Bayesian Network Application for the Risk ...

Download PDF
28 downloads 542 Views 459KB Size Report
Comment
Bayesian Network Application for the Risk. Assessment of Existing ... they usually introduce new modern monitoring systems, which are able to provide useful.
Bayesian Network Application for the Risk Assessment of Existing Energy Production Units Miroslav Sykora and Jana Markova

Dimitris Diamantidis

Klokner Institute Czech Technical University in Prague Prague, Czech Republic [email protected]; [email protected]

Faculty of Civil Engineering OTH Regensburg Regensburg, Germany [email protected]

Abstract—A Bayesian network is applied in this contribution in order to assess the risks of a selected production unit in a fossil power station. A general framework for the risk assessment of production units of a power station is presented first by implementing statistical methods and Bayesian networks. Special emphasis is given to the input data consisting of failure rates which are obtained on the basis of recorded data and expert judgements. The consequences of failure are divided into economical and human (societal): economic consequences include outages of key technological devices; societal consequences cover potential injuries and fatalities. Probabilistic risk assessment methods are applied to the selected production unit of a power station. The influence of the uncertainties in the considered technical parameters on the availability of the unit is assessed and the acceptance of the calculated availability represented through the mean value and the standard deviation is discussed. Societal risks given in terms of weighted injuries and fatalities are obtained and respective risk acceptance criteria are presented. Uncertainties affecting the risks are discussed. It appears that the proposed framework provides a valuable assessment of the influence individual devices and their components on availability and societal risk. For that purpose the used methodology, intentionally simplified for operational applications, includes important factors affecting risks of production units. It is concluded that Bayesian networks are a transparent method for the probabilistic risk assessment of complex technological systems. The results of the performed analyses can be easily updated when additional information becomes available as illustrated in characteristic examples. Keywords—availability; Bayesian networks; production unit; risk analysis; societal risk, uncertainties

I. INTRODUCTION The assessment of existing infrastructures in energy sector is an important issue of great economic significance worldwide since a main part of investments concerns with existing systems. In fact numerous fossil power stations have reached their original design service life. Until recently most operators have been assessing remaining service lives and risks of technological devices in production units on the basis of longterm experience. Insufficient attention paid to analysis of limited monitoring data has been then compensated by conservative (non-optimal) maintenance and investment plans.

Due to economic requirements and constraints plant operators nowadays tend to optimise total operational costs including maintenance, inspections and availability of specific spare components. Consequently they usually introduce new modern monitoring systems, which are able to provide useful information about parameters describing the actual states of technological devices (hereafter “technical parameters”). Such information can be treated by implementing statistical methods in order to deal with the relevant uncertainties related to available data. Rational decisions concerning extensions of service life, maintenance and replacements of devices should be based on: •

updated information of actual conditions of individual energetic devices and their components and



cost-benefit analysis using methods of risk analysis and probabilistic optimisation.

Risk analysis is often a demanding, but important step of the decision process. In many practical cases in the past qualitative or semi-quantitative methods have been applied. Such methods rely mostly on expert judgements and therefore the direct inclusion of the measurement results may represent a difficult task. Therefore, quantitative risk assessments are currently being implemented in practice. However, it seems that applications of these methods have been so far focused mostly on selected devices [1, 2]. In this paper the framework of probabilistic risk analysis [3, 4] is proposed. The principles of risk analysis are illustrated in characteristic examples of devices in an existing production unit of a fossil power station. In the next years managers of this plant will have to decide on the extension of working life or the shut-down of the production unit. The risk analysis described herein provides an effective tool for that purpose. Input data related to the risk analysis include failure rates of the components and economic consequences due to malfunctioning of the selected devices. Potential societal consequences of failures are also considered and illustrated in the subject study. Resulting probabilities of failure and expected consequences for given hazard scenarios are analysed using Bayesian networks. Uncertainties in estimates of the

failure rates are treated by Bayesian updating statistical tools. The developed methodology can be applied in the assessment of similar types of power stations and engineering systems in general. It can be also used to compare risks of different types of energy production plants. II. APPLIED PROCEDURE Probabilistic risk analysis has been applied in the past to assess risks of different types of industrial plants in the energy sector. Its implantation in case of production units in power plants is a multidisciplinary task that requires a close cooperation of plant managers, specialists on key devices and risk experts. The analysis consists generally of five main steps [5]: 1.

Selection of key devices of a production unit and development of a block diagram of the production unit including technological (causal) links amongst these devices (Section III).

2.

Identification and collection of the data concerning measurements of the technical parameters and associated threshold values.

3.

4.

5.

Statistical analysis of the technical parameters (Section IV) including: - Elimination of outlying observations, - Reduction of a number of the parameters by analysing their mutual statistical dependencies, - Bayesian updating in case of limited data available through additional information from the devices with similar operating conditions or outcomes of expert judgements (Section VI), - Regression analysis of the trends of parameters with time and estimation of the probability of exceeding the threshold value. Analysis of economic and societal consequences due to failures of the key devices and their components. Economic consequences should be also estimated for unplanned outages of devices due to exceeding the limiting values, commonly identified during a planned outage, which may then be extended. Risk analysis including time effects (prediction of risks) and analysis of the sensitivities (importance) of the technical parameters (see [5]).

This procedure may end up with the exclusion of devices having insignificant effects on economic and societal risks, or with the incorporation of other devices in the analysis. Based on such screening the analysis can be performed again and the respective results can be updated.

III. SELECTION OF KEY DEVICES AND BAYESIAN NETWORK Production units in power plants consist of thousands of components of technological devices and it is not feasible to cover all these in a detailed risk analysis. The present analysis thus focuses on the key devices that have been selected in accordance with the technical provisions and the experience of operators and plant managers. The outage of such a critical device yields an outage of the whole production unit. Seven key devices have been selected: construction works - two chimneys and a cooling tower; flue gas desulphurization; boiler pressure system; high-pressure (HP) and intermediate-pressure (IP) steam piping; steam turbine; generator and transformer. It is worth noting that the selection is based on the general experience of plant operators and may not reflect always the actual condition of a production unit under study. Therefore, modifications regarding the screening of the critical members may be needed. The block diagram in Fig. 1 is developed on the basis of the collaboration with the experts in the multidisciplinary team. The software GeNie [6] is used for the unit representation. The key devices or their components are described by respective submodels. Causal links (indicated in Fig. 1 by directional arrows) describe technological dependencies amongst the devices, for instance: •

The function of the flue gas desulphurisation is conditioned by a proper function of the chimney,



The function of all components of the boiler pressure system is conditioned in normal operation conditions by a proper function of the desulphurisation.

In Fig. 1 the causal links express: •

The flow of combustion products amongst components of the boiler pressure system, desulphurisation and chimney,



The interconnection amongst shafts of the steam turbine and generator,



The flow of a coolant between the cooling tower and low-pressure (LP) component of the turbine,



The electric current between generator and transformer and



The flow of steam.

The dependencies amongst the critical devices are illustrated in Fig. 1.

Fig. 1.

Bayesian network including the key devices of a selected production unit

IV. INPUT PARAMETERS Risk estimates depend obviously on the selected input parameters and therefore the selection procedure of such parameters is of major significance. For the analysed production unit, measurements of more than hundred technical parameters are available, including: •

Quantitative data (such as geometrical data, strengths of materials, failure rates, operating time, temperatures, electrical quantities, liquid chromatography etc.),



Qualitative outcomes of inspections (mostly verbal assessments about the damage of components).

The statistical analysis of available observation data begins with the elimination of outliers. The other analysis steps include: 1.

Correlation analysis between the influencing parameters,

2.

Bayesian updating when information from different sources is available and

3.

Analysis of time trends of the parameters based on recordings at different time points.

In addition the application of statistical methods may provide an operator with many valuable findings; for more details see [5]. The influence of uncertainty in the parameters predominantly affecting risks is analysed in Section VI.

V. RISK ANALYSIS A. Basis of probabilistic risk analysis When for mutually independent hazard scenarios situations Hi (hazards) the failure F of the component given a particular hazard situation Hi occurs with the conditional probability P(F|Hi), then the total probability of failure Pf is given by the law of total probability as Pf = ∑ P( F | H i ) P( H i )

(1)

i

The conditional probabilities P(F|Hi) are determined by analyses of the respective hazard scenarios Hi which may lead to several events Eij (e.g. excessive stresses, fatigue of material, unacceptable vibrations or deformations) with adverse consequences Cij expressed e.g. by time of an outage of the production unit. The total risk R corresponding to the hazard scenario Hi can be consequently expressed as

R = ∑ Cij P( Eij | H i ) P( H i )

(2)

ij

The consequences of adverse events Eij may consist of several components denoted as Cij,k including human losses (fatalities, injuries), economic consequences (replacement/repair, clean-up costs, business interruption etc.)

and environmental damage (for example pollution due to malfunction of a desulphurisation unit). The components Rk of the total risk may be assessed from the relationship



Direct implementation of uncertainties with respect to material and geometrical properties, operating conditions, inaccuracy of measurements and also theoretical models applied in analyses of devices,

Rk = ∑i,j Cij,k P(Ei,j|Hi) P(Hi)



Modelling of complicated functional dependencies amongst devices, which cannot be modelled in such detail with a fault tree or an event tree



Updating of results when new information becomes available,



Acquisition of all relevant information for decisionmaking concerning operational processes and their maintenance.

(3)

If the acceptable or target risk Rkt is specified, the devices or the whole production unit can be assessed on its basis, Rk < Rkt. This supplements the basic reliability requirement Pf < Pft, where Pft is the target value of failure probability [7-9]. The guidance for the determination of the acceptable risk Rkt is provided in recently revised ISO 2394 [7]. Acceptance criteria for societal risk are discussed in sub-section D of this Section. When the criterion of the acceptable risk is not fulfilled, it is necessary to modify the system by appropriate interventions aiming at reducing the probability of occurrence of adverse events (prevention measures) or at reducing consequences (mitigation measures). Further information on the probabilistic risk analysis can be obtained from [4, 8, 10, 11].

The analysis of Bayesian network is based on specification of conditional probabilities of child nodes for given states of parent nodes (connected by casual links). The analysis is based on the concept of conditional probabilities and the theory of probability. Detail information on such analyses is provided by [4, 11, 12].

B. Risk analysis based on Bayesian network Probabilistic approaches become widely used in various industrial sectors since they support decisions of the operators regarding the future use of plants. Probabilistic approaches take into account inherent uncertainties in the description of the influencing parameters, their effect on the actual state of devices and also the estimates of consequences. This step can be achieved for example in simplified approach through the interpretation of plant functional diagrams and discussions with the personnel of the plant to identify the functional rules and the components influencing the failure modes through a Failure Mode and Effect Analysis (FMEA). In many practical cases other methodologies such as event or fault trees are applied. Fault tree analyses provide useful tools in order to gain an understanding of the system, to represent the failure relationships of the system, to identify the causes of a failure and to quantify the failure probability. Event trees start from an initial event and afterwards identify all the possible consequence events and can describe (potential) resulting accident sequences and the expected consequences. Thereby the determination of the frequency of the accidental event and the (conditional) probabilities of the branches in the event tree is of major importance.

For each key device or its component, the utility node of unavailability time and the utility node of societal consequences (if relevant) are connected as illustrated in Fig. 1. The nodes describe economic and societal risks caused by failures of devices. Resources of information include measurements from databases of the operator, standards, manuals for management of the power plant and operational guidelines, failure rates based on the previous performance of key devices and expert judgements concerning failure consequences.

However, in this study the application of Bayesian networks is advocated as it facilitates: •



Break down of a complex task (a production unit) into smaller sub-tasks (significant components) that can be analysed separately by individual experts on particular devices, Illustrative interpretation of knowledge concerning devices based on results of measurements and expert appraisals,

An important aspect is the specification of an appropriate reference period of the analysis: •

If a long period (such as one year) is considered, the probability of occurrence of two or more failures cannot be neglected, e.g. for the boiler pressure system. In such case the network becomes complicated since multiple states of nodes (no, one, two or more failures) need to be modelled.



On the contrary if a short reference period is accepted, failure probabilities (or probabilities of exceeding a threshold value) are small and involved specialists may have difficulties to work with such small numbers as experience of the authors has shown.

As a reasonable compromise the reference period of one week seems to be consequently adequate for the analysed production unit. An important feature of the proposed network is the incorporation of submodels (rectangles with round corners in Fig. 1) that makes the basic network transparent. As an example the submodel of the HP turbine is shown here in Fig. 2.

Fig. 2.

Submodel of a high-pressure turbine

C. Availability and economic risks The economic risk is reflected by the time of system unavailability resulting in business losses. Consequently the total economic risk R is expressed by the expected period of an unplanned outage. R = 0.66 day/week is obtained as shown in Fig. 1. The analysis is based on the best estimates of failure rates of devices and their components derived from a number of failures recorded over the service life. For devices with rare failures (such as generator or turbine) information from other production units and other power stations is taken into account. All the failure rates are confronted with actual conditions and operating processes (e.g. temperatures, number of starts) of the device and modified if needed (for instance for partly or fully replaced components) in order to obtain realistic results; see Section VI for more details. An important parameter reflecting the performance and the economic risk is the availability of the plant. Disregarding periods of planned outages, the expected availability of the production unit A is obtained as: A = 1 – R (day/week) / 7 days ≈ 90.6 %

(4)

If acceptable or target availability is defined by At, the devices or the whole production unit can be assessed on a basis of A > At. Target or acceptable values for the availability are set by the operator. In [13, 14] availability values for various industrial plants have been obtained and results indicate availabilities ranging from 80% to 97%. It is obvious that the availability is of a stochastic nature since it depends on uncertain parameters of the plant components. Therefore, it appears necessary to discuss the scatter of the availability based on a statistical analysis and to set target values by considering this scatter, i.e. the availability A should not be less than the target availability At with a certain probability p, for example

p = 5%. Such an approach is consistent with current serviceability performance criteria for structures in general as described in [7, 10]. The influence of the important contributors to the availability and therefore to the economic risk is of major interest. The economic risks of the individual components are determined using the Bayesian network. The contribution ri of a component “i” of a selected device to the total economic risk R of the production unit is given as: ri = Ri / R = Ri / (∑i Ri)

(5)

where Ri = economic risk of the component. The risks are summed over all considered components of the key devices. The contributions of the selected key energetic devices to the total economic risk are shown in Fig. 3 (the chimneys and desulphurisation contribute negligibly to the overall risk and are omitted in the figure). The results in Fig. 4 illustrate that the key devices can be classified in accordance with their contributions to the total economic risk as follows: •

Significant contribution: generator, boiler pressure system, steam turbine;



Small contribution: steam piping, cooling tower;



Very small or negligible contribution: transformer, desulphurisation, chimneys.

Obviously this classification is related to the actual conditions of the analysed production unit.

Steam piping; 5.9%

Cooling tower; Transformer; 1.5% 5.4% Boiler pressure system; 33.7%

Turbine; 31.3% Generator; 22.2%

Fig. 3.

Contributions of selected devices to the total economic risk

Transformer; 0.2% Generator; 7.0%

Steam piping; 35.3% Turbine; 57.6%

Fig. 4.

Contributions of selected devices to the total societal risk

D. Societal risks and acceptance criteria In principle societal risks are analysed in a similar way as economic risks. Thereby common operational conditions in the fossil power station with regular presence of staff are taken into account. For the estimation of societal consequences, the statistics of the Centre of transport research of the Czech Republic are hereafter taken into account; the quantification of costs and losses covered direct costs of health care, costs related to the care of disabled people and administrative (police, justice, insurance) costs. Three levels of injuries (minor / major / fatal) are distinguished. Based on statistical data concerning the economic losses due to injuries, the unity weight is considered for a fatality while major and minor injuries are associated with weighting factors of 0.33 and 0.04, respectively. The contributions of the devices affecting societal risks are shown in Fig. 4. The key devices can be classified in accordance with their contributions to the total societal risk as follows: •

Significant contribution: steam turbine, steam piping;



Small contribution: generator, transformer.

The other devices have negligible effects on the societal risk. It is noted that in many practical studies the societal risk of an installation is given in the form of an F-N curve [15]. In the F-N diagrams N represents the number of fatalities and F the frequency of accidents with more than N fatalities [16]. The curves show consequently the relationship between the annual frequency F of accidents with N or more fatalities. Usually these curves are shown in a log-log plot with the frequency F in the ordinate axis. F-N curves have been originally developed for nuclear hazards to illustrate thresholds that reflect societal aversion to multiple fatalities during a single catastrophic event. Typical graphs are subdivided into the three areas: •

Unacceptable risk,



Tolerable risk that should be reduced according to the as low as reasonably practicable (ALARP) principle,



Broadly acceptable risk.

The recommendations of the F-N curve can be represented also in the so-called risk-acceptability matrix. For this purpose qualitative hazard probability levels are defined jointly with hazard severity levels of accidental consequences. The hazard probability levels and the hazard severity levels can be combined to generate a risk classification matrix. The authority is usually responsible for defining the tolerability of the risk combinations contained within the risk classification matrix. This procedure can be seen as a different method for the same purpose of the F-N curve. An example for such a risk classification is used in [17, 18]. However in many cases since risk is the annual expected loss, the expected (risk) value (EV) is used as a simple measure of the societal risk. It is the long-term average number of statistically expected fatalities per year for the structure or plant under study. Expressing risk in terms of the EV has the advantage of allowing the total risk of the plant to be expressed as a single number. The application of absolute criteria is simple, but the determination of thresholds as a basis for decision making is not straightforward. Therefore, relative criteria are used for comparison purposes. However, there is some loss of information compared to the F-N curve; this is particularly relevant for accidents with low probabilities and very high consequences. In the present study the weighted expected annual number of fatalities for the production unit and for the whole plant is calculated by considering that the plant has six production units. The obtained risk value is 0.028 weighted fatalities per year indicating one weighted fatality every 35 years. As mentioned target or acceptable values are not available and the societal risk comparison should be performed in terms of F-N curves. Such analysis is beyond the scope of the present study. The risk inherent in different energy sectors and resulting from significant accidents is discussed extensively in [19] and can serve as a first basis for future risk acceptance considerations.

TABLE I.

CRITICAL COMPONENTS AND DATA FOR THE UNCERTAINTY ANALYSIS

Expert estimates of the yearly failure rate λ’ based on previous experience (5%95% fractiles)

Statistical data for the power plant – number of failures in years of operation

Critical component

Contributing sub-components

Boiler pressure system

economizer, evaporator, super-heater, reheater

5-20

35 failures in three years

Turbine

HP, IP and LP turbine

0.05-0.5

60 / 150

Generator

rotor, wheel of ventilator

0.01-0.03

3 / 90

posterior λ‘‘

likelihood prior λ‘

0

10 λ‘‘0.05

20 λ‘‘0.95

1

28

240

The effect of uncertainties is studied in detail for components contributing to 80-90 % of economic risks (power unit unavailability) [13]. For the analysed unit these components cover the boiler pressure system, turbine and generator as follows from Fig. 3. Table I shows the identified critical components together with the range of failure data available and used in the uncertainty analysis.

0.2

0

Data from the analysed unit are taken into account only. Records from the last three years are deemed to reflect well wear of the system. It is assumed that other boiler pressure systems has distinctly different operating conditions (pressure and temperature of steam, number of cold and warm starts, type of coal, material of the boiler and piping etc.). Data from five turbines are taken into account as insufficient data are available from individual turbines due to rare failure occurrences. The turbines have similar operating conditions (load regime, pressure and temperature of steam, number of cold and warm starts, same producer and similar material etc.). Records from the whole service life of the turbines (~30 years) are considered as the turbines are periodically maintained and aging seems to be negligible with respect to the considered failure modes. Data from three generators are taken into account. The generators have similar operating conditions (load regime, voltage, number of cold and warm starts, same producer and material etc.). Records from the whole service life of the generators (~30 years) are considered as the turbines are periodically maintained and aging seems to have a minor effect on the considered failure modes.

Expected outage Cf in days

Bayesian statistical methods offer however an effective tool to analyse uncertainties of major parameters since they can include prior information (based on expert judgements or data reported in literature) and information from actual data based on recorded failures, break downs etc.

probability density function 0.3

0.1

Comments

λ (1 / year)

30

Fig. 5. Prior, likelihood and posterior probabilistic density functions of the failure rate λ (1 / year) and 5% and 95% fractiles of λ - boiler pressure system

VI. UNCERTAINTY ANALYSIS The input parameters of the subject study are obviously associated with aleatory and epistemic uncertainties. One possibility frequently used by decision makers in order to deal with this fact is to perform sensitivity analyses in order to show the influence of typical values of uncertain parameters.

The uncertainty analysis is based on the Bayesian statistical models described in [20]. The scope of the analysis is to derive the distribution of the availability of the power unit. As prior distribution for the failure rates λ’ of the critical components, the gamma distribution is selected. The likelihood function for the Bayesian updating is given according to [20] by the Poisson distribution and consequently the posterior distribution of λ’’ is a gamma distribution. Fig. 5 shows prior, likelihood and posterior probabilistic density functions of the failure rate of the boiler pressure system. Characteristic values – 5% and 95% fractiles – are indicated by the vertical lines. It appears that the statistical evidence is dominating. The same observations are made for the turbine.

probability density function, probability mass function 0.24

probability density function 30 posterior λ‘‘

Gamma distribution

0.18

20

histogram of MC simulations

0.12

likelihood 10

0.06

prior λ‘ 0

0

Fig. 6.

λ‘‘0.05

0.05

0.1

λ‘‘0.95

λ (1 / year)

0

0.15

Prior, likelihood and posterior probabilistic density functions of the failure rate λ (1 / year) and 5% and 95% fractiles of λ – generator

probability density function 0.06

30

60

90 120 U (days / year)

Fig. 8. Probability density function of unavailability (days per year) – histogram obtained from the Monte Carlo simulations and gamma distribution

The uncertainty in the availability is analysed by considering the unavailability per year U = Σi Cf,i λi + Δ

boiler pressure system

(6)

where Δ = 4.2 day / year is the contribution of the other components to unavailability, obtained from the Bayesian network (Fig. 1). For simplification Δ is described by a deterministic value.

0.04

0.02

The statistical distribution of the unavailability U obtained by the Monte Carlo simulations and based on the gamma distribution is demonstrated in Fig. 8 and indicates the significant scatter. The following characteristics of unavailability U and availability A = 1 – U are obtained:

turbine generator

0

0

0

20 Fig. 7.

40

Cf (day)

μU = 35.3 days / year; VU = 0.55; U0.05 = 10.4 days / year; U0.95 = 72.2 days / year A0.05 = 80.2 %; μA = 90.3 %; A0.95 = 97.1 %

60

Probability density functions of outage periods

Fig. 6 illustrates the results of updating for the generator. In this case the prior information seems to be of similar importance as compared to the statistical data. This is attributed to the fact that failures of the generator are very rare and it is difficult to establish database with strong empirical evidence. Fig. 7 shows probability density functions for outage periods, assuming exponential distribution. Apparently the dispersion in the estimate for generator (flat curve) is dominating compared to turbine (medium dispersion) and boiler (low dispersion).

The target availability could be defined with a probability of 5% of not being exceeded. This is satisfied here if the target value is in the range of 80%. The outcomes of the uncertainty analysis reveal: 1.

Estimates of the unavailability/ availability exhibit considerable dispersion.

2.

Sensitivity analysis could be done by using the First Order Reliability Method FORM [21].

3.

For important parameters the expert estimates of the failure rates could be enhanced by a more extensive literature and databases survey and by predictions from physical-based theoretical models.

4.

Equation (6) is simplified; the estimates can be improved by considering renewal processes to model the sequences of on and off periods of the power unit. VII. CONCLUDING REMARKS

