Risk Management Procedure

TDBL-HS-C-S-002

Author: Andrej Krnetic, T&D HSE Business Partner

Approver: Omar Al Hashmi, T&D Executive Director
Version No: 1.0 Issue Date: April 2022
Amendment Summary: N/A

Next Review Date: April 2024

Scope: TAQA Group and TAQA Group Personnel

Page 1 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

CONTENTS

Para Page

1 Purpose 4
2 Scope 4
3 Terminology 5
4 Key Responsibilities 6
4.1 TAQA T&D HSE Business Partner 6
4.2 OpCo Executive Directors and Directors 6
4.3 OpCo Division Managers 6
4.4 OpCo Department Managers 6
4.5 OpCo HSE Managers 6
4.6 OpCo HSE (Senior) Engineers 6
4.7 OpCo Section Managers and (Senior) Engineers 7

5 Compliance Monitoring, Audit and Assurance 9

6 Standard 9
6.1 Principles 9
6.2 HSE Risk Assessments – Mandatory Requirements 9
6.3 HSE Risk Management Process 10
6.4 Step 1: Establish the Context and Scope 11
6.5 Step 2: HSE Hazard and Aspect Identification 12
6.6 Step 3: Risk Analysis 15
6.7 Step 4: Risk Evaluation 19
6.8 Step 5: Risk Treatment 22
6.9 Monitoring and Review 26
6.10 Risk Registers 27
6.11 Follow up 27

Table

Table 1 – RACI Matrix 8

Addendum

Addendum A – Risk Assessment Template 28

Addendum B – Job Safety Analysis Template 29

V 1.0 Page 2 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Glossary
References

V 1.0 Page 3 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

1 Purpose
According to TAQA Global HSSE policy:
“No operational priority is more important than protection of the health, safety and
security of our people and our communities and respecting our environment”.
TAQA Commitment to Operational Excellence (COE), the TAQA HSSE Management
System, clearly defines what TAQA expects from our OpCo's around the world.
Element 5 – Hazard Identification & risk assessment establishes Group Expectations
that must be adhered to by all TAQA OpCo’s. According to Element 5, TAQA OpCo’s
must ensure a comprehensive risk assessment process identifies, assesses, and
appropriately manages the risks arising from operations.
TAQA T&D Risk Management Procedure establishes the expectations from all its
employees - from Line Managers to Executive Directors, to ensure that HSSE hazards
are identified, and risks associated with our activities are assessed. This must be
followed by appropriate actions to account for acceptable risks, and prevent or reduce
unacceptable risks to people, the environment, and the integrity of TAQA T&D’s
assets.
The objectives of this procedure are to:

• Ensure that roles and responsibilities for Risk Management process are clearly
defined and assigned;

• Establish a standardized and structured way of conducting HSE risk assessments;

• Ensure that day-to-day risks at TAQA T&D’s assets/OpCo’s are reduced to As Low
As Reasonably Practicable (ALARP);

• Ensure all risks at TAQA T&D’s assets/OpCo’s and the respected remedial action
have been communicated to all relevant stakeholders; and

• Establish a verification process to ensure that agreed actions have been

implemented and are effective in reducing risk to the identified state.

2 Scope
This procedure covers all domains of the TAQA T&D, including sites, facilities and
offices. This procedure applies to the entire TAQA T&D HSSE Management System,
all associated and related documentation, including the HSSE Manual, and HSE
Policy, procedures and appendices.
This procedure applies to all employees, contractors, visitors and relevant interested
parties within TAQA T&D offices, operations and activities. Adherence of this
procedure will ensure compliance to the requirements of our HSSE Management
Syste, OSHAD-SF, and Environment Agency Abu Dhabi (EAD) including all applicable
legislation, international standards (ISO 45001, 14001 and OHSAS 18001) and
industry best practices within all required areas of our organization pertaining to risk
management.

V 1.0 Page 4 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

3 Terminology
The following terminology is used throughout all TAQA Management System (TMS)
documents.

Term Use of Term Infers

Must Mandatory
Legislative requirement, standard or TAQA’s Safety Rules.
Shall Mandatory
Minimum requirement.
Should Strongly Recommended
Best practice or recommended/
preferred option.
May Suggested
Possible course of action.

V 1.0 Page 5 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

4 Key Responsibilities

4.1 TAQA T&D HSE Business Partner

The TAQA T&D Business Partner shall:

• Review and Upgrade the Risk Management Procedure

4.2 OpCo Executive Directors and Directors

The OpCo Executive Directors and Directors shall:

• Provide required resources to manage risk to ALARP level

4.3 OpCo Division Managers

The OpCo Division Managers shall:

• Provide required resources to manage risk to ALARP level

• Approve risk assessments

4.4 OpCo Department Managers

The OpCo Department Managers shall:

• Approve risk assessments

• Review Risk Assessments

4.5 OpCo HSE Managers

The OpCo HSE Managers shall:

• Provide required resources to manage risk to ALARP level

• Approve risk assessments

• Review Risk Assessments

• Track procedure implementation effectiveness

4.6 OpCo HSE (Senior) Engineers

The OpCo Senior HSE Engineers and HSE Engineers shall:

• Record risk assessments

• Verify risk mitigations

• Track procedure implementation effectiveness

V 1.0 Page 6 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

4.7 OpCo Section Managers and (Senior) Engineers

The OpCo Senior HSE Engineers and HSE Engineers shall:

• Idenify HSE Hazards

• Evaluate & Classify HSE Hazards

• Decide on the required control measures

• Record risk assessments

• Communicate risks and controls

V 1.0 Page 7 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Table 1 – RACI Matrix

