Risk, a word we are all familiar with. Especially now, in the dog days of this pandemic, we think a lot about risk. What activities might be “risky” and what are not, and what is an acceptable level of risk. When we speak with our financial advisors, we get asked “what level of risk are you comfortable with?”, or when we confer with doctors, the risks of certain activities and the risk of poor outcomes gets brought up regularly. How often, though, do we try and understand just what risk is and means to us in our daily lives?


In the energy industry, we often talk about risk. Risk is usually the result of unknown variables that will affect a business process. When you drill a well, there is a risk that oil won’t be there. When you perform enhanced recovery, there is a risk it will not give the expected returns. There are small scale risks, like a breakdown on a drilling rig causing an extra day; a medium risk, like the drill string getting stuck in the hole requiring a few extra days work; and large risks, like OPEC upping production causing a price collapse, and evaporating expected profits for the quarter.


This industry is risk on top of risk on top of risk.  For this reason, it has become impetrative in all businesses, but especially the energy industry, to understand and mitigate it. Energy companies gain insight into risk in a way that you would expect from a group heavy with engineering brains.


Understand it, quantify it, interpret it, and mitigate it. Sounds easy, makes sense? More on this later.


For the PTRC – in our main programs in carbon capture, utilization and storage (CCUS) – risk has become the one thing that drives everything else that we do, but more on this later. During the Weyburn CCUS project (1998-2012), risk and the concept of understanding risk were relatively new, and a certain amount of research funding was earmarked for not only a risk assessment of the project, but understanding the fundamental ways in which we could understand and quantify the relative risk scenarios that could arise. Some of this work is detailed in our publications from the program.


So I will now go about explaining what a risk assessment program would look like, specific to CCUS, but imagine it applying to any different industry or life decision. Think of it as a “pros and cons list on steroids” and something that might be useful to you in any number of ways.


Step 1: The Risk Registry

As with many endeavours, the first step is the most important, and mistakes made here will affect the outcome of the entire exercise. The development of the risk registry has to come at just the right time in the project. You need some data to have been gathered and a concept to be explored. Going into a risk assessment without any data is worse than not doing one at all. So you have some data, you have made a business case, you have partners in place, and you have access to expertise both within and external to your company.


Time to build the risk registry.


It’s a list. A big one. A complete brain-dump of everything that you and your colleagues on the project can think of as the main risk scenarios that could affect the success of your project.


The technical ones: “Will the prairie salt constrict the well during drilling?”

Risk assessments look at two things: the severity of something happening and the likelihood it will happen.

The environmental ones: “Will CO2 travel out of zone along the outside of the wellbore?”


The business ones: “Will the funding come through on time and in the amount we expect?”


The regulatory ones: “Will the government remove the credits for storage?” 


There are a lot of them, often hundreds of specific risk scenarios, sometimes in the literature referred to as “FEPs” or “features, events and processes”. Other sources have starting lists of FEPS or event scenarios to begin with on CCUS or any other topic.


Step 2: The Risk Assessment Workshop

So, you have a list of risk scenarios or “FEPs” that you need experts to weigh in and give opinions on likelihood and severity. With multiple scenario themes (business, technical, etc.) and individuals all with different areas of expertise, how can this all come together in a meaningful way. The goal is to have not only those intimate with the project in on the assessment. Outside people with “fresh eyes”.


Firstly, with all people involved in the risk assessment, an analysis of their relative experience and expertise must be captured, and their answers to the various FEPs weighted accordingly.


Bob from accounting is going to have a lot less to say about a technical risk than Mary from the reservoir engineering group would.


Conversely, Bob is your guy when it comes to the financial risks to the project, and Mary, perhaps less so.


Next we go through the FEPs. All of them, one-by-one in a systematic way. This is usually a facilitated process with either a questionnaire for guidance, or sometimes technological help in the form of remote voting equipment. What are we voting on exactly? Well, in short, the likelihood of the FEP actually happening on a scale (usually from 1-5) with 5 being almost certain to happen. If the FEP actually happens, what is the severity of the outcome (again on a scale from 1-5 with 5 being a catastrophic occurrence)? This is then placed on a simple graph like the one above, to capture where the risk resides in this particular FEP.


