COMAaaaargH! COMAH Reports Gone Wrong

How to avoid some common pitfalls in the production and use of a COMAH report; from Robert McGregor, Sarah Bickerstaffe, Stephen Beedle, and Conrad Ellison

FOR sites in the UK exceeding thresholds in inventories of certain dangerous substances there is a regulatory requirement to produce a COMAH safety report. Depending on the quantities present, the regulations apply as either a lower tier or upper tier level. The purpose of COMAH regulations is to ensure that operators take all necessary measures to prevent major accident hazards (MAHs) involving dangerous substances and limit the consequences to people and the environment of any major accidents which do occur.

Upper tier (formerly top tier) operators are required to submit safety reports to the competent authority (CA), demonstrating that safety and environmental risks for the whole COMAH establishment have been reduced to a tolerable level. This article focuses on upper tier safety reports, but it should be noted that lower tier operators must prepare a major accident prevention policy (MAPP) that examines the potential for major accidents on their site and demonstrating their approach to controlling the risk of occurrence. Whilst the MAPP is not required to be submitted to the CA, it should be available during CA inspections.

Producing a COMAH report can be a huge investment in time and money and this article explores what, in ABB’s experience, are some of the more common ways in which the process can go wrong. There are two main themes: (1) challenge by the competent authority (CA); and (2) not using a well-written COMAH report to its full potential. COMAH reports are complicated documents, and this is by no means a complete review of the potential error traps; there are other areas equally worthy of discussion that aren’t covered here. Hopefully though, it provides some useful information and will help engineers learn from others’ mistakes and extract the maximum value from their COMAH reports.

1. Challenge from the competent authority

IS THE TEAM UP TO THE TASK?
When a COMAH report is challenged by the CA in some way, it is obvious that something has gone wrong. Most of the time this is down to not getting the basics of the report right. This starts with the team! Writing a COMAH report is a challenging exercise – the team that is producing it should be suitably qualified and experienced and have sufficient availability to complete what can be a time-consuming activity. Consultancies are often used to help with the production of the COMAH report, but ultimately the document is owned by the operating company, which needs to ensure that it has done its due diligence and that it has reviewed and buys into the finished report.

DOES THE REPRESENTATIVE SET COVER ALL OF THE MAJOR ACCIDENT HAZARDS ON SITE?
The representative set is a list of hazardous events that have the potential to cause harm, and provides the foundation from which an upper tier COMAH safety report is constructed. It should be a representative summary of the entire site and therefore include a variety of MAHs which reflect “what could go wrong” for all sorts of processes and equipment across the site. Challenges often arise due to the representative set not being truly representative of all the MAHs on site ie, important details are missed because it is too generic. Many companies take a quantitative risk assessment (QRA) approach using generic rupture, large hole, or small hole in a generic pressure vessel or tank for example – but this is too generic. To analyse it in a meaningful way you need to look at a specific (worst-case) vessel with its specific failure mechanisms, specific controls, specific protective measures, and specific mitigations based on the vessel location. This often comes down to not having demonstrated “line of sight” between the hazard identification studies and the representative set, making it difficult for the CA to understand how the various scenarios were chosen. Sometimes the discrepancy may be due to lack of robust revalidation protocols for hazard studies, meaning that the five-yearly updates, which drive towards better mapping of MAHs, are either delayed or not completed.

FAILURE TO IDENTIFY RELEVANT GOOD PRACTICE
“Good practice” is the legal minimum standard that is to be reached for a particular application, and relevant good practice (RGP) audits are conducted as part of the COMAH report to highlight any gaps to this minimum requirement. Where it is sometimes very clear what represents good practice for a system or piece of equipment it is often not so straightforward. For instance, BS EN 746-2 gives very prescriptive guidance on good practice for protective systems on fired equipment, whereas other items of equipment such as reactors, columns, or pumps don’t have clearly-defined RGP. However, compliance with RGP must be demonstrated and the onus falls on the operator to determine what the majority of companies in their industry sector typically do and then justify to the competent authority why their own arrangement is suitable in comparison. Failure to do so is a commonly occurring cause of challenge.

FAILURE TO RECOGNISE CHANGES
An update to a COMAH report must adequately capture any changes that have occurred since the previous COMAH submission. This can be challenging enough for onsite changes, but neighbouring sites may have made changes affecting their own MAHs, some of which may have an impact on the operating site. If the neighbouring sites are upper tier COMAH establishments, they will have a good understanding of their MAHs and will have defined any offsite consequences in their domino report. However, non-COMAH sites may not have such a comprehensive grasp of the hazards on their site. In theory they should not have any events with potential for offsite impacts, but sites involved in the water industry, for example, may not be regulated and can still have toxic and explosion hazards.

