Applying the Theory of Reliability to the Assessment of Hazard, Risk and Safety in a Hydrologic System: A Case Study in the Upper Sola River Catchment, Poland

Abstract

River basin safety issues and hazards arising from extreme hydrological and meteorological events pose significant risks to human life and can entail economic and financial losses. In this study, the practical aspects of reliability theory linked to reliability engineering, and the associated mathematical tools used to describe technical systems, were applied to explore the structural reliability of a quasi-natural system—a portion of the Upper Sola River catchment in Poland. As part of this study, methods such as the Fault Tree Method (FTM), Event Tree Method (ETM), Risk Matrix and Ranking Method for assessing hazard, risk and losses connected with the occurrence of such events are suggested to improve flood risk management and enhance the capacity to safeguard against such events by improving current flood protection protocols in accordance with EC Flood Directives.

1. Introduction

In force since 26 November 2007, flood protection directives within the European Union (EU) are outlined in the Flood Directive on the assessment and management of flood risks [1], which sets goals, suggests activities and provides methods to reduce the adverse effects of floods. However, the implementation of the directive’s recommendations has proven to be a major challenge for a number of nations within the European Community. The concept of flood risk combines the probability of flooding (threat or hazard), and the related potential negative consequences with respect to human health and life, the environment, cultural heritage and economic activities. These consequences reflect the management of the affected area (exposure), the vulnerability of the elements managed within the flood event, and the ability of local communities to combat the threat and reality of floods (sensitivity or resilience). Flooding risk is a function of hazard, exposure and sensitivity to flooding, key factors in determining, respectively, the magnitude and areal extent of extreme events’ impacts, land-use within the geographic area of the event’s impact, and the resilience of people and objects to event occurrence. According to current EU (including Poland) regulations a three-pronged strategy is to be applied in limiting the effects of floods:

(i) Protecting individuals through hazard mitigation by way of technical protection activities such as dams and retention reservoirs, polders, relief canals, levees, riverbed regulation, activities for basin retention development, etc.,

(ii) isolating/limiting individuals’ exposure to flood waters by reducing high risk land uses, e.g., moving endangered properties and banning new construction in areas at risk of flooding, and

(iii) developing the ability of individuals and society as a whole to live with floods, e.g., hydrological forecasting and warning, preparation and evacuation of endangered populations, education of society, development of insurance and compensation systems, etc. These strategies are designed to mitigate the effects of flooding and reduce flood losses.

Though all countries follow the EU Flood Directive, flood loss risk assessment is undertaken differently in different European countries. In Germany, for example, flood losses are determined through a loss function dependent on land-use classes and the value of the property and the loss of the population depending on the depth of inundation of residential buildings [2,3,4]. In contrast, the French approach uses norms of sensitivity, developed for rural and urban areas, based on the depth and duration of flooding and flow velocity [5,6,7]. Based on the type of statistical-derived probability of destruction of flood protection structures (objects)—e.g., levees that protect sites vulnerable to river or storm surge flooding—the approach taken by English and Welsh authorities [8] differs significantly from those of the German and French authorities. Depending on the magnitude of the flood and objects’ structural parameters, various scenarios were analyzed with respect to the destruction of flood protection structures, and the attending economic and social losses in riverine and littoral areas. These losses were a reflection of the terrain’s configuration, of flow velocity, time and volume, inundation depth, land-use, as well as the characteristics of the resident human population. Polish legislation deviated slightly from the German approach in accounting for the specifics of the areas at risk of flooding. As of 2015, work in Poland had mainly focused on: (i) Determining floodplains in a preliminary flood risk assessment, (ii) drawing up flood hazard and flood risk maps using numerical terrain models, GIS tools and hydrodynamic models, and (iii) developing flood risk management plans [9]. Currently, a second planning cycle is underway, in which heretofore compiled maps and plans will be verified.

Our proposed methodology sought to improve the safety and reliability of hydrological systems, by either increasing the reliability of the elements of the system that have a significant impact on its proper functioning, or by adding other elements to the existing structures in the system, thereby providing greater reliability. In the case of complex systems, such as hydrological systems, this is key to planning the construction of technical flood protection works, the modernization of existing hydraulic structures, as well as in land-use planning and the use of non-technical measures.

The proposal to use the tools of reliability theory in the field of flood protection creates opportunities for a better description of the reliable functioning of hydrological systems. Moreover, through hydraulic modeling of river flow and planning activities, it allows for a better use of current methods of assessing risk, particularly that posed by extreme hydrological events. The methods for managing the risk of extreme flows and providing protection against floods presented here are not intended to put into question the European Floods Directive [1] currently employed in EU countries, but rather to complement them.

2. Theoretical Background

To date, the theory of reliability has mainly been applied to: (i) Describing technical objects in fields such as aviation, construction machinery and transportation [10,11,12,13], building structures [14], and (ii) describing technical systems, e.g., water-supply and sewage systems [15,16,17], safety-critical electrical and electronic systems [18] and flood defense systems (building of levees, dikes and hydraulic structures [19]. Attempts have been made to apply reliability engineering in the field of water management, notably for: Water reservoir operation [20], assessment of water resources [21,22], water resources systems operation [23], and hydrologic design of flood mitigation dams [24].

Reliability theory can also serve as an aid in the analysis of extreme values of river flow and their impact on the safe operation of a hydrological system, i.e., a functional-spatial system existing within a river catchment area, including surface and groundwater, the natural environment, technical and non-technical activities or structures that develop the resources, as well as links between these elements. The hydrological system is therefore presented and discussed as a water engineering system, directly related to the issues of risk management of extreme flows.

In the present hydrological study, the primary study object was the river catchment (i.e., watershed or on a larger scale, river basin), viewed not only as a purely natural hydrological system, but as a water management system, subject to continuous changes under human influence. Accordingly, the river catchment was treated as a complex object consisting of elements that are on the one hand, resources of surface water and groundwater occurring in a natural environment and, on the other hand, hydraulic structures for using those resources, and the linkages between these elements.

In reliability and safety theory, the term object implies a functional unit, a technical solution, an organizational solution with specific operating features, which both determines the properties of the object and provides its terms of use; the term operating features refers to those features relevant to the user in terms of employing the object [25]. In hydrology, the object is the hydrological system, a complex object, with an established organization and complement of relationships, composed of a set of interconnected indivisible elements or objects (e.g., hydraulic structures such as retention reservoirs, levees, polders, relief canals, etc., as well as a catchment, river valley or river bed retention) which implement the full system’s functionality and define its operating parameters.

An undesirable event is defined as one causing failure in an object’s operation; such events in a hydrological context could be extremes of flooding or drought. The term failure of object means any event that precludes, physically or conventionally, a given object from fulfilling its envisioned functions [11]. In the case of a river catchment with existing flood protection infrastructure, the failure of such a complex object will result in the undesirable event of flooding. Depending on the severity of the hazard brought on by the occurrence of an undesirable event within the hydrological system, individual elements of its structure may suffer physical and/or conventional failures. The technical elements present in a hydrological system are considered as indivisible objects that constitute the technical flood protection infrastructure. In this context, the term damage of object is understood as a synonym for failure of a technical object, with the damage being the physical failure of said object.

In view of the above terminology, a general definition of reliability can be adopted: An object’s ability to operate correctly, that is, perform its functions within a specified time and without failure. Such a definition can be elaborated for a specific object (e.g., a river catchment with existing flood protection infrastructure such as retention reservoirs, levees) based on information regarding the object’s features and the elements crucial for its reliability or failure.