Remember Bob the accountant and Mary the engineer? Bob and Mary’s relative expertise are taken into account in the questionnaire or the electronic voting formats.


So on goes this process, FEP-by-FEP, sometimes with discussion amongst experts in various areas, and ideally with instant results of voting to drive that discussion.


Obviously, in looking at the diagram, FEPs ranked in the red squares are things that are very likely going to happen, and they are going to have catastrophic or major consequences if and when they do. Other FEP are obviously not as critical, and some, the green ones, can essentially be ignored or at least discussed in a different way.


At this point, a paring down of FEPs takes place based on the predetermined scoring of each one.  It may be all the orange and red that are focused upon. These are the FEPs that determine the next step…


Step 3: Risk Mitigation Strategy

So if we have now identified risky things that are likely to happen, and that have a negative impact on the project, how is a plan developed to either mitigate or avoid these risks? As with many things in energy, this is again an engineering-driven rational process. The bowtie method (below) is a common way of deriving mitigation and avoidance strategies for a specific FEP or “hazard”.

The FEP or Hazard is in the middle, while to the left, prevention strategies are listed to mitigate the causes. To the right, mitigation strategies are identified and catastrophic outcomes are avoided.


To put this method back into a CCUS context: the hazard of, say, a leak in the injection well tubing causing over pressure in the annular space in the well and eventually leakage to surface. This hazard can be avoided by using approved tubing steel with proper CO2 coatings, or by sealing the tubing in place with a proper collar. Conversely, the way to mitigate leaky tubing is to replace it, or fix the particular joint or malfunctioning piece of equipment such as the collar. These all seems like a bit of a “no-brainer” to anyone familiar with wells, but once the FEPs are piling up, it is a good way to systematically ensure that everything is in place to avoid the risk in the first place, and also to offer a plan on how to fix that risk if it comes to pass.


However this risk analysis leaves out one important element, and the topic of our next section….

For CO2 storage sites, the wellhead can be the single largest source of risk.  The Aquistore well mitigated many of these risks with various measuring technologies downhole.


Step 4: The Measurement Monitoring and Verification Plan

In the above scenario of the leaky tubing, an important aspect not captured in the bowtie matrix of prevention and mitigation is detection. That leak needs to be detected before it can be mitigated.


So let’s take a step back and talk about measurement, monitoring and verification (MMV). MMV is what makes a CCUS or carbon storage project different from that of a mere disposal well.


For the regulator, the general public, and for the operator, it is imperative to understand as much about the injected CO2 as possible. Where it is? Where it is going? How much of it is down there? These are all important questions to ask in order to develop all those smart ideas listed in the bowtie.


At the PTRC’s premiere CCUS project, Aquistore, the purpose of the entire project is to study, develop, and evaluate different methods of MMV that could then be applied to the coming wave of CCUS projects in the future. It took a little while for the future to arrive, however it is here now, and CCUS is top-of-mind for a lot of organizations as a cornerstone in greenhouse gas mitigation strategies listed in the ESG sections of their annual reports. For good reason as well, CCUS has the ability to remove millions of tonnes of otherwise vented CO2.


So back to the bowtie.


MMV fits in that little space between hazard and mitigation.


Without knowing what is going on, there is nothing one would know to mitigate. Our goal at the PTRC through our CCUS programs is to define in the best possible way that MMV space; be it in or near the wellbore, in the rock matrix, or within the surface strata. The risk analysis drives the MMV plan to a place where the regulator, the public, and the operators are satisfied with the installations. Ongoing research here at the PTRC and elsewhere is now focussed on accomplishing that task in an optimized and cheaper way. Managing and analyzing data streams, new ways to gather plume imaging data, and novel pressure monitoring techniques are just some of the things that our programs contribute to.


In Summary:

Risk is quantifiable, but not without a lot of forethought and work. Never has the “garbage-in-garbage-out” axiom been truer than in a risk assessment. Bringing the right people together, guided in the right way will yield the best results. From those results, mitigation plans can be developed for the most pressing of risk scenarios.


It is then important to consider the MMV as a crucial step between risk identification and risk mitigation. Work is ongoing to optimize MMV installations for the benefit of the multitude of CCUS projects we will be seeing in the near and mid-future.