Every month in FMEA Corner, join Carl Carlson, a noted expert in the field of FMEAs and facilitation, as he addresses a different FMEA theme (based on his book Effective FMEAs) and also answers your questions.
Questions and answers are a great way to learn about FMEAs, for both experienced and less experienced FMEA practitioners. Please feel free to ask any question about any aspect of FMEAs. Send your questions to Carl.Carlson@EffectiveFMEAs.com, and your contact information will be kept anonymous. All questions will be answered, even if they are not included in the FMEA Corner.
Se·ve·ri·ty [suh-ver-i-tee, noun]
In an FMEA, Severity is a ranking number associated with the most serious effect for a given failure mode, based on the criteria from a severity scale. It is a relative ranking within the scope of the specific FMEA and is determined without regard to the likelihood of occurrence or detection.
FMEA Tip of the Month
Tip 1: In the case of items that are redundant, and there is no detection or no warning that a redundant item has failed, the severity should be assessed as if all of the redundant items have failed.
Tip 2: If the effect is well defined, the severity is easily established by reviewing the severity scale criteria. Difficulty identifying the severity ranking is usually due to an improperly defined effect or inadequate severity scale criteria.
First, examine the severity scales shown next.
Design FMEA Severity Scale
Process FMEA Severity Scale
Next, using the severity scales shown above, select an appropriate severity ranking for the following examples of effects:
Problem (refer to the Design FMEA severity scale):
Answer: Severity ranking 10 (potential accident without warning, during steering maneuvers)
Problem (refer to the Design FMEA severity scale):
Answer: Severity ranking 8 (loss of primary function: pulverizing rocks)
Problem (refer to the Process FMEA severity scale):
Answer: Severity ranking 8 (When there are multiple effects, best practice is to use the worst case. In this example, both effects are consistent with severity 8.)
Problem: Is action always required on high-severity issues? What if severity is high (9 or 10 on a severity scale of 1 to 10), and the occurrence and detection rankings are both low? Is action still required? [Show/Hide Answer]
Answer: This question is best answered by reviewing the general approach for high-severity issues. (More Information about specific action strategies to reduce severity, occurrence or detection risk can be found in section 7.3 of Effective FMEAs.)
- If severity is 9 or 10, the team must first attempt to lower the severity ranking, such as by design change.
- If lowering the severity risk is not possible or feasible, the FMEA team must confirm and verify that the occurrence and detection rankings are as low as possible (preferably 1), or they must take all action necessary to achieve the lowest possible occurrence and detection rankings.
- The FMEA team should obtain management's concurrence and support before determining that no further action is required.
- Both management and the FMEA team must agree that everything possible has been done to prevent safety problems within the design life of the product or during the manufacturing process.
Problem: A fail-safe design is one that, in the event of failure, responds in a way that will cause minimal harm to other devices or danger to personnel. "Fail-safe" does not mean that failure is improbable; rather, it means that a system's design mitigates any unsafe consequences of failure. In FMEA language, a fail-safe design reduces the severity of the effect to a level that is safe.
The following examples of fail-safe designs were selected randomly from Wikipedia. Try to identify at least one fail-safe strategy for each failure scenario.
An aircraft landing on an aircraft carrier is assisted with arresting wires to slow landing speed. If the arresting wires fail to capture the plane, the aircraft can overshoot the carrier with potential catastrophic loss of aircraft and harm to pilot. What fail-safe strategy will minimize this potential danger? [Show/Hide Answer]
Answer: Implement the following strategy: Aircraft landing on an aircraft carrier increases the throttle to full power at touchdown. If the arresting wires fail to capture the plane, it is able to take off again.
During normal use of lawnmowers, if the operator stumbles or falls, the blades can cause severe harm. What fail-safe strategy will minimize potential harm? [Show/Hide Answer]
Answer: Require lawnmowers to have a hand-closed lever that must be held down at all times. If it is released, it stops the rotation of the blades. This is also called a "dead man's switch."
Many air brake systems on large trucks operate on a principle where compressed air pressing on a piston is used to apply the pressure to the brake pad needed to stop the vehicle. Should a brake line split, complete loss of brakes is possible. What fail-safe strategy will minimize harm to the driver? [Show/Hide Answer]
Answer: The following strategy is common for air brakes on large trucks. The brakes are held in the "off" position by air pressure created in the brake system. Should a brake line split, the air pressure will be lost and the brakes applied. Using this strategy, a serious leak in the air brake system will activate the brakes on the truck.
