TI 184623

PEMELIHARAAN DAN TEKNIK KEANDALAN

Failure Evaluation
(Hazard Analysis)

NANI KURNIATI, PhD

DEPARTMENT OF INDUSTRIAL AND SYSTEMS ENGINEERING

INSTITUT TEKNOLOGI SEPULUH NOPEMBER (ITS)

Industrial and Systems Engineering ITS

 R= A x R / (k)
Industrial and Systems Engineering ITS

Risk = (Hazard x Vulnerability) / capability

A
man
C ekala

B
ayaha
1. Apa ancamannya?
2. Apa kerentanannya?
3. Elemen yang terpapar risiko?
4. Apa saja kemampuannya?
5. Kampung yang paling berisiko?
2
Nani Kurniati, PhD
 Approaches to Hazard Analysis
Industrial and Systems Engineering ITS

• Failure Modes and Effects Analysis (FMEA).

• Failure Modes, Effects and Criticality Analysis
(FMECA).
• Root Cause Analysis (RCA)
• Fault Tree Analysis (FTA)
• Hazard and Operability Studies (HAZOP)
• Event Tree Analysis (ETA)
• etc

Nani Kurniati, PhD

FAILURE MODE AND EFFECT
(CRITICALITY) ANALYSIS –
FMEA/FMECA
Industrial and Systems Engineering ITS
 FMEA/FMECA
Industrial and Systems Engineering ITS

• Failure Modes and Effects (Critically) Analysis

• Use Bottom-up method to analyze the effect of component
failure
• Presented in tabular format:
– Failure Mode
– Cause of Failure
– Effect on System
– Method of Control
• Risk assessment (criticality)
– Severity (S) – seriousness of effect of failure
– Occurrence (O) – likelihood of failure
– Detection (D) – ability to detect failure
– Risk Priority Number (RPN) = (S) x (O) x (D)
• Assign numerical values (e.g., 1-10) for (S), (O) and (D)
• Prioritize risks by RPN

Nani Kurniati, PhD

 Industrial and Systems Engineering ITS

Failure mode

Nani Kurniati, PhD

Industrial and Systems Engineering ITS

1. Function mechanism
2. Failure mechanism

Nani Kurniati, PhD

 FMECA Flow Chart
Industrial and Systems Engineering ITS

Assign a label to each process or system component

List the function of each component

List potential failure modes

Describe effects of the failures

Determine failure severity

Determine probability of failure

Determine detection rate of failure

Assign RPN

Take action to reduce the highest risk

Nani Kurniati, PhD

 Design FMEA
Item and Potential Potential Ñ S Potential O Detection D R Recommended
Function Failure Effects of E Cause(s) C Method & E P Actions
Mode Failure V of Failure C Quality T N
Controls
List Part List the List the List those List these List them for
Name, possible consequences such as: measures each of the
Number modes of of failure on inadequate available to failure modes
and failure part function design, detect identified as
Function and on the improper failures being
next higher materials, before they significant by
assembly etc. reach the the RPN
customer

= Critical characteristic which may effect safety, compliance with

Gov. regulations, or require special controls.
SEV = Severity rating (1 to 10)
OCC = Occurrence frequency (1 to 10)
DET = Detection Rating (1 to 10)
RPN = Risk Priority Number (1 to 1000) = S x O x D
 Design FMEA
Industrial and Systems Engineering ITS

Failure effect
Failure
No Function Failure Cause Higher
Mode Local effect End effect
level

Risk
Occurrenc
Failure Failure Detecti Priority
No. Function Severity e
Mo de Cause on Number
Likelihood
(RPN)

Failure effect
Functio Failure Failure
No Kompon Failure
n Mode Local Higher End detection
. en Cause
effect level effect method

Nani Kurniati, PhD

 FMEA Worksheet
Industrial and Systems Engineering ITS

• Nomor identifikasi :nomor fungsi peralatan dan diatur dengan aturan pengkodean sistem.
• Identifikasi fungsi/jenis : Nama dari jenis atau sistem fungsi yang akan dianalisa
• Fungsi : bagaimana perangkat keras tersebut melakukan fungsinya.
• Failure mode and cause : Bagaimana kerusakan terjadi. Tipe kerusakan secara garis besar
meliputi : Operasi premature. Kerusakan operasi dalam waktu tertentu, Operasi sesaat,
Kehilangan output, Degradasi output atau kapabilitas operasional, Kondisi kerusakan unik
yang lain.
• Operation mode : ringkasan dari fase tugas dan bagaimana beroperasi ketika kerusakan
muncul.
• Efek kerusakan : Konsekuensi dari setiap kerusakan dalam operasi, fungsi, dan status
harus diidentifikasi dan dievaluasi, ini meliputi :Efek lokal (dampak dari kerusakan pada
jenis tersebut), Next higher level (dampak kerusakan yang dapat terjadi pada level
diatasnya), Efek akhir (efek keseluruhan dari sistem operasi, misalnya : kematian,
kerusakan, atau dampak lingkungan).
• Metode deteksi kerusakan : Bagaimana operator dapat mengetahui adanya kerusakan
harus dilaporkan, ini meliputi indikasi dan isolasi
• Ketetapan kompensasi : Meliputi ketetapan rancangan atau tindakan operator yang akan
dilakukan jika regulasi atau pengurangan dampak telah didefinisikan dan dievaluasi
• Klasifikasi tingkat kepentingan : Tingkat kepentingan dari kerusakan harus juga
dikategorikan dalam level tinggi, rendah, atau medium

Nani Kurniati, PhD

 Critically Analysis
Industrial and Systems Engineering ITS
Merupakan suatu bagian
analisa yang digunakan untuk
membuat peringkat setiap
failure mode potensial yang
telah didefinisikan dalam
FMEA berdasar pada
kombinasi ketergantungan dari
klasifikasi tingkat kepentingan
dan probabilitas
kemunculannya. Dalam analisa
ini dapat dilakukan dengan
dua pendekatan berdasarkan
kesediaan datanya, yaitu
kuantitatif dan kualitatif.
Pendekatan kualitatif
• Jika tidak ditemukan data konfigurasi komponen
spesifik atau tingkat kerusakan maka dilakukan
penilaian kemungkinan kemunculan kerusakan.
• Level kemunculan kerusakan tersebut
diklasifikasikan
Level Tipe Probability of Occurances
A Frequent > 0,2
B Reasonably probable 0,1 - 0,2
C Occasional 0,01 – 0,1
D Remote 0,001 – 0,01
E Extremely Unlikely < 0,01
Pendekatan kuantitatif
• Dalam pendekatan ini dipakai sumber data
tingkat kerusakan dan panduan MIL-HDBK-217.
Nani Kurniati, PhD
 CA Worksheet
Industrial and Systems Engineering ITS

• Papan kerja critically analysis

• Failure mode ratio (α)
meliputi beberapa item pada FMEA Kolom ini ialah probabilitas dalam
dan analisa kritis, tambahan kolom sebuah fraksi desimal bahwa
tersebut meliputi: komponen atau iten akan rusak. Jika
• Failure probability/failure rate : sumber data tidak ada nilainya
Kolom ini harus diisi karena untuk dapat diambil dari penilaian
pengisian kolom critically numbers. kualitatif analis.
• Failure effect probability (β) :Nilai • Part failure rate (λp)
probabilitas dampak kerusakan akan Merupakan prediksi kehandalan
atau dihitung melalui prosedur
dihasilkan untuk mengidentifikasi dalam MIL-HDBK 217, dimana
klasifikasi tingkat kritis kerusakan. meliputi : faktor aplikasi(πA), faktor
Falure Effect β value lingkungan(πE), T-faktor diamana
Actual loss 1 akan diaplikasikan dalam base
Probable loss 0,1 – 1 failure rate (λB).
Possible loss 0 - 0,1 • Waktu operasi (t)
No effect 0 Menyatakan lamanya peralatan
dioperasikan dalam jam.

Nani Kurniati, PhD

 CA Worksheet
Industrial and Systems Engineering ITS

• Failure mode critically number (Cm)

Merupakan nilai kritis untuk setiap failure
mode, formulanya dapat ditulis :

Probabilitas Level Kemunculan

A
Cm = βα λp t

ity
• Item critically numbers (Cr)

al
B

itic
Cr
Merupakan nilai kritis untuk setiap

g
sin
C
peralatan atau item, formulanya dapat

ea
cr
ditulis :

In
D
Cr = ∑(βα λp t)n
n = failure mode E
• Critically matrix : perbandingan antara IV III II I
setiap failure mode terhadap derajat Klasifikasi Tingkat Kepentingan
kepentingan.