Accordingly, a hydrological system’s or river catchment’s reliability resides in its ability, at any given time, to store potentially flood-causing extreme precipitation in existing, well maintained (i.e., in a good technical state), operating-as-designed, river bed retention reservoirs or levee-enclosed floodplains, following state-of-the-art land-use protocols to reduce surface runoff. In other words, the hydrological system’s reliability is tied to the capacity of the elements from which it is built, to perform in a specified time, without failure, the functions for which they are designed—without the occurrence of flooding.

If we accept that the occurrence of flooding constitutes a failure of the hydrological system above a certain maximum threshold flow, Q_af, given as the mean flow of the largest observed floods, then a time series analysis will show periods during which the hydrological system functions reliably (τ_i), moments at which failure occurred (t_i), periods during which failure endures (τ_wi), and periods of system renewal (ϑ_i) during which the system returns to full fitness after the period of failure (end of flooding) (Figure 1).

For hydrological systems, the object reliability function, $R\left(t\right)$, is a well-characterized measure that represents the probability of meeting the requirement of proper operation.

$$R\left(t\right)=P(\tau >t)$$

(1)

where:

• $t$ is time,
• $t_i$ the moment failure occurs,
• $P(.)$ the probability of non-failure occurrence up to time t_i, and
• $\tau$ the duration of object function without failure i.

Expressing an exceedance probability with respect to the range [0, 1] through a non-increasing function, $R\left(t\right)$ takes on a value of $R_0=1.0$ at time $t=0$, and indicates the object is functioning well (i.e., usable). Conversely, if $\tau \le t$, the object is unfit for operation. Accordingly, the probability of object failure to time t_i is as follows:

$$F\left(t\right)=P\left(\tau \le t\right)$$

(2)

where:

• $F\left(t\right)$ is a cumulative distribution function, otherwise known as the object failure function, and $R\left(t\right)+F\left(t\right)=1,R\left(t\right)=1-F\left(t\right)\mathrm{or}F\left(t\right)=1-R\left(t\right)$.

More about measures of reliability theory one can find practically in every book or article concerning this subject for example in [18,25,26] and later on in Section 4.

2.1. The Reliability Structure of a Hydrologic System (Reliability Block Diagram)

In the case of a complex object such as a hydrological system, it is important to determine the reliability of the object according to its structure and elements (reliability block diagram). In a model of a complex object, the reliability structure often takes on a mixed form composed of various structures.

2.2. Mixed Structure of a Hydrologic System

Typically, a mixed (composite) structure includes serial elements connected with elements operating in parallel (Figure 2).

Assuming the time independence of the failure-free operation of a mixed structure’s individual elements, the mixed structure of a hydrological system including the river valley’s retention and one levee and one polder (Figure 2) yields an $R\left(t\right)$ and $F\left(t\right)$ calculated as:

serial structure

$$F\left(t\right)=1-{\displaystyle \prod }_{i=1}^{i=n}{R}_i\left(t\right)=1-{\displaystyle \prod }_{i=1}^{i=n}\left[1-F_i\left(t\right)\right]$$

(3)

$$R\left(t\right)={\displaystyle \prod }_{i=1}^{i=n}{R}_i\left(t\right)$$

(4)

and parallel structure

$$R\left(t\right)=1-{\displaystyle \prod }_{i=1}^{i=n}{F}_i\left(t\right)=1-{\displaystyle \prod }_{i=1}^{i=n}\left[1-R_i\left(t\right)\right]$$

(5)

$$F\left(t\right)={\displaystyle \prod }_{i=1}^{i=n}{F}_i\left(t\right)$$

(6)

where,

• i is the element number, where i = 1, river valley retention; i = 2, levee; and i = 3, polder (Figure 2),
• $F_i\left(t\right)$ is the failure function of the i^th element, and
• $R_i\left(t\right)$ is the reliability function of the i^th element.

For the specific case shown in Figure 2, the equations for $R\left(t\right)$ and $F\left(t\right)$can be written, respectively, as:

$$R\left(t\right)=R_1\left(t\right)\times \left[1-\left(\left[1-R_2\left(t\right)\right]\times \left[1-R_3\left(t\right)\right]\right)\right]$$

(7)

$$F\left(t\right)=1-\left(\left[1-F_1\left(t\right)\right]\times \left[1-\left(F_2\left(t\right)\times F_3\left(t\right)\right)\right]\right)$$

(8)

In the case of some objects, such as hydrological systems, a reliability structure can be created by elements treated as events that can appear in the object, in addition to elements physically existing in the object. Accordingly, a convenient way to graphically represent and analyze the object’s reliability structure is the Fault Tree Method (FTM).

2.3. The Fault Tree Method (FTM) in the Reliability Analysis of Hydrological Systems

In assessing complex object reliability, if its elements—in particular its physical elements—are known, then a model of reliability for such an object is easily presented in qualitative form as a structure of reliability (Figure 2) and quantitatively using measures of reliability (Equations (3)–(8)). For more complex hydrological systems, an FTM model can be used where the mathematical description of failure takes the form of probabilities of so-called top events and basic events. A top event is an undesirable event leading to object failure, e.g., high flows leading to flooding, while a basic (original) event is an event or failure the cause of which is not considered (e.g., heavy rainfall, sudden rise in hibernal air temperature with a heavy snow cover over a large area of the catchment, frozen soil, levee status, retention reservoir filled to capacity, high soil moisture content in catchment area, etc.).

One of the advantages of describing the reliability of the object structure using FTM (Figure 3) is the possibility of placing the probabilities of occurrence of individual events on tree branches, leading up to the top event, thereby allowing a quantitative analysis of object reliability.

The probabilities P(A_i) of undesirable events A_i found in FTM are dependent on the time (t) of failure occurrence (e.g., of the undesirable event) and are equal to:

$$P\left(A_i\right)=F_l\left(t\right)=1-R_l\left(t\right)$$

(9)

where,

• $R_l\left(t\right)$ is the reliability function of reliability of the l^th element of the object, in which the l^th failure, $F_l\left(t\right)$ appeared at time t.

For the hydrological system shown in Figure 3, the probability p(A) of top event A (flooding occurrence) can be calculated as follows (see also Section 4):

$$\begin{array}{r}p\left(A\right)=p\left(A_1\right)+p\left(A_2\right)=p\left(A_{11}\right)+p\left(A_{12}\right)+p\left(A_{13}\right)+p\left(A_{21}\right)p\left(A_{22}\right)+p\left(A_{23}\right)\\ =p\left(A_{11}\right)+p\left(A_{12}\right)+p\left(A_{13}\right)+p\left(A_{21}\right)p\left(A_{22}/A_{21}\right)+p\left(A_{23}\right)\end{array}$$

(10)

All probabilities should be estimated by use of expert knowledge, i.e. team of specialists from different fields of interest (e.g., Ranking method, see Section 4) or through statistical methods if sufficient data exists to perform statistical calculations.

Based on estimated probabilities p(A_i), the value of the reliability function R_l(t) of the l^th element of the hydrological system, in which failure F_l(t) occurred as a result of undesirable events occurring at time t (Equation (9)), the reliability or failure of the entire hydrological system can be calculated.

2.4. Definition of Risk

Both the definition and mode of assessment of risk varies widely in the literature from different scientific domains [26,27,28,29,30,31,32,33,34,35,36]. While the term risk is often used interchangeably with that of uncertainty, these are two distinct concepts: Uncertainty most commonly refers to a state in which future possibilities and chances are unknown; risk refers to decision-making in situations of uncertainty. Negative associations tied to the term risk due to its allusion to a lack of safety, impedes its social acceptance. Generally, the concept of risk is a complement to the closely related concept of safety.

