Failure Modes and Effects Analysis

A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effectson a system or plant. The failure mode describes howequipment fails (open, closed, on, off, leaks, etc.).The effect of the failure mode is determined by thesystem’s response to the equipment failure. AnFMEA identifies single failure modes that either directly result in or contribute significantly to anaccident. Human operator error are usually notexamined directly in an FMEA; however, the effectsof a misoperation as a result of human error areusually indicated by an equipment failure mode. An FMEA is not efficient foridentifying an exhaustive list of combinations of equipment failures that lead toaccidents.

open closed

sticks

rupture

leaks thru

FC

PurposeThe purpose of an FMEA is to identify single equipment and system failuremodes and each failure mode’s potential effect(s) on the system or plant. Thisanalysis typically generates recommendations for increasing equipment reliability,thus improving process safety.

Types of ResultsAn FMEA generates a qualitative, systematic reference list of equipment,failure modes, and effects. A worst-case estimate of consequences resulting fromsingle failure is included. The FMEA may be easily updated for design changes orsystem/plant modifications. FMEA results are usually documented in a column-format table. Hazard analysts usually include suggestions for improving safety inappropriate items in the table.

Failure and Failure Mode

• Failure: The termination of an item’s ability to perform a required function.

• Failure Mode: The effects by which a failure is observed on the failed item. All technical items are designed to fulfill one or more functions. A failure mode is thus defined as non-fulfillment of one of these functions.

Classification of Failures

• Sudden versus gradual failures• Hidden versus evident failures• According to effects (critical, degraded or i

ncipient)• According to severity (catastrophic, critical,

marginal or negligible)• Primary failure, secondary failure and com

mand fault

Classification of Failure Modes

1. Demanded change of state is not achieved.

2. Change of conditions or states.

• Fail to open on command

• Fail to close on command

• Leakage through the valve in closed position

• Leakage to the environment

Examples of Equipment Failure Modes Used in an FMEA

Equipment Description Example Failure Modes

Pump, normally operating • Fails on (fails to stop when required)

• Transfers off (stops when required to run)

• Seal leak/rupture

• Pump casing leak/rupture

Heat exchanger, high pressure on • Leak/rupture, tube side to shell side

tube side • Leak/rupture, shell side to external

environment

• Tube side, plugged

• Shell side, plugged

• Fouling

Resource Requirements

Using the FMEA approach requires the following data and information sources: (1) a system or plant equipment list or P&ID, (2) knowledge of equipment function and failure modes, and (3) knowledge of system or plant function and responses to equipment failures.

FMEAs can be performed by single analysts, but these analyses should be reviewed by others to help ensure completeness. Staff requirements will vary with the size and complexity of equipment functions and failure modes and how the failures might affect other portions of the system or plant.

The time and cost of an FMEA is proportional to the size of the process and number of components analyzed. On the average, an hour is sufficient for analyzing two to four equipment items. As with any HE study of systems with similar equipment performing similar functions, the time requirements are reduced significantly due to the repetitive nature of the evaluations. Table 4.8 lists estimates of the time needed to perform an HE study using the FMEA technique.

Time Estimates for Using the FMEA Technique

Scope Perparation Evaluation Documentation

Simple/SmallSystem 2 to 6 hr 1 to 3 days 1 to 3 days

Complex/LargeProcess 1 to 3 days 1 to 3 days 2 to 4 weeks

Analysis Procedure

(1)defining the study problem,

(2)performing the review, and

(3)documenting the results.

STEP 1 :

Defining the study problem. This step identifies the specific items to be included in the FMEA and the conditions under which they are analyzed. Defining the problem involves (1)establishing an appropriate level of resolution for the study and (2)defining the boundary conditions for the analysis. A detailed problem definition is a necessary ingredient to performing a thorough and efficient FMEA.

(2)Defining the analysis boundary conditions includes:• Identifying the plant and/or systems that are the subject of the analysis.

• Establishing the physical system boundaries for the FMEA. This includes the interfaces with other processes and utility/support systems. One way to indicate the physical system boundaries is to mark them on a system drawing that encompasses all equipment within the scope of the FMEA. These boundary conditions should also state the operating conditions at the interfaces.