Nani Kurniati, PhD

 Consequence/Severity Level
Industrial and Systems Engineering ITS

Seve Diskripsi Definisi level Aplikasi Severit Diskripsi Definisi level Aplikasi
rity level untuk y level level untuk
level kelompok kelompok
fungsi konsekue
nsi fungsi
1 Minor,ta Tidak berfungsi, waktu Pemindaha 1 Minor,tak Respon menurun Penahan.
k berarti tunggu operasi tidak n, berarti atau hilang
berarti pengendali
, proses 2 Mayor, Respon terbatas
2 Mayor, Tidak berfungsi, produksi. marginal atau durasi pendek
marginal pengukur kegagalan
tidak berfungsi, 3 Signifikan, Komitmen
membuat proses berbahaya personel dan
menunggu sumber daya
menurun
3 Signifika Fungsi menurun atau signifikan
n, rusak, proses
4 Catastrophi Kehilangan
berbahay menunggu
c penahan
a
keseluruhan dan
4 Catastrop Fungsi rusak dampak
hic keseluruhan lingkungan

Nani Kurniati, PhD

 Consequence/Severity Level
Industrial and Systems Engineering ITS

Aplikas Aplikasi
Sev i Untuk untuk
eri Kelomp Sev
Diskripsi kelompo
ty Definisi level ok erity Diskripsi
level Definisi level k
lev Konsek leve level
konsekue
el uensi l
nsi
Fungsi fungsi
Dampak pada personel Tidak ada kerusakan pada
Minor,tak
1 dan tidak ada dampak Minor,tak peralatan dan ruangan,
berarti 1
pada masyarakat berarti tidak ada operasi yang
Perlakuan pengobatab menunggu
Mayor,
2 profesional tapi tidak
marginal
pada masyarakat Mayor, Kerusakan peralatan,
Kesela 2
marginal operasi menunggu Ledakan
Cidera serius pada matan atau api
Signifikan
personel dandampak
3 ,
pada masyarakat Signifikan, Ada dampak kerugian
berbahaya 3
terbatas berbahaya sistem atau lini

Catastrop Fatal pada personel Catastrophi

4 4 Kerusakan total
hic dan pada masyarakat c

Nani Kurniati, PhD

 Probability of Failure (Frequency, Likelihood)
Industrial and Systems Engineering ITS

Diskripsi Definisi

Improbable Fewer than 0.001 events/year

Remote 0.001 to 0.01 events/year

Occasional 0.01 to 0.1 events/year

Probable 0.1 to 1 events/year

Frequent 1 or more events/year

Nani Kurniati, PhD

 Risk Matrix
Industrial and Systems Engineering ITS

PROBABILITY OF FAILURE
SEVERITY LEVEL
Improbable Remote Occasional Probable Frequent

4 Medium High High High High

3 Low Medium High High High

2 Low Low Medium High High

1 Low Low Low Medium Medium

Nani Kurniati, PhD

ROOT CAUSE ANALYSIS (RCA)

Industrial and Systems Engineering ITS

 Root Cause Analysis (RCA)
Industrial and Systems Engineering ITS

For Every Effect, there exists a basic Cause

• A systematic approach in identifying the basic
or root cause of a problem or and
undesirable condition so that actions may be
taken to eliminate the cause
• Cause-Effect Diagram (Fishbone Diagram)

Investigating Causes of
Failures & Mishaps

Like icebergs, most of the problem is usually below the surface!

Nani Kurniati, PhD

 Definitions
Industrial and Systems Engineering ITS

Proximate Cause(s) (Direct Cause)

• The event(s) that occurred, including any condition(s) that existed immediately before
the undesired outcome, directly resulted in its occurrence and, if eliminated or
modified, would have prevented the undesired outcome.
• Examples of proximate causes:
Equipment Human
• Arched • Pushed incorrect button
• Leaked • Fell
• Over-loaded • Dropped tool
• Over-heated • Connected wires
Root Cause(s)
• One of multiple factors (events, conditions or organizational factors) that contributed
to or created the proximate cause and subsequent undesired outcome and, if
eliminated, or modified would have prevented the undesired outcome. Typically
multiple root causes contribute to an undesired outcome.
Organizational factors
• Any operational or management structural entity that exerts control over the system
at any stage in its life cycle, including but not limited to the system’s concept
development, design, fabrication, test, maintenance, operation, and disposal.
• Examples: resource management (budget, staff, training); policy (content,
implementation, verification); and management decisions.

