ES2631 Critique and Communication of Thinking and Design

AY2022/2023 Semester 1

Assignment 2
Critical Analysis of Engineering Case Study

Read the articles below and use the Engineering Reasoning Framework to analyse what might have
contributed to the Deepwater Horizon accident that took place in 2010. Write a 500-600 word
critical analysis essay. Support your analysis with evidence from the articles.

Text A: Learning from engineering failures: A case study of the Deepwater Horizon

By all accounts, the Deepwater Horizon was a marvel of engineering. As a semisubmersible

floating rig, the Deepwater Horizon was capable of working without tethers or anchors in depths
of 10,000 feet of water. To remain over a wellhead, the Deepwater Horizon used a computer-
controlled dynamic positioning system to control eight powerful thrusters (4.5 to 5.5 MW)
powered by six diesel engine rooms with electric generators (total of 42 MW; May & Foss, 2000).
With the aid of 3-D seismic technology, this mobile offshore drilling unit (MODU) set a depth
record of 35,055 feet while drilling for oil and gas in the Gulf of Mexico in 2009.
Built by Transocean and under lease to BP, the Deepwater Horizon relocated about 41 miles
offshore of Louisiana to the existing Macondo well, which was in almost 5,000 feet of water. Upon
arrival, the crew lowered and secured its 53-foot high, 450-ton blowout preventer (BOP) onto the
wellhead. A BOP is a hydraulically-powered emergency safety device designed to shear off the
pipe and prevent the escape of hydrocarbons from the well. All drilling equipment—the rotary
drill bit, pipe, casing, and mud—pass through the BOP into the well. In February 2010, BP began
drilling deep into the seabed using a rotary drill bit and "mud". The mud served to cool the bit,
move rock cuttings to the surface, and counterbalance the well pressure as the bit moved deeper
into the rock.
In April, Deepwater Horizon drilled into a porous rock formation that contained hydrocarbons. At
18,193 feet, the pressure of the drilling mud fractured the surrounding rock formation. After
"plugging" the fracture, drilling continued until safety issues convinced BP to stop drilling at
18,360 feet. Since the well was deemed to be economically worthwhile, BP began preparing the
well for production by lowering production casings and centralizers into the well. Then,
Haliburton's crew attempted to isolate the hydrocarbons at the bottom of the well by pumping
cement into the space between the casing and the well bore (annulus). Although several design
changes, equipment malfunctions, and anomalous pressure readings occurred, BP and Haliburton
declared the operation a success on April 20.
In preparation to move the Deepwater Horizon to its next drilling operation, the crew conducted a
series of procedures to assess the integrity of the cement and then plug the well. While
conducting these procedures, mud, seawater, and natural gas erupted onto the rig. Within a few
minutes an explosion ensued and claimed the lives of 11 workers. On April 22, the Deepwater
Horizon sank. The blowout resulted in an uncontrolled stream of oil and gas from the riser (the
pipe connecting the MODU, BOP, and wellhead) into the Gulf of Mexico for 87 days. Although the
total volume of oil discharged into the Gulf is unknown, estimates are at 4,928,100 barrels +/-10%
(U.S. Geological Survey, 2010).

The immediate impacts of the Macondo oil spill are similar to other marine spills (for overview,
see Rose, 2009). The Gulf of Mexico's marine ecosystem and hundreds of miles of coastal
ecosystems were threatened or experienced diminished quality as a result of the blowout of the
Macondo well. However, the number of animals—marine mammals, fish, birds, and bottom-
 dwelling species, such as crabs—that died from ingesting, inhaling, smothering, or dermal contact
with oil and dispersants will never be known because these individuals are decaying at the bottom
of the ocean. In addition, the Macondo oil spill occurred during the prime reproduction cycles of
marine species; thus, future populations of key food sources, such as oysters, shrimp, and Bluefin
tuna, were placed in jeopardy as was the fishing industry that relies upon healthy populations of
these species.
Adapted from: The Free Library. (2012, February 1). Learning from engineering failures: A case study of the
Deepwater Horizon. https://www.thefreelibrary.com/Learning+from+engineering+failures
%3A+a+case+study+of+the+Deepwater...-a0279461887

