Documente Academic
Documente Profesional
Documente Cultură
Effects Analysis
R.R. Mohr
February 2002
8th Edition
Background
PREMISE
– You own/operate/require/design/or are
responsible for equipment essential to a
system/process/activity which may be small or
large, simple or complex. It may be a future
plan, or be presently in operation.
NEED
– Reassurance that causes, effects, and risks of
system failures have been reviewed
systematically.
2
8671
Background
4
8671
Definitions
FAILURE EFFECT:
– The consequence(s) of a failure mode on an operation, function, status of a
system/process/activity/environment. The undesirable outcome of a fault of a
system element in a particular mode. The effect may range from relatively
harmless impairment of performance to multiple fatalities, a major equipment
loss, and environmental damage, for example.
• All failures are faults; not all faults are failures. Faults can be caused by
actions that are not strictly failures.
• A system that has been shut down by safety features responding properly
has NOT faulted (e.g., an overtemperature cutoff.)
• A protective device which functions as intended (e.g., a blown fuse) has
NOT failed.
FAILED/FAULTED SAFE:
– Proper function is compromised, but no further threat of harm exists (e.g., a
smoke detector alarms in the absence of smoke).
FAILED/FAULTED DANGEROUS:
– Proper function is impaired or lost in a way which poses threat of harm (e.g., a
smoke detector does not alarm in the presence of smoke).
5
8671
FMEA Uses and Practical
Applications
1. Identify individual elements/operations within a system
that render it vulnerable…
– Single Point Failures
2. Identify failure effects:
– FMEA – general description
– FMECA – specific Severity and Probability
assessments
3. Industries that frequently use FMEA:
– Consumer Products – Automotive/Toys/Home
Appliances
– Aerospace, NASA, DoD
– Process Industries – Chemical Processing
6
8671
The Process
7
8671
The Process: Three Questions to
Ask/Answer
1. Will a failure of the system result in intolerable/undesirable loss? If NO,
document and end the analysis. If YES, see (1.a.).
1.a.Divide the system into its subsystems*. Ask this questions for
These each subsystem: Will a failure of this subsystem result in
“filtering” intolerable/undesirable loss? If NO, document and end the
questions analysis. If YES, see (1.b).
shorten the
1.b. Divide each subsystem into its assemblies. Ask this question for
analysis
and
each assembly: Will a failure of this assembly result in
conserve intolerable/undesirable loss? If NO, document and end the
manhours. analysis. If YES, continues this questioning through the
subassembly level, and onward – into the piece-part level if
necessary.
These two
2. For each analyzed element, what are the Failure Modes? questions,
3. For each failure mode, what are the Failure Effects? alone, guide
“classical”
FMEA – General FMEA.
FMECA – Severity and Probability assessments
8 * Treat interfaces, at each level of analysis, as system elements at the same that level.
8671
FMEA Process Flow
1. Identify TARGETS to be protected: 2. Recognizes RISK TOLERANCE Question: For each element
• Environment LIMITS (i.e., Risk Matrix System, then
• Personnel • Product Subsystem, then
• Equipment • Productivity • Other… Boundaries)
In What Ways Assembly, then
4. (Modes) Can This Subassembly, then
3. “SCOPE” system as to:(a) physical
boundaries; (b) operating phases Element Fail…? Etc. Don’t overlook
(e.g., shakedown, startup, INTERFACES!
Mode Mode Mode Mode
standard run, emergency stop, 3 m
1 2
maintenance); and (c) other
assumptions made (e.g., as-is, as- What Are The Consequences (Effects)
designed, no countermeasures Of Failure In This Mode…?
in place)…etc.
QUESTIONS: For Effect Effect Effect Effect
each FAILURE MODE… 1 2 3 e
What are the
EFFECTS?…for each Target
Target Target Target
TARGET? t
1 2 3
Reassess REPEAT…
AND For each
Risk
MODE/EFFECT/TARGET
combination
AND
USE RISK MATRIX.
MATRIX must be defined for and
Access Risk must match the assessment
Develop Probability Interval and
Countermeasures Force/Fleet Size.
