12

Failure modes and effects analysis

(FMEA) and failure modes, effects
and criticality analysis (FMECA)

Chapter outline

12.1 Definition ............................................................................................................................. 103

12.2 Description ........................................................................................................................... 103
12.3 Resource requirements ....................................................................................................... 105
12.4 Timing .................................................................................................................................. 105
12.5 Advantages, disadvantages and uncertainties ................................................................. 105
Advantages ...........................................................................................................................105
Disadvantages .......................................................................................................................105
Uncertainties .........................................................................................................................106
12.6 Applications ......................................................................................................................... 106
Example 12.1 ........................................................................................................................106
Example 12.2 ........................................................................................................................106
References .................................................................................................................................... 109

12.1 Definition
A FMEA considers in a systematic and rigorous manner all of the possible single failure
modes of the individual plant items and elements in a system. The effects of each failure
on the item itself and on the rest of the system are identified and recorded. The analysis is
usually carried out by a small team who should have detailed knowledge of the equip-
ment. In a FMECA the criticality of the consequences and likely frequency are also
assessed and recorded.

12.2 Description
FMEA is a thorough but time-consuming method of hazard identification. It takes a
selected part of a system, usually a piece of hardware, and aims to examine every failure
mode of every item and element within it. For each failure mode the consequences must
be determined so that the adequacy of the response to this failure can be decided. It is a
well-established method and there is ample guidance available in the literature [1–3]. The
pattern of analysis is first to define the boundary for the study, decide the depth of analysis
A Guide to Hazard Identification Methods. https://doi.org/10.1016/B978-0-12-819543-7.00012-4 103
© 2020 Elsevier Inc. All rights reserved.
104 A Guide to Hazard Identification Methods

and then to obtain necessary documentation. There must be a defined physical boundary
that is usually the physical boundary of the hardware item. Any interfaces with the rest of the
system, for example the services, must be identified. A full description of the system, its
operation and its situation, similar to that needed for a HAZOP study, is required. Key items
of documentation will include the equipment drawings and manuals and information on
protective systems so that effects of failures can be fully evaluated. In a full examination it
will also be necessary to look at the possible failures of the services (electrical, instrument
air, steam, cooling water, etc.). To cover these adequately it is essential that the team mem-
bers have knowledge of the system, including its operational history and failure modes.
Next a small team, typically the leader and two others with a suitable range of technical
knowledge and experience, works through the system in a logical and systematic manner,
for example working downstream item by item. A good team would include an engineer
familiar with the design and operation of the system and an instrument and control spe-
cialist. The leader would take responsibility for the organisation, recording and reporting
of the study. The leader should also contribute to the technical analysis.
For each item the team should consider its function and identify every possible failure
mode. They then consider the consequences, both for the item itself as well as for the sys-
tem as a whole. The analysis and recording can vary in detail; the usual headings include:

• Component Identifier and description; function.

• Failure mode As well as fail safe, fail danger, fail degraded and fail neutral, the categories may
include failure to start, failure during operation, failure to stop and premature
operation.
• Effects This should cover the item itself and other components, as well as the effects
on the whole system.
• Safeguards Either here, or separately, the means of detection may be recorded.
Compensating provisions against failure can also be noted.
• Actions The comments and recommendations of the team.

Some of the above headings may be treated separately.

Additional headings can be:

• Failure Revealed, unrevealed, degraded or incipient.

nature
• Cause It is not essential to record this but it can be helpful and it will certainly be
needed if failure frequencies are to be estimated. Categories normally include
specification, design, manufacture, installation, operation, maintenance,
environment and outside forces.
• Frequency The estimated frequency of failure must be estimated if a criticality analysis is
being done (FMECA). A 4 or 5 point scale is normally used.
• Hazard A ranking of the consequences on a 4- or 5-point scale. This may be done
category separately for different types of consequence, e.g. injury/death, production
loss, equipment damage, environment, etc.
 Chapter 12 • FMEA and FMECA 105

In a FMECA the allocation of the frequency and hazard category values is most
efficiently done at the end of a session to encourage consistency. Using a 4  4 or 5  5 grid,
a criticality rating can be assigned to each failure mode.

12.3 Resource requirements

Manpower: An experienced analyst or, more beneficially, a small team of engineers, one of
whom may act as scribe, with a thorough understanding of the design and function of the
system and its components.
Data: A detailed set of diagrams with supporting documentation to provide a full and
clear description of the system and its workings. For a FMECA, failure rate and conse-
quence data are needed. As with the FTA, obtaining high-quality failure rate data may
be difficult and, in order to work with valid data, it may be necessary to work at a general
level rather than at a very detailed level.
Software: A number of dedicated software aids are available to help with the recording
of the study but a simple spreadsheet can also be used.

