Failure Modes and Effects Analysis
A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effectson a system or plant. The failure mode describes howequipment fails (open, closed, on, off, leaks, etc.).The effect of the failure mode is determined by thesystem’s response to the equipment failure. AnFMEA identifies single failure modes that either directly result in or contribute significantly to anaccident. Human operator error are usually notexamined directly in an FMEA; however, the effectsof a misoperation as a result of human error areusually indicated by an equipment failure mode. An FMEA is not efficient foridentifying an exhaustive list of combinations of equipment failures that lead toaccidents.
open closed
sticks
rupture
leaks thru
FC
PurposeThe purpose of an FMEA is to identify single equipment and system failuremodes and each failure mode’s potential effect(s) on the system or plant. Thisanalysis typically generates recommendations for increasing equipment reliability,thus improving process safety.
Types of ResultsAn FMEA generates a qualitative, systematic reference list of equipment,failure modes, and effects. A worst-case estimate of consequences resulting fromsingle failure is included. The FMEA may be easily updated for design changes orsystem/plant modifications. FMEA results are usually documented in a column-format table. Hazard analysts usually include suggestions for improving safety inappropriate items in the table.
Failure and Failure Mode
• Failure: The termination of an item’s ability to perform a required function.
• Failure Mode: The effects by which a failure is observed on the failed item. All technical items are designed to fulfill one or more functions. A failure mode is thus defined as non-fulfillment of one of these functions.
Classification of Failures
• Sudden versus gradual failures• Hidden versus evident failures• According to effects (critical, degraded or i
ncipient)• According to severity (catastrophic, critical,
marginal or negligible)• Primary failure, secondary failure and com
mand fault
Classification of Failure Modes
1. Demanded change of state is not achieved.
2. Change of conditions or states.
• Fail to open on command
• Fail to close on command
• Leakage through the valve in closed position
• Leakage to the environment
Examples of Equipment Failure Modes Used in an FMEA
Equipment Description Example Failure Modes
Pump, normally operating • Fails on (fails to stop when required)
• Transfers off (stops when required to run)
• Seal leak/rupture
• Pump casing leak/rupture
Heat exchanger, high pressure on • Leak/rupture, tube side to shell side
tube side • Leak/rupture, shell side to external
environment
• Tube side, plugged
• Shell side, plugged
• Fouling
Resource Requirements
Using the FMEA approach requires the following data and information sources: (1) a system or plant equipment list or P&ID, (2) knowledge of equipment function and failure modes, and (3) knowledge of system or plant function and responses to equipment failures.
FMEAs can be performed by single analysts, but these analyses should be reviewed by others to help ensure completeness. Staff requirements will vary with the size and complexity of equipment functions and failure modes and how the failures might affect other portions of the system or plant.
The time and cost of an FMEA is proportional to the size of the process and number of components analyzed. On the average, an hour is sufficient for analyzing two to four equipment items. As with any HE study of systems with similar equipment performing similar functions, the time requirements are reduced significantly due to the repetitive nature of the evaluations. Table 4.8 lists estimates of the time needed to perform an HE study using the FMEA technique.
Time Estimates for Using the FMEA Technique
Scope Perparation Evaluation Documentation
Simple/SmallSystem 2 to 6 hr 1 to 3 days 1 to 3 days
Complex/LargeProcess 1 to 3 days 1 to 3 days 2 to 4 weeks
Analysis Procedure
(1)defining the study problem,
(2)performing the review, and
(3)documenting the results.
STEP 1 :
Defining the study problem. This step identifies the specific items to be included in the FMEA and the conditions under which they are analyzed. Defining the problem involves (1)establishing an appropriate level of resolution for the study and (2)defining the boundary conditions for the analysis. A detailed problem definition is a necessary ingredient to performing a thorough and efficient FMEA.
(2)Defining the analysis boundary conditions includes:• Identifying the plant and/or systems that are the subject of the analysis.
• Establishing the physical system boundaries for the FMEA. This includes the interfaces with other processes and utility/support systems. One way to indicate the physical system boundaries is to mark them on a system drawing that encompasses all equipment within the scope of the FMEA. These boundary conditions should also state the operating conditions at the interfaces.
