fmeca - dnv

DNV GL © 2013 SAFER, SMARTER, GREENER DNV GL © 2013

Introduction to the basics of FMECA

Lesson 1

DNV GL © 2013

History

1949

US army

1960s

NASA

1967

Civil aviation industry

Mid 1970s

Automotive industry (Ford Pinto affair)

Toyota Design Review Based on Failure Mode (DRBFM)

Today

Petroleum, semiconductor processing, food service, plastics, software, healthcare, +++++

2

DNV GL © 2013

Major standards for FMEA/FMECA

British Standard BS5760 Part 5: 1991 (+BS EN 60812:2006)

US Military Standard MIL-STD-1629A

UK Defence Standard 00-41/Issue 3

Society of Automotive Engineers (SAE) ARP926A

IEC 60812: 2006 (FMEA)

DNV-RP-D102 (FMEA of redundant systems)

DNV-RP-A203 (qualification of new technology)

3

DNV GL © 2013

FMECA – Why and when?

Identify unwanted potential events on a system potentially resulting in negative

impact

Highlight importance of existing safeguards

Satisfy contractual requirements

Basis for improvement to design and/or operating & maintenance procedures with

respect to reliability and safety

Can be used in both design phase and operations phase, but with different

objectives

4

DNV GL © 2013

FMECA +/-

Pros:

– FMECA is a structured method for evaluating system design

– The concept and application are easy to adopt, also for a novice

– The approach enables evaluation of complex systems

– Identification of single point failures

– Screening critical aspects with the system

– Provides basis for more detailed evaluation

Cons:

– The FMECA process may be tedious, time-consuming (and expensive)

– The approach is not well suited for multiple failures (can perform RAM after FMECA)

– Human errors are often missed out

– Is not well suited to handle multifunctional systems

– Ultimately, all failure modes need to be identified by human beings in the team

5

DNV GL © 2013

What is FMECA?

Methodology to identify and analyse:

6

Risks that need to be avoided or mitigated

The effects these

failures may have on the

system

All potential failure

modes of all the

subsystems

DNV GL © 2013

What can FMECA be used for?

Ensure that all conceivable failure modes and their effects on the operation have

been considered

Identify single point failures that may lead to system failure (eg DP2, NCSP)

List potential failures and identify the severity of their effects

Assist in selecting design alternatives with high reliability and high safety potential

during the early design phases

Develop early criteria for test planning and requirements for test equipment

Provide historical documentation for future reference to aid in analysis of field

failures and consideration of design changes

Provide a basis for maintenance planning

Provide a basis for quantitative reliability and availability (RAM) analyses.

+++

7

DNV GL © 2013

Important Definitions

Failure: The termination of the ability of an item to perform a required function

Failure Mode: The failure mode describes the loss of required function(s) that

result from failures. (Manner in which the inability of an item to perform a

required function occurs, or How does is fail?.)

Failure Mechanism: The circumstances (design, installation, use etc.) or

mechanism (corrosion, pressure, load, etc.) which have caused the failure. Why

does it fail?

Safeguard: (mitigating action) Provisions in the system that will reduce either the

likelihood or the consequence of a failure. This may also include operating

procedures or the operator intervention provided they have been trained to

respond to the particular failure and that it can be detected.

8

DNV GL © 2013

Remember

There are several variations of FMECA, some simple and some elaborate, but the

objective is the same:

– Systematic breakdown of a system to uncover unwanted risks and single point

failures.

9

DNV GL © 2013

Available Techniques

•Conceptual Design

•Detailed Engineering

•Construction/Start-Up

•Operation

•Expansion or Modification

•Incident Investigation

•Decommissioning

•Rarely used or

•inappropriate

•Commonly

•used

DNV GL © 2013

HAZID

Typically done at an earlier stage in system/procedure development

Carried out at slightly higher level – system rather than component

No guidewords

Assumes that a hazard occur and investigates what events may cause this

Hazard Identification is the first and most critical step of risk management – Why?