No Is
Accept Risk
(Waiver) OR See 2. ABOVE
Acceptable?
Abandon Yes
Assembly 6
Assembly 5
SA 1
Assembly 1
Subsystem 4
Subsystem 3 SA 2
Subsystem 1
SA =
SA 3 Subassembly
Subsystem 7
Subsystem 5
SA 4
SA 5
Subsystem 2 Assy 4
Assy 2
Assy
Subsystem 6 Subassembly 5
3
C1 C2 C=
C3 C4 C5 Component
Component 3
System
Breakdown can DO NOT overlook
be 2 3 INTERFACES
“FUNCTIONAL”
or 1 between system
“GEOGRAPHIC” elements!
or both 4 5
Item
11 more
8671 A.1.6.5.3.5
C3 contains these piece parts
Functional vs. Geographic System
Breakdown
FUNCTIONAL:
– Cooling System Don’t neglect Interface
– Propulsion System Components – e.g., if an
– Braking System engine-driven belt powers
both a water pump and a
– Steering System
power steering system, be
– Etc…. sure to include it as a part of
GEOGRAPHIC/ARCHITECTURAL: one or as a separate
– Engine Compartment Interface Element!
– Passenger Compartment
– Dashboard/control Panel
– Rear End
– Etc….
12
8671
System Breakdown Example
System Subsystem Assembly Subassembly
Automobile Cooling radiator
water pump
coolant
hoses/clamps
engine block
thermostat
Propulsion fuel Storage,
delivery,
carburetor
Some breakdowns air Carburetor
combine Functional and spark/ignition Battery,
generator
Geographic approaches. plugs,
This can help to ensure coil,
distributor
thoroughness.
engine Heads,
block,
pistons,
valves
transmission more…
Braking standard more…
emergency
Chassis/Body engine comp.,
passenger comp.,
storage comp.,
front bumper,
rear bumper,
fenders,
gages,
indicators
Steering more…
Electrical more…
Suspension more…
Operator more…
13
8671
Numerical Coding System
System: Automobile
Subsystems
Cooling - 10 Propulsion -20 Braking - 30 Steering - 40
Assemblies Radiator 10 - 11
Water Pump
10-12 Develop/implement a
Coding System that
Coolant gives each analyzed
10-13
system element a
Hoses/Clamps unique identification.
10-14
15
8671
Typical FMEA Worksheet Information
20
8671
Zoological FMEA
“STOP”
Switch
(Normally Closed)
W
1018 ft.
Not to
Scale “UP”
Switch
(Normally Open)
82,000 HP
72,000 RPM
21
8671
Coyote Hoist – System Breakdown
SUBSYSTEM ASSEMBLY SUBASSEMBLY
Hoist (A) Motor (A-01) Windings (A-01-A)
Inboard bearing (A-01-b)
Outboard bearing (A-01c)
Rotor (A-01-d)
Stator (A-01-e)
Frame (A-01-f)
Mounting plate (A-01-g)
Wiring terminals (A-01-h)
Drum (A-02
External power source (B)
Cage (C) Frame (C-01)
Lifting Lug (C-02)
22
8671
FMEA – Coyote Hoist
Project No. Sheet of
Subsystem: Sverdrup Technology, Inc. Date:
System: Coyote Hoist Failure Modes & Effects Analysis Prep. by:
Probability Interval: 4 one-way trips ea. Sat. AM / 25 yrs Rev. by:
Operational Phase(s): Uprising Approved by:
FMEA No. :
T RISK
IDENT. ITEM/ FAILURE FAILURE FAILURE A ASSESSMENT ACTION
R
NO. FUNCTIONAL MODE CAUSE EFFECT G REQUIRED /
E SEV PROB RISK
IDENT. T CODE REMARKS
M: Mission
29
8671
Benefits of FMEA
31
8671
Bibliography
Procedures for Performing a Failure Mode, Effects and Critically
Analysis MIL-STD-1629A, Nov. 1980.