Given that a (hydrological) system’s safety level can be quantified, one hydrological system and its elements can be deemed safer than another. Given that a functioning hydrological system implies a certain level of risk, its level of safety can be assessed through its level of risk. The three categories of risk or levels of safety (e.g., acceptable, tolerable and inacceptable) have fuzzy boundaries, determined through qualitative rather than quantitative methods of risk assessment. The level of risk tolerance should be the lowest in accordance with the principle of As Low as Reasonably Practicable (ALARP) [13,37]. The level of tolerable risk depends primarily on the legal provisions in force, policies adopted for the environment and cultural goods, as well as on the approval of the local communities according to their unique cultural traditions and ethical values. The European Union Flood Directive [1,38] defined the risk of flooding as the combined probability of flood occurrence and the potential, negative flood-related consequences for human health, natural environment, cultural heritage and economic activity.

2.5. Qualitative and Quantitative Assessment of Risk

The qualitative analysis of risk in a probabilistic sense involves the identification of threats and assessment of the sequence of events leading to an undesirable event, i.e., an extreme hydrological event. Such an analysis can be performed by the Event Tree Method (ETM) [24,39], a graphical representation of a chronological scenario of events that have a significant impact on the system’s operation, but are ultimately caused by an initiating or ‘basic hazardous event’. This approach assumes that for system failure to occur one undesirable event is not sufficient, but rather a series of events is required.

In contrast to block diagrams of system structure and the FTM, ETM is not used to describe an system’s reliability structure (e.g., physical elements or undesirable events), but rather for risk analysis. Nevertheless, risk analysis does require knowledge of system structure, so it is reasonable to combine the two methods to comprehensively describe an system’s operation and its elements. Therefore, in creating a hydrological system’s event tree, all elements of such a system and their interrelations should be considered.

After building an event tree to represent foreseeable secondary event scenarios, a probability can be assigned to every secondary event branch, allowing the probability of entire sequences of events leading to object failure to be calculated. In this way, a quantitative model of threat (risk) induced by an initial event can be generated.

In the concepts of FTM and ETM presented in this paper, the reliability function (and/or failure function) and the extent of risk are considered in a probability domain, as described below.

2.6. Relationship between Measures of Hydrological Risk and Measures of Reliability (Failure)—Threat and Losses

While the concepts are defined in fundamentally different ways, a close relationship exists between measures of risk, reliability (failure)—threat (hazard) and losses, and can be written as:

$$\begin{array}{c}measure of hydrological risk\hfill \\ \hfill =measure of reliability \left(measure of threat\right)\times measure of losses\end{array}$$

(11)

Drawn from the relationship between the hydrological system’s object failure function, F(t), and its object reliability function, R(t), the probability of occurrence of an undesirable event $p\left(A\right)= p_i$ (Figure 4), is quantified in terms of the undesirable event ‘A’ causing losses greater or equal to l. The relationship in Equation (11), between measures of hydrological risk M_HR, failure F (reliability R)—threat and losses T, can be expressed mathematically as:

$$M_{HR}\left(l,t\right)=F\left(t\right)\times T\left(l\right)=\left[1-R\left(t\right)\right]\times T\left(l\right)=P\left(A\right)\times P\left[L\left(t\right)\ge l\setminus A\right]$$

(12)

where,

• $M_{HR}\left(l,t\right)$ is a measure of risk of emergence of losses l in the hydrological system at time t of the system’s functioning,
• F(t) is the system failure function—probability of occurrence of event A at time t,
• $R\left(t\right)$ is the system reliability function—probability of non-occurrence of event A at time t,
• T(l) is the probability that the occurrence of an undesirable event A causes losses greater or equal to l, $T\left(l\right)=P\left[L\left(t\right)\ge l\setminus A\right]$,
• $P\left(A\right)$ is the probability of occurrence of the undesirable event, A, viewed as a measure of failure F(t) (or reliability R(t)) of the hydrological system,
• $P\left[L\left(t\right)\ge l\setminus A\right]$ is the probability of occurrence of losses greater or equal to l under the condition that undesirable event A occurred. It serves as the measure of threat of the occurrence of losses in the hydrological system resulting from its malfunctioning.

Equation (12) shows that the risk of occurrence of loss within the hydrological system depends not only on undesirable event A, which creates the threat of occurrence of losses, but also on the failure or reliability of the complete system or its elements. Failure of the system or its elements has a direct impact on the possibility of occurrence of losses and their magnitude, i.e., T(l) in Equation (12). The level of risk also depends to a large extent on the system’s readiness to counteract a threat, both before and after its occurrence. Emergency and risk management systems include the monitoring/forecasting of extreme hydro-meteorological events, implementation of warning systems and involvement of fire departments and medical emergency systems. Factors influencing the safety of hydrological systems fall into two main categories: (i) Those relating to the reliability of operation of the system and its elements, and those related to the failure-free functioning of risk management systems, and (ii) those associated with the occurrence of undesirable events. Even if a complex object’s elements show low reliability, the object can still be safe if in the planning, design and operational phases, engineers have ensured that potential damage does not generate large risks.

The proposed approach (Equation (12)) differs from the classical approach because it accounts for the probabilistic nature of losses, not only the size of losses in the form of a single value, and simultaneously takes into consideration the reliability (or failure) of the structure of the hydrological system as a probability of threat. Accordingly, hydrological risk should be expressed by a unit of probability, and not by a unit of losses expressed in monetary units and/or as a number of human victims. In the new approach, rather than calculating the extent of losses based on the configuration of the terrain, flood water velocity, flood timing, volume, and depth, land-use, nature of the resident human population, and value of human property, the probability of occurrence of losses equal to or exceeding a certain assumed value (magnitude) is considered. Accordingly, the hydrological system failure function or the hydrological system reliability function is expressed as the probability of occurrence or non-occurrence of the undesirable event. Given knowledge regarding the reliability of the system, as illustrated in a block diagram, and a description of the system developed using FTM, one can build an event tree (ETM). This graphical representation of the foreseeable course-of-events brought on by the occurrence of the initialization event allows the assignment to specific branches of the event tree of probabilities of occurrence for every secondary event’s occurrence. Then the probability of the entire sequence of secondary events leading to the failure of the system can be calculated (Figure 4). One can thereby create (build) a quantitative (probability) model of risk induced by the occurrence of the initialization event.

2.7. Identification of Risk

The probability of an individual incident’s occurrence is assessed and then the sequence of events leading to system failure is calculated. Using an event tree, a given sequence’s probability of occurrence and level of risk (RL) can be calculated. This allows one to create a system risk model, which by considering possible system element failures and their mutual relationships (e.g., intermediate events, secondary events), evaluates the risk of losses resulting from the occurrence of a given undesirable event.

A system’s risk level, $R{L}^{\left(k\right)}$, in response to k undesirable events can be expressed as:

$$R{L}^{\left(k\right)}={\displaystyle \sum }_{j=1}^{j=m}\left[R{L}^{\left(kj\right)}\times p^{\left(kj\right)}\right]$$

(13)

$$p^{\left(kj\right)}={\displaystyle \prod }_{i=1}^{i=n}{p}_i^{\left(kj\right)}$$

(14)

where,

• m is the number of secondary events sequences,
• n is the number of secondary events in the j^th sequence,
• $p^{\left(kj\right)}$ is the probability of occurrence of the j^th sequence caused by the occurrence of the k^th undesirable event,
• $p_i^{\left(kj\right)}$ is the probability of occurrence of the i^th secondary event in the j^th sequence caused by the k^th undesirable event
• $R{L}^{\left(kj\right)}$ is the risk level associated with the j^th sequence of secondary events caused by occurrence of the k^th undesirable event.