DNV GL © 2013

Safety Assessments

Safety Case

Credible Major

Accident Hazards (MAH)

List of Safety Critical

Elements (SCEs)

Performance Standards & Verification

Scheme

Independent &

Competent Person (ICP) Verification &

Audit

• QRA • Fire Risk Analysis

• Hazid • HAZOP • ETRERA

Describes • Facility • SMS • Hazards and Risks

• Justifies continued operation

• Fire and explosion

• Structural failure

• Ship collision

• Subsea release

• Etc

Role to: • Prevent • Detect • Control • Mitigate MAH

Details SCE: • Functional performance

• Reliability • Maintenance Mgt

• Operations Mgt

Verification carried out by

• IVB – WSV • Technical Authorities

• HSE Audit • OSHAS/ISO Audits

PREVENTION OF MAJOR ACCIDENT HAZARD (MAH)

MANAGEMENT SYSTEM

DNV GL © 2013





•Operation



•Decommissioning

•Rarely used or

•inappropriate

•Commonly

•used

DNV GL © 2013

Checklist Application

Used traditionally to ensure compliance with standard practices

Checklists are a powerful hazard identification technique

Incorporate past experience in convenient lists of do‟s and don'ts

Valuable for revealing an otherwise overlooked hazard

They can be expected to reveal most common hazards

DNV GL © 2013

CHECKLISTS

Advantages

All of the issues on the list are addressed

Easy to do and can be applied at any stage of a project life-cycle

Minimal manpower compared with HAZOP, etc.

Standard checklist can be developed to ensure consistency

Disadvantages

Limited by the experience and knowledge of the author

Rely on past experience (not predictive)

Comprehensive checklists can be very lengthy documents

Checklists need to be audited and kept up to date

DNV GL © 2013





•Operation



•Decommissioning

•Rarely used or

•inappropriate

•Commonly

•used

DNV GL © 2013

What-If Analysis

Creative brainstorming using “What-If?” questions to develop scenarios for

undesirable events

Based on plant systems or sub-systems

Identify the hazards and consequences of the scenario

Identify existing safeguards

Slide 17

DNV GL © 2013

“What-If” Questions

What if ...?

How could ...?

Is it possible ... ?

Has anybody ever ...?

Etc., Etc., Etc.?

DNV GL © 2013

SWIFT’s 10 Question Categories

Material problems (MP)

External effects or influence (EE/I)

Operating error and other human factors (OE&HF)

Analytical or sampling errors (A/SE)

Equipment/instrumentation malfunction (E/IM)

Process upsets of unspecified origin (PUUO)

Utility failures (UF)

Integrity failure or loss of containment (IF/LOC)

Emergency operations (EO)

Environmental release (ER)

DNV GL © 2013





•Operation



•Decommissioning

•Rarely used or

•inappropriate

•Commonly

•used

DNV GL © 2013

How do we perform a HAZOP?

By considering the plant section by section, line by line, item by item

By defining „normal operation‟

By considering deviations from normal operation

By using guidewords to identify these deviations and to initiate the discussion

DNV GL © 2013

Original Guideword Parameters Flow Pressure Temp Composition

No

Reverse (Wrong)

More

Less

Part of

As well as

Other than

Guidewords / Deviations

DNV GL © 2013

HAZOP process

Describe design intention, operating conditions etc.

Consider first or next guide word

Identify all causes and record

Identify all consequences and record

List existing safeguards and record

Take next section

Agree any actions necessary and responsible person /org. and record

Last guide word?

Yes

No

DNV GL © 2013

HAZOP / HAZID logsheet

Step Guideword

/ Deviation

Cause Consequence Existing

Safeguards

Finding /

Recommendation

R: Remark / A:

Action

Action

responsible

Time

1.

1.1

1.2

2.

