Hazard Operability Analysis - polimi.it
Transcript of Hazard Operability Analysis - polimi.it
Prof. Enrico Zio
Hazard Operability Analysis
Prof. Enrico Zio
Politecnico di Milano
Dipartimento di Energia
Prof. Enrico Zio
HAZOP
• Qualitative
• Deductive (search for causes)
• Inductive (consequence analysis)
AIM:
Identification of possible process anomalies and
their associated causes and consequences
Prof. Enrico Zio
HAZOP
Initially developed to analyze chemical process
systems; later extended to complex operations and
other types of systems (e.g., software)
It is a qualitative, structured and systematic
examination of a planned or existing process or
operation in order to identify and evaluate problems
that may represent risks to personnel or equipment, or
prevent efficient operation
Deductive (search for causes)
Inductive (consequence analysis)
Prof. Enrico Zio
HAZOP: When?
Design
Phase
Completeness
of HAZOP
study
Impact of
results on
Design
HAZOP as a final check
upon detailed design
HAZOP study: better later than never. It may also be
performed on an existing facility (improvement of the
operability, risk reduction)
Prof. Enrico Zio
HAZOP: Who?
HAZOP team members (multidisciplinary):
Team Leader (HAZOP experienced)
Project engineers
Process engineers
Instrument/electrical engineers
Safety engineers
Maintenance Engineers
….
Prof. Enrico Zio
HAZOP: How?
1. Clearly identify the study nodes, i.e., the locations
(e.g., on piping) at which the process parameters are
investigated
2. Identify the functionally independent process units
(pumps, vessels, heat exchangers, etc.) that are
between the nodes (which cause changes in the
parameters between nodes)
3. For each node identify its operation modes (start-up,regime, shut-down, maintenance, etc.) and thecorresponding plant configurations (valves open orclosed, pumps on or off, etc.)
4. For each node in each of its operation modes,identify the possible deviations from nominalbehavior, by compiling an HAZOP table
Prof. Enrico Zio
HAZOP: Procedure steps
1. Decompose the system in functionally independent process units
2. For each process unit identify its operation modes (start-up, regime, shut-down, maintenance, etc.) and configurations (valves open or closed, pumps on or off, etc.)
3. For each process unit in each of its operation modes, identify the possible deviations from nominal behavior, by compiling an HAZOP table
Prof. Enrico Zio
HAZOP: Procedure steps
specify unit in/out fluxes (energy, mass, control signals, etc.) and process variables (temperature, flow rate, pressure, concentrations, etc.)
write down unit functions (heating, cooling, pumping, filtering, etc.)
apply keywords (low, high, no, reverse etc.) to the unit process variables and functions => process deviations
for each process deviation (qualitatively) identify its possible causes and consequences
Prof. Enrico Zio
HAZOP TABLE
Source: IEC 61882
Prof. Enrico Zio
HAZOP: A synoptic
Taken from Rausand, M. and Høyland, A.: "System Reliability Theory: Models,
Statistical methods, and Applications" (2nd ed.), Wiley, Hoboken, 2004
Prof. Enrico Zio
HAZOP: Details of procedure steps
Specify elements: in/out fluxes (e.g., energy, mass, controlsignals, etc.), process variables (e.g., temperature, flow rate,pressure, concentrations, etc.), etc.
Flow Composition pH
Pressure Addition Sequence
Temperature Separation Signal
Mixing Time Start/stop Stirring Phase
Operate Transfer Speed
Level Maintain Particle size
Services Viscosity Measure
Communication Reaction Control
Prof. Enrico Zio
HAZOP: Details of procedure steps
Specify elements: in/out fluxes (e.g., energy, mass, controlsignals, etc.), process variables (e.g., temperature, flow rate,pressure, concentrations, etc.), etc.
Apply Guide-Words to the unit process variables and in/outfluxes => process deviations
Guide-word Meaning Example
No (not, none) None of the design intent is achieved No flow when production is expected
More (more of, higher) Quantitative increase in a parameter Higher temperature than designed
Less (less of, lower) Quantitative decrease in a parameter Lower pressure than normal
As well as (more than) An additional activity occurs Other valves closed at the same time
(logic fault or human error)
Part of Only some of the design intention is
Achieved
Only part of the system is shut down
Reverse Logical opposite of the design intention
occurs
Back-flow when the system shuts
down
Other than
(other)
Complete substitution - another activity
takes place
Liquids in the gas piping
Early /late The timing is different from the intention
Prof. Enrico Zio
HAZOP: Details of procedure steps
Specify elements: in/out fluxes (e.g., energy, mass, controlsignals, etc.), process variables (e.g., temperature, flow rate,pressure, concentrations, etc.), etc.
