and delimitation on a high level, leaving a more detailed description to a later stage. Aspects of the study object that need to be considered include the following:
The boundaries and interfaces with related systems, both physical and functional.
Interactions and constraints with respect to factors outside the boundary of the study object.
Technical, human, and organizational aspects that are relevant.
The environmental conditions.
The energy, materials, and information flowing across boundaries (input to and output from the study object).
The functions that are performed by the study object.
The operating conditions to be covered by the risk assessment and any relevant limitations.
In many risk assessments, it is difficult to delimit the study object and to decide which assumptions and conditions that apply. What should be covered in the risk assessment, and what can be disregarded? In the first steps of a risk assessment, the objective should be to establish a picture of the most important risk issues related to the study object. Later on, the risk assessment may be extended to cover specific parts of the study object under special conditions.
In most cases, the study object must be divided into reasonable parts for analysis. Depending on how complicated the study object is, these parts may be subsystems, assemblies, subassemblies, and components. A numerical coding system corresponding to the system breakdown should be established, such that each part is given a unique number. In the offshore oil and gas industry, this system is usually called the tag number system.
Several methods are available for system breakdown. It is most common to use some sort of hierarchical structure. In some cases, it is most relevant to focus on functions or processes, whereas in others, the focus is on the physical elements of the system. System breakdown methods are discussed further in Chapter 11 and onwards when different methods are discussed. The study object is studied further in Chapter 4.
3.2.2.2 Step 2.2: Provide Documentation and Drawings
A lot of information about the study object is required, in particular for detailed analyses. Information sources of interest may include (e.g. see IAEA 2002):
System layout drawings, including the relation to other systems and assets.
System flow, logic, and control diagrams.
Descriptions of normal and possible abnormal operations of the study object.
Inventories of hazardous materials.
Operation procedures and operator training material.
Testing and maintenance procedures.
Emergency procedures.
Previous risk assessments of the same or similar systems
Descriptions of engineered safety systems (barriers) and safety support systems, including reliability assessments.
Description of previous hazardous events and accidents in the study object.
Feedback from experience with similar systems.
Environmental impact assessments (if relevant).
The document control system fills an important role in keeping track of all the documentation that is used as input to the risk assessment. In system development projects, the design is developing continuously, and it is important to know which versions of documents have been used as basis for the analysis.
3.2.2.3 Step 2.3: Familiarization
When the study team has been established, it is important that the team members have access to all relevant information and documentation so they can become familiar with the study object and its operating context. As part of the familiarization, it may be necessary to revisit the previous substep:
More information may be required because the delimitations of the study object are extended or because the information is incomplete.
Details may be insufficient and have to be supplemented.
There may be discrepancies in the documentation.
Part of the information may be unclear and open for interpretation and needs to be discussed with designers/operators.
3.2.2.4 Step 2.4: Select Method
A number of analytical methods have been developed for risk analysis. Many factors influence the choice of methods, some of which are as aforementioned:
In general, we need to choose a method that gives the answers required for the decisions to be made. This means that we need to understand the problem and the decisions to choose method.
If several alternative methods are available, we will usually choose the method that requires least work.
The acceptance criteria may determine which methods can be used. If quantitative criteria are given, quantitative methods must be used. If we do not have quantitative criteria, qualitative methods usually suffice.
Methods have been developed for special types of systems and for special types of problems. We, therefore, need to consider the system and problem type before choosing which method to apply.
If limited information about the study object is available, it may be more relevant to choose a coarse method than a detailed method. In early project phases, coarse methods are therefore often used, switching to more detailed methods later in the project.
Consider the availability of data before choosing method. If no or little quantitative input data are available, performing a quantitative analysis may not be possible.
Usually, there are time constraints on when the results need to be ready. This may place constraints on which method to choose.
The size and how complicated the study object is, will influence the choice of method.
There may be authority requirements, and/or relevant guidelines and standards that impose requirements and constraints on how the risk assessment should be performed.
An overview of the most relevant methods is given in Table 3.1 , together with an indication of the phase(s) of a system's life in which they are suitable.
Table 3.1 Applicability of analysis methods in the various phases of a system's life.
| Method (chapter) | Early design | Design |
|
