Modified FMEA for risk management in geotechnical structures during hydraulic circuit filling of a hydroelectric power plant

Dutra, Paola; Teixeira, Sidnei Helder; Wajdowicz, Claudia Trevisol Dalmora; Duarte, Joaquim Monteiro Garcez

doi:10.28927/SR.2024.014422

Abstract

This article presents an approach centered on a modification of the Failure Modes and Effects Analysis Method (FMEA) for risk management concerning geotechnical structures during the hydraulic circuit filling process within a hydroelectric power plant. In this work, the conventional FMEA method, typically employed in various projects and processes, was adapted through the development of specific classification criteria. The primary objective was to enhance the applicability of this method to geotechnical structures during the filling procedure. The validity of this method was confirmed through its application in a case study. This analysis suggests that the newly devised scoring tables have streamlined the risk analysis process by reducing the number of classification categories and adopting a color scale. In addition to their role in classifying failure modes, these tables also serve as a guide for mitigating the risks associated with the filling procedure. The appropriate course of action is determined based on the specific aspects presented in the analyzed geotechnical model. It is our belief that the insights generated by this research will offer valuable support to technical professionals responsible for hydraulic circuit filling in hydroelectric projects. This support aims to enhance the safety of this activity by minimizing the severity of failures and increasing the probability of their detection.

Keywords:
Dam safety; FMEA; Hydroelectric power plant; Risk analysis

1. Introduction

The Brazilian hydroelectric potential, as detailed in the National Energy Plan of 2050 published in 2020, stands at an estimated 176 GW, comprising 108 GW that were operational by 2019 and an additional 68 GW representing inventoried hydroelectric potential. This comprehensive assessment encompasses a range of hydroelectric power plants and small hydroelectric power plants (up to 30 MW) with inventory studies that have been completed and sanctioned by ANEEL. Predominantly, the most prominent projects are clustered in the Amazon and Tocantins-Araguaia hydrographic regions (Brasil, 2020Brasil. Ministério de Minas e Energia - MME. Empresa de Pesquisa Energética - EPE. (2020). Plano Nacional de Energia 2050. MME/EPE.).

The inclusion of non-controllable renewable energy sources, such as wind and solar energy, in the national energy landscape underscores the continued importance of hydroelectric plant operations for the stability and safety of the electric system. Hydroelectric plants, even those of the run-of-river variety, play a critical role due to their capacity to store water in reservoirs. They contribute to resource management, effectively meeting capacity and flexibility requirements. Some plants are equipped with regulation reservoirs, functioning as quasi-battery systems, which store water during wet periods and provide a steady flow during dry periods (Brasil, 2020Brasil. Ministério de Minas e Energia - MME. Empresa de Pesquisa Energética - EPE. (2020). Plano Nacional de Energia 2050. MME/EPE.).

Dams represent essential structures for the management of water resources and containment of tailings. Nevertheless, the reservoirs they create entail inherent risks that could lead to loss of human life, environmental damage, and economic repercussions. The safety of dams is a fundamental concern for a range of stakeholders, including regulatory authorities, project developers, and technical experts involved in the design, construction, commissioning, operation, and decommissioning of dams (ANA, 2016Agência Nacional de Águas - ANA. (2016). Guia de orientação e formulários do Plano de Ação de Emergência. ANA.).

Dams carry inherent risks and, in the event of an accident, can lead to severe consequences (ANA, 2016Agência Nacional de Águas - ANA. (2016). Guia de orientação e formulários do Plano de Ação de Emergência. ANA.). On a global scale, there are on average two dam failures per year, even with the implementation of new regulatory and inspection measures. The primary causes are often linked to deficiencies in geological-geotechnical investigations, hydrological studies, and systems management. Regulations governing dam safety inspections constitute an integral part of the preventive process, albeit they do not guarantee absolute safety. Hence, the management of operational and maintenance routines becomes paramount (Fernandes et al., 2022Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... ).

In the context of organizations or enterprises, risk analysis provides management with a mechanism to evaluate deviations in processes that may result in either positive or negative effects. This analysis enables the identification, assessment, and implementation of methods or measures to mitigate risks (Recchia, 2016Recchia, W.M. (2016). Aplicação da metodologia FMEA na gestão de risco no planejamento estratégico da UFSCar [Master’s dissertation]. Federal University of São Carlos (in Portuguese).).

Risk analysis methodologies prove invaluable for identifying potential failure scenarios within projects or processes. One such analysis method is the Failure Modes and Effects Analysis (FMEA), employed for this purpose. The FMEA method permits the evaluation of failures through considerations of their occurrence probability, detectability, and the severity of their effects. The multiplicative interaction of occurrence, detection, and severity culminates in the determination of the Risk Priority Number (RPN).

The filling phase of a reservoir or low-pressure circuit assumes immense significance in hydroelectric power plants as it marks the commencement of their operational phase. It is widely recognized as one of the most critical periods, characterized by the inherent unpredictability of structural responses during this phase. Accordingly, technical managers must possess an in-depth understanding of the risks associated with the filling process. This knowledge is imperative to ensure the successful execution of the filling process and to adeptly address any unforeseen challenges that may arise.

The objective of this article is to present the application of a proposed method based on the modification of FMEA for the risk management of a geotechnical structure at the outset of a hydroelectric project's operations.

To enhance the applicability of this method, this evaluation involves the adaptation of the classification tables for failure modes concerning detection probability, occurrence probability, and the severity of effects, with the incorporation of scoring tables to facilitate classification.