Apply keywords (low, high, no, reverse etc.) to the unit processvariables and in/out fluxes => process deviations
For each process deviation (qualitatively) identify its possiblecauses and consequences
Prof. Enrico Zio
HAZOP TABLE
UNIT :
OPERATION MODE:
Keyword Deviation Cause Consequence Hazard Actions needed
More More Temperature
Additional Thermal Resistance
Higher pressurein tank
Release due to Overpressure
Install high temperature warning and pressurerelief valve
Prof. Enrico Zio
HAZOP TABLE
Keyword Deviation Cause Consequence Hazard Actions needed
More More Temperature
Additional Thermal Resistance
Higher pressurein tank
Release due to Overpressure
Install high temperature warning and pressurerelief valve
1. Identify the deviation (install an alarm)
2. Compensate for the deviation (automatic control system)
3. Prevent the deviation from occurring
4. Prevent further escalation of the deviation (plant shut-down)
5. Relieve the process from the hazardous deviation (pressure safety valve)
UNIT :
OPERATION MODE:
Prof. Enrico Zio
EXAMPLE: SMALL EXTERNAL POOL
The water of the pool is in re-circulation through pumps that aspire the water of the
compensation tank making it pass through the treatment organs before throw it
again in the pool.
SYSTEM TO
CORRECT WATER
PH
SYSTEM TO
DISINFECT THE WATER
SYSTEM TO
FILTER
THE WATER
Prof. Enrico Zio
HAZOP TABLEThe objective of the HAZOP analysis is to identify the possible deviations to the
normal operation that can contribute to the reduction of the quality of the water.
Prof. Enrico Zio
SYSTEM: shell & tube heat exchanger
Study Node: 1
Operational Mode: Nominal Conditions
Design Intent: P= 2bar, T=20°C, Flow=1l/sec
Process fluid
Cooling water
Hazop: example
12
3
4
Prof. Enrico Zio
Solution
Guide
WordElement Deviation Causes Consequences Action
LESS FLOW Less flow of cooling
water
Pipe blockage Temperature of
process fluid remains
constant
High Temperature
Alarm
NONE FLOW No cooling water flow Failure of inlet cooling
water valve to open
Process fluid
temperature is not
lowered accordingly
Install
Temperature
indicator before
and after the
process fluid line
Install TAH
MORE FLOW More cooling flow Failure of cooling water
valve
Temperature of
process fluid decrease
Low Temperature
Alarm
REVERSE FLOW Reverse s cooling fluid
flow
Not credible Not credible Not credible
MORE PRESSURE More pressure on tube
side
Failure of process fluid
valve
Bursting of tube Install high
pressure alarm
.... ... .... …. …. ....
Prof. Enrico Zio
HAZOP results
•Improvement of system or operations
– Reduced risk and better contingency
– More efficient operations
•Improvement of procedures
– Logical order
– Completeness
•General awareness among involved parties
Prof. Enrico Zio
HAZOP: Strength
1. Simple and systematic (computer tools available)
2. Include consequence effects also on other units: domino effects.
3. Covers human errors
4. Covers safety as well as operational aspects
5. It gives good identification of cause and excellent identification of critical deviations.
6. HAZOP is an excellent well-proven method for studying large plant in a specific manner.
Prof. Enrico Zio
HAZOP: weakness
1. Very time consuming and laborious (boredom for
analysts)
2. Tends to generate many failure events with
insignificance consequences and generate many
failure events which have the same consequences
3. Does not identify all causes of deviations (it may
omit some scenarios)
4. Does not allow to consider with multiple-combination
events
5. Gives little account to the probabilities of events or
consequences (meaningfulness of deviations are
expert judgment based)