• Establishing the system analytical boundaries, including: (1)the failure modes, operating consequences, causes, or existing safeguards that will not be considered and (2)the initial operating condition or position of equipment. As an example of effects beyond the scope of the study, an analyst may choose not to consider airplane crashes, earthquakes, or tornadoes as causes of failure modes. An example of an initial condition is specifying whether a valve is normally open or closed.

• Collecting up-to-date reference information that identifies the equipment and its functional relationship to the plant/system. This information is needed for all equipment included within the system boundary and appropriate interfaces with the rest of the plant.

Table 6.19 Typical Format for an FMEA Worksheet

DATE: PAGE: ofPLANT: SYSTEM:REFERENCE: ANALYST(S):

Item Identification Description Failure Modes Effects Safeguards Actions

FMEA-PC

(Primatech, Inc, Columbus, Ohio)

HAZOOPtimizer

(A. D. Little, Cambridge, Massachusetts)

SAFEPLAN

(Du Pont, Westlake Village, California)

Standard word processing and spreadsheet software programs can also help analysts document the results of FMEA studies.

An FMEA study is performed to address safety hazards to plant personnel in a DAP process. The DAP process schematic is presented in Figure 6.7. Each component of the reaction system is evaluated with the relevant information recorded in an FMEA table. The section of the FMEA table for Control Valve B in the phosphoric acid solution line is presented in Table 6.21.

Example

L1

F1

L1

F1

~~~~~~~~~~~~~~~~

PHOSPHORIC

ACID STORAGETANK

AMMONIA

SOLUTION STORAGE TANK

~ ~

UN

LO

AD

ING

S

TA

TIO

NS

UN

LO

AD

ING

S

TA

TIO

NS

LO

AD

ING

S

TA

TIO

NS

DAP STORAGE TANK

ENCLOSED

WORK AREA

OUTDOORS

Figure 6.7 DAP process schemativ for the FMEA example.

Diammonium phosphate (DAP)

PHOS. ACID excess off-spec. Product

NH3 excess residual NH3 release

BOTH excess T P

Table 6.21 Sample Pages from the FMEA Table for the DAP Process ExampleDATE: 1/21/91 PAGE: 5 of 20PLANT: DAP Plant SYSTEM: Figure 6.7REFERENCE: Reaction System ANALYST(S): Mr. Ray JohnsonItem Identification Description Failure

ModesEffects Safeguards Actions

4.1 Valve B on thephosphoricacid solutionline

Motor-operated,Normally open,Phosphoric acidservice

Fails open Excess flow ofphosphoric acid to thereactor

High pressure and hightemperature in thereactor if the ammoniafeed rate is also high

May cause a high levelin the reactor or theDAP storage tank

Off-specificationProduction (i.e., highAcid concentration)

Flow indicatorin thephosphoric acidline

Reactor reliefvalve vented tothe atmosphere

Operatorobservation ofthe DAP storagetank

Consideralarm/shutdownof the system forhigh phosphoricacid flow

Consideralarm/shutdownof the system forhighpressureandhightemperature inthe reactor

ConsiderAlarm/shutdownof the Systemfor high level inthe DAPstorage tank

Table 6.21 (cont’d)

DATE: 1/21/91 PAGE: 6 of 20 PLANT: DAP Plant REFERENCE: Figure 6.7 SYSTEM: Reaction System ANALYST(s): Mr. Ray Johnson

Item Identification DescriptionFailureModes

4.2 Valve B on the phosphoricacid solution line

Motor-operated, normally open,phosphoric acid service

Falis closed

4.3 Valve B on the phosphoricacid solution line

Motor-operated, normally open,phosphoric acid service

Leak (external)

4.4 Valve B on the phosphoricacid solution line

Motor-operated, normally open,phosphoric acid service

Rupture

Table 6.21 (cont’d) (續 )

Effects Safeguards Actions

No flow of phosphoricacid to the reactor

Ammonia carry-over tothe DAP storage tankand release to theenclosed work area

Flow indicator in thephosphoric acid line

Ammonia detector andalarm

Consideralarm/shutdown of the system forlow phosphoric acid flow

Consider using a closed tank forDAP storage and/or ensureadequate ventilation of the enclosedwork area

Small release ofphosphoric acid to theenclosed work area

Periodic maintenance

Valve designed for acidservice

Verify periodic maintenance andInspection is adequate for thisvalve

Large release ofphosphoric acid to theenclosed work area

Periodic maintenance

Valve designed for acidservice

Verify periodic maintenance andInspection is adequate for thisvalve