CHEMICAL ENGINEERING TRANSACTIONS VOL. 57, 2017 A publication of The Italian Association of Chemical Engineering Online at www.aidic.it/cet Guest Editors: Sauro Pierucci, Jiří Jaromír Klemeš, Laura Piazza, Serafim Bakalis Copyright © 2017, AIDIC Servizi S.r.l. ISBN 978-88-95608- 48-8; ISSN 2283-9216 Formaldehyde Production Plant Modification: Risk Based Decision Making Gabriele Baldissonea, Micaela Demichelaa, Gianfranco Camuncolib, Lorenzo Combertia a Politecnico di Torino, Dept. of Applied Science and Technology, Corso Duca degli Abruzzi, 24, 1029 Torino, Italy b ARIA s.r.l., Corso Mediterraneo, 140, 10129 Torino, Italy gabriele.baldissone@polito.it In case of plant modification, one of the guiding parameters for decision making should be the risk minimisation. Traditional and recognised risk assessment methodologies (i.e. HazOp, Fault Tree, Event Tree) are static and strongly affected by the experience of the analysis team. But in case of plant modification, the team knowledge can be not sufficient. Thus, it became particularly important to have a system able to model, in an integrated way, both the probability of occurrence of possible unwanted events, and the behaviour of the process when an unwanted event occurs; this will allow the decision to be taken on a complete set of information and definitely on risk. The dynamic decision analyses are based on the results of a joint logical-probabilistic model and phenomenological model. In this paper, in particular, the Integrated Dynamic Decision Analysis is applied to a formaldehyde production plant, where a decision has to be taken about modifying the whole cooling system of the process from a melted salts based system, with a higher environmental impact potential, to a water based system. 1. Introduction During plant modification, the management is required to decide on the basis of information on the plant behaviour that could be incomplete; a better risk based analysis could be a good way to address the decision, minimizing the potential risk inherent with the modification. The Quantitative Risk Assessment (QRA) is a traditional method for the risk assessment, which starts with the Hazard Identification. One of the more used technique for the Hazard Identification is the Hazard and Operability Analysis (HazOp), proposed by Lawley (1974); many different variations of this technique were developed over time in order to extend its application (e.g. on procedure, on discontinue plant) (Dunjó et al., 2010). After the Hazard Identification, the Probability Occurrences evaluation is carried on: the more diffused techniques are the Fault Tree (FT) and the Event Tree (ET) (Mannan, 2005). The FT is a Top – Down technique representing the causes which lead to the TOP Event. On the contrary, the ET is a Bottom – Up graphical representation of the consequences deriving from the initial event. Both the methods can be used in a quantitative way (Center for Chemical Process Safety, 2000) to evaluate the probability of occurrence. The next step of the QRA is the consequences evaluation: the available methods are connected to the events analysed and to the desired results , e.g. Gaussian modelling dispersion (Korsakissok and Mallet, 2009) or CFD (Pontiggia et al., 2012). The last step of the QRA is the risk evaluation and decision making. The results of the methods traditionally used in QRA depend on the analysis team knowledge, and they are static; indeed, they hardly take into account time-dependent events and human and operational factors (Gerbec et al. 2016a, 2016b). For this reason, the traditional QRA application on plant modification could not be the optimal choice. Therefore, in t recent years dynamic analysis methods were proposed, for example: the event sequences diagram for the dynamic simulation (Swaminathan and Smidts 1999), the use of Markov DOI: 10.3303/CET1757118 Please cite this article as: Baldissone G., Demichela M., Camuncoli G., Comberti L., 2017, Formaldehyde production plant modification: risk based decision making, Chemical Engineering Transactions, 57, 703-708 DOI: 10.3303/CET1757118 703 model for the construction of dynamic Event Tree (Bucci et al., 2008) or the dynamic fault tree (Kalantarnia et al. 2009). One of these dynamic methodologies is the Integrated Dynamic Decision Analysis (IDDA), developed by Galvagni (1984; 1989) and applied in different field as: for an allyl-chloride production plant (Demichela and Camuncoli, 2014) or for the reliability - base comparison between competing technologies for the VOC treatment in process system (Baldissone et al. 2016). The IDDA methods is based on a logical – probabilistic model joint with a phenomenological model: the first provides all the possible sequences of events and their probability, while the second recreates the plant behaviour, also helping the improvement of the logic – probabilistic model, and the attribution of consequences values for each sequences of events. The logical - probabilistic model is developed according to the following step: 1. Identification of the events that can take place during the plant operations, (procedure steps, the recovery step or the equipment fault). For each event identified, the possible outcomes were evaluated. 