Multi-level Risk Modelling for Interoperability of Risk Information

Yuhong Fu

1,2 a

, Georg Grossmann

1,2 b

, Karamjit Kaur

1,2 c

, Matt Selway

1,2 d

and Markus Stumptner

1,2 e

Industrial AI Research Centre, UniSA STEM, University of South Australia,

Mawson Lakes Blvd, Mawson Lakes SA 5095, Australia

Future Energy Exports Cooperative Research Centre (FEnEx CRC),

35 Stirling Highway, Perth WA 6009, Australia

ﬁ

Keywords:

Risk Modelling, Multi-view Modelling, Multi-level Modelling.

Abstract:

The digital transformation driven by the rise of Industry 4.0 leads to an increase use of data standards and

information systems for management and decision making. With the emerging of new software ecosystems,

industries are facing heterogeneous systems and a lack of interoperability for information including risk infor-

mation. The lack of interoperability in risk management leads again to a slow and often incorrect information

transfer, which affects the timely response to risks. In this paper, we propose a new risk modelling approach

that combines existing multi-level modelling and multi-view modelling approaches to structure and hence

simplify interoperability.

1 INTRODUCTION

Industry 4.0 pushes digital transformation of indus-

try and is changing the way people live and industry

operates, accompanied by the increasingly common

use of digital systems to manage, monitor and control

business process in the industry (Ghobakhloo, 2020;

Sony and Naik, 2019).

In large industries, risks occur in different depart-

ments and at different levels. Data silos and lack of

interoperability pose a challenge affecting the abil-

ity of organizations to gain insights from risk anal-

ysis. Therefore, it is signiﬁcant to have a comprehen-

sive understanding of risks at a system and system-of-

systems level and provide a holistic view.

Within the FEnEx CRC

we look at different sce-

narios for risk modelling in asset management. The

assets of concern are usually large physical assets that

are composed of a number of complex components,

where components may consist of sub-components

and each component may be manufactured by differ-

ent suppliers. With new components in can be as-

https://orcid.org/0000-0003-2093-2326

https://orcid.org/0000-0003-4415-2228

https://orcid.org/0000-0003-0255-1060

https://orcid.org/0000-0001-6220-6352

https://orcid.org/0000-0002-7125-3289

https://www.fenex.org.au

sumed that they are ﬁtted with sensors and maybe

even come with analytical capabilities in a software

package which makes them Industry 4.0-ready. Ex-

isting legacy components are often re-ﬁtted with sen-

sors so data can be collected, analysed and used for

decision making. The problem at hand comes in two

dimensions: (1) On the vertical dimension, we are

dealing with a component hierarchy and on each com-

ponent level you may deal with different data for-

mats and how data is captured and structured. This

becomes increasingly challenging with new business

models of manufactures where data might be pro-

vided only through online services for which a sub-

scription has to be paid. (2) On the horizontal di-

mension, we are dealing with the communication be-

tween systems, departments and may be event exter-

nal partners or government each working with a dif-

ferent software ecosystems. The exchange of infor-

mation becomes inherently more difﬁcult. If risks

are not captured and communicated appropriately to

stakeholders and decision makers then this can lead to

catastrophic consequences in extreme cases (Haimes,

2005; Dunbar et al., 2011; Fraser et al., 2013; Urlainis

et al., 2022).

It is crucial that risk analysis is carried out across

departments and holistically across the whole organi-

zation spanning multiple risk models. One risk event

affects other departments and sectors such as agricul-

242

Fu, Y., Grossmann, G., Kaur, K., Selway, M. and Stumptner, M.

Multi-level Risk Modelling for Interoperability of Risk Information.

DOI: 10.5220/0011562300003329

In Proceedings of the 3rd International Conference on Innovative Intelligent Industrial Production and Logistics (IN4PL 2022), pages 242-249

ISBN: 978-989-758-612-5; ISSN: 2184-9285

ture, forestry, coal, construction and more than thirty

other industries were affected in the disasters mention

above due to interdependent nature of the industries as

well as the cascading effects of the inter-connection

risks. To handle such risks, an enhanced risk mod-

elling approach is required which covers the cross-

departmental risk models in the horizontal direction

as well as risk models across multiple level in the ver-

tical direction. This intersection of modelling both

horizontal and vertical angle will provide risk man-

agers a clear picture of the risks across multiple levels

and views.