Text B: Academy case study: The deepwater horizon accident lessons for NASA

Prior to the accident, Deepwater Horizon was one of the best-performing deepwater rigs in BP’s
fleet. In September 2009, it had drilled to a world-record total depth of 35,055 feet. As of April
2010, it had not had a single “lost-time incident” in seven years of drilling. The deficiencies that
set the stage for this tragedy—government oversight, disregard for data, testing, changes to
processes and procedures, safety culture, and communications—are common to other high-
stakes, high-visibility accidents and failures.
Government Oversight
At the time of the blowout, MMS had not published a rule mandating that all oil rig operators
have plans to manage safety and environmental risks—more than 20 years after a rule was first
proposed. The agency’s efforts to adopt a more rigorous and effective risk-based safety regulatory
regime were repeatedly revisited, refined, delayed, and blocked alternatively by industry or
skeptical agency political appointees. MMS thus never achieved the reform of its regulatory
oversight of drilling safety consonant with practices that most other countries had embraced
decades earlier. Other MMS regulatory initiatives critical to safety faced strong and effective
opposition. In 2003, the White House stiffly opposed MMSs efforts to update its requirements for
the reporting of key risk indicators.
Testing
Halliburton prepared cement for the Macondo well that had repeatedly failed Halliburton’s own
laboratory tests. Despite those test results, Halliburton managers onshore let its crew and those
of Transocean and BP on the Deepwater Horizon continue with the cement job, apparently
without first ensuring good stability results. On February 10, soon after the Deepwater Horizon
began work on the well, Jesse Gagliano asked Halliburton laboratory personnel to run a series of
“pilot tests” on the cement blend stored on the Deepwater Horizon that Halliburton planned to
use at Macondo. The reported data included the results of a single foam stability test. To the
trained eye, that test showed that the February foam slurry design was unstable. Gagliano did not
comment on the evidence of the cement slurry’s instability, and there is no evidence that BP
examined the foam stability data in the report at all.
Documents identified after the blowout reveal that Halliburton personnel had also conducted
another foam stability test earlier in February. The earlier test had been conducted under slightly
different conditions than the later one and had failed more severely. It appears that Halliburton
never reported the results of the earlier February test to BP. Halliburton conducted another round
of tests in mid-April, just before pumping the final cement job. The first test showed once again
that the cement slurry would be unstable, and once again, Halliburton did not report this
information to BP.
A second test, the negative-pressure test, checks the integrity of the casing as well as the integrity
of the bottomhole cement job. At the Macondo well, the negative pressure test was the only test
 performed that would have checked the integrity of the bottomhole cement job. A series of
problems hindered the test, so a second one was conducted. BP Well Site Leaders, in consultation
with the crew, made a key error and mistakenly concluded the second negative test procedure
had confirmed the well’s integrity. They declared the test a success and moved on to the next step
in preparing to abandon the well.
Changes to Processes and Procedures
BP did not have adequate controls in place to ensure that key decisions in the months leading up
to the blowout were safe or sound from an engineering perspective. While initial well design
decisions undergo a serious peer review process and changes to well design are subsequently
subject to a management of change (MOC) process, changes to drilling procedures in the weeks
and days before implementation are typically not subject to any such peer-review or MOC
process. At Macondo, such decisions appear to have been made by the BP Macondo team in ad
hoc fashion without any formal risk analysis or internal expert review.
Safety Culture
A survey of the Transocean crew regarding “safety management and safety culture” on the
Deepwater Horizon conducted just a few weeks before the accident hints at the organizational
roots of the problem. The research, conducted at Transocean’s request, involved surveys and
interviews with hundreds of employees onshore and on four rigs, including Deepwater Horizon,
which was surveyed from March 12 to March 16. The reviewers found Deepwater Horizon
“relatively strong in many of the core aspects of safety management.”
But there were also weaknesses. Some 46 percent of crew members surveyed felt that some of
the workforce feared reprisals for reporting unsafe situations, and 15 percent felt that there were
not always enough people available to carry out work safely. Some Transocean crews complained
that the safety manual was “unstructured,” “hard to navigate,” and “not written with the end user
in mind”; and that there is “poor distinction between what is required and how this should be
achieved.” According to the final survey report, Transocean’s crews “don’t always know what they
don’t know. Front line crews are potentially working with a mindset that they believe they are
fully aware of all the hazards when it’s highly likely that they are not.”
Adapted from: Appel News Staff. (2011, May 11). Academy case study: The Deepwater Horizon accident
lessons for NASA. https://appel.nasa.gov/2011/05/11/aa_4-4_acs_deepwater_horizon_lessons-html/

