Skip to content

Integrating QRA Outputs into Pipeline Integrity Management Decision-Making

W. Bryce, P.Eng. & Dr. K. Oliphant, P.Eng., JANA Corporation

Gas pipelines have been operated with a high level of safety for over a century.  As with many industries, to ensure continued safe operation and increase pipeline safety, there is a shift from compliance-based management of safety to risk-based Integrity Management (IM). This has led to increasing movement in the North American gas pipeline industry towards quantitative risk assessment (QRA) approaches, with the outputs of QRAs being used to inform asset and integrity management decisions.

Moving from the traditional approach of managing pipeline safety to a risk-based IM approach is not as simple as simply running a QRA. While the QRA is the fundamental cornerstone of managing in a risk-based manner, there are a number of questions that arise in applying the actual QRA outputs to IM: “What is an acceptable level of risk[1]?”; “What are reasonable expenditures to reduce risk?”; “What factors, in addition to risk, need to be considered?”; “How does this fit into the regulatory framework?”; etc.  Overall, if other industries are a guide, it will take decades to evolve to a full risk management regulatory framework that address these and other questions.

In the interim, however, QRAs are becoming more common and their outputs are beginning to be applied to IM decision making.  This shift is bringing many of the highlighted questions to light.  Properly applied, there are significant benefits to using QRAs, such as generating a measurable estimate of risk, ensuring risk is at acceptable levels, optimization of risk expenditures, etc. To properly apply these results, a framework for incorporating QRA outputs into the overall risk management/regulatory environment and decision-making process is required.  To address this need, a general Quantitative Risk Assessment – Integrity Management (QRA-IM) framework has been developed by JANA and is presented below.

Overview of QRA-IM Framework

The QRA-IM Framework is comprised of two key components: (1) The Overall Decision-Making Framework in managing pipeline assets, where QRA outputs are integrated into the overall broader decision-making process and (2) The JANA Risk-Based Optimized Integrity Management Framework, which details more specifically how the QRA outputs are developed to feed into the overall broader decision-making process. 

The approach for each of these two components is summarized below.

Overall Decision-Making Framework

A QRA provides one part of the information that feeds into the overall decision-making framework (Figure 1).  Until a full risk management regulatory framework is developed, the use of QRA outputs needs to be considered and integrated into the existing compliance requirements, industry practices and regulatory environment.  There are also planning and resourcing considerations among other factors that impact the decision-making process.

Figure 1: Requirements of a Risk Modeling

In terms of the overall decision-making process in managing pipeline assets, the following general process flow is recommended:

Regulation & Standards (Compliance)

  • Compliance activities must be completed regardless of the results of any QRA.  If AM or IM investments are required by regulation and standards, these must be conducted and a QRA is not required for justification as these are not asset risk-based decisions.

Industry Standard Practice (ISP)

  • For industries where there are potential hazards that can impact the public, such as the gas pipeline industry, Industry Standard Practice (ISP) becomes a prudent benchmark for pipeline operators and their regulators.  Operators are otherwise at risk of being found negligent if lawsuits result from an accident[2].  IM practices should, therefore, be consistent with evolving industry standard practice.

QRA Outputs

  • Beyond Compliance and ISP, QRA outputs provide insight into further opportunities for risk reduction in the pipeline network. Asset risk forecasts, compared to the corporate and regulatory risk objectives, enable for further system-specific refinement of AM and IM investments beyond standard Compliance- and ISP-driven safety management. This raises a few important questions, such as: “What is “acceptable” risk?” and “Who determines acceptable risk?”, etc.  This is discussed further below.

Planning & Resourcing

  • Once required activities/investments are identified through Compliance, ISP or QRA assessments, planning & resourcing impacts the potential prioritization and sequencing of activities.  For Compliance- or ISP-driven investments, a QRA can provide a risk-based prioritization for long-horizon projects (e.g. long-term replacement programs) to facilitate removing risk from the pipeline system more quickly by prioritizing the highest risk areas to address first.  For shorter-term projects, planning and resourcing optimization is likely the dominant factor.