Prof. Enrico Zio
HAZOP: comments
1. Include consequence effects also on other units: domino effects.
2. Simple and systematic (computer tools available)
3. Subjective (relies on analyst’s expertise)
4. Often used in support to the construction of FT and for RCM
Prof. Enrico Zio
Questions:
1. What is the different between FMEA and HAZOP?
2. Who should take the job of making FMEA and HAZOP?
3. How to improve the FMEA and HAZOP?
Prof. Enrico Zio
Failure Mode and Effects Analysis
Prof. Enrico Zio
Politecnico di Milano
Dipartimento di Energia
Prof. Enrico Zio
FMEA
• Qualitative
• Inductive
AIM:
Identification of those component failure
modes which could fail the system (reliability)
and/or become accident initiators (safety)
Prof. Enrico Zio
▪ Developed by the U.S. Military (MIL-P-1629 “Procedures for
performing a failure mode, effects and criticality analysis” 1949)
▪ FMEA/FMECA is the most widely used risk analysis technique
▪ Qualitative
▪ Inductive (consequence analysis)
▪FMEA is often used as a synonym for FMECA. The distinction
between the two terms has become blurred. In this presentation, the
two terms are used indifferently
▪Letter ‘C’ in FMECA indicates that a Criticality Analysis (CA) is
performed with the aim of ranking the various failure modes
FMEA/FMECA
Prof. Enrico Zio
FMEA
▪FMEA is usually carried out by a team of
members with diverse skills (multidisciplinary)
▪If performed as a timely, iterative activity, it is
an effective tool in the decision making process
Design
FMECA Criticalities
Revise
DesignFMECA
LOOP
Prof. Enrico Zio
FMEA
▪Late implementation or restricted
application of the FMEA dramatically limits
its effectiveness in improving the design or
process
▪When any product or process changes are
made, the FMEA is updated and the effects of
new failure modes introduced by the
changes carefully assessed
Prof. Enrico Zio
FMEA: Procedure steps
1. Decompose the system in functionally independent subsystems;
2. For each subsystem identify its mission phases (start-up, regime, shut-down, maintenance, etc.) and configurations (valves open or closed, pumps on or off, etc.);
3. For each subsystem in each of its operation modes, compile a FMEA table
Prof. Enrico Zio
1. Decompose the system in functionally independent subsystems
FMEA: Procedure steps
Prof. Enrico Zio
1. Decompose the system in functionally independent
subsystems
2. Define the mission phases (e.g., start-up, shut-
down, maintenance, etc.) and their expected
durations
FMEA: Procedure steps
Prof. Enrico Zio
1. Decompose the system in functionally independent
subsystems
2. Define the mission phases (e.g., start-up, shut-down,
maintenance, etc.) and their expected durations
3. For every mission phase, define each of the
independent units in terms of:
▪ required functions and outputs
▪ internal and interface functions
▪ expected equipment utilization and performance
▪ Internal and external restraints
FMEA: Procedure steps
Prof. Enrico Zio
1. Decompose the system in functionally independent
subsystems
2. Define the mission phases (e.g., start-up, shut-down,
maintenance, etc.) and their expected durations
3. For every mission phase, define each of the
independent units in terms of:
▪ required functions and outputs
▪ internal and interface functions
▪ expected equipment utilization and performance
▪ Internal and external restraints
4. Construct block diagrams (evidence the
relationships between the items)
FMEA: Procedure steps
Prof. Enrico Zio
Motor
subsystem
Electric
subsystem
EXAMPLE: car
Prof. Enrico Zio
1. Decompose the system in functionally independent
subsystems
2. Define the mission phases (e.g., start-up, shut-down,
maintenance, etc.) and their expected durations
3. For every mission phase, define each of the
independent units in terms of:
▪ required functions and outputs
▪ internal and interface functions
▪ expected equipment utilization and performance
▪ Internal and external restraints
4. Construct block diagrams (highlight the
relationships between the items)
5. Compile the FMEA table
FMEA: Procedure steps
Prof. Enrico Zio
FMEA TABLE
SUBSYSTEM:
OPERATION MODE:
component
Failuremode
Effects on other
components
Effects on
subsystem
Effects on plant
Probability* Criticality+
Detection
methods
Protections and
mitigation
Remarks
Description
Failure modes
relevant for the
operational mode
indicated
Effects of failure
mode on adjacent
components and
surrounding environmen
t
Effects on the
functionality of the
subsystem
Effects on the
functionality and
availability of the
entire plant
Probability of failure
occurrence(sometimes qualitative)
Criticality rank of
