Safety

Controlling Risk During

Major Capital Projects
William Bridges Think of process safety management (PSM)
Revonda Tew
Process Improvement as a project deliverable, and follow these
Institute, Inc. best practices for scheduling and performing process
hazard analyses (PHA) and completing other PSM
requirements during key phases of a major project.

T
he construction of a new plant, or a large capital
expansion to an existing facility, represents sig-
nificant risk. That risk increases when construction
takes place in an operating environment and when criti-
cal tie-ins are made to “live” equipment. AIChE’s Center
for Chemical Process Safety (CCPS) provides excellent
guidance in its original process safety management (PSM)
guideline (1) and in many subsequent publications. Other
papers (2, 3) discuss how to manage major capital projects
to achieve process designs and operating procedures that
will control process safety.
These resources refer to the standard industry practice
of conducting multiple risk reviews — also called process
hazard analyses (PHAs), project risk reviews, design safety
reviews, etc. Typically, a small project includes one or two
risk reviews, whereas a large project (such as a new plant)
may involve as many as six risk reviews that build upon
each other to yield the initial PHA (Table 1). Although this
article focuses on major projects, these best practices apply
to medium and small projects as well.
Conventional risk-analysis tools must be applied at
strategic project milestones, but these alone will not ensure
a safe and seamless startup. A holistic approach to man-
aging risks on a large project requires some innovative
measures that must be supported by the entire project team.
While the various phases of a major project can spread
over 12 to 36 months, decisions for controlling risk made
during each project phase echo through the next 20 to 50
years of operation. Design features, automated control
features, and human interactions must be controlled continu-
ously to manage the inherent hazards of chemical processes.
PSM requirements
The U.S. Occupational Safety and Health Administra-
tion’s (OSHA) PSM standard (4) sets requirements for the
management of hazards associated with processes that use
highly hazardous chemicals (HHC). The regulations list 14
interrelated elements (outlined in the standard), treating them
as part of a holistic continuum. The elements apply to (or are
affected by) capital projects to varying degrees, especially:
• process safety information (PSI) — developed through-
out the project phases

Table 1. As project size and scope expand, more risk reviews are needed.
Project Phase: Preliminary Design
Typical Project Duration Number of Risk
Project Size Example of Project Scope (Concept to Commissioning) Reviews
Small Minor affiliate/plant works (installing piping to bypass a 1–2 mo 1
control valve)
Moderate Works engineered by an affiliate/ plant (installing a new 6–9 mo 2–3
design of knockout pot for a feed to a unit)
Major Major projects handled external to an affiliate/plant 12–36 mo 4–7
(expansions and new facilities)

56 www.aiche.org/cep April 2009 CEP

 • operating procedures — developed in the last phases
of a project
• management of change (MOC) — the heart of project
risk control
• process hazards analysis — the heart of MOC
• pre-startup safety review (PSSR) — conducted before
highly hazardous chemicals enter and before production starts
• emergency planning and response — cannot happen
properly if the process layout, design, and operation do not
consider it in advance.
PSM as defined by OSHA does not address all process
safety issues; CCPS/AIChE define several other elements,
such as human factors and project risk management, that are
not covered in OSHA PSM elements. When all elements are
included, PSM involves the same management practices as
required for operational and reliability excellence — so
incorporating these into each project phase makes good busi-
ness sense. By addressing PSM early in the project develop-
ment, it is easier to expand risk management to “sustainable
control of human error” — the key to controlling risks.
This not only provides excellent process safety control, but
excellent reliability, quality, and efficiency control.
The initial phases of risk control
The first two project phases — conceptual design
review and feasibility and detailed specifications — are
critical for establishing the inherent safety of the process.
Activities during these phases (Table 2) include:

Table 2. Conceptual risk reviews should be conducted during the earliest phases of a major capital project.
Project Phases: Conceptual Design, and Feasibility and Detailed Specifications
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Choose inherently safer option Consequence modeling (to help on next Process safety information, including
Ensure overall feasibility project phase) chemical hazards, chemical reactivity,
What-If (no guidewords) hazards of inadvertent mixing, inventories,
Estimate impact on neighbors
applicable codes and standards (d)
Selected checklist for judging inherent
safety Baseline information for future PHA (e)
Baseline information for future mechanical
integrity (MI) (j)
Begin inherently safer concept
Begin leadership
Begin employee participation (c)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); Senior process engineer for the unit (or
from a similar unit); Process/design engineer from the project; Process safety specialist (if the previously listed members do not have
safety expertise)
* Letters in parentheses refer to the relevant section of the OHSA PSM Standard, 29 CFR 1910.119(_).

