Gå til hovedinnhold

Report following the audit of Exxon Mobil’s use of quantitative risk analyses

The Petroleum Safety Authority Norway (PSA) has conducted an audit of ExxonMobil E&P Norway’s use of quantitative risk analyses (TRA/QRA). Several items with room for improvement were identified.

The audit activity was conducted in the form of a meeting held on 23 June 2009. At the meeting, ExxonMobil E&P Norway (EM) presented their work on risk analyses and the audit team had the opportunity to ask for verifications and to pose questions to relevant personnel.

The HSE regulations are function-based and presuppose that the players identify, analyse, assess and handle risks represented in the activity, and that one aims to find solutions that pose the least possible risk.

Preparing appropriate quantitative risk analyses and implementing, using and following them up in a systematic and traceable manner constitutes an important contribution to risk management in all phases of a facility’s life.

The main regulatory requirements for the activity are laid down in Section 15 of the Management Regulations relating to quantitative risk analyses. Other relevant requirements are stipulated in Chapters I, II, IV and V of the same and in Section 9 of the Framework Regulations relating to risk reduction principles.

The objective of the audit was to assess whether EM has established internal requirements and work processes which ensure that the assumptions, conditions, limitations and recommendations of the risk analyses are fulfilled.

In our notification letter we asked to be presented with EM’s requirements and guidelines, including practical examples and experiences acquired from their own facilities on the Norwegian Shelf.

Furthermore, we requested that EM account for any identified areas with room for improvement.

It is our general impression that EM has established relatively clear requirements and an orderly structure and distribution of responsibility in their work with quantitative risk analyses for their facilities.

However, we have identified some items with room for improvement. Many of these issues have also been pointed out by EM, particularly improvements relating to insufficient formalisation of requirements and guidelines, including work processes, roles and responsibilities in this area.

Items with room for improvement
EM’s management system sets relatively clear requirements for involvement and highlights roles and responsibilities for implementation of analyses and the use of results thereof. However, we would like to draw attention to some items with room for improvement. Most of these were also identified by EM:

a) Involvement in connection with the implementation of the analysis

  • In connection with the implementation of the analyses (OIMS 2-1 RAMS Manual), there is no requirement relating to systematic request for input from offshore personnel. EM has confirmed that this is something they consider establishing requirements for.

b) Competency requirements and distribution of relevant information

  • No competence requirements have been set relating to relevant positions offshore needing any detailed knowledge of the risk analyses that have been carried out (limitations, assumptions, results). At present, some positions require general courses in risk analyses, but require no specific knowledge of the facility-specific analyses that have been carried out.
  • Area risk charts are a tool used to communicate the results of the risk analysis. At present no requirements have been set for how these should be used to ensure that the conditions are safeguarded during operation and maintenance activities.
  • The results of the TRA/QRA updates are communicated to the offshore organisation after each update. It was discussed whether a potential improvement area might be to reassess whether this covers the need for information to the offshore organisation.

c) Follow-up of assumptions

  • Some of the risk analyses assumptions were formulated in such a way that it makes it difficult to follow up and comply with these during operational activities. At the meeting, EM stated that they will assess whether this can be improved in connection with the updating of the risk analysis for Ringhorne.
  • The risk analysis assumptions are integrated into relevant procedures – and are highlighted partly through the use of risk links. EM could not account for how such links are reassessed and maintained when the risk analysis is updated or when changes are made to the procedures. EM confirmed that this will be evaluated with a view to improvement.
  • EM could not confirm that the performance assumed in the risk analysis has been translated into measurable performance requirements that are being followed up and assessed (through the use of relevant performance standards). EM confirmed that this will be assessed to ensure that such a connection exists.
  • Cf. electronic Management of Change (eMOC) - Risk Screening & Risk Assessment; Technical Safety is involved ”for purposes of information” in issues that have been identified by the initiator as technical non-compliance, Facility Integrity Non Compliance (FINC). We find that this may result in potentially important issues not being identified. For instance:
    • If an issue is not initially identified as non-compliance (FINC), there is a risk that the issue will not be identified and risk-assessed by technical safety personnel, either.
    • The fact that Technical Safety only is informed about the issue without having to sign for it formally, might result in matters of safety not being assessed against TRA/QRA.
  • EM could not account for how they systematically collect and assess the potential effect of many minor changes that might arise along the way – in the period between each formal TRA/QRA update.