1. Introduction
Operational risk assessment has the potential to play a significant role in short-term transmission-system planning, at time scales from less than an hour up to several days. Existing deterministic operational security assessment techniques use the so-called “N-1 criterion” in which all the contingency cases are treated as equally likely and equally severe events. The system is “N-1 secure” if it can handle any single component outage without interruption of load. The use of this criterion poses unnecessary limitations during periods with low component failure rates; on the other hand, it leads to an underestimation of the risk during periods when components have a high failure rate. Moreover, the N-1 deterministic method does not consider local conditions, e.g., adverse environment and geographical locations in the contingency list [
1,
2]. The limitations of the existing methods for maintaining operational security were also the base for the development of alternative methods in the GARPUR project [
3,
4,
5,
6], in which a number of European transmission system operators (TSOs) played a major role.
The “operational risk assessment” does not have these shortcomings, as was also clearly confirmed by the GARPUR project [
7,
8,
9,
10]. Operational risk assessment, as further introduced in
Section 2.3, incorporates the stochastic aspect of the operational security through the probability of occurrence of a contingency case; it incorporates the impact through a severity factor, which could also be stochastic. The quantified operational risk holds for a specific period into the future, which is referred to as lead-time [
2,
11,
12]. This stochastic operational security technique can also incorporate the adverse environmental uncertainties in the contingency analysis.
The operational risk could act as a decision criterion, either by itself or next to deterministic criteria, for recommended action to maintain the operational security of a transmission network.
At the European level, requirements regarding the use of stochastic methods are being set by the regulatory organizations. The European Parliament requires the use of stochastic methods for adequacy assessment [
13]. In recent feedback to a document from the European transmission systems operators (ENTSO-E), the European agency for regulation of power transmission systems, ACER, has stated clearly that the stochastic method is needed for long-term planning [
14,
15]. Furthermore, ACER is also moving towards requiring the use of stochastic methods for operation of transmission systems. In a 2019 decision, it is stated that TSOs should come up with a proposal for such a methodology by the end of 2027 [
16,
17].
A stochastic method for power system operation was first used in the 1960s for the operational planning of the amount of spinning reserve in the interconnected system of Pennsylvania, New Jersey and Maryland (PJM) [
18]. This “PJM method” is applied to the transmission system by including transmission line failures [
19].
The operational risk assessment requires, in theory, calculating the probability of occurrence of all contingency cases within the lead time and the calculation of a severity factor for each contingency case (as explained in
Section 2.3). For realistic systems, the number of possible contingency cases would be far too many to all be included in the calculation. Especially for shorter lead times, the computation of operational risk has only a limited time available, so “filtration of the contingency cases” is required. A significant amount of work has been conducted on this filtration. References [
20,
21,
22,
23] concentrate on the development of an algorithm to select the most influential contingency cases based on the overload impact; also, various contingency filtration techniques are investigated.
A large amount of work has also been conducted on stochastic models for components and systems. In [
24], probabilistic aspects are incorporated in steady-state contingency analysis; the contingency case is considered a random variable under generation and loading uncertainties. It is proposed in [
24] that this could be deployed for online security monitoring purposes. In [
25], contingency ranking is used for first- and second-order contingencies through a probabilistic performance index. In [
26] a “real-time contingency analysis” is performed to select the most influential contingency case based on the thermal limit violation. In [
27], contingencies that consider the voltage impact are ranked based on a severity index. In [
28], a “graph-theory approach” is deployed to select the most critical contingency case based on thermal limit violation. In [
29], a “three-level harm-estimation-decision tree (HEDT)” approach is used to filter out the cascaded contingency case.
However, coming to broad application of ORA, as envisioned by ACER and by researchers like those in the GARPUR project, requires some barriers to be overcome. Some of those barriers were summarized in [
11].
The first one is a lack of standard definitions of severity factor. Several definitions are used in research studies, but there is no commonly used set of definitions. Such are needed for a TSO to compare and interpret the results and to exchange information related to operational risk with other operators, for instance, for benchmarking.
The second potential barrier is the absence of criteria to identify the permissible risk level in the grid; in other words, when does the operational risk become so high that mitigation actions should be taken?