the failure mode on the basis
of its effects
and probabilit
y (qualitativ
e estimation of risk)
Methods of
detection of the
occurrence of the failure event
Protections and
measures to avoid the
failure occurrence
Remarks and
suggestions on the need to consider
the failure mode as accident initiator
Probability: negligible, rare, likely, very likely
Criticality: safe, marginal, critical, catastrophic
Prof. Enrico Zio
Failure mode: The manner by which a failure is
observed. Generally, it describes the observable
effect of the mechanism through which the failure
occurs (e.g., short-circuit, open-circuit, fracture,
excessive wear)
component Failuremode
Effects on other
components
Effects on subsystem
Effects on plant
Probability* Severity + Criticality Detection methods
Protection and
mitigation
Description Failure modes
relevant for the
operational mode
indicated
Effects of failure mode on adjacent components
and surrounding environment
Effects on the
functionality of the
subsystem
Effects on the
functionality and
availability of the entire
plant
Probability of failure
occurrence(sometimes qualitative)
Worst potential consequences
(qualitative)
Criticality rank of the
failure mode on
the basis of its effects
and probability (qualitative estimation
of risk)
Methods of detection of
the occurrence of the failure
event
Protections and
measures to avoid the
failure occurrence
FMEA TABLE
Prof. Enrico Zio
component Failuremode
Effects on other
components
Effects on subsystem
Effects on plant
Probability* Severity + Criticality Detection methods
Protection and
mitigation
Description Failure modes
relevant for the
operational mode
indicated
Effects of failure mode on adjacent components
and surrounding environment
Effects on the
functionality of the
subsystem
Effects on the
functionality and
availability of the entire
plant
Probability of failure
occurrence(sometimes qualitative)
Worst potential consequences
(qualitative)
Criticality rank of the
failure mode on
the basis of its effects
and probability (qualitative estimation
of risk)
Methods of detection of
the occurrence of the failure
event
Protections and
measures to avoid the
failure occurrence
Failure effect: the consequence(s) a failure mode has
on the Operation, Function or Status (OFS) of an item
In some contexts, the effects are distinguished in:
•Local effects: on the OFS of the specific item being
analyzed
•Next higher level: on the OFS of the next higher
indenture level
•End effects: on the OFS of the highest indenture level
FMEA TABLE
Prof. Enrico Zio
component Failuremode
Effects on other
components
Effects on subsystem
Effects on plant
Probability* Severity + Criticality Detection methods
Protection and
mitigation
Description Failure modes
relevant for the
operational mode
indicated
Effects of failure mode on adjacent components
and surrounding environment
Effects on the
functionality of the
subsystem
Effects on the
functionality and
availability of the entire
plant
Probability of failure
occurrence(sometimes qualitative)
Worst potential consequences
(qualitative)
Criticality rank of the
failure mode on
the basis of its effects
and probability (qualitative estimation
of risk)
Methods of detection of
the occurrence of the failure
event
Protections and
measures to avoid the
failure occurrence
OUTPUT: suggestions to improve the design and/or remarks of
barriers already considered in the current design
Corrective actions: A documented design, process, procedure, or
materials change implemented and validated to correct the cause of
failure or design deficiency
Compensating provisions: Actions that are available or can be taken
to negate or mitigate the effect of a failure on a system
FMEA TABLE
Prof. Enrico Zio
component Failuremode
Effects on other
components
Effects on subsystem
Effects on plant
Probability* Severity + Criticality Detection methods
Protection and
mitigation
Description Failure modes
relevant for the
operational mode
indicated
Effects of failure mode on adjacent components
and surrounding environment
Effects on the
functionality of the
subsystem
Effects on the
functionality and
availability of the entire
plant
Probability of failure
occurrence(sometimes qualitative)
Worst potential consequences
(qualitative)
Criticality rank of the
failure mode on
the basis of its effects
and probability (qualitative estimation
of risk)
Methods of detection of
the occurrence of the failure
event
Protections and
measures to avoid the
failure occurrence
Criticality Analysis (CA): a procedure by which each
potential failure mode is ranked according to the
considered criticality index.