Nani Kurniati, PhD

 Definitions
Industrial and Systems Engineering ITS

Root Cause Analysis (RCA)

• A structured evaluation method that identifies the root causes for an undesired outcome and the actions
adequate to prevent recurrence. Root cause analysis should continue until organizational factors have
been identified, or until data are exhausted.
• RCA is a method that helps professionals determine :
• What happened.
• How it happened.
• Why it happened.
• Allows learning from past problems, failures, and accidents.

Create an event and causal factor tree continued…

• The remaining items on the tree are the causes (or probable causes). necessary to produce the undesired
outcome.
• Proximate causes are those immediately before the undesired outcome.
• Intermediate causes are those between the proximate and root causes.
• Root causes are organizational factors or systemic problems located at the bottom of the tree.
• Some people choose to leave contributing factors on the tree to show all factors that influenced the
event.
❑ Contributing factor: An event or condition that may have contributed to the occurrence of an
undesired outcome but, if eliminated or modified, would not by itself have prevented the
occurrence.
• If this is done, illustrate them differently (e.g., dotted line boxes and arrows) so that it is clear that they
are not causes.

Nani Kurniati, PhD

 Root Cause Analysis - Steps
Industrial and Systems Engineering ITS

1. Identify and clearly define the undesired outcome.

2. Gather data.
3. Create a timeline.
4. Place events & conditions on an event and causal factor tree.
5. Use a fault tree or other method/tool to identify all potential causes.
6. Decompose system failures down to a basic events or conditions (Further
describe what happened)
7. Identify specific failure modes (Immediate Causes)
8. Continue asking “WHY” to identify root causes.
9. Check your logic and your facts. Eliminate items that are not causes or
contributing factors.
10. Generate solutions that address both proximate causes and root causes.

Nani Kurniati, PhD

 Root Cause Analysis - Steps
Industrial and Systems Engineering ITS

Undesired Outcome

PROXIMATE
Event #1 Condition Event #2 Failed or CAUSES
Exceeded Barrier
or Control

WHY

WHY Event #1 Occurred

WHY WHY
Condition
WHY
Event #2
WHY
Event #2
WHY WHY
Even Conditi Existed or
Occurred Occurred Failed/Exce
on
Changed
Failed/E INTERMEDIATE
eded
t #1 Existe Barrier or xceeded CAUSES
Occu d or Control Barrier
rred Chang WH WH
WHY WHY WHY WHY

ed
WHY
WH WH WH
Y
W or
WHY

Y Y Y Y
HY Control
WHY WHY WHY WHY
WH WH WH WH WH WH
ROOT CAUSES
Y Y Y
Y Y Y

Nani Kurniati, PhD

 Root Cause Analysis- Steps
Industrial and Systems Engineering ITS

Undesired outcome

Event #1 Condition Event #2 Failed or Exceeded Barrier

or Control

WHY WHY WHY WHY WHY WHY WHY WHY

Event #1 Event #1 Condition Condition Event #2 Event #2 Failed/Exceede Failed/Exceede
Occurred Occurred Existed or Existed or
Occurred Occurred d Barrier or d Barrier or
Changed Changed
Control Control Contributing
WH WH WH WH WH WH WHY WHY WHY WH WH
WH
Factors
Y Y Y
Y Y Y Y Y Y

WHY WHY WHY

WH WH WH WH WH WH WH
Y Y Y Y Y Y Y

Nani Kurniati, PhD

 Investigating Causes of Failures &
Mishaps
Industrial and Systems Engineering ITS

Lost High Speed Data Stream From Satellite

(Mission Failure)

Thrusters Oriented Poor Satellite Failed Technician Used Wrong

Space Craft Line of Sight To Deploy Antenna Method to Correct

MMOD Hit Correct Interpretation

Space Craft Power Supply
Incorrect Decision
After Oriented Failed
Decision-Making Error
Battery Failed