2. Description of the events through questions or affirmations, that shape the basic structure of the analysis and that are called “levels”. The elaboration of the network deriving from this process allows to identify all the possible and alternative sequences of events that can derive from the description of the plant operation (stories). 3. Assignation to each level of the probability of occurrence and, if available, of the uncertainty ratio, which represents the distribution of the probability. Therefore, each sequence of events can be characterized through a probability of occurrence. 4. Definition of the logical or probabilistic constrains, in order to take into account the inter-dependency of the events. The logic – probabilistic model is built according to an appropriate syntax, and modelled through IDDA software, which can develop all the possible sequences of events that the plant could undergo. Each sequence of events is correlated with its probability of occurrence. The phenomenological model is a mathematical description of the plant behaviour, compliant to the events descript in the logical – probabilistic model. In case of an incomplete coherence between the results of the phenomenological model and of the logical - probabilistic one, the latter can be corrected to better describe the real plant behaviour. The phenomenological model provides also the consequence value, from which it is possible to obtain also the risk value. This paper shows an application of the above mentioned IDDA method to a formaldehyde production plant, where the product is obtained through the methanol partial oxidation. In particular, the analysis is applied to analyse the effectiveness of a plant modification: the change of the cooling system from a system based on molten salts to a system based on boiling water. The opportunity of comparing the actual behaviour of the plant with the foreseeable behaviour of the modified plant not only based on the reliability, but also on the process behaviour and the risk, allows the plant management to take the decision on wide and clear picture. 2. Material and methods 2.1 Case study The plant is used for the production of around 10,000 kg/h of formaldehyde solution at 30% of concentration. The formaldehyde is produced through the partial oxidation of the methanol with the oxygen in air. In Figure 1, a scheme of the plant is shown. The methanol liquid is contained in a tank inerted with nitrogen. The methanol is extracted from the tank by a pump, and sent to a boiler, where it is vaporized at around 70°C. The obtained methanol vapor is sent to a heater, where its temperature is increased until it reaches 190°C. The fresh air needed for the oxidation process is compressed in a first stage of compression, then it is mixed to the recirculation gas and the resulting gas mixture is again compressed at a working pressure, around 1.25 ata. The heated methanol vapor is mixed to the compressed gas to obtain the reactant flow. Theis flow enters the heat exchanger REC 2, where it is heated at the reaction temperature (around 220°C), recovering the heat contained in the hot products. 704 Figure 1: Plant schema. Finally, the reactant flow enters the reactor, where the partial oxidation of the methanol occurs, Eq. (1). CH3OH+ 12 O2 r1→ CH2O+H2O (1) Sometimes also secondary reactions occur in the reactor; the most relevant is the oxydation of the formaldehyde in carbon monoxide, Eq. 2. CH2O+ 1 2 O2 r2→ CO+H2O (2) The reactor is built as a shell and tube heat exchanger; the tube side is where the reaction takes place. A Catalyst based on iron and molybdenum oxide (Reuss et al., 2000) is used. Both the reactions taking place are exothermic, therefore a cooling system is necessary for the reactor. At the reactor entrance the gas contain around the 6.5% of methanol and around 12.5% of oxygen. The proposed plant modification is actually related to the mentioned reactor cooling system: instead of the molten salts cooling system originally foreseen , a new one based on boiling water in the shell side is suggested.. Turning back to the process description, after the passage in the reactor, the product enters the heat recovery section: it Firstly passes in REC1, where it starts decreasing its temperature. Then the product arrives in REC2, where its temperature further decreases, by increasing the temperature of the reactant flow. At the end of the heat recovery section, REC3, the product temperature is further reduced until it reaches the temperature needed for a successful absorption. At this point the product passes in the absorber tower: herethe formaldehyde is recovered in a water stream. The formaldehyde is dissolved in water and, at the bottom of the tower, the