Applications of FFTA–HFACS for Analyzing Human and Organization Factors in Electric Misoperation Accidents

: Human and organizational factors (HOFs) play an important role in electric misoperation accidents (EMAs), but research into the reliability of human factors is still in its infancy in the ﬁeld of EMAs, and further investment in research is urgently required. To analyze the HOFs in EMAs, a hybrid method including the Human Factors Analysis and Classiﬁcation System (HFACS) and fuzzy fault tree analysis (FFTA) was applied to EMAs for the ﬁrst time in the paper. HFACS is used to identify and classify the HOFs with 135 accidents, reorganized as basic events (BEs), intermediate events (IEs), and top event (TE), and develop the architecture of fault tree (FT). Fuzzy aggregation is employed to address experts’ expressions and obtain the failure probabilities of the BEs and the minimal cut sets (MCSs) of the FT. The approach generates BEs failure probabilities without reliance on quantitative historical failure statistics of EMAs via qualitative records processing. The FFTA– HFACS model is applied for quantitative analysis of the probability of failure of electrical mishaps and the interaction between accident risk factors. It can assist professionals in deciding whether and where to take preventive or corrective actions and assist in knowledgeable decision-making around the electric operation and maintenance process. Finally, applying this hybrid method to EMAs, the results show that the probability of an EMAs is 1.0410 × 10 − 2 , which is a risk level that is likely to occur and must be controlled. Two of the most important risk factors are habitual violations and supervisory violation; a combination of risk factors of inadequate work preparation and paralysis, and irresponsibility on the part of employees are also frequent errors.


