What Is A Design FMEA?
By Richard A. Harpster
FMEAs have changed considerably since they were first used. The FMEA has been in existence for over 70 years. FMECA (FMEA with criticality analysis) was originally developed in the 1940s by the U.S. military which published MIL–P–1629 in 1949. MIL–P–1629 was replaced by MIL-STD-1629 in 1974. The final revision of the military standard for FMEAs titled “MIL-STD-1629A, MILITARY STANDARD: PROCEDURES FOR PERFORMING A FAILURE MODE, EFFECTS, AND CRITICALITY ANALYSIS was published on November 24, 1980.
A considerable amount of content regarding Design FMEAs in existing FMEA manuals including the new J1739 FMEA Standard FMEAs can be traced back to MIL-STD-1629A. The standard established requirements and procedures for performing a failure mode, effects, and criticality analysis (FMECA) to systematically evaluate and document, by item failure mode analysis, the potential impact of each functional or hardware failure on mission success, personnel and system safety, system performance, maintainability, and maintenance requirements. The concentration was on identification and detection of product failures and mitigating their effects rather than identifying the causes of the product failures and preventing them.
On August 24, 1998 MIL-STD-1629A was cancelled without replacement. To date, no replacement has been defined. Unfortunately, it is still referenced in military contracts and its contents continue to adversely impact the use of the FMEAs currently. A lack of understanding of what a Design FMEA is has not only led to them being done incorrectly but also being done at the wrong time.
Before one can answer the question “What is a Design FMEA?”, one must first understand what risk is. Risk has two components. The two components are the severity of harm one is exposed to when an objectionable incident occurs and the probability of exposure to the harm. It is not uncommon for an objectionable incident to lead to multiple harms with different severities and probabilities of occurrence. Risk is reduced by either reducing the severity of harm or reducing the probability of exposure to it.
When one is trying to manage Design Risk, an objectionable incident occurs anytime the design fails to meet the design requirement. When a design fails to meet a design requirement, it is not uncommon for the design failure to lead to multiple harms with different severities and probabilities of occurrence. Design Risk is reduced by either reducing the severity of harm when the design failure occurs or reducing the probability of exposure to the harm.
Designs are comprised of hardware specifications and/or software code. Designs fail to meet design requirements because their hardware specifications and/or software code are improperly specified. The Design FMEA is a risk assessment of the adequacy of the hardware specifications and/or software code in defining a product that will meet the design requirements. It assumes that manufacturing will build the product to the specifications.
(Note: For the purpose of explaining the columns of information typically found in a Design FMEA, the AIAG 4th Edition FMEA Manual Design FMEA form will be used.)
The first two columns of the Design FMEA are used to define the possible objectionable incidents. The “Item/Requirement” column contains the design requirements. The “Potential Failure Mode” column contains the “objectionable incident” or how the design can fail to meet the design requirement.
The third and fourth columns of the Design FMEA are used to define the harm. The “Potential Effects of Failure” column is used to capture the harm that can occur when the design fails to meet the design requirement. The “Sev” or “Severity” column is used to define a numerical rating for the severity of the harm. When a design fails to meet a design requirement, multiple types of harm with different levels of severities can occur. It can be difficult to identify the probabilities of all the types of harm that can occur when a design fails to meet a design requirement. Consequently, the Design FMEA uses the worst-case effect to determine the severity of the harm and the probability of the Potential Failure Mode or “objectionable incident” as the probability of exposure to the harm. Although this can lead to overstating the risk for a failure mode it will never lead to understating it.
A design can fail to meet a design requirement due to multiple mistakes in defining hardware specifications and/or software code. In a Design FMEA, the possible mistakes that can lead to the design not meeting a design requirement are placed in the “Potential Cause(s) of Failure” Column. A numerical rating equivalent the probability of the design failure to meet the design requirement (Failure Mode) occurring due to the hardware specification or software code mistake listed in the Failure Cause column is placed in the “Occ” or Occurrence Rating Column. Known as Risk Controls, the Design Prevention and Detection Controls are used to determine the “Occ” rating.
The Severity (Sev) and Occurrence (Occ) ratings for each row of the Design FMEA are looked up in the Risk Matrix to determine the risk for the row.Boxes with symbols represent unacceptable levels of risk. Boxes without symbols indicate acceptable levels of risk. A symbol means that work must be done to improve the hardware specification or software code identified in the Potential Causes of Failure Column. The modifications that will be tried and the tracking of their success are placed in the “Risk Reduction Tracking” area of the Design FMEA which is comprised of multiple columns.
When the Design FMEA is performed at the proper time and correctly, the Design FMEA is the strongest risk management tool available for managing design risk. In future papers we will examine the J1739™ JAN2021 FMEA Standard to see if it guides the user to perform the Design FMEA at the proper time and to perform it correctly.