formaldehyde solution is recovered. At the top of the tower, the exaust gases are partly recirculated, to control the oxygen concetration in the reactant flow, while a 30 % of the flow is discharged to the vent system. Methanol Tank Heater Pump Reactor REC1 REC3 Water Formaldehyde solution Aria REC2 Boiler Absorber Vent AIR Compressor Gas Compressor Recirculation Gas 705 2.2 Logic – probabilistic model The logical – probabilistic model was developed considering the effect on the process variables of the following events: • Equipment failure; • Control system failure; • Operator error. Also, when the process variable deviation implied a protective system activation, the alarms and the automatic protective devices activation were modelled. The probabilistic data used in the logic – probabilistic model were obtained from literature sources, as Mannan (2005) or the Center for Chemical Process Safety (1989), and from the plant management. The unwanted events identified as critical were: 1) plant in emergency state and 2) productivity problems. Under “productivity problem”, the events bringing to the reactor shutdown and to an improper absorption of the formaldehyde are collected. The logical – probabilistic model allowed to identify some events with effect on the plant safety and on the environment, but these two types of events were analysed separately, and are not object of this paper. 2.3 Phenomenological model The phenomenological model is the mathematical description of the dynamic plant behaviour, through the mathematical description of the functioning equipment and its interactions.. The equations used to describe the equipment physical behaviour are based on the energy and mass balance and the property transfer; they are taken from literature sources, e.g. Serth (2007) or Kern (1965) for the heat exchanger, and Iordanidis et al. (2003) for the reaction kinetic. In this way, the phenomenological model can evaluate the plant behaviour in different situations, and the effect of the equipment fault, in Figure 2 is reported an example of reactor behaviour evaluated with the phenomenological model. Also, the phenomenological model provides a consequences evaluation for the events modelled. In this paper, the consequences are evaluated in term of extra management costs, related to the equipment restoration and the managing of the unwanted events, such as the plant stop or a product not satisfying the requests. The consequences for each sequences of events is evaluated through the sum of the extra management costs in the sequences of events or observed in the phenomenological model results. Figure 2: Example of reactor behavior, for the case of high temperature in the reactor and correct action after TAHH07 alarm activation The cost values used for in the phenomenological model, reported in Table 1, were provided by the plant management. The phenomenological model was developed through the Matlab ® software. 706 Table 1: Extra management cost Operation Estimated costs (€) Restore nitrogen supply 2,000 Restore methanol boiler 10,000 Restore methanol heater 10,000 Restore control of recirculation 2,000 Restore air compressor 2,000 Restore gas compressor 2,000 Restore different heat exchanger in the heat recovery 10,000 Restore control temperature system in the reactor 2,000 Restore reactor cooling system 10,000 Restore absorber 20,000 Restore water flow control in absorber input 2,000 Emergency stop 100,000 Product out specific 200,000 Manage a reactor high temperature 200,000 Manage tank collapse 250,000 Manage flammable atmosphere in the tank 250,000 3. Results The logical – probabilistic model generated around 13,000,000 different sequences of events, with a probability of occurrence higher than 3×10-13, value that was used as cut-off probability. In this way, 2.6×10-6 probability is obtained as residual probability. The probability of occurrence for the sequences of events causing productivity problem is around 5.85×10-5, while the probability for sequences provoking emergency condition is around 0.38. The latter value is an overestimation of the real one, because in the model built it was considered that in case of an alarm activation, the operator put the plant in the emergency state. However, in real work conditions, in case of alarm, the operator initially tries same remediation actions and, only in case of inefficacy, sets the plant to emergency. The phenomenological model was applied to about 2000 sequences, involving one or less equipment faults or operator error. The sequences of events modelled covered a global probability of occurrence of 0.863. In Table 2, the results of the analysis are collected. Table 2: Results of the analysis Unwanted event Probability Mean consequences (€) Risk (€) Plant in emergency 0.252 104,200 26,300 Problem on the plant productivity 8.85×10-4 202,000 179 The sequences of events with possible influence on the productivity, analysed with the phenomenological model, have a probability around 8.85×10-4, a mean value for the extra management cost around 202,000 € and a risk cost around 179 €. Instead the sequences of events that involve the plant emergency have a probability around 0.252, a mean value for the extra management cost around 104,000 € and a risk cost of 26,300 €. Through the comparison of the results obtained for the two unwanted events, it is possible to observe that the problems for the production have higher mean value of extra maintenance cost (202,000 €), while the plant in emergency status has a higher risk value (26,300 €). The emergency status risk can be reduced through a correct management system of the alarm activation activity. 