See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/244974838

Criticality analysis revisited

Article in Quality and Reliability Engineering · March 1999

DOI: 10.1002/(SICI)1099-1638(199903/04)15:23.3.CO;2-9

CITATIONS READS
32 1,457

2 authors, including:

John Woodhouse
TWPL
20 PUBLICATIONS 184 CITATIONS

SEE PROFILE

All content following this page was uploaded by John Woodhouse on 16 October 2019.

The user has requested enhancement of the downloaded file.

 Criticality Analysis Revisited

T R Moss - Visiting Research Fellow, Department of Mathematical Sciences, Loughborough University

J Woodhouse - The Woodhouse Partnership Limited, Newbury john.woodhouse@twpl.com

Abstract

Criticality analysis is applied in risk and reliability studies to rank decisions on system design and
operation. There is a wide variety of methods used to meet the requirements of different
organisations. Most methods feature an initial assessment of the consequences of failure and its
probability of occurrence, however, other factors may also be applied to provide a more robust
analysis applicable to each specific situation. As well as assessing system criticality during the
design phase it is also necessary to continue to evaluate system and equipment criticality during
operation so that availability can be maximised. Some alternatives to the well-known MILHBK
1629A approach are considered in this paper.

1. Introduction
Criticality analysis is a techniques for identifying and ranking potential undesired events by
importance. The definition of 'criticality' can have different interpretations depending on the
objective of the criticality analysis. To meet widely differing objectives a number of
methodologies have developed over the years which focus either on evaluating safety-criticality
or production-criticality. There can be significant overlap and organisations will generally adapt
techniques to address their own specific requirements. Some recent developments appear to
have potential, particularly for improving plant productivity and maintenance.

2. Design Criticality Analysis

2.1 General
During design the objective of reliability assessment is to identify critical areas so that different
design alternatives to achieve a specified availability target can be optimised and compared.
Recently some new techniques have been proposed. Those which appear to offer some
advances on the MILSTD 1629A approach (1) are the so-called Risk Priority Number Method and
the use of fuzzy logic to prioritise failures.

2.2 RPN Method of FMECA

The RPN FMECA Worksheet for a 2 channel pressure relief system is shown in Figure 1. It can
be seen that the first 6 columns are identical with the traditional 1629A Worksheet. In the RPN
methodology the parameters used to determine the 'Criticality' of an item failure mode are its
expected frequency of occurrence, the severity of its failure effects and the likelihood of detection
during design and manufacture. These parameters are ranked on scales from 1 to 10 with the
product giving the Risk Priority Number (RPN). Scoring criteria proposed by Palaez and
Bowles(2) were used in this assessment. Critical failure modes are identified as C1/4a (fail to
open failure mode of the safety relief valve C1/4 in Channel 1) , C2/10b and C2/9a and e.

2.5 Fuzzy Logic Prioritisation of Failures

As in an RPN FMECA a fuzzy logic criticality assessment is based on the severity, frequency of
occurrence and detectability of an item failure mode. These parameters are represented as
members of a fuzzy set, combined by matching them against rules in a rule base and then
defuzzified to assess the risk of failure. Although this approach is significantly more involved
than other criticality analysis techniques it is considered to have several advantages compared to
qualitative or numerical methods.

The same scales for the linguistic variables employed in an RPN FMECA are employed in the
fuzzy logic method but the evaluation criteria are represented by distributions which overlap for
the linguistic criteria (ie. High, Moderate and Low). Figure 2 shows the distribution employed
here which are modified versions of the distributions proposed by Palaez and Bowles(2).

The fuzzification process converts occurrence frequency, severity and detectability inputs into
outputs which can be matched to rules in a rule base. For failure mode C2/9a ('fail to open'
failure mode for the control valve CV1 in channel 2) the membership of each attribute set can be
determined from the distributions in Figure 2. Using the same ranking as shown in Figure 1, ie.
occurrence frequency score=6 it can be seen that failure mode C2/9a has a membership value of
0.7 in the 'High' occurrence frequency distribution and a membership value of 0.3 in the
'Moderate' distribution. Severity with a score of 8 has a membership value of 1.0 in the 'High'
severity distribution and detectability membership values of 0.6 in 'Low' and 0.4 in 'Moderate'
detectability distributions.