The overall risk to the system from all sequences of secondary events arising from an undesirable event is given in Equation (13), and represents the risk which may arise when considering a particular scenario of secondary events seen as the most likely threat posed by m occurrences of an undesirable event.

For the part of Sola River catchment system in Zywiec, the event tree, which considers measures of risk level for this object (Figure 4), can be used to calculate the risk associated with initial event IE in the form of heavy rainfall, as:

$$RL=R{L}^{\left(1\right)}{p}^{\left(1\right)}+R{L}^{\left(2\right)}{p}^{\left(2\right)}+R{L}^{\left(3\right)}{p}^{\left(3\right)}+R{L}^{\left(4\right)}{p}^{\left(4\right)}$$

(15)

where

$$p^{\left(1\right)}=p_1{p}_2$$

(16)

$$p^{\left(2\right)}=p_1\left(1-p_2\right)p_3$$

(17)

$$p^{\left(3\right)}=p_1\left(1-p_2\right)(1-p_3)$$

(18)

$$p^{\left(4\right)}=1-p_1$$

(19)

Because numbered sequences j = 1, 3 and 4 do not lead to interruption of levee function and attendant flooding disaster, measures of risk level for these sequences are equal to zero (i.e., $R{L}^{\left(1\right)}=R{L}^{\left(3\right)}=R{L}^{\left(4\right)}=0$); therefore Equation (15) takes on the form:

$$RL= R{L}^{\left(2\right)}{p}_1\left(1-p_2\right)p_3$$

(20)

Both the measure of risk level, RL⁽²⁾ of sequence no. 2 initiated by initial event IE, as well as probabilities of every secondary event, p₁, p₂ and p₃, would be estimated by experts or statistical methods (see Section 4).

3. Methodology

Hydrological system safety depends primarily on procedures and regulations related to extreme hydrological event (e.g., floods) risk management. These should be included in plans of hydrological system security, which we propose should be a part of the flood risk management plans implemented under the Flood Directive. In doing so, the following methodology should be followed:

i

Identification of threat formation mechanisms, i.e., threats in the form of a surplus (flooding) of surface water in three environments: Canals of rivers, natural and artificial (man-made) reservoirs and periodically on the catchment area. In the example of the Sola River catchment at the Zywiec post (Section 4), the maximum flows from winter and summer seasons causing floods were identified as threat in Zywiec town and its surroundings.

ii

Determination of defense mechanisms appropriate for specific types of threats, i.e., taking into account technical and non-technical activities, what should be done? For instance, in the case of a huge flood, technical flood protection infrastructure can be installed for flood reduction. This include retention reservoirs with constant flood reserve, dry reservoirs and polders with locks and spillways as well as objects preventing flooding outside the intended area, i.e., levees, dry reservoirs and polders without locks, channels of relief and maintenance and adjustment of the riverbed capacity. Non-technical flood protection activities can include hydrological education about extreme events, information on the occurrence of risks of flood, appropriate land-use planning, insurance as well as legal and institutional systems.

iii

Identification of the reliability structure of a hydrological system, i.e., creating a reliability block diagram (see Figure 2) on the basis of existing objects in the studied system. The measures of the reliability analysis can be evaluated: Reliability function R(t) (Equations (1)–(8), (21) and (26)) and failure function F(t) (Equations (1)–(8)), function of failure intensity λ(t) (Equation (25)), function of cumulative intensity of failures Λ(t) (Equation (29)) and the expected value of time the system functions without failure ET (Equations (27) and (28)). The reliable structure of the hydrologic system can be described by the FTM as a probabilistic model of the system (see Figure 3 and Equations (9) and (10)).

iv

Qualitative risk assessment and prioritizing risk levels of identified threats, using ETM as a probabilistic model of risk occurrence in the hydrologic system (Section 2).

v

Quantitative risk assessment by evaluation probability of threat and consequences of their occurrence, using ETM (see Figure 4 and Equations (13)–(20), (43) and (44)).

vi

Evaluation of hydrologic risk measures of the entire system and its particular elements of flood protection infrastructure. The hydrologic risk measure M_HR (Equations (11), (12), (22), (24) and (47)) and Safety Guarantee Indicator (SGI) (Equation (45)) and Flood Risk Indicator (FRI) (Equation (46)) should be estimated.

vii

Evaluation of risk of losses in the hydrologic system using FTM and ETM probabilistic models (Equations (30)–(33) and (40)–(44)) as well as the Ranking Method (see Chapter 4.3. and Equations (34)–(39)) and Risk Matrix (see Chapter 4.4. Qualitative Method of Risk Assessment).

viii

Finally, the risk of hydrological extreme events can be managed.

4. Results and Discussion

4.1. Place and Data for Case Study

A case study was undertaken for the portion of the Sola River catchment with its outlet at the Zywiec post (Figure 5). Including three geographical units (Zywiec Beskid, Silesian Beskid and Makowski Beskid) this Western Carpathian catchment extends over 785 km² of flysch—thick layers of sandstone partitioned by layers of slate. The river network is relatively dense. The highest point in the catchment is Pilsko (1557 m a.m.s.l.), and the lowest Zywiec (342 m a.m.s.l.), with an overall mean altitude of 683 m a.m.s.l. Land use in the Sola River catchment includes forest (55% by area), arable farming and grassland (44%), and urban areas (1%).

Conditions of outflow from its drainage area are closely related to its hypsometry. Maximum flow series from winter and summer seasons over a monitoring period of 1956 to 2012 (t = 57 years) were used for calculations. Using the analysis of heterogeneity employed in [40], both winter and summer season series of maximum flows were identified a statistically homogeneous ones.

The calculation of maximum annual floods with a T-year return period (exceedance probability p) followed the Alternative Events Method [40,41] using English version of FFA Software by [42].

The Maximum Credible Flood (MCF) is the largest flood which may occur under extreme conditions conducive to the simultaneous occurrence of the Maximum Credible Precipitation ($P_{MC}$) and extremely favorable conditions for run-off, i.e., the smallest possible loss of surface waters depending on local physiographic conditions and catchment land-use patterns. Arising from a $P_{MC}$ event, the peak discharge at the catchment outlet during an MCF ($Q_p^{MCF}$) event was calculated [43]. Therefore, the $Q_p^{MCF}$ represents the upper limit of flooding which may occur in a catchment where $P_{MC}$ fell. The value of $P_{MC}$ is defined as the theoretically greatest precipitation within a duration of minutes, hours, days, etc. which is physically possible to occur over a given area, under given geographical conditions and in each season. The $P_{MC}$ is therefore an upper limit of precipitation depth and is determined based on physical characteristics of precipitation formation mechanisms.

The $Q_p^{MCF}$ and selected flow characteristics of the Sola River monitored at the Zywiec post station over the observation period of 1956–2012 are listed in

Table 1. Values of peak flow of Maximum Credible Flood, maximum flow over the monitoring period (1956–2012), mean and minimum flow of annual maximum floods, and maximum floods with a T-year return period in years for the Zywiec post on the Sola River.

Characteristic of Flood	Discharge (m3s−1)
Peak flow of Maximum Credible Flood ($Q_p^{MCF}$)	1833
Maximum flow over the observation period of 1956–2012 ($Q_p^{56-12}$) *	1250
Mean flow of annual maximum floods 1956–2012 ($Q_{\overline{AMF}}$)	354.5
Minimal flow of annual maximum floods 1956–2012 ($Q_{AMF}{}_{min}$)	92.6
$Q_{max}^{T=2}=Q_{max}^{50\%}$	285
$Q_{max}^{T=10}=Q_{max}^{10\%}$	679
$Q_{max}^{T=20}=Q_{max}^{5\%}$	850
$Q_{max}^{T=100}=Q_{max}^{1\%}$	1243
$Q_{max}^{T=200}=Q_{max}^{0.5\%}$	1410
$Q_{max}^{T=500}=Q_{max}^{0.2\%}$	1631
$Q_{max}^{T=1000}=Q_{max}^{0.1\%}$	1797
$Q_{max}^{T=10000}=Q_{max}^{0.01\%}$	2346

* occurred in 1958.