The research goal of this paper is to propose a

hybrid risk modelling approach for effectively reduc-

ing unexpected complexity in the model and making

it clearer, thereby making it easier for the risk stake-

holders to focus on the information they need and to

achieve a comprehensive view in both horizontal and

vertical directions.

2 MOTIVATION AND CASE

STUDY

2.1 Motivation

Risk is a measure of the probability and severity of

adverse effects. The main factors in assessing risk in-

clude the potential loss (consequence) and the prob-

ability of occurrence (Haimes, 2005). In public util-

ities, such as the energy industry, risk assessment is

important and necessary. This helps in the repair and

maintenance of infrastructure, as well as the timely

response to emergencies and risks to safety-critical

systems (Haimes, 2005). Imagine if the infrastructure

is not well repaired and maintained, or the response

to emergencies is not timely, it can lead to a series

of problems, such as energy supply shortages. Risk

modelling is an effective way to help with risk assess-

ment. Through risk modelling, risk-related metrics

can be represented in a model diagram which can be

used for risk simulation and analysis, and documen-

tation and code generation. Stakeholders can under-

stand the probability of a particular risk occurring and

the severity of the consequences, and develop solu-

tions to avoid or reduce the adverse impact of the risk.

We investigate risk modelling from a model-

driven engineering (MDE) perspective. MDE has the

advantage of abstracting from the real-world through

models that can be used as a lingua franca between

IT and non-IT stakeholders. MDE has a close rela-

tionship to software engineering and we can use ex-

isting MDE techniques for software development and

increase the automation for interoperability. A tra-

ditional modelling language in MDE is the Uniﬁed

Modelling Language (UML), which can also be used

in the ﬁeld of risk modelling. Since UML is a vi-

sual modelling language, this makes it more intuitive

for model developers to build models and easier to

check for model deﬁciencies. It provides a clearer un-

derstanding of the model architecture. Based on the

fact that UML is a universally accepted and agreed

modelling language, the information contained in the

model can be understood by different stakeholders of

the model. UML can be effectively used to model

the ﬂow of risk information. Through risk modelling,

potential risks can also be clearly represented for all

stakeholders to gain the information they need. Mean-

while, the relevant attributes of the risk, such as prob-

ability and consequence, can also be clearly repre-

sented. These are vital information for risk analy-

sis. Risk control measures can also be developed and

linked to the relevant risks and displayed in the model

and hence provide effective ways of avoiding risks

and reducing losses.

However, the current business processes in the en-

ergy industry are large and complex, and the risks

associated with business processes are also often di-

verse and complex. This poses a challenge for risk

modelling. For example, there are interoperability is-

sues between large heterogeneous ecosystems. Tra-

ditional modelling approaches, such as UML, models

within two categorization levels, the model and meta-

model levels (Igamberdiev et al., 2016). At the same

time, UML instantiation models do not clearly scale

to multiple modelling levels, and they do not support

a natural modelling approach when using UML con-

cepts to describe the hierarchy of instantiated class

levels (Atkinson and K

uhne, 2001). This introduces a

number of problems, such as unexpected complexity

(Atkinson and K

uhne, 2008). This makes the models

relatively difﬁcult to understand, error-prone in their

construction and use, and prevents the representation

of risk information arising from multiple levels in an

organisation. For example, a risk event occurring at

a component (e.g. sensor) level needs to be repre-

sented and cascaded to the higher levels such as the

encompassing system level and the systems on top of

it, reaching up to the higher level systems. Thus, en-

abling the aggregation of risk information from the

bottom most level to the top most level, where the

decision making team including risk managers get to

see the broader risks. Domain modellers may de-

crease accidental complexity by naturally represent-

ing the entities, relationships, and constraints of their

domain (Selway et al., 2017). Therefore, an instanti-

ation mechanism is needed in which the properties of

classes of modelling elements can be automatically

Multi-level Risk Modelling for Interoperability of Risk Information

243

obtained through the instantiation step (Atkinson and

uhne, 2001). Multi-level modelling proposed by

Atkinson and K

uhne in 2001 (Atkinson and K

uhne,

2001) provides a better way to model multi-level risk

models, since it supports unlimited number of levels

while modelling, as contrast to the limit of two levels

in the UML model. The natural propagation of con-

straints on multi-level instantiation that a multilevel

modelling approach can bring is necessary (Selway

et al., 2017). Through this approach, the detailed in-

formation available at lower level will be aggregated

to the higher level, which will enable decision mak-

ers to gain a more comprehensive and speciﬁc under-

standing of potential risks.