12.4 Timing
FMEA may be used for detailed analysis during the equipment selection or the design
stages of a new project. It may also be used to assist in the understanding of an accident.

12.5 Advantages, disadvantages and uncertainties

Advantages
• It is an effective method for the identification of hazards associated with mechanical
and electrical equipment failures, including reliability problems.
• It is not difficult to apply and the results are easily understood.
• The analysis can highlight both local and general system failures.
• An FMEA on an engineering item is the equivalent of a HAZOP study of a P&ID.
• The manpower requirements are less than those for a HAZOP study.
• A semi-quantitative ranking of the hazards can be produced.

Disadvantages
• The technique is not the most effective at identifying combinations of failures or when
the hazard comes from the whole process although a good team can be expected to
identify some combinations.
• The technique concentrates on the equipment and does not address operational
errors.
106 A Guide to Hazard Identification Methods

• The analyst(s) must be familiar with equipment functions and failure modes and be
able to derive the effects on other sections of the system.
• When applied by a single analyst the technique may miss important interactions.

Uncertainties
• The value of a FMECA will be limited if the available data are of poor quality and lack
robustness or relevance.

12.6 Applications
The potential range of applications is very wide, ranging from a small item of equipment
to a process unit containing many components. It can be very useful in investigation of
incidents or in the analysis of a new design. However, as it is a time-consuming method
it should be used with discrimination.

Example 12.1
The following is an example of a FME(C)A in operation. The numbers used have been cho-
sen as realistic but are not actual values from databases. Deliberately, a very simple exam-
ple has been chosen. This results in a short, easily understood table, but one that still
illustrates the insights this method can give.
The example is based on the most simple and easy-to-understand piece of engineering;
a nut and bolt used to close a flange in a pipe carrying propane. The nut has two elements,
the body and the thread. The bolt has three elements, the head, the shank and the thread.
In general a FMECA analysis would take the whole nut plus bolt as a unit; however, for
illustrative purposes it has been subdivided into five elements.
In Table 12.1, columns A, B, C, D and I are normally to be filled in but columns E, G and
H will be needed for the Criticality analysis and column F may be used for assessment of
improvements.
This analysis shows that the nut and bolt as a unit are not ‘critical’ but that they should
be treated with the appropriate skills and care. Failure is unlikely to be catastrophic pro-
vided that the pressure testing is carried out properly.
Another Example is based on a real event over 30 years ago and so does not refer to
Buncefield.

Example 12.2
The level measurement in a liquid storage tank operating at atmospheric pressure utilised
a follower or float located in a vertical guide tube perforated every 0.5 m. The location of
the follower or float was detected acoustically and a signal sent to the control centre.
(Variants will include a measurement by storage of tape or wire on a reel.) The detector
was sealed at atmospheric pressure.
Table 12.1 Illustrative FME(C)A analysis.
A B C D E F G H I
Failure Criticality
Component Failure Mode Effect Safeguards Nature Cause Frequency Category Action
–5
1 Nut—head Flats damaged 1 Nut may not be 1 Pressure 1 Revealed Poor fitting 10 per Medium 1.1 Ensure that the
during fully tight. Flange test after 2 Degraded. and bolt. 10–1 correct tools are used
tightening. may leak process tightening. supervision. per plant 2 during maintenance.
fluids, so resulting 2 Nut can be year. 1.2 Ensure that the pipe
Fails danger or in a small fire. cut off. fitters are properly
neutral. 2 Nut and bolt 3 ESD trained.
cannot be 1.3 Ensure that all joint
untightened broken are pressure
tested to the full
operating pressure.
2 Nut—threads Corrosion due Joint starts to leak 1 Revealed Rain water 10–2 per Medium 2.1 Use “thread guard”
to crevice initially as a slow attack. plant year. or grease to protect the
corrosion. drip but then Condensation 2 threads.
worsens. on cold
Fails danger. surfaces.
3 Nut—threads Overtightened Joint integrity 1 Pressure 1 Degraded Poor torque 10–2 for Low 3.1 Use preset torque
degraded.Joint test after 2 Danger control. large bolts “impact wrenches.”
Fails danger may leak on line. fitting. per plant 1
2 ESD year.
4 Nut—threads Cross- Joint cannot be 1 Pressure 1 Revealed Poor fitting. 10–1 per Medium/low 4.1 There is no real
threaded. tightened. test after 2 Degraded plant year. as the fault action other than to use
fitting. will be experienced craftsmen.
Fails danger. 2 Nut can be obvious to
cut off. the pipe
3 ESD fitter.
1
5 Nut—threads Galled. Nut cannot be ! Nut can be Unrevealed Poor materials 10–1 per Low 5.1 Consider the
removed when cut off. initially but specs. plant year benefits of “thread
Fails safe. required. revealed at 1 guard” and review the
maintenance. piping material
specification for detail
on galling.
6 Bolt—shank Over tightened See 3 above See 3 above See 3 above See 3 above See 3 above See 3 above 6.1 See 3 above
See 3 above and the bolt is
yielded.
7 Bolt—head See 1 above See 1 above See 1 above See 1 above See 1 above See 1 above See 1 above See 1 above
8 Bolt—thread See 2 above See 2 above See 2 above See 2 above See 2 above See 2 above See 2 above See 2 above
9 Bolt—thread See 3 above See 3 above See 3 above See 3 above See 3 above See 3 above See 3 above See 3 above
10 Bolt—thread See 4 above See 4 above See 4 above See 4 above See 4 above See 4 above See 4 above See 4 above
11 bolt—thread See 5 above See 5 above See 5 above See 5 above See 5 above See 5 above See 5 above See 5 above
fitting, workmanship; specs, specification; ESD, emergency shutdown.
Table 12.2 FMEA for a float level measurement.
A B C D E F G H I
Failure Criticality
Component Failure Mode Effect Safeguards Nature Cause Frequency Category Action

