Tools for Risk Management of Technical Facilities Operation

The article shows the results of research directed to detection of technical facilities accidents and failures sources at their operation. The research aim is to create the effective tools for management of risks so the coexistence of technical facilities with their vicinity would be ensured throughout their life cycles. The problems solution way is based on the simultaneously preferred concept, in which the safety is preferred over the reliability. Respecting the present knowledge on technical facilities ́ safety and the lessons learned from the past technical facilities accidents and failures, the causes of which were connected with their operation, two tools are developed: Decision Support System and Risk Management Plan that were reviewed by experts and tested in practice.

 Abstract-The article shows the results of research directed to detection of technical facilities accidents and failures sources at their operation. The research aim is to create the effective tools for management of risks so the coexistence of technical facilities with their vicinity would be ensured throughout their life cycles. The problems solution way is based on the simultaneously preferred concept, in which the safety is preferred over the reliability. Respecting the present knowledge on technical facilities´ safety and the lessons learned from the past technical facilities accidents and failures, the causes of which were connected with their operation, two tools are developed: Decision Support System and Risk Management Plan that were reviewed by experts and tested in practice.

I. INTRODUCTION
Technical facilities belong to public assets because they ensure products and services on which the humans are dependent [1][2][3][4][5][6][7][8][9][10][11]. Present knowledge shows that each public asset is open system with real time development and these developments are during the time sometimes conflicting [12]. The conflicts´ management is influenced by complex nature of all public assets which is described by system of systems models and time variability.
For humans´ security and development, the coexistence of technical facilities with their vicinity is necessary to be ensured throughout their life cycles [13,14]. Therefore, in line with current knowledge and experience, we need: to know the sources of risk at using the All-Hazard-Approach [15], to appreciate their harmful potential (i.e. identify the sizes and distribution of their impacts on public assets) in individual places, and the size of their potential losses and damages depending on the distribution of public assets, i.e. to determine the risk [12]. Depending on the concerned human society possibilities, the risks are divided into acceptable, conditionally acceptable and unacceptable. In the case of risks which are: conditionally acceptable, the mitigating, reactive and renewing measures for the monitored assets should be prepared, acceptable, the risk monitoring over time should be installed with aim to reveal an increase of their harmful impacts over time.
In this way, we carry out activity which we call "risk management". The activity effectiveness depends on tools. The article deals with compilation of effective tools for technical facilities risk management directed to integral safety with aim to ensure their co-existences with their vicinity during their operations. The problems solution given hereafter respects that the safety is preferred over the reliability.

II. TECHNICAL FACILITIES RISKS
Each technical facility is created by human activities and it provides products or services important to human´s lives; technical facilities aimed at promoting policy objectives only are not subject to research. Technical facility architecture is object or network. Each technical facility type has its specifics; e.g. there is a significant difference between the control of stable ones and moving ones.
The human lives in modern society are made easier through technical and cyber systems. However, all these positive consequences of technical progress on the human system functioning are redeemed by existence of a much larger number of risks that lead to: the failure of the State basic functions, safety level reduction and disruption of technical facilities coexistence with their surroundings [13,16]. The reason for increased number of risk sources is existence of a large number of different types of complex systems, their elements and interconnections on which the human system depends.
Each technical facility and its surroundings change over time, and therefore, they also change their mutual interactions. From the human security and development viewpoint, it is important so these interactions throughout the technical facility life cycle should be adequate. They may not cause the sources of risks that would significantly undermine the conditions necessary for the human lives and cause the situations that human society would not have the capacity to deal with the risks to its advantage.
As the world dynamically evolves, the progressive anthropogenic management already notes that due to the technical facilities´ and the world´ complexities and time changes in conditions that humans do not have the ability to influence, the accidents and failures of technical facilities Tools for Risk Management of Technical Facilities Operation Dana Prochazkova, Jan Prochazka are a reality with which the anthropogenic management needs to deal [17]. It needs to go on such technical facilities managing that performs well-established tasks during their lifetimes for their safety. Due to the existence of dynamic transformations, the management is foreseen that situations may arise where technical facility becomes dangerous to itself and its surroundings [17]. In order to ensure security for human society and other public assets, it is, therefore, necessary to have the tools to reveal risk sources and to manage emergencies so that their impacts on public assets and on technical facility itself may be minimal. It should be remembered that in critical situations, the solution is not a " to sacrifice the technical facility", i.e. to carry out measures and activities that completely destroy it, since the technical facility supplies products or provides services, employs humans and is a source of economic capital for given territory. Therefore, serious risks should be managed with targeting the technical facilities safety in all possible conditions [12,13]. However, our research shows lacks in awareness on risks, especially among managers and politicians.