Table 3. Preliminary risk reviews continue into the preliminary design phase.
Project Phase: Preliminary Design
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Identify and resolve most-expensive design What-If (no guidewords) Process safety information, including
issues, including layout of plant, facility HAZOP/FMEA of selected scenarios applicable codes and standards, process
siting concerns, environmental protection flow diagram, thermal/kinetic chemistry
Layer of Protection Analysis (LOPA) of
issues, and major tie-ins information, material and energy balances,
selected scenarios
and materials of construction (d)
Facility siting basis
Begin emergency response plans and
procedures (n)
Baseline information for future PHA (e)
Baseline information for future MI (j)
Continue employee participation (c)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); Senior process engineer for the unit (or
from a similar unit); Process/design engineer from the project; Process safety specialist (if the previously listed members do not have
safety expertise)
* Letters in parentheses refer to the relevant section of the OHSA PSM Standard, 29 CFR 1910.119(_).

CEP April 2009 www.aiche.org/cep 57

Safety

Table 4. Considerations that guide risk reviews for the conceptual and preliminary design phases.
Key Concern
Inherently safe/reliable process selection
Plot location relative to other units
Size of plot areas — based on preliminary
process designs
Precise spacing between unit boundaries —
standoff distances between battery limits or
between major equipment in nearby units
Inner unit layout
Fire protection review
Ways to Address/Evaluate Key Concern
Evaluate lower-waste chemistries
Evaluate low-inventory processes
Evaluate the use of non-hazardous solvents and reagents
Evaluate low-energy reactor configurations (5)
Process opportunities — reduced pipe runs
Operating logistics — number of operators
Distance between control room and tie-in to control room
Backup contingency considerations — begin utility failure risk review
Effects from major incidents in nearby units; include consequence modeling if necessary
Begin facility siting risk review (checklist-based), if possible
Access to utilities and other support systems, sewers, etc.
Cost of real estate, site preparation
Elevation considerations
Insurance and industry spacing guidelines
Effects on nearby units
Business interruption considerations
Ease of access (begin consideration of human factors)
Operability and maintainability
Constructability and repair (consider future lifting activities for construction and repairs)
Equipment decking and layering (operators should not be expected to climb through
caged ladders to take routine process reading)
Emergency access and escape routes
Firefighting or toxic rescue capability
Placement of detectors
Strategy to protect neighbors from releases
Construction of control rooms to protect “stay-behinds”
Refer to consequence modeling if performed to address plot location concern

• select the process (inherently safe, or at least the
inherently safest design); choose lower-waste chemistries,
low-inventory processes, nonhazardous solvents and
reagents, and low-energy reactor configurations (5)
• decide on the maximum level of inherent risk (not
residual risk) that will be accepted
• establish siting and layout (consider control of
inherent risk to neighbors)
• establish grading and drainage
• establish preliminary process design
• establish circuit isolation requirements
• establish process control philosophy
• establish strategy for control of ignition sources
(electrical area classification)
• establish relief and blowdown requirements
• establish fire protection strategy.
No one cares more about controlling the risk of the
delivered process than the owner/operator. Yet the imple-
mentation of risk review methods during the early stages of
a project has been lacking in many companies — despite the
availability of guidelines (1–3) that explain how to develop
a PHA throughout a project, as well as the broad adoption of
hazard and operability (HAZOP), What-If (brainstorming),
and failure mode and effects analyses (FMEA). This is
especially true for owners who allow the primary contractor
to oversee the risk review process.
As methods for early-phase risk review have been
improved or customized, project-level risk reviews have
been performed increasingly well. Over the past 15 years,
considerable focus has been placed on inherent safety at
the initial concept phase of a new unit or process. In ad-
dition to inherent safety, inherent reliability and inherent
environmental protection are also receiving more attention
during the conceptual design phase and the preliminary
design phase (Table 3). Still, weaknesses persist among
these improved early-phase risk review practices.
Several key factors contribute to successful risk
reviews in the conceptual and preliminary phases of a