New Task Insufficient

Anomaly Training
Installed Beyond Shelf
Improperly Limit Training Does
Not Exist
Procedure No Quality
Incorrect Inspection Insufficient
Not Updated Training Budget
Insufficient
Not Under Quality Staff Organization Under
Configuration Mgmt Estimates Importance of26
Insufficient Anomaly Training
Budget Nani Kurniati, PhD
FAULT TREE ANALYSIS (FTA)

Industrial and Systems Engineering ITS

 Fault-tree analysis (FTA)
Industrial and Systems Engineering ITS

• Method of hazard analysis which starts with an identified fault and works backward to the
causes of the fault.
• Can be used at all stages of hazard analysis from preliminary analysis through to detailed
software checking
• Top-down hazard analysis method. May be combined with bottom-up methods which start
with system failures and lead to hazards
• Step :
– Identify hazard
– Identify potential causes of the hazard. Usually there will be a number of alternative
causes. Link these on the fault-tree with ‘or’ or ‘and’ symbols
– Continue process until root causes are identified
– Consider the following example which considers how data might be lost in some system
where a backup process is running
• Method: trace faults stepwise back through system design to possible causes
– a tree with a top event at the root
– logic gates at branches, linking each event with its “immediate” causes
– initiating faults at leaves (eventually)
• Good for tracing system hazards through to component failures, and thus for allocating safety
requirements. Good for checking completeness of safety requirements but can be difficult, time-
consuming, hard to maintain.
• Attributes:
– Graphical
– Top Down
– Analytical : Qualitative & Quantitative
• Goal: To identify all conditions that put system in a Hazardous States
Nani Kurniati, PhD
 Fault-tree analysis
Industrial and Systems Engineering ITS

• A deductive top-down technique.

• Put the risk or hazard at the root of the tree and identify the system states that could lead
to that hazard.
• Where appropriate, link these with ‘and’ or ‘or’ conditions.
• A goal should be to minimise the number of single causes of system failure.
• Assumes fault and analyzes possible causes
• Top down • Only as good as input
• Can combine multiple causes • Needs FMEA as a complement
• Needs input from many experts-can bog
– Operator errors down
– Documentation errors • Human errors may be difficult to predict
– Environmental effects • Many potential fault trees for a system
– Software errors – Some more useful
– Hardware failures – Need to evaluate contribution
• Graphical presentation--visual picture

FTA FMEA
• Assumes failure of the
functionality of a product • Assumes component or part
• Identifies part/module failure
failure as cause of • Identifies functional failure
functional failure as a result of part failure
Nani Kurniati, PhD
 FTA Basic Symbols
Industrial and Systems Engineering ITS

Fault in a box indicates Basic fault (part

FAULT that it is a result of BASIC FAULT failure, software
subsequent faults error, human error,
etc.)
Connects a preceding Fault to be further
fault with a analyzed with more
OR UNDEVELOPED time or information if
subsequent fault that EVENT
could cause a failure needed

Out
Connects two or more In Transfer-in and
faults that must occur transfer-out events
AND simultaneously to
cause the preceding
Priority AND Gate:
fault Fault occurs if all
inputs occur in a
Exclusive OR Gate: certain order
Fault occurs if only
one of the input faults Voting OR Gate: Fault
occurs if m or more
occurs out of n input faults
occurs
Nani Kurniati, PhD
 FTA Conventions
Industrial and Systems Engineering ITS

TRANSFER TO NEXT

A
PAGE
TOP LEVEL
EVENT(FAULT)

OR GATE;--EITHER OR
BASIC FAULT
INPUT FAULT MAY
RESULT IN AN AND GATE-BOTH
OUTPUT FAULT INPUT FAULTS
MUST OCCUR AND
FOR AN OUTPUT
FAULT
UNDEVELOPED
FAULT/HAZARD
TRANSFER TO