Section
TAQA OpCo OpCo OpCo All workforce
TAQA OpCo Division Department Manager /
Task T&D HSE EDs or HSE HSE (Sr.) (incld.
T&D ED MD Manager Manager (Sr.)
BP Directors Manager Engineer Contractors)
Engineer

Review/Upgrade Risk
A R I C/I
Management Procedure
Provide required resources
to manage risk to ALARP A R R I R/C
level
Track procedure
I A I I I R R I
implementation effectiveness
Identification of HSE
A C R C
Hazards
Evaluation & Classification of
A C R
HSE Hazards
Decide on the required
I A C R C
control measures
Approve the risk assessment I A R R R I I
Record the risk assessment A C R R
Review the risk assessment A R R
Verify risk mitigation I A R I C
Communicate risks &
A I R I
controls

V 1.0 Page 8 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

5 Compliance Monitoring, Audit and Assurance

This standard shall be subject to internal compliance monitoring in accordance with
the TAQA T&D HSE Assurance Framework (TBDL-HS-C-S-004).

6 Standard
6.1 Principles
This procedure is based on the principles that HSE Risk Management:
• Is an integral part of the way that TAQA T&D manages its business risk;

• Is part of decision making at the workplace, in meetings and the boardroom;

• Is a management responsibility;

• Addresses uncertainty by using the best information available;

• Adopts a team approach including a consultation process involving various

stakeholders including employees, contractors etc;

• Assessments are documented and followed-up; and

• Is a dynamic process that facilitates continual improvement.

6.2 HSE Risk Assessments – Mandatory Requirements

• HSE risk assessments (RAs) shall be conducted by all facilities, sections, divisions
and directorates within the organization. These are conducted in line with this
procedure and as required by applicable legislation, relevant regulations and
standards.

• The responsibility of conducting and reviewing risk assessments in admin areas

shall lie with the admin (area) Manager.

• Risk assessments shall be documented and key HSE risks arising shall be
transferred to TAQA T&D Business Line HSE risk registers.

• Managers are ultimately responsible for ensuring that risk assessments are
performed, documented, recorded and managed in the areas of their responsibility.
However, workers also have a responsibility for their own health and safety thus
ensuring that they are not exposed to potential hazards and risks.
A team approach / consultation process is adopted to conduct risk assessment
(RA) – as a minimum, the team conducting the risk assessment should include:
o Section Manager
o (Senior) Engineers (Operations & Maintenance)
o HSE Representative
o Engineering Services / Asset Management Representative (Technical Expert)
o Technicians (as needed)

V 1.0 Page 9 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

• Representation from contractors, specialist advisers, consultants, service providers

and any other interested parties are considered when required to assist or advise
the RA team when required.

• The respective manager forms the RA team, nominates a team leader, and ensures
that the process is in accordance with this procedure and is in line with relevant
OSHAD, and EAD legislation and requirements.

• Risk assessment teams shall have the required experience, knowledge and
training and be led by a competent team leader.

• Risk assessments must be conducted when planning or making change to an

activity, operation, procedure or in the case of HSE incidents. Consideration should
be given to the following:
o Routine and non-routine activities that are conducted throughout the
organization, including human behaviour and ergonomics;
o Working in or travelling in adverse weather conditions;
o Impacts, hazards and risks of our activities on outside of our working areas;
o Due consideration for persons not in our employment; and
o Also, due consideration for special needs and young persons who can be
affected by our activities, hazards and risks.

6.3 HSE Risk Management Process

Risk management process consists of the following essential elements:

• Hazard Identification - Identifying hazards that have the potential to cause harm.

• Risk Analysis – calculating the risk value if and when the hazard materialises.

• Risk Evaluation – comparing the calculated risk value with some sort of criteria i.e.
a judgement regarding its acceptability.

• Risk Treatment – deciding what to do with the risk by identifying available options,
and Implementation of Risk Reduction Measures – application of ALARP concept
Note: The term “risk assessment” covers the first three elements above; Hazard
Identification, Risk Analysis and Risk Evaluation whereas “Risk Management” extends
risk assessment to include the last element; Risk Treatment and Implementation of
Risk Reduction Measures.
The HSE risk management process is shown in Figure 1 (as determined in ISO 31000
Risk Management Standard) and is defined in the following five steps.

V 1.0 Page 10 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Figure 1: TAQA T&D HSE Risk Management Process Overview

6.4 Step 1: Establish the Context and Scope

HSE Risk Management can be implemented at any point in the life cycle of a facility
or project. The focus should be on the identification and assessment of hazards and
risks that may be avoided, reduced or eliminated.
In the operational and maintenance phase, the focus is on the control of hazards and
risks by implementing good control processes. People involved in operations and
maintenance activities however should always be alert to identifying new hazards
particularly in non-routine operations.
The scope of any risk assessment including the category of RA to be considered is to
be determined at the outset. All those involved in the assessment agree on what is
being assessed identify the hazard(s) and the risk related to the activities.
The scope and depth of HSE risk assessment will vary according to needs and
requirements. The category and type of risk assessment to be considered is based on
the nature and complexity of the hazards involved.
Context includes amongst others:

• Defining the activity, process, function, project, product, service or asset in terms
of time and location as well as its goal and objectives;
• Defining responsibilities for the risk management activities;
• Identifying and specifying the decisions that have to be made and the resources
required; and
• Defining the company requirements, local and/or international legal requirements
and industry standards applicable.

Required Output:
Determining the scope of the hazards and risks and possible outcomes should
allow users to select the correct risk assessment technique.