The objective of CA is to identify the most importantcomponents from the safety/performance point of view
There are different approaches to CA, which depend onthe type of FMECA
FMEA TABLE
Prof. Enrico Zio
EXAMPLE: SMALL EXTERNAL POOL
The water of the pool is in re-circulation through pumps that aspire the water of the
compensation tank making it pass through the treatment organs before throw it
again in the pool.
SYSTEM TO
CORRECT WATER
PH
SYSTEM TO
DISINFECT THE WATER
SYSTEM TO
FILTER
THE WATER
Prof. Enrico Zio
Ex. 1: FMECA
The objective of the FMECA analysis is to identify the possible failure modes
of the different components and their effect to the normal operation that can
contribute to the reduction of the quality of the water.
Criticality
classFrequency
Marginal Reasonably
probable
Marginal Remote
Marginal Probable
Critical Reasonably
probable
Marginal Remote
Prof. Enrico Zio
FMEA: comments
1. Only single failures, except for standby and protection components
2. No common cause failures
3. At system design phase, no components but functions
4. Simple and systematic (computer tools available)
5. Subjective (relies on analyst’s expertise)
6. Often used in support to the construction of FT and for RCM
Prof. Enrico Zio
DIFFERENT TYPES OF FMECA
Prof. Enrico Zio
The way in which the FMEA study is performedstrongly depends on:
▪The objective (Design-FMEA, Process-FMEA)
Causes of the Failure Modes Indenture levels
D-FMEA Due to the concepts of the
design of the product
•System
•Subsystems
•Components
•…
P-FMEA Due to the manufacturing
of the product
•Process
•Process Phase
•Elementary operation
FMECA
Prof. Enrico Zio
Design-FMEAs
The primary objective of a D-FMEA is to uncover
potential failures associated with the current
design of the product that could cause:
▪Product malfunctions.
▪Shortened product life.
▪Safety hazards while using the product.
Design-FMEAs should be used throughout the
design process, from preliminary design until
the product goes into production.
D-FMEA: Improve the design
Prof. Enrico Zio
Process-FMEAsProcess-FMEAs uncover potential failures that can:
▪Impact product quality.
▪Reduce process reliability.
▪Cause customer dissatisfaction.
▪Create safety or environmental hazards.
Ideally, P-FMEAs should be conducted prior to start-up of a new
process, but they can be conducted on existing processes as well.
The focus is the
performance of
the process
Severity ranking
D-FMEA: Improve the process
Prof. Enrico Zio
The way in which the FMEA study is performedstrongly depends on:
▪The objective (Design-FMEA, Process-FMEA)
▪The industrial field (Aerospace, Military, Nuclear,Automotive, Oil & Gas, etc.)
FMEA
Prof. Enrico Zio
▪MIL-STD-1629: “Procedures for performing a failure mode, effects andcriticality analysis”
▪IEC 60812: “Procedures for failure mode and effect analysis (FMEA)”
▪BS 5760-5: “Guide to failure modes, effects and criticality analysis
(FMEA and FMECA)”
▪ECSS-Q-30-02A: Failure Mode and Effect and Criticality Analysis
(FMECA)
▪SAE ARP 5580: “Recommended failure modes and effects analysis
(FMEA) practices for non-automobile applications”
▪SAE J1739: “Potential Failure Mode and Effects Analysis in Design
(Design FMEA) and Potential Failure Mode and Effects Analysis in
Manufacturing and Assembly Processes (Process FMEA) and Effects
Analysis for Machinery (Machinery FMEA)”
▪SEMATECH: “Failure Modes and Effects Analysis(FMEA): A Guide for
Continuous Improvement for the Semiconductor Equipment Industry”
FMEA: the industrial fields
Prof. Enrico Zio
The main difference between the different standards lies in theway in which the Criticality Analysis is performed
In general, the greater the criticality and the more urgent the
need for implementing corrective action
Qualitative Methods: Risk Matrix
Likelihood
Severity
Negligibl
e
Minor Medium Major Severe
Almost Certain M H H VH VH
Likely M M H H VH
Possible L M M H VH
Unlikely L M M M H
Rare L L M M H
LEGEND:
L=Low
M=Medium
H=High
VH=Very High
ALARP: As Low
As Reasonably
Practicable
FMEA: the industrial fields
Prof. Enrico Zio
Quantitative Methods
•RPN=Severity x Probability x Detectability
•Criticality Number (CN): Severity x Probability
•Criticality Index Ic= Σi=1:n λ x αi x βi x t
•λ = failure rate of the item
•αi = portion of the item’s unreliability due to the i-th failure mode
•βi = probability that the i-th failure mode leads to the considered loss (or
severity)
•t = Operating time
•n = number of failure modes of the item
threshold
severity
Rank
Compare to a
threshold
FMEA/FMECA: the industrial fields
Prof. Enrico Zio
The way in which the FMEA study is performed stronglydepends on:
▪The objective (Design-FMEA, Process-FMEA)
▪The industrial field (Aerospace, Military, Nuclear,Automotive, etc.)