Introduction
According to the National Energy Administration of China [1], there will be around 42 major electric power safety production accidents in China per year. Data from 2019-2020 shows that the proportion of accidents due to human insecurity is about 65%. Electric misoperation is one of the leading causes of power safety production accidents. Operation errors usually cause significant accidents, such as power outages, equipment damage, personal injuries, and the collapse of the power grid. In terms of preventing misoperation, even though the "Electric Industry Safety Work Regulations" has stipulated, and various units have performed a lot of work, misoperation accidents proceed to occur frequently.
A human error caused the Colombia blackout in 2007 in the 230 kV Substation Protection; the operation of the protection scheme of a coupling switch between the busloads caused a cascading outage in the transmission system [2]. The Florida blackout in 2008 was also caused by a human error when a protection and control engineer manually removed the primary protection and the breakdown protection (secondary protection) from the service for an energized piece of equipment [3]. Between 2003 and 2016, China Southern Power Grid alone announced approximately 150 EMAs. Many EMAs show that personal injury and death caused by electric shock and electric equipment accidents are commonly related to the failure of electric workers to comply with the "Electric Safety Work Regulations". Static textual safety regulations and accident reports cannot play a function in accident prevention. Human error is the outcome, not the cause [4]. Organizational and management deficiencies have been the most critical potential cause behind most human errors that directly or indirectly lead to catastrophic accidents [5]. However, in the power system, there are few studies on the reliability analysis of human factors and organizational factors. Wu [6] pointed out the conclusion that human factors reliability research in the field of power transmission and transformation is mainly confined to qualitative research and the development of corporate safety regulations yet, with relatively little quantitative research, and that there is an urgent need to combine research results from other fields to carry out related research work in greater depth. Because of these facts, it is necessary to implement a proactive and comprehensive accident prevention scheme for EMAs to identify and analyze the HOFs.
Over the last several years, the HFACS has received extensive research attention as a valid and reliable tool in human factors accident analysis [7][8][9] and has been successfully utilized in a variety of safety-critical and tightly-coupled industrial settings which have experienced massive catastrophic losses due to human errors and organizational failures [10]. HFACS proposes a hierarchal structure of the system, divided into four levels, with active failures at the lowest level and latent failures at the three higher levels. HFACS can cover almost all aspects of human factors that lead to accidents, from unsafe acts of frontline workers to the root causes behind these acts.
Despite its unique capabilities as an effective tool to identify and classify the HOFs in accident investigation, HFACS has been criticized for the lack of quantitative analysis and the complex interdependencies among causal factors and reasoning [11,12]. Wang et al. [13] agreed that quantification would enhance the analytical capabilities of the HFACS and make it feasible to gain deeper insight and more substantive and objective analysis during accident investigations. Hence, fault tree analysis (FTA) is used to enhance the quantitative expression ability of HFACS and clarify the degree of complex dependence between related factors.
FTA is a quantitative and qualitative evaluation technique that identifies events as TEs and systematically arranges all the causes of errors in a top-down structure that looks like a tree to calculate the probability of the top event occurring [14]. In a conventional FTA, the BEs are represented by probabilities (crisp numbers). It assumes that the exact probability of the event has been given and adequate failure data is available. However, many modern systems are highly reliable, and it is often complicated to obtain sufficient statistics to estimate actual failure rates or failure probabilities. Moreover, the inaccuracy of system models resulting from human errors is tough to handle by simply using a conventional probabilistic reliability theory. These fundamental problems with probabilistic reliability theory have prompted researchers to find new models or new reliability theories which can complement the classical probabilistic definition of reliability. Misra et al. [15] believe that when there is little quantitative information about parameter fluctuations, fuzzy methods may be the only option, and the probability of BE will be characterized by fuzzy numbers. Therefore, the fuzzy fault tree analysis was developed to deal with such issues. Singer [16] used L-R type fuzzy numbers to analyze fuzzy reliability. Shu et al. [17] used intuitionistic fuzzy methods to analyze fault trees on a printed circuit board assembly. Yin et al. [18] proposed an FFTA approach based on the similarity aggregation method.
The FFTA-HFACS method has been applied in many fields. Its differences are mainly reflected in fuzzy algorithms, the constructed fault tree, and the angle of accident analysis. Rajakarunakaran et al. [19] applied FFTA-HFACS to hydrocarbon refueling stations for the first time, revealing that gas station accidents are associated with overfilling, drain valves, liquid outlets line, and vehicle impact. Qiao et al. [20] proposed FFTA-HFACS to evaluate human factors that contributed to maritime accidents. FFTA-HFACSA was used by Sarıalioglu et al. [21] to examine the causes of fire-explosion accidents in ships.
However, to the best of our knowledge, there is no research on applying the FFTA-HFACS method in analyzing the HOFs of EMAs.
The motivation of this study is to develop a flexible EMAs analysis model by incorporating FFTA into the HFACS. Based on the FT framework, fuzzy aggregation is used to form a fuzzy fault tree. Its purpose is to convert the BE qualitative data expressed by the expert's subjective evaluation of the failure possibility into a fuzzy number operation format, thereby converting the fuzzy number into a single scalar, which is used to generate the BE failure probability and further evaluate the occurrence probability of the TE. There are several aspects to the originality of this study: (i) the first application of FFTA-HFACS method in the analysis of EMAs to identify and analyze the HOFs, (ii) aggregating experts judgments for BEs of EMAs with vague failures, (iii) ranking the MCS of FFT, thereby achieving the systems reliability measures. The FFTA formed by fuzzy aggregation exhibits two advantages: (i) an ability to use expert opinions expressed in linguistic terms to evaluate EMAs' BEs; (ii) an ability to capture the subjective and imprecise factors of specialist linguistic assessments. This paper is organized as follows: Section 2 introduces the implementation framework of the FFTA-HFCAS model, and Section 3 describes the proposed methodology in detail. Section 4 demonstrates the application process of FFTA-HFACS in EMAs to confirm the applicability and flexibility. Finally, some conclusions and suggestions are presented in Section 5.

