A hazard scenario-based, drill-down audit can uncover systematic issues brewing beneath the surface not often uncovered from a traditional compliance audit. This methodology exposes the pain points and, most importantly, the sources of those points by digging deep into the management system processes around Process Hazard Analysis (PHA)/Layer of Protection Analysis (LOPA), Process Safety Information (PSI), Mechanical Integrity, Operating Procedures, and Management of Change (MOC). The audit findings provide a basis for revising the work flow to achieve the risk management objectives.
A drill-down audit focuses on a trail that begins with the PHA/LOPA and the credited Independent Protection Layers (safeguards), then drills down through the management systems to ensure their integrity. It checks the health of communications and data exchanged at the interfaces of the processes and the people.
This approach provides visibility – and proof – into whether the information in the PHA/LOPA has been fully integrated into the process safety lifecycle. The audit methodology validates IPLs (Independent Protection Layers) are embedded in an organization’s operating discipline, meet all defined criteria, are inspected and tested, and are functioning as intended.
The following are examples of a drill down audit trail for an Alarm IPL:
A review of the PHA/LOPA should verify the operator, alarm sensor, and final elements used by the operator are independent of the Initiating Event and other IPLs for the scenario.
A review of PSI would confirm alarm sensors are maintained on the critical IPL list and on the piping and instrumentation diagram; sensor data sheet and final elements are in place; and the basis for the Probability of Failure on Demand is well documented.
Review of the mechanical integrity information should verify calibration and proof test procedures are available; testing, calibration and inspections are scheduled at a routine frequency; and calibration and proof test records are reviewed, actioned if required, and maintained. The auditor interviews maintenance employees to see if they recognize the criticality of the alarm loop, it’s inspection and reliability.
The auditor must confirm the alarm, along with consequences of deviation, intended operator action, and specific parameters/authorization for bypass of the alarm are documented in the appropriate operating procedures.
The auditor confirms that the operator is formally trained on the alarm and the intended actions, but most importantly interviews operators to check their experience and intended action in the event they get an alarm.
Much like a standard compliance audit, the auditor will also need to track a MOC to determine if changes to the alarms credited as IPLs are managed appropriately.
Finally, the auditor needs to check the security of the IPL; its access control and with increasing emphasis it’s cyber security.
Ultimately, organization’s need to ensure their hazardous processes are being operated within accepted risk tolerance and have a sense of assurance they are effectively managing their risks, identifying pain points, and relieving any undue pressure.