III. ASPECTS OF MANAGEMENT OF RISKS OF TECHNICAL FACILITIES SAFETY AT OPERATION
Technical facilities are physical, cyber and organizational (including personnel) interconnected systems. Examples of physical/technical systems are buildings, technical equipment for the production or transmission of energy, networks, means of transport, material equipment. Examples of cyber systems are computer systems for the management of production and other processes, information sources, etc. An example of organizational systems are economic and organizational units.
Due to technical facility complexity, their safety is necessary to understand in integral sense. Great attention needs to pay to interconnections and existing flows among different parts and sectors that manage partial subsystems. At one system failure, interconnections can have unforeseen consequences in form of chain reactions (cascades) and domino effects accompanied by failure, or by gradually failing other important systems and services; e.g. power outages can cause outages in drinking water supplies, food supplies, heat supply, fuel, failure of transport infrastructure, failure of management and information technologies for the functioning of the banking sector, state administration and emergency services, etc. [13,14]; examples of failures impacts are also in [17,18].
Because technical facilities are complex systems (system of systems -SoS), their behaviors cannot be inferred from the behavior of individual parts and, under certain conditions, there are occurred unexpected phenomena that lead to the destruction or failure of the technical facility functionality. It goes on: a sudden emerging the behavior feature that cannot be derived from knowledge of components´ behavior, hierarchy, self-organization, diversity of management structures, which together resemble chaos [13,14]. Therefore, to ensure complex technical facilities safety, it needs to be used multi-disciplinary and interdisciplinary approach [12], which ensure their: existence (ability to ensure balance, efficiency (ability to cope with resource shortages), freedom (ability to handle challenges from the surroundings well), security (ability to protect itself from phenomena inside and outside), adaptation (ability to adapt to external changes), coexistence (the ability to change its behavior so that it may responds to the behavior and orientation of other systems and so that the systems do not endanger each other).
In terms of current knowledge, at least two tasks are ahead today: to solve the functionality of set of interconnected (i.e. dependent) objects and infrastructures under normal, abnormal and critical conditions to search critical conditions of complex fitting, equipment or facility that are unpredictable or are result of serious operator´ error, and that may, under certain conditions, go to highly non-demanded, i.e. highly unacceptable conditions, i.e. situations in which the very existences of facility or even humans are threatened, and which we usually refer to as crisis. Therefore, they are followed specific characteristics such as: interoperability (i.e. ability of technical facility as a whole to perform quality tasks under normal, abnormal and critical conditions), safety integrity (SIL), which is mostly tracked in conjunction with human errors (at specification, design, installation, maintenance, modification, etc.), criticality (i.e. extent to which personal injury, material destruction, damage or other asset losses may occurthreshold below which monitored equipment condition is demanded and vice versa), dependability (operational reliability), which ensures that system meets specified requirements and its operation complies with specified conditions (it extends to two basic characteristics, which are vulnerability and durability).
In this context, we divide technical facilities into reliable, secure and safe systems [13]. Reliable system is system that performs required functions at 95% probability level. Secure system is reliable system that is protected from all risks. Safe system is secure system that, even in its critical conditions, does not endanger itself and its surroundings. In creation and operation of all these system types it is: worked with risks; applied on Defense-In-Depth principle, and required management using the technical facility safety management system -SMS [13,14]. When at the technical facility designing, creation and operation, it is not clarified what objective is pursued in practice, confusions arise in prioritization, and it leads to conflicts, and therefore, the optimization of measures [13,19] must be carried out. Misplaced priorities bring harm, e.g. five girls lost their lives in an escape game in Poland because they were in a secure room; pilot Andreas, from Germanwings, could have led the plane to the Alpine mountain massif because the cockpit was secured -the armored door could not open from the outside, etc. [12].
