Risk Based Inspection - Setting Risk Targets
The question of how to set risk targets is a logical one and should be addressed prior to or in the very early stages of RBI implementation. This article will guide readers through the basic elements required to address this question within an organization, as all companies do not have the same risk philosophy and can adapt these elements to fit their own. Although this article covers information that must be addressed for any RBI program, it is not an all-encompassing article on how to implement and maintain an RBI program. For more information on RBI, visit Inspectioneering.com. The website contains more than 30 articles on the subject that were printed throughout the last 17 years and cover nearly every aspect of RBI. Readers may also visit the Inspectioneering Discussion Forum and the Inspectioneering LinkedIn Group for further discussion on RBI topics.
What is Risk?
BusinesssDictionary.com defines risk as “[a] probability or threat of a damage, injury, liability, loss, or other negative occurrence that is caused by external or internal vulnerabilities, and that may be neutralized through preemptive action.” 
With this said, we can all agree that risk is something we live with every day. Taking this further, we would all probably agree that risk is present constantly, in one form or another. It is impossible to remove all risks but we can remove some and mitigate others. Prudence and reality would have us prioritize our risks and concentrate our attention and resources on those that present the highest potential losses or consequences. The challenge in doing this, and an issue I will address later, lies with the difficulty in establishing criteria that adequately defines risk and encompasses everything that should be included in a definition of loss. Logically, the next step is to begin grappling with the criteria for acceptable loss. Of course, certain losses are not considered “acceptable,” but they are a part of life. For our purposes, some of these losses are inherent and considered part of doing business.
In RBI and other terms, a typical and simple way to express risk is:
- Consequence of Failure (COF) x Probability of Failure (POF) = Risk
For risk based inspection, the type of risk we identify and manage is relative risk. Allow me to put this in non-technical, albeit unusual terms. Consider the probability, over the course of an average life span, that you may die from one of the scenarios shown above.
While in terms of actual occurrences one might think these POF (or POD) numbers are absolute, depending upon the year. When doing research for this article I did not find any two tables that matched in any of the statistics, but suffice it to say, they were similar in orders of magnitude. There was a lot to consider regarding the populations that the statistics were based upon, e.g. one country versus the entire world, male versus female or both, etc. The better or more accurate our models become, the more we understand the uncertainties and the more we are provided the tools to lessen the uncertainties in our predictions. This brings up an important point. The industries are awash in data. What we need is to better understand how to interpret, organize, and use the data effectively. This requires shifting some of the energy and efforts used on data collecting to the pursuit of better understanding the data we already have.
The statistics mentioned in the previous table are lagging indicators. That is, they represent a specified period in history that we can learn from, if we wish. If one were building and algorithm to calculate the probabilities of contracting a disease or falling victim to a life-ending event, such as those above, it would be important to have a well-rounded and realistic understanding of all of the factors and dynamics that could contribute to death for the chosen demographics and setting. For example, would the best data be collected from all of humanity or just developed countries or perhaps countries north of the equator, and so on. This type of analysis should be performed if one were trying to be proactive in avoiding or mitigating the probabilities and consequences of the event. Automobiles also make a great example; where most are now equipped with standard and premium safety devices such as anti-lock brakes, air bags, seat belts, crush zones, etc. These are all meant to limit or mitigate the consequences and probabilities of injury and/ or accident.
At the outset of using RBI, it is important to identify the adverse outcomes of interest, as this will have a bearing on the type of RBI models used. For example, undesirable events in API RBI, based on API RP 581, typically revolve around loss of containment of the process fluid but could also include some degree of loss of functionality. Example negative consequences include but are not limited to:
- Death or injury (e.g. blunt trauma, toxic exposure, burns)
- Damage to the environment (and associated costs such as remediation)
- Production loss (anticipated downtown is a major factor multiplied times the monies lost, typically per day)
- Equipment damage (often calculated considering the outcome effects, e.g. pressure wave or heat exposure)
- Brand damage or loss of reputation (how much income will be lost as a result)
- Cost of lost or leaked material
- Trays upset and percentage of lost mass transfer capacity
- Leaking heat exchanger tubes, leading to a percentage loss of throughput due to shutting down the subsystem associated with that heat exchanger
The specific financial numbers and other metrics associated with the above would vary depending on the situation. Keep in mind that RBI is about relative risk, so even the financial numbers are not as accurate as what a full RMP type of approach would yield. Note that in the cases of bullets 7 & 8, there is no loss of containment. While not common, it should be noted that there may be some heat exchangers, especially in high-pressure systems like hydrotreaters, where tube-side pressures exceed shell pressures. These are special cases where loss of containment, in the case of a leaking tube, should garner serious attention. There are rules and methodologies for handling these types of systems that often involve special pressure relief considerations.