The Framework of the Study
It is well known that China is at the leading edge of power system technology. However, there is still relatively little research on the human factors reliability analysis of power safety production. Li et al. [22] identified "fatigue" as the main cause of human accidents in power grid enterprises based on the HFACS and grey correlation method. Liu et al. [23] used correlation rule analysis, exploratory factor analysis, and Pearson correlation analysis to mine eight behavioral formation factors in nuclear power plants and found the correlations among the factors of "complexity", "stress", and "available time". Liu et al. [24] conducted a chi-square test and concession ratio analysis on the human factors of power production accidents to speculate on their causal relationships. The above scholars, based on accident data, have used traditional statistical methods to analyze the important risk factors for accidents. It is able to partially respond to the causes of accidents, but the traditional statistical approach itself suffers from independent assumptions and requires high data integrity.
Other academics are beginning to integrate accident data and expert assessments to make an assessment of accident risk. Tang et al. [25] proposed a fuzzy weighted cognitive reliability and error analysis method (CREAM) to quantify the probability of human error in power operations. Lu et al. [26] proposed a quantitative analysis method for the human operational reliability of power grids based on the CREAM model, with expert weights and model input data determined by expert scoring. While these scholars have combined the expert opinion and also used fuzzy set theory methods, they have only quantitatively assessed accident failure probabilities and have not bothered to explore the coupling relationships between accident factors.
This work applies the FFTA-HFCAS model to analyze the HOFs in EMAs. The proposed analytical model is the first of its kind to be applied to the field of electrical production safety. This method not only analyses the important risk factors for electrical mishaps from traditional statistical methods, but also combines expert empirical assessment, using fuzzy set theory to generalize the subjectivity of experts and quantify the probability of failure and the interaction between accident risk factors.
The framework of this work is shown in Figure 1. (1) Data collection. Reliable EMAs data forms are the basis of accident analysis studies.
In the present study, 135 typical EMAs of China Southern Power Grid from 2003 to 2016 were selected to establish an accident database. The 135 EMAs reports described the background of the accident, the cause of the accident, the exposed problems, and the preventive measures that will be taken in the future, which provide an excellent reference value for the study of this article. (2) HFACS structure. The preliminary HFACS, a model, set up for aviation, originated from the Reason's "Swiss Cheese" model, which emphasizes the organizational dimension of accident causation [27]. The four levels of the HFACS framework including unsafe acts, preconditions for unsafe acts, unsafe supervision, and organizational influences, used today were expanded by Shappell et al. [28]. Each level consists of a set of sub-levels, and each sub-level has classification codes, known as nano-codes. Because of its unique features, various versions of HFACS have been used as a valuable and reliable tool for identifying and analyzing human factors in a wide range of other domains, such as HFACS-MI for mining [29,30], HFACS-RAs for railways [31], HFACS-MMO for marine engineering, HFACS-CSMEs for the chemical industry [32], and so on.
In this stage, the accident report, expert knowledge, and literature review can be summarized, and the causes of EMAs are transformed into levels in the HFACS hierarchical structure [33].
(3) Statistical analysis. The Statistical analysis method for the HFACS framework is also an effective method to mine data law. Hinrichs et al. [34] counted 368 causal factors in the HFACS framework in maritime shipping and found that the technical environment had the highest frequency and identified it as a prerequisite in the preconditions for the unsafe acts category. Batalden et al. [35] used the HFACS framework to calculate the proportion of causal factors in marine accidents in the UK and found that the hidden conditions of accidents account for 72% of the total. Kim et al. [36] conducted a frequency analysis of the risk factors in the HFACS framework of nuclear power plants and found that there are potential hazards of insufficient employee knowledge and insufficient training among the organizational factors.
In this stage, through the construction of the HFACS framework, the HOFs related to EMAs can be analyzed and classified into the corresponding levels of HFACS. The total frequency of these factors can be counted, and traditional statistical analysis also can be performed.
(4) Fault Tree Modeling. FTA originated from the aerospace industry and was adapted by the nuclear power plant industry to qualify and quantify the risks [37]. FTA is a technique widely used to assess the safety and reliability of safety-critical systems, such as the analysis of tunnel boring machine accident [38], the risk assessments of collision and grounding accidents [39], and the fire risk assessment in the natural gas industry [40]. The typical FT consists of TE, BEs, IEs, and gates. TE is the root of the FT; BEs are the leaves of the acyclic graph, which cannot be decomposed anymore; IEs are represented by BEs and other IEs through a combination of logic gates; gates usually refers to Boolean connectors, AND and OR are used most frequently.
In this stage, the HOFs of EMAs analyzed by the HFACS are converted into main elements to construct a fault tree. The main elements of a fault tree can be classified as TE, BEs, and IEs [41,42]. The FTA method is used to determine the relationships between the HOFs in the system [43].
(5) Fuzzy aggregation analysis. It is often difficult to accurately and quantitatively analyze the failure probability of systems and components. In other words, a crisp method is difficult to convey the inaccurate or vague nature in system modeling to express the failure rate of system components [44]. In this case, therefore, an approximate estimate may be required. Fuzzy set theory, introduced by Zadeh in 1965 [45], is a rigorous mathematical framework for the precise and rigorous study of fuzzy conceptual phenomena and is well suited to deal with fuzzy relations, fuzzy criteria, and fuzzy phenomena [46]. Tanaka et al. [47] pioneered the study of the use of fuzzy set theory in FTA, treating the probability of BE as a trapezoidal fuzzy number and applying the principle of fuzzy expansion to determine the probability of TE. In response to this work, further research was carried out by Misra et al. [48] to give other forms of FFTA. Subsequently, variants of FFTA have been widely used in accident analysis, for example in the petrochemical process industry [49], in power transmission grids [50], and in combustion engineering reactor protection systems [51].
In this step, a FFTA model is also used with a fuzzy algorithm called Fuzzy aggregation analysis. The purpose of this stage is to fuzzify, aggregate, and defuzzify the expert's linguistic assessments of EMAs' BEs to obtain the failure probability of the BEs. Then, according to the logical relationship between the failure probability of BE, the failure probability of EMAs' TE is derived [52].
(6) Ranking the MCSs of FT. A cut set (CS) is a group of one or more BEs. The MCS is a CS without any further simplification and is the shortest path that constitutes TE. Therefore, the analysis of MCSs can help researchers gain insight into the importance of each possible pathway of the TE occurrence [53]. (7) Analysis and evaluation of the effects. Integrate the analysis and calculation results of the above stages, evaluate the efficiency of the HOFs related to EMAs, and propose measures to reduce and eliminate accidents. The calculation principles and implementation process of the methods involved in the above steps will be explained in detail in the next section.

