By Paul Brake
Getting systems online is tough enough without unnecessary alarms and shutdowns, but the safety and visibility of operations are also paramount. During the commissioning process, balance is critical.
We live in a world where automation is now the center of plant engineering. Automation enables better controls, safer operation, environmental compliance, lower manpower requirements, and data logging. It has provided us with nearly hands-free operation of most systems. It gives operators virtually instantaneous reporting, feedback, and control of the process. It warns us when things are not going along with our plans and warns us of dangers to avert catastrophes. Automation is truly a blessing to everyone involved, until we go overboard. Then we curse its inception.
It is essential that our automation, controls, and sensors be designed and built to give the operator a real-time, complete, and accurate picture of the entire process. It’s also necessary for that automation to identify problems and warn the operator before they escalate. Furthermore, automation must be empowered to take over and control or even cease certain operations based on imminent hazards perceived by the sensors and interpreted by the control program.
Recently we were commissioning an oil/water separation unit with three serial stages and three serial coalescing tanks. The emulsion is pumped through a separator module into a coalescing tank. The recovered hydrocarbon is pumped off the top. The underflow water is pumped from below. Levels are maintained by controlling the pump rates and measured through pressure differentials — three times over. So you have a whole bunch of pumps, a crate or two of flow meters, dozens of automated valves, variable frequency drives (VFDs), level indicators, gas detectors, pressure switches and indicators, temperature sensors, fire monitors, etc., etc. To top it off, the whole system was under a controlled-flow natural gas blanket with a vapor recovery unit because the influent contains hydrogen sulfide gas. A long list of instrumentation and automated equipment is all tied back to the client’s distributed control system (DCS).
When the system is up and running properly and tuned in to the flow, temperature, and variations of the process, it hums along beautifully with no problems for years.
The issue, of course, is getting to that perfect running state. That agonizing, sometimes torturous process is called commissioning. Commissioning demonstrates, quite painfully, that it is very easy to engineer too many sensors, too many alarms, and too many shutdown keys into the process. It became almost impossible to commission our system, because during commissioning — while filling tanks and adjusting levels and flows — we were not within the preset program limits. As we were working, lights were flashing, alarms were ringing, and numerous times the system shut down because some sensor’s limit had been breached.
We learned our lesson. We learned from our mistakes. It is better, and cheaper, to learn from the mistakes of others.
So now, when you go to design your next system, learn from our mistakes. When setting alarms, care should be taken to alarm only those things that are truly critical to your process.
Automation provides efficiency but doesn’t promise a smooth setup.
Get It Right By Setting It Right
There are numerous industry protocols that you can reference and use as your design guides. But to simplify things, try using a Failure Mode Effects Analysis (FMEA) on your system. There are numerous models out there — an internet search will reveal dozens that can help you. The FMEA will help you determine what can go wrong, how it can go wrong, what the possible ripple effects will be, and how to mitigate or remove the hazards. It is always best to engineer the hazards out, but that can result in too much automation, as described above.
If a failure will not cause an injury, environmental compliance issue, or damage to equipment, then it can be alarmed, but it should not cause a shutdown. Shutdowns should be used only for imminent threats to safety, environment, or equipment. Notice that I left out “process.” When commissioning, you won’t be hitting your process requirements until you are well underway, so don’t let that shut you down.
If it can cause any of those three critical events, will it cause them immediately or is there a buffer time? Take, for example, flow to a pump. How long can the pump safely run in a low flow before damage occurs? How high is the maximum outlet pressure able to reach, and for how long? How full can your tank get before it is truly overflowing? How empty before vortexing your pump? The answers to these questions will determine the setpoints and variables on your alarms for commissioning.
Automation is great, but we have to use it wisely. The operator must be the master of the system. When we write programs we should have a commissioning mode in the operation. During commissioning, there are far more hands on deck than in normal operation. Automation should be programmed to account for this. Also, most of the equipment will not be operating in its optimal range, which needs to be accounted for as well. In this stage of operation your process will not be optimal either. Do not expect an effluent that matches your process requirement, and adjust your automation and alarms to allow for staggering deviations.
The best-engineered system will start like an old tractor the first few times you run it. It will shake and rattle and blow smoke. That is why we commission and don’t simply plug and play with large, complex systems. So adjust your automation, sensors, controls, and shutdown keys to match your commissioning conditions, and allow your people to be the brains of the operation. Your operators will love you for it.
About The Author
Paul Brake is a mechanical engineer with three decades of industrial experience. He is currently engineering manager at RJ Oil Inc. Environmental Solutions, in Acheson, Alberta, designing and building remediation equipment.