. Under economic criteria for flood protection, the boundary flow of river flooding which may result in flooding losses, $Q_b$, was adopted. According to the catchment’s topography and land-use, $Q_b$ was deemed equivalent to: (i) The maximum flow not causing flood losses, $Q_{af}$, (ii) the mean flow of annual maximum floods periods for a given observation period, $Q_{\overline{AMF}}$, or the $Q_{max}^{T=2}=Q_{max}^{50\%}$i.e., the maximum flood with probability of exceedance p = 50%.

For the period of 1956–2012, $Q_{\overline{AMF}}=354.5 {\mathrm{m}}^3{\mathrm{s}}^{-1}$, and $Q_{max}^{50\%}=Q_{max}^{T=2}=285 {\mathrm{m}}^3{\mathrm{s}}^{-1}$ at the catchment outlet (Zywiec monitoring station). In this example, the set of undesirable events was limited to the largest annual floods monitored at Zywiec between 1956 and 2012 (Figure 6). Therefore, for the accepted threshold $Q_b=Q_{af}=Q_{\overline{AMF}}=354.5{\mathrm{m}}^3{\mathrm{s}}^{-1}$, the number of largest undesirable events, which might result in losses was calculated [$n\left(l,t\right)=21]$. This represents the number of floods, during 57 years of operation of the Sola River catchment’s hydrological system, which potentially could have caused losses greater or equal to l. For $Q_b=Q_{af}=Q_{max}^{50\%}=285{\mathrm{m}}^3{\mathrm{s}}^{-1}$, the number of undesirable events resulting in losses was equal to 27. The largest undesirable events are understood as floods, whose peak flows were the biggest over a given year. This means that all the largest undesirable events, N, total 57, since the peak flows of maximum annual floods are considered over 57 years. These are the peak flows of all maximal floods whose values are equal or exceed $Q_{AMF}{}_{min}=92.6 {\mathrm{m}}^3{\mathrm{s}}^{-1}$.

4.2. General Measures of Reliability, Failure, Risk and Safety

For all occurrences of yearly maximal floods in the observation period (N = 57) and $n\left(l,t\right)=21$ maximal floods that could cause losses of l (system failure), the reliability function R(t) for the hydrological system is given as:

$$R\left(t\right)=1-\frac{n\left(t\right)}{N}$$

(21)

where,

• n(t) is the number of events that cause system failure, and
• N is the total number of events of the phenomenon affecting the system.

In the present case, $R\left(t\right)=0.63$and therefore the failure function $F\left(t\right)=1-R \left(t\right)=0.37$. This indicates that the Sola River catchment area above the Zywiec post, given its physico-geographical properties, land-use, etc., functioned reliably in only 63% of occasions when undesirable events occurred, i.e., in 37% of occurrences of the biggest floods with the potential to cause losses from 1956 to 2012, the system was unreliable. This represents a general evaluation of the reliability structure of the Sola River catchment’s hydrological system, without considering the reliability properties of the elements that compose it.

The general and empirical hydrologic risk measure, M_HR, of maximal floods can be approximately given as:

$$M_{HR}\left(l, t\right)=\frac{n\left(l, t\right)}{N}$$

(22)

where,

• n(l, t) is the number of undesirable events that occurred at time t of system function and caused losses greater or equal to l,
• N is the number of all events occurring at time t.

Accordingly, is $M_{HR}=0.37$.

The above-said measure can provide insight into potential risk, expressing the probability of occurrence of losses L(t) not less than l in the period t = 57 years of system functioning. However, the hydrological risk measure should be calculated using Equation (12); its reliable assessment is much more complex. The threshold value l of losses is not explicitly adopted for this example, but can be specified depending on type of losses (human individual or collective or economic).

In order to check the impact of the adoption of threshold Q_b on the system’s R(t) and F(t) and risk, $M_{HR}$, caused by maximal floods, the same calculation for Q_b = Q_af = Q_max50% = 285 m³s⁻¹ was performed, for which the number of biggest undesirable events that may cause losses was equal to n(l,t) = 27, and R(t) = 0.53 and F(t) = 0.47 and $M_{HR}$ = 0.47. Obviously, with a reduction in the threshold Q_b, the risk of losses as a result of extreme flood occurrence increases, and the Sola River catchment’s reliability of operation decreases. The adoption of a given threshold level, under which phenomena will be judged as undesirable events, has a significant impact on the assessment of the hydrological system’s failure, and consequently on its safety.

The town of Zywiec’s flood protection infrastructure consists of a levee, which protects the city from flooding. The levee is a class II construction intended for flood protection and was designed for a flood $Q_d=Q_{max}^{T=100}=Q_{max}^{1\%}$ according to Polish design standards [44].

The town of Zywiec had 31815 residents on 31 December, 2015 [45]. For the purposes of this example, it was estimated that 10% of the population lived in areas at risk of flooding in the event of destruction or overflow of the levee. Therefore, the number of endangered people, nhr, was 3182. It was also estimated that the population living in areas at risk, might suffer losses in category l₅—fatalities as a result of undesirable event A. Should the levee fail or overflow, the n_l5 = 43 would be the number of potential deaths. The number n_A of all occurrences of event A is equal to the number of flood appearances, where peak flow is greater than the design flood $Q_d=Q_{max}^{1\%}=1243 {\mathrm{m}}^3{\mathrm{s}}^{-1}$, for which the levee was designed and built. Thus far, over the period of 1956–2012, only one flood with $Q_p^{56-12}=1250 {\mathrm{m}}^3{\mathrm{s}}^{-1 }$ was greater than the design flood, Q_d, then n_A = 1. Accordingly, the probability that casualties, L, is greater than or equal to l in category l₅ is:

$$p_{l_5}\left(L\ge l_5\setminus A\right)=\frac{n_{l_5}}{n_A\times nhr}=\frac{43}{1\times 3182}=0.0135$$

(23)

In addition, accordingly, the measure of the hydrological risk of the occurrence of fatalities as a result of event A is given as:

$$M_{HR}\left(l_5, t\right)=P\left[L\left(t\right)\ge l_5\right]=P_l{}_5\left(l_5\setminus A\right)=0.0135$$

(24)

These indicators and measures give the overall picture of possible threats connected with the occurrence of big floods and the local flood protection existing in the form of a levee in Zywiec.

Using the following formula for the function of intensity of damage (failure)$, \lambda \left(t\right)$, is given as:

$$\lambda \left(t\right)=\frac{n\left(t,t+\Delta t\right)}{N\left(t\right)\Delta t}$$

(25)

where,

• n(t, t + Δt) is the number of events causing system failure within the time interval from t to t + Δt,
• Δt is the width of the time interval,
• N(t) is the number of events impacting the system at time t minus the number of events causing system failure within the time interval from t to t + Δt, i.e., the number of events impacting the system at the beginning of each period Δt [N(t = 0) = N],
• N is the total number of events affecting the system throughout the period of its operation.

The value of λ(t) for the hydrological system under study was calculated for intervals of $\Delta t=10 \mathrm{years}$ (

Table 2. Values of failure intensity, λ(t), and reliability function R(t) based on $\overline{\lambda }$ and λ(t) for consecutive decades of the observation period 1956–2012 for the Sola River catchment at Zywiec station.