Human Factor Analysis and Classification System (HFACS)
In this study, a modified version of the HFACS proposed for the EMAs, called HFACS-EMAs, is used. Like the original HFACS version, HFACS-EMAs also has four primary levels but differ on the sub-levels and nano-codes. Figure 2 depicts the HFACS-EMAs framework.

Fault Tree Analysis (FTA)
FT provides a framework by which to undergo a thorough qualitative and quantitative evaluation of the TE.

The Quantitative Analysis
FT quantitative analysis is to calculate the occurrence probability of the TE if all the failure probabilities of the BEs are available. The FTA method is based on Boolean logic [54], and the calculation of FT uses Boolean mathematics [55]. An FT can be modeled by a set of AND gates and OR gates connected between BEs and IEs. The AND gate and OR gate with m BEs are given in Equations (1) and (2), respectively: where Q j (t) is a probability of failure of BE j (j = 1 to m), Q(t) is probability of failure of the top gate event due to all BEs. Each MCS represents a combination of some BEs, which may cause the TE. It is assumed that all the r BEs in the CS j are independent; the probability that the CS j fails at time t is: where Qr(t) is the probability of failure of BE r (r = 1 to n) leading to CS, Qo(t) is the probability of failure of CS o due to all BEs. The probability of the TE failure is determined by Equation (4).
where Q o (t) is the probability of failure of CS o (o = 1 to k), Q TE (t) is the probability of failure of TE due to all CSs. If the r BEs in the CS j are not independent, the probability of the TE failure in a complex system will become extremely complicated, and Equation (4) cannot find an accurate solution. However, generally, the approximate solution is still obtained by Equation (4) [56].

The Qualitative Analysis
The FT qualitative analysis can find out possible failure paths leading to the TE and identify the weakest link in the system. The qualitative research mainly analyzes the MCSs of FT. The more MCSs, the more dangerous the system is [57]. In the FTA, the Fussell-Vesely importance measure (FV-I) method is commonly used to determine the significance value of the BEs and MCSs forming the TE [58]. The FV-I method is calculated as follows: where is the occurrence probability of MCS i, and Q S (t) is the occurrence probability of the TE due to all MCSs.

Fuzzy Fault Tree Analysis
In traditional FTA, the occurrence probabilities of BEs are numerical values. Using this structure because of insufficient data and high uncertainty, it is generally impractical to obtain an accurate estimate of the occurrence probabilities of BEs. In such ambiguous cases, the 'fuzzy logic' strategy can be used. The probability value of each BE is expressed in fuzzy numbers obtained from expert views. This is the main reason why FT has been extended into an FFT [59]. The FFTA mainly comprises the following steps.