Moreover, within the energy industry, there are

numerous heterogeneous software systems. Estab-

lishing interoperability across various systems is one

of the greatest problems in the design of information

systems (Selway et al., 2017). In particular, signif-

icant compatibility and interoperability issues arise

when each heterogeneous software system deﬁnes

its own non-standard language extension mechanism

(Atkinson et al., 2015). In the energy industry, such

problems are very serious. This may lead to the fail-

ure to transmit anomaly information from sensors to

risk control department in a timely manner, or the in-

formation is not properly recognized when transmit-

ted across systems. This can lead to serious problems,

such as the power interruptions.

There is also the issue that within the energy in-

dustry, as well as other large companies, contains

many different departments, each with their own as-

sociated risks. For example, the ﬁnance department

may face the risk of insufﬁcient funds, the procure-

ment department may face the risk of insufﬁcient in-

ventory of supplier, and the production department

may face the risk of insufﬁcient production capacity.

In the traditional view of the risk model, all risks are

in one view, which makes it relatively difﬁcult for the

employees dealing with risks in each department to

get the information they need. This not only reduces

efﬁciency, but in some cases important information

may be missed. Therefore, there is a need to create

a method that can separate different concerns, which

will not only increase efﬁciency but also improve ac-

curacy.

We agree with Thabet et al. that business pro-

cesses and associated risks need to be considered si-

multaneously (Thabet et al., 2021). This approach

to risk management, which combines risk and busi-

ness process, is called Risk-aware Business Process

Management (R-BPM) and helps to classify risks into

their respective departments.

In order to solve the above problems, we

have adopted a new modelling approach combin-

ing a multi-level modelling approach called SLICER

(Speciﬁcation with Levels based on Instantiation,

Categorisation, Extension and Reﬁnement) (Selway

et al., 2017) which has been chosen as the basis for

risk modelling and a multi-view modelling approach

called e-BPRIM (e-Business Process-Risk Manage-

ment – Integrated Method) (Lamine et al., 2022) in

our work. In the next section we will describe the

multi-level modelling approach and the multi-view

modelling approach separately on a case study in the

energy sector.

2.2 Case Study

The case study is about an energy company and two of

its departments, the procurement and the production

department, which are related through a chain risk:

The cause was the delay of procurement, which led to

the reduction in producing capacity. Each department

has a corresponding risk management system that is

used to assess risks. Moreover, a condition monitor-

ing system in the production department monitors the

operating conditions of the power generation facilities

and the production management system calculates the

loss of capacity. In the procurement department, the

procurement management system places orders when

required and records delivery times. Finally, these

data are transferred to each department’s correspond-

ing risk management system, where risk consequence

is calculated according to risk assessment criteria. In

this case, the problem is to build efﬁcient and sta-

ble interoperability between multiple systems and to

ensure that the information at the bottom of the risk

model can be delivered to the top in a timely manner.

Figure 1 shows the model of the case study created

using UML.

ProductionRisk: Risk

Product

ProductionView: View

Equipment

ProcurementRisk: Risk

EnterpriseRiskManagementSystem: View

Asset

EnterpriseRisk: Risk

ProcurementView: View

aggregatesTo

hasRisk

Figure 1: UML model of the case study.

Figure 1 shows a simple UML diagram represent-

ing the case study. The procurement view is located

on the bottom left and contains procurement risk and

EI2N 2022 - 16th IFAC/IFIP International Workshop on Enterprise Integration, Interoperability and Networking

244

related equipment. On the bottom right is the produc-

tion view which contains production risk and related

product. The information of both views is aggregated

to the top view, the enterprise-level risk management

system.

