Failure Modes and Effects Analysis

A Failure Modes and Effects Analysis (FMEA) tabulates failure modes of equipment and their effects on a system or plant. The failure mode describes how equipment fails (open, closed, on, off, leaks, etc.). The effect of the failure mode is determined by the systems response to the equipment failure. An open closed FMEA identifies single failure modes that either directly result in or contribute significantly to an accident. Human operator error are usually not FC examined directly in an FMEA; however, the effects of a misoperation as a result of human error are usually indicated by an equipment failure mode. An FMEA is not efficient for identifying an exhaustive list of combinations of equipment failures that lead to accidents.

leaks thru

rupture

sticks

Purpose
The purpose of an FMEA is to identify single equipment and system failure modes and each failure modes potential effect(s) on the system or plant. This analysis typically generates recommendations for increasing equipment reliability, thus improving process safety.

Types of Results
An FMEA generates a qualitative, systematic reference list of equipment, failure modes, and effects. A worst-case estimate of consequences resulting from single failure is included. The FMEA may be easily updated for design changes or system/plant modifications. FMEA results are usually documented in a columnformat table. Hazard analysts usually include suggestions for improving safety in appropriate items in the table.

Failure and Failure Mode

Failure: The termination of an items ability to perform a required function. Failure Mode: The effects by which a failure is observed on the failed item. All technical items are designed to fulfill one or more functions. A failure mode is thus defined as non-fulfillment of one of these functions.

Classification of Failures
Sudden versus gradual failures Hidden versus evident failures According to effects (critical, degraded or incipient) According to severity (catastrophic, critical, marginal or negligible) Primary failure, secondary failure and command fault

Classification of Failure Modes

1. Demanded change of state is not achieved. Fail to open on command Fail to close on command Leakage through the valve in closed position Leakage to the environment

2. Change of conditions or states.

Examples of Equipment Failure Modes Used in an FMEA

Equipment Description
Pump, normally operating

Example Failure Modes

Fails on (fails to stop when required) Transfers off (stops when required to run) Seal leak/rupture Pump casing leak/rupture

Heat exchanger, high pressure on

tube side

Leak/rupture, tube side to shell side

Leak/rupture, shell side to external environment Tube side, plugged

Shell side, plugged

Fouling

Resource Requirements
Using the FMEA approach requires the following data and information sources: (1) a system or plant equipment list or P&ID, (2) knowledge of equipment function and failure modes, and (3) knowledge of system or plant function and responses to equipment failures. FMEAs can be performed by single analysts, but these analyses should be reviewed by others to help ensure completeness. Staff requirements will vary with the size and complexity of equipment functions and failure modes and how the failures might affect other portions of the system or plant. The time and cost of an FMEA is proportional to the size of the process and number of components analyzed. On the average, an hour is sufficient for analyzing two to four equipment items. As with any HE study of systems with similar equipment performing similar functions, the time requirements are reduced significantly due to the repetitive nature of the evaluations. Table 4.8 lists estimates of the time needed to perform an HE study using the FMEA technique.

Time Estimates for Using the FMEA Technique

Scope Simple/Small System Complex/Large Process Perparation Evaluation Documentation

2 to 6 hr

1 to 3 days

1 to 3 days

1 to 3 days

1 to 3 days

2 to 4 weeks

Analysis Procedure
(1)defining the study problem,
(2)performing the review, and (3)documenting the results.

STEP 1 :
Defining the study problem. This step identifies the specific items to be included in the FMEA and the conditions under which they are analyzed. Defining the problem involves (1)establishing an appropriate level of resolution for the study and (2)defining the boundary conditions for the analysis. A detailed problem definition is a necessary ingredient to performing a thorough and efficient FMEA.

(2)Defining the analysis boundary conditions includes:

Identifying the plant and/or systems that are the subject of the analysis. Establishing the physical system boundaries for the FMEA. This includes the interfaces with other processes and utility/support systems. One way to indicate the physical system boundaries is to mark them on a system drawing that encompasses all equipment within the scope of the FMEA. These boundary conditions should also state the operating conditions at the interfaces. Establishing the system analytical boundaries, including: (1)the failure modes, operating consequences, causes, or existing safeguards that will not be considered and (2)the initial operating condition or position of equipment. As an example of effects beyond the scope of the study, an analyst may choose not to consider airplane crashes, earthquakes, or tornadoes as causes of failure modes. An example of an initial condition is specifying whether a valve is normally open or closed. Collecting up-to-date reference information that identifies the equipment and its functional relationship to the plant/system. This information is needed for all equipment included within the system boundary and appropriate interfaces with the rest of the plant.