Parameter	Span of Years
	1956–1965	1966–1975	1976–1985	1986–1995	1996–2005	2006–2012
	λ(t) based on Equation (25)
i	0	1	2	3	4	5
t + Δt	0 + 10	10 + 10	20 + 10	30 + 10	40 + 10	50 + 7
n(t, t + Δt)	4	4	4	2	5	2
N(t) *	57	53	49	45	43	38
λ(t)	7.0 × 10−3	7.5 × 10−3	8.2 × 10−3	4.4 × 10−3	11.6 × 10−3	7.5 × 10−3
	$R\left(t\right)\mathrm{based}\mathrm{on}\overline{\lambda }$
$\overline{\lambda }$	7.7 × 10−3	7.7 × 10−3	7.7 × 10−3	7.7 × 10−3	7.7 × 10−3	7.7 × 10−3
R(t) **	0.93	0.86	0.79	0.73	0.68	0.64
	$R\left(t\right)\mathrm{based}\mathrm{on}\lambda \left(t\right)$
R(t)	0.932	0.928	0.921	0.957	0.890	0.949

* $N\left(t=i=0\right)=N=57;N\left(t=i\right)=N\left(t=i-1\right)-n\left(t=i-1,t=i-1+t\right),i=1,2,3,\cdots$. ** $R\left(t=0\right)=1$.

).

For the hydrological system studied, the failure intensity can be approximated as a λ(t) value that is constant in time and equal to the mean intensity $\lambda \left(t\right)=\overline{\lambda }=7.7\times {10}^{-3} \left[{\mathrm{y}}^{-1}\right]$.

If $\overline{\lambda }$ and $\overline{\lambda }$t are small, they can be used to approximate the reliability function: $R\left(t\right)\approx 1-\overline{\lambda }t\approx 0.56$, and the failure function: $F\left(t\right)\approx \overline{\lambda }t\approx 0.44$. Approximate values of reliability and failure functions are close to calculated values of these functions for floods defined by threshold of $Q_b=Q_{af}=Q_{max}^{50\%}=285{\mathrm{m}}^3{\mathrm{s}}^{-1}$.

The reliability function R(t) for consecutive decades of the observation period of 1956–2012 were calculated as (

Table 3. Conjunctive table of undesirable basic event A_ij and experts’ ranks.

Expert No.	Position (Rank) of Undesirable Event
	A11	A13	A22	A23	B1 = A12	B2 = A21
1	4	3	5	2	1	6
2	3	4	4	3	2	4
3	1	5	6	5	2	6
4	3	3	5	4	2	4
5	2	5	4	3	1	5
Sum of ranks	13	20	24	17	8	25
Mean ranking (Σ ranks ÷ 5), $\overline{pos}$	2.6	4.0	4.8	3.4	1.6	5.0
$p\left(A_{i,j}\right)$	0.011	0.0027	0.0012	0.005	0.03	0.001

):

$$R\left(t\right)=e^{-{{\displaystyle \int }}_0^t\lambda \left(\tau \right)d\tau }=e^{-\overline{\lambda }t}$$

(26)

The analysis of Equation (26) and the results of calculations reported in Table 2 show that R(t) depends on the duration that the hydrological system functions and the failure intensity λ(t). At a constant value of λ(t), the system’s reliability depends on the adopted time of its functioning, and it becomes increasingly unreliable as the time the system continues to function increases. However, when λ(t) decreases, a system’s R(t) grows, and the failure intensity of the hydrological system can be reduced by taking actions that reduce the occurrence and impact of extreme hydrological events. These are activities related to land-use within the catchment area, increasing the catchment’s capacity for retention both in the catchment area and in the riverbed (river valley retention), as well as construction of flood protection infrastructure, e.g., water reservoirs, polders, etc. If the river catchment does not naturally restore its potentiality of retention and man does not take any action to improve protection against flooding and reducing flood risk through specific activities, mainly in the field of technical flood protection, hydrological systems will lose their functional reliability within a certain time (decreasing value of reliability function over time at constant failure intensity (Table 2)). However, this does not happen because, despite the occurrence of initial events (e.g., heavy rainfall or sudden increases of air temperature in spring in the presence of thick snow cover), not all floods—although they are undesirable events—cause failure of the hydrological system by flooding. Values of the reliability function for the Sola River catchment at the Zywiec station for respective decades are relatively large (Table 2), averaging 0.930.

The expected value of time the system functions without failure, ET, is given as:

$$ET=\underset{0}{\overset{\infty }{{\displaystyle \int }}}R\left(t\right)dt\mathrm{when} \lambda \left(t\right)\ne const$$

(27)

$$ET={\lambda }^{-1}\mathrm{when} \lambda =\mathrm{const}$$

(28)

Thus, for $\overline{\lambda }=7.7\times {10}^{-3}[{\mathrm{y}}^{-1}]$, ET = ${\overline{\lambda }}^{-1}\cong 130 \mathrm{years}$, a value not credible in view of the occurrence of failure during the 57 years of Sola River system monitoring. A better measure of the time of hydrological system function would be the cumulative damage intensity, Λ(t), given as:

$$\Lambda \left(t\right)=\underset{0}{\overset{t}{{\displaystyle \int }}}\lambda \left(t\right)dt=-\ln \left[R\left(t\right)\right], t\ge 0$$

(29)

which for $\overline{\lambda }=7.7\times {10}^{-3}{\mathrm{y}}^{-1}$ is Λ(t) = 0.439 year⁻¹. Accordingly, the expected time of the system operating without failure for the Sola River watershed at Zywiec, is $ET=\frac{1}{\Lambda \left(t\right)}=2 \mathrm{years} 4 \mathrm{months}$.

4.3. Fault Tree and Event Tree Methods for Quantitative Estimation Threat and Risk

To illustrate the employment of Fault Tree and Event Tree Methods in the evaluation of safety and reliability of hydrological system functioning, it was assumed for purposes of this example, that the structure of reliability of the Sola River watershed above Zywiec consisted of retention by the river valley, as well as a levee and polder (Figure 2). This structure can be described using FTM (Figure 3), in which the following basic undesirable events were identified: A₁₁—river bed heavily developed, A₁₂—bad river regulation, A₁₃—too small a spacing of levee. The latter caused undesirable event A₁—lack of river valley retention, as well as basic events A₂₁—catastrophic flood, A₂₂—bad technical condition of levee and A₂₃—polder misuse. All these together were the cause of occurrence of undesirable event A₂—insufficient security of protected land when exposed to flooding.

Events A₁ and A₂ (Figure 3), which together led to the occurrence of top event A (i.e., flooding in the town of Zywiec) call for the calculation of the probability of occurrence in the case of a serially structured system:

$$P\left(A\right)={\displaystyle \sum }_{i=1}^{i=n}P\left(A_i^{ss}\right)$$

(30)

where:

• $P\left(A_i^{ss}\right)$ is the probability of event A_i at the entrance to a logical sum that describes the serial structure of system in terms of reliability.

While in the case of a parallel structure:

$$P\left(A\right)={\displaystyle \prod }_{i=1}^{n}P\left(A_i^{ps}\right)$$

(31)

where:

• $P\left(A_i^{ps}\right)$ is the probability of event A_i at the entrance to a logical product that describes the parallel structure of the system in terms of reliability.

