Probabilistic FMECA

Joseph T. Pizzo ARC 0 Springfield

0

Ron M. Adib 0 UTC - CSD 0 San Jose

Key Words: FMECA, strength-stress, burdens, capabilities, probability, sensitivity analysis, factor of safety, margin of safety

safety and ignoring other variables andor using some failure

SUMMARY & CONCLUSIONS rates from a very small database. In session 2.3.1 we will
discuss the fallacy associated with the use of safety factors or
margin of safety.
In this paper, a probabilistic Failure mode, Effect and
Criticality Analysis (FMECA) approach is presented that The quantitative approach can address the potential
combines concepts of load (stress) and capability (strength) failure modes of critical components of a system and find a
analysis with other variables, such as material, pressure, means of eliminating or reducing the associated risks by
temperature etc. for conducting a FMECA. This analysis accurately identifying the impact on changes to the reliability
helps the design team to predict the probability of success of a system. In this manner, either corrective or compensating
with a high level of confidence. The analysis was performed actions can be taken to ensure program success is
on a major component of a Solid Propulsion System (SPS), accomplished.
namely the insulation, to illustrate how the method could be
utilized to improve the design. In this paper, a probabilistic analytical approach is
introduced that combines the concepts of burdens versus
The results of the probabilistic reliability analysis of capability analysis, with an enhanced format for conducting
the insulation, provide a reliability value of 0.999999514, the FMECA. By using this approach, the design engineer can
based on the model used to represent the insulation keep track of the potential failure modes of the critical
characteristics. In addition, a sensitivity analysis was components and implement appropriate improvements in the
conducted to determine the relative contribution of each of the design in the early stages of the program. The technique can
variables in the insulation model to the overall reliability of also be used to analyze the manufacturing process and the
the system. Comparison of the changes to the base solution operational phase of a program to gain an overall assurance of
indicate that many of the causal variables with f 3 standard high reliability of the system. The probabilistic analytical
deviations (+30), namely the propellant web (3+), propellant approach is the recommended way of conducting reliability
bum rate (3f), insulation thickness (3-), erosion rate (3+), and analysis for nonrenewable and critical systems that require
the motor bum time ( 3 - ) , provide a larger reliability value high reliability. Achieving the goal of high reliability early in
than the base. a system's development would be cost-effective and therefore
should be a value-added incentive for manufacturers in both
the government and commercial markets.
I . INTRODUCTION
In this paper, a probabilistic FMECA is performed on
Identifying failure modes for a new or upgraded a major component of an SPS subsystem, namely the
design is fundamental for determining the reliability of a insulation, to illustrate how the method can be utilized to
system. Failure modes, effects and criticality analysis improve the design of a system. The input information on the
(FMECA) is one of the most widely used and most effective variable's failure mechanisms in the insulation model is
reliability analysis provided in order to conduct the analysis and provide the data
methods. However, because of the need for forcasting the format for identifying reliability critical failure modes and
high reliability requirement of critical or nonrenewable effects. The method is generic, and can be applied to any
systems such as medical devices or SPS, it is essential to system where the reliabilitykost trade-offs make it beneficial
employ a methodology that can provide this result. Engineers to apply. The paper shows when and how to use the technique
have done qualitative FMECA for several decades. Some have and provides a sensitivity analysis to relatively optimize the
done quantitative FMECA, whereby they have assigned a changes suggested in the design as a result of the probabilistic
probability of failure to each failure mode by looking at the analysis. In addition, it illustrates the precautionary measures
structural failure modes using safety factors or margin of that must be taken to ensure the results are realistic. Finally, it
390 1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITYSymposium

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.
should be noted that the exorbitant costs associated with full-
scale testing of a nonrenewable system, provides a strong QUANTITATIVE FAILURE MODES, EFFECTS, AND
argument for understanding all critical failure modes prior to CRITICALITY ANALYSIS
full-scale testing. The probabilistic FMECA approach (FMECA) WORKSHEET FORMAT
provides the mechanism to exactly do that.
SYSTEM Insulation SHEET OF
MISSION PHASE Operation COMF'LED BY
2. PROBABILISTIC FMECA ANALYSIS
DATE DEFT APPROVAL

2. I Introduction REVISION NO.

FMECA's can be prepared in either a qualitative or a

quantitative manner. The method highlights the failure modes Column 1 Column 2 Column 3
whose effects would impact safety, reliability, severity,
Failure Burdens Capabilities Failure Causes
detectability, or maintainability of the system. The total
mode (Stresses) (Strenghs)
system being analyzed should be described in detail to ~

Insulation Motor Bum Time T,

determine its boundaries and functions. This information will C,,,A,.,o,
Bum-through
provide the opportunity to design the level of reliability
Propellant Web, b
required in the product. All available information including
Propellant Bum Rate, rb
system descriptions, specifications, feasibility or reliability
Insulation Thickness, ti
studies from past and similar systems provide the necessary
Errosion Rate, er
baseline. In addition, to achieve better insights into any
reliability associated issues are the development of functional
and reliability block diagrams.
Column 4
The Probabilistic FMECA is applicable to all life Failure Probability
cycle phases of an SPS program. In particular, it is imperative 0.000000486
to conduct the probabilistic FMECA during the design,
process and operational phases of the program to ensure that
reliability is an integral part of the success of the SPS's
mission.