• Establishing the system analytical boundaries, including: (1)the failure modes, operating consequences, causes, or existing safeguards that will not be considered and (2)the initial operating condition or position of equipment. As an example of effects beyond the scope of the study, an analyst may choose not to consider airplane crashes, earthquakes, or tornadoes as causes of failure modes. An example of an initial condition is specifying whether a valve is normally open or closed.
• Collecting up-to-date reference information that identifies the equipment and its functional relationship to the plant/system. This information is needed for all equipment included within the system boundary and appropriate interfaces with the rest of the plant.
Table 6.19 Typical Format for an FMEA Worksheet
DATE: PAGE: ofPLANT: SYSTEM:REFERENCE: ANALYST(S):
Item Identification Description Failure Modes Effects Safeguards Actions
FMEA-PC
(Primatech, Inc, Columbus, Ohio)
HAZOOPtimizer
(A. D. Little, Cambridge, Massachusetts)
SAFEPLAN
(Du Pont, Westlake Village, California)
Standard word processing and spreadsheet software programs can also help analysts document the results of FMEA studies.
An FMEA study is performed to address safety hazards to plant personnel in a DAP process. The DAP process schematic is presented in Figure 6.7. Each component of the reaction system is evaluated with the relevant information recorded in an FMEA table. The section of the FMEA table for Control Valve B in the phosphoric acid solution line is presented in Table 6.21.
Example
L1
F1
L1
F1
~~~~~~~~~~~~~~~~
PHOSPHORIC
ACID STORAGETANK
AMMONIA
SOLUTION STORAGE TANK
~ ~
UN
LO
AD
ING
S
TA
TIO
NS
UN
LO
AD
ING
S
TA
TIO
NS
LO
AD
ING
S
TA
TIO
NS
DAP STORAGE TANK
ENCLOSED
WORK AREA
OUTDOORS
Figure 6.7 DAP process schemativ for the FMEA example.
Diammonium phosphate (DAP)
PHOS. ACID excess off-spec. Product
NH3 excess residual NH3 release
BOTH excess T P
Table 6.21 Sample Pages from the FMEA Table for the DAP Process ExampleDATE: 1/21/91 PAGE: 5 of 20PLANT: DAP Plant SYSTEM: Figure 6.7REFERENCE: Reaction System ANALYST(S): Mr. Ray JohnsonItem Identification Description Failure
ModesEffects Safeguards Actions
4.1 Valve B on thephosphoricacid solutionline
Motor-operated,Normally open,Phosphoric acidservice
Fails open Excess flow ofphosphoric acid to thereactor
High pressure and hightemperature in thereactor if the ammoniafeed rate is also high
May cause a high levelin the reactor or theDAP storage tank
Off-specificationProduction (i.e., highAcid concentration)
Flow indicatorin thephosphoric acidline
Reactor reliefvalve vented tothe atmosphere
Operatorobservation ofthe DAP storagetank
Consideralarm/shutdownof the system forhigh phosphoricacid flow
Consideralarm/shutdownof the system forhighpressureandhightemperature inthe reactor
ConsiderAlarm/shutdownof the Systemfor high level inthe DAPstorage tank
Table 6.21 (cont’d)
DATE: 1/21/91 PAGE: 6 of 20 PLANT: DAP Plant REFERENCE: Figure 6.7 SYSTEM: Reaction System ANALYST(s): Mr. Ray Johnson
Item Identification DescriptionFailureModes
4.2 Valve B on the phosphoricacid solution line
Motor-operated, normally open,phosphoric acid service
Falis closed
4.3 Valve B on the phosphoricacid solution line
Motor-operated, normally open,phosphoric acid service
Leak (external)
4.4 Valve B on the phosphoricacid solution line
Motor-operated, normally open,phosphoric acid service
Rupture
Table 6.21 (cont’d) (續 )
Effects Safeguards Actions
No flow of phosphoricacid to the reactor
Ammonia carry-over tothe DAP storage tankand release to theenclosed work area
Flow indicator in thephosphoric acid line
Ammonia detector andalarm
Consideralarm/shutdown of the system forlow phosphoric acid flow
Consider using a closed tank forDAP storage and/or ensureadequate ventilation of the enclosedwork area
Small release ofphosphoric acid to theenclosed work area
Periodic maintenance
Valve designed for acidservice
Verify periodic maintenance andInspection is adequate for thisvalve
Large release ofphosphoric acid to theenclosed work area
Periodic maintenance
Valve designed for acidservice
Verify periodic maintenance andInspection is adequate for thisvalve