The possible action is using the integral safety concept, which: considers the priorities in public assets; is based on consideration of all phenomena that can damage the territory and technical facility, i.e. the All-Hazard-Approach [15]; and which at reducing the costs clearly determines what risks can be neglected by fact that facility, fittings or equipment is only considered as a secure system or only a reliable system [14]. Its application requires to: monitor priority risks and conditions of critical fittings, components and personnel; keep rules for safe operation at all organization levels; permanently increase safety by help of special strategic program; perform risk base inspections on critical fittings, components and systems; realize conditionbased maintenance; systematically improve safety culture; be prepared for response to all expected emergencies in all aspects connected with response and for ensuring the operation continuity under abnormal and critical conditions; use optimal working modes; motivate personnel; have necessary reserves in all important items; systematically cooperate with public administration, organizations using the same technology and research organizations; and be able to install technological changes if necessary [18].

IV. DATA AND METHODS USED
For research, the original database of technical facilities accidents and failures [20] from the world data was compiled and several case studies were analyzed in great details [18]. The database contains 7829 events from the whole world sources that were accessible in last 35 years to authors; more than 90% events originated during the technical facilities operation. To reveal the event causes (risk realized), the collected data were processed by risk engineering methods: e.g. What, If; Checklist; Fishbone diagram; Case studies; Event Tree; FMECA; etc. [21].
Their results were critically assessed and separated into classes according similarity of causes and created the basis for Decision Support System enabling to multicriterial assessment of possible technical facility risks. The obtained results on lessons learned from risk impacts suppressions were also critically assessed and separated into classes according similarity of response tools and created the basis for Risk Management Plan.

V. RESULTS OF ANALYSIS OF DATABASE OF TECHNICAL FACILITIES ACCIDENTS AND FAILURES
Detail database study shows that causes of technical facilities accidents and failures are: natural disasters, outages of external infrastructures that are important for technical facility operation, internal disasters as outages of internal critical infrastructures, critical fittings malfunctions, bad maintenance etc., top management errors, project management errors, process management errors, low level of operation provisions, errors in technical fittings operation regime and maintenance, insufficient control of fittings and component conditions, bad safety culture, insufficient training, motivation and workmanship of workers, bad working conditions or regime, errors in cyber concept, fittings and nets in automatic and semiautomatic systems supporting the management decision, bad public administration supervision, insufficient legislation with regard to technical facilities safety, attacks of hackers, terrorists, insiders etc. See Fig. 1. and origination of small mistakes, the realization of which in short time interval is dangerous. Both these factors need to be managed. For management improvement, two tools were developed, namely decision support system and risk management plan.

VI. VERIFIED TOOLS FOR FACILITIES RISK MANAGEMENT
Analyses of tools for working with risks summarized at [18] and the experience gathered [20] show that risk management tools depend on many factors. At technical facilities strategic management, it is necessary to consider both, the safety and the long-term functionality. This means that two facts need to be considered: technical facilities are complex multi-level systems; and the specific sources of some risk are not the same at all technical facility levels.
In practice, it is necessary to work with risks at the lowest level (simple technical equipmentmachines) and with risks at higher levels (e.g. pressure vessels; production lines, sets of production lines, whole technical facility) and at the highest level (technical facility and its surroundings). Safety at the highest level ensures the coexistence of technical facility with the surroundings throughout its life cycle.
In terms of needs and economic use of resources, it is true that in a number of practical tasks it is sufficient to consider only certain sources of risk, because the aim is a safe machine and not the whole technical facility and its surroundings safety. Therefore, for each risk-related work task, it is important to determine the risk management objective. At the same time, it is important to follow that certain technical equipment (insurance valves, drain valves, etc.) or certain components of a technical facility (pressure vessels, reactors, control systems, etc.) are essential for integral technical facility safety, and therefore, it is not sufficient for them to work with risks only from the point of view of entity itself, but it is necessary to work with risks that are also important in terms of whole technical facility safety. It goes on critical elements, critical equipment, critical components and critical technical facilities systems [14,18] that require special work with risks in siting, designing, construction and operation.
Depending on entity complexity, three risk-related objectives are distinguished: operation safety, process safety (component operation, production line), and entity integral safety. Because the higher the tool type is used, the higher the demands (knowledge, finance, time) are connected with its use, so in practice they are preferred tools with the lowest demands, which, based on current knowledge and experience, have the capability to solve a task if they are respected the safety culture basic rules and the operating regulations corresponding to operation conditions; i.e. it is not considered intent to damage the entity.