The proposed method is designed to provide guidance to technical managers engaged in similar projects, aiding them in making informed decisions to reduce risks and enhance safety during the initial phases of hydroelectric power plant operations.

2. Risk analysis

The concept of risk encompasses the potential for loss, damage, disadvantage, negative impact, danger, or the threat of specific events. In every undertaking, there exists a certain degree of risk, necessitating its comprehension and effective management to minimize its consequences (Fernandes et al., 2022Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... ).

ISO 31000 associates risk with the likelihood of an effect, particularly its impact on predefined objectives. When viewed through this lens, it becomes evident that risk management is an optimization process aimed at enhancing the probability of achieving an objective (Purdy, 2010Purdy, G. (2010). ISO 31000: 2009 - Setting a new standard for risk management. Risk Analysis: An International Journal, 30(6), 881-886. http://dx.doi.org/10.1111/j.1539-6924.2010.01442.x.
http://dx.doi.org/10.1111/j.1539-6924.20... ). In this context, risk management is characterized as a set of normative actions encompassing the application of preventive, control, and mitigation measures (Brasil, 2010Brasil. (2010). Lei nº 12.334, de 20 de setembro de 2010. Estabelece a Política Nacional de Segurança de Barragens destinadas à acumulação de água para quaisquer usos, à disposição final ou temporária de rejeitos e à acumulação de resíduos industriais, cria o Sistema Nacional de Informações sobre Segurança de Barragens e altera a redação do art. 35 da Lei n° 9.433, de 8 de janeiro de 1997, e do art. 4° da Lei n° 9.984, de 17 de julho de 2000. Diário Oficial [da] República Federativa do Brasil.).

Risk mitigation measures encompass the strategic deployment of techniques and sound management principles to reduce the probability of occurrence or the severity of potential consequences. In engineering endeavors, it is often infeasible to entirely eliminate risks. Therefore, decisions must be made to either avoid, reduce, or accept these risks (Dutra, 2021Dutra, P. (2021). Análise de risco em um empreendimento hidrelétrico através do risco global de impacto e árvore de falhas [Master’s dissertation]. Federal University of Paraná (in Portuguese).).

The adoption of risk management principles has been a prevalent practice in various industries since the 1960s. However, it was only in the late 1980s that this concept found its way into the decision-making processes pertaining to dams (Fernandes et al., 2022Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... ). Dams are exposed to a multitude of risks, and a range of risk analysis methods is available to address these concerns. One such method widely employed in engineering contexts is the Failure Modes and Effects Analysis (FMEA). FMEA serves as a valuable tool to systematically define, identify, and eliminate potential failures within systems, projects, processes, and services before they can manifest adverse consequences (Boccaletti et al., 2021Boccaletti, B.C., Mello, L.C.B.B., & Bastos, I.P. (2021). Principal causes and challenges for reducing product returns: applying FMEA in a case study. Gestão & Produção, 28(2), e5115. http://dx.doi.org/10.1590/1806-9649-2020v28e5115.).

2.1 FMEA method

The Failure Modes and Effects Analysis (FMEA) method, initially developed by NASA in 1963, serves as a systematic approach to identifying and addressing potential failures within systems, processes, or services, encompassing an examination of their associated effects, causes, and the formulation of risk mitigation strategies. Notably, FMEA gained broader adoption after 1977 when the Ford Motors Company incorporated it into automobile manufacturing practices (Fernandes & Rebelato, 2006Fernandes, J.M.R., & Rebelato, M.G. (2006). Proposta de um método para integração entre QFD e FMEA. Gestão & Produção, 13(2), 245-259. https://doi.org/10.1590/S0104-530X2006000200007.
https://doi.org/10.1590/S0104-530X200600... ).

In 1990, the International Organization for Standardization (ISO) recommended FMEA for design reviews within the ISO 9000 series. Subsequently, in 1994, the Society of Automotive Engineers (SAE) introduced the first version of its standard, jointly with Chrysler, Ford, and General Motors engineers (J1739). This document outlines the principles of FMEA and furnishes comprehensive guidelines for its application (Liu & Liu, 2016Liu, H.C., & Liu, H.C. (2016). FMEA using uncertainty theories and MCDM methods. Springer.).

Today, FMEA has established itself as a pivotal tool for safety and reliability analysis in an extensive array of industries, encompassing aerospace, automotive, nuclear, electronics, chemical, mechanical, and healthcare sectors, among others (Liu & Liu, 2016Liu, H.C., & Liu, H.C. (2016). FMEA using uncertainty theories and MCDM methods. Springer.).

FMEA is among the most widely utilized methods for evaluating system reliability. Utilizing this method, the practitioner enumerates system components, identifies potential failure modes, effects, and causative factors, culminating in an assessment of enterprise criticality or risk. This approach is amenable to modification and application across a broad spectrum of engineering challenges (Kolios et al., 2017Kolios, A.J., Umofia, A., & Shafiee, M. (2017). Failure mode and effects analysis using a fuzzy-TOPSIS method: a case study of subsea control module. International Journal of Multicriteria Decision Making, 7(1), 29-53. http://dx.doi.org/10.1504/IJMCDM.2017.085154.
http://dx.doi.org/10.1504/IJMCDM.2017.08... ).

As indicated by Teoh & Case (2004)Teoh, P.C., & Case, K. (2004). Failure modes and effects analysis through knowledge modelling. Journal of Materials Processing Technology, 153, 253-260. http://dx.doi.org/10.1016/j.jmatprotec.2004.04.298.
http://dx.doi.org/10.1016/j.jmatprotec.2... , FMEA can be categorized into Design FMEA, primarily directed towards design-related activities, and Process FMEA, employed to unearth failure modes occurring throughout a process.

