Informa Markets

Author Bio ▼

Safety and Health Practitioner (SHP) is first for independent health and safety news.
April 27, 2015

Get the SHP newsletter

Daily health and safety news, job alerts and resources

Process safety management and the deep dive audit

diving-714852_640By Conrad Ellison, ABB Consulting

Managing process safety is never ending and requires constant attention. It’s necessary for those in leadership positions to review routinely what constitutes best practice in order to ensure that they are doing everything possible to prevent a major accident from occurring. Here, ABB Consulting’s Conrad Ellison, makes a case for the ‘Deep Dive Audit’ approach and explains how identifying the flaws that can lead to a major hazard, helps to prevent them.

Following the Buncefield court case five years ago, the Health and Safety Executive (HSE) issued a report stating that: “Good process safety management does not happen by chance – it requires constant active engagement. Safety management systems at COMAH sites should specifically focus on major hazard risks and ensure that appropriate process safety indicators are used and maintained.”

This highlights that it’s essential for organisations to look carefully at their process safety management to see if they are focusing on major accident scenarios and if more could be done.

A Process Safety Management system (PSM) provides a framework of high level procedures, in order to maintain safe operations and healthy protective systems. Generally speaking, it’s expected that a PSM audit showing year-on-year improvement is good news. However, this is not the whole story and it could be an indication that performance has reached a plateau, and a serious incident could happen at any time. It is essential therefore for operators to look at their major hazard scenarios in a more detailed and comprehensive way.

Thought needs to be given as to whether the issues covered by the audit on a yearly basis are the right ones. If they are not, you won’t see any improvements in the number of process safety incidents. You’re likely to find that leading Process Safety Performance Indicators (PSPIs) are not consistent with the audit performance, and the lagging indicators show a concerning trend with the number of incidents remaining the same or even increasing.

Such incidents are usually caused by failures of multiple risk control systems at a detailed level. The potential interactions between risk control systems are often not visible at the level of the PSM system, which is constructed from distinct elements such as mechanical integrity, incident investigation or management of change.

It might be that interactions are missed in accordance with the ‘Swiss Cheese Model’ of accident causation. This is where an organisation’s defences against incidents are modelled as a series of barriers, represented as slices of cheese. The holes in the slices represent weaknesses in individual parts of the system and are continually varying in size and position across the slices. The system produces failures when a hole in each slice momentarily aligns, permitting what’s described as ‘a trajectory of accident opportunity’ enabling a hazard to pass through holes in all of the slices, resulting in an incident.

With this in mind, auditing PSM system elements may not actually identify the potential for a process safety incident. Instead, an assessment of specific incident scenarios and the verification of the specific barriers in place to prevent the incident is necessary. The solution? A Deep Dive Audit.

A detailed inspection

The Deep Dive Audit is a holistic approach, combining safety and integrity management. It involves a sample detailed inspection of key elements of the operation’s basis of safety, diving deeply into specific hazard scenarios. Part of this is identifying layers of protection and verifying that these layers are correctly designed, are in use and are effective. The findings can be extrapolated to reach conclusions on the effectiveness of some elements of the PSM systems.

This method provides assurance that process safety is being managed appropriately. It is worth noting that the Deep Dive Audit hasn’t been designed to replace existing PSM audits, but to complement them. Through its detailed approach it identifies issues that would go unnoticed with a regular audit (Figure 1). In contrast with a PSM audit, which can take up to three weeks, it can be undertaken in approximately three days. It is therefore a rapid and practical assessment process. Importantly, it identifies if PSM is delivering on site and does this in a collaborative way, which requires minimal preparation from the operators.

FactorRegular PSM auditDeep Dive audit
ScopeAll PSM system elementsMajor accident hazard scenarios
ObjectiveAchieve best practice for individual elementsEnsure specific risk control barriers are working effectively
Focus of auditSuitability of and adherence to written proceduresWeaknesses in plant, process or people aspects of barriers
MethodCheck completeness of documents and test experience with system owner and usersVerify effectiveness of barriers based on plant records, understanding of staff, and field observations

Figure 1: Outlines the main differences between the two types of process safety audit

As mentioned, the main focus of a Deep Dive Audit is to analyse major accident scenarios and their associated barriers and to provide rigorous assurance that they are working effectively. In summary, this type of audit is designed to:

  • establish all major accident scenarios and select key ones to audit;
  • confirm the basis of safety (BoS) is robust;
  • check that the design of barriers allows for the required risk reduction and that they are installed correctly;
  • ensure barriers are appropriately maintained and tested;
  • confirm workforce competency with barrier management.

