Industrial Machine Systems Risk Assessment: A Critical Review of Concepts and Methods

Reducing the risk of work-related death and injury to machine operators and maintenance personnel poses a continuing occupational safety challenge. The risk of injury from machinery in U.S. workplaces is high. Between 1992 and 2001, there were, on average, 520 fatalities per year involving machines and, on average, 3.8 cases per 10,000 workers of nonfatal caught-in-running-machine injuries involving lost workdays. A U.S. task group recently developed a technical reference guideline, ANSI B11 TR3, "A Guide to Estimate, Evaluate, & Reduce Risks Associated with Machine Tools," that is intended to bring machine tool risk assessment practice in the United States up to or above the level now required by the international standard, ISO 14121. The ANSI guideline emphasizes identifying tasks and hazards not previously considered, particularly those associated with maintenance; and it further emphasizes teamwork among line workers, engineers, and safety professionals. The value of this critical review of concepts and methods resides in (1) its linking current risk theory to machine system risk assessment and (2) its exploration of how various risk estimation tools translate into risk-informed decisions on industrial machine system design and use. The review was undertaken to set the stage for a field evaluation study on machine risk assessment among users of the ANSI B11 TR3 method.     

Tiered Approach to Resilience Assessment

Regulatory agencies have long adopted a three‐tier framework for risk assessment. We build on this structure to propose a tiered approach for resilience assessment that can be integrated into the existing regulatory processes. Comprehensive approaches to assessing resilience at appropriate and operational scales, reconciling analytical complexity as needed with stakeholder needs and resources available, and ultimately creating actionable recommendations to enhance resilience are still lacking. Our proposed framework consists of tiers by which analysts can select resilience assessment and decision support tools to inform associated management actions relative to the scope and urgency of the risk and the capacity of resource managers to improve system resilience. The resilience management framework proposed is not intended to supplant either risk management or the many existing efforts of resilience quantification method development, but instead provide a guide to selecting tools that are appropriate for the given analytic need. The goal of this tiered approach is to intentionally parallel the tiered approach used in regulatory contexts so that resilience assessment might be more easily and quickly integrated into existing structures and with existing policies.     

Assessing Engineering Resilience for Systems with Multiple Performance Measures

Recently, efforts to model and assess a system's resilience to disruptions due to environmental and adversarial threats have increased substantially. Researchers have investigated resilience in many disciplines, including sociology, psychology, computer networks, and engineering systems, to name a few. When assessing engineering system resilience, the resilience assessment typically considers a single performance measure, a disruption, a loss of performance, the time required to recover, or a combination of these elements. We define and use a resilient engineered system definition that separates system resilience into platform and mission resilience. Most complex systems have multiple performance measures; this research proposes using multiple objective decision analysis to assess system resilience for systems with multiple performance measures using two distinct methods. The first method quantifies platform resilience and includes resilience and other “ilities” directly in the value hierarchy, while the second method quantifies mission resilience and uses the “ilities” in the calculation of the expected mission performance for every performance measure in the value hierarchy. We illustrate the mission resilience method using a transportation systems‐of‐systems network with varying levels of resilience due to the level of connectivity and autonomy of the vehicles and platform resilience by using a notional military example. Our analysis found that it is necessary to quantify performance in context with specific mission(s) and scenario(s) under specific threat(s) and then use modeling and simulation to help determine the resilience of a system for a given set of conditions. The example demonstrates how incorporating system mission resilience can improve performance for some performance measures while negatively affecting others.     

Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems

Natural and human‐induced disasters affect organizations in myriad ways because of the inherent interconnectedness and interdependencies among human, cyber, and physical infrastructures, but more importantly, because organizations depend on the effectiveness of people and on the leadership they provide to the organizations they serve and represent. These human–organizational–cyber–physical infrastructure entities are termed systems of systems. Given the multiple perspectives that characterize them, they cannot be modeled effectively with a single model. The focus of this article is: (i) the centrality of the states of a system in modeling; (ii) the efficacious role of shared states in modeling systems of systems, in identification, and in the meta‐modeling of systems of systems; and (iii) the contributions of the above to strategic preparedness, response to, and recovery from catastrophic risk to such systems. Strategic preparedness connotes a decision‐making process and its associated actions. These must be: implemented in advance of a natural or human‐induced disaster, aimed at reducing consequences (e.g., recovery time, community suffering, and cost), and/or controlling their likelihood to a level considered acceptable (through the decisionmakers’ implicit and explicit acceptance of various risks and tradeoffs). The inoperability input‐output model (IIM), which is grounded on Leontief's input/output model, has enabled the modeling of interdependent subsystems. Two separate modeling structures are introduced. These are: phantom system models (PSM), where shared states constitute the essence of modeling coupled systems; and the IIM, where interdependencies among sectors of the economy are manifested by the Leontief matrix of technological coefficients. This article demonstrates the potential contributions of these two models to each other, and thus to more informative modeling of systems of systems schema. The contributions of shared states to this modeling and to systems identification are presented with case studies.     

Socioeconomic Risk in Development of Energy Systems

A soft mathematical model, taking stock of the stochastic and cooperative features of the economy of thinking in the decision making, is aggregated to unveil hidden connections between energy policy and the energy technology choices of an establishment. Starting from several assumptions on the nature of the collective decisional behavior, one obtains a probabilistic interpretation of the mechanism of penetration of energy technologies. The probability that the establishment bets on a certain technological profile is given as a solution to a Fokker-Planck equation accounting for the decision game. It provides a topological variety that accomodates possible states of the system and their trajectories, and indicates ways in which different attractors drive the technology choice in the space of the energy policy.
In this framework, a series of concepts (i.e., logistic evolution, resilience, stability, risks of disruption or crisis, energy security) can find in a natural way strikingly intuitive interpretations. Strategic games are possible on this ground, confirming facts of life and also showing predictive power. The complex and difficult to manage interdependence between energy policy and technology appears as a challenge to the long-term planning of alternative energy systems. To meet the challenge, preparedness for changes through a large freedom of choice on the technological options appears as a necessary complement to the faithful observance of the market drives, which stresses the importance of having available perceptive, coherent, reliable, and responsible mechanisms of decision making.     

公众社区参与意愿对危化品危害利益相关者感知的影响

面对危化品危害,政府及相关单位面临着日益严峻的既要保证公众知情,又要避免信息过度传播的难题,信任是导致这种沟通困境的重要因素。为解决危害信息有效沟通问题,从重构公众与政府之间信任关系的角度入手,以公众利益相关者感知衡量信任,探究公众社区参与意愿对利益相关者感知的影响关系,并将社区参与分为代表单向沟通的仪式性参与和代表双向沟通的实质性参与。研究结果表明:公众社区参与意愿有利于提升公众危化品危害利益相关者感知,特别是仪式性参与意愿的直接作用效果更为显著;实质性参与意愿和危害利益相关者感知的关系中,预决策过程起到完全中介的作用;危化品危害知识在社区参与意愿和利益相关者感知的影响关系中起到显著的正向调节作用,特别是在预决策过程与利益相关者感知的影响路径中。研究结论为构建公众和政府之间的信任关系,进而为缓解危化品危害信息沟通难题提供理论支撑和实践价值。     

Methodology for the Calculation of Annualized Incremental Risks in Systems of Dams

In the past few years, the field of dam safety has approached risk informed methodologies throughout the world and several methodologies and programs are appearing to aid in the systematization of the calculations. The most common way of implementing these calculations is through the use of event trees, computing event probabilities, and incremental consequences. This methodology is flexible enough for several situations, but its generalization to the case of systems of several dams is complex and its implementation in a completely general calculation methodology presents some problems. Retaining the event tree framework, a new methodology is proposed to calculate incremental risks. The main advantage of this proposed methodology is the ease with which it can be applied to systems of several dams: with a single risk model that describes the complete system and with a single calculation the incremental risks of the system can be obtained, being able to allocate the risk of each dam and of each failure mode. The article shows how both methodologies are equivalent and also applies them to a case study.     