DNV GL © 2013





•Operation



•Decommissioning

•Rarely used or

•inappropriate

•Commonly

•used

DNV GL © 2013

Fault tree

Identifies causes for an assumed failure (top event)

A logical structure linking causes and effects

Deductive method

Suitable for potential risks

Suitable for failure events

Top

event

Component 1 And

Gate

Component 2 Component 3

E3 E4

E1

A

E2

The OR-gate indicates that the

output events A occur if any of

the input events Ei occur.

The AND-gate indicates that

the output event E2 occurs only

when all the input events Ei

occur simultaneously.

The Basic event represents a

basic equipment failure that

requires no further development

of failure causes.

OR

AND

Basic

Event

Intermediate

Event

DNV GL © 2013

Fault Tree Case - Late for Work

And Or

Or

Or

Fail to arrive at

work on time

Trafic hold up Car will not startOverslept

Alarm clock

fails

Went to bed

to late

Alarm clock

ineffective

Bed

Alarm not

loud enough

Alarm not

set

LoudSetCLKF

TRF

Mechanical

fault

Fuel system

fault

Ignition

fault

Starter

fault

Mech Fuel IGN And

No batery

power

Solenoid

fault

Wiring

fault

Starter

jammed

JAMWireSol

No alternative

power is available

Battery is

flat

FlatAnd

No jump cables

available

No other car

available

JCBL NCAR

Or

AndAnd OrOr

OrOr

OrOr

Fail to arrive at

work on time

Trafic hold up Car will not startOverslept

Alarm clock

fails

Went to bed

to late

Alarm clock

ineffective

Bed

Alarm not

loud enough

Alarm not

set

LoudSetCLKF

TRF

Mechanical

fault

Fuel system

fault

Ignition

fault

Starter

fault

Mech Fuel IGN AndAnd

No batery

power

Solenoid

fault

Wiring

fault

Starter

jammed

JAMWireSol

No alternative

power is available

Battery is

flat

FlatAndAnd

No jump cables

available

No other car

available

JCBL NCAR

OrOr

DNV GL © 2013

Use a Fault Tree to

identify possible causes for a system failure

predict;

– reliability

– availability

– failure frequency

identify system improvements

predict effects of changes in design and operation

understand system

DNV GL © 2013

Production assurance and reliability management (ISO 20815)

“The petroleum and natural gas

industries involve large capital

investment costs as well as operational

expenditures.

The profitability of these industries is

dependent upon the reliability,

availability and maintainability of the

systems and components that are used.”

[ISO 20815 - Production assurance and reliability management ]

29

DNV GL © 2013

Production assurance and reliability management (ISO 20815)

Capacities

Reduced complexity

Material selection

30

Choice of technology

Redundancy at system level

Redundancy at equipment or component

level

Functional dependencies

Examples for design measures/factors to optimise the cost-benefit ratio:

[ISO 20815 - Production assurance and reliability management ]

[Life cycle phases as per ISO 20815]

Feasibility Conceptual

design Engineering Procurement Assembly

Installation &

Commissioning Operation

DNV GL © 2013

Quantitative Picture of Performance

31

Reliability Equipment performance

data (failure frequencies)

System configuration

Maintainability Maintenance resources

Shift constraints

Mob delays

Spares constraints

Availability Equipment/System uptime

Operability Plant interdependencies

Plant re-start times

Production/demand rates

Storage Size

Tanker Fleet and

Operations

Productivity

Achieved

production

Production losses

Criticality

Contract shortfalls

Delayed cargoes

Unit Costs/Revenue Product price

Manhour/spares costs

Transport costs

Discount rates

NPV Discounted Total Cashflow

DNV GL © 2013

Objective 1 – Prognosis

Forecast: sub system availability,

system availability,

production availability etc.