POOR LINKAGE BETWEEN THE PREDICTIVE ASPECTS AND TECHNICAL ASPECTS SECTIONS
If well written, the Predictive Aspects section of a COMAH report should give detail about the cause of an MAH and highlight the layers of protection that are used to reduce the likelihood of the event occurring. The Technical Aspects section is interested in the life cycle analysis of this safety critical equipment and demonstrating that robust processes are in place to ensure that the holes in the Swiss Cheese don’t line up!

One way to do this would be to describe the cause of failure of the vessel, say over pressure for instance, then provide some narrative around the protective systems, ie high-pressure trip and relief valve within the scenario description. The Technical Aspects section would then highlight the procedures and regime for testing these safety-critical devices along with the competency of the individuals or companies undertaking the testing.

IS ALARP (AS LOW AS REASONABLY PRACTICABLE) DEMONSTRATED?
COMAH reports are sometimes challenged with the feedback that “ALARP is not demonstrated”. This is a catch-all for many different criticisms but can mean that the report is too generic. This can happen when the quantitative risk assessment (QRA) methodology, which produces choropleth-style risk contour maps, is used. In QRA, various events are modelled for each piece of equipment on a site. Taking a vessel as an example these may be catastrophic rupture, a large hole, and a small hole. This can give a very precise representation of risk but can be very generic and often doesn’t align with the site hazard studies, which look at guidewords such as over pressure and over temperature and therefore doesn’t give detail on the cause(s) of the failures. In other words, the QRA methodology lacks practicality and does not tell the reader a great deal about the site-specific hazards and means that it cannot be easily used for training or other studies. This leads us to the next way in which a COMAH report can go wrong.

2. COMAH report not used to its full potential: Is your COMAH report gathering dust?

A COMAH report is not just a document that needs to be created to satisfy legislative requirements – it is a living breathing record that should inform and guide safety operations. If the report is gathering dust, it is not being utilised to its full potential.

USE OF COMAH REPORTS TO INFORM OCCUPIED BUILDINGS RISK ASSESSMENT (OBRA)
Almost every exercise in process safety should have line of sight back to the COMAH report, and much of the information in the report can feed into the other exercises. One of the more obvious links is to the OBRA (occupied building risk assessment) which assesses the impact of the major accident hazards on the occupants of onsite buildings. The COMAH report is useful here in that it identifies the representative set equipment items and the equipment items that are multipliers of this equipment (multipliers are equipment items that are similar to the representative set equipment but result in a lower-magnitude consequence). The consequence modelling results from the COMAH report can then be overlayed onto the site plan during the hazard-based screening section of the OBRA to identify buildings that are impacted by the MAHs. The COMAH frequency assessments can also be used to support the subsequent risk-based assessment of buildings. Utilising the scenarios from the COMAH report makes the completion of the OBRA much more efficient and ensures consistency between the two documents.

FEEDING BACK INTO HAZARDS STUDIES
The modelling in the COMAH report can be summarised into a standard consequence table giving details on hazards, their predicted consequences, and the appropriate emergency response. Use of the standard consequence table in future hazard studies provides a realistic basis for estimating the magnitude of consequences and helps to drive consistency both within and between studies.

A VITAL ROLE IN CONSEQUENCE MODELLING
It is often necessary for a site to complete a variety of small projects, and generally these are outsourced to consultancies. This can often result in repetition of things like consequence modelling rather than using the consequence modelling that is included in the COMAH report. This can lead to inconsistencies between documents which leaves the site exposed to scrutiny from the CA. Where possible, referring back to the modelling in the COMAH report helps to promote consistency and may also reduce unnecessary expenditure.

LEVERAGING IT AS A TRAINING TOOL
As a final point, it is useful to remember that a well-written COMAH report contains a huge amount of information about the MAHs that may arise on a site. This can be leveraged as a training tool to educate employees about what the hazards are and how they are likely to arise.

The COMAH report also highlights the importance of layers of protection; many companies are taking the information from their COMAH reports and distilling it into bow-tie diagrams, which are very useful as a training aid as they represent a lot of information in an easily digestible format. In addition, the COMAH report can be a valuable tool for use in emergency response planning with the emergency services.

Conclusion

A COMAH report can be a huge investment in time and resource. The first theme of this article was challenge from the competent authority; it is hoped that by highlighting some of the more common criticisms that are raised by the CA when reviewing COMAH submissions this article will help the reader to avoid these issues in the future. The second theme of the article focused on COMAH reports not being used to their full potential, which happens all too often. This is a shame because as we have discussed above, a good COMAH report can be an invaluable resource for a variety of process safety activities. Hopefully this article has inspired readers, who may not have seen their site’s COMAH report, to be curious about its contents and to use it to its full potential.