3 RELATED WORK

In this section, related literature about multi-level

modelling and multi-view modelling are discussed

and brieﬂy mention the relation to ontologies.

3.1 Multi-level Modelling

In this subsection, we present two multi-level mod-

elling approaches which are Deep Instantiation and

SLICER (Atkinson and K

uhne, 2001; Selway et al.,

2017).

3.1.1 Deep Instantiation

In 2001, Atkinson and K

uhne proposed the ﬁrst multi-

level modelling approach, which is essentially Deep

Instantiation (DI) (Atkinson and K

uhne, 2001). This

approach solves some problems existing in traditional

UML modelling method as below.

• The instantiation model of UML can not clearly

extend to multiple modelling levels;

• When using UML concepts to describe the hier-

archy of instantiated class levels, e.g. the UML

metamodel hierarchy (M2), natural modelling ap-

proach is not supported;

• UML can not adequately describe a model ele-

ment at the M1 level that represents not only an

object but also a class (for further instantiation);

• Although an instance can also represent a class, it

only acquires object-speciﬁc properties as a result

of the instantiation;

• All attributes and associations created for the M2-

level element when it is instantiated into an M1-

level element become slots and links for the M1-

level element and cannot be utilised for subse-

quent instantiations;

• Classes cannot affect entities formed via addi-

tional instantiation and they can only determine

the semantics of their immediate instances.

DI adopts the element called clabject and the con-

cept called potency to solve the above problems. A

unique element called a cabject represents both a class

and an object, which combines the characteristics of

class and object. Potency represents the number of

times an element or an attribute can be instantiated.

These two concepts effectively solve the above prob-

lem which is shallow instantiation and are the core

concepts pf multi-level modelling.

The objective of DI is to minimise the compo-

nents of the conceptual model, which entails hiding

the components by folding them into a single object at

the highest level (Selway et al., 2017). We agree with

Matt et al. that the DI approach is ineffective, partic-

ularly for scenarios involving system interoperability,

because it obscures signiﬁcant distinctions that exist

in the domain being represented, resulting in a one-

to-many relationship between model elements and the

domain entities they represent, which prevents the do-

main modeller from thinking in terms of the entity but

rather in terms of how it is encoded in the model (Sel-

way et al., 2017).

3.1.2 SLICER

In 2017, Matt et al. proposed the SLICER ap-

proach for solving interoperability problems between

large-scale ecosystems. This framework uses spe-

cialisation, instantiation, speciﬁcation, and classiﬁca-

tion—basic semantic relationships—to create models

dynamically and offers a natural propagation of con-

straints across multi-level instantiation (Selway et al.,

2017). There multi-level modelling framework has

the following features.

• This framework is based on a ﬂexible horizontal

concept that is the result of applying speciﬁc se-

mantic relations;

• This framework adds detail or speciﬁcation

through adding modeled features, behaviors,

and/or constraints;

• This framework explicitly identiﬁes the features

(speciﬁcations) of the model that describe the de-

vice;

• This framework performs second-level classiﬁca-

tion by identifying categories and the objects they

are categorized under;

• This framework achieves an orthogonal focus on

different stakeholders and lifecycle stages.

With the unique relationships in the framework,

elements are ﬂexibly instantiated or specialized. We

believe that the risk model built based on this frame-

work can clearly display and ﬂexibly combine the risk

concept and the entity concept. The deﬁnition of the

relationships in SLICER will be shown in the next

section, as we will also apply them.

Multi-level Risk Modelling for Interoperability of Risk Information

245

3.2 Multi-view Modelling

In this subsection, we present a new Multi-View mod-

elling approach called e-BPRIM.