Other Factors

  • There may be other factors, for specific projects, that influence the decision-making process and these should be included on a case-by-case basis.
JANA Risk-Based Optimized IM Framework

Industry research has demonstrated that, as the fundamental properties of steel do not degrade with time[3], a well-maintained and periodically assessed pipeline (i.e. one where proper IM is being applied) can safely transport natural gas essentially indefinitely[4].  The key requirements for Asset and Integrity Management, then, are:

  • Structuring the pipeline system so that the required IM can be conducted
  • Conducting the IM activities required to maintain safety and operability on an ongoing basis

These involve two different levels of decision-making: (1) at the system level (e.g. being able to run inspection tools for IM) and (2) at the day-to-day Integrity Management level (e.g. addressing the anomalies found with inspection tools).  Both require different decision frameworks and different levels of risk assessment.

The overall framework is presented in Figure 2.  There are two different risk inputs into the overall process: a System QRA and an IM QRA (addressing the system level and day-to-day IM activities, respectively). The System QRA considers risk across all threats to determine, when compared to acceptable risk criteria, what IM activities are required to achieve acceptable risk (IM Operational Requirements).  Further, a System QRA also considers when all practical IM activities are applied and risk is still not at acceptable levels, where it may be necessary to consider pipeline replacement, pressure reduction, etc.  An IM QRA considers risk on a more granular basis (e.g. detailed analysis of in-line inspection results) to identify the ongoing day-to-day IM activities (e.g. dig and repair pipe at a specific location).


Figure 2: JANA Risk-Based Optimized IM Framework

Figure 2: JANA Risk-Based Optimized IM Framework

At the system level there are three critical, interrelated, pipeline infrastructure requirements that need to be considered to meet current and future supply needs while ensuring continued safe, reliable operation of a pipeline:


  • Operational flexibility is required to conduct Integrity assessments and effect Integrity mitigations to maintain pipeline safety


  • Operational Capacity is required to meet supply requirements during peak demand and enable conducting Integrity Management activities


  • Operational Resiliency is required to withstand disruptive events, provide continuity of service and rapidly restore essential functioning

Optimized infrastructure planning requires addressing these in a holistic way.  The desired state is a resilient pipeline system that can reliably meet capacity requirements while providing the operational flexibility necessary to manage the integrity of the pipeline and maintain acceptable risk levels.  The pipeline system must be operated with optimized capital and operating costs.  This requires ongoing assessment and system upgrades as pipelines age, new integrity threats are identified, and populations change (impacting both capacity and integrity requirements). 

The process considers the combined requirements for Integrity, Capacity and Resiliency in the following way:

  • The Integrity Requirements Framework provides the required Integrity Management activities (e.g., ability to run in-line inspection (ILI), ability to reduce pressure to conduct repairs, etc.) to achieve desired reliability targets.  These requirements are based on a System QRA.
  • The Capacity Requirements Framework considers the system capacity and operational flexibility requirements needed to meet both overall supply demand and enable required Integrity Management activities (as identified by the Integrity Framework)
  • The Resiliency Requirements Framework considers further system configuration/capacity requirements needed to minimize the impact of disruptive events (e.g., major system outage)

An Optimized Infrastructure Planning methodology takes the inputs from these three frameworks and holistically considers how best to address them based on consideration of potential mitigations and system changes.

