Anda di halaman 1dari 45

lOMoARcPSD|2315113

Exam Spring 2015, questions and answers

Design and Innovation Fundamentals (University of Technology Sydney)

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Spring 2015 – Main Exam

STUDENT NUMBER:

This paper and all materials issued must be returned at the end of the examination.
They are not to be removed from the exam centre.

Examination Conditions: Time Allowed: 3 hours and 10 mins


It is your responsibility to fill out and Includes 10 minutes of reading time.
complete your details in the space provided
Reading time is for reading only. You are not permitted to write, calculate or mark your paper
on all the examination material provided to
in any way during reading time.
you. Use the time before your examination
to do so as you will not be allowed any
extra time once the exam has ended.
This is a Closed Book exam
You are not permitted to have on your desk Please refer to the permitted materials below:
or on your person any unauthorised
material. This includes but not limited to:
• Mobile phones
• Smart watches and bands •
Permitted materials for this exam:
Electronic devices • Calculators (non-programmable only)
• Draft paper (unless provided)
• Textbooks (unless specified) • Drawing instruments
• Notes (unless specified) i.e. Rulers, Set Squares and Compasses

You are not permitted to obtain assistance Materials provided for this exam:
by improper means or ask for help from or
give help to any other person. • This examination paper

You are not permitted to leave your seat


• Six (6) answer booklets (5-pages)
(including to use the toilet):
• Until 90 mins has elapsed Students please note:
• During the final 15 mins
• This exam is worth 40% of the final mark
During the examination you must first • This exam is in two parts – Part A and Part B. You are to attempt
seek permission (by raising your hand) both parts for a total of 100 marks. The marks for each
from a supervisor before: • Leaving individual question are shown.
early (after 90 mins)
• Using the toilet • You are to answer ALL four (4) questions from Part A
• Accessing your bag (for a total of 60 marks)
Disciplinary action will be taken against you • You are to answer ANY two (2) questions from Part B
if you infringe university rules. (for a total of 40 marks)
48240 Design & • Use a SEPARATE ANSWER BOOK for EACH Question.
Innovation • Write the QUESTION NUMBER on the front cover of EACH
answer book.
Fundamentals
• Write your NAME and STUDENT NUMBER on this examination
paper (above), AND on the front page of EACH answer book.

Do not open your exam paper until instructed.

Faculty of Engineering and IT Page 1 of 2

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART A – Answer All Four (4) Questions in this Part A. (60 marks total)

Q Parts Main Topics Marks

• Concept of Operations,
1 a, b, c, d 10
• Requirements Analysis

• Engineering Lifecycles
2 a, b, c • High Level Design 10

• Stage Gate Process


3 a, b, c • Industrial Design 20
• DfX

• Hierarchy of Control
• Safety Engineering
4 a, b • ALARP and SFARP/SFAIRP 20
• Hazards

PART B – Answer any Two (2) questions from this Part B. (40 marks total)

Q Parts Main Topics Marks

• Event Tree Analysis (calculations and interpretation of results)


5 a, b, c 20
• Piper Alpha Case Study

6 a, b • Fault Tree Analysis (calculations and interpretation of results) 20

• Failure Mode and Effects Analysis (calculations and


7 a, b, c interpretation of results) 20

• Citicorp New York Skyscraper Case Study,


8 a, b, c • Engineer's role in Safe Design, 20
• Ford Pinto Case Study

9 a, b, c, d • Boeing Dreamliner Case Study 20

10 a, b, c, d, e • Harbour Bridge Case Study 20

• New Product Development


• Innovation Portfolio
11 a, b, c, d, e • Real, Win, Worth-it 20
• Team Dynamics (Storming / Norming)
• Validation Testing

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART A
Question 1. Concepts of Operations and Requirements analysis
1. Concepts of operation and requirements analysis
Early design
I
to the specific problem can be developed based on available technology. Some things to take into
consideration during design are:

• Health and safety, quality of life of the public


• Improvements to existing products
• Advances in science and technology (e.g. materials and manufacturing)
• Analysis of the commercial viability of the product by comparison with other competitive
products
• Analysis of the cost and revenue from the product
• Experience and skills of the engineer designing the solution/product to improve accuracy,
efficiency and reduce material/resource wastage
• P

Types of problems
Problem of prediction:
equations, theories and data analysis.

Problems of explanation: searching the causes for a phenomenon or behaviour.

Problems of invention: developing new effective solutions to a problem.

Product concept (concept of operation)


T
justifications. It may need approval from the business or customer before proceeding, and is used
to analyse stakeholder needs and identify design requirements. It is then refined in the
requirements specification.

Customer needs Stakeholder needs Design requirements


 What the customer wants,  More specific than  Must meet both customer
would like customer needs and stakeholder needs
 May not be practical (e.g.  Usually more realistic and  Must be practical,
too futuristic, not specific to the stakeholder realistic, verifiable,
achievable at the moment)  Involves all of those unambiguous, abstract
 Can be too complex affected by the design  Must follow the constraints
 No constraints, no  Often has set limits and of the stakeholders
limitations constraints  Design must be innovative

Developing the concept


A design strategy must be outlined and different concepts must be explored. They must then be
compared in terms of their strengths and weaknesses, how they address the customer and

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

stakeholder needs, and whether they can be a real-win-worth opportunity. Concepts should be
reviewed and assessed based on cost, viability, competitiveness, practicality, etc. The best one
should be chosen with adequate justifications (perhaps a rating or scoring system, a weighed matrix
might be a good way to compare designs).

