The complex approach in risk assessment and its application at machinery safety management

Even though the rules for free movement of machinery within the European Union market have existed for more than 30 years, accidents related to their activities have constantly been achieving the significant value. When designing the machine, a designer must stem from risk assessment, whereas all stages of its life cycle and ways of its use must be taken into consideration. In industrial operations, there is old machinery, which, although fulfilling its function reliably, the safety level is not in accordance with the developing requirements for their safe operation. The proposed methodology of assessment of the machinery safety condition comes out from the presupposition of the right application of steps of risk assessment and their reduction mainly by means of implementation of both effective and efficient preventive measures. The aim of the research applied in 3 operations, was to verify the method of machinery safety management. The created methodology based on 19 requirements for safety evaluates the level of the actual measures by means of the so-called criterion of current status and total efficiency of measures. Its output is the assessment of the efficiency level of implemented safety of each machine as well as of the whole operation.


Introduction
Within the last ten years, a number of accidents related to the activities connected with usage of machinery equipment has been decreasing, however, the reality is that machinery, including lifters, conveyers and similar equipment, are, according to statistics [1,2], a source of as much as 25 % of all serious occupational injuries annually.
According to official report of the National Labor Inspectorate of the Slovak Republic -NLI [3], there were totally 9,022 occupational injuries registered in 2019. Out of the stated amount, 31 were serious with death consequence and 57 were serious with a heavy bodily injury. In its reports, the NLI states that the main source of fatal occupational injury are vehicles (mainly motor and road vehicles, 45.2%). The proportion of serious occupational injuries when using the machinery equipment was 9.7%.
The most frequent reason of injuries was the so-called undetected reason that was related with occurrence of high amount of road traffic accidents. The other main reason of injuries (up to 29%) were workers themselves, using dangerous processes or methods of work including acting without authorization, against order, prohibition, and they also remained within endangered area.
There are many authors who analyze the accident rate statistics and deal with its causes. They emphasize inappropriate procedures of equipment design [4,5], or non-observance of safety procedures throughout their operation [6]. It is interesting that increasing of efficiency level by implementation of preventive measures may depend also on the level of both cognitive and emotional approach of managers to safety [7,8]. In industrial practice, a method of Behaviour Based

Machinery risk assessment methodology
No compliance with the requirements of regulations may be proved without having performed documented procedure of analysis and risk reduction, and without having proved all effective and efficient measures in accordance with actual knowledge and possibilities of injury prevention and harming of health when working with equipment [21][22][23].

Base principles in risk assessment procedure
Despite the fact that it was mainly the machinery safety that initiated development of a number of harmonized standards describing the algorithm of risk assessment and risk reduction, as a basis for design and construction of the safest possible machinery, not even 30 years make sufficiently long period so that the principle in question could become a certainty implemented into a proper technical practice.
The reason is obvious. By basic inevitable knowledge of EN ISO 12100 [14], [24][25][26] (by the way, the harmonized standard went through several alterations, from EN 292-1, 2, EN 1050, EN ISO 14121-1, EN ISO 12100-1, 2), there still happens to be incomprehension of the importance of individual steps of risk assessment ( Figure 1): Risk analysis -starts with classification of system into elements (Step 1). The aim is to describe and identify the source of accident as exactly as possible (Step 2), thus, what in the system is hazard in relation to a human; description of hazardous situation -what may happen by a given activity (harm) and how (hazard event), i.e. accident scenario. Then, estimation of probability and consequence follows, which requires selection of a suitable methodology for assignment of the probability and consequence parameters (e.g. risk matrix, risk graph, Fault tree analysis (FTA), Event tree analysis (ETA) etc., and this methodology may be in a form of qualitative, semi-quantitative or quantitative approaches [26,27]. The next important step of the logical procedure is expression of the relation of probability and consequence by a combination of their values, the so-called risk estimation (Step 3).
Risk evaluation (Step 4) -is a step following only after risk analysis, and in fact, it compares estimated amount of risk (relating to identified hazard) with the "set" parameters of its acceptability (or tolerability).
Taking of measures -is related to the risk values which either exceed or reach the inacceptable level (Step 5). It may happen that even though the estimated risk level ranges within the area of acceptability, the manager (designer, producer) decides to take certain measures for its reduction. Such approach is marked as ALARP (As Low As Reasonably Practicable) -it represents reduction of risk to the best reasonable level, i.e. effective and efficient [28][29][30]. By designing the machinery, this process goes through the so-called 3 steps (Step 6), where in the first place, hazard source elimination is concerned (replacement of a hazardous property by a safe one), after consideration whether the acceptance of the respective measure is not possible or ineffective, protective measures are applied. The third, the last step of risk reduction is provision of information on the residual risk in the socalled machinery usage instructions.
The whole process is indicated as risk reduction but also as risk control, and it requires its repeated assessment in order to verify whether the proposed and implemented measures are really effective.

