A What-If hazard analysis is a structured brainstorming method used to identify what can go wrong in a process, judge how likely and severe those scenarios are, and recommend actions when the risk is unacceptable. It’s one of the most widely used techniques in process safety, listed as an approved methodology under OSHA’s Process Safety Management standard (1910.119). Compared to more rigid methods like HAZOP, it’s faster to set up and more flexible, but it depends heavily on the experience of the people in the room.
How It Works
The core idea is simple: a team systematically asks “What if…?” questions about a process, then evaluates the consequences of each scenario. What if a valve fails open? What if an operator skips a step? What if the power goes out during a batch reaction? Each question gets documented alongside its potential consequences, an estimate of likelihood and severity, and a recommended safeguard or corrective action if the risk is too high.
The method is qualitative rather than quantitative. You’re not calculating exact failure probabilities. Instead, the team uses its collective judgment to rank risks and decide which ones need attention. This makes it more subjective than methods like Fault Tree Analysis, which map out failure pathways mathematically, but it also makes it accessible to teams without specialized risk engineering training.
The Types of Questions Teams Ask
Good What-If questions cover a broad range of failure modes. MIT’s process safety curriculum groups them into several categories that apply across industries:
- Human error: Failure to follow procedures, procedures followed incorrectly, operator not trained, operator inattentive
- Procedural gaps: Outdated procedures in use, procedures modified during an upset without proper review
- Equipment failure: Single equipment failures, instrumentation that’s miscalibrated, multiple simultaneous failures
- Process upsets: Unexpected changes in temperature, pressure, flow rate, or chemical concentration
- External events: Utility failures (power, steam, gas), severe weather, fire, vandalism
- Startup and maintenance errors: Mistakes during debugging, commissioning, or maintenance activities
A concrete example: imagine a chemical process where a worker pours granular material from a drum into a large vessel of highly caustic liquid. The team might ask: What if the wrong material is charged? What if the drum slips during pouring? What if the ventilation system fails and fumes accumulate? What if the operator isn’t wearing the correct PPE? Each question opens a thread that the team follows to its logical consequence.
Who Should Be on the Team
The method works for both individuals and teams, but team-based sessions produce better results because they pull from a wider range of experience. A team leader walks the group through each step and keeps the brainstorming focused. In practice, most teams include operators who know the day-to-day realities of the process, engineers who understand the design, and maintenance staff who know what breaks and why. Someone records the questions, consequences, and recommendations in a structured worksheet as the session progresses.
The quality of the analysis is directly tied to the knowledge in the room. Because the method relies on intuition and experience rather than a rigid checklist of guide words (the way HAZOP does), a team that lacks hands-on familiarity with the process will miss hazards. This is the method’s biggest limitation and the reason it’s sometimes combined with a checklist approach for added structure.
What the Final Report Looks Like
The deliverable from a What-If analysis is typically a worksheet or table with columns for each scenario. A standard format includes the “What if…?” question, the potential consequence, existing safeguards already in place, a risk ranking (often using a simple high/medium/low scale or a numerical matrix), and recommended actions for scenarios where the existing safeguards aren’t sufficient.
This worksheet becomes a living document. It feeds into training materials, informs operating procedures, and serves as the basis for follow-up audits. Under OSHA’s process safety requirements, employers can’t simply file the report away. They must establish procedures to act on findings promptly, communicate any corrective actions to affected workers, and involve worker safety representatives in the follow-up process.
What Happens After the Analysis
OSHA is explicit that conducting the analysis isn’t enough. Employers need a system for tracking recommendations and resolving them. If a recommendation is rejected, the employer must explain why to the team and document the reasoning. There are only a few valid grounds for declining a recommendation: the analysis contained factual errors, the recommendation isn’t necessary to protect workers, an alternative measure provides equal protection, or the recommendation is infeasible.
Any actions taken to correct hazards must be communicated not just to the immediate team but to every worker who could be affected. This communication step is where many organizations fall short, turning a solid analysis into a shelf document that never changes anything on the ground.
Where It Fits Among Other Methods
OSHA’s Process Safety Management standard (1910.119) lists seven approved approaches for process hazard analysis: What-If, Checklist, What-If/Checklist (a hybrid), HAZOP, Failure Mode and Effects Analysis (FMEA), Fault Tree Analysis, and any appropriate equivalent methodology. The choice depends on the complexity of the process, the resources available, and the level of detail needed.
What-If analysis is best suited for simpler processes, early-stage design reviews, or situations where a quick but thorough sweep of potential hazards is more valuable than a deep quantitative dive. It’s also useful as a first pass before committing to a more resource-intensive method. HAZOP, by contrast, uses a formalized set of guide words (like “more,” “less,” “reverse,” “other than”) applied systematically to every node in a process. It’s more thorough for complex systems but takes significantly more time. FMEA works component by component, asking how each individual part could fail, making it ideal for equipment-heavy systems but less suited to analyzing human factors or procedural gaps.
The hybrid What-If/Checklist method adds a pre-built set of prompts to the brainstorming session, reducing the chance that an inexperienced team overlooks a major hazard category. For many organizations, this combination strikes the right balance between flexibility and rigor.
When to Use It
What-If analysis is a practical choice when you need a hazard review that’s thorough enough to satisfy regulatory requirements but doesn’t demand weeks of preparation. It works well for processes that are relatively straightforward, for management-of-change reviews when a process is being modified, and for periodic revalidation of existing hazard assessments (OSHA requires these at least every five years). It’s also a natural fit for smaller facilities that may not have a dedicated risk engineering team but do have experienced operators and supervisors who understand their processes intimately.
The method’s flexibility is both its greatest strength and its main vulnerability. With a strong, experienced team, it can uncover hazards that more rigid methods miss because the questions aren’t constrained by a fixed structure. With a weak team, it can produce a superficial review that creates a false sense of security. Choosing the right people for the room matters more here than with almost any other hazard analysis technique.