Based on experience in practice from technical facilities operational practice [14,18], it is an applicable tool that is fast and not very demanding for knowledge and time. The evaluation of usefulness of risk management tools in the technical facilities operation performed in cited book is that at: simple entities, a proven tool is checklist that is locally specific and has a properly calibrated scale for risk assessment, not very interconnected entities, a proven tool is a set of checklists that are locally specific and have properly calibrated risk assessment scales, with the results of those checklists are aggregated in a designated and locally specific manner, and at complex entities, a proven tool is decision support system (DSS) that consider both, the asset connectivity and the time changes and external risk sources. Tool "Decision Support System" respects present knowledge on technical facilities´ safety and lessons learned from past technical facilities accidents and failures, the causes of which were connected with their operations. The important role plays technical facilities organizational structure, which is mechanism used to coordinate and control technical facilities operation. According to [22], it constitutes a hierarchical arrangement of relationships of superiority and subordination and addresses mutual competences, links and responsibilities. Of course, large financial and other means releases on risk management is only at the highest hierarchical level. Complex technical facilities have several hierarchical levels. According to experience from practice [20] we assume at the DSS creation the organizational structure as follows: top management; higher managementresponsible for projects (e.g. the result of a set of several production lines); medium managementresponsible for processes (e.g. one production line); technical managementresponsible for individual technical equipment operation; personnel (critical and supportive)responsible for technical activities.
At DSS compilation, attention is concentrated to aspects that assess: way of consideration of risks and their sources, achieved level of safety in technical facility design, measures technical levelsmaintenance regime, risk based inspection performance etc., material and energy demandingness, measures implementation speeds, demands on staff education and training, information security demands, financial demands, claims of liability, as well as claims on management of all interested parties (i.e. in technical facility and territory). On the basis of the requirements for technical facilities risks summarized in detail in [14,18]; data on accidents and failures and related lessons learned in [20], the DSS in the form of checklist for the operated technical facilities risks assessment was compiledit has 302 criteria; its example is in Table I. Rate Note The degree at which the technical facility top management understands and realizes responsibility for the risk management to technical facility integral safety; i.e. by other words level of safe operation in the case / level of coexistence. The degree at which the technical facility top management and operation management documents consider the impact of disasters under the All-Hazard-Approach, which are possible in the territory and carry out the correction of deficiencies; i.e. by other words level of safe operation in the case / level of coexistence. The degree at which the technical facility top management and operation management documents consider impacts of possible beyond design natural disasters in given territory and remedy the deficiencies; i.e. by other words level of safe operation in the case / level of coexistence.
At application in practice, individual criteria in Table I are evaluated by scale 1 -5 with concept "the higher the value, the higher the risk" [23]. The scale for the evaluation of whole checklist is in Table II; it was introduced into standards in the 1980s [24]. The evaluation of real cases according to Table I needs to be performed by a team of specialists from different fields independently; in practice, it comes in useful team consisting of: worker of public administration responsible for territory safety, worker of public administration responsible for the development of the territory, representative of technical facility, representative of the professional institution for the technical facility safety assessment, for example from the technical inspection, representative of the Integrated rescue system [25]. The resulting value is the median for each criterion, and in cases of great variance of the values in one criterion it is necessary, so that the worker of public administration responsible for territory safety may ensure further investigation, on which each assessor shall communicate the grounds for his / her review in the present case, and on the basis of panel discussions or brainstorming session, the final risk rate value is determined. The DSS was tested with success at five medium enterprises [20]; its site-specific compilation and application in practice are is ambitious on experts´ knowledge and time, and they require the access to detail enterprise and public administration documents, which is connected with respecting the certain legal rules.
Procedures for assessment of technical facility risk acceptability for both parties, the technical facility and the public administration is described in [24]. It is based on comparison of losses caused by mean annual technical facility risk and benefits for both, the technical facility and the public administration.
