FAILURE CONSEQUENCES

4.1 WORTH DOING

FAILURE AFFECTS USER IN SOME WAYS Output Product quality Customer service Safety & environment Increase operating cost Loss of credibility

FAILURE CONSEQUENCES
4.1 WORTH DOING

THE NATURE AND SEVERITY OF THESE EFFECTS GOVERN THE CONSEQUENCES.

Actions are taken base on consequences of failure Serious consequences considerable effort Minor consequences no proactive

FAILURE CONSEQUENCES
4.1 WORTH DOING

The focus on consequences, means RCM start the task selection by : assessing the effect of each failure mode, and classify into one of category of consequences find out if physically possible to perform a proactive task that avoid, eliminate or reduce the consequences to an acceptable level ask whether the task actually reduce the consequences to an extent that justify the direct/ indirect cost of doing the task ? If yes, the task is worth doing

FAILURE CONSEQUENCES
4.1 WORTH DOING

A proactive task is worth doing if it reduces the consequences of the associated failure mode to an extent that justifies the direct and indirect costs of doing the task

FAILURE CONSEQUENCES
4.2 HIDDEN AND EVIDENT

An EVIDENT function is one whose failure will on its own eventually and inevitably become evident to the operating crew under normal circumstances

failure of pump a will apparent to operator

Stand alone pump

FAILURE CONSEQUENCES
4.2 HIDDEN AND EVIDENT

A HIDDEN function is one whose failure will NOT become evident to the operating crew under normal circumstances

duty

Stand by

failure of pump C will not apparent to operator under normal condition

FAILURE CONSEQUENCES
4.2 HIDDEN AND EVIDENT

Categories of Evident Failure Consequences

safety and environmental consequences

Injure or kill someone Breach of environmental standard Affect production or operation

operational consequences

non-operational consequences

non safety and operational Direct cost of repair

FAILURE CONSEQUENCES
4.3 RISK

Question of Risk
10-4

10-5
10-6

10-7
I believe I have Complete control (driving car)
I believe I Have some Control and Choice about Exposing my Self (at work)

I believe I Have no Control but I Dont have to Expose myself (aircraft pax)

I have no Control and no Choice about Exposing myself (off-site exposure To industrial accident)

FAILURE CONSEQUENCES
4.4 SAFETY & ENV CONSEQUENCES

Decision on tolerable level

individual values industry values

Whether benefits justify the risk

effect on future generation knowledge

Perception of risk

FAILURE CONSEQUENCES
4.5 SAFETY AND PROACTIVE

For an FM with safety or environmental consequen ces, a proactive task is only worth doing if it reduces the probability of the failure to a tolerable low level
Does the failure mode Cause a loss of function Which could injure or kill someone

No

Does the FM could breach Any known environmental standard

yes

yes
Proactive is worth doing If it reduces the risk of The failure to tolerable Low level

No (see next Chapter)

If proactive task can not be found, redesign is compulsory

FAILURE CONSEQUENCES
4.6 OPERATIONAL CONSEQUENCES

A failure has operational consequences if it has a direct adverse effect on operational capability
Failure affect operation in four ways : they affect total output they affect product quality they affect customer service increase operating cost in addition to the direct cost of repair

FAILURE CONSEQUENCES
4.6 OPERATIONAL CONSEQUENCES
For FM with ops consequences, a proactive task is worth doing if, over a period of time, it costs less than the cost of operational consequences plus the cost of repairing the failure
Failure mode
1.

Failure effect
Motor trip but no alarm sounds. Level in tank drops until low level alarm sounds at 120000 liters. Down time to replace the bearing is 4 hours. MTBF is 3 years

Bearing seizes due to normal wear

Given : if the tank runs dry, it will cost $5000 per hours water is drawn from tank at 800 lpm

FAILURE CONSEQUENCES
4.6 OPERATIONAL CONSEQUENCES
Q=1000 lpm

Q=800 lpm

So, the tank will run dry 2.5 hrs after alarm sounds, while it takes 4 hours to replace bearing
downstream process stop for 2.5 hrs It costs 1.5 x $ 5000 = $ 7500 (every 3 years in

average + cost to replace

FAILURE CONSEQUENCES
4.6 OPERATIONAL CONSEQUENCES

Assumes : technically feasible to check bearing for audible noise once a week craftsman cost $24/hrs and takes 20 minutes to check in 3 years, in average there will be 150 checks the ops consequences can be avoided by ensuring the tank is full before replacing the bearing (gives us 5 hours) Maintenance cost : 150 x $8 = $ 1200 + cost to replace

FAILURE CONSEQUENCES
4.6 OPERATIONAL CONSEQUENCES
Does the FM have a direct adverse effect On operational capability

YES
Proactive task is worth doing if it costs less than The cost of the ops consequences plus the cost Of repairing the failure

DEVELOPING MAINTENANCE STRATEGY WITH OPERATIONAL CONSEQUENCES

NO ( SEE NEXT)

If cost effective proactine can not be found, the Default is no schedule maintenance

But it might be worth redesigning the asset or changing the process To reduce total cost

FAILURE CONSEQUENCES
4.6 NON OPERATIONAL CONSEQUENCES

The consequences of an evident failure which has no direct adverse effect on safety, environment or operational capabilities are classified as non operational. The only consequences associated with these failures are the direct cost of repair, so these consequences are economic.
duty

Q=1000 lpm

Y
Q= 800 lpm

X
C
Stand by

FAILURE CONSEQUENCES
4.7 NON OPERATIONAL CONSEQUENCES

Assumes :

same as previoous case

if pump B failed, switch automatically to C if the bearing of pump B is found to be noisy, switch manually to C, and replace the bearing

cost associated with failure is cost of replacing the bearing

cost of proactive maintenance is

150 x $8 = $1200 + cost to replace bearing so, the cost of proactive is greater than cost of doing nothing

FAILURE CONSEQUENCES
4.6 NON OPERATIONAL CONSEQUENCES

It is not worth doing the proactive task even though the pump is technically identical to the pump in previous case. For a FM with non-operational consequences, a proactive task is worth doing if over a period of time, it costs less than the cost of repairing the failures
Points concerning the non-operational conseq secondary damage

Economic justification for secondary damage

protected function

Maintenance program applied to protective device

FAILURE CONSEQUENCES
4.6 HIDDEN FAILURE CONSEQUENCES

Hidden Failure and Protective Device fail-safe protective device

a fail safe protective device is one whose failure on its own will become evident to the operating crew under normal circumstances A system which includes a fail-safe protective device, there are three (3) possible states

Neither device failed Protected function fails before the protective device Protective device fails before the protected function

FAILURE CONSEQUENCES
4.6 HIDDEN FAILURE CONSEQUENCES

Hidden Failure and Protective Device non fail-safe protective device

The fact that the device is unable to fulfill its intended function is not evident under normal circumstances A system which includes a non fail-safe protective device, there are four (4) possible states

Neither device failed Protected function fails while the protective device is still functioning Protective device fails while the protected function is still functioning The protective device fails then protected function fails while the protective device is in failed state(multiple)

FAILURE CONSEQUENCES
4.6 HIDDEN FAILURE CONSEQUENCES

Multiple Failures only occurs if a protected function fails while the protective device is already in failed state