Summary
bp’s (“the company’s”) wells organization manages its operational risks through what is known as the “three lines of defense” model. This is a three-tiered approach; the first line of defense is self-verification, which wells assets apply to prevent or mitigate operational risks. The second line of defense is conducted by the safety and operational risk function using deep technical expertise. The third line of defense is provided by group audit. In this paper, we discuss the wells self-verification program evolution from its first implementation and share case studies, results, impact, lessons learned, and further steps planned as part of the continuous improvement cycle.
The company’s wells organization identified nine major accident risks that have the potential to result in significant health, safety, and environment (HSE) impacts. Examples include loss of well control (LoWC), offshore vessel collision, and dropped objects. The central risk team developed bowties for these risks, with prevention barriers on cause legs and mitigation barriers on consequence legs. Detailed risk bowties are fundamental to wells self-verification, adding technical depth to allow more focused verification to be performed when compared with the original bowties, because verification is now conducted using checklists targeting barriers at their component level, defined as critical tasks and equipment. Barriers are underpinned by barrier enablers (underlying supporting systems and processes) such as control of work, safe operating limits, inspection and maintenance, etc. Checklists are standardized and are available through a single, global digital application. This permits the verifiers, typically wellsite leaders, to conduct meaningful verification conversations, record the resulting actions, track them to closure within the application, and gain a better understanding of any cumulative impacts, ineffective barriers, and areas to focus on.
Self-verification results are reviewed at rig, region, wells, and upstream levels. Rigs and regions analyze barrier effectiveness and gaps and implement corrective actions with contractors at the rig or region level. Global insights are collated monthly and presented centrally to wells leadership. Common themes and valuable learnings are then addressed at the functional level, shared across the organization, or escalated by the leadership.
The self-verification program at the barrier component level proved to be an effective risk management tool for the company’s wells organization. It helps to continuously identify risks, address gaps, and learn from them. Recorded assessments not only provide the wells organization with barrier performance data but also highlight opportunities to improve. Leadership uses the results from barrier verification to gain a holistic view of how major accident risks are managed. Program evolution has also eliminated duplicate reviews, improved clarity of barrier components, and improved sustainability through applying a systematic approach, standardization, digitization, and procedural discipline.
Lessons learned in risk management on NCSX