58 www.aiche.org/cep April 2009 CEP

major capital project. Table 4 presents key considerations
and methods to guide these early-phase risk reviews.
Foremost recommendations are:
Include a senior operator on the risk review team,
(not just supervisory personnel) from an existing or similar
unit, even if the person must be contracted or must travel to
attend the risk review. This policy, developed after several
accidents in the 1980s, should be a requirement for all risk
reviews — all project phases, all PHA revalidations, all
management of change (MOC) risk reviews, etc. When
this does not occur at the conceptual or preliminary design
stages, the missed considerations can lead to either a flawed
project (e.g., one with limited scope or vision) or an inher-
ently unsafe or unstable process.
Include a senior process engineer from an existing or
similar unit, even if the person must be contracted. This,
too, should apply to all risk reviews.
These two senior staff members will bring different per-
spectives to the process based on their different experiences.
Allow contingency in budget and schedule. If project
managers are placed in the uncomfortable position with
respect to changing scope, adding features, etc., the result-
ing project might be on-time and on-budget, but unsafe or
run poorly.
Never let the contractor/vendor manage the risk
review or provide the risk review leader. Typically, the
contractor’s chief concern is to deliver a project on sched-
ule for a stated price. The owner/operator should always
choose the risk review leader and should ensure that the
leader is:
• independent of the project management team
• independent of contractors/vendors
• independent of the unit/process/plant that the major
project is related to
• a fully capable PHA team leader/facilitator who is
well-trained and practiced in HAZOP, FMEA, and
What-If methods.
Force the consideration of inherently safer and/or
more reliable alternatives.
The design phases
Risk reviews in the detailed design phase (Table 5)
and the final design phase (Table 6) can consist of one to
three progressively more-detailed efforts over one to three
project phases, depending on the size of the project. As
the reviews progress, the risk review report is expanded
and becomes the initial “official” hazard review report
for the process unit (discussed in the next section). Risk
reviews during detailed design typically involve:
• using HAZOP, FMEA, and/or What-If analyses in
progressively more detail
• initiating and progressively improving (from phase
to phase) the risk review record (HAZOP tables, What-If
tables, checklists)
• maximizing inherently safer design in the selected
process — for example, tanks and piping designed to
make overflow hydraulically impossible, lower feed-
pump pressures to prevent hydraulic overpressure,
reactor conditions and recycle loops optimized to
minimize waste, manual charge stations located at the
appropriate ergonomic work height, hazardous operations
sited away from occupied areas to minimize impacts of

Table 5. Risk reviews in this phase evaluate the risk of any design modifications that have been made
or hazards that have been identified since the previous reviews.
Project Phase: Detailed-Design Risk Reviews
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Begin detailed identification of potential HAZOP/FMEA of equipment nodes, Process safety information, including
accident scenarios, primarily focused on focusing on normal (continuous) mode of applicable codes and standards, process
the normal (usually continuous) mode of operation and instrumentation diagrams (P&IDs),
operation What-If of lower-consequence and lower- revised materials of construction, safety
Begin risk assessment for scenarios with complexity systems interlocks and controls, equipment design
large residual risk basis. and some final equipment details (d)
LOPA of 1–5% of the scenarios; determine
safety integrated level (SIL), as necessary Multiple layers of protection
Detailed information for future PHA (e)
Detailed information for future MI (j)
Begin detailed emergency planning and
response (n)
Continue employee participation (c)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); Senior process engineer for the unit (or
from a similar unit); Process/design engineer from the project; Process safety specialist (if the previously listed members do not have
safety expertise)
* Letters in parentheses refer to the relevant section of the OHSA PSM Standard, 29 CFR 1910.119(_).