2.2 Qualitative FMECA construction

Figure 2.3-1. Example of a Quantitative Probabilistic
A qualitative FMECA contains non-quantitative
FMECA for an SPS
information that serves to highlight failure modes and causes
considered important to the reliability of an SPS. The Probabilistic analysis can provide the criteria to
methodology to perform this task is commonly known and is ensure a robust design. For most components, neither burdens
often based on MIL-STD-1629. The worksheet designed for nor capabilities are fixed, but are distributed statistically. This
the qualitative FMECA addresses at minimum the following is shown in Figure 2.3-2. It should be noted that while the
items: component idenfication, function, failure mode, distributions are depicted as normal (Gaussian), this is not a
mission phase, effect on the next assembly, failure indication, necessary requirement for validating the methodology.
probable cause of failure, failure criticality and remarks.

2.3 Quantitative probabilistic FMECA construction

'I Capability I

The quantitative probabilistic FMECA format

stresses the probabilistic calculations of burdens and
capabilities. The format for the probabilistic analysis is similar
to the quantitative analysis worksheet with the exception of
following differences: the addition of four columns (Burdens,
Capabilities, the variables associated with each failure mode,
and Failure Probability) as seen in figure 2.3-1. These
variables play a critical role in probabilistic analysis as we see
later in section 2.3.3. The corresponding failure probability
for each failure mode is inserted in Failure Probability
Figure 2.3-2. Burdens - Capabilities - Interfacing
column. In figure 2.3-1 this value is the calculated failure
probability for the "Insulation Bum-through'' failure mode.
Distributions
1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium 391

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.
 ~

Each distribution has a mean value denoted by 6 or and a Figure 2.3.3-1 and the example that follows outline the
standard deviation, denoted by uB or oC.When the methodology for calculating the reliability of a component.
distributions overlap, a component of the weak end of the
strength distribution can be subjected to a stress factor at the
high end of the stress distribution, causing a failure. Table 2.3.1-1. Safetv Factors & Associated Reliabilities
-
Example B D~ uB SF Reliability
Before the probabilistic reliability calculations are 1 2500 1000 100 150 2.5 >0.999999
discussed, however, a recognition of two factors that design t2 2500 1000 500 750 2.5 0.9515
engineers use to measure reliability will put the problem of
calculating the reliability of a component in perspective.
3 2500 1000 2500 2500 2.5 0.6646 -
These measurements are the safety factor and safety margin
which are currently used extensively by design engineers. Table 2.3.1-1 shows that the design engineer could
These measurements assume that the variables that makeup become complacent about satisfying a safety factor
the load and capability functions are deterministic and requirement that may be significantly off from the desired
therefore can be measured as a point estimate. We will shown reliability desired. When a designer uses the safety factor
that this assumption can lead to erroneous reliability approach, it should be based upon considerable experience on
conclusions about the strengths and stresses of components. similar components.