Domain Expert Evaluations
The failure probability of EMA's BEs needs to be evaluated by experts. Expert judgment methods have been widely adopted in different fields, including risk analysis, accident investigation, decision examination, and so on [60]. In practical applications, experts may have varying degrees of professional knowledge, background, and working experience. They may show different views on the same events and provide various assessments subjectively. Therefore, a weighting coefficient is introduced to represent the relative quality of various experts.
According to the actual situation of the substation, modify the expert's weighting scores calculation table proposed by Renjith et al. [61], and Table 1 can be obtained. Refer to Table 1, using Equation (6) to calculate the expert's weighting coefficient.
where WEI i is the ith expert's weighting coefficient, SCO i is the ith expert's total score, SPP i is the ith expert's professional-position score, SEC i is the ith expert's education-level score or competency score, and SPE i is the ith expert's professional-experience score.

Fuzzification
The expert judgment rating can be assumed in linguistic terms, which are used for soliciting expert opinions for each BE. Studies have shown that the suitable number of linguistic term selections for humans to make appropriate judgments is between 5 and 9 [62]. In this study, a linguistic scale consisting of seven terms is used to solicit opinions from experts on BEs with unknown error rates. The linguistic scale used to evaluate the failure probability of BEs included the terms 'very high', 'high', 'medium high', 'medium', 'medium low', 'low', and 'very low'.
After obtaining the expert linguistic terms of BEs, a triangular fuzzy number (TFN) is used to determine the occurrence probability values of BEs. A TFN represents a triple set of fuzzy probability values (a 1 , a 2 , a 3 ) of a BE. The corresponding relationship is shown in Table 2. The membership function of the TFN can be calculated as follows: where A is TFN (a 1 , a 2 , a 3 ), µA(x) is the membership function.

Aggregation
For the failure probability of each BE, different experts have made a separate subjective linguistic evaluation, which needs to be integrated to generate the final quantitative data. This study uses the fuzzy aggregation analysis algorithm proposed by Hsu and Chen for aggregation [63]. The fuzzy aggregation analysis algorithm is implemented by the following steps.
Step 1: Calculation of the degree of similarity (S) where S uv ( E u , E v ) is the degree of agreement for different opinions between expert E u and E v , E u = (a u1 , a u2 , a u3 ) and E v = (a v1 , a v2 , a v3 ) are represented as two TFNs (u = v).
Step 2: Calculation for the average agreement (AA) degree for each expert viewpoint where AA(E u ) is the AA degree of expert E u , U is the total number of experts.
Step 3: Calculation for the relative agreement (RA) degree for each expert viewpoint where RA(E u ) is the RA degree of expert E u .
Step 4: Estimation of the consensus coefficient (CC) for each expert where CC(E u ) is the CC of expert E u , WEI(E u ) is the weighting coefficient of expert E u , β (0 ≤ β ≤ 1) represents the importance of WEI(E u ) over RA(E u ). In this study, β = 0.5 was considered [64].
Step 5: Calculation for the aggregated results of the experts' viewpoints where R AG is the aggregated result value, and it is a fuzzy number.

Defuzzification
When fuzzy ratings are incorporated into an FTA problem, the final ratings are also fuzzy numbers. To determine a clear rating, R AG must be converted to a crisp score, named fuzzy possibility score (FPS). Defuzzification methods include 'mean-max membership', 'center of sums', 'weighted average method' [65]. In this study, due to its simplicity and ease of understanding, 'center of area' method was used to calculate the R AG of BEs.
For the R AG = (c 1 , c 2 , c 3 ), the equation is as follows: where R AG is the FPS of R AG .

Occurrence Failure Probability Generation
In some cases, due to the uncertainty of the data, it is impossible to find the failure probability value. This problem can be resolved by converting the FPS to a 'failure probability' (FP) form, which was proposed by Onisawa [66]. The conversion formula is as follows: At this point, the failure probability of BEs can be thoroughly calculated. The failure probability of TE can also be derived from the BEs through the logic gate relationship in the constructed FT.

Application and Discussion of the Methodology
The proposed analysis procedure can be briefly divided into two stages: (i) one in which the HOFs identification and classification were conducted using the HFACS; (ii) one in which the FFTA was applied to EMAs to conduct a comprehensive risk analysis. The programming of the program calculation involved in the analysis was completed based on the MATLAB 2020b platform.

Classification Process
To construct the HFACS-EMAs framework, first, it is necessary to identify the HOFs involved in the accident occurrence by collecting detailed data and conditions. Benefited from reports recorded by China Southern Power Grid, the construction of the HFACS-EMAs framework is relatively easy.
A total of 119 factors were used in the classification process, with a total frequency of 1187. According to the HFACS-EMAs framework, Figure 3 shows the distribution of these factors at the four levels of HFACS-EMAs, and Figure 4 shows the distribution of sub-categories. The coding for each level of the HFACS-EMAs is given in Appendix A.