The probability of occurrence of the top event for the system structures presented in Figure 2 and Figure 3 is then:

$$\begin{array}{r}p\left(A\right)=p\left(A_1\right)+p\left(A_2\right)=p\left(A_{11}\right)+p\left(A_{12}\right)+p\left(A_{13}\right)+p\left(A_{21}\right)p\left(A_{22}\right)+p\left(A_{23}\right)\\ =p\left(A_{11}\right)+p\left(A_{12}\right)+p\left(A_{13}\right)+p\left(A_{21}\right)p\left(A_{22}\setminus A_{21}\right)+p\left(A_{23}\right)\end{array}$$

(32)

where

$$p\left(A_{22}\right)=p\left(A_{22}\setminus A_{21}\right)$$

(33)

Without prior knowledge of the probabilities of their occurrence, the probabilities of individual basic undesirable events A₁₁, A₁₂ and A₁₃ as well as A₂₁, A₂₂ and A₂₃, were ranked by a group of five experts using the Ranking Method. Based on measured data and using statistical methods, the head of the team of five experts estimated the probability of events A₁₂ and A₂₁ as p(A₁₂) = 0.03 and p(A₂₁) = 0.001. These events were denoted B₁ and B₂ and used to calibrate the equation:

$$\log \left[p\left(B_i\right)\right]=(\overline{pos}\times a_0)+a_1,\mathrm{where}i=1\mathrm{or}2$$

(34)

where,

• a₀ and a₁ are calibration coefficients,
• $p\left(A_{i,j}\right)$ is the probability of undesirable basic event A_ij, where $p\left(A_{12}\right)\equiv p\left(B_1\right) \mathrm{and} p\left(A_{21}\right)\equiv p\left(B_2\right)$ (Table 3),
• $\overline{pos}$is the mean position of the event in the ranking (Table 3).

To calculate a₀ and a₁ in this case, we know from Table 3 that $p\left(A_{12}\right)\equiv p\left(B_1\right)=0.03$, $p\left(A_{21}\right)\equiv p\left(B_2\right)=0.001$, ${\overline{pos}}_{B_1\equiv A_{12}}=1.6$, and${\overline{pos}}_{B_2\equiv A_{21}}=5.0$. Accordingly, we can write:

$$\log \left[p\left(B_1\right)\right]=1.6a_0+a_1$$

(35)

$$\log \left[p\left(B_2\right)\right]=5.0a_0+a_1$$

(36)

Then, subtracting Equation (35) from Equation (36), we obtain:

$$\log \left[p\left(B_2\right)\right]-\log \left[p\left(B_1\right)\right]=3.4a_0$$

(37)

Rearranging and substituting we obtain:

$$a_0=\frac{\log \left[p\left(B_2\right)\right]-\log \left[p\left(B_1\right)\right]}{3.4}=\frac{\log 0.001-\log 0.03}{3.4}=\frac{{}^{-}3-{}^{-}1.523}{3.4}=\frac{{}^{-}1.477}{3.4}={}^{-}0.434$$

(38)

Substituting the value of $a_0$ in Equation (36), we obtain:

$$a_1= \log \left[p\left(B_2\right)\right]-5.0a_0={}^{-}3-(5.0\times {}^{-}0.434)= {}^{-}3- {}^{-}2.172= {}^{-}0.828$$

(39)

The probability of the top event, p(A) = 0.049 was obtained by inserting into Equation (32) the estimated values of the probability of events A₁₁, A₁₃, A₂₂ and A₂₃, respectively p(A₁₁) = 0,011, p(A₁₃) = 0.0027, p(A₂₂) = 0.0012 and p(A₂₃) = 0.005 as well as the known values of probabilities p(A₁₂) = 0.03 and p(A₂₁) = 0.001.

The value of the reliability function R(t), for the hydrological system with the structure presented in Figure 2 is calculated as:

$$R_j\left(t\right)=1-F_j\left(t\right)=1-P\left(A_i\right)$$

(40)

The reliability function of hydrological system element j, R_j(t), can be estimated from the estimated probabilities p(A_i), as can the failure function, F_j(t):

$$R\left(t\right)=1-P\left(A\right)=1-0.049=0.951$$

(41)

$$F\left(t\right)=1-R\left(t\right)=1-0.951=0.049$$

(42)

This value of$R\left(t\right)$ is close in value to that of $R\left(t\right)$ obtained for subsequent decades of the observation period of maximum floods at Zywiec (Table 2).

A qualitative and quantitative identification of threat and related risk of flooding as result of levee breakage at Zywiec was made using ETM (Figure 4). The risk level of the hydrological system, RL, was then calculated (Equations (15) and (20)):

$$RL=R{L}^{\left(2\right)}{p}_1\left(1-p_2\right)p_3=FRI\times p\left(A_{21}\right)\times \left(1-SGI\right)\times p\left(A_{22}\right)$$

(43)

$$RL=0.81\times 0.001\times \left(1-0.68\right)\times 0.0012=3.1\times {10}^{-7}$$

(44)

where SGI and FRI are defined, respectively, as Safety Guarantee Indicator and Flood Risk Indicator. Considering the flood protection infrastructure and flooding risk in Zywiec, they are calculated as [43]:

$$SGI=\frac{Q_d}{Q_p^{MCF}}=\frac{Q_{max}^{1\%}}{Q_p^{MCF}}=\frac{1243}{1833}=0.68$$

(45)

$$FRI=\frac{Q_p^{MCF}-Q_{af}}{Q_p^{MCF}}=\frac{Q_p^{MCF}-Q_{\overline{AMF}}}{Q_p^{MCF}}=\frac{1833-354.5}{1833}=0.81$$

(46)

Accordingly, the received risk level RL appears to be small. A higher level of risk to the system is not equivalent to a rise of losses in it upon failure. Generally, it can be assumed that the higher the level of risk, the greater the probability of a shift from a state of risk into a state of system losses. Nevertheless, losses may be zero even at a high risk level and greater than zero even if the risk level is small. Everything depends on the reliability properties of the elements from which the hydrological system is built and the nature of the undesirable event.

The measure of loss risk in a hydrological system as per Equation (12) is:

$$M_{HR}\left(l,t\right)=F\left(t\right)\times T\left(l\right)=\left[1-R\left(t\right)\right]\times T\left(l\right)=0.049\times 3.1\times {10}^{-7}=1.52\times {10}^{-8}$$

(47)

It should be noted that the system under study was highly reliable (R(t) = 0.951); its failure function was estimated at only 4.9%, i.e., the low level of the risk of losses in this occurrence yields a low probability of losses in this system.

4.4. Qualitative Method of Risk Assessment

On the basis of the magnitude of the probability of occurrence of an undesirable event and the category of losses and risk matrix (

Table 4. Scale of probability (frequency of event occurrence).

Qualitative Evaluation of Probability		Quantitative Evaluation of Probability (Frequency of Event Occurrence)	Weight
Frequent	F	T = more often than once a year	5
Very Likely	VL	T = once a period from 1 year to 10 years, $p\in \left(1, 0.1\right]$	4
Probable	P	T = once a period from 10 to 20 years, $p\in \left(0.1, 0.05\right]$	3
Unlikely	U	T = once a period from 20 to 100 years,$p\in \left(0.05, 0.01\right]$	2
Nearly Impossible	NI	T = once a period from 100 to 1000 years, $p< 0.01$	1

T—mean return period, p—probability of exceedance, T = 1/p.

,

Table 5. Scale of losses and damages.

Category of Losses and Damages		Consequences	Weight
Disastrous	D	Collective losses including fatalities, very big economic losses above 106 Euro	5
High	H	Individual losses including fatalities or severe collective losses excluding fatalities, big economic losses in range 105–106 Euro	4
Significant	S	Heavy individual losses or light collective, economic losses in range 104–105 Euro	3
Small	SM	Light individual losses and no collective losses, minor economic losses in range 103–104 Euro	2
Negligible	N	Lack of casualties, economic losses below 1000 Euro	1

,

Table 6. Risk matrix.

