Risk identification and risk assessment techniques

A number of different risk identification and risk assessment techniques are available to help identifying and rating failures.

Most of the methods for risk assessment which are used today in safety critical industries have their origin in the 1960s. “This was the period where new analy-sis methods were required to match the growing complexity, and therefore also the growing risk, of technological systems”, (Hollnagel, de Paris, & Antipolis, 2008). Examples are Fault Tree Analysis⁴² (FTA), Hazard and Operability Analy-sis⁴³ (HAZOP), Failure Mode and Effects Analysis (FMEA) and Failure Mode, Effects and Criticality Analysis⁴⁴ (FMECA) (MIL-STD-1629A, 1980).

“The most notable methodology dealing with this issue is the Failure Mode and Effects Analysis (FMEA)”, (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013). A FMEA can be described as a systematic way of identifying failure modes of a system, item or function, and evaluating the effects before they occur.

However, analytical methods such as FMEA or RCA (Root Cause Analysis) “will not succeed in uncovering latent sources of error if staff, bound by an implicit

‘‘code of silence’’ and a fear of challenging the institutional hierarchy, are un-comfortable with exposing weaknesses in processes for which they are respon-sible”, (Nieva & Sorra, 2003). The Advisory Committee on the Safety of Nuclear Installations⁴⁵ (HSC, 1993) provides the following definition of safety culture:

“The safety culture of an organization is the product of individual and group val-ues, attitudes, perceptions, competencies, and patterns of behaviour that deter-mine the commitment to, and the style and proficiency of, an organization’s health and safety management. Organizations with a positive safety culture are characterized by communications founded on mutual trust, by shared percep-tions of the importance of safety and by confidence in the efficacy of preventive measures. ’’Above definition about safety culture can easily be adapted to the context of patient safety in healthcare”, (Nieva & Sorra, 2003).

41 ISO 9000:2005, www.iso.org/iso/home/standards/management-standards/iso_9000.htm

42 FTA were developed in 1961 to evaluate the launch control system for the Minuteman ICBM

43 HAZOP was developed by Imperial Chemical Industries in England in the early 1960s

44 FMEA which was originally developed by the US military in 1949 but later superseded by the Failure Mode, Effects and Criticality Analysis (FMECA) (MIL-STD-1629A, 1980)

45 http://www.hse.gov.uk/aboutus/meetings/iacs/nusac/

Risk analysis and Risk-Priority-Number (RPN)

Risk analysis is used to prepare decisions that help to limit extent of loss or to minimize the occurrence of the event, so it doesn’t end in itself. Depending on the risk priority number an adequate strategy has to be chosen. Hence, “risk control always results from dependency of a concrete risk”, (Fischer D. , 2009).

Below Table (Table 9) gives an overview on a risk in dependency of the severity and occurrence and the required strategies.

Risk with Strategy

“severity of an event” the Risk Priority Number is defined as follows:

(3) 𝑅𝑖𝑠𝑘 𝑃𝑟𝑖𝑜𝑟𝑖𝑡𝑦 𝑁𝑢𝑚𝑏𝑒𝑟 = 𝑂𝑐𝑐𝑢𝑟𝑟𝑒𝑛𝑐𝑒 𝑜𝑓 𝑒𝑣𝑒𝑛𝑡 ∗ 𝑆𝑒𝑣𝑒𝑟𝑖𝑡𝑦 𝑜𝑓 𝑒𝑣𝑒𝑛𝑡 respectively

(4) 𝑅𝑃𝑁 = 𝑂 𝑥 𝑆

Whereupon “occurrence of an event” correspond to “probability of event occur-ring” and “severity of an event” correspond to “impact of event occuroccur-ring”.

For a system consisting of the three dimensions “occurrence of an event”, “se-verity of an event” and “detection of an event” the Risk Priority Number is

The traditional FMEA for example is using the same calculation base.

3.4.2 One of the most established risk assessment methods today - FMEA

“Failure mode and effects analysis (FMEA) is a widely used engineering tech-nique for defining, identifying and eliminating potential failures”, (Stamatis, 1995).