3.2.1 e-BPRIM

BPRIM was ﬁrst proposed as a risk management

approach by Sienou et al. in 2009 (Sienou et al.,

2009). This approach is a risk-driven process en-

gineering focusing on making risk-driven business

process design as an integral part of enterprise en-

gineering. In 2019, Lamine et al. introduced the

concept of multi-view modelling in BPRIM, creat-

ing a multi-view modelling approach called e-BPRIM

and providing a multi-view modelling platform called

AdoBPRIM based on AdoXX(Lamine et al., 2019).

e-BPRIM, which is based on the agile development

methodology, offers insight and value-driven models

to assist risk and process managers in carrying out

their duties (Lamine et al., 2022). This method is

founded on the black box, which seeks to build re-

lationships between the inputs and outputs of various

phases that make up the two cycles (Lamine et al.,

2022). In AdoBPRIM, the authors designed naviga-

tion techniques to ensure consistency between these

views. In this multi-view modelling approach, the

modelling operations that maintain consistency are as

follows.

• Decomposition: Further abstract a given view and

produce a new one;

• Extend: Append syntax concepts to extend the

given view and produce a new one;

• Reuse: Reuse some syntax and/or semantics from

some existing views and produce a new one;

• Merge: Merge some syntax concepts from some

existing views and produce a new one;

• Compositing: Collect information from some ex-

isting views and produce a new one;

• Synchronization: Execute modiﬁcations of over-

lapping concepts synchronously in all other views

through the algorithm.

We believe that multi-view modelling approach

is well suited for applying in large ecosystems. It

allows the risk model in large ecosystems to be di-

vided into several sub-views and ensures consistency

between these sub-views, which facilitates interoper-

ability between large ecosystems and allows informa-

tion to be transferred in a timely manner across dif-

ferent systems. And risk controllers in different de-

partments can more easily and clearly acquire the in-

formation they need to understand potential, proba-

ble risks to make risk management plan and respond

in a timely manner. At the same time, the complex-

ity of risk models can be signiﬁcantly reduced by us-

ing the black box approach. Therefore, we combine

this multi-view modelling approach into the SLICER

multi-level modelling approach to further improve the

interoperability and efﬁciency between systems and

reduce the complexity of risk models.

3.3 Risk Management Ontology

The use of ontology for risk management has various

advantages (Zhong and Li, 2015). We have identiﬁed

the following ones relevant to our case study:

• Provide an agreement on the meaning of terms;

• Explain the meaning of a term;

• Integrate all other forms of;

• Strict formalization allows for additional au-

tomization, such as querying, consistency check-

ing.

Obviously, these advantages of ontology can unify

terms in large heterogeneous ecosystems to enhance

interoperability. In the future research, we will extend

a suitable existing risk ontology to implement in the

current project.

4 A MULTI-LEVEL AND

MULTI-VIEW FRAMEWORK

FOR RISK MODELLING

In this section, we will show how our modelling ap-

proach works with the case study introduced in Sec-

tion 2.

4.1 Modelling Approach Deﬁnition

As mentioned above, in our approach, we combine

a multi-level modelling and a multi-view modelling

approach in order to create a new risk management

model. The model has the advantage of low complex-

ity and ease of readability, while achieving a sepa-

ration of concerns. Furthermore, we adopts syntac-

tic overlap relationship and extend relationship from

multi-view modelling approach to achieve consis-

tency among different views.

Figure 2 shows the example of what we have built

through this combined risk modelling approach. In

Figure 2, we introduce the relationships in SLICER

and e-BPRIM. We adopted SpecX, InstX, InstN and

SbS from SLICER and Syntactic Overlap and Extend

from e-BPRIM. We have explained them below.

EI2N 2022 - 16th IFAC/IFIP International Workshop on Enterprise Integration, Interoperability and Networking

246

• SpecX: SpecX is a special specialisation relation-

ship. It can add new attributes or relationships to

comparing with traditional specialisation;

• InstX: InstX is a special instantiation relationship.

It can add new attributes or relationships compar-

ing with the traditional instantiation;

• InstN: InstN is the traditional instantiation rela-

tionship. It acquires the attributes and relation-

ships from the element being instantiated and can-

not be further instantiated;

• SbS: SbS is used to specialise the parent class.

The specialised subclass is at the same level as

the parent class, which can refer the properties of

the instance.

• Syntactic Overlap: Syntactic Overlap is used to

maintain consistency between classes with the

same name, by promptly updating changes to val-

ues in either class.

• Extend: Extend is used to extend views, from the

black box to the white box.

Clearly, through these relationships, elements in

the model can be ﬂexibly extended or instantiated.