Risk Assessment Methods
Description of the area, when in which step of the risk assessment, which method for what purpose (system) of research is suitable, is a very extensive issue. This is the place where mistakes regarding the idea of risk assessment arise. There are methods that are sufficient for enabling the risk assessment by mechanical hazard of a sharp machine edge, however, methods for risk assessment of hazardous substance leak (e.g. gas) from high-pressure pipeline, its initiation and subsequent fire of a "jet fire" type are different [26][27][28].
Each system requiring risk assessment either from legislative or other reason, has certain recommended methods and procedures, which sufficiently accurately describe a scenario (but also causality [32]) of a hazardous event origination leading to damage (e.g. hazard of life and health, property, environment etc.). There is a difference in risk assessment of a simple machinery and risk assessment of explosion in a paint shop or of a serious industrial accident of ammonia leak from a tank. Scenarios of a burning building in a built-up area are described differently than scenarios of a blast-furnace gas leak in industrial plant.
For this reason, application of measures relates mainly to ensuring of reliable and safe technical condition preventing the origination of hazardous event itself (e.g., prevention of leak by preventive maintenance) -the so-called preventive measures [33][34][35][36][37]. To reduce the consequences, tools, trying to reduce the extent of damage after hazardous event origination (e.g., sprinkling, extinguishing, alarm sirens) -the so-called reactive measures, are applied. The simplest method often applied in practice on the level of machinery risk assessment and work activities risk assessment is the so-called "risk matrix" [25,26,32,34,37,38]. It could be said that it is a framework method enabling identification of hazardous properties and hazards resulting from them, assessment of risks and their evaluation according to "own" rules considering determined acceptance rate of a reviewer (e.g. organization itself, or its management).
Basis of the method is following the mentioned risk assessment algorithm ( Figure 1). Harmonized standard for machinery construction EN ISO 12100 [19] stems from the assumption that the construction in question may contain certain hazardous properties resulting from its future use: sharp edges, electric parts, thermal sources, ionizing radiation sources, worn parts, liquids, dust etc. Hazard identification (accident scenario description) Step 2 Step 3 Step 4 Step 5 Step 6 Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 1 December 2020 For this reason, in order to make the identification of hazardous situations, which may arise during performance of a given activity in the proximity of the hazardous properties (Step 2 in Figure 1), easier, according to the standard ISO 12100, these hazards are categorized into 10 basic groups: mechanical, electric hazards, thermal hazards, noise and vibration hazards, radiation hazards, material and substances hazards, ergonomic hazards, hazards connected with environment in which the machinery will be used, combination of these hazards.
Risk matrix [38] enables estimation of a probability level of the analyzed hazardous situation, e.g. touching of cutting part when cutting the material and severity of harm -cutting of hand (or even finger cutting-off) in a simple, usually qualitative way. By assigning values to these probability and consequence levels, a framework for risk level estimation related to the respective hazardous property -mechanical hazard, which may arise by performed activity (hazardous situation) when touching the cutting part of machinery (hazardous event) - Table 1, will be created. Table 1. Example of construction "risk matrix" according to algorithm for risk assessment (source: own design).