The rule base describes the risk to the system for each combination of the input variables. They
are formulated in linguistic terms as IF-Then rules which are implemented by fuzzy conditional
statements. For example:

IF Frequency is Low, Severity is Moderate and Detectability Low-to-Moderate

Then Risk is Moderate

The outputs for assessing risk importance (Criticality) can be defined using fuzzy sets in the same
way as for the fuzzy inputs. A set of risk importance distributions is also shown in Figure 2. The
fuzzy inference process uses a 'min-max' approach to calculate the rule conclusions based on the
input values. The outcome of this process is called the set of fuzzy conclusions.

For example, for failure mode C2/9a the rules that apply are 8, 9, 10 and 12. Rules 8, 9, and 10
all have the outcome Risk = 'Very Important'. From Figure 2 it can be seen that for Rule 8 (ie.
Frequency = 'Moderate', Severity = 'High', Detectability = 'Low') the fuzzy conclusion is
min.(0.3,1.0, 0.6) = 0.3. for Rule 9 min.(0.7, 1.0, 0.6) = 0.6 and for Rule 10 min.(0.7, 1.0, 0.4) =
0.4. The membership value of Risk = 'Very Important' is the maximum of these 3 fuzzy
conclusions, ie. max.(0.3, 0.6, 0.4) = 0.6. Rule 12 Risk = 'Important' has only one fuzzy
conclusion ie. min.(0.3, 1.0, 0.4) = 0.3.

The defuzzification process creates a single ranking from the fuzzy conclusion set to express the
inherent risk on a scale from 1 to 10. Several defuzzification algorithms have been developed of
which the Weighted Mean of Maximums (WMoM) is probably the most commonly used. This
method gives a best-estimate of the average weighted by the degree of truth at which the
membership functions reach their maximum value:

WMoM = wi.xi where: wi = degree of truth of the membership function/iiiii

wi xi = maximum value of the membership function
For failure mode C2/9a:

WMOM = (0.6 x 10) + (0.3 x 8) = 9.3

(0.6 + 0.3)

Clearly fuzzy prioritisation of failure modes is tedious to apply, nevertheless it could easily be
computerised and would then provide a useful tool for relating RPN's (which are basically
comparative) to defined criticality levels. It could also provide a check on completed FMECA's
prepared during the design phase.

3. Criticality Analysis for Operational Reliability

Away from the special cases or new projects there lies a day-to-day operational need for simple
and consistent prioritising. Examples of this need include:

- ranking of operational or maintenance problems to investigate,

the sequence of workshop loading,
- spares, tools or materials to hold,
- the priority of maintenance backlog items,
- new ideas, studies or research areas to pursue.

The current basis for such prioritising is a generally a mix of gut-feelings, ´management by
anecdote´ (depends upon personal experience and accountability) and some locally appropriate
measures (such as repair cost, downtime impact or failure rate). Quite apart from the natural
benefit of encouraging everybody to think about the combination of probability and consequence,
there is considerable economic advantage to be gained by introducing a coordinated basis for
assigning urgency or importance. The following section describes such a formula, that has
emerged from work with a number of large organisations in several industries. In each case, it
should be noted, it has been introducing much wider concepts and the integration of technical
solutions with organisational and human factors. The ´Operational Reliability´ umbrella uses
criticality of processes (rather than equipment or events) to prioritise attention and urgency. Like
most examples directed at a mixture of preventive and/or mitigating options, process or function
criticality must reflect both the likelihood and the consequence of loss.

Probability and consequence are combined by multiplication in order that the ´small and
frequent´are suitably weighted against the ´large but rare´. This latter aspect can be illustrated by
a representation of the commonly inverse relationship between event probability and
consequence (see Figure 3). Notice that, for the same overall risk exposure, both the
responsibility for decisions, and the tools that are employed, vary with the risk composition.
Measureability and accountability tend to be the determinants.
 -6 -3 3 6
10 /year 10 /year 1/year 10 /year 10 /year

n cy
ilit y/freque
P ro b ab

Operation;
C on s e q u
X efficiency
en optimisation
occasion ce per
Maintenance; RCA,
FMECA, RCM etc.
Safety; QRA,
HAZOPs etc.