Together, the above provides an overview of the process safety ‘vital signs’ and ensures that best practice in management systems is being achieved. A benefit of the Deep Dive approach is that it’s applicable to Seveso Directive and non-Seveso Directive facilities with process safety issues. It identifies specific actions relating to scenarios as well as generic site-wide issues and the methodology aligns to that employed by regulatory bodies during interventions. As an approach it is also proving popular for benchmarking across a number of sites.

The stages of a Deep Dive Audit

DAY 1 – How does the site manage its process safety?

A range of hazard analysis reports such as HAZID and HAZOPs must be reviewed to identify major accidents and the required barriers. From these, a list of varying high-risk scenarios for the detailed Deep Dive Audit can be established with a view to assessing the different types of prevention, control and mitigation barriers.

DAY 2 – What layers of protection are in place for the key scenarios?

Next, verification is sought for the effective functioning of each scenario and its associated barriers. There are three foci to this stage: barrier verifications; processes and the people operating them.

From my experience, the best results can be obtained by deploying two process safety specialists as assessors; one with a PSM system and operations background and the other with a plant engineering and asset integrity management background.

Onsite process engineers, operating managers and maintenance engineers, also provide a valuable source of knowledge to help with the understanding of major accident scenarios.

At this stage, a field visit needs conducting to focus on verifying specific barriers. This has two purposes, firstly to physically check that safeguards are installed in line with the design intent, for example that relief devices are in place and that passive fire protection and secondary containment are in good condition. Photographs of deficiencies can be used to provide high-impact evidence to site management. The second purpose is to talk to operators and maintenance technicians to establish their understanding of the process and of the major accident hazard that is being assessed. This provides an insight into the quality, training and experience of staff.

When conducting such site visits, we’ve had several cases where operators have been unaware of the necessary emergency procedures. Other issues regularly highlighted at the verification stage have included: inhibited alarms, non-Atex approved equipment in hazardous areas and gaps in earth and lightning protection testing (Figure 2).

DAY 3 – Carrying out additional verifications and forming feedback

The audit report provides details of the assessment for each barrier, along with a decision on whether it is working effectively or whether a related weakness needs to be addressed. This could relate to the plant, processes or people involved.

Common Findings
1Testing/inspection of active fire system found to be excessive in some areas and deficient in others
2Non-Atex approved equipment found in hazardous areas
3Calibration of test equipment not recorded on proof tests
4Inspection of pressure equipment focuses on short-term and not long-term asset sustainability
5No formal auditing of permit to work system
6Alarms found inhibited
7No standard set or control of initial mechanical isolation to achieve isolation standards
8Lack of identification of safety critical procedures
9Gaps in earth and lightning protection testing
10Inspection of electrical equipment in Atex areas not to relevant good practice

Figure 2: The top 10 common findings uncovered by conducting a Deep Dive Audit


Good process safety management is about preventing major process incidents from occurring. It therefore makes sense to devote some assurance effort directly to the scenarios themselves, focusing on the specific risks and layers of protection.


At ABB Consulting we’re finding more and more operators are choosing to carry out Deep Dive Audits across their global sites in order to provide a time efficient snapshot of performance, and to benchmark sites in order to identify those requiring greater senior management attention.


The level of detail provided by a Deep Dive Audit can benefit not only the scenarios under assessment, but many similar scenarios too as it can help uncover weaknesses in the generic risk controls.

Whilst we must remember, the scope of the Deep Dive Audit is limited when compared to a conventional PSM audit, it provides us with confidence that barriers are working effectively. It also ensures a focus on major accident hazards and identifies areas for improvement. By taking process safety on to the next level, this approach is fast becoming a welcome accompaniment to the traditional PSM audit.

Conrad Ellison is Principal Safety Consultant at ABB Consulting, UK


The Safety Conversation Podcast: Listen now!

The Safety Conversation with SHP (previously the Safety and Health Podcast) aims to bring you the latest news, insights and legislation updates in the form of interviews, discussions and panel debates from leading figures within the profession.

Find us on Apple Podcasts, Spotify and Google Podcasts, subscribe and join the conversation today!

Related Topics

Notify of

1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Andy B
Andy B
9 years ago

Not dissimilar to the engineering community’s Fault Tree Analysis approach. What if? What if? What if?