In the (EN 60812 - FMEA, 2006) standard, it is said: “FMEA is a method for de-termining the severity of possible failure modes and for providing input infor-mation for risk reduction measures”. In addition, the FMEA provides an estimat-ed value for the probability of failure mode respectively for the probability an event will occur. And as third dimension the detection, an estimated value to recognize a possible failure mode respectively that occurring event.

Purpose of FMEA

FMEA seeks for answer for questions like: “what could go wrong with the system or process involved in creating the system; how badly might it go wrong; and what needs to be done to prevent failures?”, (Vikramjit, Harish, Sarabjeet, &

Simranpreet, 2013).

In this conjunction it is necessary to understand the meaning of “Failure Mode”

(SAE, 1994), (Stamatis, 1995): “Failure Mode – the manner in which a compo-nent, subsystem, or system could potentially fail to meet the design intent. The potential failure mode could also be the cause of a potential failure mode in a higher level subsystem, or system, or the effect of a lower level effect.”

The purposes of FMEA (Failure Mode and Effect Analysis), as well as for FMECA (Failure Mode, Effects, and Criticality Analysis) is as follows (EN 60812 - FMEA, 2006), (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013), (Reiling &

Knutzen, 2003):

 Identify potential design and process related failure modes. Ideally, the design or process can be changed to remove potential problems in the early stages of development.

 Find the effects of the failure modes. FMEA allows a team to analyse the effect of each failure.

 Find the root causes of the failure. An FMEA is designed to find the sources of the failures of a system.

 Prioritise recommended actions using the risk priority number. The risk priority number is computed using the probability of occurrence of the failure mode, the severity of the effect of the failure mode, and the probability of detection of the failure mode through manufacturing.

 Identify, implement, and document the recommended actions.

For Latino the FMEA is “a team-based, systematic and proactive approach for identifying the ways that a process or design can fail, why it might fail, and how it can be made safer”, (Latino, 2004)

These results in offering several advantages using FMEA or FMECA, where three are pointed out, (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013), (Ennker, Pietrowski, & Kleine, 2007), (DeRosier, Stalhandske, Bagian, & Nudell, 2002):

 Avoiding costly modifications through early detection of weaknesses in the design, product or process development

 Detection of such failures, which, if they occur alone or in combination, are unacceptable or have a significant impact

 Determining those failure modes that may affect the expected or re-quired operating capital

 Etc.

The basic theory of the FMEA is shown in Figure 11.

Figure 11: FMEA - basic theory

The traditional FMEA and its Risk Priority Number

The traditional FMEA uses the three factors severity, occurrence, and detection, to determine the Risk Priority Number (RPN) ( (EN 60812 - FMEA, 2006), (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013), (Kmenta & Ishii, 2000), whereas equation (8) corresponds to (6).

(7) 𝑅 = 𝑆 ∗ 𝑃 (8) 𝑅𝑃𝑁 = 𝑆 ∗ 𝑂 ∗ 𝐷

The used terms as defined by the standard (EN 60812 - FMEA, 2006) are sum-marized in Table 8.

i.e. an estimate of the probability that the failure effect will occur

S Severity dimensionless quantity

i.e. an estimate of how much influence the impact of a failure the system or the user can be

O Occurrence dimensionless quantity

i.e. the likelihood of a failure mode for an as-sumed or defined period - even if it is defined as rank, instead of the actual probability

D Detection dimensionless quantity

i.e. an estimate of the chance to detect and cor-rect before the system or the customer are con-cerned the failure. This parameter is usually clas-sified according to their size, conversely to the rank numbers for severity or frequency of occur-rence, the higher is the identification number, the more likely it is recognition. Consequently leads to the lower probability of detection to a higher RPN, and a higher priority for the treatment of the failure mode.

Table 8: Risk and Risk Priority Number – used terms according to ÖVE/ÖNORM EN 60812

In short the terms can be defined as followed (according to (Kmenta & Ishii, 2000) and (EN 60812 - FMEA, 2006)):

 Occurrence (O) – how likely is the cause to occur and result in the fail-ure mode?

 Severity (S) – how serious are the effects?

 Detection (D) – how likely is the failure to be detected before it reaches the customer⁴⁶?

