Risk Based Inspection

Operating a facility comes with multiple aspects of technical and business goals. One common goal is to maintain production at maximum while minimizing cost, and it is only achievable if the pertinent risks are properly assessed, whether it is aligned with an “operate-to-failure” or a “prevent-at-all-cost” philosophy. Identifying and mapping the risks eliminate having to act without proper knowledge within a limited reaction time. Therefore, a risk based inspection (RBI) can be defined as the control mechanism of a proactive and predictive integrity management of a facility, where proper allocation of resources can be planned and accounted for. This means the inspection strategy is driven by risk and prioritized for the high-risk equipment.

The key elements to a successful RBI program are having an established system for assessment which uses consistent evaluation methods, clearly documents the method of assigning both possibility of failure (POF) and consequence of failure (COF), describing the methodology used for risk management through inspection, process control or other operational, design, monitoring and surveillance barriers. RBI is built on a systematic assessment that covers:

  • Data gathering and analysis
  • Identification of applicable damage mechanisms (also commonly referred as threats)
  • Determination of POF due to each threat identified (also commonly referred as likelihood)
  • Determination of COF due to each threat identified
  • Assignment of risk associated with each threat based on POF and COF
  • Development of prioritized inspection plans
  • Incorporation of findings and improvement of management plans

In determination of consequence and risk assignment, multiple aspects are considered such as the impact of failure on the health and safety of personnel and community in the impacted area, environment, cost of recovery (cleaning, maintenance, extent of operation, repairs) and business.

From a regulatory point, the assessment team should have a good understanding of the requirements as described in regulatory guidelines and industry standards.

The GATE assessment process is structured on API-580 methodology as the backbone, and uses additional standards and guidelines depending on the specific requirements for item of equipment in question. The high level risk assessment workflow is shown in Figure 1.

risk based inspection

Data Collection & Evaluation

It is vital to collect all the relevant information for a given type of item of equipment, application and location, and the purpose of assessment. The evaluation of data should cover two aspects; physical data regarding the condition of the item of equipment, and information describing the management process, plans and protocols.

As in any assessment process, data and information should first be evaluated and verified for validity in order to incorporate any uncertainty into the risk profile. All data sources should be identified and how they were evaluated during the assessment should be clearly documented to provide traceability and auditability of the risk assessment process.

Identification of Threats

There are various methods that can be used to evaluate the specific threats to an asset. The selected method should serve as a source with the level of details to generate risk mapping for the project phase, type of equipment and application. The level of information required for evaluation will be different for each method and the threats that are applicable in each case will differ as well. As an example for mechanical integrity, threats related to the possible degradation mechanisms for corrosion circuits, items of equipment or components can be determined through a methodology similar to a failure mode effects analysis (FMEA).

Possibility of Failure (Likelihood)

Once the applicable threats are identified, the susceptibility likelihood and the possible outcome of failure due to the specific deterioration mechanism resulting in loss of containment is evaluated for the item of equipment and/or components.

In addition to the process and equipment data that can be used to determine rate of deterioration, one important aspect of assigning a POF is the relevant operational experience. On the other hand, for certain threats related to rapid corrosion rates, such as stress corrosion cracking, failure can occur in a short time period, and lack of evidence of deterioration to the point of assessment cannot be used as an indication of reduced probability.

A systematic approach can be used to determine the likelihood of an event due to each threat to present the effectiveness of the program in place and need for further management requirements.

Consequence of Failure

The failure mode (progression of the deterioration mechanism), contained fluids, process conditions and ease of isolation of an event should be considered for each possible threat identified. In general, the consequence analysis for a given failure mode should be determined according to the associated harm to health and safety of personnel/society, environmental effect, value and reputation. The level of impact due to loss of containment should be evaluated not only based on the resultant effects on the isolated area or equipment but also the cascading events in the facility. The severity of the resultant damages in the aforementioned categories can then be classified according to the Company’s risk management protocols, which should also be in alignment with the regulatory requirements.

In both POF and COF, qualitative and quantitative approaches are valid. In the case of qualitative analysis, industry experience coupled with operating and process conditions against the design requirements set the basis. In quantitative analysis, in an assessment, the requirement to undertake a quantitative or semi-quantitative analysis should be defined and set in alignment with the Company risk management protocols.

Risk Assignment

The level of risk assigned to a viable threat for a given component in all the impacted categories is a combination of the POF and COF identified for the specific component, equipment or a corrosion  circuit. Since the operating philosophy and resource allocation strategies differ from one entity to another, the severity of the combined POF and COF effect will return a company-specific risk.

In general, risk management should cover the following:

  • Clearly defined risk ranges applicable for the purpose of assessment.
  • Roles and responsibility (level of authority) for the governance of risk based on the risk range.
  • Actionable and descriptive responses defined for each risk range (i.e. prevention and mitigation requirements).

Inspection & Management Plan Improvements

The findings  from the risk assessment as outlined can be translated to define or  modify decision-making philosophy and management strategy, such as incorporating a reactive or a proactive program, and develop and execute a prioritized inspection plan, accordingly.

The factors that should be considered while developing inspection plans for a facility should include, but not limited to, the following:

  • Company’s risk management strategy
  • Risk profile considering the current barriers and improvement options
  • All applicable inspection methods for each item of equipment/component for the viable risks identified
  • Work permit requirements and resource planning (i.e. number of staff, safety and work equipment)
  • Accessibility and relative arrangement of items of equipment
  • Simultaneous operations to aid with scheduling and resource allocation
Risk Based Inspection Workflow

Not only the frequency and sequence of inspection work, but also the adequacy of methods of inspection will have been identified. The value of a risk assessment does not stop at developing an effective inspection plan, and if done correctly, it will provide information on the gaps in the sampling, process control, monitoring and surveillance, maintenance and repair programs, and line-out the minimum requirements to reduce the risk to manageable levels for high-risk cases or improvement opportunities to further reduce/eliminate the risk, or identify barriers that do not provide risk-reduction benefits to provide cost-cutting options. The high level summary of this is presented in Figure 2.


One key aspect to risk based inspection and integrity management is using a consistent systematic approach that can be clearly documented. The consistency in evaluating the pertinent risks through a facility, and further, applying the same approach on multiple assets can provide the utmost value to the stakeholder to predict, prioritize, prevent and/or manage risk across  the assets and minimize the impacts on business to as low as reasonably practicable (ALARP) levels.