Failure Modes and Effects Analysis

leaks thru

sticks

rupture

A Failure Modes and Effects Analysis (FMEA)

tabulates failure modes of equipment and their effects
on a system or plant. The failure mode describes how
equipment fails (open, closed, on, off, leaks, etc.).
The effect of the failure mode is determined by the
systems response to the equipment failure. An
open
closed
FMEA identifies single failure modes that either
directly result in or contribute significantly to an
accident. Human operator error are usually not
FC
examined directly in an FMEA; however, the effects
of a misoperation as a result of human error are
usually indicated by an equipment failure mode. An FMEA is not efficient for
identifying an exhaustive list of combinations of equipment failures that lead to
accidents.

Purpose
The purpose of an FMEA is to identify single equipment and system failure
modes and each failure modes potential effect(s) on the system or plant. This
analysis typically generates recommendations for increasing equipment reliability,
thus improving process safety.

Types of Results
An FMEA generates a qualitative, systematic reference list of equipment,
failure modes, and effects. A worst-case estimate of consequences resulting from
single failure is included. The FMEA may be easily updated for design changes or
system/plant modifications. FMEA results are usually documented in a columnformat table. Hazard analysts usually include suggestions for improving safety in
appropriate items in the table.

Failure and Failure Mode

Failure: The termination of an items

ability to perform a required function.
Failure Mode: The effects by which a
failure is observed on the failed item. All
technical items are designed to fulfill one
or more functions. A failure mode is thus
defined as non-fulfillment of one of these
functions.

Classification of Failures
Sudden versus gradual failures
Hidden versus evident failures
According to effects (critical, degraded or
incipient)
According to severity (catastrophic, critical,
marginal or negligible)
Primary failure, secondary failure and
command fault

Classification of Failure Modes

1. Demanded change of
state is not achieved.

2. Change of conditions
or states.

Fail to open on
command
Fail to close on
command
Leakage through the
valve in closed
position
Leakage to the
environment

Examples of Equipment Failure Modes Used in an FMEA

Equipment Description
Pump, normally operating

Example Failure Modes

Fails on (fails to stop when required)
Transfers off (stops when required to run)
Seal leak/rupture
Pump casing leak/rupture

Heat exchanger, high pressure on

Leak/rupture, tube side to shell side

tube side

Leak/rupture, shell side to external

environment
Tube side, plugged
Shell side, plugged
Fouling

Resource Requirements
Using the FMEA approach requires the following data and information
sources: (1) a system or plant equipment list or P&ID, (2) knowledge of
equipment function and failure modes, and (3) knowledge of system or plant
function and responses to equipment failures.
FMEAs can be performed by single analysts, but these analyses should be
reviewed by others to help ensure completeness. Staff requirements will vary
with the size and complexity of equipment functions and failure modes and
how the failures might affect other portions of the system or plant.
The time and cost of an FMEA is proportional to the size of the process
and number of components analyzed. On the average, an hour is sufficient for
analyzing two to four equipment items. As with any HE study of systems with
similar equipment performing similar functions, the time requirements are
reduced significantly due to the repetitive nature of the evaluations. Table 4.8
lists estimates of the time needed to perform an HE study using the FMEA
technique.

Time Estimates for Using the FMEA Technique

Scope

Perparation

Evaluation

Documentation

Simple/Small
System

2 to 6 hr

1 to 3 days

1 to 3 days

Complex/Large
Process

1 to 3 days

1 to 3 days

2 to 4 weeks

Analysis Procedure
(1)defining the study problem,
(2)performing the review, and
(3)documenting the results.

STEP 1 :
Defining the study problem. This step identifies the
specific items to be included in the FMEA and the conditions
under which they are analyzed. Defining the problem
involves (1)establishing an appropriate level of resolution for
the study and (2)defining the boundary conditions for the
analysis. A detailed problem definition is a necessary
ingredient to performing a thorough and efficient FMEA.

(2)Defining the analysis boundary conditions includes:

Identifying the plant and/or systems that are the subject of the analysis.
Establishing the physical system boundaries for the FMEA. This includes the interfaces
with other processes and utility/support systems. One way to indicate the physical system
boundaries is to mark them on a system drawing that encompasses all equipment within
the scope of the FMEA. These boundary conditions should also state the operating
conditions at the interfaces.
Establishing the system analytical boundaries, including: (1)the failure modes, operating
consequences, causes, or existing safeguards that will not be considered and (2)the initial
operating condition or position of equipment. As an example of effects beyond the scope
of the study, an analyst may choose not to consider airplane crashes, earthquakes, or
tornadoes as causes of failure modes. An example of an initial condition is specifying
whether a valve is normally open or closed.
Collecting up-to-date reference information that identifies the equipment and its
functional relationship to the plant/system. This information is needed for all equipment
included within the system boundary and appropriate interfaces with the rest of the plant.