The third major barrier is the lack of methods to decide which mitigation methods are needed to reduce the operational risk once that risk is perceived as being too high. Method are needed for presentation and detailed analysis of operational risk results; for example, efficient ways to visualize the operational risk data.
A fourth barrier is the lack of data on instantaneous failure and repair rate.
All these barriers need to be removed. There is a strong link between the first two barriers, as acceptable risk levels depend strongly on the definition of severity factor, as explained in
Section 2.3. The last two barriers can be removed mostly independently from the first two. This paper addresses the third challenge by identifying the available results after the operational risk assessment and by proposing two methods to present those results in graphical ways for easy interpretation. Such visualization of the results will assist the TSOs in taking meaningful remedial actions to reduce the operational risk. A limited amount of work has been conducted on contingency data visualization from the operational risk point of view. For instance, in [
30], a risk-based method is used to visualize and identify the risk level of the power grid based on various operational constraints. The energy management system (EMS) usually presents contingency analysis data in a tabulated form. In [
31], contingency analysis data are presented in a three-dimensional form. However, in this way, the contribution of an individual contingency to the operational risk cannot be identified. In [
32], a real-time interactive visualization tool is used to analyze contingency cases.
The contributions of this paper can be summarized as follows:
The systematic identification of the data available after an ORA, as the base for making a decision, and the way in which this differs from the data available from the conventional (N-1) approach to operational security. This is addressed mainly in
Section 3.1.
The proposal of graphical methods to visualize the results of operational risk assessment of a transmission system. Those graphical presentations can be easily interpreted during the operational stage. The methods are introduced in
Section 3 and their application is illustrated in
Section 4.
The proposal of a heat-map that assists the TSOs in visualizing the contribution of individual contingencies to the operational risk and which potential component outages have the biggest impact on the operational risk. This method is introduced in
Section 3.2.
The proposal of a risk-based contingency chart that provides information to TSOs on the relative severity and probability of individual contingency cases for a specific operational state. This method is introduced in
Section 3.3.
The graphical methods present information on the probability of occurrence, severity factor and their product (the contribution to the operational risk) for all (N-2) contingency cases. The graphical methods are illustrated using four different definitions of the severity factor for the IEEE 39-Bus example network represented in
Figure S1.
The rest of the paper is organized as follows:
Section 2 introduces the steps for quantification of operational risk, including data for individual contingencies;
Section 2.1 describes the component unavailability model, and the method used to calculate the probability of contingency cases;
Section 2.2 describes the considered severity factor definitions;
Section 2.3 summarizes the mathematical definition for operational risk. Together with the definitions of severity factor, this is applied to different operational scenarios in the IEEE 39-Bus network (refer to
Figure S1); those operational states are described in
Section 2.4. The models introduced in
Section 2 do not aim to present a complete state-of-the-art operational risk assessment for a realistic operational state in a realistic system. Instead, the models and system are aimed at creating a data case that can be used to illustrate the proposed visualization methods.
Section 3 describes the proposed graphical ways of visualizing the operational risk results: heat-map in
Section 3.2 and risk-based contingency chart in
Section 3.3.
Section 4 shows the use of these graphical methods, i.e., for each considered severity factor.
Section 5 discusses some of the further work that is needed for application of methods like the ones proposed in this paper.
Section 6 lists the recommendations resulting from this work and
Section 7 gives concluding remarks.
2. Contingency Computation and Analysis under Different Operational Scenarios
In this section, the contingency probability is calculated based on a component unavailability model. Operational risk assessment under different operational scenarios is introduced. Various ways to visualize the contingency-level results of the operational risk assessment are proposed.
2.1. Component Unavailability Model
Failure rate and repair rate are the main constituents of component unavailability
given by (1), where it is assumed that the component is known to be available at time zero.
Under consideration of small lead-time , i.e.,
), the exponential term of (1) can be approximated as (2).
Which further simplifies into (3).
