Our data differs. We have performed more than 11,000 unit-sized PHA/HAZOPs over the past 24 years; 1,000 of these have been new designs (projects, as you have focused on); the rest have been re-do of existing plant PHAs (because the project PHA/HAZOPs were so deficient). If you have a good engineering team then the team will design in up-front about 80% of the necessary SIFs. But our experience over those 1,000 project PHAs is that the PHA/HAZOP will identify 15-20% other SIFs and they will delete many of the ones recommended from the baseline designers. There are many reasons for this. The most important reason is the prior PHA/HAZOPs of prior designs are so deficient and then the new design team builds on that relatively weak basis (though granted, a better basis than 20 years ago). Another reason is prior PHA/HAZOPs, as performed in most projects today, do NOT do a HAZOP or What-if of the deviations from steps in startup, shutdown, and online maintenance procedures. Therefore, they are missing the scenarios that lead to 80% of the process safety catastrophes. If these non-routine modes of operation are addressed adequately in the PHA/HAZOP, then we have found there is on average a need to enlarge about 6% of the PSVs (and sometimes enlarge flare headers and/or flares) and to add about 15% SIFs that are UNIQUE to these modes of operation. Watch the US CSB film on the Bayer CropScience explosion for a case study on the above issues. When we lead PHA/HAZOPs, we are inherently discussing what the safeguards (and IPLs) are and what they should be to make the risk tolerable. One of the options for safeguarding is an SIF. It does not take ANY extra time to discuss that existing SIF (if present) and its target SIL (if known already), nor does it take extra time to recommend a new or improved SIF/SIL if the current risk is too high… at least it does not take any more time that discussing any other recommendation for lowering the risk.

For PHA/HAZOP of existing faculties, the same is also true, but now there is a little more history and operators are more in tune with the current facility (versus where they worked before). But, the point is, we find many SIFs missing (about 5 to 40%), many PSVs too small (about 6%), and many other safeguards missing… especially if only one PHA/HAZOP was done during the design of the original plant and if they did NOT review the procedures step-by-step during the PHA/HAZOP of non-routine modes of operation. As mentioned, we also have recommended deletion of SIFs that the designers added for no good reason (other than to sell more SIFs). Remember, 80% of the catastrophes occur during non-routine modes of operation; not during normal operating modes. Whereas most HAZOPs do not adequate address non-routine modes of operation.

So, in our experience, of the many thousands of PHA/HAZOPs at both project level and existing plant level, we have not seen ANY impact on the quality of SIF selection and SIL assignment when it is done by the PHA/HAZOP team and we have definitely not seen any burnout of team members for this reason as no extra time is needed. Of course, there are MANY reasons the time members might get burned out; those reasons should be addressed. Discussing SIFs is not one of the reasons.

If the PHA/HAZOP team does get into a complex scenario, which happens about 5% of the time, they should recommend a LOPA; which should be done outside of the team setting to not induce burnout. This has worked well for about 20 years and that is one reason Art Dowell and I invented LOPA and promoted it a book project and then wrote the LOPA book in 1997-2001 (finally published by CCPS in 2001)… i.e., to move the very complex risk scenarios discussions outside of the PHA/HAZOP (i.e., to LOPA).

See our paper on optimizing PHA/HAZOP to maximize brainstorming for more details on this topic: