Issa Diop¹, Georges Georges Abdul-Nour¹, Dragan Komljenovic^2
1Department of Industrial Engineering, University of Quebec in Trois-Rivieres, Trois-Rivieres, Canada.
²Hydro-Quebec Research Institute, Varennes, Canada.
DOI: 10.4236/ajibm.2022.127071   PDF   HTML   XML   111 Downloads   314 Views   Citations

Abstract

Suffice to say that long-established businesses have their own challenges. Furthermore, accurate systematic methods and tools for managing risks in the context of industry 4.0 are lacking or less efficient, spreading unrealistic awareness of risk (or situational awareness) in various domains where risk management is needed. Conventional methods have their own limits and might not identify all aspects that influence system safety. Once traditional industry challenges are combined with emerging risks along with new systemic and organizational risks as well as cognitive and motivational biases in human logic, there will be the necessity of building thorough Asset Management and Decision Support approaches accounting both for conventional and emerging risk safety management. Hence, innovative, and efficient approaches that can investigate issues from a broad systemic perspective to support asset management practitioners to deal with those threats associated with the complexity of socio-technical systems are of interest. On these grounds, this paper focuses on identifying and analyzing components of risk management approaches especially for new emerging safety risks within industry 4.0 (emerging technology-related risks), as well as the rising of extreme, rare, and disruptive events, at a time of continued uncertainty in the global economy, in conjunction with the highly insecure political situation caused by recent armed conflicts (for e.g., Russia vs Ukraine), and the coronavirus disease pandemic (COVID-19) that might create fatal disturbance of the performance of organizations. We opt for the relatively new methods that have been developed based on system theories, viz. the Functional Resonance Analysis Method (FRAM), the System-Theoretic Accident Model and Processes (STAMP, System Theoretic Process Analysis (STPA)) and the global risk-informed decision-making approach (RIDM) in asset management as the best suited approach for this research. We first discuss the benefits of these methods then outline the possibility of combining them to conduct high-level risk management and decision-making framework. Further research would validate their efficiency and practicality. Therefore, future research initiatives will be devoted to conducting case studies in order to obtain more accurate data.

Keywords

Asset Management Strategy, Enterprise Risk Management, Occupational Safety and Health, Resilience, Industry 4.0, Risk-Informed Decision-Making, Functional Resonance Analysis Method, System-Theoretic Accident Model and Processes

Share and Cite:

1. Introduction

Escalating complexity of socio-technical systems along with emerging technology-related risks (new and unknown risks) denote an outstanding challenge for conventional system safety approaches. The rising complexity of socio-technical systems inevitably leads to a rise in emerging risks (Leveson, 2016). The effects of these risks in asset management should be studied considering the organization’s external and internal context involving human performance and socio-economic as well as socio-cultural considerations. Figure 1 describes characteristics of an organization’s environment.

Internal Environment—Level of technological systems: the organization may successfully and efficiently predict, and control aspects associated foremostly with random uncertainties. Internal Environment—enterprise level: for this level, workforce and physical assets of the organization might be managed economically and efficiently. The organizational operations may possibly be carried out effectively. However, organization might encounter some difficulties to closely control its internal environment at the enterprise level, for instance, its structure, composition, and ways of doing business. External Environment: at

this level, the organization encounters mainly aleatory uncertainties and epistemic uncertainties¹. The external environment of an organization is extremely complex and cannot be neither accurately predicted, controlled, nor effectively influenced. It is colored by numerous elements such as “the cultural, social, political, legal, regulatory, financial, technological, economic, natural, and competitive environment, whether international, national, regional, or local” (International Organization for Standardization, 2009).

The major challenges for the most widely used conventional analysis techniques of safety risks (for e.g., Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA), Hazard and Operability Analysis (HAZOP), Event Tree Analysis (ETA), Bowtie analysis, etc.) are the rising complexity of socio-technical systems driven by industry 4.0 which inevitably leads to a rise in emerging risks. These tools assume that accidents are caused by component failures or are random events happening simultaneously accidentally but no explanation of why they arose (i.e., caused by sequence of failures of events, linear accident causation models (focusing on linear sequence of events) like in the Swiss Cheese model by Reason (1997) or in the Heinrich’s domino theory (Heinrich et al., 1980) rather than accidents occurring from interactions among nonbroken components, for e.g., system design deficiency). Most of these methods were introduced since before the 80 s, nevertheless technology is changing drastically our habits of life and thinking. These traditional methods have serious limitations inherent to their applicability to contemporary socio-technical systems due to the rising complexity of those systems we are attempting to construct. Conventional approaches to coping with complexity alone are not enough, do not represent a sufficient basis for an integrated assessment, and are error-prone and laborious (Klim et al., 2011; Mahajan et al., 2017). Attempting to impose modern technology and contemporary degrees of complexity into obsolete methods might not be successful. New tools are required for the new problems. Nonetheless, it is worth emphasizing that traditional analysis techniques of safety risks should not be discredited but should be extended and enhanced. They perform best on mechanical elements or hardware. Though, they have serious limitations on for e.g., human operators, organizational and social considerations, software program-related aspects, etc. (Leveson, 2016; Underwood et al., 2013). On these arguments, both practitioners and scholars have been interested in relatively new advanced methods based on system theories, namely the Functional Resonance Analysis Method (FRAM) Hollnagel (2012) and the System-Theoretic Accident Model and Processes (STAMP—System Theoretic Process Analysis (STPA)) (Leveson, 2016), as well as the Risk-Informed Decision-Making Approach (RIDM) processes (Dezfuli et al., 2010c; Gaha et al., 2021; Komljenovic et al., 2016; Zio et al., 2012).

On these grounds, this research paper focus on developing a high-level risk management and decision-making framework, which is a triplet combining the FRAM, the STAMP-STPA and the RIDM, processes as part of an overall AM process. This methodology aspires to identify and assess, as well as manage those new emerging technology-related risks and unknown risks in asset management. It also seeks to established favorable conditions in Asset Management (AM) to deal with the rising of extreme, rare, and disruptive events that might create fatal disturbance of the performance of organizations. The outcome might provide insights into the system from the perspective of Enterprise Risk Management (ERM) and Occupational Safety and Health (OS&H) constraints and requirements. We consider that this approach might help enterprises in becoming further resilient and robust given the increasing current shift of industries towards a larger use of digital technologies which has given rise to changing and complex environments along with new emerging risk related to OS&H and ERM.

The remainder of this paper is structured as follows: Section 2 encapsulates the literature review in AM, resilience and uncertainty at the times of COVID-19 Pandemic and global inflation as well as the rising of extreme, rare, and disruptive events. It also reviews the concept of industry 4.0/5.0, risk management, the FRAM, the STAMP and the RIDM. Section 3 describes the proposed approach for characterizing system safety risks in AM which is a high-level risk management framework combining the FRAM, the STAMP-STPA and the RIDM processes as part of an overall asset management process. Section 4 provides a discussion of the key findings. Finally, Section 5 concludes the study, outlines gaps, and provides new research directions as a starting point for upcoming targets for this research

2. Literature Review

This literature review involves various spheres of knowledge, namely asset management, industry 4.0 as well as Industry 5.0, risks and risk management, the FRAM and the STAMP. It provides the reader with an overview of key relevant background knowledge of this subject matter.

2.1. Asset Management

This section provides a summary of the literature review in physical asset management (AM) defined as “coordinated activity of an organization to realize value from assets” (International Organization for Standardization, 2014). It focuses on identifying and analyzing components of AM models and challenges.

· Asset Management Models

Strategy for managing asset involves a variety of interacting and mutually dependent activities at different levels of the organization (such as strategic, organization-wide, project, product, process, etc.). This is supposed to be strongly associated with the organization’s strategic planning (IAM, 2015; International Organization for Standardization, 2014). Both practitioners and scholars will have to operate complex socio-technical systems along with decision-making processes at all stages of the organizational strategy. The process of managing these socio-technical systems should align with different levels of organizational strategy (corporate, business, and functional-level strategy). The latter are characterized by unpredictability affecting the dimensions of resilience such as organizational, technical/technological, operational, social, economic, financial, reputational, and business model (Roshani et al., 2014; Woods, 2015). These complex socio-technical systems “are made up of a panoply of complex and uncertain technological objects including capital investment, definition of requirements, acquisition, installation, and commissioning and decommissioning of assets (O & M), shutdown and outage strategies, life cycle value realization”. Furthermore, the context of aging assets which obliges organizations to cope with dependability challenges, viz. reliability, availability, maintainability of assets, coupled with Occupational Safety and Health (OS&H) constraints and requirements as well as Enterprise Risk Management (ERM) as mentioned by (Komljenovic et al., 2016). Consequently, organizations have significant constraints as well as requirements to decrease equipment malfunctions or failures causing high-level expectations from maintenance (Baglee et al., 2016; Brown et al., 2014). For example, Komljenovic (2018) indicate that power utilities “should manage the replacement of huge parts of their assets as they reach the end of their lifecycle, become obsolete due to technological changes or because of transition to more efficient and carbon-free power alternatives”.

Various economic models have been developed throughout the last decades to support AM decision makers and practitioners in various sectors. Those leading models relevant to this subject matter of interest are enumerated below (Table 1). The Institute of Asset Management (IAM) has developed a conceptual asset management model involving the six groups of themes (see Figure 2) primarily issued by the Global Forum on Maintenance and Asset Management (GFMAM), namely (i) strategy and planning, (ii) asset management decision-making, (iii) lifecycle delivery, (iv) asset information, (v) organization and people, and (vi) risk and review (GFMAM, 2014; IAM, 2015). These are contained in the IAM Asset Management—An Anatomy, a framework made up of 39 subjects that detail the AM activities within an organization and aligned with the principles of ISO 55000 series of standards for evaluating asset management maturity.

The reader is referred to Diop et al. (2021) and their bibliographic references for more details on AM for those unfamiliar with these models.

· Resilience, System Complexity, and Asset Management Uncertainty at the Times of COVID-19 Pandemic and Global Inflation as well as the Rising of Extreme, Rare, and Disruptive Events

The complexity of the system caused by the interaction among the arrival of new complex technologies, strategic planning, operational excellence, supply-chain management, regulatory compliance, financial management, health and safety

requirements, etc., is the source of uncertainty and non-linearity in contemporary socio-technical systems. Hence, the challenges would be Resilience engineering (i.e., continuity of operations, business continuity to deliver important services in the time of ever-growing uncertainty, complexity, non-linearity, emergence, interdependencies, threats and opportunities, etc.). In the electrical and nuclear power industry design and operation, such as power generation and transmission as well as distribution, asset management and risk management play a pivotal role in the performance of assets. Electrical utilities management which are considered as capital-intensive assets and Complex Adaptive Systems (CAS) of systems need to get ready for numerous and complex emerging technology-related risks due to the rising in frequency and severity of extreme, rare, and disruptive events that might seriously disturb the performance of organizations.

Likewise, faced with the severe international competition and the volatility of global markets, as well as the deep global insecurity of all kinds combined with

complexity in modern socio-technical systems, managing asset turns out to be challenging. Organizations deal with dreaded risks and uncertainties of all types that can affect organizational objectives, along with meaningful impacts on technical and technological systems and human operator activities. Most of these new kinds of risks are emerging, “known-unknown” and “unknown-unknown” (for e.g., the fight against network security and computer crime, terrorist attacks, climate change, natural disasters, etc.) enabling propitious conditions for the rising of extreme, rare, and disruptive events that might badly disturb the performance of organizations (Komljenovic et al., 2016). For instance, asset decision-makers and stakeholders grapple with effects of the severe socio-economic inflation of prices and impacts on the global economy. The unstable global economic context combined with the highly insecure political context inflected by the recent conflict between Russia and Ukraine, along with the coronavirus disease pandemic (COVID-19) are compelling asset decision-makers to revise their economic asset management models to cope with these challenges and uncertainty that can affect substantial business investment decisions and elevate costs of commodity as well as the price of doing business.

In such a strong complex environment of Asset Management (AM), extreme, rare, and disruptive events might arise because of aleatory uncertainties and/or epistemic uncertainties, for e.g., major lack of expertise or awareness upon the characteristics of the phenomena under examination. Scientists recommend that modern organizations should be studied as Complex Adaptive Systems (CAS)² using the techniques of complex systems theory (complexity theory) which was built to cope with complex systems (Checkland, 1981; Farmer, 2012; Komljenovic et al., 2016). The capabilities of the concept of Complex system governance (CSG) might be leveraged by the field of AM to coping with complexity in CAS (Katina et al., 2021); Keating et al., 2022)). This idea involves a framework for the enhancement of system performance over design and execution, along with evolution of essential metasystem functions (Katina et al., 2021). Therefore, we argue that it is needed to develop a holistic AM strategy capable to consider key factors and components as well as complexity and risks. Numerous challenging questions in this subject matter are still calling for specific answers, mainly, Enterprise Risk Management (ERM) and Occupational Safety and Health (OS & H) constraints and requirements. This subject matter is in line with Theme 3 of the Hydro-Québec Asset Management Chair (“Modelling the risks of extreme events and external factors in complex asset management, Objective: Developing a global methodology for modelling the impact of extreme or rare events and external factors on the asset management strategy”) for the purpose of electrical utilities management such as transmission and distribution which are considered as capital-intensive assets and CAS of systems (Abdul-Nour et al., 2021). Let us take the example of Hydro-Quebec company which have significant asset portfolios, “in every step of the chain of production, electrical utilities must know the condition, location and availability of their assets to maximize productivity, reduce service interruptions and ensure the safety of operations and users” (Abdul-Nour et al., 2021). The latter suggest a resilience management framework and decision-making under risk and uncertainty (using either (i) traditional risk management or (ii) management under uncertainty or resilience management) designed for CAS as depicted in Figure 4. The idea of resilience is a famous approach proposed for managing risk and uncertainties assessment to examine the ability of a system to adapt and produce successful outcomes in a daily basis. Hollnagel (2013) described the concept of resilience as “the intrinsic ability of a system to adjust its functioning prior to, during, or following changes and disturbances, so that it can sustain required operations under both expected and unexpected conditions”.

In the same vein, Komljenovic (2021) recommended a “resilience-based approach in engineering asset management (AM) at times of major, large-scale disruptions and instabilities”. Figure 3 depicts the general concept of resilience. It involves four segments: 1) Planning—this segment prepares and anticipates

the appearance of an undesirable event; 2) Absorption—absorbs the amount of damage of performance while an adverse event arises, 3) Recovery—recovers the performance after an adverse event arises. The duration to fully recovery subsequent to an adverse event is much longer if the magnitude of performance loss is greater or the necessary resources to recover the loss are not available. Various recovery shapes are likely. 4) Adaptation—collects information and develops experiences on the undesirable event and persist improving the level of resilience. The latter involves a continuous improvement and adjustment, and implicates four core properties namely: (i) Robustness (the ability to absorb a shock, to withstand critical functions, to survive after an adverse event: i.e. absorbing and adapting), (ii) Redundancy, (iii) Resourcefulness (the ability to plan for and make ready to withstand a disruption), and (iv) Rapid recovery (the ability to quickly return to operation efficiently after an accident) (Hickford et al., 2018).

In the same vein, the draft of the International Organization for Standardization (2018b): Guidance for managing emerging risks to enhance resilience, as well as the CEN (2013): Managing Emerging Technology-related Risks provide foresights and insights about the issue of new emerging risks to improve resilience.

Likewise, the WEC (2022) proposes a joined methodology for managing emerging risk, namely the “Dynamic Resilience Framework” (as shown in Appendix D) which focuses on (i) extreme weather, (ii) cyber risks and (iii) geo-spatial analysis for managing those risks. These might contribute to creating capacity and capabilities and get ready for emerging risks such as the rising occurrence and seriousness of extreme weather events, and cyber security risks and data integration issues. For instance, the “Dynamic Resilience to extreme weather” stand as a blueprint for developing resilience to extreme weather issues and provides foresights and insights about the issue of new emerging risks to improve resilience (WEC, 2022), for e.g., (i) Fort McMurray fire (Alberta, Canada, 2016): 590,000 hectares damaged, 88,000 people displaced, 2400 residences ruined, oil and gas operations threatened, 1% crash in GDP); (ii) California’s wildfires (California, USA, 2017 & 2018): more than 150 deaths, over 14,000 residences destroyed, over $20 billion economic shortfalls; (iii) Quebec Ice Storm (Quebec, Canada, January 1998): 110 mm, 24,000 poles, 900 steel towers and 3000 km of lines damaged, power shortage of 1,393,000 clients, $1.656 billion to recovers the losses. (iv) Wind-Storm (France, December 1999): windstorms speeds of 118 km/h - 180 km/h, power shortage of 3.45 million customers, (v) Snow-Storm (Veneto, Italy, October 2018): hurricane-force winds speeds of 90 km/h and gusts of 200 km/h, 5000 MW gap in power supply”.

Katina et al. (2021) remarks a deficiency of clarity of situational awareness in environments and conditions where contemporary socio-technical systems perform. These include high-level of complexity, opacity, profound uncertainties, etc. In order to enable sustainable business continuity, the WEC (2022) recommend improving the resilience to particular events and systemic changes by “situational awareness of the different types of risks preparedness for future developments”.

Numerous studies have been interested in this relatively young concept of AM and its various tools for the development of novel efficient models with the intention of enhancing the organization’s value-chain. The search of the online database Scopus to systematically retrieve scientific analysis of studies that included the term “asset management” in the article title, abstract or keywords, published at any time, yields 13,998 papers. This metric assumes that the number of papers published on this subject matter is substantially high, which suggests that this research area is of interest in various subject areas. Figure 5 depicts the asset management number of publications by subject areas.

2.2. Industry 4.0/5.0 Challenges

The fourth industrial revolution (a.k.a. industry 4.0) or industry of the future is an initiative from the German government aiming at stimulating the competitiveness and productivity of the manufacturing industry (Blanchet, 2014). In 2006, the German government presented its “High-Tech Strategy” at the Hanover Fair, the world’s largest industrial technology fair. For the first time, Industry 4.0 was mentioned in connection with the advent of an industrial revolution. In 2011, at the same Hanover Fair, three representatives from business, politics, and science show how the paradigm shift based on cyber-physical systems, new business models will take place in the coming decades (Kagermann et al., 2011). This expert group led by Dr Kagermann and Dr Wolfgang Wahlster from the German Research Center for Artificial Intelligence as well as Dr Wolf-Dieter Lukas from the Federal Ministry of Research and Education presented the results of work on Industry 4.0. Their publication describes three main axes around which the characteristics of industrial manufacturing engineering of the future revolve, namely (i) high degree of product customization with flexible production, (ii) involvement of customers and business partners in design and value creation processes, (iii) relationship between production and quality services to create hybrid products.

Looking back over the past few years, the concept of industry 4.0 has developed rapidly and became a worldwide adopted term in the technologically advanced countries. The concept symbolizes a new method of organizing and controlling the industry value chain through processes and intelligent networking of machines. it refers to the link between the virtual world and the real-world using industry 4.0 platform. automation and exchange of massive data (big data) as well as ubiquitous computing solutions in manufacturing technologies such as internet of things (IoT), cyber-physical systems (CPS), cloud computing (Cloud) and cognitive computing (CC) define the current trend of the concept of Industry 4.0 with the arrival of Smart-Factory (Erboz, 2017). CPSs such as smart machines form the basis of Industry 4.0. These modern control systems are characterized by

connectivity via the IoT. They integrate Embedded Software Systems and have an Internet Protocol address (IP address) to communicate with the systems.

Industry 4.0 does not arise from a digital divide like the three previous revolutions, viz. (i) mechanization of production through the steam engine and water at the 18^th century, (ii) mass production (Henry Ford) and creation of the assembly line through electricity at the 19^th century, (iii) automation of production through information technology and electronics in the 20^th century. Figure 6 depicts these four industrial revolutions since the 18^th century up to now.

In a world characterized by prospects for digital prosperity, the arrival of the new era of industry 4.0 influences organizations in various domains. It involves cutting-edge technologies which are capable to capture, optimize and deploy massive data (big data). Technologies such as IoT, artificial intelligence (AI), CPS, and cloud computing communicate, interact, and adjust continuously (Boston-Consulting-Group, 2020). Figure 7 depicts the nine technologies driving industry 4.0. For instance, the IoT is radically changing the decision-making processes in the design and manufacture of products. Statistical studies on the connectivity of objects around the world estimate a range of 50 to 200 billion

connected objects in 2020 far exceeding the number of cellphones (European-Asset-Management-Committee, 2017). In the same vein, the International Data Corporation (IDC), publisher of American magazines specializing in computer technologies estimates an increase in global spending regarding IoT from 656 billion to 1.7 trillion dollars between 2014 and 2020, leading to a growth of digital devices and solutions. For more details about this concept and its numerous technologies, the reader is referred to the paper by Diop et al. (2021) and Diop et al. (2019) and their bibliographic references.

Industry 4.0 has been shaping the future of organizations provoking overwhelming changes in the way of doing business. The shift to more and more digital systems will be inexorably escorted by a multitude of new challenges and emerging risks associated with Occupational Safety and Health (OS&H) constraints and requirements as well as Enterprise Risk Management (ERM), for instance, major cyber attacks, interconnectivity of digital technologies as well as interoperability of systems, reengineering and standardization of processes, products, and services, as well as acquisition and storage of massive data (big data), digital governance, maintenance, and talents (workforce) acquisition, training and their retention in the workplace. Decision-makers who fully comprehend these shifts and the benefits associated with numerical technologies will be best prepared to tackle the various challenges related to industry 4.0. Therefore, there is no need to reinvent the wheel every time, but each company might need to adapt its specific economic model that is potentially more suitable in this context of digitalization (European-Asset-Management-Committee, 2017).

The fifth industrial revolution (a.k.a. Industry 5.0) is an initiative from the European Commission (EC), the executive branch of the European Union (EU) (Breque et al., 2021). The EC announced the idea of industry 5.0 at the tenth anniversary of industry 4.0 introduction. According to the EC, this concept stands for a complement to the concept of industry 4.0 through supporting research and enablers of innovation to be used for the transition to a sustainable, human-centric and resilient industry (i.e., placing the comfort and safety of people at the center of the manufacturing process, realizing societal objectives and social fairness beyond jobs and growth, delivering resilience of prosperity, respecting the boundaries of our planet) (Breque et al., 2021). That is trying to capture the value of industry 4.0 tools while employing environmentally friendly processes at every stage in the production chain and placing the well-being of the employees at the centre of the manufacturing process. Figure 8 illustrates the core values of industry 5.0, namely (i) human-centric, (ii) sustainable and (iii) resilient, complementing industry 4.0. In other words, industry 5.0 is considered to be value-driven while industry 4.0 is deemed to be technology-driven (Xu et al., 2021). These fundamental principles move the spotlight away from the shareholder value to the stakeholder value as well as strengthen the responsibility of industry to society (see Figure 39: Society 5.0 for Sustainable Development Goals (SDGs) contained in Appendix C). The EC has identified six enabling technologies in Industry 5.0 (see Table 2) (Müller, 2020).

^a“Deep learning is a subset of machine learning, and machine learning is a subset of AI” (wiki.pathmind.com).

2.3. Defining Risk and Risk Management Process

· Risk and Risk Management Process

This section provides the reader with an overview of key relevant background aspects of the concept of risk and risk management (RM) process in asset management (AM) at all levels of the organization. International Organization for Standardization (2009, 2018a) standards define risk management (RM) as “coordinated activities to direct and control an organization with regard to risk”. Its objective is to help achieve goals, create/protect value, enhance performance, and promotes innovation. Risk is expressed as “an effect of uncertainty on objectives”³ (International Organization for Standardization, 2018a). It is frequently stated in term of “potential events and consequences, or a combination of these” or “a combination of the consequences of an event (including changes in

circumstances) and the associated likelihood of occurrence” (International Organization for Standardization, 2009). In the same vein, NASA procedural requirement NPR 8000.4 articulates risk as a triplet, namely the scenario(s), the likelihood(s), and the consequence(s) (Dezfuli et al., 2010c). The latter requirement (NPR 8000.4) specifies that describing risk in this way enables to differentiate “high-probability, low consequence outcomes from low-probability, high consequence outcomes”, as well as the approach to “proactive RM controls”. The process of managing risk is based on a triplet, viz. the principles, the framework and the process as shown in Figure 10.

· The principles allow an organization to communicate the value of the RM process and its objective to deal with the effects of uncertainty on its objectives. The principles deliver guidance on the attributes of efficient and effective RM. Figure 11 outlines these principles that an effective RM should incorporate.

Value creation and protection: RM should create value, for e.g., occupational safety and health (OS&H) constraints and requirements, the overall organization’s management, performance criteria, and business continuity management (BCM), financial performance, legal and regulatory requirements, environment protection, impact of climate changes, etc. Integrated: RM should be integrated with other processes of an organization, for instance, it should be part of all projects and the duties of management. It should be part of decision-making to help make informed options and prioritize activities. Structured and Comprehensive: RM should be structured and comprehensive; it should guarantee that the outcomes are comparable and consistent. Customized: RM should be customized; it should be aligned with the external and internal context of an organization associated with its goals. Inclusive: RM should be inclusive; to ensure that RM remains pertinent and up to date, stakeholders and decision makers should be appropriately involved at all levels of the organization. Dynamic: RM should be dynamic; since external and internal context of an organization might change, along with events that arise everyday; it should be iterative and responsive to change as well as emerging risks. It should explicitly address uncertainty, for e.g., uncertainty on aspects of decision-making, and in what way it may be considered. Best Available Information: RM process should be based on the best available past, present, and future information for e.g., data sources such as subject matter

expert opinion or judgement, forecasts, feedback, etc. Human and cultural factors: RM should consider human behavior and culture impact on all aspects and level of organization’s RM. Continual improvement: RM should be persistently enhanced through learning and skill.

· The RM framework objective is to support the governance of the organization (decision-makers, management, stakeholders) to develop and implement effective RM into major activities and functions. The development of this tool requires a leadership and commitment. It involves a set of five components as shown in Figure 12, viz. integration, design, implementation, evaluation, and improvement of RM throughout the organization.

The governance of the organization should make sure that RM is included into all major activities and functions and aligned with organizational strategy as well as goals and culture (“leadership and commitment”). As organizational structures are subject to their complexity, objectives and operations, the process of managing risk should be tailored to the company’s needs and culture; on top of being dynamic and iterative (“integration of RM into an organization”). The “design” component encompasses: (i) understanding the organization and its context, (ii) articulating risk management commitment, (iii) assigning organizational roles, authorities, responsibilities, and accountabilities, (iv) allocating

resources, (v) establishing communication and consultation. To design then implement effective RM into major activities and functions throughout the organization, the governance should implement the RM framework including planning (time and resources), classifying decision types and responsibilities, revising decision-making processes when applicable, seizing changes in external and internal contexts, etc. (“implementation”). To effectively evaluate the RM framework (“evaluation”), a twofold process is needed encompassing (i) key indicators to screen and measure the RM framework performance and its execution plan, (ii) an appraisal of the ability and relevance of the RM framework to support attaining the organizational objectives. The “improvement” component involves continually adjusting as well as enhancing the RM framework to deal with changes in addition to increasing the organizational value.

· The process of managing risk should be an integral part of the organization’s management and decision-making process. It should be incorporated into the organization’s structure, operations, and processes. The RM process encompasses a collection of guidelines and procedures, as well as practices systematically applied to the organization’s RM activities. These consist of communication and consultation, establishing the scope, context and criteria, risk assessment (risk identification, risk analysis and risk evaluation), risk treatment, monitoring and reviewing the risk, recording, and reporting the risk. This process is iterative in practice and can be utilized at the various level of the organization, for e.g., strategic, operational, project. It is depicted in Figure 13.

The International Organization for Standardization (2018b) (draft) Guidance for managing emerging risks to enhance resilience (Note: still under development, publication expected for April 2023.), as well as the CEN (2013): Managing Emerging Technology-related Risks provides new elements associated with both the issue of new emerging technology-related risks (“known-unknown” and “unknown-unknown”) and the concept of resilience which might cause the biggest challenges to business continuity and resilience as well as Enterprise Risk Management (ERM) and Occupational Safety and Health (OS&H) constraints and requirements. The International Organization for Standardization (2018b)

should be used as a complementary tool to International Organization for Standardization (2009, 2018a). This will allow to manage with confidence both known risks (ISO 31000) and emerging technology-related risks (ISO 31050).

The search of the online database Scopus to systematically retrieve scientific analysis of studies that included the term “risk management” in the article title, abstract or keywords, published at any time, yields 137,120 papers. This metric assumes that the number of papers published on this subject matter is substantially high, which suggests that this research area is of interest in various subject areas. Figure 14 depicts the risk management number of publications by subject areas.

2.4. The Functional Resonance Analysis Method, the System-Theoretic Accident Model and Processes and the Risk-Informed Decision-Making

This section provides the reader with an overview of key relevant background aspects of the concepts of the FRAM and the STAMP-STPA as well as the RIDM processes followed by the suggested model for characterizing system safety risks in AM.

2.4.1. The Functional Resonance Analysis Method

The Functional Resonance Analysis Method (FRAM) is a quite new performance assessment method for accident investigation and risk assessment. The FRAM is consistent with the philosophy of the resilience engineering and reflects the “Safety II” concept rather than “Safety I” concept (Hollnagel, 2012, 2014). The “Safety I” concept which is a conventional hazard analysis method, such as Failure Mode and Effects Analysis (FMEA) and Hazard and Operability (HAZOP), puts the spotlights on what might goes wrong (that is, how an element may fail). FMEA and HAZOP are bottom-up approaches for risk analysis (Sun et al., 2022). The HAZOP studied risks from the point of view of design and operation deviations. The FMEA method identifies probable failure modes and effects, establishes the potential causes of each failure, then recommends actions to eliminate the hazards. The “Safety II” concept focuses on what goes right (that is, identify the mandatory functions for the system to achieve its purpose). In other words, Hollnagel (2012) mentioned that this method concentrates on “the nature of everyday activities rather than on the nature of failures”. Figure 15 shows the significance of the FRAM and STAMP processes among various approaches for characterizing system safety risks in term of the level of coupling (loose or tight) described as the interaction and dependencies among the functions of the system and their manageability (tractable or intractable). It reveals that FRAM and STAMP are meant for highly intractable systems with tight couplings (see quarter number 2). Several socio-technical systems are intractable, consequently the work conditions never fully match what has been specified or recommended.

The FRAM concept was established for the benefit of “going behind human error and beyond the failure concept” by modelling the required functions for everyday performance to be successful. At the early stages in 2004, the FRAM idea was motivated by the limitations of deterministic and probabilistic approaches

to understand complex systems’ comportment, based on the Stochastic Resonance Theory in Physics (Hollnagel, 2004). The pioneers have implemented the FRAM process as a systemic functional approach for accident investigation and safety assessment in complex socio-technical systems (Hollnagel, 2004; Hollnagel et al., 2008a; Hollnagel et al., 2008b). These days, the FRAM is adopted to model complex and dynamic socio-technical systems to capture not only why things sometimes end up going wrong but also succeed (Hollnagel, 2012). Hence, the FRAM method supports decision-makers to assess activities in complex and dynamic socio-technical systems in term of the system’s functions as well as complex dependencies and interactions among functions. Therefore, the system’s functions and performance can be studied to understand where performance variability might arise before spreading all over the system. Sun et al. (2022) stated that the socio-technical system must have appropriate resilience to withstand the disturbance and absorb the performance variability of its sub-systems and procedures. The later point out that the main causes of the performance variability are attributable to human operator and technology along with hidden conditions, as mentioned by Huang et al. (2022): “The coupling and interactions among human errors, mechanical failures, terrible environment, and organization factor might cause the system state change, and cause the variability during the operation processes of the system”.

Since the FRAM was developed in 2004, there is a growing appeal in using the FRAM approach for the assessment of activities in complex and dynamic socio-technical systems, in other words Complex Adaptive Systems (CAS). The method is used in numerous high-risk domains such Maritime Transportation, Air Traffic Management Safety Assessment, Maritime Mining, Nuclear Power, Aircraft De-icing, Health Care, Railway Traffic, etc. (for example: Aguilera et al., 2016; Anvarifar et al., 2017; Costantino et al., 2018; De Carvalho, 2011; França et al., 2019; Gao et al., 2019; Hollnagel, 2012, 2014; Hollnagel, 2018; Hollnagel et al., 2012; Hounsgaard, 2016; Slater et al., 2022). The reader is referred to Diop et al. (2022) and their bibliographic references for more details on the FRAM theory for those unfamiliar with it. These authors have conducted a comprehensive bibliometric literature review of the FRAM concept aimed at assessing performance variability in complex and dynamic socio-technical systems. The authors additionally provide a comparison between the FRAM method and various assessment methods.

· The FRAM Methodology

The FRAM process is structured around four fundamental principles as follows Hollnagel (2012): (i) the principle of equivalence of success and failure, (ii) the principle of approximate adjustments, (iii) the principle of emergence, and (iv) the principle of functional resonance. The subsequent figures outline each of them.

Step 0 defines the purpose of the analysis: either (i) how things take place prospectively (that is, Risk Assessment) for the purpose of describing or explaining a system (for e.g., Rosa et al., 2015) or (ii) how things take place retrospectively

(that is, accident investigation) for the purpose of investigating potential causes of the accident and draw the appropriate conclusions (for e.g., De Carvalho (2011); Herrera et al. (2010)).

Figure 20 describes the four core steps of the FRAM approach.

Step 1 identifies, explains then categorized the set of functions⁴ that are required for the system to operate properly. This set of functions together forms the set of activities being investigated and the potential couplings among functions. These functions can be achieved by humans, machines or both human and machine in cooperation. In the FRAM, functions are characterized by a hexagon with six aspects, viz. input (I), output (O), preconditions (P), resources (R), time (T), control (C) applied to formulate each functional module. Figure 21 depicts the representation of a function in FRAM. The primary purpose of the FRAM concept is to figure out the function resonance sources through the analysis of these aspects of a function with respect to the coupling among the functions (Hollnagel, 2012; Sun et al., 2022). As a result, activities are identified, explained, and categorized in term of how they are achieved daily rather than how they are imagined. This enables decision-makers to further improve insight of how variability might arise and spread all over the functions. The latter are regarded as either (i) “foreground”, that is functions whose variability could affect the outcome of the appraisal, or (ii) “background”, which is functions that are quite stable and have less impact on the outcome of the appraisal. The coupling among functional modules is described as the interaction and dependencies among functional

modules. On the one hand, functional module that arises before another one is called an “upstream functional module”. On the other hand, a function that arises after another one is called a “downstream functional module”. The potential variability assessment facilitates to understand how “upstream functional module” variations affect “downstream functional modules” by up-down coupling.

Step 2 identifies potential performance variabilities of the set of functions to establish the variation in the functional output rather than the change in the function itself. “An instantiation describes the up-down couplings that existed or may exist for a given scenario or a set of conditions, and thus represents a realization of the model” (Hollnagel, 2012). This supports to establish how each individual function can be affected by internal variability (endogenous) or external variability (exogenous).

Step 3 concentrates on the aggregation variability by characterizing the functional resonance from the physical perspective. This phase helps identify functions that might face potential variability, as well as grasp in what way the effect might disseminate all over the system. When the functions are coupled, the interaction and dependencies among them appear clear and evident. Hypothetically, upstream functions might have an abnormal vibration then create a performance variability which might spread all over the downstream functions then trigger abnormal vibration of the downstream functions producing a functional resonance (Hollnagel, 2014; Sun et al., 2022). Consequently, an accident might arise once the functional resonance intensity goes beyond a critical tolerance in terms of risk of accident.

Step 4 outlines the outcome of the analysis then determines safety constraints. It aims at managing and adjusting performance variability as well as encouraging successful results rather than only focusing on unsuccessful results. Safety measures might enable effective actions to be carried out. In agreement with the four basic principles of the FRAM, two further solutions are proposed by the FRAM, viz. monitoring (performance indicators) and dampening along with the deep-rooted practices such as eliminating or reducing the risks at the source if known, protection, safety prevention (barriers or defense), etc. Hence, the response is to manage performance variability by dampening the variability with the intention of reducing the effects of functional resonance.

2.4.2. The System-Theoretic Accident Model and Processes

Traditional causality model thinkers consider that accidents are caused by component failures or are random events occurring concurrently by accident, but they do not usually give any explanation of why accidents occurred. In other words, conventional causality models assume that accidents are caused by chains of failures events (chain-of-failure causality model). In this simple way, each failure directly triggers the next one in the sequence to arise (linear causality (focusing on linear sequence of events)) rather than directing the unsafe human performances and unsafe interactions of system components, as well as underlying latent circumstances, behaviors, technology, etc., for example deficiency in operating procedures (for e.g., maintenance), design, fabrication, installation, etc. Suffice to say that these traditional models are no longer appropriate for the spiraling complexity in contemporary socio-technical systems driven by industry 4.0. Leveson (2016) proposes a quite new system thinking approach for accident causation that considers factors such as human operators and organizational considerations along with the technical and technological aspects (for e.g., software and hardware), in complex socio-technical systems, namely: the System-Theoretic Accident Model and Processes (STAMP). The latter is a top-down system engineering approach which its theoretical foundation is based on overall systems theory, capable to assess highly complex systems better than the traditional analysis methods of safety risks (for e.g., FMEA, FTA, HAZOP, ETA, Bowtie analysis, etc.). The STAMP process describes system safety and security as a “dynamic control problem” i.e., considering component interactions, control or enforcement of safety constraints for both component failures and component interactions rather than a “failure problem or reliability problem” i.e., preventing failures or improving component reliability; (Note that: “Safety prevents losses due to unintentional actions by benevolent actors. Security prevents losses due to intentional actions by malevolent actors. Key difference is intent. Common goal is loss prevention” (Leveson, 2016)). In the STAMP process, accidents arise when the safety control system does not handle effectively defective interactions among system components (i.e., violation of these constraints or requirements). Be aware that independent component failure accidents still remain contained within the model. In the STAMP, safety and security are perceived as emergent system properties that occur once components of a complex system interact with each other⁵ (Leveson, 2018). The purpose, then is to control the performance of the components and system as a whole to ensure that functional safety constraints (requirements) are enforced in the operating system: throughout the design stages (for example: redundancy, fail-safe, interlock safety switch) or through process (for example: procedures, processes) or through social controls (for example: safety culture, regulatory, insurance) by a control structure rooted in an adaptive socio-technical system to apply the safety property (Leveson, 2016). The STAMP model of accident causation involves three fundamental constructs as follows (Leveson, 2016):

• safety constraints: this determines the safety level of the system subsequent to the system hazards identification;

• hierarchical control structures: According to systems theory, systems are pondered as hierarchical structures with different levels, activities and behaviors. Control processes and safety constraints enable to manage these various hierarchy levels to strengthen them (i.e., identifying the interactions among the system components as well as the safety requirements and constraints, then classifying and analyzing of flawed control). Figure 37 contained in Appendix A depicts an example of a socio-technical hierarchical safety control structure;

• process models: this concept is crucial for control theory. To control a process, any controller, either human or automated, must include a model of the process being controlled. Figure 22 illustrates the dynamic of the process control including (i) the controlled process, (ii) the controller containing the process model and (iii) their interactions (control actions and feedback). Accidents might arise once the process model of the controller does not match the state of the controlled process and the controller provides unsafe commands.

Four conditions are mandatory to control a process, viz. (i) the goal (i.e., the safety requirements in the STAMP that must be implemented by each controller in the hierarchical safety control structure), (ii) the action condition (fulfilled in the downward control canals), (iii) the observability condition (carried out in the upward feedback canals) and (iv) the model condition (i.e., a model of the process being controlled contained in the controller (human or automate) to monitor it successfully). Consequently, accidents often arise once the process model applied by the controller does not agree with the current state of the process (i.e., disturbing the safety constraints). In short, process models help grasp why accidents arise and why humans provide ineffective control and perform a crucial role in designing safe and sound systems.

· The System-Theoretic Process Analysis

Figure 23 depicts the various tools available in the STAMP causality model including a top-down hazard assessment technique, called the System-Theoretic Process Analysis (STPA). The latter is a quite innovative hazard analysis method based on STAMP extended model of accident causation. Hazard can be described as “source of potential harm. Hazard can be a risk source” (International Organization for Standardization, 2009). Thus, hazard assessment can be defined as the investigation of an accident before it happens. Hence, circumstances that might lead to losses can be removed or controlled during the design stages

or operations prior to an adverse event arises, by identifying potential sources of accidents. The primary sources of hazard are associated with lack of implementation of safety requirement and constraints during design and/or operations. The principal purpose of the STAMP-STPA is “to identify accident scenarios that encompass the entire accident process, not just the electromechanical components” (Leveson, 2016).

The STAMP-STPA method enables to control the comportment of both the components of the system and the system itself (taken as a whole) in order to make sure that safety requirements and constraints are implemented in the system in operation (Leveson, 2016). In this way, the latter points out that the focus would be on enforcing safety and security requirements and constraints as well as scenarios leading to violation of these rather than preventing failures from occurring. Nonetheless, it is worth stressing that enforcing constraints could involve managing failures or avoiding them from arising. Figure 24 depicts the main steps in STAMP-STPA:

2.4.3. The Risk-Informed Decision-Making

This section addresses the risk-informed decision-making process (RIDM) which is an essential component of the proposed RM model. The concept of RIDM was developed by the US Nuclear Regulatory Commission (USNRC) and the National Aeronautics and Space Administration (NASA) in the 90s to cope with safety concerns that come with nuclear power and the aerospace industry (Travers, 1999). The International Atomic Energy Agency (IAEA) provides a generic framework for an integrated risk-informed decision-making (Lyubarskiy et al., 2011). Zio et al. (2012) mentioned that it is “structured processes which assist decision-makers when faced with high impact, complex decisions involving multiple objectives and the presence of uncertainty”. Therefore, the RIDM intends to make sure that decisions among alternatives or options are considered

with an understanding of the risks associated with each alternative in an integrated way” (Zio et al., 2012). Figure 25 depicts components that should be considered when making informed decision. A broad panoply of definitions of this concept arises from the scientific literature which shows that it is not an exact science. Bujor & Gheorghe (2010) as well as Komljenovic et al. (2016) express that the basic theory behind this concept is rather “a discipline which involves

considering, appropriately weighting, and integrating a range of often complex inputs and insights resulting from “traditional” engineering analyses, deterministic and probabilistic risk analyses, operational experience, cost-benefit considerations, regulatory requirements, allowed “time at risk”, and any other relevant quantitative, qualitative and/or intangible influential factors and considerations”.

For the intent of this study, the subsequent definition which is technology neutral by Komljenovic et al. (2016), which is in line with the definition mentioned by the Candu Owners Group (COG) is suggested (Saliba, 2010): “Decision-making in which the decision maker considers all pertinent factors, including relevant uncertainties that have a potential impact on the resolution of the issue under consideration. These factors include both quantitative and qualitative factors that are weighted in the risk-informed decision-making process in accordance with the decision-maker’s judgment and experience. The “risk” component constitutes an adequately weighted input among others, whose significance is situation specific. It is opposed to a risk-based approach where decision-making is solely based on the numerical results of a risk assessment”.

These days, the RIDM process applies to various industries, such as aerospace and infrastructure safety such as dam and aerospace safety offering effective and practical decision-making assistance to decision-makers and management, as well as stakeholders (Dezfuli et al., 2010a; Dezfuli et al., 2010b; Dezfuli et al., 2010c; Komljenovic et al., 2016). Nevertheless, this methodology is not effective for a day-to-day decision-making process.

3. The Proposed Approach for Characterizing System Safety Risks in Asset Management

Figure 26 depicts the proposed high-level risk management framework combining

the Functional Resonance Analysis Method (FRAM), the System-Theoretic Accident Model and Processes (STAMP, System Theoretic Process Analysis (STPA)) and the global risk-informed decision-making approach (RIDM) as part of an overall asset management process.

Integrated risk management has been acquiring higher importance in a large range of activities in various sectors. For example, in the electrical and nuclear power industry design and operation, such as power generation and transmission as well as distribution, Asset Management (AM) and Risk Management (RM) play a decisive role in the performance of assets (Khuntia et al., 2016; Komljenovic, 2018). Therefore, for identifying and analyzing components of risk management approaches in AM especially for new emerging safety risks within industry 4.0 in socio-technical systems, as well as the rising of extreme, rare, and disruptive events that might create fatal disturbance of the performance of organizations, first and foremost, it is essential to elaborate a model for decision-making. This model should be holistic and consider hazards occurring from the system dynamic to facilitate capturing the overall complexity of the socio-technical system. Therefore, this section describes the proposed holistic model for characterizing system safety risks in AM which is a high-level risk management framework as part of an overall AM process. We have opted for three techniques based on system theories, viz. the FRAM, the STAMP-STPA and the global RIDM processes as the best suited methodology. The proposed approach is three-fold:

• To build a model using the FRAM process that can shows the coupling among functional modules described as the interaction and dependencies among functional modules. Therefore, we are capable to show the variability of upstream functional modules and their influences on other functional modules (downstream functional modules) by up-down coupling. In the FRAM, risks might arise because of the variability of functional modules and their interactions as well as dependencies. All in all, the FRAM method examines how things take place retrospectively (“analyses of accidents or events”) or prospectively (“analyses of current work domain or envisaged scenarios for risk management”) by analyzing how work is achieved daily and how things go wrong or right. Nonetheless, it is worth emphasizing that the FRAM is a method rather than a model. This connotes that the process does not convey any assumptions about neither how the socio-technical system is designed or organized, nor what are the likely reasons and interactions among causes and effects, nor in search of failures and irregular functioning (Hollnagel, 2012). Instead, the FRAM expresses results about how functions turn out to be coupled through the six aspects of a functional module (input (I), output (O), preconditions (P), resources (R), time (T), control (C)) and how everyday performance variability might resonate (that is, the variability of a functional module may influence the variability of other functional modules and in this way triggers a “functional resonance” or non-linear effects). From the physical perspective, this is analogized to the stochastic resonance among signals with fluctuating amplitudes and frequencies. A functional resonance indicates how forces might add to each other causing the performance variability of one function to be high. This principle of functional resonance is in line with what Komljenovic et al. (2016) call a “combination of unusual circumstances should come together to produce an extreme or rare event”. These authors point out the growing complexity in modern socio-technical systems as the major causes of performance variabilities.

• To build a model of the most variable functions from the FRAM model using the STAMP-STPA process that control the behavior of both the components of the system and the system itself (taken as a whole) in order to make sure that safety requirements and constraints are implemented in the system in operation (Leveson, 2016).

• To use the outcomes from the FRAM model and the STAMP-STPA model, then outline the possibility to combine them in a single model with the Global Risk-Informed Decision-Making (RIDM) model. It will be outlined the contribution of the RIDM onto the two above-mentioned models in order to develop a high-level risk management and decision-making framework in a socio-technical system in the context of industry 4.0. The influence of the RIDM would support for long-term performance, and the sustainability of an organization in a constantly shifting and hardly predictable environment, then can consider the risks of extreme and rare events within the overall AM strategy and decision-making process.

The proposed Global RIDM process in asset management (AM) is a novel decision-making methodology appropriate for large projects such as long-term performance and sustainability. Figure 27 depicts the Global RIDM process. Step 1 set up the decision-making framework. It helps to adequately define the question, the context, the options to be studied and the decision to be made as well as the scientific and technical assessment techniques to be utilized. It should

not be neglected and can take a lot of time to achieve. Step 2 performs comprehensive qualitative and quantitative appraisals of engineering and risk, as well as current geopolitical and economical context. This phase is primarily conducted by dedicated subject matter experts by means of the suggested proper scientific and technical assessment methods, models and tools provided in Step 1. The outcomes will provide the decisions makers with relevant evidence-based information and insights to deliberate and make the final acceptable decision-making in Step 3. The latter is primarily achieved by the decision maker along with subject matter experts and stakeholders.

Figure 28 describes in details aspects of the model in step 2 of the Global RIDM process in AM which is made up of seven sub-models. Note that these seven sub-models cover the six subject groups of Figure 2 in Section 2.1, developed by the Institute of Asset Management (IAM) primarily published by the Global Forum on Maintenance and Asset Management (GFMAM), namely (i) strategy and planning, (ii) asset management decision-making, (iii) lifecycle delivery, (iv) asset information, (v) organization and people, and (vi) risk and review (GFMAM, 2014; IAM, 2015).

Furthermore, to perform generic analyses, we argue that it is required to develop a holistic AM strategy capable to consider key factors and components as well as complexity and risks. This requires integrating the seven sub-models and risk assessments outlined in the international standard ISO 31000 methodology (see section “2.3. Defining Risk and Risk Management Process” of this paper for more insight about risk assessments). Figure 29 depicts the Global Risk-Informed Decision-Making model in AM in accordance with the standard ISO 31000 approach.

The sub-models of the Global RIDM model in AM (mainly inspired by Komljenovic et al. (2016)) are characterized as follows:

1) Market sub-model;

2) Sub-model of reliability, availability, and maintenance (RAM) factors;

3) Sub-model of operations and operational constraints;

4) Revenue and cost sub-model;

5) Organizational and business sub-model;

6) Sub-model of impact regarding other influential factors and constraints;

7) Sub-model of impact regarding the strategic plan of an organization.

4. Discussion

The organizational transformation of the progressively more digitally focused business environment and its various tools to assist practitioners in a variety of industries are many areas of interest to asset subject matter experts (for e.g., electrical power centers). Diop et al. (2021) points out the cruciality to come up

with a proper balance between various challenging factors, for e.g., opportunities versus risks, costs versus profits while making decisions. The International Organization for Standardization (2014) states that “Realization of value will normally involve a balancing of costs, risks, opportunities and performance benefits”. In the same vein, the International Organization for Standardization (2018a) specified that the elements needed (i.e., principles, framework, and process) when managing risk may possibly already exist within the organization, nevertheless, they might require to be adapted or improved in order to manage risks effectively, efficiently, and consistently.

System safety risks as a priority in Asset Management (AM) are a subject matter that calls for responses in the era of industry 4.0 in socio-technical systems. Utilizing modern technologies in the workplace might potentially bring into the socio-technical systems new emerging safety risks within industry 4.0, as well as the extreme, rare, and disruptive events that might create fatal disturbance of the performance of the systems. Thus, various socio-technical systems are problematic. The difficulty of developing long-lasting solutions is clearly correlated to the growing complexity and intractability of contemporary systems. Hence, approaches and techniques that can help in identifying and analyzing components of risk management approaches in AM particularly for system safety risks are of interest. Numerous methods, from conventional to systemic approaches have been studied in socio-technical systems. Nevertheless, to identify all the aspects that impact socio-technical system safety risks, traditional approaches might not be suitable. Therefore, a novel approach is needed to deal with the challenges associated with new rising safety risks and extreme, rare events. This model should be holistic and consider risks arising from the system dynamic to enable capturing the overall complexity of the socio-technical system.

A high-level risk management framework combining the FRAM, the STAMP-STPA and the RIDM is suggested as part of an overall asset management process.

The FRAM process is applied as a systemic functional approach for accident investigation and safety risk assessment in complex socio-technical systems. It assists decision-makers and practitioners to identify variabilities that might be challenging for the socio-technical system to operate properly. In other words, it helps assess activities in complex and dynamic socio-technical systems in term of the system’s functions as well as complex dependencies and interactions among functions. Hence, the system’s functions and performance can be analyzed to identify where performance variability might arise before propagating all over the system. An accident might occur when the functional resonance intensity goes beyond a critical tolerance (abnormal vibration of functions generating a functional resonance) in terms of risk of accident. The assessment of “how functions become coupled” and “how everyday performance variability may resonate” are the main purposes of the FRAM process. It is a method rather than a model (i.e., it does not express any assumptions about potential causes or cause-and-consequence relationships nor how the system under investigation is organized or structured (Hollnagel, 2012). Consequently, the FRAM process is capable to build a functional model that can show variability of a functional module and its effects on other functional modules; however, this method is not capable to clearly provide guidelines on how to prevent variability from occurring. Accordingly, the STAMP-STPA is promising to complement the FRAM model by modelling the interaction of various components of the system. This will assist to control the behavior of both the components of the system and the system itself (taken as a whole) in order to make sure that safety requirements and constraints are enforced in the operating system.

The STAMP provides more in-depth insights of the interactions among system components and the mandatory controls of the system. Leveson (2016) has developed the STAMP, a relatively new systemic method for accident causation in complex socio-technical systems that considers factors such as human operators and organizational concerns along with the technical and technological aspects such as software and hardware. The STAMP is a top-down system engineering methodology based on overall systems theory, capable to appraise highly complex systems better than the conventional analysis methods of safety risks such as FMEA, FTA, HAZOP, ETA, Bowtie analysis, etc. The STAMP identifies violations against existing safety constraints in conjunction with the causes of failures. In the STAMP process, system safety risks and security are expressed as a “dynamic control problem”, taking into account component interactions, control and enforcement of safety constraints for both component failures and component interactions, rather than a “failure problem or reliability problem” (i.e., preventing breakdowns/malfunctioning or improving component reliability). The STAMP process includes a new top-down hazard appraisal method, viz. the System-Theoretic Process Analysis (STPA). Leveson (2018) mentioned that “the goal of the STPA analysis is to identify hazardous behaviors so they can be eliminated or controlled in the system design. These hazardous behaviors are used to identify the behavioral (functional but not probabilistic) safety requirements for the various system components, including the software and human operators”. The STPA method can offer more in-depth explanation of functions, particularly when the system is in the early design phase (Thapaliya et al., 2018). The latter can be applied at any phase of the socio-technical system life span (system design, manufacturing, operations, etc.) to provide insights about how the safety constraints might be violated (Allison et al., 2017; Ferjencik, 2011; Leveson, 2004; Ouyang et al., 2010). This approach explains “how complex systems are dynamic and migrate towards accidents due to physical, social and economic pressures, rather than sudden loss of control capacity” (Salmon et al., 2012). Nevertheless, the STAMP is not intended for decision-maker or management looking for someone to blame (Allison et al., 2017; Leveson, 2016). Whereas it might provide insights about the adjustment or changes required at a system level to prevent or reduce the impact of potential accidents. While the STAMP enables decision-makers to capture a detailed assessment of various elements of the system, the FRAM allows capturing an overview of the elements of the system and their interactions as well as their dependencies. Hence, advantages offered by the integration of the STAMP and the FRAM complementing their weakness on the assessment is promising to support the decision-makers and management. Nonetheless, it is worth accentuating that the FRAM and the STAMP do not involve quantitative components such reliability and probability.

The RIDM process is structured processes which help decision-makers and practitioners make informed decisions when confronted with complex decisions concerning various alternatives and objectives along with the existence of uncertainty. Thus, it aims at making sure that decisions among alternatives (options) are considered with a grasp of the risks accompanying each alternative in an integrated way. The RIDM process would support for the long-term performance, and the sustainability of an organization in a constantly changing and hardly predictable environment. It also can take into consideration the risks of extreme and rare events within the overall AM strategy and decision-making process in a continuous improvement process based on feedbacks from the seven sub-models of the global RIDM model in AM which strengthen the resilience of the socio-technical system and its robustness faced with disturbing events. However, it is not effective for a day-to-day decision-making process.

It is worth emphasizing that traditional analysis techniques of safety risks should not be discredited but should be extended and enhances (Leveson, 2016; Underwood et al., 2013). Albeit they could be improved, they have serious limitations on for e.g., human operators, organizational and social considerations, software program-related aspects, etc., they perform best on mechanical elements or hardware. For e.g., in some cases, Failure Modes and Effects Analysis (FMEA) or Failure Mode, Effects, and Criticality Analysis (FMECA) could be also used to complement the inputs of the Functional Resonance Analysis Method (FRAM) process.

In fine, it would be interesting to see what future case-studies will reveal about the effectiveness and usefulness of the proposed high-level risk management framework. The overall structure of these case-studies would be devoted to investigating and analyzing the impact of new emerging safety risks within industry 4.0 (emerging technology-related risks), as well as the combination of uncommon circumstances which might generate extreme, rare, and disruptive events, in the face of ongoing uncertainty in the global economy (for e.g., supply-chains) and the highly insecure political situation caused by recent armed conflicts (for e.g., Russia vs Ukraine), and the coronavirus disease pandemic that might produce serious disruption of the performance of businesses, as follows: (i) to perform a study using the FRAM process for system safety risk assessment, (ii) to perform a study using the STAMP-STPA process for system safety risk assessment in a socio-technical system in order to identify and assess the hazards and risks associated with the system dynamic to enable capturing the overall complexity of the socio-technical system and provide safety control actions in the system. Furthermore, the safety control actions identified might be attributed to one or more of the six aspects of the FRAM process functional module (to be precise: input (I), output (O), preconditions (P), resources (R), time (T), control (C)) to mitigate or prevent the performance variability of the functions. Moreover, it will be outlined the contribution of RIDM on this framework for long-term performance, and the sustainability of an organization in the overall AM strategy and decision-making.

The outcomes might enable to obtain more accurate data, then potentially provide insights into the socio-technical system from the perspective of Enterprise Risk Management (ERM) and Occupational Safety and Health (OS&H) constraints and requirements in the context of industry 4.0. These might potentially contribute to position and validate the link between this triplet of risk assessment methods within the vast field of asset management and the alignment with different levels of organizational strategy. It may well provide an understanding of the socio-technical system from the perspective of asset and risk management in the context of industry 4.0, as well as provide organizations with more resilience and robustness in the changing and complex environments. As already mentioned, the challenges would be strategic planning, operational excellence, supply-chain management, regulatory compliance, financial management, health and safety requirements, etc.

5. Conclusion

This research aimed at providing effective high-level risk management (RM) and decision-making framework for identifying, assessing, and managing those relatively new or unknown risks in just a few years ago. It also sought to establish favorable conditions in Asset Management (AM) to deal with the rising of extreme, rare, and disruptive events that might create fatal disturbance of the performance of organizations. It identified and analyzed components of RM approaches for socio-technical systems safety risks. In this respect, we have opted for a triplet of concepts that we believe is the best appropriate method, viz. the Functional Resonance Analysis Method (FRAM), the System-Theoretic Accident Model and Processes (STAMP—System Theoretic Process Analysis (STPA)) and the global risk-informed decision-making approach (RIDM) in asset management. We first discuss the advantages of these methods then shape the possibility of combining them to conduct high-level risk management and decision-making framework. These techniques are much more powerful and useful than the traditional approaches to engineer the complex socio-technical systems.

Acknowledgements

The authors acknowledge the anonymous reviewers, whose critiques and suggestions improved the quality of this manuscript.

Appendices

Appendix A

Appendix B

Fu et al. (2020) has conducted a study entitled “the development history of accident causation models in the past 100 years”. The latter has gathered twenty-nine innovative accident causation models classified into two broad groups (linear accident causation models (focusing on linear sequence of events) and nonlinear accident models (focusing on the insecure acts of human besides the interactions of underlying latent conditions)) as depicted in Figure 38 below. The STAMP causality model and the FRAM process are both characterized as nonlinear system-based accident models for analyzing risks in complex socio-technical systems.

Appendix C

Japan’s Society 5.0 was proposed in the fifth Japan Science and Technology Basic Plan to inspire future society (Business-20, 2019; Onday, 2019). Society 5.0 is “a human-centered society that balances economic advancement with the resolution of social problems by a system that highly integrates cyberspace and physical space. Society 5.0 follows the hunting society (Society 1.0), agricultural society (Society 2.0), industrial society (Society 3.0), and information society (Society 4.0)” (Cabinet Office, 2022).

Appendix D

Figure 40 below depicts the Dynamic Resilience Framework proposed by the World Energy Council (WEC, 2022) which focuses on (i) extreme weather, (ii) cyber risks and (iii) geo-spatial analysis for managing those risks in order to contribute to creating capacity and capabilities. The World Energy Council (WEC, 2022) mentioned that “in a world characterised by opportunities for digital prosperity, converging and decentralising technologies and the continued concentration of people and assets in ever-larger cities, extreme weather events—fires, floods and ice storms—and natural hazards—earthquakes, tsunamis and volcanic eruptions—are emerging and systemic risks. Governments and businesses are challenged to appreciate and address the broader and faster shifting landscape of risk to an embedded energy system. Cascading failures present a new threat potential that cannot be addressed fully by mitigating risks to specific parts of the system”.

NOTES

¹“Uncertainty is an intrinsic part of decisions about the prospective behavior of a complex system over long periods of time. (…). The principal challenge of safety assessment is to translate the results of an uncertain calculation, (…), to the needs of the decision maker, who must ultimately make a binary (yes or no) decision whether the system meets the performance objectives” (Kozak, 2017). “An epistemic uncertainty refers to the deficiencies by a lack of knowledge or information” (Bi, 2017). Aleatory uncertainty occurs when an event arises randomly (Komljenovic et al., 2016).

²“A Complex Adaptive System is a system that is complex in that it is a dynamic network of interactions, but the behavior of the ensemble may not be predictable according to the behavior of the components. It is adaptive in that the individual and collective behavior mutate and self-organize corresponding to the change-initiating micro-event or collection of events” (Anish & Gupta, 2010; Miller et al., 2009; Mitleton-Kelly, 2003).

³Effect is a deviation from the expected. It can be positive, negative or both, and can address, create, or result in opportunities and threats. Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product, and process). Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood” (International Organization for Standardization, 2009, 2018a).

⁴“In the FRAM, a function represents the means that are necessary to achieve a goal. More generally, a function refers to the activities—or set of activities—that are required to produce a certain outcome. A function describes what people—individually or collectively—have to do in order to achieve a specific aim. A function can also refer to what an organization does: for example, the function of an emergency room is to treat incoming patients. A function can finally refer to what a technological system does either by itself (an automated function) or in collaboration with one or more humans (an interactive function or co-agency)” (Hollnagel, 2016).

⁵Emergent system properties: “Emergence is a basic concept in system theory. Emergent system properties are not in the individual system components but emerge from the interactions among the components” (Leveson, 2018). “In systems theory, emergent properties, such as safety, arise from the interactions among the system components. The emergent properties are controlled by imposing constraints on the behavior of interactions among the components. Safety then becomes a control problem where the goal of the control is to enforce the safety constraints. Accidents result from inadequate control or enforcement of safety-related constraints on the development, design and operation of the system (Leveson, 2016).

Conflicts of Interest

The authors declare no conflicts of interest regarding the publication of this paper.

References

[1]	Abdul-Nour, G., Gauthier, F., Diallo, I., Komljenovic, D., Vaillancourt, R., & Côté, A. (2021). Development of a Resilience Management Framework Adapted to Complex Asset Systems: Hydro-Québec Research Chair on Asset Management. In A. Crespo Márquez, D. Komljenovic, & J. Amadi-Echendu (Eds.), 14th World Congress on Engineering Asset Management (WCEAM 2019) (pp. 126-136). Springer. https://doi.org/10.1007/978-3-030-64228-0_12
[2]	Aguilera, M. V. C., da Fonseca, B. B., Ferris, T. K., Vidal, M. C. R., & de Carvalho, P. V. R. (2016). Modelling Performance Variabilities in Oil Spill Response to Improve System Resilience. Journal of Loss Prevention in the Process Industries, 41, 18-30. https://doi.org/10.1016/j.jlp.2016.02.018
[3]	Allison, C. K., Revell, K. M., Sears, R., & Stanton, N. A. (2017). Systems Theoretic Accident Model and Process (STAMP) Safety Modelling Applied to an Aircraft Rapid Decompression Event. Safety Science, 98, 159-166. https://doi.org/10.1016/j.ssci.2017.06.011
[4]	Anish, S., & Gupta, A. (2010). Insights from Complexity Theory: Understanding Organizations Better. Indian Institute of Management. https://tejas.iimb.ac.in/articles/12.php?print=true
[5]	Anvarifar, F., Voorendt, M. Z., Zevenbergen, C., & Thissen, W. (2017). An Application of the Functional Resonance Analysis Method (FRAM) to Risk Analysis of Multifunctional Flood Defences in the Netherlands. Reliability Engineering and System Safety, 158, 130-141. https://doi.org/10.1016/j.ress.2016.10.004
[6]	Asset Management Council Melbourne (2014). Asset Management Body of Knowledge (AMBOK): Framework for Asset Management.
[7]	Baglee, D., Knowles, M., Kinnunen, S.-K., & Galar, D. (2016). A Proposed Maintenance Strategy for a Wind Turbine Gearbox Using Condition Monitoring Techniques. International Journal of Process Management and Benchmarking, 6, 386-403. https://doi.org/10.1504/IJPMB.2016.077629
[8]	Bi, Z. (2017). Finite Element Analysis Applications: A Systematic and Practical Approach. Academic Press.
[9]	Blanchet, M., & Bergerried, R. (2014). Industrie 4.0-Les leviers de la transformation. http://www.gimelec.fr/Publications-Outils/Industrie-4.0-les-leviers-de-la-transformation
[10]	Boston-Consulting-Group (2020). Putting Industry 4.0 to Work. https://www.bcg.com/fr-ca/capabilities/operations/embracing-industry-4.0-rediscovering-growth
[11]	Breque, M., De Nul, L., & Petridis, A. (2021). Industry 5—Towards a Sustainable, Human-Centric and Resilient European Industry. Directorate-General for Research and Innovation. The Publications Office of the European Union.
[12]	British Standards Institution (2008). Asset Management: Specification for the Optimized Management of Physical Assets.
[13]	Brown, K., Laue, M., Tafur, J., Mahmood, M. N., Scherrer, P., & Keast, R. (2014). An Integrated Approach to Strategic Asset Management. In Gheorghe, A., M. Masera, & P. Katina (Eds.), Infranomics (pp. 57-74). Springer. https://doi.org/10.1007/978-3-319-02493-6_5
[14]	Bujor, A., & Gheorghe, R. (2010). Risk Informed Decision Making-Specific Aspects for Risk-Informing Decisions in a Regulatory Environment. Paper Presented at the European Safety and Reliability Annual Conference: Reliability, Risk and Safety: Back to the Future, ESREL 2010.
[15]	Business-20 (2019). B20 Tokyo Summit Joint Recommendations “Society 5.0 for SDGs”. Keidanren. http://www.keidanren.or.jp/en/policy/2019/020_Recommendations.pdf
[16]	Cabinet Office (2022). Society 5.0. https://www8.cao.go.jp/cstp/english/society5_0/index.html
[17]	CEN (European Committee for Standardization) (2013). Managing Emerging Technology-Related Risks (DIN CWA 16649 (DIN SPEC 91299): 2013-10).
[18]	Checkland, P. (1981). Systems Thinking, Systems Practice. John Wiley & Sons.
[19]	Conseil International des Grands Réseaux Électriques (2013). CIGRÉ: Asset Management Decision Making Using Different Risk Assessment Methodologies.
[20]	Costantino, F., Di Gravio, G., & Tronci, M. (2018). Environmental Audit Improvements in Industrial Systems through FRAM. IFAC-PapersOnLine, 51, 1155-1161. https://doi.org/10.1016/j.ifacol.2018.08.434
[21]	De Carvalho, P. V. R. (2011). The Use of Functional Resonance Analysis Method (FRAM) in a Mid-Air Collision to Understand Some Characteristics of the Air Traffic Management System Resilience. Reliability Engineering and System Safety, 96, 1482-1498. https://doi.org/10.1016/j.ress.2011.05.009
[22]	Dezfuli, H., Maggio, G., & Everett, C. (2010a). Risk-Informed Decision Making Application to Technology Development Alternative Selection. Paper Presented at the 4th IAASS Conference ‘Making Safety Matter’.
[23]	Dezfuli, H., Stamatelatos, M., Maggio, G., & Everett, C. (2010). Risk-Informed Decision Making in the Context of NASA Risk Management. 10th International Conference on Probabilistic Safety Assessment and Management 2010, (p. 13). PSAM.
[24]	Dezfuli, H., Stamatelatos, M., Maggio, G., & Everett, C. (2010b). Risk-Informed Decision Making in the Context of NASA Risk Management. Paper Presented at the 10th International Conference on Probabilistic Safety Assessment and Management 2010, PSAM 2010.
[25]	Dezfuli, H., Stamatelatos, M., Maggio, G., Everett, C., Youngblood, R., Rutledge, P. et al. (2010c). NASA Risk-Informed Decision Making Handbook. Books Express Publishing.
[26]	Diop, I., Abdul-Nour, G., & Komljenovic, D. (2022). The Functional Resonance Analysis Method: A Performance Appraisal Tool for Risk Assessment and Accident Investigation in Complex and Dynamic Socio-Technical Systems. American Journal of Industrial and Business Management, 12, 195-230. https://doi.org/10.4236/ajibm.2022.122013
[27]	Diop, I., Georges, A., & Komljenovic, D. (2021). Overview of Strategic Approach to Asset Management and Decision-Making. International Journal of Engineering Research & Technology, 10, 64-89.
[28]	Diop, I., Nadeau, S., & Emami-Mehrgani, B. (2019). A Mathematical Model: A Flexible Manufacturing System, Prone to Error, Making Two Products Each with Stochastic Demand Schedules. American Journal of Industrial and Business Management, 9, 139-168. https://doi.org/10.4236/ajibm.2019.91011
[29]	Electrical Power Research-Institute (EPRI) (2002). Risk-Informed Asset Management (RIAM) Development Plan.
[30]	Erboz, G. (2017). How to Define Industry 4.0: The Main Pillars of Industry 4.0. Managerial Trends in the Development of Enterprises in Globalization Era (pp. 761-767). The Journal of Economic Literature.
[31]	European-Asset-Management-Committee (2017). Vers l’usine du futur—White Paper. EFICIO, l’efficience des CIO et l’efficacité des processus transformés. http://www.eficio.ca
[32]	Farmer, J. D. (2012). Economics Needs to Treat the Economy as a Complex System. Paper Presented at the Paper for the INET Conference ‘Rethinking Economics and Politics. The Journal of Economic Literature.
[33]	Ferjencik, M. (2011). An Integrated Approach to the Analysis of Incident Causes. Safety science, 49, 886-905. https://doi.org/10.1016/j.ssci.2011.02.005
[34]	França, J. E. M., Hollnagel, E., dos Santos, I. J. A. L., & Haddad, A. N. (2020). FRAM AHP Approach to Analyse Offshore Oil Well Drilling and Construction Focused on Human Factors. Cognition, Technology & Work, 22, 653-665. https://doi.org/10.1007/s10111-019-00594-z
[35]	Fu, G., Xie, X., Jia, Q., Li, Z., Chen, P., & Ge, Y. (2020). The Development History of Accident Causation Models in the Past 100 Years: 24Model, a More Modern Accident Causation Model. Process Safety and Environmental Protection, 134, 47-82. https://doi.org/10.1016/j.psep.2019.11.027
[36]	Gaha, M., Chabane, B., Komljenovic, D., Côté, A., Hébert, C., Blancke, O. et al. (2021). Global Methodology for Electrical Utilities Maintenance Assessment Based on Risk-Informed Decision Making. Sustainability, 3, Article No. 9091. https://doi.org/10.3390/su13169091
[37]	Gao, Y., Fan, Y., Wang, J., & Duan, Z. (2019). Evaluation of Governmental Safety Regulatory Functions in Preventing Major Accidents in China. Safety Science, 120, 299-311. https://doi.org/10.1016/j.ssci.2019.07.002
[38]	GFMAM (Global-Forum-on-Maintenance and Asset-Management) (2014). The Asset Management Landscape. http://www.gfmam.org
[39]	Heinrich, H. W., Peterson, D., & Roos, W. (1980). Industrial Accident Prevention (1st ed.). McGraw-Hill book Company, Inc.
[40]	Herrera, I. A., & Woltjer, R. (2010). Comparing a Multi-Linear (STEP) and Systemic (FRAM) Method for Accident Analysis. Reliability Engineering & System Safety, 95, 1269-1275. https://doi.org/10.1016/j.ress.2010.06.003
[41]	Hickford, A. J., Blainey, S. P., Hortelano, A. O., & Pant, R. (2018). Resilience Engineering: Theory and Practice in Interdependent Infrastructure Systems. Environment Systems and Decisions, 38, 278-291. https://doi.org/10.1016/j.ress.2010.06.003
[42]	Hollnagel, E. (2004). Barriers and Accident Prevention. Ashgate.
[43]	Hollnagel, E. (2012). FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-Technical Systems. Ashgate Publishing Ltd.
[44]	Hollnagel, E. (2013). Resilience Engineering in Practice: A Guidebook. Ashgate Publishing, Ltd.
[45]	Hollnagel, E. (2014). Safety-I and Safety-II. The Past and Future of Safety Management. Ashgate.
[46]	Hollnagel, E. (2016). A FRAM Glossary. https://www.functionalresonance.com/
[47]	Hollnagel, E. (2018). Safety-I and safety-II: the Past and Future of Safety Management. CRC Press.
[48]	Hollnagel, E., & Speziali, J. (2008b). Study on Developments in Accident Investigation Methods: A Survey of the ‘State-of-the-Art’. Swedish Nuclear Power Inspectorate. https://www.osti.gov/etdeweb/biblio/945469
[49]	Hollnagel, E., Pruchnicki, Shawn, Woltjer, Rogier, & Etcher, Shawn. (2008a). Analysis of Comair Flight 5191 with the Functional Resonance Accident Model. Paper Presented at the 8th International Symposium of the Australian Aviation Psychology Association.
[50]	Hollnagel, E., Woods, D. D., & Leveson, N. (2012). Resilience Engineering: Concepts and Precepts. Ashgate Publishing Ltd.
[51]	Hounsgaard, J. (2016). Patient Safety in Everyday Work: Learning from Things That Go Right. Syddansk Universitet.
[52]	Huang, W., Yin, D., Xu, Y., Zhang, R., & Xu, M. (2022). Using N-K Model to Quantitatively Calculate the Variability in Functional Resonance Analysis Method. Reliability Engineering and System Safety, 217, Article ID: 108058. https://doi.org/10.1016/j.ress.2021.108058
[53]	IAM (Institute-of-Asset-Management) (2015). Asset Management—An Anatomy V3. Institute of Asset Management. https://theiam.org/media/1781/iam_anatomy_ver3_web.pdf
[54]	ISO (International Organization for Standardization) (2009). ISO GUIDE 73:2009 Risk Management—Vocabulary (p. 15). Technical Committee: ISO/TMBG Technical Management Board-Groups.
[55]	ISO (International Organization for Standardization) (2014). ISO-55000: Asset management—Overview, Principles and Terminology (p. 19). Technical Committee: ISO/TC 251, Asset Management, International Organization for Standardization.
[56]	ISO (International Organization for Standardization) (2018a). ISO 31000:2018 Risk management—Guidelines (p. 16). Technical Committee: ISO/TC 262 Risk Management. International Organization for Standardization.
[57]	ISO (International Organization for Standardization) (2018b). ISO 31050 Guidance for Managing Emerging Risks to Enhance Resilience. Work Group 8 (WG8) of the Technical Committee TC262, International Organization for Standardization.
[58]	ISO (International Organization for Standardization) (2019). ISO-55010: A Guidance on the Alignment of Financial and Non-Financial Functions in Asset Management. (p. 40). Technical Committee : ISO/TC 251 Asset Management, Asset Management, International Organization for Standardization.
[59]	Kagermann, H., Lukas, W.-D., & Wahlster, W. (2011). Industrie 4.0: Mit dem Internet der Dinge auf dem Weg zur 4. industriellen Revolution. VDI nachrichten, 13, 2-3.
[60]	Katina, Polinpapilinho F, Pyne, James C, Keating, Charles B, & Komljenovic, D. (2021). Complex System Governance as a Framework for Asset Management. Sustainability, 13, Article No. 8502. https://doi.org/10.3390/su13158502
[61]	Keating, C. B., Katina, P. F., Chesterman, C. W., & Pyne, J. C. (2022). Future Challenges for Complex System Governance Research and Practice. In C. B. Keating, P. F. Katina, C. W. Chesterman Jr., & J. C. Pyne (Eds.), Complex System Governance (pp. 541-575). Springer. https://doi.org/10.1007/978-3-030-93852-9_17
[62]	Khuntia, S. R., Rueda, J. L., Bouwman, S., & van der Meijden, M. A. M. M. (2016). A Literature Survey on Asset Management in Electrical Power [Transmission and Distribution] System. International Transactions on Electrical Energy Systems, 26, 2123-2133. https://doi.org/10.1002/etep.2193
[63]	Klim, Z, Balazinski, M., & Komljenovic, D. (2011). Probabilistic Approach Limitations in the Analysis of Safety Critical Systems. In M. Singh, R. B. K. N. Rao, & P. Liyanage (Eds.), Proceedings of 24th International Congress on Condition Monitoring and Diagnostics Engineering Management (p. 10). COMADEM International.
[64]	Komljenovic, D. (2018). Prise de décision en gestion des actifs industriels en tenant compte des risques. Université du Québec à Trois-Rivières.
[65]	Komljenovic, D. (2021). Engineering Asset Management at Times of Major, Large-Scale Instabilities and Disruptions. In A. Crespo Márquez, D. Komljenovic, & J. Amadi-Echendu (Eds.), Proceedings of 14th World Congress on Engineering Asset Management (pp. 255-270). Springer. https://doi.org/10.1007/978-3-030-64228-0_22
[66]	Komljenovic, D., Gaha, M., Abdul-Nour, G., Langheit, C., & Bourgeois, M. (2016). Risks of Extreme and Rare Events in Asset Management. Safety Science, 88, 129-145. https://doi.org/10.1016/j.ssci.2016.05.004
[67]	Kozak, M. W. (2017). Safety Assessment for Near-Surface Disposal of Low and Intermediate Level Wastes. In M. J. Apted, & J. Ahn (Eds.), Geological Repository Systems for Safe Disposal of Spent Nuclear Fuels and Radioactive Waste (pp. 475-498). Elsevier. https://doi.org/10.1016/B978-0-08-100642-9.00016-5
[68]	Kumar, U., & Ellingsen, H. P. (2000). Design and Development of Maintenance Performance Indicators for the Norwegian Oil and Gas Industry. Proceedings of the 15th European Maintenance Congress: Euromaintenance 2000. (pp. 224-228). The Swedish Maintenance Society (UTEK) and The European Federation of National Maintenance Societies (EFNMS).
[69]	Leveson, N. (2004). A New Accident Model for Engineering Safer Systems. Safety Science, 42, 237-270. https://doi.org/10.1016/S0925-7535(03)00047-X
[70]	Leveson, N. G. (2016). Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press.
[71]	Leveson, N. G. (2018). Safety Analysis in Early Concept Development and Requirements Generation. INCOSE International Symposium, 28, 441-455. https://doi.org/10.1002/j.2334-5837.2018.00492.x
[72]	Lyubarskiy, A., Kuzmina, I., & El-Shanawany, M. (2011). Advances in Risk Informed Decision Making–IAEA’s Approach. Paper Presented at the Proceedings of the Nordic PSA Conference.
[73]	Mahajan, H. S., Bradley, T., & Pasricha, S. (2017). Application of Systems Theoretic Process Analysis to a Lane Keeping Assist System. Reliability Engineering & System Safety, 167, 177-183. https://doi.org/10.1016/j.ress.2017.05.037
[74]	Miller, J. H., & Page, S. (2009). Complex Adaptive Systems: An Introduction to Computational Models of Social Life: An Introduction to Computational Models of Social Life. Princeton University Press. https://doi.org/10.1515/9781400835522
[75]	Mitleton-Kelly, E. (2003). Ten Principles of Complexity and Enabling Infrastructures (Vol. 1). Elsevier.
[76]	Müller, J. (2020). Enabling Technologies for Industry 5.0 (pp. 8-10). European Commission.
[77]	Onday, O. (2019). Japan’s Society 5.0: Going beyond Industry 4.0. Business and Economics Journal, 10, Article No. 389.
[78]	Ouyang, M., Hong, L., Yu, M.-H., & Fei, Q. (2010). STAMP-Based Analysis on the Railway Accident and Accident Spreading: Taking the China-Jiaoji Railway Accident for Example. Safety Science, 48, 544-555. https://doi.org/10.1016/j.ssci.2010.01.002
[79]	Reason, J. (1997). Managing the Risks of Organizational Accidents. Ashgate Published Limited.
[80]	Rosa, L. V., Haddad, A. N., & de Carvalho, P. V. R. (2015). Assessing Risk in Sustainable Construction Using the Functional Resonance Analysis Method (FRAM). Cognition, Technology and Work, 17, 559-573. https://doi.org/10.1007/s10111-015-0337-z
[81]	Roshani, E., & Filion, Y. R. (2014). Event-Based Approach to Optimize the Timing of Water Main Rehabilitation with Asset Management Strategies. Journal of Water Resources Planning and Management, 140, Article ID: 04014004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000392
[82]	Salmon, P. M., Cornelissen, M., & Trotter, M. J. (2012). Systems-Based Accident Analysis Methods: A Comparison of Accimap, HFACS, and STAMP. Safety Science, 50, 1158-1170. https://doi.org/10.1016/j.ssci.2011.11.009
[83]	Slater, D., Hollnagel, E., MacKinnon, R., Sujan, M., Carson-Stevens, A., Ross, A. et al. (2022). A Systems Analysis of the COVID-19 Pandemic Response in the United Kingdom—Part 1: The overall Context. Safety Science, 146, Article ID: 105525. https://doi.org/10.1016/j.ssci.2021.105525
[84]	Sun, L., Li, Y.-F., & Zio, E. (2022). Comparison of the HAZOP, FMEA, FRAM, and STPA Methods for the Hazard Analysis of Automatic Emergency Brake Systems. ASCE-ASME Journal of Risk and Uncertainty in Engineering Systems, Part B: Mechanical Engineering, 8, Article ID: 231104. https://doi.org/10.1115/1.4051940
[85]	Thapaliya, A., & Kwon, G. (2018). Realization of Combined Systemic Safety Analysis of Adverse Train Control System Using Model Checking. In J. Hung, N. Yen, & L. Hui (Eds.), Frontier Computing: Theory, Technologies and Applications (pp. 419-430). Springer. https://doi.org/10.1007/978-981-13-3648-5_49
[86]	Travers, W. D. (1999). Staff Requirements—SECY-98-14—White Paper on Risk-Informed and Performance-Based Regulation. US Nuclear Regulatory Commission (NRC). http://pbadupws.nrc.gov/docs/ML0037/ML003753601.pdf
[87]	Underwood, P., & Waterson, P. (2013). Accident Analysis Models and Methods: Guidance for Safety Professionals. Loughborough University.
[88]	US Nuclear Regulatory Commission (2002). Regulatory Guide, 1, 174, Rev. 1: An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis. US Nuclear Regulatory Commission.
[89]	WEC (World Energy Concil) (2022). Dynamic Resilience Framework. https://www.worldenergy.org/transition-toolkit/dynamic-resilience-framework
[90]	Woods, D. D. (2015). Four Concepts for Resilience and the Implications for the Future of Resilience Engineering. Reliability Engineering and System Safety, 141, 5-9.
[91]	Xu, X., Lu, Y., Vogel-Heuser, B., & Wang, L. (2021). Industry 4.0 and Industry 5.0—Inception, Conception and Perception. Journal of Manufacturing Systems, 61, 530-535. https://doi.org/10.1016/j.ress.2015.03.018
[92]	Zio, E., & Pedroni, N. (2012). Overview of Risk-Informed Decision-Making Processes. FonCSI. https://doi.org/10.1016/j.jmsy.2021.10.006