UOM is an abbreviation for Unit of Measurement,

which represents a data format with unit of measure-

ment.

In Figure 2, each risk and asset type is considered

as a black box, which is in the upper part. By us-

ing the concept of syntactic overlap, when elements

in any one view change, the corresponding overlap-

ping syntax in other views is updated in time. This

concept from multi-view modelling approach ensures

consistency among views and enables the transfer of

risk information across systems thus improving inter-

operability.

In this model, each sub-view is treated as a white

box. They are detailed representation of the corre-

sponding black box in the metamodel. With this ap-

proach, the risk managers in each department can only

see the risk view that belongs to their department.

Also, with the consistency between views, the values

of the attributes in the views are updated in time. Ob-

viously, it is easier to focus on and get information

from just one of the views than to get information in

the whole ﬁgure. This is particularly the case in the

larger, more complex industrial ecosystems. With the

concept from multi-view approach, the risks and the

entities corresponding to the risks are distinguished in

each risk view, which further increases the readability

of the model and reduces complexity.

In each sub-view, risk consequence has its own

measure. For example, in the procurement risk view,

risk consequence is measured regarding to missing

quantity and delay time, formula is as follow.

RQ =

T Q

∗ DT (1)

RQ is Risk Consequence, LQ is Lack Quantity

(sqm/pcs), DT is Delay Time (day) and TQ is Total

Quantity for Production (sqm/pcs).

In the production risk view, risk consequence is

regarding to the percentage of production capacity re-

duction compared to total production capacity. Ta-

ble 1 shows the assessment criteria of risk conse-

quence for production risk.

Based on Table 1, the risk consequence for the

both two risk views can be derived automatically.

Table 1: Assessment criteria of risk consequence for pro-

duction risk and ﬁnance risk.

Risk Consequence Percentage of production ca-

pacity reduction

0.1 0%- 5%

0.2 6%- 15%

0.3 16%- 25%

0.4 26%- 35%

0.5 36%- 45%

0.6 46%- 55%

0.7 56%- 60%

0.8 61%- 65%

0.9 66%- 70%

1 >70%

4.2 Model Validation

To validate the proposed risk modelling approach,

we will apply this approach in the on-going Project

“Open Analytics Interoperability”

. This project pro-

vides a framework for facilitating inter-operable ana-

lytics by enabling sharing of outputs from various an-

alytical systems such as risk analysis using standard-

ized interfaces. Existing standards and speciﬁcations

are leveraged where possible. For example, the Open

Industrial Interoperability Ecosystem (OIIE

) spec-

iﬁcation published by MIMOSA as part of ISO/TS

18101-1:2019 (ISO, 2019) is being actively used in

the project. In terms of risk management, good inter-

operability facilitates early warning and fault detec-

tion as well as risk analysis of assets.

5 CONCLUSIONS AND FUTURE

RESEARCH

In this paper, we demonstrate a new risk modelling

approach that combines an existing multi-level mod-

https://www.fenex.org.au/project/program-3-open-

speciﬁcation-for-analytics-interoperability-20-rp3-0048/

Multi-level Risk Modelling for Interoperability of Risk Information

247

Figure 2: Example of the risk model created by the combined risk modelling approach.

EI2N 2022 - 16th IFAC/IFIP International Workshop on Enterprise Integration, Interoperability and Networking

248

elling approach and a multi-view modelling approach.

This approach is applied to large ecosystems to ad-

dress the lack of interoperability between existing

heterogeneous systems. By taking advantages from

the multi-level modelling approach, the complexity of

the model is reduced and the model is made clearer.

While the beneﬁts from the multi-view modelling ap-

proach ensures that interoperability is enhanced and

makes it easier for risk managers to focus on relevant

information.

In future research, we will continue to reﬁne

this risk modelling approach by further incorporating

the multi-view modeling approach at the meta-model

level to achieve multi-view modeling of business pro-

cesses, risks, risk management measures, and risk

matrices. At the model level, multi-level modelling

is implemented for each risk to reduce model com-

plexity across the heterogeneous ecosystem and make

model levels clear and informative. We will also de-

velop algorithms to automatically calculate the proba-

bility and severity of risks and display them automat-

ically in a risk matrix. Moreover, for most risks, we

will link each risk with a corresponding management

measure to achieve timely response and timely treat-

ment. Furthermore, we will expand the current risk

ontology to achieve system integration via semantic

mapping, which can avoid the restrictions imposed by

UML.