The FMEA methodology revolves around the identification of conceivable failures in projects or processes, the prioritization of these failures, and the formulation of mitigation strategies to reduce their likelihood of occurrence (Zambrano & Martins, 2007Zambrano, T.F., & Martins, M.F. (2007). Utilização do método FMEA para avaliação do risco ambiental. Gestão & Produção, 14(2), 295-309. https://doi.org/10.1590/S0104-530X2007000200008.
https://doi.org/10.1590/S0104-530X200700... ).

The FMEA process unfolds in a structured sequence, commencing with the definition of the system's characteristics and its components. Subsequent steps encompass the identification of potential failure modes, the determination of their potential causes, a delineation of the effects these failures would have on the system, and the proposal of measures to detect these failure modes, along with actions for controlling or mitigating their impacts. The findings are typically presented in a matrix or table format, often represented through the Risk Priority Number (RPN) (Espósito & Palmier, 2013Espósito, T., & Palmier, L.R. (2013). Application of risk analysis methods on tailings dams. Soils and Rocks, 36(1), 97-117. http://dx.doi.org/10.28927/SR.361097.
http://dx.doi.org/10.28927/SR.361097... ).

Liu & Liu (2016)Liu, H.C., & Liu, H.C. (2016). FMEA using uncertainty theories and MCDM methods. Springer. outlines an effective FMEA process, which involves defining the scope of the analysis, assembling a dedicated team, comprehending the system under scrutiny, conducting in-depth discussions on failure modes, assessing their probabilities, calculating the Risk Priority Number (RPN), prioritizing the failure modes, preparing a comprehensive report, and, when necessary, revisiting the analysis if modes are reduced or eliminated.

The FMEA method permits the evaluation of failures by considering the probability of occurrence (O), the potential for detection (D), and the severity of their effects (S). The product of these three factors - occurrence, detection, and severity - results in the Risk Priority Number (RPN), often represented in a two-dimensional matrix.

To facilitate the implementation of FMEA, organizations often employ custom forms or spreadsheets tailored to their specific criteria, as standardization in this regard is not universal. An illustrative example of such a spreadsheet for conducting risk analysis is presented in Table 1.

Thumbnail

Table 1
Example of FMEA analysis for dam, slope, and crest (Fernandes et al., 2022Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... ).

Failure modes are systematically categorized based on occurrence, severity, and detection, with a classification system similar to the one presented in Table 2, as detailed by Fernandes et al. (2022)Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... .

Thumbnail

Table 2
Occurrence index, detection index and severity index (Fernandes et al., 2022Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221.
http://dx.doi.org/10.28927/SR.2022.07022... ).

3. Proposed method

The FMEA method serves as an indispensable tool for the mitigation or elimination of risks associated with potential failure modes by evaluating each event based on its probability of occurrence, detectability, and the severity of its consequences. However, the conventional classification tables employed in technical literature for occurrence, detection, and severity do not comprehensively address failure modes that pertain specifically to the Ultimate Limit State, as is the case with dam failures.

FMEA facilitates the prioritization of failure modes by computing the Risk Priority Number (RPN). The RPN is derived through the multiplication of occurrence, detection, and severity indices, offering decision-makers a crucial metric for prioritizing mitigation actions aimed at diminishing the likelihood or severity of failure modes.

In this section, we present a novel approach to risk analysis grounded in the FMEA methodology, specifically tailored to address the safety of dams during the initial operational phase of a hydroelectric power plant. To align with the objectives of this method, custom classification tables for failure modes related to occurrence, severity, and detection have been meticulously devised.

During the filling phase of a reservoir, an inherently critical stage in the operation of a hydroelectric power plant, a distinct perspective is adopted. Failure modes associated with the Ultimate Limit State of geotechnical structures require particularly diligent consideration. Given the paramount significance of all events in this context, we abstain from the traditional prioritization of failure modes through the computation of the Risk Priority Number. Instead, all events are regarded as equally pertinent and mandate thorough scrutiny by the responsible technicians overseeing the filling process.

In the endeavor to define failure modes capable of precipitating an accident, a comprehensive historical dataset chronicling dam failures spanning from 1889 to 2017 was employed. Pereira (2020)Pereira, G.M. (2020). Acidentes e rupturas de barragens de armazenamento de água. ABGE. conducted a study on dam failures and their causative factors, and a compilation of these crucial data is presented in Table 3.

Thumbnail

Table 3
Dam ruptures - exclusion causes “structural collapse” (Pereira, 2020Pereira, G.M. (2020). Acidentes e rupturas de barragens de armazenamento de água. ABGE.).

Overtopping, piping, foundation erosion, external erosion, and slope instability have been selected as failure modes for thorough consideration. Historical data analysis has indicated these failure modes as potential precursors of dam failures. Notably, the "structural collapse" failure mode, which primarily pertains to concrete dam failures, has been excluded from our considerations. Our decision to focus on these specific failure modes is grounded in historical data, as presented in Table 3.

The probability of occurrence classes was established based on a rigorous statistical approach, involving the division of the number of accidents attributed to a specific cause (failure mode) by the total count of geotechnical accidents transpiring over the period spanning from 1889 to 2017.