This latter calculation, while generally used, could be

2.3. I Safety factors (SF)
both conservative and costly to the design in terms of weight
and performance. Realizing these short-comings indicate that
One purpose of the safety factor is to account for the
the safety factor may not always be a true measure of design
uncertainties that exist in the design, such as material strength,
reliability.
manufacturing dimension and tolerances and the burdens to
which elements of the design are subjected to. The traditional
2.3.2 Safety margin (SM)
approach to the problem of uncertainty is to design to a safety
factor above an arbitrary level in an attempt to ensure non-
The Safety Margin (MS) should not be confused with
failure.
the Safety Factor. In the aerospace industry, the safety factor
is generally replaced by another, defined as:
The assumption in the use of the safety factor in
designing a component is that the burdens (stresses) on an
element are single-valued and equal to some maximum MS = SF - 1
anticipated value. In a similar manner, the capabilities
There are alternative ways of calculating the SF and
(strengths) are considered to be deterministic and equal to a
the MS, that can be found in the literature. The essence of this
single nominal value. Both of these terms can be modified by
discussion of SF and SM is, that while these calculations are
a variety of single-valued factors such as stress concentration,
commonly used by design engineers, the probabilistic
temperature, size effect, surface finish, etc.
approach to reliability assessment holds greater promise of
accurately expressing the successlfailure of a component.
The definition of the SF is the average value of
failure governing capabilities (strength) divided by the
2.3.3 Probabilistic reliability calculation
average value of failure governing load (stress).
The alternative to the SF and SM values is to
L
SF = = 21 calculate the reliability, using the concept of probabilistic
B distributions of the burdens and the capabilities. The process
involves calculating the reliability based on defining the
This is a measure of safety when both the capabilities functional relationships that represent the burdens and the
and the load distributions are normally distributed. The capabilities. A list of failure modes and causes must be
component design based entirely upon safety factors could be prepared. For each mode, a pair of transfer functions are
misleading, however, and may be costly due to over design or derived from the basic design equations representing the
could result in a catastrophic failure due to under design. The burdens (stresses) and the capabilities (strengths) respectively.
SF is not the best indicator of the relationship of burdens vs. Each transfer function involves design variables or failure
capabilities since the calculation ignores the variability that causes which must be treated probabilistically. Thus,
result in different reliabilities for the same safety factors (see considering a single failure mode, we can denote the two
Table 2.3.1-1). The calculation of the reliability is based on transfer functions as follows:
the standard normal deviate Z; the values of and are c
assumed to be derived from engineering judgements so that
the reliability numbers in the table are predicted values.

392 1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITYSymposium

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.
 Step I1 Component Description:
Each of the variables or failure causes (e.g., Xi) is
treated as a probability density function. For each failure Insulation burn-through at the propellant slot
mode, the derivation of the failure function D = C - B must be location was investigated.
completed. When B > C then D < 0 and a failure of the
component occurs. Step 111 Variables and Functions:

The density functions can be presented in two forms: The variables identified for this analysis include motor burn
(1) a discrete variable distribution, using a summarization of time (Td, propellant web (b), propellant bum rate (q,),
test data, or (2) a closed form representation which is a insulation thickness (ti) and erosion rate (er). The load
functional form of the density function. There may be some (stress) function is the motor bum-through which is defined as
difficulties in obtaining these functions. Curve fitting B = f(T& and the capability (strength) function which is
procedures could be used to obtain a continuous defined as C = f(b, Q, ti, er).
representation for the test data, while numerical
approximation methods may be required to handle complex Step IV Assumptions and Rationale:
closed-form functions Monte Carlo solutions can be also used.
For this discussion, we will focus our attention on the closed The analysis is based on the assumed variable values provided
form solution. by engineering estimates with similar components. The
variable terms in the load and capability equations are
The format for conducting a probabilistic analysis is considered to be independent. The load and capability
outlined in Figure 2.3.3-1 and consists of the following steps: equations are also assumed to be normally distributed. The
resultant calculation will therefore provide a predicted
reliability value.

Step V Data Input:

VARIABLE SYMBOL MEAN STD. DEV.

MOTOR BURN TIME T, 101.6 sec 6.0 sec
PROPELLANT WEB b 2.0 in 0.03 in
PROPELLANT BURN RATE rh 0.36 idsec 0.006 idsec
INSULATION THICKNESS 3.4 in 0.1 in
EROSION RATE e 0.006 idsec 0.001 idsec

Step VI Calculation of Means (X) and

Standard Deviation (S):

Given:
-
B = T,, X, = T,
= 101.6

and the

s, =
J 1.02 x s a:

= 6.0 sec
Analysis Given:
b
c =- + -.t i
Based on this outline, an example of these calculations follow.

Step I Failure Mode:

3 572.2222 sec
Insulation Bum-through
and
1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILlTYSymposium 393

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.
 mean value of 2.0 in. and a standard deviation value of 0.03
in, was changed to b+ = 2.09 and b- = 1.91 (b+/ represent
+3a) while the other variables were left the same to
determine how much the propellant web influenced the
= 95.9038
overall reliability. Figure 2.4-1 shows the results of this
analysis. It is evident that all the reliability values are larger
Step VI1 Calculation of Reliability for Insulation Burn- than 0.999999 except for the erosion rate, er-. Comparison of
Through: the changes to the base solution, indicate that many of the
causal variables with f3o's, namely b+, q,+, ti-, er+, and
Assuming that the failure function, D, is normallydistributed, Ta-, provide a larger reliability value than the base.
then:
Since resources are always limited in terms of time
and cost, this method provides a means of ranking the
z = -D influence of the variables that contribute or detract from the
SD reliability of the system. In this manner, a prioritized list of
those variables that can be changed to achieve the higher
reliability values is obtained. However, these prioritized
improvements that increase the reliability of the system, must
be coupled with the impact that the change would make to the
performance of the system and the cost of replacing and/or
retooling to accommodate the manufacturing process changes.
3 4 3976547
2.5 Summary ofprocedures