In this study, to quantify the component unavailability
, the failure rate (
of each component is selected between 0.01 and 0.1 (failure/hour); the lead-time is equal to 10 h. The deployed component unavailability model is according to (3), where
is the component unavailability;
is the failure rate of the component and
is the lead-time. The component unavailability of the two components, with failure rate
and
, involved in a second-order contingency, is computed with the help of (4) and (5).
The probability of a contingency occurring, i.e., both components’ unavailability within the lead-time, is computed through (6).
2.2. Contingency Analysis and Considered Severity Factor
As depicted in
Figure 1, after computation of the component unavailability, the probability of contingency is calculated and then contingency analysis is conducted, including all N-2 contingencies. In this study, failures of transmission lines, transformers and generators are considered for the contingency definition.
After performing contingency analysis, i.e., studying the transmission system for all cases when two components are unavailable, the impact of contingency cases is quantified in terms of severity factors. To calculate the severity factor
network studies are required [
33]. In this study, four types of network studies are carried out, which correspond to four different severity factors.
Overvoltage;
Extreme loading;
Undervoltage;
System collapse.
For instance, the contingency (i.e., the loss of two components) will typically result in an increased loading for transmission lines and transformers; overload may occur because of this. The severity factor for extreme loading is quantified as the actual loading during the contingency case as a percentage of the component loadability. When the actual loading is less than the loadability, the severity factor equals zero. Otherwise, the severity factor is the actual loading value. This actual loading is considered in terms of a loading continuous (%L.C) which is the loading data given by the power-system analysis package Power-factory. A contingency case may also result in overvoltage or undervoltage. The severity factor for undervoltage or overvoltage is quantified as the voltage step, i.e., the difference between the base voltage (voltage before the contingency) and the voltage at different buses during the contingency. The voltage step is expressed in per-unit (p.u.). The severity factor for system collapse is quantified through non-convergent contingency cases and expressed as a percentage (%).
2.3. Quantifying the Operational Risk
The following general definition of operational risk is used in this study (7):
where the contribution of a contingency
to the operational risk is expressed as:
By obtaining i.e., the probability of contingency from (6) and the severity factor, from the Power-factory, the contribution of individual contingencies to the specified operational risk can be quantified.
2.4. Operational Scenarios
To illustrate the proposed methodology for presentation of the results from operational risk assessment, contingency analysis is performed on the IEEE 39-Bus sample network (refer to
Figure S1) considering all (N-2) contingency cases. Four different types of network studies have been used to quantify the severity factor. This results in four different values for the operational risk, as in (7). For this network, by including all transmission lines, transformers and generators, the total number of components with non-zero unavailability is 56. The total number of (N-2) contingency cases for this network is 1540. Contingency analysis and various severity factor calculations are conducted using the power system analysis package “Power Factory”.
The following four operational scenarios have been considered in this study:
Std-GLM as the first operational scenario (OS-1);
40% increment in GLM as a second operational scenario (OS-2);
60% increment in GLM as a third operational scenario (OS-3);
80% increment in GLM as a fourth operational scenario (OS-4).
Std-GLM (standard generation loading mix) is considered as a first operational scenario (OS-1) at which the generation loading level is at its nominal value “as defined in the IEEE 39-Bus system”. For the second operational scenario (OS-2), all generation and loading is increased by 40% and so on. Contingency analysis and network studies are performed for the considered operational scenarios and impacts of contingencies are analyzed.
3. Proposed Methods for Visualization of the Results
3.1. Data Resulting from Operational Risk Assessment
Operational risk assessment is primary aimed at obtaining a value for the operational risk, as defined in
Section 2.3, for a specific operational state, for a specific system loading and for specific weather conditions. In the case where multiple severity factor definitions are used, multiple values for the operational risk will result. These values will next be compared with certain predefined thresholds for what is considered acceptable operational risk; based on this comparison, it is decided whether the operational risk is sufficiently low or too high. In the latter case, mitigation actions are needed to reduce the operational risk. Finding criteria for deciding when the operational risk is too high is one of the major challenges before application of operational risk assessment, but it is beyond the scope of this paper.