V 1.0 Page 11 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.5 Step 2: HSE Hazard and Aspect Identification

During this stage of RA process, it is imperative that all credible hazards that exist or
may arise during an operations or project / asset lifecycle are identified such that the
associated risks may be managed. The form, nature and depth of the hazards, aspect
identification and analysis should be proportionate to the complexity of the project.
There are a number of techniques that may be used to assist in the identification and
analysis of hazards and aspects including:

• Risk assessment can be conducted against industry specific code of practices and
guideline which are developed by competent authorities;
• Locally and internationally acceptable standards can also be referred to as
guidance standards. For example, have OSHAD RF/ Technical Guidelines and
ISO standards i.e., 31000 (Risk Management) and 45001 (Occupational Health
and Safety Management System) Standards available in Abu Dhabi;
• Both qualitative and quantitative risk assessment studies rely on experience based
judgement. The result or outcome of the risk assessment may vary from person to
person based on the experience and knowledge of the particular industry whose
risk are being assessed;

Hazard identification is a dynamic and on-going process; however, it shall be initiated

by a number of triggers, which include:

• Inception of a new project, asset, facility, task or activity;

• As part of Management of Change (engineering / process changes, organizational
changes, changes to tasks, activities or work methods) as per the MOC procedure
(TDBL-HS-C-S-003);
• Routine, abnormal, incident or emergency operating conditions;
• When any new or changed information about a hazard is received; and
• As part of regular periodic self-assessment, audit or review.
The identification and analysis of hazards and aspects must be conducted as early as
possible in the design / planning stages of an activity as it is much easier to make
changes during these phases than during or after operations have started.
The level of detail of the assessment should be proportionate with the risk. When
activities or facilities have a higher risk potential, and normal qualitative RA may seem
inadequate then it will be necessary to consider a more comprehensive and formal
approach to the assessment.
When identifying hazards and aspects, the scope of the exercise must not be
restricted to normal conditions, it must include consideration of all aspects of the
operation, activity or project life cycle. Emergency conditions and associated abnormal
modes of operation must also be considered.
Required Output:
All managers shall ensure that the HSE hazards which may give rise to risk are
identified in their area of operation, across all business processes.

Some of the key processes/studies used for identification of hazards are described
below.

V 1.0 Page 12 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.5.1 Hazard Identification (HAZID) Study

A “HAZID” study is a tool used for systematic hazard identification, used early in a
project as soon as draft heat and mass balances, plot layouts, and process flow
diagrams are available. It helps in establishment of crude risk picture by categorizing
each hazard according to its probability / frequency and expected consequences /
severity. It is often used to identify important risk contributors, for which the causes
and consequences are assessed in more detailed analyses. It is also used to identify
hazards that may cause Major Accident Hazard (MAH).
A HAZID worksheet (also known as Hazard and Effects Register) is used to document
the analysis. HAZID team uses guidewords in order to identify possible potential
hazards / threats and their consequences. Furthermore the team analyses the
appropriate controls that should put in place in order to prevent or mitigate each
identified threat.
A HAZID study will be conducted for all new projects at Concept, FEED (Front End
Engineering Design) and EPC (Engineering, Procurement, Construction) phases, and
for all new operations or activities.
A HAZID review may also appear in various guises however, the process and intent
are the same. A HAZID may also be referred to as a:

• Layout review
• Constructability review
• Installation assessment
• Hazard and Constructability Review (HAZCON)

6.5.2 Environmental (Hazard) Identification (ENVID) Study

An “ENVID” is carried out in a similar way to a “HAZID”, but with the aim of identifying
environmental issues. It is used for the early identification of aspects that can
potentially impact the environment. For potential environmental hazards identified in
ENVID, proposed measures are identified that can prevent, control or mitigate the
hazards. Wherever necessary, alternative measures and monitoring schemes are
provided.
Based on a set of guidewords, scenarios that may result in a hazard, spill, emission
or an environmental problem are identified in ENVID workshop by highly experienced
multi-discipline team. The causes and consequences of these scenarios are then
studied.

V 1.0 Page 13 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.5.3 Hazard & Operability Study (HAZOP)

A “HAZOP” is a qualitative risk analysis method used normally in the planning phase.
A HAZOP study is a structured and systematic analysis of a complex planned or an
existing process in which it is determined whether deviations from the design or
operational intent can lead to undesirable consequences. Based on a set of
guidewords, scenarios that may result in a hazard or an operational problem are
identified. The causes and consequences of these deviations are then studied. Further
analyses are carried out in which safeguards are identified and actions are raised
which are then along with causes and consequences documented in HAZOP
worksheets.
The analysis of HAZOP is conducted on a session basis in which some of documents
used are P&ID’s and PFD’s etc.
HAZOP will be conducted for all new process facilities at Concept, FEED and EPC
phases, and for all major and minor modifications to existing facilities.

6.5.4 Electrical System Hazard and Operability Study (eHAZOP)

The objective of the Electrical System Hazard and Operability Study (E-HAZOP) study
is to identify all hazard and operability issues associated with the electrical network.
High voltage distribution system will be covered in this review while the main electrical
generation shall be considered for interface issues only. In case of multiple identical
electrical systems, only one system will be analysed whereas the study results will be
applicable to all identical systems.
The detailed objectives include:

• Identify the reaction of plant and equipment systems to electrical perturbations

and deviations;
• Assess whether the reaction of the system, or plant or equipment will produce
effects which are detrimental to the public, personnel, environment, asset
protection and business continuity policy of the Company;
• Investigate the operability of the electrical network;
• Identify system robustness and reliability issues such as single point failures,
common cause failures, etc;
• Recommend corrective actions which will mitigate or eliminate such detrimental
effects, or request further investigation to identify suitable actions
eHAZOP is made up of three modules:

• SAFAN – Safety Analysis: Critical analysis of high voltage installation hazards to

safeguard equipment and personnel.
• SYSOP – System security and operability: Systematic review of engineering
design to identify possible limitations and lack of flexibility with their
consequences to operability and overall security of the system.
• OPTAN – Operator task analysis: Identifying facilities and skill levels required to
carry out the operation in a safe manner during normal and abnormal conditions.