If faults occur with traffic signals, it may be possible for conflicting signals, such as showing green in all directions. What fail-safe strategy can be employed to minimize the danger of conflicting signals at traffic intersections? [Show/Hide Answer]
Answer: Traffic light controllers use a Conflict Monitor Unit to detect faults or conflicting signals and switch an intersection to all flashing red, rather than displaying potentially dangerous conflicting signals (e.g., showing green in all directions).
Electrical appliances can experience short circuits with potential for overheating and fire. What fail-safe strategy can be used to minimize danger to appliances and users? [Show/Hide Answer]
Answer: Most electrical appliances are protected from short circuit with fuses. The destruction of the fuse will prevent destruction of the device.
I've always wanted to know about FMEAs
If I had an hour to
solve a problem and my life depended on the solution, I would spend the
first 55 minutes determining the proper question to ask… for once I know
the proper question, I could solve the problem in less than five minutes.
- Albert Einstein
A HotWire reader submitted the following question to Carl Carlson. To submit your own question about any aspect of FMEA theory or application, e-mail Carl at Carl.Carlson@EffectiveFMEAs.com.
What is the difference between prevention controls, detection controls, and recommended actions? I can discern between prevention and detection controls pretty well, such as following a design-engineering standard (prevention control) versus conducting a prescribed test (detection control). I am having a hard time discerning a detection control versus a recommended action. To me, they seem interchangeable. I need to get a good understanding of this, because this will dictate how data is brought into the DVP&R, which leads me to a very similar topic.
There are different ways to have the Xfmea software bring prevention controls, detection controls, and recommended actions in to the DVP&R. Can you provide some examples of how to set up a good DVP&R in the software?
Carl: That is a very good question. The primary difference between controls (both prevention-type and detection-type) and recommended actions is whether the task/method is "currently planned or in place." If the task/method is currently planned or in place, it should be in the controls column. If it is not currently planned or in place, it must be in the recommended actions column. The reason for this has to do with the objective of controls versus the objective of recommended actions.
Controls are used in the FMEA to support the risk ranking for occurrence (prevention-type controls) or detection (detection-type controls). They are also useful in developing the Design Verification Plan. Any task/method that is not currently planned or in place will not be part of the occurrence or detection risk assessment. The objective of recommended actions is to identify all actions that are needed to reduce risk to an acceptable level. The recommended actions could be changes to current designs, or they could be tests or other changes that reduce risk. They are assigned a person to implement and given other project management enablers, such as target completion date.
In response to your second question, the most common practice for developing a Design Verification Plan (DVP) with Xfmea is to bring in (sync) the following information from the Design FMEA to the DVP:
- All detection-type controls
- All recommended actions with "testing" category
If you synchronize those items, you will have the beginning of a DVP. The rest of the DVP will need to be filled out by test engineers. You can configure the columns of the DVP worksheet in the project properties feature of Xfmea.
About the Author
Carl S. Carlson is a consultant and instructor in the areas of FMEA, reliability program planning and other reliability engineering disciplines. He has 35 years of experience in reliability testing, engineering and management positions, and is currently supporting clients from a wide variety of industries, including clients of HBM Prenscia. Previously, he worked at General Motors, most recently senior manager for the Advanced Reliability Group. His responsibilities included FMEAs for North American operations, developing and implementing advanced reliability methods and managing teams of reliability engineers. Previous to General Motors, he worked as a Research and Development Engineer for Litton Systems, Inertial Navigation Division. Mr. Carlson co-chaired the cross-industry team that developed the commercial FMEA standard (SAE J1739, 2002 version), participated in the development of SAE JA 1000/1 Reliability Program Standard Implementation Guide, served for five years as Vice Chair for the SAE's G-11 Reliability Division and was a four-year member of the Reliability and Maintainability Symposium (RAMS) Advisory Board. He holds a B.S. in Mechanical Engineering from the University of Michigan and completed the 2-course Reliability Engineering sequence from the University of Maryland's Masters in Reliability Engineering program. He is a Senior Member of ASQ and a Certified Reliability Engineer.
Selected material for FMEA Corner articles is excerpted from the book Effective FMEAs, published by John Wiley & Sons, ©2012. Information about the book Effective FMEAs, along with useful FMEA aids, links and checklists can be found on www.effectivefmeas.com. Carl Carlson can be reached at firstname.lastname@example.org.