By RJ Reiser At the opening day of this year’s Offshore Technology Conference in Houston, Michael Bromwich, director of the Bureau of Ocean Energy Management, Regulation & Enforcement (BOEMRE) promised to release the agency’s report on the Macondo blowout before the July 27 deadline, but noted that it was still too early to know what new regulations would emerge. Expanding regulations is clearly a mission of BOEMRE and is already taking shape as Bromwich has indicated in various addresses. Yet, as we all know, a significant array of regulations already exist in the oil and gas industry. Will more regulations achieve the desired objective? Let’s reflect for a moment on just how effective regulation has been thus far. We know that while process safety regulations have greatly reduced the number of minor incidents, they have had little effect on reducing major incidents. Granted, some will argue that compliance to existing regulations may still be a problem. Yet, many experts note that most major incidents in the past, including that of Macondo, were largely a result of simultaneous failures of multiple barriers, both physical and process-related. So, why has regulation fallen short in preventing major incidents in the industry? There are likely a number of factors at play here – safety cultures, training, staffing challenges, etc., not the least of which has to do with the increasing complexity of today’s oil and gas industry. Keeping up with technological advances in the industry is a growing challenge for agencies trying to oversee it. Clearly, regulations have not kept pace with innovations. Like most regulations, process safety regulations are based on generalized knowledge – the common ground that fits across all situations. Currently, we know that regulations don’t, as of yet, deal with the specialized knowledge that is required to manage complex risk in unique operating environments. In addition, the increasingly technological methods being used by oil and gas companies today are developing much faster than traditional internal risk management systems. Many companies lag far behind in implementing sophisticated risk management systems for networked environments designed to capture and share lessons-learned, manage current knowledge and monitor performance toward the goal of continuous improvement. To Be Effective, Regulations and Risk Management Systems Should Evolve with Industry’s Technology Due to the increasingly technological environments in which the industry operates, regulatory requirements should thoughtfully advance as the industry advances. Regulators also should challenge companies with a vision 5-10 years out, and be constantly adjusting its standards based on new developments and innovation. However, regulations alone will not be enough to prevent major incidents. Oil and gas companies must take the lead in an effort to implement innovative risk management technologies. Who better stands to benefit more from upgrading internal risk management systems to prevent major incidents than the companies themselves? Perhaps a good solution would be for Industry experts to work side-by-side with regulators to develop “standards” that all can work with. Reviewing where gains have been made in major incident reduction, as well as considering the central challenge of the complexity of operations, we see four major areas that companies need to focus on and regulators should look at, to drive reductions in major incident risk. 1. Identify safety critical systems: barrier analysis and assurance around those systems. Generalized knowledge often suffers in real-world application because it doesn’t embrace the diversity of systems, people and real challenges. Preventing major incidents typically requires complex specialized knowledge with deeper control assurance and risk engineering practices, while minor incidents can often be reduced by straightforward operating procedures and good industrial hygiene. One of the areas where initiatives have already shown progress is the UK safety case regime, which has shown a reduction in leading indicators of major accident risk in the North Sea- namely the reduction of hydrocarbon leaks. 2. Commit to continuous improvement: capture ongoing risk assessment and feedback from near-misses, incidents, and failures. A challenge with current risk management practices is that they are compliance-oriented rather than process-oriented. This results in data being kept within “siloed groups” that don’t work together. Maintenance, health and safety, and PSM are often independent groups that don’t communicate. A key element of continuous improvement in risk management, or any process for that matter, is to effectively capture, share and leverage feedback from across the organization. This includes recommendations, near-misses, incidents, and failures and leading and lagging indicators of risk. With disconnected risk systems, it is difficult for this knowledge to find its way back into risk assessments and strategic planning. Risk assessments need to be living documents. 3. Ensure complete visibility into risk operations and risk performance. Major incidents are often the result of missteps in existing standard operating procedures. Engineering documents aren’t promptly updated after a change, resulting in inaccurate information in operating procedures or incorrect assumption during future changes such as PSI limits for a vessel or valve. Other leading indicators of risk performance would include incidents and near-misses that correlate with major incident risk: failed audits, leaks, frequent emergency management of change, high staff turnover, gaps in appropriate skill availability for shifts (such as experienced supervisors or risk managers), and many others. The bottom line is that the best risk engineering isn’t going to stop a major incident without the appropriate standards of operational excellence. Companies can make significant improvements in risk operations by extending risk registries to include critical operational metrics. The benefits of this are many. Such actions provide a much needed baseline for continuous improvement, making risk management activities visible. In addition, and possibly, most importantly, this allows real-time monitoring of operational risk, providing management with much needed business intelligence that can guide appropriate investments in areas most in need of improvement. 4. Invest in knowledge management: continuous improvement pays off. An innovative and practical knowledge management system that captures lessons learned is the critical foundation for continuous improvement. Identifying safety critical systems and creating effective barriers around them is neither simple nor cheap. Clearly, a complex, specialized risk management system is expensive to create, but is extremely valuable in mitigating the complex risks that cause major incidents. By investing in sharing this knowledge, companies will get far more effective risk mitigation for the same effort, since each risk control is based on the cumulative in-depth mitigation effort across industries. It’s an investment that pays big dividends over the long-term. Conclusion In this post-Macondo environment, producers and regulators should work together to ensure sustainable operations by focusing on identifying and implementing risk management systems designed to handle the increasing complexity of the industry. RJ Reiser, Regional Director, Dyadem, a part of IHS