CEP April 2009 www.aiche.org/cep 59

Safety

Table 6. Final design phase risk reviews ensure that the occupational safety, process safety, reliability,
and operational risk issues identified in previous reviews have been resolved.
Project Phase: Final Design Risk Reviews
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Update results of previous risk review to Complete HAZOP, FMEA, or What-If for Process safety information (revisions) (d)
account for new details, identify potential nodes started in previous risk review Multiple layers of protection (revisions)
accident scenarios for nodes not previously Perform HAZOP, FMEA, What-If for nodes Revised details building toward initial
reviewed, primarily focused on normal not covered in previous risk review (due to PHA (e)
(usually continuous) mode of operation. previously missing information)
Revised data for MI, including development
Resolve most previous recommendations Begin human factors and facility siting of inspection, test, preventive maintenance
Complete risk assessment for scenarios checklist (PM) plans and populating databases (j)
with large residual risk Perform general utility failure checklist Begin detailed consideration of human
LOPA of 1–5% of the scenarios; determine factors
SIL, as necessary Data and recommendations for developing
operating and maintenance procedures (f, j)
Continue employee participation (c)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); Senior process engineer for the unit (or
from a similar unit); Process/design engineer from the project; Process safety specialist (if the previously listed members do not have
safety expertise)
* Letters in parentheses refer to the relevant section of the OHSA PSM Standard, 29 CFR 1910.119(_).

possible explosions, tanks designed to withstand maxi-
mum possible pressure, etc. (5)
• conducting a final review of equipment, ventilation,
containment, and environmental safeguards, including
instrumentation, interlocks, fail-safe decisions, detailed
layouts, and fire protection provisions
• performing a human factors risk review (checklist-based)
• continuing the facility siting risk review (checklist-
and modeling-based)
• applying layers of protection analysis (LOPA) to
complex risk scenarios, and also to define safety instru-
mented systems needs.
As shown in Table 5, the reviews during detailed engi-
neering will evaluate the risk of any design modifications
that have been made or hazards that have been identified
since the previous reviews. This includes ensuring that the
occupational safety, process safety, reliability, and opera-
tional risk issues identified in previous reviews have been
resolved in the final detailed design.
The most senior operator and process engineers should
continue to actively participate on the risk review team.
Catch design problems before they create operational
traps. This is the goal through all of the risk reviews for a
new process unit, but the detailed design phase is the most
effective time to detect and eliminate such problems. To
accomplish this, equal focus must be given to hazards and
operability/quality issues. Look for ways to keep the final
process easy to operate and easy to maintain online, and
ways to avoid process upsets.
Two-thirds of accidents occur during nonroutine modes of
operation, so by avoiding deviations from the norm, the plant’s
Inadequate risk review of nonroutine
modes of operation (which should be analyzed
by applying HAZOP or What-If to procedural
steps) is the most frequently observed
weakness in the project risk review cycle.
exposures to these higher risk modes of operation are reduced.
Write operating procedures designed to control risks.
After the risk reviews are complete, the next important step
in controlling risk before startup is developing the written
procedures for operations, maintenance, troubleshooting,
and emergencies. The data needed for writing procedures
is typically generated by the end of the final design phase
(detailed in Table 6), and it is finalized as the project
moves into the commissioning phase.
Write the procedures — the correct instruction for
each step, in the correct sequence — and properly format
the instructions to reduce the chance of someone mak-
ing an error when following the procedures. References
for drafting, formatting, and validating procedures using
subject matter experts (SMEs) are available (6). Correctly
done, these written procedures will become the basis for
the initial training of the new unit’s operators and serve as
a refresher for staff over the long-term. This, in turn, will
help control (but never eliminate) the human-error compo-
nent of process safety risk.
Pre-commissioning and commissioning
The commissioning phase risk review (Table 7)
continues to build upon the previous risk reviews. As