Within the framework of associating these failure modes with the Ultimate Limit State, any failure mode exhibiting a probability exceeding 30% is categorized as "very likely." Conversely, failure modes characterized by a probability falling below the 5% threshold are designated as "unlikely." Figure 1 visually conveys these probability of occurrence classifications, employing a color scheme where the green color (1) signifies unlikely failure modes, while the red color (3) designates highly likely failure modes.

Figure 1
Class of probability of occurrence.

To determine severity classes, a scoring system was developed, taking into account the complexity of executing a mitigating action and the availability of equipment and materials. Since the method is focused on circuit filling events, the scoring system also considers the presence of devices in the project to lower water levels, which aids in minimizing the progression of the failure mode and facilitates the execution of mitigation measures.

The scoring process for defining the severity class of each failure mode is systematically conducted, considering the multifaceted aspects as delineated in Figure 2. The assignment of severity classes for each failure mode is accomplished through the application of Equation 1.

Figure 2
Severity classes - aspects for scoring.

Score (severity classes) = \sum I; I I; I I I; I V; V

(1)

Failure modes are classified into three severity classes. Class 1 represents "no effect," while Class 3 indicates the "possibility of an accident." Figure 3 present a visual representation of the severity classes.

Figure 3
Severity classes.

Class 1 has been designated on the premise that executing a mitigating action entails minimal complexity, with all the necessary materials and equipment readily available within the enterprise to facilitate such actions. Additionally, Class 1 encompasses the essential feature that the potential exists to reduce the water level, even in emergency situations, through the utilization of the spillway, bottom discharge mechanisms, and the generation circuit.

Conversely, Class 3 represents a scenario where the execution of mitigating actions to avert or curtail the advancement of a failure mode is deemed exceptionally intricate. In such instances, Class 3 accounts for the absence of accessible suppliers providing requisite materials and equipment for executing the necessary actions. Furthermore, Class 3 factors in the absence of readily available and operational structures designed to reduce the water level within the circuit.

To determine detection probability classes, a scoring system has been established. This scoring system takes into consideration a range of devices and relevant aspects that aid in the identification and observation of the progression of failure modes. It plays a pivotal role in enhancing the capacity to observe the advancement of identified unfavorable events.

The process of assigning a detection class to each failure mode is conducted with meticulous attention to the multifaceted aspects delineated in Figure 4. The determination of the detection class for each failure mode is achieved through the application of Equation 2.

Figure 4
Detection classes - scoring aspects.

Detection score = \sum I; I I; I I I; I V; V; V I; V I I

(2)

The probability of detecting failure modes has been categorized into three (3) distinct classes. Figure 5 present a visual representation of the detection classes. These classes are denoted as follows:

Figure 5
Detection classes.

Class 1 represents a scenario where there is a high probability of detecting the failure mode.
Class 2 is indicative of a moderate probability of detecting the failure mode.
Class 3 signifies an unlikely probability of detecting the failure mode.

Class 1 taking into account a range of conditions that foster the effective detection of potential failure modes within the project. Specifically, in Class 1, the project boasts several favorable aspects that enhance the detection process. These elements include automated instruments for monitoring and auscultation, a system for measuring water levels that operates autonomously, frequent inspections executed by a highly specialized team operating in easily accessible areas, well-illuminated inspection zones, and the presence of a camera-based monitoring system for periods when conventional inspections are not carried out. Furthermore, Class 1 takes into consideration a low likelihood of precipitation during the filling maneuver period.

Class 3, on the other hand, encapsulates a scenario characterized by several factors that significantly impede the detection of potential failure modes. Within this context, Class 3 reflects the absence of essential monitoring instruments, such as auscultation devices or water level measurement scales. Inspections are conducted sporadically and are entrusted to non-specialized personnel who operate in areas that are not easily accessible. Moreover, Class 3 factors in a notably higher probability of precipitation during the filling maneuver period, and the absence of a camera-based monitoring system to aid in the detection process.

The classification system, thoughtfully constructed to suit the unique circumstances and conditions associated with the filling procedure in a hydroelectric project, incorporates scoring tables, severity tables, and detection tables. These tables contain pertinent information that not only contributes to the definition of classes but also serves as valuable resources for decision-makers in devising strategies to mitigate risk and forestall the progression of failure modes.

4. Case study

To assess the practicality and applicability of the adapted FMEA methodology, a risk analysis was conducted within the context of a hypothetical hydroelectric project. The selection of this specific project stemmed from the necessity to address the filling of the low-pressure circuit, a process entailing the management of a substantial water volume totaling 83,600 cubic meters. Furthermore, the project was chosen with the primary objective of equipping the responsible technicians with the essential knowledge concerning the associated risks inherent in this endeavor. This knowledge serves as a pivotal resource in enabling the identification of potential actions and strategies aimed at mitigating these risks effectively.

4.1 Characterization of the project

In this case study, the project is denoted as "Project A." It is characterized by a comprehensive layout featuring a dam situated on the riverbed. On the left bank of the dam, there exists an adduction circuit comprising a low-pressure intake and an open-air adduction channel. Towards the end of this channel, a high-pressure intake structure is situated, from which two metallic penstocks supply water to four turbines.

Immediately upstream of the high-pressure water intake structure, a bottom gate functions as the emptying mechanism for the adduction channel. Given the focus of this study on risk analysis associated with the filling of the low-pressure circuit, the analysis is conducted exclusively on one geotechnical structure, which, in this case, is the adduction channel. Consequently, this section provides an overview of the characteristics of the chosen structure.