Estimation of probability (P) and consequence (C), and risk
(Step 3, Figure 01)  Figure 1) The harm after exposure to hazard is almost impossible.

R(3); R(4) Acceptable (ALARP)
It is suitable to accept and/or increase efficiency of measures to reduce the risk level, by reducing the P level or C level.

R(6); R(9) Inacceptable
It is inevitable to immediately take and increase the efficiency of measures to reduce the risk level, by reducing the P level and/ or C level. Table 1 represents qualitative expression, does not further specify frequency or probability of harm, e.g., per year. With methodology applied for assessment of consequences of severe industrial accidents (e.g., SEVESO III Directive), the consequence is expressed mainly by the amount of the affected people (within but also out of plant) and the so-called social acceptability (e.g., 1 death per 1,000 persons) is evaluated [28,[40][41].

Analytical methodology for evaluation of machinery safety
Within the running research, experts from safety field (2 from practice and 3 from university) cooperated on the creation of methodology, the aim of which was, based on risk assessment results of operated machines (for the activities of operators and maintenance according to the own methodology of an organization), with regard to the phase of their operation, to analyze the status and efficiency of current measures on particular equipment, or the total efficiency level of protective/ safety measures taken applied on the equipment in operations (see Figure 2).
Main parameters of the model were the following assumptions: there are n operation machines at each production facility; the number of safety requirements (SR) for machinery safety is m. Then the status of i th requirement ( = 1,2,3, … , ) is assessed on each k th machine ( = 1,2, … , ) by means of implemented suitable safety measures.

Figure 2
Proposal of analytical procedure for the complex efficiency evaluation of machinery safety measures in a production organization

Evaluation of the status of current measures
Current status of safety requirements on an assessed machine is expressed by means of the socalled coefficient of current measure status , , for which holds , ∈ {0,1,2}. The , coefficient represents a categorial variable, which can reach three possible values (see Table 2). Measures for the fulfillment of i th requirement on k th machine are introduced but not followed.

, = 2
Measures for the fulfillment of i th requirement on k th machine are introduced and fully followed.

Evaluation of current measures status in operations or organisations.
Level of measures efficiency ∆ expresses the fulfilment of safety requirements by means of realised measures on k th machine and is expressed by the relation: where n represents the number of machines, m the number of safety requirements and , is the coefficient of current measures status of i th requirement on k th machine.
variable represents the coefficient of maximum reached efficiency of all measures on a given machine and is determined by the relation: where is the number of safety requirements and is the maximum value of measures evaluation, in our case = 2.
Total efficiency level of measures ∆ in the given operation is expressed by the relation where ∆ is the level of measures efficiency in the case of k th machine and n is the total number of machines located in the given operation. Total level of measures efficiency ∆ in the given operation takes on values from the interval 〈0,100〉. For a complex safety level of a given operation conditioned by the status of introduced measures on machinery, evaluation according to the following scale was suggested: • if % < ∆< %, then the level of safety measures efficiency in a given operation is low; • if % < ∆< %, then the level of safety measures efficiency in a given operation is negligible; • if % < ∆< %, then the level of safety measures efficiency in a given operation is middle; • if % < ∆< %, then the level of safety measures efficiency in a given operation is high; • if % < ∆, then the level of safety measures efficiency in a given operation is very high.
If a production organization has p operations, then the complex level of safety measures efficiency ∆ ധ would be possible to be expressed by the relation: where is the number of operations (in our case 3) and ∆ is the level of measures efficiency in the case of j th operation, for which holds the relation where ∆ , is the level of measures efficiency in the case of k th machine in the j th operation and n is the total number of machines within the given operation.