System Safety Engineering And Management Harold E. Roland &
Brian Moriarty. John Wiley & Sons: 2nd Edition; 1990. (See Ch. 28,
“Failure Mode and Effect Analysis.”)
Assurance Technologies – Principles and Practices Dev. G Raheja.
McGraw-Hill.: 1991.
Fault Tree Handbook N.H. Roberts, W.E. Vesely, D.F. Haasl, F.F.
Goldberg. NUREG-0492. U.S. Government Printing Office,
Washington, DC: 1981. (See Ch. II, “Overview of Inductive Methods.”)
Systems Safety – Including DoD Standards Donald Layton. Weber
Systems Inc., Chesterland, OH: 1989. (See Ch. 7, “Hazard Analysis
Techniques I.”)
Loss Prevention in the Process Industries (2 vols.) Frank P. Lees.
Butterworths, London: 1980. (See Vol.1, Ch. 7, “Reliability
Engineering.”)
32
8671
The FMEA Report
EXECUTIVE SUMMARY (Abstract of complete report)
SCOPE OF THE ANALYSIS…
Say what is analyzed and
Brief System Description
what is not analyzed.
Analysis Boundaries
Physical Boundaries Targets Recognized/Ignored
Operational Boundaries Operational Phases
FMEA
Human Operator In/Out Exposure Interval
System Exposed Population Others…
Author
Company THE ANALYSIS…
Date Discuss FMEA Method – Strengths/Limitations (Cite Refs.)
Etc…
Present Risk Assessment Matrix (if used)
State Resolution Level(s) used/how decided
Show Worksheets as
Describe Software used (if applicable)
Appendix or attached
Present/Discuss the Analysis Data Results
Table.
Discuss Trade Studies (if done)
FINDINGS…
Interpretation of Analysis Results
Predominant Hazards (Overall “Census” and comments on “Repeaters”)
Comments on High Risk Hazards (High from Severity or Probability?
Countermeasures Effective?)
Comments on High Severity Risk (Probability acceptably low?)
Chief Contributors to Overall System Risk
CONCLUSIONS AND RECOMMENDATIONS…
(Interpret Findings — Is overall Risk under acceptable control? Is further
Analysis needed?…by what methods?)
ANALYSIS WORKSHEETS…
33 (Present as table or appendix — use Indenture Coding as
8671
an introductory Table of Contents)
Appendix
34
8671
Appendix
System Date:
Failure Mode and Effects Analysis Sheet of
Indenture Level
Reference Drawing Compiled By
Mission Approved By
Identification Item/Functional Function Failure Modes Mission Phase/ Failure Effects Failure Compensating Severity Remarks
Number Identification And Causes Operational Detection Provisions Class
Next
(Nomenclature) Mode Local End
Higher Effects Method
Effects
Level
Worksheet from
MIL-STD-1629A
35
8671
Appendix
System Date:
Indenture Level
CRITICALITY ANALYSIS Sheet of
Reference Drawing Compiled By
Mission Approved By
MISSION PHASE/ SEVERITY FAILURE PROBABILITY FAILURE FAILURE FAILURE OPERATING FAILURE Item REMARKS
IDENTIFICATION ITEM/FUNCTIONAL FUNCTION FAILURE MODES OPERATIONAL CLASS EFFECT MODE RATE TIME MODE Crit #
NUMBER IDENTIFICATION AND CAUSES
MODE PROBABILITY RATIO (λp) (t) CRIT # Cr=Σ(Cm)
(NOMENCLATURE) (α)
FAILURE RATE (β) Cm=βαλpt
DATA SOURCE
Worksheet from
MIL-STD-1629A
36
8671
Appendix
Project No. Sheet of
Subsystem: Sverdrup Technology, Inc. Date:
System: Failure Modes & Effects Analysis Prep. by:
Probability Interval: Rev. by:
Operational Phase(s): Approved by:
FMEA No. :
T RISK
IDENT. ITEM/ FAILURE FAILURE FAILURE A ASSESSMENT ACTION
R
NO. FUNCTIONAL MODE CAUSE EFFECT G REQUIRED /
E SEV PROB RISK
IDENT. T CODE REMARKS