Category of Probability	Category of Losses
	D = 5	H = 4	S = 3	SM = 2	N = 1
	Risk Levels
F = 5	F∙D = 25, UR	F∙H = 20, UR	F∙S = 15, UTR	F∙SM = 10, CTR	F∙N = 5, CTR
VL = 4	VL∙D = 20, UR	VL∙H = 16, UTR	VL∙S = 12, CTR	VL∙SM = 8, CTR	VL∙N = 4, AR
P = 3	P∙D = 15, UTR	P∙H = 12, UTR	P∙S = 9, CTR	P∙SM = 6, CRT	P∙N = 3, AR
U = 2	U∙D = 10, CTR	U∙H = 8, CTR	U∙S = 6, CTR	U∙SM = 4, AR	U∙N = 2, AR
NI = 1	NI∙D = 5, CTR	NI∙H = 4, AR	NI∙S = 3, AR	NI∙SM = 2, AR	NI∙N = 1, AR

and

Table 7. Risk levels resulting from ALARP principle.

Risk Levels	Scale of Risk Levels	Interpretation
UR	20–25	Inacceptable Risk
UTR	15–19	Uncontrolled Tolerable Risk, tolerated only if risk reduction is difficult to achieve or costs are disproportionately high in relation to benefits, i.e., to potentially obtain an improvement of safety.
CTR	5–14	Controlled Tolerable Risk, tolerated only when costs of its reduction are adequate for the established level of safety.
AR	1–4	Acceptable Risk

), the level of risk with respect to the safety needs of the concerned hydrological system—for which the probability of occurrence of an undesirable top event A, i.e., flooding, is p(A) = 0.049—is unlikely to lead to significant losses. It can be assumed as a tolerable level of controlled risk, i.e., tolerable only when the costs of its reduction are adequate to an established given level of safety, i.e., level of heavy individual losses or light collective losses and/or economic losses within the range of 10⁴–10⁵ Euros. One should keep in mind that when determining weights of scale of the probability category (Table 4) in the process of a quantitative assessment of probability (frequency) of undesirable event occurrence, the average return period T must be considered and associated with the probability of exceedance p, i.e., the probability of achieving or exceeding the value of p in each year the hydrological system functions.

The values of scales in Table 4, Table 5 and Table 7 are contractual and may be accepted depending on current legal, social and economic conditions, i.e., depending on the adopted policy on safety including protection of the natural environment and cultural goods (property) and approval by potentially affected communities.

Depending on the difference between the level of risk arising from potential threat and the level of unacceptable risk adopted in accordance with ALARP principles, methods for risk assessment adequate to the size of threats should be applied. If the difference is smaller, the chosen method of risk assessment should be more accurate. In cases of major threats and small differences, the principle should be to apply quantitative methods such as ETM (Figure 4). In the case of a significant difference between the unacceptable level of risk and level of risk arising from a potential small threat, qualitative methods can be used, e.g., Risk Matrix (Table 6).

5. Summary and General Conclusions

An attempt to provide a mathematical description of the reliable functioning of a river catchment was undertaken using reliability engineering tools drawn from practical aspects of reliability and safety theory. The river catchment was treated as a hydrological system, in which various kinds of threats could arise from interactions between objects (elements) that together constitute the system and affect human safety and the environment in which man functions. Relationships between these elements were described from the point of view of extreme hydrological events occurring in a river catchment, i.e., flooding as result of extreme meteorological events.

Extreme hydrological phenomena leading to flooding were treated as undesirable events from the point of view of human safety (e.g., threat to life, health and property), and as a manifestation of the hydrological system’s lack of fitness for reliable operation. Mechanisms of extreme hydrological threats and the technical and non-technical measures to meet them should be identified first. The hydrological system’s reliability structure should then be specified and described by a mathematical model. A Fault Tree Method was proposed which would allow for a probabilistic description of undesirable events occurring in a hydrologic system. Using an Event Tree Method to develop a hydrological system reliability model, one can evaluate probability of threats and related risk resulting from extreme hydrological events. Measures of reliability and threats were used to make a quantitative assessment of risk probability. Having identified the measure of risk of hydrological extreme events, one can manage it, i.e., knowingly (consciously, deliberately) diagnose and control this risk to ensure the safety of people and the hydrological system itself [38].

Threats occurring within the hydrological system can be of natural origin or of anthropogenic origin. The occurrence of natural hazards is independent of man and, in principle, man can only monitor and attempt to mitigate their effects. While the presence of anthropogenic hazards is associated with human activities in the river valley and in the catchment area, humans also build all sorts of technical objects. Therefore, these threats can largely be controlled and their risk of occurrence may be managed. In the case of natural hazards, including extreme hydrological and meteorological events, managing risk is much more difficult.

Safety and reliability of river catchment operation and its application to flood protection depends on comprehensive and sustainable human activities in the riverbed and catchment area; i.e., investments in water engineering infrastructure undertaken by humans, civil objects infrastructure (spatial planning) and land-use of catchment area (development of natural catchment retention and river valley retention). Poorly planned investments, particularly in the field of technical defense against floods, will deteriorate effectiveness of flood protection instead of improve it, and will thereby generate social costs in addition to investment costs, which may significantly exceed potential benefits and cause the level of protection against flooding to fall below public expectations.

It should be stressed that the approach to flood risk assessment proposed in the present paper should be considered as complementary to the procedures outlined in the Flood Directive. The intention of the authors is not to replace methods currently in use, but rather to present a different perspective on the evaluation of hazard, risk and reliability of the hydrological system itself as a whole and its elements separately, as affected by extreme events such as floods. As all calculations are made in the probability domain, they do not take into account the time, velocity and depth of flooding, as is done in the classical approach, which is very important when losses are assessed. However, the proposed approach answers the following crucial questions: What is (i) the probability of flooding, taking into account the structure of the particular hydrological system (reliability block diagram), (ii) the possible risk of secondary events and of the peak event engendered by the initial event, and (iii) what is the probability of occurrence of losses equal to or greater than a certain threshold value that decision-makers and affected community agree on. According to the Flood Directive’s so-called classical (traditional) approach: Flood risk means the combination of the probability of a flood event and of the potential adverse consequences, and the flood hazard maps, shall cover the geographical areas which could be flooded according to the following scenarios:

(i)

Floods of low probability, or extreme event scenarios; representing, as per [46], areas where the probability of flooding is low and is ≤0.2% (return period T = 500 years), or there is a non-zero probability of occurrence of extreme events in the area;

(ii)

floods with a medium probability (likely return period≥100 years); areas where the probability of floods is average and is 1% (T = 100 years);

(iii)

floods with a high probability, where appropriate; areas where the probability of flooding is high and is 10% (T = 10 years).

The approach proposed in the present paper considers not only the probability of an initial event but also the probabilities of secondary events that lead to failure of hydrological system elements and that of the whole system. In the first stage of analysis (termed initialization) the initial event is identified, i.e., the event that can potentially trigger scenarios of secondary events leading to system failure. At this stage, the analysis also considers the conditions that must be met for the initial event to occur. In a further stage, termed ‘response’, all possible (probable) scenarios (sequences) of events are analyzed, regardless of whether they lead to failure of the system or not. In a third stage, termed ‘implications’, the probability of losses caused by the lack of efficiency of the system and its elements is assessed. Finally, the last stage consists of a risk assessment that allows for recognition of risk in quantitative terms (in a probabilistic sense). Therefore, the authors’ opinions presented in the present paper fit into a holistic approach to flood-reliable operation of a hydrologic system and its elements [36].