Discussion of Distributions
It can be seen from Figure 3 that Level 2 has the most significant frequency ratio, reaching 47.33%, followed by Level 4, reaching 18.20%. Moreover, from Figure 4, in the sub-level, the frequency of unsuitability of 'Quality and ability' is the highest, reaching 19.45, the second is 'Organizational process', reaching 14.36%. Moreover, 'Quality and ability' belongs to Level 2, 'Organizational process' belongs to Level 4. From a macro level, it is not difficult to think that Level 2 and Level 4 are important potential factors that cause EMAs.
As can be seen from the Appendix A, at a more detailed level, 'Inadequate guardianship/supervision' has the highest frequency, reaching 80 times, followed by 'Paralyzed thinking, irresponsible', 'Low-security awareness', 'On-site safety production management is not in place'. Therefore, the detailed factors that lead to the occurrence of EMAs are more concentrated on the employees themselves and organizational management.

Fault Tree Development
To construct a FT diagram, it is necessary to determine TE, IEs, and BEs, and establish the cause-and-effect relationship between these events using logic gates. In this study, considering accident reports, expert evaluations, and comparable studies, TE, IEs, and BEs can be transformed from the aforementioned HFACS-EMAs framework, and the final FT is illustrated in Figure 5. The TE of the FT is EMAs, and the connection with the TE is the 'Misoperation' and 'Illegal operation', because both of them will lead to the occurrence of the accident directly. The BEs are the nano-code from Level 2 to Level 4 in HFACS-EMAs (Appendix A), and the IEs are composed of a logical combination of BEs (Table 3).

Domain Expert Evaluations
The evaluation effect of experts is crucial to scientific conclusions. It is generally preferred to select a heterogeneous group with different experiences and various viewpoints as the composition of the expert group. In the present study, a heterogeneous group of experts was selected to calculate the impact rate of BEs in EMAs, and 11 power systems were employed to judge the HOFs. Refer to the expert weight scores listed in Table 1 and Equation (6) to calculate the expert's weighting coefficient, and the results are shown in Table 4.

Fuzzification and Aggregation
The expert group used the language measurement scale in Table 2 to evaluate each BE, and the results were given in Table 5. In the aggregation stage, BE5 was selected as an example. The S values (Table 6), the AA values, the RA values, and the CC values (Table 7) of the BE5 were calculated using Equations (8)- (11). As a result of these calculations, according to Equation (12), the aggregated result value of the BE5 was found to be (0.7565, 0.8219, 0.8873).  (13) to convert R AG to R AG (FPS), and then use Equation (14) to generate failure probability (FP). The FP of all BEs is presented in Table 8. The BE with the most enormous FPS (FP) was BE5, with a value of 0.8215 (4.1486 × 10 −2 ). The BEs with the second and third most significant FPS (FP) were BE7 and BE10. If the FP value of all BEs is known, the FP value of the TE can be calculated. The probability values of the BEs obtained from the fuzzification to the probability-generation stages were placed in the FT, finding the MCSs of FT and using Equation (4), and the probability value of the TE was calculated. In this study, the FP value of the TE was found to be 1.0414 × 10 −2 .
Apply Equation (5) to analyze the importance of the MCSs obtained from FT in Figure 5. In this study, there were a total of 22 MCSs for the TE. The FV-I values and rankings of the MCSs are given in Table 9.