60 www.aiche.org/cep April 2009 CEP

the equipment design is completed and fabrication and
construction start, initial staff training begins, using the
operating procedures discussed above. The pre-commis-
sioning risk review should begin 4–6 weeks prior to the
startup of a new facility, or even a bit earlier if possible.
The key consideration for this project phase is to complete
the risk review of nonroutine modes of operations — to ensure
that hazards due to human error in association with the process
design have been identified. The risk reviews up to this point
will not have covered these modes of operation very well.
This review can be performed using a full eight-guideword
HAZOP, a streamlined two-guideword approach, or the What-
If method (which does not use guidewords). These techniques
are explained in Refs. 7 and 8, as well as in other resources.
Article continues on next page

Table 7. This phase review builds upon the previous reviews, and also serves as the “initial PHA” for the process.
Project Phase: Commissioning Phase Risk Reviews
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Conduct full hazard/risk review of operating HAZOP or What-If of operating procedures Process safety information (revisions) (d)
procedures to control risk of errors during (choose method based on hazard and Multiple layers of protection (revisions)
startup, shutdown, emergency shutdown, complexity of each task)
Complete the initial PHA (e)
and other nonroutine modes of operation Complete HAZOP, FMEA, or What-If for
Revise MI plans, procedures, and
Close out previous risk review issues nodes started in previous risk reviews
database (j)
(from earlier phases of the project) and Perform HAZOP, FMEA, or What-If for
complete the human factors and facility Complete detailed consideration of human
nodes not covered in previous risk reviews
siting checklists factors
LOPA of 1–5% of the scenarios; determine
This risk review serves as the “Initial PHA” Continue employee participation (c)
SIL, as necessary
of the process Complete development of emergency
Complete human factors and facility siting
planning and response procedures (n)
checklists
Complete operating procedures (f)
Complete initial training (g, j, h)
Develop remaining elements of PSM,
including management of change (MOC)
procedures and incident reporting and
investigation system (l, m)
Conduct initial pre-startup safety review
(PSSR) (i)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); New/junior operator for the unit; Senior
process engineer for the unit (or from a similar unit); Process/design engineer from the project; Process safety specialist (if the previously
listed members do not have safety expertise)

Table 8. This review helps to weed out hazards that may have been missed earlier, and can serve as
the first PHA revalidation for the new unit.
Project Phase: Post-Startup Phase Risk Reviews
Goals of Risk Review Risk Review Methodology Key PSM Elements*
Conducted 3–6 mo after startup; similar to Audit of MOCs (and P&IDs and SOPs) since Initial PHA Revalidation (completed much
the revalidations that will be done in the fu- “Initial PHA” (since commissioning risk earlier than the required 5–yr cycle) (e)
ture, but with the goal of compensating for review) to ensure nothing has been missed MOC (l)
weaknesses in MOC process at the initial by MOC
Incident investigation (for lessons learned in
startup of the new unit/process HAZOP or What-If of missed or poorly first 3–6 mo) (m)
reviewed changes
Update PHA for the entire set of changes
(look at the whole picture for effects of all
changes)
Close any pending recommendations
(if possible)
Risk Review Team Members: Leader; Scribe; Senior operator for the unit (or from a similar unit); New/junior operator for the unit; Senior
process engineer for the unit (or from a similar unit); Process/design engineer from the project; Possibly project/design engineer (for
quality assurance of project).
* Letters in parentheses refer to the relevant section of the OHSA PSM Standard, 29 CFR 1910.119 (_).