The adduction channel within Project A spans approximately 2,800 meters in length and primarily exhibits a trapezoidal cross-section with a 3.0 meter base width, a maximum height of 5.0 meters, and a slope inclination of 1.5H:1V. Owing to the local topography, the right bank of the channel is distinguished by an embankment comprised of mature compacted residual soil and serves as the definitive access point to the channel. In contrast, the left bank predominantly consists of excavation slopes within residual soil, with the exception of compacted soil embankments in watercourses.

The geographical area encompassing the adduction channel comprises basalt outpourings and residual soil overlaying the natural watercourses. The uppermost layer of the stratigraphic profile is characterized by colluvial soil.

The hydraulic head, in relation to the normal water level, measures 4.0 meters of water column (mWC). It is important to note that the hydraulic head can reach a maximum of 5.0 mWC for exceptionally high water levels, corresponding to a recurrence interval of 10,000 years.

4.2 Application of the method

The development of this method commenced with the meticulous identification of potential failure modes that could manifest during the filling process of the adduction channel. Subsequently, these modes were subjected to a comprehensive evaluation concerning their probability of occurrence, the severity of their potential effects, and the likelihood of detection.

The primary objective of this analysis is to streamline risk management throughout the filling procedure of the low-pressure circuit. The primary focus is directed towards failure modes associated with progressive events that possess the potential to culminate in accidents. As a result, the analysis encompasses the consideration of failure modes such as overtopping, piping, foundation erosion, downstream erosion (resulting from spillway flow), and slope instability.

The risk analysis conducted for Project A has been illustrated in Figure 6 and Figure 7. The failure modes were categorized based on the specific attributes of this study, taking into account the probability of occurrence, the severity of potential effects, and the likelihood of detection.

Figure 6
Development of risk analysis.

Figure 7
Development of risk analysis - result.

Among the identified failure modes, overtopping, piping, and foundation erosion emerge as the most probable. Given the historical significance of these failure modes as causative factors in numerous dam accidents, they necessitate thorough risk evaluation by the technicians responsible for managing the circuit, particularly in light of their high likelihood of occurrence.

The failure modes of "channel slope instability" and "downstream spillway erosion" were classified, in terms of probability of occurrence, as unlikely, as they are historically the least frequent causes of accidents in hydroelectric projects.

The "overtopping" failure mode received a high score and was defined, in terms of severity, as Class 3. This classification results from the complexity of implementing a mitigating action to prevent the occurrence of this failure mode and the unavailability of auxiliary devices for reducing the water level in the circuit. Increasing the freeboard would prevent the possibility of overtopping. However, this action is complex due to the length of the channel (2,800 m). During the channel filling period, the high-pressure circuit and the drainage device were not completed, which made them unavailable to assist in reducing the water level in the channel.

The adduction channel is controlled by a low-pressure intake susceptible to control structure failures, which can be exacerbated by exceptional hydrological events. These specific events were not evaluated in this case study.

Regarding the severity of the effects, the failure modes of "piping" and "foundation erosion" were defined as Class 2 due to the complexity of taking action to prevent these failure modes and the lack of devices to lower the water level in the channel.

The implementation of a reverse filter and/or a stabilizing berm on the downstream slope is an effective action to control piping or foundation erosion. However, the downstream slope (right bank) has a length of 2,800 m, and access is via the crest of the embankment, which is unpaved, with no access through the lower region of the embankment. Therefore, the mitigation action is considered moderately complex.

Class 2 (severity) for the "piping" and "foundation erosion" failure modes also results from the unavailability of devices to reduce the water level in the channel, in addition to the lack of a free weir spillway. Without auxiliary devices, it is not possible to lower the hydraulic head below the normal operating level. Reducing the hydraulic head could reduce the progression of failure modes and facilitate the execution of mitigation actions.

The "channel slope instability" failure mode was classified in terms of the severity of its effects as Class 3. This classification is a result of the complexity of executing a mitigating action, as well as the unavailability of auxiliary structures to reduce the water level in the channel.

Access to the channel is predominantly from the right side, so in a situation of "slope instability" on the left side, executing a mitigation action would be complex. Furthermore, instability on the hydraulic right could cause a loss of access along the bank, making it difficult to perform a mitigation action. Severity Class 3 is also related to the fact that the drainage device and the generation circuit were inoperative, which does not allow them to assist in reducing the water level to mitigate the risk of an accident and to use the channel bottom as access.

All failure modes during the risk analysis were classified as unlikely to be detected. Detection Class 3 is related to aspects in Project A that do not facilitate the diagnosis of the occurrence of failure modes.

Instrumentation is essential for detecting failure modes such as piping, foundation erosion, or slope instability, making it possible to monitor increases in pore pressure, slope displacements, and opening of joints in structures near embankments, among other aspects. However, the instruments cannot detect failure modes of "downstream spillway erosion" or the possibility of "overtopping." Therefore, for these failure modes, the instrumentation aspect was classified as "not applicable (1)" in relation to Item I (Instrumentation). Instruments were not installed in the foundation mass, so the failure mode "foundation erosion" received a higher score. The other failure modes were scored with a value of 2, indicating that the project has manual instruments.

Eight (8) measuring rulers were installed in the adduction channel to measure the water level, including one installed in the reservoir. However, the system is not automated, requiring manual readings along the lengthy channel (2,800 m). The automation of water levels would enable real-time monitoring, even in emergencies when it is necessary to lower the circuit. The other failure modes were scored as 2 in Item II (Monitoring of Water Levels), indicating that the power plant has measuring rulers, but the monitoring is not automated.