Integrating QRA Outputs into the IM Decision Making Process

Developing a risk management regulatory framework for the North American gas pipeline industry is a process that will take time.  In the interim, pipeline operators can take advantage of the benefits of applying QRA approaches to pipeline safety and Integrity Management.  At the simplest level this requires:

  • Ensuring regulatory compliance
  • Operating in accordance with Industry Standard Practice
  • Using QRA results to identify risk management opportunities beyond Compliance and ISP driven activities
  • Using QRA results to prioritize long-term Compliance and ISP practices on the asset

Risk Criteria

As there are no currently defined risk acceptance criteria in the gas pipeline industry in Canada and the U.S., applying QRA outputs in the decision-making process will require some judgement on the part of operators and regulators. In general, there is a drive in the pipeline industry towards zero injuries and fatalities (no significant incidents).  To apply QRA results in IM, this needs a more explicit definition in terms of specific risk acceptance criteria.  There are several risk acceptance criteria that could be applied individually but, more likely, in some combination:

ALARP – As Low as Reasonably Practicable

  • ALARP is a well-established approach to managing QRA outputs and has consensus standards established in the UK, Ireland and the Netherlands.  ALARP is based on defining an upper criterion for unacceptable risk and a lower criterion for broadly tolerable risk; the region between the two is defined as the ALARP region. In the unacceptable risk region, risk must be reduced regardless of cost.  In the ALARP region, risk must be reduced until broadly tolerable or until it is no longer practicable to reduce risk. “No longer practicable” needs to be defined, and in the UK typically means that costs are 2 to 10 times above the resulting risk reduction (i.e. up to $10 could be spent to reduce 1/10th of that value in risk).  In the broadly tolerable region, no action is required beyond standard IM practices.  There are many challenges with this approach and these are being considered both in California[5] and in Canada[6].

Impact Criteria (Consequence Criteria)

  • Impact Criteria consider the potential impact of events and are used to define a boundary where risk is unacceptable regardless of the probability.  One such example would be if an operator considered transmission pipeline ruptures in an urban area to be unacceptable – in this case an operator might choose to redesign the pipeline to reduce pressure to below 30% SMYS to essentially eliminate rupture potential.

Cost-Benefit Criteria

  • Cost-Benefit Criteria assess the costs of an activity versus the risk reduction of that activity.  This approach is typically applied to non-life safety decisions to optimize operations (life-safety, particularly for public at risk, is more typically determined by ALARP[7] or Impact Criteria). 

A combination of approaches – for example, using Impact Criteria for setting a bound on what is considered unacceptable (for example ruptures in an urban area) and then applying ALARP criteria to the remaining system risk – to determine what further activities may be required; is the most general and effective approach for a pipeline operator to protect all stakeholder



[1] Preliminary SED Staff Whitepaper on As Low As Reasonably Practicable (ALARP) Risk-informed Decision Framework Applied to Public Utility Safety, 2015.

[2] S. Haine, Preliminary SED Staff Whitepaper on As Low As Reasonably Practicable (ALARP) Risk-informed Decision Framework Applied to Public Utility Safety, 2015.

[3] Clark, E.B., Leis, B.N., and Eiber, R.J., “Integrity Characteristics of Vintage Pipelines,” Appendix C, The INGAA Foundation, Inc. 2005.

[4] The Role of Pipeline Age in Pipeline Safety, INGAA Foundation Final Report No. 2012.04

[5] S. Haine, Preliminary SED Staff Whitepaper on As Low As Reasonably Practicable (ALARP) Risk-informed Decision Framework Applied to Public Utility Safety, 2015.

[6] There is currently a CSA Z662 Task Force exploring the development of the ALARP approach for incorporation into CSA Z662

[7] Cost-Benefit analysis is a part of ALARP with a multiplier (typically 2 – 10) applied in the ALARP region to the benefit (i.e. risk reduction)

Download PDF
green pipe

Mechanistic Probabilistic Modeling

You can call it MP Modeling. We call it the better approach to modeling risk for your pipeline integrity.

See What It’s All About

Gas Transmission

  • Intelligent and scalable risk management
  • Exceed regulations with best-in-class compliance
  • Prioritize tasks in your asset management
Find Out More

Gas Distribution

  • Ensure continuity of service through prevention
  • Achieve optimal compliance more efficiently
  • Resolve issues and meet strategic goals
Find Out More
Back to top