V 1.0 Page 14 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.5.5 Failure Modes and Effects Analysis (FMEA)

The “Failure Mode and Effects Analysis” is technique used to identify equipment failure
modes and the effects of each on the process system.
Although originally intended for equipment items, it has also been adapted for
procedures (in which case it may be viewed as a form of human error analysis). It is
very good at analysing single failure modes, but much weaker for complex scenarios
and common cause failures.
A “Failure Modes, Effects and Criticality Analysis” (FMECA) is the same as an FMEA
except that the relative ranking (criticality) of each failure mode is included in the
analysis.
In the design phase, FMEA can be used to identify the need for additional protective
systems or redundancy, during facilities modifications. FMEA can be used to identify
the effects of field modifications to existing equipment. It is also useful during
operations to identify single failure that could result in significant accidents.

6.5.6 Simultaneous Operations Studies (SIMOPS)

Simultaneous Operation Studies include assessment of multiple simultaneous
operations or activities that are occurring close to each other and may lead to
undesired events, such as the potential for unwanted interference of activities.
Undesired events could impact personnel safety, environment safety, asset damage,
schedule, as well as commercial and financial aspects.
After identifying all SIMOPS activities, a SIMOPS assessment review workshop
involving all parties shall be held. A workshop session includes a multi-disciplined
team comprising of management, safety specialists, engineers and operations
representatives. The workshop identifies risks and mitigating measures, as well as
establishes a clear definition of roles and responsibilities for the involved parties. This
information will provide vital input to the SIMOPS/interface document to be developed
for SIMOPS activities.

6.6 Step 3: Risk Analysis

The objective of risk analysis is to determine the consequences and likelihood of
individual hazards and aspects and the overall aggregation of HSE risk. Risk
estimation and analysis determines the risk consequences of individual hazards and
aspects and resulting HSE accidents and incidents. Estimation and analysis provide
the basis for assessing risks against requirements, the need for reduction, the
selection between alternative options on safety, health or environmental grounds and
ultimate acceptability.
All identified risks shall be calculated and analysed to provide an understanding of
their probability to occur and consequences of their occurrence and provides a basis
on which to assess whether a risk needs to be treated. Factors affecting probability
and consequence of the risk will be identified. Risk is then analysed by combining the
consequences and their probability, this can be done using the assumption of no
controls in place and then considering existing control mechanisms. (Either both or
the latter can be used).

V 1.0 Page 15 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Assessment of the consequences and probability of a risk will include due

consideration to historical records, industry experience, market research or other
reliable sources of data that may assist in making a reliable and accurate assessment.
Where confidence in the accuracy of a level of assessment is low, a conservative
approach shall be adopted.
All the hazards/risks identified including those which are identified but appropriate
control mechanisms are in place shall be documented to demonstrate the
completeness of the risk analysis process.

6.6.1 Categories of Risk Assessments

The rigour of the HSE risk assessment method selected shall be proportionate to the
nature and scale of the potential consequences to be evaluated.
In general, these can be described as:

• Qualitative
• Semi-Quantitative
• Quantitative

When HSE hazards are identified, qualitative risk assessment shall be used initially to
identify risk levels and determine whether a more comprehensive (quantitative)
assessment is required. For most situations, a qualitative or semi quantitative
assessment of risk is sufficient. Table-2 below is a guide to the types of risk
assessment and their applicability:

Table 2 – Types of Risk Assessments

Category Description Applications Considerations

Qualitative • Qualitatively • Continuous, routine • Initial risk screening

assesses hazards & non- routine and on- going
and records the activities or day-to- identification of
risks day hazards and
immediate risk
• Includes • Concept screening treatment.
consideration of and preliminary
who is likely to be hazard and aspects • Day-to-day activities
affected. This is identification – potentially
given as a score hazardous
• HAZID, ENVID
indicating: E, H. M activities/situations.
or L on the TAQA
• Sometimes done by
T&D risk
one or two persons.
assessment matrix

V 1.0 Page 16 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Semi- • This method utilizes • Formal • Formal process –

Quantitative a rating system and team effort required.
• Non-routine
is an adaptation of a
Activities Issue • Workers activities
semi-quantitative
based and tasks
approach to risk
assessment. • HAZOP • Activities of
contractors and/or
• It utilizes a rating for • Environmental visitors having
risk that may include Aspects and
access to premises.
a combination of Impacts
qualitative and • Ergonomics.
quantitative aspects.
• Infrastructure,
• Should be used
where ALARP
• Equipment and
materials.
cannot be
demonstrated by • Management of
qualitative Change.
assessments alone.
May also be used in • Design of work
evaluating multiple areas.
options. • Emergency
situations.
• Aspects and impacts
of activities and
processes on the
environment e.g.
EMP, Safety Case.
Quantitative • Works on the same • Formal • Formal process –
principle as the team effort required.
semi-quantitative
• Baseline
• Formal HSE
approach but puts • Projects
justification based on
numbers into the
process.
• EIA defined acceptance
criteria.
• Use it where ALARP • Cost Benefit
Analysis
cannot be
demonstrated by
semi-qualitative
assessments alone.
May also be used in
evaluating multiple
options.

HSE risk assessment is a lifecycle process and must be adopted from project
inception and throughout the lifecycle of the project including decommission. Since
risk is dynamic, risk assessments must be re-evaluated regularly to confirm their
continued adequacy and that controls remain sufficient to mitigate the risk.

