“If no one ever took risks, Michelangelo would have painted the Sistine floor.” – Neil Simon
FMEA and Risk Management are two distinct bodies of knowledge. This article explores some of the interactions between these two important methods. It is not intended to be a complete analysis of the similarities, differences, and linkages between FMEA and risk management. Rather, it is a high-level overview.
What is Risk Management?
Risk management is the systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risk.
The basis of risk management is built on identifying hazards (potential source of harm) and hazardous situations (circumstance in which people, property, or the environment are exposed to one or more hazards).
Once identified, severity of potential harms resulting from hazards and hazardous situations are estimated. The probability of occurrence of these harms is also estimated. And the estimation of severity of harm and probability of occurrence of harm is what defines RISK.
Risk management uses terms such as risk, hazards, hazardous situations, harm, severity, probability of occurrence, risk analysis, risk assessment, risk control, risk evaluation, risk acceptability, risk controls and others. These terms need to be understood within the context of the intended risk management application.
What is FMEA?
An FMEA is an engineering analysis done by a cross-functional team of subject matter experts that thoroughly analyzes product designs or manufacturing processes, early in the product development process. Its objective is finding and correcting weaknesses before the product gets into the hands of the customer.
FMEA uses terms such as item, functions, requirements, failure modes, effects of failure, severity, causes of failure, occurrence, prevention controls, detection controls, technical risk analysis, risk assessment, risk prioritization, detection, risk priority, recommended actions, and others. These terms need to be understood within the context of the intended FMEA application.
Notice that some of the terms for risk management are the same or similar to the terms of FMEA.
What is the difference between Risk Management and FMEA?
In order to understand the interactions between FMEA and risk management, we should begin by understanding key terms and how they are similar of different. We’ll examine two such terms in this article.
In risk management, severity is the amount of damage or harm a hazard could create and it is often ranked on a scale from low to high severity of harm.
A “hazard” is a real or potential condition that could lead to an unplanned event or series of events resulting in death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.
In Design FMEA, severity is a ranking number associated with the most serious effect for a given failure mode, based on the criteria from a severity scale.
Depending on the scales that are used for severity in risk management and FMEA, the severity assessment could be similar for both methods.
In Risk management, probability is the probability of occurrence of harm. To calculate the probability of harm, two probabilities are multiplied together: P1 is the probability of the hazardous situation, and P2 is the probability of the hazardous situation leading to harm. The probability of occurrence of harm P = P1 x P2.
In Design FMEA, occurrence is the likelihood that the failure mode and associated cause will be present during design life. It is not the likelihood that the Effect will manifest. FMEA does not calculate the probability of occurrence of harm. It is one of the limitations of FMEA.
In Design FMEA, detection is the likelihood that the current detection controls will detect the failure mode and associated cause during product development. It is not the likelihood that the harm will be detected.
Notice that probability in risk management is very different from occurrence in FMEA. It is essential that we understand the difference in definitions and application of these terms.
Inputs and Outputs between Risk Management and FMEA
FMEA can be input to risk management. Specifically, high-severity issues, the FMEA can inform Hazard identification and corresponding Severity for use in assessing risk through the procedure of risk assessment and management.
Similarly, the information that is part of risk management can be input to FMEA. Specifically, hazards from the risk management process can help ensure that important failure modes and effects are missing in the FMEA.
Limitations of FMEA in Risk Management
FMEA by itself is not sufficient to conduct formal risk assessment. One of the reasons is that FMEA analyzes failure modes and causes that occur independently, and not in tandem. There is nothing in FMEA that can provide an objective assessment of the likelihood of the effect.
Fault Tree Analysis (FTA) or probabilistic risk assessment is necessary to analyze the probability of harm with complex systems, in order to account for the logic of the tandem pathways.
In the next article, an example FMEA will be linked to an example risk assessment, showing the linkages outlined in this article.