9 6 3 -3
£10 £10 £10 £1 £10

Figure 3. Sharing responsibility for risk

The most sophisticated work in criticality assessment naturally emerges from the left hand area -
the nervous field of low probability and catastrophic consequence. The following discussion
focusses, in contrast, upon the middle and right areas, where the usage is part of normal daily life
for the core functions of a company. In these fields, the prioritising of work, problems,
investments and resources should be set by a coordinated system that reflects the business
success criteria and accountabilities.

4. The design of a 'weighted score' criticality system

The commonest approach involves some sort of weighted scoring system. Design of such as
system might appear simple but there are some valuable tips and planning issues that should be
considered when determining the factors, scores and combining processes. The level of detail
required, for example, is a compromise between objective accuracy, ´separation´ potential (the
resolution or ability to distinguish between functions of differing importance) and the data
collection efforts that are possible. One further factor is often forgotten but can be vitally
important. When assigning importance for day-to-day purposes, it is the people who have to
apply the priorities that should be involved in setting them. Getting visible involvement is a
benefit in itself - the ´sign-on´ to the resulting priorities is much higher if those who should apply
the them are involved in generating them.

The commonest architecture and level of detail for a criticality scoring system are illustrated
below (see Figure 4). This is a reflection of the Business Drivers recognised by management and
shareholders. Notice the construction of an 'Operational Impact' component to failure
consequences. This element is not just a product of duration and production rate, but includes a
factor for operational tolerance (flexibility, equipment redundancy or spare capacity) to reflect the
operational response to a problem. A similar 'mitigation' factor might exist in the 'Safety Impact'
area: if secondary protection is present, it reduces the expected consequence to a much lesser
combined chance of the event occuring AND protection being inadequate. However, such
deliberate multi-tier probabilities can soon become unnavigable so they should be introduced only
if there are two or three clear circumstances that distinguish different levels of risk. If they are
deemed worthwhile, then the numerical factoring that they introduce can easily be handled .

Risk or Criticality = Probability X Consequence

of failure of failure

Operational Repair Safety Environmental

Impact + Costs + Impact + Impact

Rate X MTTR X Flexibility(redundancy)

Figure 4. Criticality architecture

When the whole formula is complete, the application to operations or processes is another issue.
Human psychology is at least as important as statistical considerations - allowing the workforce to
feel included (by helping to determine priorities) means that everyone relevant to the processes
must be involved. This results in quite a data collection exercise - all shifts and disciplines, work
teams and specialists must have their say. The resulting range of opinions can yield many
surprises, whatever the average figure for calculated criticality. A typical data collection format is
shown in Figure 9 and an example of the results in Figure 10. Note that, for safety and
environmental impact, the level of detail considered possible for operators or maintainers to
select is simply 'Yes or No'. In both cases, the points attributed to Yes are chosen by the method
above, modified slightly for the requirement to ascribe visibly higher scores to safety than to
environmental factors. Another example might separate out levels of safety as illustrated above,
or even construct a value from degrees of personnel exposure and further levels of probability.

5. Conclusions
Criticality analysis has made some progress since its introduction into reliability studies in the
1960's but clearly there are still areas that could benefit from more thought, discussion and
research. Here some applications have been reviewed with the aim of fostering debate. In the
authors' view addressing the low-frequency, high-consequence area is one obvious candidate for
study. Computerising techniques such as the fuzzy logic approach to design and operation
criticality analyses could help to ensure consistency in auditing complex reliability and risk
assessments but overall there seems little advantage over the tried and tested MILHBK 1629A
methods for design criticality analysis.
 References:

1. Procedures for performing a failure mode and effects analysis. MILSTD 1629A, US
Department of Defense, 1977.
2. Using fuzzy logic for system criticality analysis. CE Palaez and JB Bowles, Proc. Reliability
and Maintainability Symposium, Anaheim, California. January 1994 pp449-455.

Authors' Note:
This is a significantly shorter version of the paper originally submitted.

View publication stats