Required Output:
All directorates and divisions shall ensure that risks are assessed across all
operations and that these assessments are maintained up-to-date as the activity
progresses and at regular planned intervals.
.

V 1.0 Page 17 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

The qualitative approach uses the TAQA T&D risk assessment matrix as a guide in
determining risk potential. Risk is categorized in risk levels (Extreme, High, Moderate
or Low Risk). Hazards identified during audits, inspections, reviews, accident/incident
investigation, HAZID, TRA, qualitative risk assessment are assessed using this non-
numerical data risk assessment matrix.
HAZIDs and TRAs are examples of qualitative risk assessment.

6.6.2 Safety Instrumentation Level (SIL) Reviews

The “Safety Instrumentation Level (SIL)” reviews shall be applied to define the
required level of reliability for the Safety Instrumented Functions (SIFs) also commonly
known as trips or safety interlocks.
SIL Assessment reviews can be conducted using a variety of methodologies ranging
from risk matrix, being the least quantitative method, through ‘Risk Graph’ and ‘Layer
of Protection Analysis’ (LOPA) up to ‘Event and Fault Tree Analysis’ being the most
quantitative method.
SIL Assessment will be carried out for all new projects/facilities as well as for major
modifications to existing facilities where safety instrumented functions are affected.
These SIL reviews may also be initiated due to changes in process design, upgrades,
and design of new facilities or as part of Process Hazards Analysis (PHA) activities.

6.6.3 Management of Change (MoC)

The “Management of Change (MoC)” is designed to make sure that any proposed
changes to facilities, technology, organisation, procedures and systems, are properly
assessed before they are implemented, and implemented correctly, so that the risks
associated with the change are safely managed.
All changes shall be subject to a form(s) of risk assessment methodology, which
should be appropriate to the change being proposed/implemented (e.g. HAZID,
HAZOP). The MoC shall identify appropriate control measures required to manage or
mitigate risks identified during the risk assessment.
The MoC process may include a pre-start up review prior to equipment start-up. This
is to ensure that the MoC has been correctly interpreted, that the proposed change is
safe to operate, and that the changes meet applicable legal obligations. The MoC
procedure shall have control documentation that identifies the level of approvals
required prior to carrying out commissioning activities. Refer to TDBL-HS-C-S-003 for
more details on the MOC procedure.

6.6.4 Bowtie Analysis

A “Bowtie” analysis is used to analyse and demonstrate causal relationships for Major
Accident Hazards risk scenarios. It is a simple and effective tool for communicating
risk assessment results to personnel at all levels. A Bowtie diagram does two things.
First of all, the diagram clearly displays the links between the potential causes and
consequences of a major accident. Second, it displays what a company does to
control or mitigate those accidents.
Bowtie diagrams may also be used to display the results of various types of risk
assessments and are useful training aids.

V 1.0 Page 18 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Depending on the level of complexity, Bowtie diagrams may also be integrated with
semi-quantitative analysis techniques (e.g. HAZID studies).
All existing facilities and activities at TAQA T&D with potential for Major Accident
Hazards and all new projects with potential for Major Accident Hazards will be
subjected to Bowtie Analysis.

6.6.5 Job Safety Analysis (JSA)

Job Safety Analysis is performed before starting a work activity. JSA is a method for
systematically examining an individual work assignment (job) by breaking down the
job into steps. For each step, it identifies the hazards, records the consequence and
specifies appropriate controls.
The JSA shall be completed for any activity that requires a Permit to Work and shall
be used as an input into the development of the Permit to Work application.
The JSA template in Addendum B shall be used for any JSA completed. As with other
risk assessment processes the level of detail provided in the JSA shall be
proportionate to the level of risk involved in the work activity.
As part of the JSA the required tools, plant, equipment shall be identified, as well as
required PPE, and any maintenance checks that must be completed before starting
work.
The JSA should generally be completed by the immediate supervisor of the workers
who will complete the specific task.

6.7 Step 4: Risk Evaluation

Risk evaluation involves comparing the level of risk assessed during risk analysis
to risk acceptance criteria to determine whether risk and/or its magnitude is acceptable
or tolerable. Based on this comparison and the outcomes of risk analysis, an
assessment is made as to the required risk treatment and treatment priority.
Risks shall be eliminated where possible or reduced to “As low as reasonably
practicable” (ALARP).
NOTE: Risk evaluation assists in the decision about risk treatment.
Decisions should take account of the wider context of the risk and include
consideration of the tolerance of the risks borne by parties other than the organization
that benefits from the risk. Decisions should be made in accordance with legal,
regulatory and other requirements.
In some circumstances, the risk evaluation can lead to a decision to undertake further
analysis. The risk evaluation can also lead to a decision not to treat the risk in any way
other than maintaining existing controls.
This decision will be influenced by the organization's risk attitude and the risk criteria
that have been established.

V 1.0 Page 19 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.7.1 Risk Assessment Matrix (RAM)

The “Risk Assessment Matrix” uses estimates of the severity of consequences and
likelihood or frequency of the consequence occurring to derive a qualitative estimate
of the risk.
The body of the TAQA T&D Risk Assessment Matrix (Fig 2) is divided into risk areas
or zones (Extreme, High, Moderate or Low Risk). In this way, the matrix provides an
easy-to-understand picture of the risk level.
The risk matrix may also be used on a scenario-by-scenario basis to priorities risk
reduction efforts. It is adaptable to varying levels of information and depth of
evaluation.
It is primarily used to identify and rank the risks associated with qualitative risk
assessments (TRAs, HAZIDs).