Results
The aim of suggested and applied methodology in order to assess the safety level of machines in a phase of their use was to check the status of the machinery that was operated in a given organization from 1 to more than 30 years. Within the particular operations (3 operations for the production of plastic components, marked I, II, III), there were new as well as older machines, such as automatic or semi-automatic assembly workstations, with one or maximum two control places (loading of components, checking and unloading of ready products).
For the research purposes, a questionnaire was created stemming from the requirements from the Directive on machinery (Annex I), which consisted of 19 safety requirements (criteria) (marked SR), the introduction thereof should efficiently prevent the occurrence of hazardous events and harm (SR1 -SR19 -see Annex A). The experimental research was carried out in several parts: • risk assessment of each machine based on unified methodology in accordance with ISO 12100 (risk matrix -own methodology of an organization), • status evaluation of already established (current) safety measures for each machine according to determined safety requirements (SR1 -SR19) by means of the coefficient of current measures status, • evaluation of the efficiency level of such measures (with regard to the outcomes from risk assessment) for each machine and for each operation, • evaluation of complex efficiency level of introduced protection/safety measures for the whole organization. Each i th safety requirement of the assessed k th machine was assigned the coefficient of current measures status , . The assigned value (0, 1 or 2) was the result of a consensus of 5 reviewers with the aim to decrease the uncertainty rate at subjective deciding (mainly when assessing the safety status of older machines).
The results of status evaluation of current measures in the first assessed operation (17 machines) are shown in Figure 3. The analysis of evaluation shows that in operation I, there is no machinery that would meet all safety requirements (see Figure 3). Each machine met on average only 52% of requirements, where measures were implemented and followed. For almost 39% of requirements, safety measures were introduced but not followed.
For each k th machinery equipment, requirement fulfilment efficiency ∆ is determined according to the relation (1). Total level of measures efficiency ∆ in operation I (marked ∆ ) is determined according to the relation (3). Graphical illustration of current measures efficiency level on 17 machines of operation I is shown in Figure 5. The red horizontal line represents the average value of the total efficiency of current measures in the operation (∆ = 69.66%). Three criteria were analyzed and evaluated in a similar way (criteria, ∆ , ∆) in two further operations: operation II (20 machines) and operation III (23 machines). The basic descriptive statistics of total efficiency of current measures ∆ in particular operations are shown in Table 3. The analysis shows that the total evaluation of current applied safety measures in operation I reaches the value of 69.66% of total efficiency rate, which represents the middle efficiency level of current safety measures.
Operation II reaches the value of 75.66% of total efficiency rate, which represents high efficiency level of measures. On each machine of the operation II, there were on average only 62% such requirements, where measures were introduced and followed. For almost 27% of the requirements, measures were only introduced but not followed.
Operation III reaches only 53.89% of total efficiency level, which means almost lower borderline of the middle level of measures efficiency. On each machine of the operation III were on average only 18% of such requirements, where the measures were introduced and followed. For almost 71% of the requirements, measures were only introduced but not thoroughly followed.
The results of the evaluation of current measures status in the whole organization (total of 60 machines) are shown in Table 4. It can be seen from the results of evaluation that as much as 98.3% (59 out of 60 machines) of machines within an organization met safety requirements SR7 and SR14. On the contrary, safety requirements SR17 and SR18 are not met on any machine in the whole organization, i.e. the requirements for the application of LOTO for machinery were not fulfilled. All machines lacked mainly marking of the way of hazardous energy isolation, methodology for the assignment of LOTO devices for maintenance activities or specific maintenance activities of the operator was not elaborated (even though the organization declared TPM -Total Production Maintenance introduction) [44].
To evaluate the status of machinery safety in the entire organization, a complex efficiency level of introduced measures ∆ ധ (4) was determined, according to safety requirements SR1 -SR19 (see Table 3). Based on the results of applied methodology of efficiency level evaluation of the introduced safety measures on machines and of the evaluation of total efficiency level in the entire organization, it is possible to state that the value of complex efficiency level ∆ ധ is on the value of 65.61%, which means middle efficiency level.