So, you can see that it is important to build credible, effective models with credible, properly vetted algorithms, in order to calculate the probabilities of the occurrence of an event. The models should be built by teams that fully understand the dynamics of failure occurrence. The POF side of the risk equation would include but not be limited to:
- Corrosion/materials/metallurgical engineer familiar experienced in the particular process
- Inspector or inspection engineer familiar with the unit
- Operations person familiar with the operating practices and history of the unit (this is where operating NOT according to design and other operations related anomalies are identified) and future likely operating practices
- Process engineer familiar with the process and planned future operating practices
- RBI expert that is intimately familiar with the technology algorithms and sensitivity weightings of inputs and outputs
Experience has shown me that, in the absence of an experienced operations person, or experienced process engineer, a very good, experienced corrosion/materials/metallurgical engineer with experience in that particular process is a tremendous asset and essential to a credible RBI program. They understand the deterioration dynamics, including subtle, yet important nuances and can extract this information from operations, inspection, etc.
Why are you doing RBI?
Prior to beginning a program, any organization considering RBI implementation must first understand its reason for utilizing RBI. As always, the motives for beginning a program are key to direction, consistency, trust, sustainability, team cohesion, and overall success of RBI. Having a good grasp on your motives helps you:
- Better focus resources
- Identify areas of vulnerability within an environment in a constant state of flux
- Better manage equipment reliability with a limited budget
- Remove equipment from the TAR list
- Find justification to perform on-stream inspections instead of internal inspections
- Optimally manage risks
Editor’s note: RBI should never be utilized as a means to cut corners or solely to reduce cost. Points such as those exemplified by bullets 4 and 5 should not be the primary objectives of implementing RBI but rather are possible results of a responsibly planned and run risk management program.
When using RBI to manage risks, the amount of scatter contained in the calculation should be understood. It is important that any assumptions are vetted properly and the amount of scatter the assumptions introduce be appreciated. The assumptions must also be properly documented. You will be revisiting those items containing assumptions later as their risk increases over time due to increased POF or COF. When approaching its risk threshold, the piece of equipment in question must be dealt with in a manner to mitigate the risk to an acceptable level. It will be important to identify and understand the risk drivers causing the increased risk. Often times, the increased risk will be related to an assumption the team used, which by intent, is reasonably conservative, pointing out the importance of a knowledgeable team. This point emphasizes the importance of a team knowing whether, all things considered, the assumption is reasonably conservative.
Understanding and Managing Uncertainty
Figure 1. Uncertainty - Confidence Model
The uncertainty model above (figure 1) illustrates the importance in understanding the impact of uncertainty in risk modeling. Anything above the horizontal “absolute certainty” line is conservative, i.e. the higher the position in the model, the more conservative. Examples of this might be:
- In the absence of measured data or where operations are erratic or inconsistent, the highly experienced and qualified team vets and uses a conservative corrosion rate or cracking susceptibility (document this as an assumption and document the logic to comply with API RP 580, for posterity).
- In the absence of inspection history or data validation, (for instance, if parts of the unit are insulated and parts are not and there is no documented external visual inspection history) one may opt to assume that all equipment is insulated, that all of the insulation is of the type that would have the most “wicking” and is in poor condition, and that coatings are nonexistent or failed. This should produce conservative results. Since a consistent approach is used, which is vital for RBI as based on relative risk, one can compare the various pieces of equipment to determine where to look first, second, third, etc. and if insulation conditions matter at all for some of the equipment.
Figure 2. Traditional Company Risk Matrix for Non-RBI Decision Making
Your RBI methodology, technology, and working processes should produce results that are in the top half, or conservative side of the “absolute certainty” line in the model above, regardless of the fact that it is infrequent that we know the exact condition of a piece of equipment with absolute certainty.