Figure 2: TAQA T&D Risk Assessment Matrix

V 1.0 Page 20 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Table 3 – Hazard Consequences

Area Impacted Insignificant Minor Moderate Major Catastrophic
Consequences Consequences Consequences Consequences Consequences
(Score = 1) (Score = 2) (Score = 3) (Score = 4) (Score = 5)
Human Health Minor injuries / Injuries / health Serious injuries / Single fatality / Multiple fatalities /
& Safety health effect requiring health effect occupational occupational
effects which on- requiring off-site illness or illness
may site treatment treatment by a disease or diseases
require self- by medical
administered medical practitioner or
first aid. practitioner. immediate
Injured Personnel evacuation to
personnel can unable to hospital. Potential
continue to continue to long-term or
perform perform permanently
normal duties duties disabling effects

Environment Slight impact – Minor Impact - Considerable Local (AD) National (UAE)
clean- clean-up impact – clean-up impact – impact - major
up operation by operation required by significant clean-up operation
local by the specialist waste clean- by specialist waste
team. No public company. contractor. No long up operation by contractor. Long
concern Some local term negative specialist waste term negative
public effect on the contractor. effect
concern environment. Possible long on the
Adverse stance of term negative environment.
local government. effect on the Extensive
environment. measures
Adverse stance required to restore
of environment.
local Adverse stance of
government. national
Regional public government and
concern. public

Total Cost of Financial loss Financial loss Financial loss Financial loss Severe financial
Impacts or (compensation, (compensation, (compensation, (compensation, penalties or legal
fines, fines, cost to fines, cost to fines, cost to liabilities. Financial
Incident Event cost to repair, repair, repair, repair, plant & loss
plant & plant & plant & environment (compensation,
environment environment environment damage) of fines, cost to
damage) damage) of damage) of AED500,000 – repair,
of less than AED5,000 – AED50,000 – 5m plant &
AED5,000 50,000 500,000 environment
damage) of
greater
than AED5m
Production Incident event Production Production loss or Production loss Loss of license to
Loss without loss or delay delay up to one or operate or ability
causing up to one week to one delay for over to produce
production week month onemonth indefinitely
loss

V 1.0 Page 21 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Table 4 – Likelihood

Descriptor Likely Frequency Probability

Frequent Occurs frequently more than once per year 5

Often Occurs once per year 4

Likely Has occurred more than once in the past 10 3

years within the industry globally
Possible Has occurred once within the industry 2
globally
Rare Never heard of in the industry 1

Initial risk ranking involves comparing the level of risk found during the analysis
process with risk categories identified in the risk matrix above. In practical terms this
means that:

• Red zone (Extreme Risk) - activity cannot commence / continue until further
control measures are identified and implemented in order to remove the risk from
the red zone;
• Orange zone (High Risk) – risk rating must be reduced by applying the hierarchy
of controls (refer to section 3.4) and implementing those additional measures
before the activity to continue;
• Yellow and green zones (Moderate and Low Risk) – this requires that all risk
controls identified in the JSAs are implemented.

Required Output:
On completion of the analysis and evaluation of risks, findings are entered into
the risk register. Each OpCo is required to maintain its own risk register.

6.8 Step 5: Risk Treatment

Risk treatment involves identifying the range of options for controlling a risk, assessing
these options and the preparation and implementation of control plans. Selecting the
most appropriate option involves consideration of the costs of implementing each
option against the benefits derived from it.
Risk control options aim to:
• Reducing the probability of a risk; or
• Reducing the consequence of a risk.

The section, department or divisional manager (team leader) is responsible for

ensuring that all controls have been implemented to acceptable levels – this may
involve input and / or assistance from technical advisers and other stakeholders. Risk
is controlled to acceptable levels i.e. Tolerable Risk.

V 1.0 Page 22 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Risk assessment must never be just a paper exercise; the entire process will have
been a waste of time if the findings are merely noted, but no action taken as a result.
Risk assessment is a fundamental part of TAQA T&D’s HSEMS and leads to the
development of plans for improvement.
Risk treatment involves a cyclical process of assessing a risk treatment; deciding
whether residual risk levels are tolerable or not; if not tolerable generating a new risk
treatment; and assessing the effect of that treatment until the residual risk is As Low
as Reasonably Practicable (ALARP).
The process must ensure that whenever possible hazards and risks are eliminated.
When elimination is not possible then mitigation factors including substitution,
engineering controls, administrative controls are considered to reduce / control
hazards and risks. Administrative controls shall include the determination of Safe
Systems of Work and Safe Operating Procedures (SOPs). Administrative controls
alone will not reduce the HSE impact, only the likelihood will and all sections and
divisions are required to demonstrate that residual risk levels are valid, based on
application of sound controls.

6.8.1 Risk Controls Hierarchy

Additional control measures that bring the risk level down to ALARP are called risk
controls. In risk evaluation, severity of consequences and the likelihood of harm
occurring from the risk is determined. If the level of risk identified is above ALARP then
further risk control measures must be identified and put in place to reduce, remove or
mitigate the risk level to ALARP.
The following hierarchy of controls should therefore be considered for risk elimination
and reduction:
Table 5 – OHS Hierarchy of Control

Control Level Description

1. Elimination Eliminate the risk by removing the hazard
Substitute less hazardous materials, equipment, processes
2. Substitution
or substances.
Isolate or contain hazardous material or energy. Enclose or
isolate the hazard with guards or remote handling
3. Isolation & techniques. Make structural changes to the work
Engineering environment, work systems, tools or equipment. Use
Controls mechanical aids or manual handling devices. Use safety
interlocks and safety relief systems to mitigate and shut
down potentially unsafe situations
Appropriate administrative procedures such as policies,
guidelines, Standard Operating Procedures (SOPs),
4. Administrative
registers, work permit, safety signage, job rotation, job
Controls
timing, routine maintenance, and housekeeping. Provide
training on hazards and correct work procedures.
5. Personal Provide correctly fitted and properly maintained personal
Protective protective equipment (PPE), and/ or protective clothing
Equipment (PPE) and the training in its use.