Specialized engineers in electrical, hydraulic, and geotechnical engineering were mobilized to lead the channel filling operation. Additionally, contractor engineers and Project A technicians assisted in the circuit filling process.

Inspections during the filling process were not scheduled for nighttime, as inspecting areas without adequate lighting was not feasible. For this reason, the failure modes were scored as 2 in Item III (Inspections) because inspections were conducted by a specialized team only during the daytime.

Access throughout the adduction channel is primarily from the hydraulic right, with only a few easily accessible areas on the left bank. The access points are unpaved, making inspections complex during rainy periods. However, the topography in the channel region generally allows for inspections. The failure modes were rated as 1 in Item IV (Access Roads) because the low-pressure circuit is in an easily accessible area, except for the failure mode "downstream spillway erosion," which was rated as 3 due to its challenging topography and difficult access.

The facility lacks cameras and lighting, which prohibits nighttime inspections or monitoring in periods without scheduled inspections. Regarding Items VI and VII, the failure modes were rated as 3, considering the absence of lighting and a camera monitoring system.

Due to the expected intense precipitation during the circuit filling period, the failure modes were rated as 3 in relation to Item V (Precipitation), except for the failure mode "downstream spillway erosion," which is not affected by precipitation. Precipitation hampers technical inspections and impairs the observation of factors that could lead to failure modes, such as humidity, cracks, seepage, internal erosion, and other aspects.

As the failure modes are related to the possibility of accidents, all the events mentioned are significant and must be considered by the technicians responsible for the filling procedure. Therefore, the failure modes were not prioritized through Risk Priority Number calculations. Scoring tables and classifications should be used to manage the risk associated with the filling process, providing the opportunity to implement actions to reduce the risk involved in this step.

5. Conclusion

The score tables created in this study to support the classification of failure modes related to the probability of detection and severity of effects have been instrumental for decision-makers in the event classification. Without these score tables, the technicians in charge encountered difficulties in implementing the classification system for failure modes.

The classification tables for probability, severity, and detection were simplified into three groups (1 to 3), and a color scale was added for better clarity. The green color signifies unlikely, easily detectable failure modes with no significant impact, while the red color denotes highly likely failure modes that are difficult to detect and may result in accidents.

The tables with color scales visually contribute to the rankings and analysis results. Green represents failure modes unlikely to occur, easy to detect, and with no adverse effect on the power plant. Red, on the other hand, represents failure modes very likely to occur, unlikely to be detected, and with the potential for causing accidents.

The proposed method considers only failure modes capable of leading to accidents, which is why a limited number of relevant failure modes were taken into account. The case study demonstrated that through the implementation of specific aspects and adjustments in the power plant, it is possible to reduce the risks associated with the reservoir filling process.

Regarding the score table used to classify the severity of the effects for failure modes, risks could be mitigated by ensuring the availability of equipment and materials for mitigation actions, enhancing predictability in the field. Additionally, it would be advantageous to perform the activity with the operational bottom gate, which serves as the emptying device for the channel and high-pressure generation circuit. This would allow these structures to assist in lowering the water level in case of an emergency.

As for the scoring table used to classify the probability of detection for failure modes, risks could be reduced by automating systems. Implementing monitoring and lighting cameras as well as other monitoring devices can facilitate detection and provide real-time tracking of the development of a failure mode, even during nighttime or when scheduled inspections are not taking place.

Filling the circuit is one of the most critical phases of a hydroelectric project, and it is impossible to completely eliminate all associated risks. However, understanding and managing these risks are possible. The proposed method is designed to assist technical managers in making informed decisions and taking actions to prevent and reduce risks, ultimately enhancing safety during the initial stages of similar projects.

Data availability

All data produced or examined in the course of the current study are included in this article.

Acknowledgements

The authors are grateful to the Post-Degree in Civil Construction Engineering from Federal University of Paraná (PPGECC-UFPR) and G5 Engenharia for their support in the development of this research. The tables in this article are credited to Fernandes et. al. and Geraldo Magela Pereira. The authors above kindly granted permission to use parts of their publications in this article.