CEP April 2009 www.aiche.org/cep 61

Safety

During this final risk

review before startup, the How Many Risk Reviews are Needed?
project team must also The number of risk reviews required for any major capital project will depend on project
ensure that all of the PSM size, process complexity, and process risk/hazard.
requirements for the initial Example 1 is a large process with 250 nodes of equipment (vessels, columns, fired
PHAs have been met. If all heaters, lines/exchanger circuits, etc.), that handle hazardous chemicals. The installed
preceding risk reviews have cost is more than $100 million, and the project spans two or more years. As is typical for
this size process, the operating and maintenance procedures are complex — high pres-
followed the guidelines for
sures and temperatures, and complex controls. About five risk reviews are needed before
controlling risk at each project the plant is fully commissioned.
phase, meeting the initial
PHA requirements will not
Conceptual Preliminary Detailed Construction Pre-Startup Total
entail a tremendous amount
Meeting 1 wk 3 wk 5 wk 3 wk 3 wk 15 wk
of additional effort, other than
Time
the risk review of nonroutine
modes of operation. Team Size 8 8 8 6 6
This pre-commissioning Total Staff 164 1,152 2,120 864 984 5,284
risk review should not be Hours
confused with the pre-startup Cumulative 2 mo 6 mo 14 mo 18 mo 22 mo 24–30
safety review (PSSR), the Schedule mo
purpose of which is to validate Focus Plot plans, Cursory HAZOP, Rigorous Changes SOP hazard
that the process design and process options, FMEA, and WI; HAZOP, since previous review and
tie-in options, start checklists FMEA, and review; finish changes
specifications have been met. (What-If [WI] and WI; finish checklist since previ-
This final risk review some modeling) checklists ous review
before startup consists of:
• evaluating changes made
during construction, to ensure Example 2 is a small process — Detailed Pre-Startup Total
that no new hazards have been 10 nodes of equipment handling low-
Meeting 2 days 2 days 4 days
added since the last hazard hazard material (i.e., rock/ore), less
Time
review; high priority is given than $100 million of installed cost,
1 yr of project time, and relatively Team Size 10 10
to detecting details that may
simple operating and maintenance Total Staff 218 202 419
have been overlooked, and procedures (e.g., conveying of iron ore Hours
plans to cope with operating from a port to a steel plant). Only two
emergencies that might arise Cumulative 3 mo 9 mo 10–11
low-intensity risk reviews are needed
Schedule mo
• maximizing inherently for this process.
safer design in the selected Focus Rigorous SOP hazard
WI, some review and
process, such as planning for FMEA; start changes
rework of the initial product (5) checklists since previ-
• completing reviews for ous review
facility siting and access issues
• completing the review
for human factors issues close the PSSR (which is not part of the risk review, but
• HAZOP or What-If analysis of startup, shutdown, is part of PSM in general), and finalize the initial PHA
emergency shutdown, and online maintenance procedures. report for the new unit. Typically, the plant MOC system
More than just another validation of procedures, begins to take control of new risks after the pre-commis-
this review ensures that there are adequate safeguards sioning risk review meeting is closed.
(hardware, interlocks, safety integrity level [SIL], etc.) There are, of course, many deliverables from the
to offset the errors of skipped or incorrectly performed project team, among them the finished equipment,
steps. Human errors will occur, it is just a matter of operating and maintenance procedures, populated data-
when (7). bases for mechanical integrity (MI), and process safety
After this risk review, the project team can proceed to information (i.e., files of all necessary design bases for
close recommendations, decide which (if any) of the rec- relief valves, completed drawings, complete equipment
ommendations can be deferred until after initial startup, files, etc.).