Decision‐Making Analytics Using Plural Resilience Parameters for Adaptive Management of Complex Systems

It is critical for complex systems to effectively recover, adapt, and reorganize after system disruptions. Common approaches for evaluating system resilience typically study single measures of performance at one time, such as with a single resilience curve. However, multiple measures of performance are needed for complex systems that involve many components, functions, and noncommensurate valuations of performance. Hence, this article presents a framework for: (1) modeling resilience for complex systems with competing measures of performance, and (2) modeling decision making for investing in these systems using multiple stakeholder perspectives and multicriteria decision analysis. This resilience framework, which is described and demonstrated in this article via a real‐world case study, will be of interest to managers of complex systems, such as supply chains and large‐scale infrastructure networks.     

System of Systems Engineering and Risk Management of Extreme Events: Concepts and Case Study

The domain of risk analysis is expanded to consider strategic interactions among multiple participants in the management of extreme risk in a system of systems. These risks are fraught with complexity, ambiguity, and uncertainty, which pose challenges in how participants perceive, understand, and manage risk of extreme events. In the case of extreme events affecting a system of systems, cause‐and‐effect relationships among initiating events and losses may be difficult to ascertain due to interactions of multiple systems and participants (complexity). Moreover, selection of threats, hazards, and consequences on which to focus may be unclear or contentious to participants within multiple interacting systems (ambiguity). Finally, all types of risk, by definition, involve potential losses due to uncertain events (uncertainty). Therefore, risk analysis of extreme events affecting a system of systems should address complex, ambiguous, and uncertain aspects of extreme risk. To accomplish this, a system of systems engineering methodology for risk analysis is proposed as a general approach to address extreme risk in a system of systems. Our contribution is an integrative and adaptive systems methodology to analyze risk such that strategic interactions among multiple participants are considered. A practical application of the system of systems engineering methodology is demonstrated in part by a case study of a maritime infrastructure system of systems interface, namely, the Straits of Malacca and Singapore.     

Risk Analysis, Systems Analysis, and Covey's Seven Habits

This article relates problem solving to the common approaches of the gestalt-holistic philosophies of systems analysis, risk analysis, and Stephen Covey's Seven Habits of Highly Effective People. Guiding principles developed on the basis of these philosophies provide the foundations for methodological frameworks that build on a plethora of theory, methods, tools, and techniques. Although systems analysis and risk analysis differ in their historical evolution and technical maturity, both study and solve problems using methodological frameworks that share a holistic vision.     

Some Limitations of Qualitative Risk Rating Systems

Qualitative systems for rating animal antimicrobial risks using ordered categorical labels such as “high,”“medium,” and “low” can potentially simplify risk assessment input requirements used to inform risk management decisions. But do they improve decisions? This article compares the results of qualitative and quantitative risk assessment systems and establishes some theoretical limitations on the extent to which they are compatible. In general, qualitative risk rating systems satisfying conditions found in real‐world rating systems and guidance documents and proposed as reasonable make two types of errors: (1) Reversed rankings, i.e., assigning higher qualitative risk ratings to situations that have lower quantitative risks; and (2) Uninformative ratings, e.g., frequently assigning the most severe qualitative risk label (such as “high”) to situations with arbitrarily small quantitative risks and assigning the same ratings to risks that differ by many orders of magnitude. Therefore, despite their appealing consensus‐building properties, flexibility, and appearance of thoughtful process in input requirements, qualitative rating systems as currently proposed often do not provide sufficient information to discriminate accurately between quantitatively small and quantitatively large risks. The value of information (VOI) that they provide for improving risk management decisions can be zero if most risks are small but a few are large, since qualitative ratings may then be unable to confidently distinguish the large risks from the small. These limitations suggest that it is important to continue to develop and apply practical quantitative risk assessment methods, since qualitative ones are often unreliable.     