References

Agência Nacional de Águas - ANA. (2016). Guia de orientação e formulários do Plano de Ação de Emergência ANA.
Boccaletti, B.C., Mello, L.C.B.B., & Bastos, I.P. (2021). Principal causes and challenges for reducing product returns: applying FMEA in a case study. Gestão & Produção, 28(2), e5115. http://dx.doi.org/10.1590/1806-9649-2020v28e5115.
Brasil. (2010). Lei nº 12.334, de 20 de setembro de 2010. Estabelece a Política Nacional de Segurança de Barragens destinadas à acumulação de água para quaisquer usos, à disposição final ou temporária de rejeitos e à acumulação de resíduos industriais, cria o Sistema Nacional de Informações sobre Segurança de Barragens e altera a redação do art. 35 da Lei n° 9.433, de 8 de janeiro de 1997, e do art. 4° da Lei n° 9.984, de 17 de julho de 2000. Diário Oficial [da] República Federativa do Brasil
Brasil. Ministério de Minas e Energia - MME. Empresa de Pesquisa Energética - EPE. (2020). Plano Nacional de Energia 2050 MME/EPE.
Dutra, P. (2021). Análise de risco em um empreendimento hidrelétrico através do risco global de impacto e árvore de falhas [Master’s dissertation]. Federal University of Paraná (in Portuguese).
Espósito, T., & Palmier, L.R. (2013). Application of risk analysis methods on tailings dams. Soils and Rocks, 36(1), 97-117. http://dx.doi.org/10.28927/SR.361097
» http://dx.doi.org/10.28927/SR.361097
Fernandes, J.M.R., & Rebelato, M.G. (2006). Proposta de um método para integração entre QFD e FMEA. Gestão & Produção, 13(2), 245-259. https://doi.org/10.1590/S0104-530X2006000200007
» https://doi.org/10.1590/S0104-530X2006000200007
Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221
» http://dx.doi.org/10.28927/SR.2022.070221
Kolios, A.J., Umofia, A., & Shafiee, M. (2017). Failure mode and effects analysis using a fuzzy-TOPSIS method: a case study of subsea control module. International Journal of Multicriteria Decision Making, 7(1), 29-53. http://dx.doi.org/10.1504/IJMCDM.2017.085154
» http://dx.doi.org/10.1504/IJMCDM.2017.085154
Liu, H.C., & Liu, H.C. (2016). FMEA using uncertainty theories and MCDM methods Springer.
Pereira, G.M. (2020). Acidentes e rupturas de barragens de armazenamento de água ABGE.
Purdy, G. (2010). ISO 31000: 2009 - Setting a new standard for risk management. Risk Analysis: An International Journal, 30(6), 881-886. http://dx.doi.org/10.1111/j.1539-6924.2010.01442.x
» http://dx.doi.org/10.1111/j.1539-6924.2010.01442.x
Recchia, W.M. (2016). Aplicação da metodologia FMEA na gestão de risco no planejamento estratégico da UFSCar [Master’s dissertation]. Federal University of São Carlos (in Portuguese).
Teoh, P.C., & Case, K. (2004). Failure modes and effects analysis through knowledge modelling. Journal of Materials Processing Technology, 153, 253-260. http://dx.doi.org/10.1016/j.jmatprotec.2004.04.298
» http://dx.doi.org/10.1016/j.jmatprotec.2004.04.298
Zambrano, T.F., & Martins, M.F. (2007). Utilização do método FMEA para avaliação do risco ambiental. Gestão & Produção, 14(2), 295-309. https://doi.org/10.1590/S0104-530X2007000200008
» https://doi.org/10.1590/S0104-530X2007000200008

Publication Dates

Publication in this collection
05 Feb 2024
Date of issue
2024

History

Received
24 Dec 2022
Accepted
18 Dec 2023

This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

[1] Agência Nacional de Águas - ANA. (2016). Guia de orientação e formulários do Plano de Ação de Emergência ANA.

[2] Boccaletti, B.C., Mello, L.C.B.B., & Bastos, I.P. (2021). Principal causes and challenges for reducing product returns: applying FMEA in a case study. Gestão & Produção, 28(2), e5115. http://dx.doi.org/10.1590/1806-9649-2020v28e5115.

[3] Brasil. (2010). Lei nº 12.334, de 20 de setembro de 2010. Estabelece a Política Nacional de Segurança de Barragens destinadas à acumulação de água para quaisquer usos, à disposição final ou temporária de rejeitos e à acumulação de resíduos industriais, cria o Sistema Nacional de Informações sobre Segurança de Barragens e altera a redação do art. 35 da Lei n° 9.433, de 8 de janeiro de 1997, e do art. 4° da Lei n° 9.984, de 17 de julho de 2000. Diário Oficial [da] República Federativa do Brasil

[4] Brasil. Ministério de Minas e Energia - MME. Empresa de Pesquisa Energética - EPE. (2020). Plano Nacional de Energia 2050 MME/EPE.

[5] Dutra, P. (2021). Análise de risco em um empreendimento hidrelétrico através do risco global de impacto e árvore de falhas [Master’s dissertation]. Federal University of Paraná (in Portuguese).

[6] Espósito, T., & Palmier, L.R. (2013). Application of risk analysis methods on tailings dams. Soils and Rocks, 36(1), 97-117. http://dx.doi.org/10.28927/SR.361097
» http://dx.doi.org/10.28927/SR.361097

[7] Fernandes, J.M.R., & Rebelato, M.G. (2006). Proposta de um método para integração entre QFD e FMEA. Gestão & Produção, 13(2), 245-259. https://doi.org/10.1590/S0104-530X2006000200007
» https://doi.org/10.1590/S0104-530X2006000200007

[8] Fernandes, R.B., Sieira, A.C.C.F., & Menezes Filho, A.P. (2022). Methodology for risk management in dams from the event tree and FMEA analysis. Soils and Rocks, 45(3), e2022070221. http://dx.doi.org/10.28927/SR.2022.070221
» http://dx.doi.org/10.28927/SR.2022.070221

[9] Kolios, A.J., Umofia, A., & Shafiee, M. (2017). Failure mode and effects analysis using a fuzzy-TOPSIS method: a case study of subsea control module. International Journal of Multicriteria Decision Making, 7(1), 29-53. http://dx.doi.org/10.1504/IJMCDM.2017.085154
» http://dx.doi.org/10.1504/IJMCDM.2017.085154

[10] Liu, H.C., & Liu, H.C. (2016). FMEA using uncertainty theories and MCDM methods Springer.

[11] Pereira, G.M. (2020). Acidentes e rupturas de barragens de armazenamento de água ABGE.

[12] Purdy, G. (2010). ISO 31000: 2009 - Setting a new standard for risk management. Risk Analysis: An International Journal, 30(6), 881-886. http://dx.doi.org/10.1111/j.1539-6924.2010.01442.x
» http://dx.doi.org/10.1111/j.1539-6924.2010.01442.x

[13] Recchia, W.M. (2016). Aplicação da metodologia FMEA na gestão de risco no planejamento estratégico da UFSCar [Master’s dissertation]. Federal University of São Carlos (in Portuguese).