When the operational risk is too high, measures should be taken. With the classical deterministic approach (the (N-1)-criterion), a list would result of which contingency cases would make it so that the criterion was not valid. With operational risk assessment, there is no such list; instead, each contingency case with a non-zero severity factor contributes to the operational risk. The available data from the operational risk assessment is, as illustrated by (7) and (8), not just the operational risk, but also
The probability of occurrence of the contingency case;
Severity factor or factor quantifying the impact of the contingency case;
Contribution to the operational risk of each contingency.
It is this data this is available to the TSO. It can be used, among others, to decide on a mitigation action, i.e., on a method to reduce the operational risk. These data can also be used to obtain suitable threshold values for acceptable operational risks. This can be achieved by gradually obtaining experiences and determining what are the actual values of the operational risk experiences by the transmission system and what are the contributions of individual components and contingencies to this. The detailed information can also be used to make case-by-case comparisons of the impact on operational risks by taking specific mitigation actions, i.e., impacting either the probability or severity factor for specific contingencies.
In this paper, two different ways of presenting that detailed data visually are proposed. One of those (presented in
Section 3.2) shows the contribution to the operational risk for all (N-2) contingency cases; the other one (presented in
Section 3.3) plots probability against severity factor for each of the contingency cases included in the operational risk. This chart enables a comparison of severity factor and probability between the different contingency cases. When there are multiple severity factor definitions, two such charts will result for each definition. This is illustrated in
Section 4.
3.2. Contribution of Contingencies Visualization through Heat-Map
One way to visualize the operational risk results from the individual contribution of each contingency case is to present them through a heat-map. The map covers all (N-2) contingency cases, where the different system components are associated with the horizontal and vertical axis. In this study, the component outage order is ignored so the contingency case (1, 2) or (2, 1) is the same. As a result, only one-half of the map is needed. The diagonal cells, such as (1, 1) or (2, 2), could be used for the (N-1) contingency cases, but these are not considered in this study. By deploying (8), the contribution of each contingency case to the operational risk is quantified and represented in this map through a color bar. In addition, through this map, the TSO can envision which contingency is most jeopardizing to the operational security of the system; i.e., which one is contributing most towards the operational risk.
3.3. Contingencies Analysis through Risk-Based Contingency Chart
An alternative way of presenting the results of operational risk assessment from the contingencies aspect is by plotting probability against impact (severity factor) for the contingency cases. An example of the resulting chart is shown in
Figure 2. This graphical presentation allows a distinction between different types of contingency cases based on impact and probability. A possible further classification would be as follows:
LIHP (low impact high probability);
MIHP (medium impact high probability);
HIHP (high impact high probability);
LIMP (low impact medium probability);
MIMP (medium impact medium probability);
HIMP (high impact medium probability);
LILP (low impact low probability);
MILP (medium impact low probability);
HILP (high impact low probability).
This risk-based contingency chart helps the TSOs to compare the contingency cases based on impact (severity factor) and probability. This helps the operator to identify which contingency cases contribute most towards the operational risk. The “high” and “low” values along the vertical and horizontal axes are relative for the contingency cases with just the specific operational, loading and weather conditions. The absolute value of the total operational risk is compared with a threshold value, but once that comparison has been made, it is the relative values that matter for further decision-making.
In the above risk-based contingency case chart, the green portion shows low impact low probability (LILP) contingency cases, the yellow portion depicts medium impact medium probability contingency cases (MIMP), and the top-most right corner depicts the most threatening contingency cases: high impact high probability (HIHP) contingencies.
Contingency cases in the red portion of the chart, i.e., HIHP, will make a major contribution to the operational risk and immediate mitigation actions may be needed for these contingencies. The transition of one contingency case from the green portion to red under different operational scenarios shows that the impact and/or the probability of occurrence of that contingency case are increasing. Even when contingencies only occur in the green part of the chart, the operational risk (the sum of all contributions) may still be high and may have to be included during the operational planning.
5. Discussion
Operational risk assessment results in additional information that can be used to ensure secure operation of the transmission grid. Next to the operational risk, detailed information about individual contingencies results from the assessment. The heat-map indicates the contribution of each contingency case to the operational risk, under a given severity factor definition. The risk-based contingency chart highlights contingency cases for which the probability of occurrence and the impact (quantified by the severity factor) are both high. The proposed methods allow a system operator to analyze and categorize which contingency case has the highest priority for being avoided. This is relevant input when deciding about measures to ensure high operational security.