Due to dynamic world development, technical facilities parts ageing, wear and tear, and limited human knowledge, sources and capabilities, technical facilities´ managements and public administration need to be prepared for important risk realizations in next time. For this purpose, it was developed tool "Risk Management Plan" that respects present knowledge on technical facilities´ response and the lessons learned from past responses to accidents and failures, the causes of which were connected with their operation.
Since technical facility and its surroundings are interconnected, two important players are consideredtechnical facility management and public administration. Risk management plan in question needs to be concerned with preparation of technical facility for management of risks directly related to it and risks associated with interconnection of technical facilitythe territory; and for public administration pays the same. Therefore, the compiled plan is linked to: safety (strategic) technical facility plan; security (strategic) roadmap for territory development; on-side emergency plan; off-side emergency plan; technical facility continuity plan for critical conditions; the territory's crisis plan; and territory recovery plan [13,18].
In order the risk management plan would fulfil its role, it needs to be based on quality data processed by experts using quality methods and it shall have a foothold in legislation that ensures properly distributed competences and forces accountability, thereby contributing to the building of safety culture in society. The risk management plan helps to resolve conflicts, because in the event of an expected conflict of interest, it can be in advance: agreed the objectives of solving the problems caused by risk realization; established the relevant responsibilities; and codified the resolution procedures.
The risk management plan contains four basic items: area of risk causes from all areas (technical, organizational, internal causes, external causes, cyber, etc.), description of risks causes of the risk, occurrence probability and assessment of risk impacts, risk mitigation measures and responsibilities for their implementation. The management type TQM [26] and its principles are considered when drawing up a risk management plan.
From the viewpoint of responsibilities, two cases need to be distinguished, namely risk management in following areas: connection between public administration and management of technical facility; and technical facility management [14].
In line with the TQM, responsibilities for the following functions are considered in public administration: Parliament President; Minister of the Sector, which includes the technical facility (industry, energy, health, agriculture, transport, communications, etc.); Region Chairman; Municipality Mayor; responsible public administration officer for territory safety; responsible public administration officer for territory development; responsible authorized inspector; and responsible representative of civil protection.
For dealing with risks in technical facility are considered statutory representatives of: top management; higher managementprojects leaders; medium managementprocesses leaders; technical managementresponsible for technical equipment operation; personnel (critical and supportive)responsible for technical activities.
On the basis of the data collected (data on the causes of accidents and failures of technical works during operation, and relevant lessons), the knowledge described above, a priority risk management plan for the field of operation of the technical work is drawn up by team consisting of: worker of public administration responsible for territory safety; worker of public administration responsible for the development of the territory; representative of technical facility; representative of the professional institution for the technical facility safety assessment, for example from the technical inspection; and representative of the Integrated rescue system [18]; its example is in Table III. Overloading of operators, non-cooperation, frequent interruptions of technical facility performance, occurrence of incidents, accidents and failures. Due to the interrupted performance it goes to failure to fulfil obligations to a third party, the risk of penalties VII. CONCLUSION Technical equipment and technical facilities belong to the different sectors management and are very diverse by the design and nature. Therefore, the criteria and measures for managing and settling their risks are sector-dependent, even if they have the same objective, namely safe technical equipment or safe technical facility. For reasons of great diversity, the different procedures are site and sectorspecific. Aspects important for operation of technical equipment and whole technical facilities are very diverse, especially those of: knowledge and technical, which predetermine the capacity possibilities of technical facilities and technical equipment; organizational and legal matters enabling the technical facilities operation and technical equipment operation at a certain level of safety in the territory and over time; financial, personnel, social and political at national and international level.
The findings obtained by research of technical facilities accidents and failures show that in the prevention of accidents and failures, the following should be avoided: major risk prevention errors (e.g. underestimating the size of external risk sources or sources of organizational accidents); and occurrence of minor errors, realization of which in short time period is dangerous, although the impacts of separate individual errors are manageable by prepared response measures. To this aim the 'Decision Support System' tool is developed and recommended for practice Due to world dynamic development, ageing and wear of parts of technical facilities and limited human knowledge, resources and possibilities, the technical facility management and the public administration must be prepared for future occurrence of risks. To this aim 'Risk Management Plan' tool is developed and recommended for practice.
Both tools respect current knowledge of technical facilities safety and lessons learned from their past accidents and failures, the causes of which have been linked to their operation. They must be compiled as sector and site specific in order to be effective and effective.