▪The design phase (Functional-FMEA, Hardware-FMEA)
FMEA
Prof. Enrico Zio
Variations in design complexity and available data will
generally dictate the analysis approach to be used
Hardware Approach: lists individual hardware items and
analyzes their possible failure modes. It is normally used when
hardware items can be uniquely identified from schematics,
drawings, and other engineering and design data
Functional approach: recognizes that every item is designed
to perform a number of functions that can be classified as
outputs. It is normally used when hardware items cannot be
uniquely identified or when system complexity requires
analysis from the initial indenture level downward. The
outputs are listed and their failure modes analyzed
For complex systems, a combination of the functional and
hardware approaches may be considered
FMEA: the design phase
Prof. Enrico Zio
Functional approach
FMEA: the design phase
Prof. Enrico Zio
The way in which the FMEA study is performedstrongly depends on:
▪1. The objective (Design-FMEA, Process-FMEA)
▪2. The industrial field (Aerospace, Military, Nuclear,Automotive, etc.)
▪3. The design phase (Functional-FMEA, Hardware-FMEA)
▪4. The indenture level (Component-FMEA, System-FMEA)
FMEA
Prof. Enrico Zio
A complex system is made up of a number ofsubsystems and items
In general, the design of a complex system defines therequirements of its subsystems, which are designed bysuppliers according to the corresponding requirements
Each of the suppliers provides a component FMEA,which is used to carry out the System FMEA
FMEA: the indenture levels
Prof. Enrico Zio
Component FMECA:
Example: on-board battery of an aerospace system
FMEA
Prof. Enrico Zio
Component FMECA:
Example: on-board battery of an aerospace system
Fault TreeNeutralization
system
FMEA
Prof. Enrico Zio
▪Ensure that all conceivable failure modes and their effects on
system operational success have been considered
▪FMECA is an essential reliability task, which provides information
to:
1. Assist in selecting design alternatives with high reliability
and high safety potential (early design phases)
2. Develop early criteria for test planning and requirements for
test equipment
3. Provide historical documentation for future reference to aid
in analysis of field failures and consideration of design
changes
4. Provide a basis for maintenance planning
5. Provide a basis for quantitative reliability and availability
analyses
6. Provide a basis for survivability and vulnerability analyses
FMEA: Strength
Prof. Enrico Zio
▪Often used in support to the construction of FT and for
RCM
▪The concept and application are easy to learn, even by a
novice
▪The approach makes evaluating even complex systems
easy to do
▪Computer tools available
FMEA: Strength
Prof. Enrico Zio
▪ No common cause failures
▪ Subjective (relies on analyst’s expertise)
▪ Inadequate attention given to human errors
▪ The approach is not suitable for multiple failures
▪ The FMECA process may be time-consuming and
expensive
FMEA: Weakness
Prof. Enrico Zio
FMEA Example
Consider a ball valve, which is made up of the following subsystems:
Body
Closure
Ball
Stem
Splined Shaft
Miscellaneous parts (Studs,
Keys, etc.)