V 1.0 Page 23 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Table 6 – Environmental Hierarchy of Control

Control Level Description

Avoidance is suitable at the point of source in its
application. Producers should be examining how impacts
1. Avoidance can be eliminated inthe production process. Consumers
can change their shopping behaviour such as buying in
bulk or bringing along their reusableshopping bags.
This can involve redesigning packaging to use less
materials, cutting out unnecessary packaging, using
2. Source
material more efficiently, implementing new processes &
Reduction
technology, and replacing disposal products with
reusable & durable ones wherepractical.
Reusing the product more than once in its original form
3. Reuse avoids excessive consumption of resources and impacts.
E.g., refillable drink containers, reusing shipping pallets.
When reuse is no longer possible, materials should be
recycled back into similar products or become
secondary raw materials for production of new products.
4.Recycle Generally producing new products from recycled
materials consumes less energy and spares the
environment from further abuse and degradation
through mining for the primary virgin materials.
Energy recovery can be a viable option after reduction,
reuse, and recycling have been fully explored and
5. Recovery of generally is the final step in the exploitation of maximum
Energy benefits from materials and waste. It involves
incineration & recovery of the latent heat energy of the
materials. Heat energy can be converted into power.
Least preferred option in the hierarchy. There is always
some residual material left over or discharged. This is
6. Treatment / the case even after undergoing the preferred options in
Containment / the environmental management hierarchy. The left over
Disposal material and waste has to be treated and disposed of
properly to safeguard against environmental risks, pest
problems, and health & safety issues.

The approach to Risk Assessments is to reduce risk As Low as Reasonably

Practicable (ALARP). Note that a residually ‘red’ risk in the TAQA T&D risk matrix is
automatically intolerable, but does allow prioritisation of actions to control the risk to
ALARP as given in the following diagram:

V 1.0 Page 24 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Figure 3: ALARP Region

Action plans are documented and implemented to ensure that the mitigation factors
identified are effectively processed to ensure the reduction of hazards and risks as
required. Controls as identified in the action plans are evaluated and reviewed by the
risk assessment team leader at determined intervals.
The approach to Risk Assessments is to reduce risk As Low as Reasonably
Practicable (ALARP). Note that a residually ‘red’ risk in the TAQA T&D risk matrix is
automatically intolerable, but does allow prioritisation of actions to control the risk to
ALARP as given in the following diagram:

6.8.2 Guidance: Actions to demonstrate ALARP

An ALARP demonstration may be achieved in a number of ways, but actions taken to
demonstrate ALARP shall be commensurate with the residual risk levels as assessed.
In general, the following principles should be applied:

• For residual ‘red’ risks: These can never be ALARP and therefore cannot
commence or continue. The issue needs to be escalated to the executive
committee for further action.
• For residual ‘orange’ risks: A JSA alone is unlikely to demonstrate ALARP. It
should be at this point where the need for semi-quantitative or quantitative risk
assessment techniques are considered to determine sufficient additional controls
to reduce high risks to acceptable levels. If after further detailed risk assessment,
residual risk remains in the orange zone then the risk level must be agreed by the
responsible director through consultation with HSE department.
• For residual ‘yellow’ & ‘green’ risks: Risks in these zones should be continually
monitored and any further opportunities for risk reduction should be assessed.
The general concept is that any further risk controls must be implemented unless
the level of cost and effort becomes grossly disproportionate to the benefit. The
need to continually review the JSAs is therefore very important to identify these
opportunities for risk reduction.

V 1.0 Page 25 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Required Output:
All sections, divisions and directorates in TAQA T&D OpCos shall demonstrate
that risks identified in their HSE risk registers are reduced to ALARP through
application of a variety of risk control measures. The continued adequacy of
these controls shall be verified at regular intervals through self-assessment and
on-going assurance (audit) of the HSE risk register.
All extreme and high risks shall be escalated to the TAQA T&D corporate risk
register.
When risk cannot be reduced to ALARP or if risk is residually extreme, these will
be escalated to top management.
Residual risk levels shall be recorded in the HSE risk register and residual risk
re- assessed regularly.

6.9 Monitoring and Review

Section, Department and Project Managers review risk registers and assessments on
an annual basis as a minimum. More frequent review intervals may be required based
on risks severity.
Qualified personnel (such as HSE personnel / safety engineers) including, when
required, specialist expertise from outside the operation concerned shall be used as
appropriate to perform periodic reviews of risk assessments/registers.
The risk assessments/registers shall be reviewed annually and when the following
conditions apply as applicable:

• Changes which may affect the risk level or introduce new risks
• Introducing new plants, equipment, materials, or substances
• After incidents, audits and inspections
• When applicable legislative obligation changes
• Any other change affects the HSE risk/impacts

Responsibilities for monitoring and review should be clearly defined.

TAQA T&D’s monitoring and review practices encompass all aspects of the risk
management process for the purposes of:

• Ensuring that risk controls are effective and efficient in both design and operation;
• Obtaining further information to improve risk assessments;
• Analysing and learning lessons from events (including near-misses), changes,
trends, successes, and failures;
• Detecting changes in the external and internal context, including changes to risk
criteria and the risk itself which can require revision of risk treatments and
priorities; and
• Identifying emerging risks.