Table 6.19 Typical Format for an FMEA Worksheet

DATE: PLANT: REFERENCE:
Item Identification Description

PAGE: SYSTEM: ANALYST(S):

Failure Modes Effects

of

Safeguards

Actions

FMEA-PC
(Primatech, Inc, Columbus, Ohio)

HAZOOPtimizer
(A. D. Little, Cambridge, Massachusetts)

SAFEPLAN
(Du Pont, Westlake Village, California)
Standard word processing and spreadsheet software programs can also help analysts document the results of FMEA studies.

Example
An FMEA study is performed to address safety hazards to plant personnel in a DAP process. The DAP process schematic is presented in Figure 6.7. Each component of the reaction system is evaluated with the relevant information recorded in an FMEA table. The section of the FMEA table for Control Valve B in the phosphoric acid solution line is presented in Table 6.21.

UNLOADING STATIONS

UNLOADING STATIONS

Figure 6.7 DAP process schemativ for the FMEA example. Diammonium phosphate (DAP)

~
L1
AMMONIA SOLUTION STORAGE TANK PHOSPHORIC ACID STORAGE TANK

~
L1

F1

F1

ENCLOSED WORK AREA

OUTDOORS

~~~~~~~~~~~~~~~~
DAP STORAGE TANK

LOADING STATIONS

PHOS. ACID excess

off-spec. Product

NH3

excess

residual NH3 release

BOTH

excess

Table 6.21 Sample Pages from the FMEA Table for the DAP Process Example DATE: 1/21/91 PAGE: 5 of 20 PLANT: DAP Plant SYSTEM: Figure 6.7 REFERENCE: Reaction System ANALYST(S): Mr. Ray Johnson
Item Identification Description Failure Modes Effects Safeguards Actions

4.1

Valve B on the phosphoric acid solution line

Motor-operated, Fails open Excess flow of Normally open, phosphoric acid to the Phosphoric acid reactor service High pressure and high temperature in the reactor if the ammonia feed rate is also high

Flow indicator in the phosphoric acid line Reactor relief valve vented to the atmosphere

Consider alarm/shutdown of the system for high phosphoric acid flow

May cause a high level Operator in the reactor or the observation of DAP storage tank the DAP storage Consider Alarm/shutdown tank of the System Off-specification for high level in Production (i.e., high the DAP Acid concentration) storage tank

Consider alarm/shutdown of the system for high pressureand high temperature in the reactor

Table 6.21 (contd)

DATE: 1/21/91 PLANT: DAP Plant SYSTEM: Reaction System
Item 4.2 Identification

PAGE: 6 of 20 REFERENCE: Figure 6.7 ANALYST(s): Mr. Ray Johnson

Description Failure Modes

Valve B on the phosphoric Motor-operated, normally open, Falis closed acid solution line phosphoric acid service Valve B on the phosphoric Motor-operated, normally open, Leak (external) acid solution line phosphoric acid service Valve B on the phosphoric Motor-operated, normally open, Rupture acid solution line phosphoric acid service

4.3

4.4

Table 6.21 (contd) ()

Effects No flow of phosphoric acid to the reactor Ammonia carry-over to the DAP storage tank and release to the enclosed work area Safeguards Flow indicator in the phosphoric acid line Ammonia detector and alarm Actions Consider alarm/shutdown of the system for low phosphoric acid flow Consider using a closed tank for DAP storage and/or ensure adequate ventilation of the enclosed work area

Small release of phosphoric acid to the enclosed work area

Periodic maintenance

Verify periodic maintenance and Inspection is adequate for this Valve designed for acid valve service Periodic maintenance Verify periodic maintenance and Inspection is adequate for this Valve designed for acid valve service

Large release of phosphoric acid to the enclosed work area