Risk Modeling of Interdependent Complex Systems of Systems: Theory and Practice

The emergence of the complexity characterizing our systems of systems (SoS) requires a reevaluation of the way we model, assess, manage, communicate, and analyze the risk thereto. Current models for risk analysis of emergent complex SoS are insufficient because too often they rely on the same risk functions and models used for single systems. These models commonly fail to incorporate the complexity derived from the networks of interdependencies and interconnectedness (I–I) characterizing SoS. There is a need to reevaluate currently practiced risk analysis to respond to this reality by examining, and thus comprehending, what makes emergent SoS complex. The key to evaluating the risk to SoS lies in understanding the genesis of characterizing I–I of systems manifested through shared states and other essential entities within and among the systems that constitute SoS. The term “essential entities” includes shared decisions, resources, functions, policies, decisionmakers, stakeholders, organizational setups, and others. This undertaking can be accomplished by building on state‐space theory, which is fundamental to systems engineering and process control. This article presents a theoretical and analytical framework for modeling the risk to SoS with two case studies performed with the MITRE Corporation and demonstrates the pivotal contributions made by shared states and other essential entities to modeling and analysis of the risk to complex SoS. A third case study highlights the multifarious representations of SoS, which require harmonizing the risk analysis process currently applied to single systems when applied to complex SoS.     

Reducing Risk Through Real Options in Systems Design: The Case of Architecting a Maritime Domain Protection System

Complex engineering systems are usually designed to last for many years. Such systems will face many uncertainties in the future. Hence the design and deployment of these systems should not be based on a single scenario, but should incorporate flexibility. Flexibility can be incorporated in system architectures in the form of options that can be exercised in the future when new information is available. Incorporating flexibility comes, however, at a cost. To evaluate if this cost is worth the investment a real options analysis can be carried out. This approach is demonstrated through analysis of a case study of a previously developed static system-of-systems for maritime domain protection in the Straits of Malacca. This article presents a framework for dynamic strategic planning of engineering systems using real options analysis and demonstrates that flexibility adds considerable value over a static design. In addition to this it is shown that Monte Carlo analysis and genetic algorithms can be successfully combined to find solutions in a case with a very large number of possible futures and system designs.     

An Approach to Vulnerability Analysis of Complex Industrial Systems

The concept of vulnerability of complex industrial systems is defined and discussed in relation to risk and system survivability. The discussion is illustrated by referring to a number of previous industrial accidents. The various risk factors, or threats, influencing an industrial system's vulnerability are classified and discussed. Both internal and external threats are covered. The general scope of vulnerability analysis is compared to traditional risk analysis approaches and main differences are illustrated. A general procedure for vulnerability analysis in two steps, including building of scenarios and preparation of relevant worksheets, is described and discussed.     

Context in the Risk Assessment of Digital Systems

As the use of digital computers for instrumentation and control of safety-critical systems has increased, there has been a growing debate over the issue of whether probabilistic risk assessment techniques can be applied to these systems. This debate has centered on the issue of whether software failures can be modeled probabilistically. This paper describes a context-based approach to software risk assessment that explicitly recognizes the fact that the behavior of software is not probabilistic. The source of the perceived uncertainty in its behavior results from both the input to the software as well as the application and environment in which the software is operating. Failures occur as the result of encountering some context for which the software was not properly designed, as opposed to the software simply failing randomly. The paper elaborates on the concept of error-forcing context as it applies to software. It also illustrates a methodology which utilizes event trees, fault trees, and the Dynamic Flowgraph Methodology (DFM) to identify error-forcing contexts for software in the form of fault tree prime implicants.     