B
ANOTHER PAGE

TRANSFER
FROM OTHER OR
BASIC FAULT
EVENT
AND GATE-BOTH
INPUT FAULTS
MUST OCCUR AND
FOR AN OUTPUT
FAULT
UNDEVELOPED
A

FAULT/HAZARD

Nani Kurniati, PhD

 Constructing a Fault Tree
Industrial and Systems Engineering ITS

• Write functional requirements in negative

– Functional requirement: Package Opens
– Negative: Package Does NOT Open
• Add additional potential failures
• Select one failure to address at a time
• Develop paths of possible causes of failure
• Branch where necessary
• Follow one branch to end
– Root cause
– Basic event
– Undeveloped event
• Develop action plans

Nani Kurniati, PhD

 Failures
Industrial and Systems Engineering ITS

• Primary--Due to internal causes that include poor

design or use of inappropriate materials
• Secondary--Due to failures in the operation that
include equipment failure
• Control--Due to failures in the systems that are in
place to protect the quality and safety
– e.g. raw material outside specification
– failure of safety switch
– failure of test method

Nani Kurniati, PhD

 FTA Example
Industrial and Systems Engineering ITS

BALL TOO BALL

LARGE DIAMETER

BALL POINT EQUIPMENT

ESTABLISH PM
NOT NOT
PROGRAM
FUNCTIONING MAINTAINED
INCORRECT MFG
OF HOUSING
EQUIP.
CANNOT
MEET
PEN WILL
REQMTS
NOT WRITE

WRONG
VISCOSITY

INK NOT
FLOWING PARTICLES FILTER INK
IN INK

FLOW
BLOCKED

INK DRIED IN
PEN

NO INK IN

A
RESERVOIR

Nani Kurniati, PhD

 FTA During Design
Industrial and Systems Engineering ITS

ASPECT RATIO
TOO HIGH
POOR FIT IN
OR
HAND
MAJOR
DIAMETER
TOO LARGE

ASPECT RATIO
TOO SMALL

BASE
DOES NOT FLATNESS
RESTRICT OR
SPILLAGE
BASE SIZE
TOO SMALL

RIM TO FILL
INSUFFCIENT

Nani Kurniati, PhD

 FTA for Reliability
Industrial and Systems Engineering ITS

AND gates are

multiplied
• P(AND)= P(A)*P(B)

OR Gates are
additive • P(OR)  P(A)+P(B)

Nani Kurniati, PhD

 FTA During Reliability
Industrial and Systems Engineering ITS

HAZARD

4. x 10-9

SYSTEM DRIFT>
FAILURE LIMIT

1. x 10-16 + 4. x 10-9

REFERENCE
CMPT A FAILS CMPT B FAILS CMPT C DRIFTS
DRIFTS

5. x 10 -9
x 2. X 10 -8
3. x 10-9 + 1. x 10 -9

Nani Kurniati, PhD

 Example Fault Tree: tank-level sensors
Industrial and Systems Engineering ITS

Tank overflow
AND

Outlet Inlet open

closed OR
Inlet
Valve B
Inlet Wrong control
valve failed to inlet valve
OR

X Outlet AND
Controller Valve A Controller
failed Sensor Sensor
Y X Y
fails fails

Nani Kurniati, PhD

 RELIABILITY BLOCK DIAGRAM (RBD)
Industrial and Systems Engineering ITS

• Component, subsystem, or other function

are generally represented by block.
• Two diagram : Series Diagram and Parallel
Diagram

Nani Kurniati, PhD

 CAUSE TREE METHODS (CTM)
Industrial and Systems Engineering ITS

Wire AB overheating
AND

Short circuits in Short circuits in the motor

the motor
OR

Primary
Inlet
The relay contact remain stuck
failures
valve failed

Nani Kurniati, PhD

 TRUTH TABLE METHOD (TTM)
Industrial and Systems Engineering ITS

C1 C2 O
0 0 0
1 0 1
0 1 1
1 1 1

C1 C2 O
0 0 0
1 0 0
0 1 0
1 1 1
Nani Kurniati, PhD
 ANOTHER PHA
Industrial and Systems Engineering ITS

• GATHERED FAULT COMBINATION METHOD

(GFCM)
• SUCCESS DIAGRAM METHOD (SDM)
• CONSEQUENCE TREE METHOD (CQTM)
• CUASE CONSEQUENCE DIAGRAM METHOD
(CCDM)
• STATE SPACE METHODS (SSM)

Nani Kurniati, PhD

END OF SLIDE

Industrial and Systems Engineering ITS