:. P( Z < 4.8976547) The probabilistic FMECA is applicable to all life

= Reliability L 0.999999514 cycle phases. First, the qualitative probabilistic FMECA
method of conducting the failure of the system elements was
based on standard normal distribution tables. This is a introduced to prepare us to conduct the quantitative
predicted reliability estimate. probabilistic FMECA that followed. By example, this paper
brought together the information and knowledge required to
Step VI11 Conclusions: conduct a probabilistic reliability analysis in a structured
format to positively impact the design analyses taken into
Based on the assumed thickness of the insulation, the consideration by the design engineer to satisfy system/product
potential for insulation bum-through is Ygligible. These specifications.
steps can be summarized on a worksheet for calculating the
reliability of a component using the probabilistic procedures 1 1

outlined above. Because of the details that will be required to

conduct this analysis, one worksheet will be required for each
component failure analyzed. This worksheet may be designed
to have, at minimum, the following information for each
failure mode: Failure Mode, Allocated Reliability, Reliabilitiy
Logic Block diagram number or Indenture Number, Mission
0.99999
Phase, Criticality, Date, Revision, Review List, Load
Equation, Load Statistics, Capability Equation, Capability 0.999399JIJ
Statistics and Resultant Reliability Estimate.The Quantitative base b + b -
Casual Variables
Probabilistic FMECA is applicable to all life cycle phases
including Design, Process and Operations.
Figure 2.4-1. Sensitivity Analysis of Reliability Values
Sensitivity analysis provides a means of determining
the contribution of each variable in the failure function, to the
calculated reliability. For the insulation burn-through
example discussed in this paper, a sensitivity analysis was
ACKNOWLEDGMENT
conducted for each of the causal variables in the load and
The example used in the text to illustrate the
capability equations, changing only one variable at a time to
probabilistic reliability analysis was derived from the "Solid
determine its impact on the reliability of the failure mode.
Propulsion Reliability Guidebook", Volume I1 that is being
Each variable, in turn, was changed by a value of + 3 0 in the
prepared for publication by the authors of this paper and
calculations. For example, the propellant web, b, which has a
394 1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITYSymposium

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.
others through the Society of Automotive Engineers in the
December 1993/January 1994 time frame.

PROFESSIONAL BIOGRAPHY

Joseph T. Pizzo
ARC Professional Services Group
5501 Backlick Road
Springfield, VA 2215 1 USA

Mr. Pizzo has over 25 years of engineering and technical management

experience in reliability, risk analysis and system safety. He has worked for
various commercial industries including Atlantic Research Corporation and
Boeing Company on space, aeronautical, shiphbmarine and weapon
systems. He is presently co-authoring a set of two volumes solid propulsion
reliability guidebook for the Air Force and Society of Automotive Engineers.
He has over ten years of teaching experience at various universities including
New York University and University of Southern Califomia. He is a
recognized professional in reliability and system safety. He is past president
of Washington chapter of the Society of Reliability Engineers, and past vice-
president of the National Office of the System Safety Society. He has
published over two dozen papers, documents and text book in the area of
reliability, risk analysis, system safety and decision analysis. He has a B.S.
in chemistry from city college of New York; an M.S. in mathematics from
New York and University of Washington. He is currently Reliability and
Safety Manager at Atlantic Research Corporation Professional Services
Group.

Ron M. Adib
UTC - CSD
MS 0012
PO Box 49028
San Jose, Ca95161-9028 USA

Mr. Adib has over 12 years of experience in the area of system engineering,
system safety, quality and reliability engineering. He has worked for United
Technologies and Bechtel Corporation in various engineering capacities. He
is presently co-authoring a set of two volumes solid propulsion reliability
guidebooks for the Air Force and Society of Automotive Engineers. He has a
B.S. in mathematics from university of Maryland, an M.S. in quality
Assurance from San Jose State University and a M.Eng. in Nuclear
Engineering from University of Califomia, Berkeley. He is CQE, CRE and a
Sr. member of ASQC, and SRE. He is currently a Sr. Project Reliability
Engineer at Chemical System Division of United Technologies overseeing
reliability of several solid propulsion system programs.

1994 PROCEEDINGS Annual RELIABILITY and MAINTAINABILITY Symposium 395

Authorized licensed use limited to: Petrobras. Downloaded on July 17, 2009 at 15:45 from IEEE Xplore. Restrictions apply.