Conclusions
Applied methodology for complex assessment of operated machinery safety level, by expressing its efficiency, made it possible to check the status of the introduced machinery safety measures with regard to the current legislative regulation requirements in three production facilities. By means of evaluation parameters, safety level of a machine itself, safety level of operation (production hall) as well as complex level of safety management of machinery in the whole facility (value of complex efficiency level ∆ ധ ) were checked.
By classifying the efficiency into levels (low, negligible, middle, high, and very high), the basic framework for machinery safety status improvement was created. OH&S managers´ deciding on the effectiveness and efficiency of introduced measures is not always a simple task and requires a suitably applied tool. The methodology in question enables, in future, to complete safety requirements with machinery criticality criterion, which would consider business objectives of an organization (e.g., productivity, quality, efficiency, maintenance costs, etc.).
Another research step in the field of machinery safety will be the analysis and evaluation of new machine readiness status for "Smart productivity / factory" requirements. Machinery safety management systems must be able to react to an attack from the outside so that their functionality is not threatened in the case of requirements for their safety (safety function). Actual trends in machinery design respect, in a minimum rate, the current trends of holistic approach to safety management [45,46] (Safety & Security) using the requirements and principles of ISO/TR 22100-4 (IT security aspects) [47]. For this reason, the objective of further research will be the extension of machinery safety complex assessment by security measures check as an integral part of safety measures on the machinery operated in the so-called Industry 4.0 plants [48,49].

Conflicts of Interest:
The authors declare no conflicts of interest.

SR1
Safeguards or protective devices are a part of the machine which will prevent the operator´s contact with hazards and access thereto -e.g., above, under, around or through. SR2 Guards are fixed to their place on the machine by a system, the removal thereof is required by a tool, preventing from arbitrary manipulation. Safety systems remain connected to guards or machine also after the removal of guards. SR3 The construction of safety guards and protective devices is from sufficiently solid material which meets common operation conditions. SR4 Safeguards or protective devices do not mean any new hazard or do not create conditions limiting machine functionality. SR5 It is not possible to easily defunction or deactivate the guard or protective device.

SR6
Safeguards or protective devices enables a safe installation and/or replacement of tools and safe greasing and maintenance of a machine by access limitation. SR7 The existing guard or protective device are sufficiently resistant to prevent from parts flying away (e.g., material, part of a machine during malfunction). SR8 Safeguards or protective devices are not an obstacle into a view into operation area.

SR9
Special hand tools enable additional protection of employees when placing or removing material from hazardous area. Tools enable simple manipulation with material and eliminate operator´s need of a hand placing into hazardous zone.
SR10 Protective device is located in the adequate distance from the hazardous area so that the operator has no access to hazardous parts of the machine throughout common operation or unusual activity. SR11 Protective devices ensure prevention (elimination or minimization) of operator or other workers touch probability with the machine or its hazardous moving parts.
SR12 The machinery, its part is designed in the way so that fire origination in case of the machine´s overheating and/or explosion triggered by gases, liquids, dust or other substances are prevented. SR13 Machinery parts, around which persons move are designed in the way which prevents slipping, tripping or fall.
SR14 Moving parts of machinery are covered such as e.g., chains, gear boxes, belts, shafts, etc.
SR15 Machinery is equipped with one or several pieces of equipment for emergency stopping, which enable averting of proximate or imminent hazard. Alarm devices and symbols are placed on the machine. SR16 Safety machinery devices cannot be replaced by other devices, e.g., barrier, safety lock throughout the machine operation. SR17 Machinery is equipped with the means for all energy sources disconnection, and they are marked and lockable, in order to prevent harm of person in case of their repeated connection. SR18 When performing maintenance of the machine, additional protective measures of securing or blocking (Lockout, Tagout -LOTO devices) are applied. SR19 There are machine operating instructions in official language of the Commonwealth countries comprehensible for the operator. The operator has attended training, is informed about the content of the operating instructions manual and the residual risks. The operator uses personal protective equipment (PPE) for the activities assigned to them.