On the Need for Rethinking Current Practice that Highlights Goal Achievement Risk in an Enterprise Context

This article addresses the issue of how performance and risk management can complement each other in order to enhance the management of an enterprise. Often, we see that risk management focuses on goal achievements and not the enterprise risk related to its activities in the value chain. The statement “no goal, no risk” is a common misconception. The main aim of the article is to present a normative model for describing the links between performance and risk, and to use this model to give recommendations on how to best structure and plan the management of an enterprise in situations involving risk and uncertainties. The model, which has several novel features, is based on the interaction between different types of risk management (enterprise risk management, task risk management, and personal risk management) and a structure where the enterprise risk management overrules both the task and personal risk management. To illustrate the model we use the metaphor of a ship, where the ship is loaded with cash‐generating activities and has a direction over time determined by the overall strategic objectives. Compared to the current enterprise risk management practice, the model and related analysis are founded on a new perspective on risk, highlighting knowledge and uncertainties beyond probabilities.     

Risk Analysis for U.S. Offshore Wind Farms: The Need for an Integrated Approach

Wind power is becoming an increasingly important part of the global energy portfolio, and there is growing interest in developing offshore wind farms in the United States to better utilize this resource. Wind farms have certain environmental benefits, notably near‐zero emissions of greenhouse gases, particulates, and other contaminants of concern. However, there are significant challenges ahead in achieving large‐scale integration of wind power in the United States, particularly offshore wind. Environmental impacts from wind farms are a concern, and these are subject to a number of on‐going studies focused on risks to the environment. However, once a wind farm is built, the farm itself will face a number of risks from a variety of hazards, and managing these risks is critical to the ultimate achievement of long‐term reductions in pollutant emissions from clean energy sources such as wind. No integrated framework currently exists for assessing risks to offshore wind farms in the United States, which poses a challenge for wind farm risk management. In this “Perspective”, we provide an overview of the risks faced by an offshore wind farm, argue that an integrated framework is needed, and give a preliminary starting point for such a framework to illustrate what it might look like. This is not a final framework; substantial work remains. Our intention here is to highlight the research need in this area in the hope of spurring additional research about the risks to wind farms to complement the substantial amount of on‐going research on the risks from wind farms.     

Health Risks of Energy Systems

Health risks from fossil, renewable and nuclear reference energy systems are estimated following a detailed impact pathway approach. Using a set of appropriate air quality models and exposure-effect functions derived from the recent epidemiological literature, a methodological framework for risk assessment has been established and consistently applied across the different energy systems, including the analysis of consequences from a major nuclear accident. A wide range of health impacts resulting from increased air pollution and ionizing radiation is quantified, and the transferability of results derived from specific power plants to a more general context is discussed.     

Spatial Risk Analysis of Power Systems Resilience During Extreme Events

The increased frequency of extreme events in recent years highlights the emerging need for the development of methods that could contribute to the mitigation of the impact of such events on critical infrastructures, as well as boost their resilience against them. This article proposes an online spatial risk analysis capable of providing an indication of the evolving risk of power systems regions subject to extreme events. A Severity Risk Index (SRI) with the support of real‐time monitoring assesses the impact of the extreme events on the power system resilience, with application to the effect of windstorms on transmission networks. The index considers the spatial and temporal evolution of the extreme event, system operating conditions, and the degraded system performance during the event. SRI is based on probabilistic risk by condensing the probability and impact of possible failure scenarios while the event is spatially moving across a power system. Due to the large number of possible failures during an extreme event, a scenario generation and reduction algorithm is applied in order to reduce the computation time. SRI provides the operator with a probabilistic assessment that could lead to effective resilience‐based decisions for risk mitigation. The IEEE 24‐bus Reliability Test System has been used to demonstrate the effectiveness of the proposed online risk analysis, which was embedded in a sequential Monte Carlo simulation for capturing the spatiotemporal effects of extreme events and evaluating the effectiveness of the proposed method.