The area below the horizontal “absolute certainty” line represents things such as:
- Erroneous or inaccurate data, including wrong materials of construction, bad operating information, e.g. inaccurate H2S or Chloride levels, wrong temperatures, etc., inaccurate construction drawings, or inaccurate PWHT information.
- Decisions made by unqualified, inexperienced people. As an example, I once heard of an RBI attempted on a FCCU with the corrosion engineer only having experience on turbines used in the nuclear power industry (fortunately the owner cancelled this project before it progressed too far). Other examples of this include corrosion engineers that lack adequate experience or inconsistent grading of past inspection effectiveness.
- Poor fabrication practices that are not found or accounted for in the RBI process.
- Bad financial consequence information where financial consequences are a desired output.
- A lack of consistency in the RBI process (usually because there is not a good procedure in place, nor a good site RBI team leader and a lack of team consistency).
- A combination of 1 and 2 above where an experienced corrosion engineer was not used. For example, imagine the person leading the effort looked at the corrosion rate calculated by the inspection database management program and saw that it was 0.003” per year. He thought he was being conservative by assigning 0.006” per year for the equipment in this circuit. However, if he had looked at the operating conditions and materials of construction and compared them to readily available industry McConomy curves (which were applicable in this instance), he would have seen a predicted corrosion rate of 0.026” per year, or 8 1⁄2 times what was used. This is a big concern in industry, but most inspection engineers realize that field thickness readings used to calculate corrosion rates in inspection database management programs can have high accuracy scatter rates and should always be scrutinized and questioned. Which begs the question, how much effort have you put into your TML (a subset of CMLs) QA/ QC program to control and understand the accuracy of your readings?
As I often point out to students in the API RP 580/581 course:
RBI is largely about how much confidence one needs to have in what one believes to be the true damage state of the equipment. This “needs to have” is dictated by the risk number or risk value versus the risk target. Often times, but not always, one can live with a higher corrosion rate, for example, early in the life of a relatively thick-walled vessel. As the wall is consumed and damage accumulation increases, it becomes increasingly important to pay more attention to managing this equipment. Ideally, one would use the RBI process to determine time required for getting more accurate and perhaps precise data (especially where assumptions are driving the risk), retirement, or if justified, a Fitness for Service (FFS) analysis. One could also use the process to determine the necessity of a design modification, e.g. installing a liner, a process change, etc., or in other words, something to mitigate the POF and risk.
Establishing and Wrestling with RBI Risk Thresholds
At this point, I hope it is apparent that you should clearly define your motives prior to implementation of RBI. A firm grasp on motives provides you with direction and increases the likelihood of a successful RBI program. Now for the easy part, setting risk thresholds.
Setting risk thresholds begins with first determining your current risk. You can identify current risk by running a RBI analysis. The results of your first RBI analysis should include credits for past inspections and will be indicative of past and current practices and in turn will provide you with your current risk.
Next we will calculate the resulting risk by implementing the inspection strategies as if you were running a traditional API 510/570 program, and not a RBI based program. The resulting risk will be projected at the end of the next turnaround cycle. I suggest you also assemble all of the cost data associated with your current, traditional practices/program as projected over the next turnaround period, for the sake of this example we will use four years. To reiterate, the cost data and inspection strategies should come from your current program, not using RBI.
For this comparison example, we must assume that the inspection findings from the analysis after those four years do not yield many, if any, surprises. In other words, assume the results are as they would be at the end of the four-year period. Now compare the results from this analysis to your current risks, which were found after running your first RBI analysis. Did the overall risk go up or down?
At this stage, for comparison, you may also want to normalize the RBI risk output with your corporate risk matrix. This may be due to a desire to use your corporate guidelines as your risk target or threshold or at least understand how they relate to one another.
You now have the information needed to establish risk thresholds, but I would suggest not stopping here. There is still more to learn prior to making a decision.
Are you happy with your current level of risk, or do you want to incrementally drive it downward? Hopefully this exercise will have exposed any areas of vulnerability that were not evident before performing the risk analysis.
