Failure Consequences

7/29/2019 Failure Consequences

1/21

FAILURE CONSEQUENCES4.1 WORTH DOING

FAILURE AFFECTS USER IN SOME WAYS

Output

Product quality Customer service

Safety & environment

Increase operating cost

Loss of credibility


2/21


THE NATURE AND SEVERITY OF THESE EFFECTSGOVERN THE CONSEQUENCES.

Actions are taken base on consequences of failure

Serious consequences considerable effortMinor consequences no proactive


3/21


The focus on consequences, means RCM start thetask selection by :

assessing the effect of each failure mode, and

classify into one of category of consequences find out if physically possible to perform aproactive task that avoid, eliminate or reduce theconsequences to an acceptable level

ask whether the task actually reduce theconsequences to an extent that justify the direct/indirect cost of doing the task ?

If yes, the task is worth doing


4/21


A proactive task is worth doing if it reduces theconsequences of the associated failure mode to anextent that justifies the direct and indirect costs of

doing the task


5/21

FAILURE CONSEQUENCES4.2 HIDDEN AND EVIDENT

An EVIDENT function is one whose failure will onits own eventually and inevitably become evident tothe operating crew under normal circumstances

failure of pump a will

apparent to operatorA

Stand alone pump


6/21


A HIDDEN function is one whose failure will NOTbecome evident to the operating crew undernormal circumstances

failure of pump C will not

apparent to operator

under normal condition

B C

duty Stand by


7/21


Categories of Evident Failure Consequences

safety and environmental consequences Injure or kill someone

Breach of environmental standard

operational consequences Affect production or operation

non-operational consequences non safety and operational Direct cost of repair


8/21

FAILURE CONSEQUENCES4.3 RISK

Question of Risk

10-7

10-6

10-5

10-4

I believe I haveComplete control(driving car)

I believe IHave someControl andChoice aboutExposing mySelf

(at work)

I believe IHave noControl but IDont have toExpose myself(aircraft pax)

I have noControl and noChoice aboutExposing myself(off-site exposureTo industrial accident)


9/21

FAILURE CONSEQUENCES4.4 SAFETY & ENV CONSEQUENCES

Decision on tolerable level

individual values

industry values Whether benefits justify the risk

effect on future generation

knowledge

Perception of risk


10/21

FAILURE CONSEQUENCES4.5 SAFETY AND PROACTIVE

For an FM with safety or environmental consequen

ces, a proactive task is only worth doing if itreduces the probability of the failure to a tolerablelow level

Does the failure modeCause a loss of functionWhich could injure or killsomeone

Proactive is worth doingIf it reduces the risk ofThe failure to tolerableLow level

If proactive task can not be found, redesign is compulsory

NoDoes the FM could breachAny known environmentalstandard

yes yes No(see nextChapter)


11/21

FAILURE CONSEQUENCES4.6 OPERATIONAL CONSEQUENCES

A failure has operational consequences if it has adirect adverse effect on operational capability

Failure affect operation in four ways :

they affect total output they affect product quality

they affect customer service

increase operating cost in addition to the directcost of repair


12/21


For FM with ops consequences, a proactive task is worthdoing if, over a period of time, it costs less than the cost ofoperational consequences plus the cost of repairing the

failure

Given :

if the tank runs dry, it will cost $5000 per hours

water is drawn from tank at 800 lpm

Failure mode Failure effect

1. Bearing seizes due tonormal wear

Motor trip but no alarm sounds. Level in tank dropsuntil low level alarm sounds at 120000 liters. Downtime to replace the bearing is 4 hours. MTBF is 3

years


13/21


So, the tank will run dry 2.5 hrs after alarm sounds,while it takes 4 hours to replace bearing

downstream process stop for 2.5 hrs

It costs 1.5 x $ 5000 = $ 7500 (every 3 years in

average + cost to replace

Q=1000 lpm

Q=800 lpm


14/21


Assumes :

technically feasible to check bearing for audiblenoise once a week

craftsman cost $24/hrs and takes 20 minutes tocheck

in 3 years, in average there will be 150 checks

the ops consequences can be avoided by ensuring

the tank is full before replacing the bearing (givesus 5 hours)

Maintenance cost :150 x $8 = $ 1200 + cost to

replace


15/21


Does the FM have a direct adverse effectOn operational capability

Proactive task is worth doing if it costs less thanThe cost of the ops consequences plus the cost

Of repairing the failure

If cost effective proactine can not be found, theDefault is no schedule maintenance

But it might be worth redesigning the asset or changing the processTo reduce total cost

DEVELOPING MAINTENANCESTRATEGY WITH OPERATIONALCONSEQUENCES

YES

NO( SEE NEXT)


16/21

FAILURE CONSEQUENCES4.6 NON OPERATIONAL CONSEQUENCES

The consequences of an evident failure which hasno direct adverse effect on safety, environment oroperational capabilities are classified as non

operational. The only consequences associated withthese failures are the direct cost of repair, so theseconsequences are economic.

X

C

B Y

Stand by

duty

Q=1000 lpm

Q= 800 lpm


17/21


Assumes :

same as previoous case

if pump B failed, switch automatically to C

if the bearing of pump B is found to be noisy,switch manually to C, and replace the bearing

cost associated with failure is cost ofreplacing the bearing

cost of proactive maintenance is

150 x $8 = $1200 + cost to replace bearing

so, the cost of proactive is greater than cost of

doing nothing


18/21


It is not worth doing the proactive task eventhough the pump is technically identical to thepump in previous case.

For a FM with non-operational consequences, aproactive task is worth doing if over a period oftime, it costs less than the cost of repairing thefailures

Points concerning the non-operational conseq secondary damage

Economic justification for secondary damage

protected function

Maintenance program applied to protective device


19/21

FAILURE CONSEQUENCES4.6 HIDDEN FAILURE CONSEQUENCES

Hidden Failure and Protective Device

fail-safe protective device

a fail safe protective device is one whose failure on its

own will become evident to the operating crew undernormal circumstances

A system which includes a fail-safe protective device,there are three (3) possible states

Neither device failed Protected function fails before the protective device

Protective device fails before the protected function


20/21


Hidden Failure and Protective Device

non fail-safe protective device

The fact that the device is unable to fulfill its intended

function is not evident under normal circumstances

A system which includes a non fail-safe protectivedevice, there are four (4) possible states

Neither device failed

Protected function fails while the protective device is stillfunctioning

Protective device fails while the protected function is stillfunctioning

The protective device fails then protected function fails

while the protective device is in failed state(multiple)


21/21


Multiple Failures

only occurs if a protected function fails while theprotective device is already in failed state

Failure Consequences

Documents

Transcript of Failure Consequences