Table 6.19 Typical Format for an FMEA Worksheet

DATE:
PLANT:
REFERENCE:
Item Identification Description

PAGE:
SYSTEM:
ANALYST(S):
Failure Modes

Effects

of

Safeguards

Actions

FMEA-PC
(Primatech, Inc, Columbus, Ohio)

HAZOOPtimizer
(A. D. Little, Cambridge, Massachusetts)

SAFEPLAN
(Du Pont, Westlake Village, California)
Standard word processing and spreadsheet software programs can also help
analysts document the results of FMEA studies.

Example
An FMEA study is performed to address safety hazards to plant
personnel in a DAP process. The DAP process schematic is
presented in Figure 6.7. Each component of the reaction system
is evaluated with the relevant information recorded in an
FMEA table. The section of the FMEA table for Control Valve
B in the phosphoric acid solution line is presented in Table
6.21.

UNLOADING
STATIONS

UNLOADING
STATIONS

L1

AMMONIA
SOLUTION
STORAGE TANK

F1

PHOSPHORIC
ACID STORAGE
TANK

L1

F1

ENCLOSED
WORK AREA

DAP STORAGE TANK

Figure 6.7 DAP process schemativ for the FMEA example.

Diammonium phosphate (DAP)

LOADING
STATIONS

~~~~~~~~~~~~~~~~

OUTDOORS

PHOS. ACID excess

off-spec. Product

NH3

excess

residual NH3 release

BOTH

excess

Table 6.21 Sample Pages from the FMEA Table for the DAP Process Example
DATE:
1/21/91
PAGE:
5
of
20
PLANT:
DAP Plant
SYSTEM:
Figure 6.7
REFERENCE: Reaction System
ANALYST(S): Mr. Ray Johnson
Item Identification
4.1

Valve B on the
phosphoric
acid solution
line

Description

Failure
Modes

Effects

Motor-operated, Fails open Excess flow of

Normally open,
phosphoric acid to the
Phosphoric acid
reactor
service
High pressure and high
temperature in the
reactor if the ammonia
feed rate is also high

Safeguards
Flow indicator
in the
phosphoric acid
line
Reactor relief
valve vented to
the atmosphere

Actions

Consider
alarm/shutdown
of the system for
high phosphoric
acid flow

Consider
alarm/shutdown
of the system for
high
pressureand
high
temperature in
the reactor

May cause a high level Operator

in the reactor or the
observation of
DAP storage tank
the DAP storage Consider
Alarm/shutdown
tank
of the System
Off-specification
for high level in
Production (i.e., high
the DAP
Acid concentration)
storage tank

Table 6.21 (contd)

DATE:
1/21/91
PLANT:
DAP Plant
SYSTEM: Reaction System
Item

Identification

PAGE:
6
of
20
REFERENCE: Figure 6.7
ANALYST(s): Mr. Ray Johnson
Description

Failure
Modes

4.2

Valve B on the phosphoric Motor-operated, normally open, Falis closed

acid solution line
phosphoric acid service

4.3

Valve B on the phosphoric Motor-operated, normally open, Leak (external)

acid solution line
phosphoric acid service

4.4

Valve B on the phosphoric Motor-operated, normally open, Rupture

acid solution line
phosphoric acid service

Table 6.21 (contd) ( )

Effects

Safeguards

No flow of phosphoric
acid to the reactor

Flow indicator in the

phosphoric acid line

Ammonia carry-over to
the DAP storage tank
and release to the
enclosed work area

Ammonia detector and

alarm

Small release of
phosphoric acid to the
enclosed work area

Periodic maintenance

Large release of
phosphoric acid to the
enclosed work area

Periodic maintenance

Actions
Consider
alarm/shutdown of the system for
low phosphoric acid flow
Consider using a closed tank for
DAP storage and/or ensure
adequate ventilation of the enclosed
work area

Verify periodic maintenance and

Inspection is adequate for this
Valve designed for acid valve
service
Verify periodic maintenance and
Inspection is adequate for this
Valve designed for acid valve
service