Stem
Seat Ring
O-Ring
Splined
Shaft
Ball
Body
Bearing
Closure
Stud nut
Drain
Prof. Enrico Zio
Closure
FMEA Example
Perform a FMEA for the following components: Body
Stem
Seat Ring
Severit
y level
5 Major damage to other
systems/ subsystems
4 Major damage to the
considered part
3 Major loss of
performance (intended
use not completely
fulfilled)
2 Small loss of
performance (main
functions not affected)
1 Negligible effects
Stem
Seat Ring
O-Ring
Splined
Shaft
Ball
Body
Bearing
Stud nut
Drain
Prof. Enrico Zio
Severity level
5 Major damage to other systems/ subsystems
4 Major damage to the considered part
3 Major loss of performance (intended use not completely fulfilled)
2 Small loss of performance (main functions not affected)
1 Negligible effects
Likelihood level
H High
M Medium
L Low
R Rare
5 4 3 2 1
H C C C C
M C C C
L C C
R C
Prof. Enrico Zio
Solution
Failure Modes and Effects Criticality Analysis
System: Ball Valve Date: Sheet: 1 of 1
Subsystem: Body Authors:
No FM Cause Local Effect System Effect
Seve
rity
Occ
urr
en
ce
Cri
tica
lity
Compensating Provision/ Mitigation acts
1 Breakage
Incorrect forging process; erroneous design
Pressure drop
external leakage 5 R Yes
Non-destructive tests; qualification test; material acceptance test; calculation procedure in conformity with international standard
2 Warpage
shocks due to external objects; incorrect forging process;
Pressure drop
Possible externalleakage, internal parts jammed 3 R No
Qualification test; material acceptance test
Prof. Enrico Zio
Solution
Failure Modes and Effects Criticality Analysis
System: Ball Valve Date: Sheet: 1 of 1
Subsystem: STEM Authors:
No FM Cause Local Effect System Effect
Seve
rity
Occ
urr
en
ce
Cri
tica
lity
Compensating Provision/ Mitigation acts
1 Breakage
Incorrect forging process; erroneous design
Pressure drop; loss of open/close capability
Loss of open/close capability;external leakage 5 R yes
Non-destructive tests; qualification test; material acceptance test; calculation procedure in conformity with international standard
2 Warpage
Shocks due to external objects; incorrect forging process; Pressure drop
Possible external leakage 3 R No Qualification test; material acceptance test
3 Jamming
Excessive warpage; dirt accretion; small design tolerance; center thrown off; inadequate coating
Excessive maneuver torque
Loss of open/close capability 4 L Yes
design verification; acceptance test
4 Corrosion
dirt accretion; center thrown off; chemically harsh fluids
Excessive maneuver torque;pressure drop
Possible external leakage, internal parts jammed 4 L Yes
Analysis of customer's requirements; welding facing
Prof. Enrico Zio
Solution
Failure Modes and Effects Criticality Analysis
System: Ball Valve Date: Sheet: 1 of 1
Subsystem: seat ring Authors:
No FM Cause Local Effect System Effect
Seve
rity
Occ
urr
en
ce
Cri
tica
lity
Compensating Provision/ Mitigation acts
1 Breakage
Mounting error; manufacturing errors; incorrect design; Pressure drop
Loss of open/close capability; 4 L Yes
Training of personnel; qualification test; material acceptance test; design verification
2 Corrosion
dirt accretion; chemically harsh fluids
Internal leakage; pressure drop
Excessive maneuver torque; 3 L No
Attention paid to material analysis during design and acceptance test;
Prof. Enrico Zio
Questions: Audi A4L
Basic version
31.200
Ultimate version
53.400
Prof. Enrico Zio
Questions
Basic version
31.200Ultimate version
53.400
Heated seat
Independent
air
conditioning
Dolby 7.1
sound
LED
headlamps
Prof. Enrico Zio
Questions
Basic version =22.200Ultimate version -
22.200
10.000
Basic version
Ultimate version
Heated seat
Independent
air
conditioning
Dolby 7.1
sound
LED
headlamps
Refit of Basic version!!
Prof. Enrico Zio
Questions
“Cheap Ultimate”
Basic version+10,000
41.200
“true Ultimate”
53.400
Two choices
Prof. Enrico Zio
Questions
“Cheap Ultimate”
Basic version+10,000
41.200
“true Ultimate”
53.400
After 3 years…
Prof. Enrico Zio
Questions
“Cheap Ultimate”
Basic version+10,000
41.200
“true Ultimate”
53.400
Without FMECA to the new
components bring by refit.
Unknown potential risk
and hazard!
With FMECA to the all the
components.
Price of FMECA!
53.400-41.200=12.200