62 www.aiche.org/cep April 2009 CEP

Post-startup
Many companies require a final risk review related to
a new process unit about three to six months after startup
(Table 8). This practice was implemented when managers
realized that the MOC system often becomes overwhelmed
by the magnitude of changes necessary in the final push to
start up a new unit. To avoid missing a key risk factor, it
is wise to schedule a post-startup (9) risk review — which
can also serve as the first PHA revalidation for the new
process unit.
In summary
For new process units, there may be only one opportu-
nity to adequately assess and manage risk — and that
is during the project phases before startup. Sound indus-
try practices exist to manage the risk of the final process
operation during a major capital project, but unfortu-
nately, many have not learned these lessons. The renewed
focus on designing inherently safer and more reliable pro-
cesses, and on controlling risk during nonroutine modes
of operation, may not have migrated to some companies’
project control systems.
The most important factors related to controlling risk
dur ing the design and startup of a new process unit are:
• effective company leadership and effective project
management — where the primary goal is an efficient
operating unit (emphasizing long-term process reliability
and safety) over the secondary goal of bringing in the
project on-schedule and on-budget
WILLIAM (BILL) G. BRIDGES is president of Process Improvement Institute
(PII; Knoxville, TN; E-mail: wbridges@piii.com). He has more than
30 years of chemical industry experience in process engineering,
process/product development, management, safety evaluation, and
operations. An authority on process safety engineering, risk manage-
ment, and human error prevention, he has helped many companies in
the petroleum, petrochemical, plastic and process industries develop,
implement and assess PSM and risk management programs. He has
led more than 250 large process hazard analyses (PHAs) — from
conceptual design through pre-commissioning — delivering PSM at
completion. He has taught safety courses on PHA and HAZOP leader-
ship, incident investigation and root-cause analysis, and management
of change (MOC). He has BS and MS degrees in chemical engineering
from the Univ. of Akron.
REVONDA TEW is a senior instructor for PII (rtewe@piii.com), with more
than 15 years of chemical industry experience in process develop-
ment, process engineering, and process safety management and
evaluation. She has experience leading and documenting PHAs and
PHA revalidations, MOC risk reviews, investigations, and PSM audits.
She has also developed training materials for topics such as MOC,
PHA leadership, and PSM auditing, and she is a co-instructor for
these topics and for incident investigation. She has experience with
both community relations and crisis management, and is currently
involved in local emergency planning committee (LEPC) activities.
She has a BS in chemical engineering from North Carolina State
Univ. and an MBA from the Univ. of North Carolina’s Kenan-Flagler
Business School.
• risk review teams that include experienced opera-
tors and experienced process engineers from the start of
the project
• the development and application of PSM elements
at each project phase to better design for process safety
• operating, maintenance, and lab procedures de-
veloped by subject matter experts and subjected to risk
reviews to ensure that there are sufficient safeguards to
protect the new process when imperfect humans fail to
follow the procedures perfectly.
The ultimate deliverable from the project team (in
cluding the risk review teams) is a process and related
procedures that will sustainably control human error dur-
ing all modes of operation. The project team cannot ensure
that these safeguards will stay in place over the long term,
but anticipating and controlling human error at each phase
of a project by following the steps outlined here will be a
good start toward the control of human error — and
therefore the control of accidental losses. CEP
Literature Cited
1. Center for Chemical Process Safety, “Plant Guidelines for
Technical Management of Chemical Process Safety,” American
Institute of Chemical Engineers, New York, NY (1991).
2. McGrath, P. F., “Using Qualitative Methods to Manage Risk,”
AIChE Center for Chemical Process Safety, New York, NY
(1989).
3. Center for Chemical Process Safety, “Risk Management on
a Major Facility Expansion,” American Institute of Chemical
Engineers, New York, NY (2001).
4. U.S. Occupational Safety and Health Administration,
“Process Safety Management of Highly Hazardous Chemicals,”
29 CFR 1910.119, OSHA, Washington, DC.
5. Berger, S., et al., “A Cost and Time-Efficient Framework for
Inherent Safety and Pollution Prevention during Process
Development and Engineering,” AIChE Center for Chemical
Process Safety, New York, NY (1996).
6. Bridges, W., et al, “Create Effective Safety Procedures and
Operating Manuals,” Chem. Eng. Progress, 93 (12), pp. 23–37
(Dec. 1997).
7. Bridges, W., et al, “Include Human Errors in Process Hazard
Analyses,” Chem. Eng. Progress, 90 (5), pp. 74–82
(May 1994).
8. Center for Chemical Process Safety, “CCPS Guidelines for
Hazard Evaluation Procedures,” American Institute of Chemical
Engineers, New York, NY (2008)
9. Frank, W. L., and D. K. Whittle, “Revalidating Process
Hazard Analyses,” AIChE Center for Chemical Process Safety,
New York, NY (2001).
Further Reading
Kletz, T. A., “Inherently Safer Design Achievements and
Prospects,” AIChE Center for Chemical Process Safety,
New York, NY (1996).
CEP April 2009 www.aiche.org/cep 63