.
that has to be performed. Additional action items, like redlining certain drawings, etc., are
Company L also has exhaustive questionnaires related to impacts scoped, but there’s no indication of when they are to be done.
(especially environmental) of the change. However, the scoping Presumably they need to be completed in time for the review?
activity at Company L covers the entire lifecycle, a much better
arrangement than the overly restrictive approach of Company K. 3.3.8. Perfect MOC scoping is achievable
Company N has the best quality AND most comprehensive
3.3.7. The technical review as the key to success scoping activity, of all those considered. Notice how every scoped
Company M has one of the lengthiest MOC scoping question- element, whether a call to perform an action (blue), a review
naires. And, the questions are very complete with full consideration (green) or a notification (yellow) is fully described. There’s a state-
regarding what needs to be reviewed, by whom, and why. Most of ment of why the item needs to be done, what role is supposed to do
the scoping activity is focused on identifying the proper technical it, what kind of action it is, and when it should be performed. The
reviewers. Compared to Company I, the large green symbol for symbols in Fig. 6 represent a total of 611 scoped items. Note also
Fig. 7. An ideal, scoped MOC. (For interpretation of the references to color in this figure legend, the reader is referred to the web version of this article.)
R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510 507
that there are no stateless tasksdevery task is clearly identified as Between the first and second meetings, the facilitator recon-
to when it needs to be performed. stituted the scoping process based on the input from the first
There are no sign-offs (red) because the sign-offs during the meeting. The second meeting was again, face-to-face, but this time
Approval state are part of the process; they are not scoped into the only a half day.
MOC. The facilitator presented the updated scoping process at the
start of the second meeting. The team critiqued what the facilitator
3.3.9. Redlining vs. updating had prepared.3
Normally, MOCs are performed on existing assets in the plant Between the second and third meetings, the facilitator quickly
(or an existing product, etc). Obviously, there are existing docu- updated the scoping materials, and distributed them. Each team
ments which describe those assets. Modification of documents, in member was asked to be extremely critical and identify any scoping
the MOC context, is a two-step process: the documents are first detail that they did not entirely agree with. This feedback was
redlined, generally during the Change Design state; once the consolidated, and the final scoping ruleset was updated by the
change is made to the plant, the documents are updated, generally facilitator.
during the Close-Out state. The third meeting was only 2 h, and really served to ratify the
The processes of Company N, and to a lesser extent J and L, work that the team had accomplished.
clearly show this characteristic. There are many action items that What was the outcome?
take place during Change Design, and many during Close-Out. The Using the evaluation approach, described in the previous
fact that not every company’s process has these features is an sections, the new MOC scoping approach at this company is as
additional indication of vagueness. shown in Fig. 7. In order to make the symbols in all the diagrams
comparable, they are sized to the same scale; that is, a symbol with
3.3.10. Information as the key to success a given area in Fig. 7 represents the same number of action items as
Company O has a detailed questionnaire for each MOC. The large a symbol with the same area in Fig. 6.
symbol with the black shading in the lower right, in Fig. 7, indicates The new scoping approach at this company incorporates all of
that there are 485 information gathering questions that must be the positive attributes previously identified:
addressed during the scoping activity. The company has structured
the questions sensibly, so that only the relevant categories of 100% of action items are fully-formed: the action, the type of
questions are answered during scoping. Someone has gone to a lot action, the role, the reason for the action and the timing are all
of trouble to put these lists together. Wouldn’t it make sense to specified
complete the job by identifying associated action items? All the action items that can be specified4 up-front, are speci-
To some extent they have done that. There are an additional fied. Little is left to individual’s memories.
couple of hundred scoping questions which do identify actions that The separation between redlining (blue actions during Change
need to be performed. But, as shown by the blue symbols in Fig. 7, Design) and document updating (blue actions during Close-
the company didn’t go all the waydspecifically, there’s no indica- Out) is recognized.
tion of when these actions need to be performed. The quantity and extent of hazards at this company are less
To the credit of Company O, the process does produce a good list than Company N. So, it’s reasonable that there are fewer
of technical reviewers (green symbol) for each MOC. scoping items, as indicated by the area of the symbols in Fig. 7
being smaller than the area of the symbols in Fig. 6.
Example 2:
Does this change introduce or modify the inspection frequency
of new or existing equipment?
Update inspection database
Mechanical Integrity group
During the Implementation state
Example 3:
Will this change exceed the relief capacity of individual pieces of equipment?
Conduct pressure safety review
Mechanical engineer
During Change Design state
Example 3:
Update process flow diagram, by incorporating redlines.
Process Engineer
During Close-out
Example 2:
Do the changes in test methods require revalidation?
Revalidate the test methods.
During PSSR.
Example 2:
Assess impact on electrical devices and disconnects
During Impact Analysis
Example 3:
Update safe operating limits
During Close-out
Example 3:
Test control system change
R. Hoff / Journal of Loss Prevention in the Process Industries 26 (2013) 499e510 509
Appendix A. (continued )
Example 2:
Does this change involve increased
waste or pollution production?
Conduct a review
Area Environmental rep
During the Approvals state
Example 3:
Has the effect of potential contaminants
been evaluated in the design of this relief valve?
Conduct a review
Pressure Safety group
During the Change Design state
Example 2:
Does this change introduce a new chemical?
Sign-off
Quality Representative
During Approvals
Example 3:
Does this change add, remove or alter
piping or equipment?
Sign-off
Mechanical Integrity Representative
During Approvals
Example 2:
Notification that unit is ready to start up.
The person is sent a notification
Plant Manager
During PSSR
References Hoff, R. (2011). Quantitative models for assessing MOC performance. In AIChE national
spring meeting, 7th global congress on process safety (pp. 15). Chicago: AIChE.
Keren, N., West, H. H., & Mannan, M. S. (2002). Benchmarking MOC practices in the
American Institute of Chemical Engineers. Center for Chemical Process Safety.
process industries. Process Safety Progress, 21, 103e112.
(2001). Layer of protection analysis: Simplified process risk assessment. New York:
Matthews, W. R. (2011). Asset-based MOC approval. In AIChE National Spring
Center for Chemical Process Safety of the American Institute of Chemical
Meeting, 7th Global Congress on process safety (pp. 10). Chicago: AIChE.
Engineers.
OSHA. (1992). Process safety management of highly hazardous chemicals.
American Institute of Chemical Engineers. Center for Chemical Process Safety.
29CFR1910.119. Washington: OSHA.
(2008). Guidelines for the management of change for process safety. Hoboken, N.J:
Sanders, R. E. (1996). Human factors: case histories of improperly managed changes
Wiley-Interscience.
in chemical plants. Process Safety Progress, 15, 150e153.
Chosneck, J. (2010). Managing management of change. In AIChE national spring Sanders, R. E. (2005). Chemical process safety: Learning from case histories (3rd ed.).
meeting (pp. 12). San Antonio, TX: AIChE. Amsterdam; Boston: Elsevier Butterworth Heinemann.
Cooper, R. G. (2001). Winning at new products (3rd ed.). Basic Books. Swain, A. D., & Guttmann, H. E. (1983). Handbook of human reliability analysis with
Gorovitz, S., & MacIntyre, A. (1976). In the 1970s. Journal of Medicine and Philosophy, emphasis on nuclear power plant applications e final report. In NUREG (pp.
1, 20. 712). Washington: U.S. Nuclear Regulatory Commission.
Hoff, R. (2007). Lifecycles. MOC Best Practices, 1. Wikipedia. Checklist. In Unknown.