Risk priority number (RPN) is the product of the severity, occurrence, and detec-tion, whereas all three dimensions are classified on an ordinal scale from 1 to 10 or in some cases from 1 to 5. “Traditionally, this FMEA scoring is done by as-signing discrete values to each of the items on a predefined scale, for example from 1 to 5”, (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013). The criticality of each failure mode⁴⁷ can be generated by the calculation of RPN. The failure having a higher RPN will have a higher priority for corrective action or preventive measure.

Severity, occurrence, and detection are scaled and rated either form 1 to 5 or from 1 to 10. This, according to the second case, results in that “the RPN is re-stricted to integer values between 1 and 1000. The RPN effectively expands a 0-1 probability into a 0-1-0-100 component (Occurrence * Detection) and compresses the measure of consequences into a 1-10 range (Severity)”, (Kmenta & Ishii, 2000).

Drawbacks of the traditional FMEA - Limitations and Shortcomings

On the other hand, FMEA has its limits and shortcomings. “FMEA is highly effi-cient when it is applied for the analysis of elements that cause the failure of the entire system or a main function of the system”, (EN 60812 - FMEA, 2006). In complex systems with multiple functions, involving different system components, FMEA can be difficult and tedious. A reason therefore is the detailed system information.

As Vikramjit (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013) pointed out, “the main objective of FMEA is to discover and prioritize the potential failure modes by computing RPN.” “Even today RPN evaluation with FMEA is probably the most popular reliability and failure analysis technique for products and process-es (Sharma, Kumar, & Kumar, 2005). One of the major reasons for this succprocess-ess is due to its visibility and easiness. Unfortunately, several problems are associ-ated with its practical implementation in real industrial situations (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013).

The critical disadvantages include:

46 Note: in healthcare the customer is the patient

47 In healthcare we talk about events that might occur

 In RPN analysis, various sets of S, O and D may produce an identical value; however, the risk implication may be totally different (Sachdeva

& Kumar, 2012), (Wang, Chin, Poon, & Yang, 2009).

 The relative importance among the three parameters is not taken into consideration (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013). “The three risk factors are assumed to be equally important. This may not be the case when considering a practical application of FMEA” (Wang, Chin, Poon, & Yang, 2009).

 The difference of risk representations between the failure modes hav-ing the same RPN (Sharma, Kumar, & Kumar, 2005).

 “The three factors are difficult to be precisely estimated. Much infor-mation in FMEA can be expressed in a linguistic way such as Likely, Important or Very high and so on” (Wang, Chin, Poon, & Yang, 2009).

To overcome the above drawbacks, fuzzy logic has been widely applied in FMEA (Sharma, Kumar, & Kumar, 2005), (Wang, Chin, Poon, & Yang, 2009), (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013).

Significant efforts have been made in FMEA to overcome the shortcomings of the traditional RPN (Wang, Chin, Poon, & Yang, 2009). “Most notably fuzzy the-ory with fuzzy If-then rule base, have been suggested in the literature to over-come the drawbacks”, (Vikramjit, Harish, Sarabjeet, & Simranpreet, 2013). The studies about FMEA considering fuzzy approach use the experts who describe the risk factors O, S, and D by using the fuzzy linguistic terms (Bowles & Pelaez, 1995), (Pillay & Wang, 2003), (Guimaraes & Lapa, 2004), (Sharma, Kumar, &

Kumar, 2005), (Tay & Lim, 2006).

One further view is, the Risk Priority Number (RPN), used to evaluate risk in traditional FMEA “is not sufficient for making cost-driven decisions” (Kmenta &

Ishii, 2000). Gilchrist (Gilchrist, 1993) was among the first to recommend sup-planting the RPN with expected cost: He said, “probability is a universal meas-ure of chance, and cost is an accepted measmeas-ure of consequences”. For a given failure scenario, risk calculated as expected cost: the product of probability and failure cost (Rasmussen N. , 1981), (Modarres, 1992). “Expected cost is used extensively in the fields of Risk Analysis, Economics, Insurance, Decision Theo-ry, etc.“; (Kmenta & Ishii, 2000).