707 4. Conclusion In this paper, it is reported an application of the Integrated Dynamic Decision Analysis aimed at evaluating the effectiveness and efficiency of a plant modification, applied to a plant for the formaldehyde production, taking into account both normal condition and faults. The result of the analysis returned to the plant manager a risk evaluation for the modelled plant and an estimation of the plant behaviour in case of equipment fault, with or without the protection devices. In this way, the management can make the decision on more consistent data, thanks to results more easily comparable with the behaviours of the plant in the present state. Indeed in the case study the plant management evaluated in a positive way the behaviour of the plant modified, and decided to proceed with the plant modification. Reference Baldissone G., Fissore D., Demichela M., 2016, Catalytic after-treatment of lean VOC–air streams: Process intensification vs. plant reliability. In : Process Safety and Environmental Protection 100: 208-219. Bucci, P. Kirschenbaum, J., Mangan, L.A., Aldemir, T., Smith, C. and Wood, T.., 2008. Construction of event- tree/fault-tree models from a Markov approach to dynamic system reliability. Reliability Engineering & System Safety, 93(11), pp.1616 - 1627. Clementel, S., Galvagni, R., 1984. The use of the event tree in the design of nuclear power plants. Environment international, 10(5), pp.377-82. Center for Chemical Process Safety, 1989. Guidelines for Process Equipment Reliability Data - With Data Tables. New York: Center for Chemical Process Safety/AIChE. Center for Chemical Process Safety, 2000. Guidelines for chemical process quantitative risk analysis. New York: Center for Chemical Process Safety/AIChE. Demichela M. and Camuncoli G., 2014, Risk based decision making. Discussion on two methodological milestones. In: Journal of Loss Prevention in the process industries, 28(1): 101-108 Dunjó, J., Fthenakis, V., Vílchez, J.A. & Arnaldos, J., 2010. Hazard and operability (HAZOP) analysis. A literature review. Journal of Hazardous Materials, 173, pp.19-32. Galvagni, R., Clementel, S., 1989. Risk analysis as an instrument of design. In Maurizio, C. & Antonio, N. Safety design criteria for industrial plants. Boca Raton: CRC. Gerbec M., Balfe N., Leva M. C., Prast S., Demichela M., 2016a. Design of procedures for rare, new or complex pro-cesses: Part 1 – An iterative risk-based approach and case study. In Safety science In press doi: http://dx.doi.org/10.1016/j.ssci.2016.08.015 Gerbec M., Baldissone G. Demichela M., 2016b, Design of procedures for rare, new or complex processes: Part 2 – Comparative risk assessment and CEA of the case study. In Safety science In press, doi: http://dx.doi.org/10.1016/j.ssci.2016.10.015 Iordanidis, A.A., van Sint Annaland, M., Kronberg, A.E. & Kuipers, J.A.M., 2003. A critical comparison between the wave model and the standard dispersion model. Chemical Engineering Science, (58), pp.2785-95. Kalantarnia, M., Khan, F. & Hawboldt, K., 2009. Dynamic risk assessment using failure assessment and Bayesian theory. Journal of Loss Prevention in the Process Industries, 22, pp.600 - 606. Kern, D.Q., 1965. Process heat transfer. New York: McGraw-Hill International Book Company. Korsakissok, I., Mallet, V., 2009. Comparative Study of Gaussian Dispersion Formulas within the Polyphemus Platform: Evaluation with Prairie Grass and Kincaid Experiments. Journal of applied meteorologgy and Climatology, 48, pp.2459-73. Lawley , H.G., 1974. Operability studies and hazard analysis. Chemical Engineering Progress , 70(4), pp.45- 56. Mannan, S., 2005. Lee’s Loss Prevention in the Process Industries. Oxford: Elsevier. Pontiggia, M. et al., 2012. Consequences Assessment of an Accidental Toxic Gas Release Through a CFD Tool: Effect of the Terrain and Major Obstacles. Chemical engineering transaction, 26, pp.537-42. Reuss, G., Disteldorf, W., Gamer, O. & Hilt, A., 2000. Formaldehyde. In Ullmann's Encyclopedia of Industrial Chemistry. Wiley-VCH Verlag GmbH & Co. KGaA. pp.735-68. Serth, S.W., 2007. Process Heat Transfer Principles and Applications. Oxford: Elsevier. Swaminathan, S. & Smidts, C., 1999. The Event Sequence Diagram framework for dynamic Probabilistic Risk Assessment. Reliability Engineering & System Safety, 63(1), pp.73–90. 708