Verify production-assurance objectives or requirements

32

Technical availability, Annual average

70 % 75 % 80 % 85 % 90 % 95 % 100 %

Base case, 4x25%

85% ASF

95% ASF

4x30% @ 85% ASF

4x59.95% @ 85% ASF

Repair on lost function

Repair on lost function @ 85% ASF

Repair modules on lost function

Wait for weather

Wait for weather @ 85% ASF, Repair on lost function

Wait for weather @ 85% ASF

Dedicated vessel Ormen Lange

Dedicated vessel Ormen Lange, Repair on lost function

Dedicated vessel incl. nearby fields

Dedicated vessel nearby fields, 4x30% @ 85% ASF

Dedicated vessel Ormen Lange, 4x30% @ 85% ASF,

Dedicated vessel Ormen Lange, 4x30% @ 85% ASF

Dedicated vessel nearby fields, Repair on lost function

VSD Spare sensitivity

Wait for weather @ 85% ASF, Repair modules on lost

P10 Mean P90

diffe

ren

t syste

ms

DNV GL © 2013

Objective 2 – Analysis of weak points

Identify equipment units critical to availability (what are the main down-

time-contributors),

Identify technical and operational measures with potential for

performance improvement

33

Case 8A

MP1: Umbilical and pow er cable

MP6: Pump and motor MP7: VSD pump

MP20x: Tie-in manifold

MP2: Compressor and motorMP4: VSD compressor

MP5: Circuit Breaker Module

MP16: Transformer and HV w et

connections

MP20: Process template

0

20

40

60

80

100

-0.5 0 0.5 1 1.5 2 2.5

No. of interventions per year

Co

st

per

inte

rven

tio

n (

MN

OK

)

MP20x: Tie-in manifold MP1: Umbilical and power cable MP2: Compressor and motor

MP3: Anti Surge Valve MP4: VSD compressor MP5: Circuit Breaker Module

MP6: Pump and motor MP7: VSD pump MP8b: Separator

MP9: V-cone MP14: SCM MP15: SCM MB

MP16: Transformer and HV wet connections MP20: Process template MP21: Bridge spool

MP22: SDU MP8b: Cooler MP23: UPSBubble size: Deferred volume

per intervention

Downtime distribution

DNV GL © 2013

Objective 3 – Alternative comparison

Compare (concept, design, operation) alternatives with respect to

different availability aspects

Enable selection of facilities, systems, equipment, configuration and

capacities based on economic optimization assessments

Provide input to other activities, such as risk analyses or maintenance

and spare-parts planning

34

DNV GL © 2013

Steps in a study

35

Preparation Model

development

Simulation

and analysis

Model

development

Analysis and

assessment

Reporting and

recommendations

Review of technical

documentation

Site visit if required

System description

Reliability data/ Input

from system experts

Functional

breakdown

Consequence of

failures

Inclusion of events

and compensating

measures

Identify performance

measures

Sensitivity analyses

Importance measures

State all assumptions

Document input data

Present results

Outline

recommendations

Study basis

FMECA

DNV GL © 2013

Model building (similar to fault tree..)

Discrete Event Simulation

Probability distributions for frequencies of component failure/ repair etc. based

on historical data or expert judgment

Model consequences of failure

WATER

BATH

HEATER

WATER

BATH

HEATER

PRESS.

REGULAT

OR

PRESS.

REGULAT

OR

METER

SKID

METER

SKID

DRY GAS

FILTER

DRY GAS

FILTER

CHROMATO-

GRAPH

DNV GL © 2013

Final delivery

Recommendations to optimize performance through:

improving the design

Prediction of the performance/ availability of possible concepts

Cost-benefit for possible concepts

Cost-benefit optimization of development

improving the operation

Maximizing performance/ production availability

Optimizing operational costs

Minimizing downtime

Optimizing operational procedures/ strategies

by analyzing: - performance

- costs

- availabilities

- and other uncertainties

DNV GL © 2013

Buzz group work – Pair and Share

Arrange yourselves into groups of 4

Discuss:

– Could FMECA be applied both early and late in a project?

– Advantages / Disadvantages

Produce key points and be prepared to defend your conclusions…..

Early Project Phase

•FMECA advantages

•…

•…

•FMECA disadvantages

•…

•…

Late Project Phase

•FMECA advantages

•…

•…

•FMECA disadvantages

•…

•…

fmeca - dnv

Documents