If your approach contains metrics that are similar to API RP 581 ($$/year or sq. ft. of risk/year), you can derive further value from RBI process and technology. The extra value comes from applying RBI recommendations to the previous model, instead of your “traditional” approach and comparing the RBI results to those of the traditional strategy. One can then compare the costs versus the units of risk reduction for any case or the entire program. See figure entitled RBI Versus Traditional Inspection Plan.
Now that you have the RBI and traditional inspection program risk results, you should compare the risk differences. In API RBI the risk metric is expressed in either risk in square feet (or meters) per year for a unit (see figure RBI Versus Traditional Inspection Plan below) for each piece of equipment or component, or it may be expressed in dollars per year. Compare this amount to the amount of money it takes to implement the traditional inspection strategies/program. This comparison will yield a percentage of risk reduction per dollar spent for your program and equipment strategies.
Figure 3. RBI vs. Traditional Inspection Plan -- This figure represents the risk profile of 220 pieces of equipment in a refinery processing unit over a 4 year period. The blue curve represents the risk profile of the equipment with a traditional API 510/570 inspection program implemented. Note the abrupt peaks. These are areas of vulnerability that would not have been managed properly. The green curve represents the risk profile for the same equipment with an inspection program based on API RBI RP 581 over the same period of time. The relative metric used to produce the comparison is risk in square feet per year. There was no additional cost incurred to implement the RBI program and risk was substantially reduced over a four year period. These leading indicators show that implementation of the RBI strategy would drive the risk down for this unit. The RBI analysis also pointed out the high risk equipment that had not been identified as such before and clearly indicated the risk drivers for mitigation and provided the metrics to evaluate options for risk management.
As one example of using the metrics: assume a B level of inspection effectiveness for detection of HIC/SOHIC is required to satisfy the risk target criteria. Create cases or “what if” for each scenario, such as an on-stream external strategy versus an internal inspection strategy, and compare the costs to achieve the same risk reduction.
Using Damage Factor Targets
For each equipment item in API RP 581 technology, individual damage factors are calculated for each damage type, e.g. thinning, cracking, etc. for that piece of equipment. After this, an overall cumulative damage factor is created for each piece of equipment. This number represents the overall relative damage state or condition of the equipment. The number also represents the combined considerations of things that affect POF, e.g. remaining thickness, materials properties, ductile overload calculations, code calculated T-mins, corrosion allowance, past inspection findings, etc., as an indication of the component’s or equipment’s projected ability to contain the fluid and pressure. Using just the cumulative damage factor targets can help for various cases, including:
- Some processes carry inherently higher risk than others, such as toxic fluids. Usually this risk is primarily driven by COF. In these cases, especially where the equipment degradation rates are extremely low or negligible. You may want to use an isolated cumulative damage factor as your target instead of risk. For example, you may determine that appropriate inspection action should be taken when accumulated damage begins to float up to a more conservative predetermined point or threshold, unless, of course, some other trigger enacts an RBI related action. (Examples such as these should be explained in your corporate RBI best practice as a “how to do” in your site procedure.) The equipment in question may inherently have a higher risk than your risk target. In this case, you would use the damage factor target to trigger an inspection related event. This logic should be covered in your procedure in order to avoid these instances from being classified as deviations.
- Nuisance leaks represent another case where cumulative damage factors may prove helpful. Where the health and safety consequences of failure are low, e.g. certain heat exchanger shells with cooling tower water on the shell side, you could have a leak that may not carry high safety consequences but should not be tolerated indefinitely. In these cases you may decide to take action before reaching the risk threshold and base that trigger purely on damage state. Cumulative damage factors can help in making better inspection/repair decisions.
In closing I will leave you with a few important reminders:
It is extremely important that probability, consequence, and risk models be reviewed and vetted by owner/operators that are experts in the specific areas of RBI modeling. This helps to make sure that the right questions are being asked and important aspects are not ignored which, in turn, will result in models with credible results.
It is also important that the RBI team have sufficient expertise (combined experience and knowledge) to vet any assumptions and ensure that they are reasonably conservative.
Finally, keep in mind that RBI uses relative risk, which makes consistency in your RBI process vitally important. Relative risk applies to RBI as it is revisited for various units and equipment in the updating and evergreening process and as it is implemented across an entire plant from unit to unit. This also applies to comparison of risk results across a corporation. Please send any questions or comments on this article or ideas for future articles to me at email@example.com.