Text C: The eight failures that caused the Gulf oil spill

Eight catastrophic failures led to the explosion that destroyed the Deepwater Horizon drilling rig
in the Gulf of Mexico, killing 11 people and leading to one of the biggest oil leaks in history,
according to BP’s long-awaited investigation into the accident.
BP accepts its role in the disaster but also points the finger at two of its contractors.
The accident occurred on 20 April as the team aboard Deepwater Horizon was preparing to
temporarily abandon a well it had drilled some 70 kilometres from the US coast.
The day before the accident, the crew had pumped cement to the bottom of the borehole, a
standard procedure intended to prevent oil leaking out. On the day of the accident, the team
were conducting checks to determine that that the well had been properly sealed.
BP says the accident was caused by the failure of eight different safety systems that were meant
to prevent this kind of incident:
Dodgy cement
The cement at the bottom of the borehole did not create a seal, and oil and gas began to leak
 through it into the pipe leading to the surface. BP says the cement formulation seems not to have
been up to the job.
Valve failure
The bottom of the pipe to the surface was sealed in two ways. It too was filled with cement, and it
also contained two mechanical valves designed to stop the flow of oil and gas. All of these failed,
allowing oil and gas to travel up the pipe towards the surface.
Pressure test misinterpreted
The crew carried out various pressure tests to determine whether the well was sealed or not. The
results of these tests were misinterpreted, so they thought the well was under control.
Leak not spotted soon enough
Whether a well is under control or not, the crew at the surface should be able to detect a flow of
oil and gas towards the surface by looking for unexpected increases in pressure in the well. Exactly
this kind of increase occurred about 50 minutes before the rig exploded, but it was not
interpreted as a leak.
Valve failure no. 2
About 8 minutes before the explosion, a mixture of mud and gas began pouring onto the floor of
the rig. The crew immediately attempted to close a valve in a device called the blowout preventer,
which sits on the ocean floor over the top of the well borehole. It did not work properly.
Overwhelmed separator
The crew had the option of diverting the mud and gas away from the rig, venting it safely through
pipes over the side. Instead, the flow was diverted to a device on board the rig designed to
separate small amounts of gas from a flow of mud. The so-called mud-gas separator was quickly
overwhelmed and flammable gas began to engulf the rig.
No gas alarm
The rig had an onboard gas detection system that should have sounded the alarm and triggered
the closure of ventilation fans to prevent the gas reaching potential causes of ignition, such as the
rig’s engines. This system failed.
No battery for BOP
The explosion destroyed the control lines the crew were using to attempt to close safety valves in
the blowout preventer. However, the blowout preventer has its own safety mechanism in which
two separate systems should have shut the valves automatically when it lost contact with the
surface. One system seems to have had a flat battery and the other a defective switch.
Consequently, the blowout preventer did not close.
“It is evident that a series of complex events, rather than a single mistake or failure, led to the
tragedy. Multiple parties, including BP, [oilfield services company] Halliburton and [offshore
drilling company] Transocean, were involved,” said Tony Hayward, BP’s chief executive.
Mullins, J. (2010, September 8). The eight failures that caused the Gulf oil spill.
https://www.newscientist.com/article/dn19425-the-eight-failures-that-caused-the-gulf-oil-spill/
Submission Guidelines

1. You will be assessed on your analysis and communication. Please refer to the rubrics given in
Assignment 1.

2. Your analysis should be written in the format of an academic essay with:

 a brief and clear introduction that states your key critical analysis,
 body paragraphs with clear topic sentences and relevant supporting sentences,
 a concise and appropriate conclusion that summarises your key points.

3. In accordance with academic conventions, cite all sources that you use in the critical analysis
essay.

4. You can submit your first draft to the folder ‘Assignment 2 Initial Draft: Critical analysis of case
study [ungraded]’ to check your Similarity Index report before your Week 8 tutorial. This is
optional but advisable.

5. Bring your first draft to the Week 8 tutorial for peer review in class.

6. After receiving the peer review report from your classmate, revise your draft for submission.
The deadline is 11.59pm before your next tutorial in Week 9.

7. Please note that:

 You should state the word count after the main text and before the reference list.
 All in-text citations and footnotes are included in the word count.
 Only the reference list at the end of the text is excluded from the word count.
 There are penalties for exceeding the word limit and for late submissions.