[14] Teoh, P.C., & Case, K. (2004). Failure modes and effects analysis through knowledge modelling. Journal of Materials Processing Technology, 153, 253-260. http://dx.doi.org/10.1016/j.jmatprotec.2004.04.298
» http://dx.doi.org/10.1016/j.jmatprotec.2004.04.298

[15] Zambrano, T.F., & Martins, M.F. (2007). Utilização do método FMEA para avaliação do risco ambiental. Gestão & Produção, 14(2), 295-309. https://doi.org/10.1590/S0104-530X2007000200008
» https://doi.org/10.1590/S0104-530X2007000200008

Structure	Failure	Final effect	(S)	Cause	(O)	Control	Type of control	(D)	RPN
Dam	Insufficient capacity to contain water	Global instability	10	Inadequacy of the design and / or construction and / or maintenance	4	Project suitability \| Visual inspection and instrumentation	Prevention \| Detection	3	120
Upstream Slope	Structural instability due to animals	Local instability	3	Ants and animals	3	Adequacy of the geometry and the constituent materials \| Visual inspection	Prevention \| Detection	1	9
Upstream Slope	Structural instability due to erosions	Local instability	3	Superficial Erosion	3	Adequacy of the geometry and the constituent materials \| Visual inspection and instrumentation	Prevention \| Detection	1	9
Crest	Overtopping (free board)	Global instability	4	Coverage and / or protection failures	3	Adequacy of the geometry and the constituent materials \| Visual inspection	Prevention \| Detection	3	36
Crest	Overtopping (free board)	Global instability	4	Coverage and / or protection failures	3	Adequacy of the geometry and the constituent materials \| Visual inspection	Prevention \| Detection	3	36

Occurrence Index (O)	Probability of Occurrence (events per year)	Detection Index (D)	Probability of Detection	Severity Index (S)	Damage and Impacts
1	Unlikely (≤ 0.01%)	1	Very likely	1	No damage
2	Remote (> 0.01 and ≤ 0.1%)	2	More high	2	Isolated damage with slow magnitude
3	Insignificant (> 0.1 and ≤ 1%)	3	High	3	Short-term reversible individual damage
4	Casual (> 1 and ≤ 10%)	4	Moderately high	4	Long-term reversible individual damage
5	Frequent (> 10 and ≤ 25%)	5	Casual	5	Isolated damage with huge magnitude
6	High (> 25 and ≤ 40%)	6	Low	6	Short-term reversible collective damage
7	More high (> 40 and ≤ 60%)	7	Very low	7	Long-term reversible collective damage
8	Expected (> 60 and ≤ 80%)	8	Remote	8	Collective damage with huge magnitude
9	Likely (> 80 and ≤ 90%)	9	Very remote	9	Irreversible individual damage
10	Very likely (> 90 and ≤ 100%)	10	Unlikely	10	Irreversible collective damage

Dam	Country	Type of Dam	End	Break	Victims	Cause
Orós	Brazil	E/R	1960	1960	1000	O
Euclides da Cunha	Brazil	E	1960	1977	0	O
El Guapo	Venezuela	E	1978	1999	-	O
Banqiao	China	E	1952	1975	>26000	O
Glashutte	Germany	E	1953	2002	0	O
Canyon Lake	USA	E	1938	1972	242	O
Khadakwasla	India	BRI	1879	1961	>1000	O
Babi Yar	Ukraine	E	1950	1961	145	O
Frías	Argentina	R	1940	1970	102	O
Lower Otay	USA	R	1897	1916	30	O
Whitewater	USA	E	1943	1972	0	O
South Fork	USA	E/R	1839	1889	2209	O
Laurel Run	USA	E	1919	1977	70	O
Walnut Grove	USA	R	-	1890	150	O
Sempor	Indonesia	R	1967	1967	200	O
Situ Gintung	Indonesia	E	1933	2009	100	O
Ka Loko	Hawaii	E	1890 1911	2006	7	O
Twentyone	USA	E	90's	2017	0	O
Limoeiro	Brazil	E	1960	1977	0	O
Panshet	India	E	1961	1961	>1000	O
Machhu II	India	BRI/E	1972	1979	>1300	O
Pampulha	Brazil	ECF	1943	1954	0	P
Teton	USA	E	1975	1976	11	P
Fontenelle	USA	E	1964	1965	0	P
Nanaksagar	India	E	1962	1967	100	P
St. Francis	USA	G	1926	1928	450	F
Baldwin Hills	USA	R	1951	1963	0	F
Austin	USA	G	1910	1911	80	F
Walter Bouldin	USA	E	1967	1975	0	P
Malpasset	France	Bow	1954	1959	421	F
Bila Desna	Czech republic	E	1915	1916	65	P
Barragem de Camará	Brazil	RCC	2002	2004	4	F
Big Bay	USA	E	1991	2004	0	P
Lawn Lake	USA	E	1903	1982	0	P
Meadow Pond	USA	-	1994	1996	1	P
Inxú	Brazil	E	2015	2016	3	P
Apertadinho	Brazil	E	2006	2008	0	P
Tighra	India	BRI	1913	1917	>1000	E
Algodões I	Brazil	E	2004	2009	9	E
Vajont	Italy	Arco	1960	1963	2600	L