ACKNOWLEDGEMENTS

The work has been supported by the Future Energy

Exports CRC (www.fenex.org.au) whose activities

are funded by the Australian Government’s Cooper-

ative Research Centre Program. This is FEnEx CRC

Document 2022/20.RP3.0048-FNX-007.

REFERENCES

Atkinson, C., Gerbig, R., and Fritzsche, M. (2015). A

multi-level approach to modeling language extension

in the enterprise systems domain. Information Sys-

tems, 54:289–307.

Atkinson, C. and K

uhne, T. (2001). The Essence of Mul-

tilevel Metamodeling. In Proc. of UML, LNCS 2185,

pages 19–33. Springer.

Atkinson, C. and K

uhne, T. (2008). Reducing accidental

complexity in domain models. Software & Systems

Modeling, 7(3):345–359.

Dunbar, P., McCullough, H., Mungov, G., Varner, J., and

Stroker, K. (2011). 2011 Tohoku earthquake and

tsunami data available from the National Oceanic

and Atmospheric Administration/National Geophys-

ical Data Center. Geomatics, Natural Hazards and

Risk, 2(4):305–323.

Fraser et al. (2013). Tsunami damage to coastal defences

and buildings in the March 11th 2011 M w 9.0 Great

East Japan earthquake and tsunami. Bulletin of earth-

quake engineering, 11(1):205–239.

Ghobakhloo, M. (2020). Industry 4.0, digitization, and op-

portunities for sustainability. Journal of cleaner pro-

duction, 252:119869.

Haimes, Y. Y. (2005). Risk modeling, assessment, and man-

agement. John Wiley & Sons.

Igamberdiev, M., Grossmann, G., and Stumptner, M.

(2016). A Feature-based Categorization of Multi-

Level Modeling Approaches and Tools. In MULTI@

MoDELS, ceur-ws.org 1722, pages 45–55.

ISO (2019). Automation systems and integration – Oil and

gas interoperability – Part 1: Overview and funda-

mental principles. Standard ISO/TS 18101-1:2019,

Geneva, CH.

Lamine, E., Thabet, R., Sienou, A., Bork, D., Fontanili,

F., and Pingaud, H. (2019). BPRIM: An integrated

framework for business process management and risk

management. Computers in Industry, 113:103129.

Lamine, E., Thabet, R., Sienou, A., and Pingaud, H. (2022).

The integration of risk aspects into business process

management: The e-bprim modeling method. In

Domain-Speciﬁc Conceptual Modeling, pages 231–

263. Springer.

Selway, M., Stumptner, M., Mayer, W., Jordan, A., Gross-

mann, G., and Schreﬂ, M. (2017). A conceptual

framework for large-scale ecosystem interoperability

and industrial product lifecycles. Data & Knowledge

Engineering, 109:85–111.

Sienou, A., Lamine, E., Pingaud, H., and Karduck, A.

(2009). Aspects of the BPRIM language for risk

driven process engineering. In Proc. of OTM, LNCS

5872, pages 172–183. Springer.

Sony, M. and Naik, S. (2019). Key ingredients for evaluat-

ing industry 4.0 readiness for organizations: a litera-

ture review. Benchmarking: An International Journal.

Thabet, R., Bork, D., Boufaied, A., Lamine, E., Korbaa, O.,

and Pingaud, H. (2021). Risk-aware business process

management using multi-view modeling: method and

tool. Requirements Engineering, 26(3):371–397.

Urlainis, A., Ornai, D., Levy, R., Vilnay, O., and Shohet,

I. M. (2022). Loss and damage assessment in critical

infrastructures due to extreme events. Safety science,

147:105587.

Zhong, B. and Li, Y. (2015). An Ontological and Seman-

tic Approach for the Construction Risk Inferring and

Application. J Intell Robot Syst, 79:449––463.

Multi-level Risk Modelling for Interoperability of Risk Information

249