Discussion of the Results
From Table 8, it can be obtained that the failure probability of electrical misoperation accidents is 1.0414 × 10 −2 . Compared with the 5.6E-03 probability of an electricity maintenance accident [50], the probability of occurrence of EMAs is relatively higher. Because this article not only considers the misoperation of maintenance but also considers the misoperation, it considers not only the human factor but also considers the organizational factor. Compared with the 7.401 × 10 −2 probability of occurrence of fire-explosion accidents in ship engine rooms [21], and the 4.823 × 10 −2 probability of occurrence of LPG release accidents [19], the probability of occurrence of EMAs is relatively tiny. However, they belong to the same quantitative level. According to the "Safety Production Risk Management Measures" promulgated by various provinces in China [67], the probability of an accident between 0.01 and 1 is a very probable accident and must be controlled. It is confirmed once again that the accident analysis and prevention work of EMAs is meaningful.
In this study, the cut-set analysis method of FFTA was used to identify non-conforming items or combinations of non-conforming items that led to the occurrence of TE. It can be seen from Table 9 that Cut Set BE8 (Habitual violation) and BE14 (Supervisory violation) are among the top two, and violations by employees and commanders will directly lead to infractions. There are strict "two votes, three systems" rules and regulations for electricity production, but they are often ignored. Luo [68] deliberately summarized a number of ways in which the "two votes, three systems" had been violated. Wang [69] concluded that 70% to 80% of man-made operational accidents in power systems are directly linked to violations. This result obtained in this study is more in line with reality.
The weakest cut set combination is the BE12 (Work preparation) and BE5 (Thoughts are paralyzed, work is sloppy and irresponsible) combination. It is necessary to avoid the team's work preparation before the operation, especially the explanation of dangerous points and the arrangement of safety measures, which occur at the same time as the paralysis and irresponsible thinking of the operators. Gruenefeld et al. [70] pointed out that human error mostly occurs due to a general lack of situational awareness among personnel. By not explaining the dangerous points before the operation and by not placing safety measures in place, the operator will lack situational awareness of their area of operation and the risk of accidents. At the same time, paralysis in the operator's mind and taking things for granted will inevitably lead to accidents and even loss of life [71].
Assuming that measures are taken to eliminate the inappropriate items of BE12, the incidence of TE will be reduced to 1.0163 × 10 −2 , and the risk will be reduced by 2.42% compared to the original. Similar analysis can be performed for other MCSs relations. Figure 6 shows the percentage value of the accident risk that can be reduced by eliminating any BE. This method is used to find out all possible causes of EMAs, as well as the most critical factors and weakest links that affect the reliability of the system so that these critical events can be paid attention to in daily operations in order to manage and control risks more effectively. Although the factors that caused the accident cannot be entirely eliminated through the FFTA inspection and evaluation, the risk of the accident can be minimized by taking preventive measures.

Conclusions
In this study, a hybrid model based on the HFACS and FFTA was used in the EMAs. The HOFs of EMAs were classified using the HFACS structure, and the formation process of accidents was revealed through the application of FFTA. According to the results, the following issue can be concluded: i.
The roots of human and organizational errors in EMAs were identified and predicted based on the form of four levels of the HFACS method. The number of fundamental causes (more detailed level) detected at the level of the unsafe acts is 26, the preconditions for unsafe acts level is 62, the level of unsafe supervision is 12, and the level of organizational influences is 19. ii.
Using the FTA, a logical relationship between identified causes and human and organizational errors was constructed. 20 roots were identified as the BEs for the TE. iii.
The results of calculating and analyzing the probability of occurrence of EMAs using FFTA reach 1.0414 × 10 −2 . iv.
The ranking of the MCSs showed that by controlling the occurrence of the BEs that constitute the MCSs, the occurrence of EMAs would be reduced.
As for the method itself, it has the following two advantages: (a) When quantitative historical fault data is scarce or unavailable, fuzzy logic can process qualitative data. (b) The use of linguistic values in system reliability assessment can express expert opinions intuitively and conveniently.
Although FFTA-HFACS has the above merits, it also has the following limitations: (1) FTA is the conversion of a physical system into a structured logical diagram [72] and, therefore, also requires certain incident scenarios for the construction of the incident tree structure. (2) The successful and exact application of this method still relies on the estimation of the probabilities of the BEs. Therefore, experts with extensive knowledge and experience should be consulted [18].
In light of above, further research can be conducted: • The FFTA-HFACS hybrid approach can quantitatively assess the probability of failure and significant accident risk or a combination of their accident risks, but it lacks an explanation of how accident risk affects the occurrence of an accident. This is an issue that is well worth investigating.

•
In this study, the MCS was artificially identified as an accident critical risk and its elimination would improve the reliability of the system. However, it has not yet been considered what measures can be taken to eliminate the MCS, and in this regard, the use of multi-criteria decision making (MCDM) may be a good idea in the future [64].
Author Contributions: C.L. and Q.X. contributed to paper writing and the whole revision process; Y.H. contributed to paper editing. All authors have read and agreed to the published version of the manuscript. The assistance of various departments is poor 4 The reward and punishment system is not perfect, and the assessment is not detailed 5 Not executed as scheduled 5