Problems and Solutions
Whether you are new to FMEA or more experienced, these problems will challenge your skills. The intermediate/advanced problem uses an actual airline disaster to challenge readers with an FMEA problem, and practice identifying the elements of an FMEA.
If you haven’t yet read the article “Understanding FMEA Failure Modes – Part 1“, this would be a good time, as it presents fundamental information about failure modes.
Beginner’s Problem
In an FMEA, which of the following is true about a “failure mode”? (Select all that apply)
1. A “failure mode” is the specific reason for the failure.
2. A “failure mode” is the manner in which the item or assembly could fail to meet the intended function and its requirements
3. In an FMEA, there is one failure mode for each function.
4. The failure mode description in an FMEA must include the consequence or impact on the end user.
Beginner’s Solution
1. A “failure mode” is the specific reason for the failure. (False. A “failure mode” is the manner in which the item or assembly could fail to meet the intended function and its requirements.)
2. A “failure mode” is the manner in which the item or assembly could fail to meet the intended function and its requirements. (True)
3. In an FMEA, there is one failure mode for each function. (False. There can be many failure modes for each function.)
4. The failure mode description in an FMEA must include the consequence or impact on the end user. (False. An effect must include the consequence or impact on the end user, not a failure mode.)
Intermediate/Advanced Problem
On June 12, 1972 an American Airlines DC 10 lost its aft cargo door soon after taking off from Detroit. We’ll use this incident to practice identifying the elements of an FMEA.
Here is the background to the FMEA problem. McDonnell Douglas learned from cabin pressure testing that an improperly closed cargo door could burst open due to loss of cabin pressure, potentially resulting in the floor of the passenger compartment crashing down into the cargo compartment. The temporary solution was to put a vent flap in the door that would close by the same linkage that shut the cargo door, which would keep the airliner from holding pressure unless the cargo door was safely latched, thereby alerting the pilot to the problem. However, a bit of excessive force by a baggage handler shutting the door could make the vent flap close even though the cargo door was not fully latched. The DC-10 with the cargo door vent flap was put back in service.
On a brief layover before the Flight 96 leg to Detroit, a cargo handler had trouble shutting the rear cargo door, but managed to get it shut with a little extra force. Since the door-latch signaled “closed,” the warning light in the cockpit did not show a problem. However, the force the cargo handler used to shut the door bent a metal linkage on the inside of the door so that the door was not properly closed. The air pressure during ascent generated too much force on the bent door linkage and it sheared off the pins releasing the door. The cabin near the door collapsed and jammed the control cables to the tail. The rest is tragic history.
What is the probable failure sequence of the DC-10 cargo door?
1. Airline cargo handler uses extra force to close rear door, bending door pin. Door does not securely close.
2. The door vent flap does not trigger the electronic alarm, and the pilot is not notified the cargo door failed to lock securely.
3. The air pressure outside the cargo door drops during ascent, until pressure on the door from the inside causes the door-latch pin to shear. The cargo door blows out.
4. High-pressure air inside the cabin collapses the floor, resulting in hydraulic lines and cables becoming non-functional.
We’ll use the door latch-pin failure on the DC cargo door latching subsystem as an example to practice identifying function, failure mode, effect, cause and controls, based on the cargo door latch-pin failure history. For this exercise, identify one possible function of the door latch-pin of the DC-10 cargo door, and one possible failure mode for the identified function.
Intermediate/Advanced Solution
Check if your answer for the function of the door latch-pin is something like “to fully secure the cargo door in the closed position during all operating loads and environmental conditions without allowing the door to close unless fully latched.” Check if your answer for the failure mode is something like “Door latch pin bends under maximum stress loading.”
Next Article
The next article is an FMEA Q and A. An interesting question about whether or not to update a System FMEA, when making subsequent changes to lower level items, is discussed and answered.
You pinpointed one fundamental root cause of the FMEA/FMECA failure which is the misunderstanding of its terminology. Many FMEA/FMECA “novice” practitioners do not give enough attention to this type of details. Lack of education within the industry as regards to the FMEA/FMECA theoretical background.
Good short article but with great impact.
Thanks for your comment. I agree that a thorough understanding of FMEA fundamentals, including concepts and terminology is key to good FMEA applications. Teams that do not have a good grasp of fundamentals end up taking excessive time and getting inadequate results.
IMHO, I think that this example is deserving of a RCA and not a consideration for a FMEA. This mistakes A priori with A posteriori. The approach here leads to a mistake in logic, and does not illuminate one of the biggest problems with the way FMEAs are facilitated.
Thank you for your comments. I agree with your premise, and if we set out to address the DC-10 cargo door latching system, the right tool would be RCA, not FMEA. And I completely agree that FMEA is a “before the fact” tool. What I was doing with this exercise was to use the incident “as an example to practice identifying function, failure mode, effect, cause and controls, based on the cargo door latch-pin failure history.” Imagine if we set about redesigning the cargo door latching system and wanted to benefit from the field history. That was the intention.
Hi Carl
I have been always confused with two temrs normally used in FMEAs approaches, some time used as failure mode sometimes as a efects. Please can you tell the right locations for “Leakage” and “Corrosion”. There are both causes, failure modes, efects, failure mechanims?
Thank in advance…
Hi Alfredo,
I’ll begin my reply with an excerpt from chapter 3 of my book, Effective FMEAs.
“People first learning FMEA definitions and examples often get confused about the difference between failure mode, effect and cause. A little careful attention to this section, to the definitions given in this book, and a bit of practice will avoid any such confusion.
“Take the example of “leak.” In many cases “leak” is a failure mode, but not always.
“Question: Can “leak” be a failure mode? Answer: “Yes.”
“Example: If one function of a storage vessel or tank includes the need to contain fluid to some standard of performance, a “leak” can be a failure mode, which is the manner in which the storage vessel does not perform the containment function.
“Question: Can “leak” be an effect? Answer: “Yes.”
“Example: If one function of a vehicle body structure is to provide a safe “crumple zone” during accidents to a given standard of performance, a failure mode can be the structure compresses too quickly, which can result in breach of the vehicle fuel tank integrity and a “leak” of fuel. Thus, “leak” becomes part of the effect description.
“Question: Can “leak” be a cause? Answer: “Yes.”
“Example: If one function of a camera flash circuit is to provide the electrical signal for the flash bulb to a given standard of performance, a failure mode can be missing electrical signal and the cause can be capacitor malfunction or “leak.” Note that this is not a root cause, as the question still exists why the capacitor leaks. The FMEA team may do an FMEA on the capacitor, or further analyze the cause of the capacitor leakage, in order to arrive at root cause.
“A given word or phrase does not itself imply whether it is a failure mode, or an effect, or a cause. Determining whether something is a failure mode, effect or cause depends on the context in the scenario. There is no substitute for studying and learning many examples for each of the FMEA definitions and concepts, at all different levels of the system hierarchy or the manufacturing operations.”
“Leakage” can be part of the description of a failure mode, effect or cause.
“Corrosion” in most cases is considered a category of failure mechanism. By definition, a failure mechanism is the actual physical phenomenon behind the failure mode or the process of degradation or chain of events leading to and resulting in a particular failure mode.
Hope that helps. Please feel free to ask any follow up questions.
Carl
Many Thanks Carl
It seems that everything is relative when talking about “leak”. Your explanation has been quite clarifying. According to ISO 14224 “leakage” can be a failure mechanims as well.
Thinking in the same way I suppose that the term “corrosion” can also be seen as an effect caused for another failure mode and also to be the cause of a failure mode, but could be a failure mode for itself?