V 1.0 Page 26 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

6.10 Risk Registers

All OpCo’s shall record their risk assessments in risk registers. A TAQA T&D corporate
risk register will also be developed and maintained for high risks identified by the
OpCo’s. The risk register comprises the following categories:

• General;
• Power;
• Projects;
• Water;
• Combined High Risks.

Risk registers are owned and controlled by the respective directorate, division and /
or department. Additional controls, when defined, shall be effectively dealt with and
closed out in the respective JSA and risk register.
The HSE department shall conduct periodic reviews to ensure that the quality of risk
registers being produced are of high quality and meet expectations. They must also
assist and provide guidance as required in ensuring suitable action is taken to ensure
effective close-out of additional controls when identified.

6.11 Follow up
Section and Department Managers shall ensure that a follow-up process is
implemented to ensure that risk reduction recommendations are implemented
satisfactorily and within the identified timescales. In some cases, this may be prior to
commencement of the activity giving rise to the risk.
KPIs relating to the effective implementation of this procedure should be agreed upon
between TAQA T&D HSE BP, TAQA T&D OpCo MDs, & TAQA T&D OpCo HSE
Managers. These shall then be tracked by the HSE Department in each OpCo and
reported to Division Managers and Managing Directors. A consolidated view for the
T&D Business Line shall also be reported to TAQA T&D Executive Director.

V 1.0 Page 27 of 33
 TDBL-HS-C-S-002
TAQA RISK MANAGEMENT PROCEDURE

Addendum A – Risk Assessment Template

Risk Assessment Worksheet

OpCo Department Date
Risk Assessment
(Description):

Residual risk
Impact Current risk Additional controls, (after
Possible
S. Activity/ Hazard / Existing Category (with Controls) if required additional
Consequences / Responsible Target Date
No. Condition Aspect Controls (Personnel, (Recommended controls)
Effects
Env, Financial) C L R Actions) C L R

Completed by: Designation: Signature: Date: Approved by: Designation: Signature: Date:

V 1.0 Page 28 of 33
 TDBL-HS-C-S-002
TAQA RISK MANAGEMENT PROCEDURE

Addendum B – Job Safety Analysis Template

Job Safety Analysis Worksheet

OpCo Department Date
Job Description:

JSA Team Members:

Possible
Step Additional Controls if Required
Job step Hazard(s) Consequences / Existing Controls Responsible Target Date
No. (Recommended Actions)
Effects

Plant, Equipment & Tools Needed: Maintenance Checks Required: PPE Required:

Reviewed by: Designation: Signature: Date: Approved by: Designation: Signature: Date:

V 1.0 Page 29 of 33
 TDBL-HS-C-S-002
TAQA RISK MANAGEMENT PROCEDURE

This page is intentionally left blank

V 1.0 Page 30 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Glossary

Abbreviations

TAQA OpCo The TAQA OpCo is a single reporting/profit centre.

TAQA T&D TAQA Transmission & Distribution Business Unit.
EAD Environment Agency Abu Dhabi
KPI Key Performance Indicator
ALARP As Low as Reasonably Practicable (ALARP) means to reduce a risk to
a level which is as low as reasonably practicable and involves
balancing reduction in risk against the time, trouble, difficulty and cost
of achieving it
OSHAD SF Abu Dhabi Occupational Health and Safety System Framework

Terms

Contractor All parties working for the company either as direct contractors or as
subcontractors.
Roles Positions that have an expected set of expectations attached to them
HSE Risk Assessments Register for recording HSE Risk Assessments
Register
Risk Assessment (RA) A process for identifying hazards and aspects, evaluating the risk(s)
arising from a hazard(s) taking into account the adequacy of any
existing controls and deciding whether the risk is acceptable or not
Top Management Managing Director, Directors, Division and Department Managers or
similar, and be the person in charge of a particular department or
division.
Responsibilities A duty or obligation to satisfactorily or complete as task (assigned by
someone or created by one’s circumstances) that one must fulfil and
which consequent penalty for failure.
Roles Positions that have an expected set of expectations attached to them
Corrective Action Steps that are taken to remove the causes of an existing non-
conformity or undesirable situation. The corrective action process is
designed to prevent any recurrence of non-conformities or undesirable
situations.
Hazard / Aspect Any substance, physical effect or condition with potential to harm
people or property.
Risk Risk is the measure of the likelihood of occurrence of an undesired
event and the potential adverse consequences which this event may
have upon people – injury or harm to physical or psychological health.
Inherent (Initial) Risk Initial Risk (considering initial consequence severity and initial
likelihood) that is established the first time the risk is identified and
assessed without any controls to mitigate the risk

V 1.0 Page 31 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

Current Risk Risk having considered the existing controls in place (current
consequence severity and current likelihood) that exist at this current
point in time with controls actively influencing the risk rating
Residual Risk Risk established after accounting for any additional controls (beyond
the existing controls). It will be the same as the current risk if no
additional controls are identified
Tolerable Risk Risk that has been reduced to a level that can be tolerated by the
organisation having regard to its legal obligations and its own HSE
policy

V 1.0 Page 32 of 33
 TDBL-HS-C-S-002
TAQA Risk Management Procedure

References

(1) OSHAD-SF - Technical Guideline Process of Risk Management – Version 3.0 – July 2016
(2) Abu Dhabi Emirate Environment, Health and Safety Management System Framework
(OSHAD-SF) Version 3.1 – March 2017 - Element 4 – Communication and Consultation
(3) ISO 45001:2018 – Occupational Health and Safety Management System
(4) OSHAD-SF – CoP 15.0 Electrical Safety - Version 3.0 – July 2016
(5) OSHAD-SF – CoP 53.0 OSH Management during Construction Work - Version 3.0 – July
2016
(6) ISO 31000 Risk Management

V 1.0 Page 33 of 33