Some potential barriers are discussed below from the operational risk application point of view; these potential barriers need to be addressed in future studies.
5.1. Data Resulting from Operational Risk Assessment
The ultimate aim of the methods presented in the paper is to assist the TSO in selecting mitigation methods to reduce the operational risk of the transmission system. The graphical presentation of the results is just a first step, albeit an important first step. Further steps needed are to relate these charts to mitigation methods. The graphical presentation methods should be applied to actual operational states in existing transmission systems. Mitigation methods should be applied to study how these affect the charts and the total operational risk. First candidates for those mitigation methods could be those used to mitigate non-compliance with the (N-1)-criterion. From this experience, methods can be developed to propose or select appropriate mitigation methods using the charts. Obtaining this knowledge will require a large number of theoretical and practical studies, where the charts proposed in this paper will play an important role.
The heat-map, as proposed in this paper, is limited to second-order contingency cases. Adding single-order contingencies is straightforward; for example, by showing them along the diagonal axis of the heat-map. Results for third-order contingencies may be shown using a three-dimensional plot, but it will require specialized experience to interpret this one. Showing information on higher-order contingency cases becomes a major challenge and alternative methods are needed here. However, there are other challenges with including fourth- and higher-order contingency cases, like the very large number of cases, so that the representation of the detailed results may be a minor issue comparatively. The application of the risk-based contingency chart is not limited to any contingency order.
5.2. Continuous and Discrete Contingencies under the Integration of Intermittent Energy Resources
The integration of renewable energy resources (RER) is expected to increase further during the coming years [
34,
35,
36,
37]. This increases the complexity of the network in a number of ways.
New types of uncertainties are introduced by RER integration at transmission level, which impacts the operational risk assessment. Contingencies due to classical generation units are of a “discrete nature”; the units are available or non-available with possibly a small number of intermediate stages.
Contingency occurrence in, for example, a wind power plant would be a continuous phenomenon. Due to prediction errors, the production at the end of the lead-time is a random variable with a continuous distribution function. The challenge is to redefine the concept of contingencies, including both discrete and continuous ones for operational security purposes.
The methods proposed in this paper are confined to discrete contingencies. Alternative methods may be needed when prediction errors of RER have a non-negligible contribution to the operational risk. This will, for example, allow the TSO to better assess the importance of prediction errors in the operational security.
5.3. Standardization
In the proposed risk-based contingency chart (
Section 4,
Figure 4,
Figure 6,
Figure 8 and
Figure 10) each individual contingency case is characterized by its probability and impact. What has not been addressed here is what constitutes a high or low impact; similarly, what constitutes a high or low probability has not been addressed. The latter depends, among other factors, on what values are realistic for the component failure rate, a subject that was not addressed in this study. More experience is needed regarding calculations of operational risk for existing transmission systems. Interpretations of what is high and what is low may be conducted by an individual TSO. However, a better way forward would be for an international grid authoritative group to define this. Information on what is considered “high impact” and what is considered “high probability” is an important input to the TSO in deciding when measures are needed to increase operational security.
5.4. N-3 Contingencies Visualization and Fast Filtration
The proposed heat-map and risk-based contingency chart are based on parameters for all N-2 contingencies. When a fast decision has to be made in a large transmission system, it may not be possible to calculate these parameters for all (N-2) contingencies. Any of the filtration methods proposed in the literature may be used for this; both visualization methods can still be used even when not all (N-2) contingencies are available. The filtration methods may result in the need to include higher-order contingencies in the operational risk assessment. Including those in the risk-based contingency chart is straightforward, although the number of points may become large. Including (N-3) events in the heat-map is in theory possible by using a three-dimensional graph, but those are often difficult to interpret and information may easily be overlooked. Alternative methods need to be developed here, for example, by adding the contributions of all relevant (N-3) contingencies to an (N-2) contingency.