Bayesian networks represent an effective tool for the risk and availability analysis of devices of power station production units. They provide background information for the decisionmaking related to the maintenance, possible repairs and replacements of the technological devices. Bayesian networks also enable the assessment of expected trends in technical parameters describing the functioning of such devices. The risk and availability analysis is illustrated on identified key devices of the production unit of a fossil power station. It is shown that the probabilistic approach facilitates the inclusion of monitoring data supplemented by expert judgements. The devices with significant influence on economic risk of the selected production unit include the boiler pressure system, steam turbine and generator. The societal risks are primarily affected by the steam turbine and steam piping. The specification of acceptable risk criteria for power plants should be based on cost-benefit considerations (economic risks) and comparisons with risks in other daily activities and marginal lifesaving cost principles (societal risks). The uncertainty analysis reveals that the availability is associated with considerable scatter due to the uncertainty in the input failure rates. A more detailed sensitivity analysis directly deriving the importance of the input parameters with respect to a resulting estimate of unavailability could be done by the standard First Order Reliability Method FORM. For important parameters the expert estimates of the failure rates could be enhanced by a more comprehensive literature survey and by predictions from physical-based theoretical models. In order to consider the probabilistic nature of the availability it is recommended to require that the availability should not be less than specified target availability with a given probability. ACKNOWLEDGMENT This work has been supported by the Ministry of Education, Youth and Sports of the Czech Republic under Grant LG14012, by the Technology Agency of the Czech Republic under Grant TE01020068 and by the Regensburg Centre of Energy and Resources (RCER) of the Ostbayerische Technische Hochschule Regensburg (OTH Regensburg) and the Technology- and Science Network Oberpfalz (TWO). Outcomes of COST Action TU1402 have been utilized. The contribution is partly based on a recent paper [5].

REFERENCES [1]

[2]

[3] [4] [5]

[6] [7] [8]

[9]

[10] [11] [12] [13]

[14]

[15] [16] [17]

[18] [19]

[20]

[21]

Y. Wang, S. Gong and S. Grzybowski, "Reliability evaluation method for oil-paper insulation in power transformers," Energies, vol. 4, pp. 1362-1375, 2011. M. Hammer, J. Ertl and O. Janda, "Estimation of reliability characteristics of power oil transformers," Engineering Mechanics, vol. 19, pp. 61-73, 2012. JCSS. Risk assessment in engineering - principles, system representation & risk criteria, 2008. M. G. Stewart and R. E. Melchers, Probabilistic risk assessment of engineering systems. Berlin: Springer, 1997. M. Sykora, M. Holicky and J. Markova, "Risk analysis of production units in a power station using bayesian networks," in Proc. ESREL 2013, Amsterdam, 2013, pp. 2205-2212. Decision Systems Laboratory. GeNIe 2.0 (software package). 2011. ISO 2394, General principles on reliability for structures. Geneve, Switzerland: ISO, 2015. ISO 13824, Bases for design of structures - General principles on risk assessment of systems involving structures. Geneve, Switzerland: ISO TC98/SC2, 2009. R. D. J. M. Steenbergen, M. Sykora, D. Diamantidis, M. Holicky and A. C. W. M. Vrouwenvelder, "Economic and human safety reliability levels for existing structures," Struct Concrete, vol. 16, pp. 323-332, 2015. JCSS. JCSS Probabilistic model code, 2001. T. D. Nielsen and F. V. Jensen, Bayesian networks and decision graphs. Berlin: Springer, 2007. D. Diamantidis and M. Holický, "Risk and robustness of road tunnels," in Proc. ICASP11, ETH Zurich, 2011, pp. 2140-2148. D. Diamantidis, A. Drago, T. Pezzo and F. Zuccarelli, "Experience gained from availability analysis of existing steel plants," in Proc. ESREL'93, Munich, 1993, pp. 10. M. Savsar, M. Alardhi and A. Almazrouee, "Capacity and availability analysis of power plants in Kuwait," in Proc. Int. Conf. Industrial Engineering and Operations Management, Istanbul, 2012, pp. 15981607. CIB TG 32, Risk assessment and risk communication in civil engineering (report 259). Rotterdam: CIB, 2001. HSE, Reducing risks, protecting people. Norwich (UK): Health & Safety Executive, 2001. NORSOK STANDARD, Risk and emergency preparedness analysis. annex c. methodology for establishment and use of environmental risk acceptance criteria (Z-013., rev. 1, informative). 1998. N. J. Duijm, "Recommendations on the use and design of risk matrices," Saf. Sci., vol. 76, pp. 21-31, 7, 2015. P. Burgherr and S. Hirschberg, "Comparative risk assessment of severe accidents in the energy sector," Energy Policy, vol. 74, Supplement 1, pp. S45-S56, 12/1, 2014. G. Apostolakis, Advances in nuclear science and technology (chapter Bayesian methods in risk assessment, Eds. - Jeffery Lewins and Martin Becker). Springer US, 1981. R. E. Melchers, Structural reliability analysis and prediction. Chichester, England: John Wiley & Sons Ltd., 2001.