1 Follower Sticks in guide tube Level not detected Non Danger 1 Rust in guide Unknown High 1.1 Devise a credible test
tube procedure
Unrevealed Tank overflow or low level 2 Too tight fit of 1.2 Fit a diverse level measurement
follower in tube 1.3 Check the installation as fitted
for clearances
1.4 Check for weld protrusions and
burrs in tube
1.5 Ideally use drawn piping
2 Follower Is holed and sinks Indicates low level when the tank Non see Danger Holed by Unknown High 2.1 As above
may be overflowing actions corrosion or 2.2 Review materials of construction
Unrevealed above wear
3 Follower Reaches the top of the Level does not appear to change as Non Danger Incomplete Unknown High 3.1 Inspect the guide tube when
perforations in the the gas is compressed into a dead perforating of fitted in place
guide tube pocket guide tube Treat the perforations as a high
Tank overflows priority
Degraded This might also be identified during a
HAZOP
4 Guide tube Perforation incomplete A s above As above As As above As above As above As above
above
Degraded
5 Guide tube Corrosion Level not detected Non Danger Follower jams in Unknown High See 2.2
Process upset corrosion
Degraded products
6 Acoustic Wear and tear Level not detected Non Danger Level goes Unknown High See 1.1 and 1.2
detector Tank overflows or process upset ‘blind’
Degraded, unrevealed
7 Acoustic Damaged due to impact Tank overflows or process upset Non Danger As above Unknown High 7.1 review physical protection to
detector detector. Should it be fitted into a
Degraded, unrevealed protective box
8 Acoustic Damaged power supply Tank overflows or process upset Non Danger Level goes Unknown High 8.1 review physical protection to
detector ‘blind’ power supply and also reliability of
supply
9 Signal As above As above Non Danger As above Unknown High 9.1 See 7.1 and apply to transmitter
transmitter 9.2 See 8.1 and apply to transmitter
 Chapter 12 • FMEA and FMECA 109

Graphically the level measurement would look as shown. There are only four compo-
nents, the guide tube, the follower or float inside the guide tube and the acoustic detector
and the transmitter to the control centre (Table 12.2).
As indicated above this was a real event and the guide tube perforation was incomplete.
The top 1 m of tube was not perforated resulting in a tank over flow. While with hind sight
the FMEA has produced the correct answer it would have generated questions if applied
before the event.
Actions 1.1, 1.2, 1.3, 1.4, 1q.5, 7.1, 8.1, 9.1 and 9.2 are all good practice.

References
[1] S. Mannan (Ed.), Lees Loss Prevention in the Process Industries, fourth ed., Butterworth-Heinemann,
2012.
[2] G. Wells, Hazard Identification and Risk Assessment, IChemE, Rugby. ISBN: 0-85295-353-4, 1996.
[3] BS 5760 Part 5, Guide to Failure Modes and Criticality Analysis, ISBN: 0-580-19660-7, 1991.