Where requirements are used


Requirements define what the stakeholders need, a description of the proposed system and what
the system must do in order to satisfy these needs. They are used in project planning, risk
management, acceptance testing, trade-off and change control.

Requirements analysis and specification


After having a product concept, it is necessary to identify the design requirements based on the
needs and then perform a requirements analysis.

1. Needs analysis: assess the needs of the customer. Organise them into a statement of the design
problem (avoid technical language). Analyse the needs based on the possibility of meeting
them using available resources and technologies.
2. Problem statement: state the main problem to be solved by the design/product based on the
needs analysis and the data gathered from it (what are the objectives that the proposed
solution must satisfy). It should be written in the language of the customer and cover all
aspects of the design, and contain enough information to allow the design to be transformed
into a product. It should also state the goals and capabilities of the project and the key
decisions to be made.
3. Requirements analysis: specify the design requirements based on the problem statement.
Classify requirements into functional (those related to the operation of the product, which
describe how it will work) and non-functional or performance (e.g. appearance, size, shape,
external features that do not affect operation). All requirements must be:
 Abstract: must state what the problem is and not give any specific information about
how it will be solved.
 Unambiguous: must be specific as to what constraints or aims the product follows (e.g.
if the requirement of a new car is to travel at a higher speed, that speed must be
specified in the requirement, otherwise it is not unambiguous).
 Traceable: the requirement should be traced back to the stakeholder needs.
 Verifiable: a test should be designed for the requirement and thus should be realistic
and achievable. It must be testable and quantifiable within bounded target values. A
requirement must first be unambiguous to be verifiable.
 Realistic: within budget and time constraints, SMART (Specific, Measurable, Achievable,
Realistic, Timeframed).
 Technically feasible: must be achievable by available means (existing manufacturing
technologies, materials, etc.).
U uirements. The next step is to design the
criteria for evaluating the design.

4. Requirements specification: once the requirements have been analysed they must be
presented in an appropriate format.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Common problems with requirements specification


 Incorrect or poorly-specified requirements can create many problems during system
integration, testing, manufacturing or deployment of the finished product. Examples may
include: improper constraints or specifications, non-verifiable requirements, etc.
 Requirements are not always validated by the stakeholders; and as a result the end product is
not acceptable for most of them, even if it is verified by the testing department.

Uses of the requirements analysis


 Customer agreement
 Reduce the development effort
 Provide a basis for estimating costs and schedules
 Provide a baseline for validation and verification
 Facilitate use and re-use
 Serve as a basis for enhancement
Requirements validation
To validate requirements, one can use the following table:

Requirement abstract unambiguous traceable verifiable


Phone must have a YES NO (500 hours YES (who NO (no NO (seriously,
battery life of performing what constraints 500 hours of
500 hours function?) want it?) specified) battery life?)

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART A
Question 2. Engineering Lifecycles & High Level Design

1. Engineering Lifecycles

What is a lifecycle?
A life cycle model is a decision-linked conceptual segmentation of the good or service and its
utilization, evolution and disposal in the real world.

What is it important?
These segments provide an orderly progression of a system through established decision-making
gates to reduce risk and to ensure satisfactory progress. Benefits of using Lifecycle model:

Primary where you need to make a decision to specific criteria before a system can progress to the
next stage.

Secondary where the organisation prefers to think of its work and its processes within a larger
framework, which may have useful business relevance or alignment with supply chain or customer
processes.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

High level design is performed in the functional domain, which means that customer needs are
translated to functional requirements. Some of the benefits of high level design are:

 Improvements to decision-making process (is the design manageable?)


 Determination of acceptable performance limits from requirements
 Good estimation of the cost early in the project
 Reduced risk of malfunction and increased reliability of the system
 Reduction of development costs
 Provides a framework for the team to work on the design High level design consists of 5 steps:

1. Solution concepts: this step usually involves defining the problem and looking at the possible
solutions.

2. Synthesis: this is the process of bringing structure to the initial solution concept. It starts as a
rough sketch that becomes more refined as the design develops, and should contain enough
detail for an analysis to be performed. Some difficulties that might need to be dealt with are:
the need for the design to be completed quickly and superior cost or performance over
competitors.
3. Analysis: this step involves breaking apart the synthesised system to verify if it will meet
performance and cost objectives stated in the requirement specification. It can also help
determine the risks involved in developing the design through detailed design and
implementation. Some useful tools for analysis include mathematical models, computer
models, computer simulations and physical experiments in a laboratory. Models are useful for
observing and predicting how the system will behave in the future and what improvements can
be done to accurately reduce the risk of system failure.
4. Refinement: after enough information from the analysis stage has been collected, the
synthesised concept can be modified to improve its performance and reliability. Nevertheless,
the refinement can take place during the analysis stage, as it will usually cycle between

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

synthesis and analysis. The iteration (or repetition) of this cycle will be useful for implementing
the results from a particular analysis to perform another analysis, or for obtaining successively
closer approximations to the desired solution.

5. Documentation (system specification): this is used to complete the detailed design and
implementation. It includes a record of the systems engineering process to assist in modifying
the design if any problems/errors are found. It can also be used as a reference
for future generations of the product and also to develop manuals, advertisement and
technical support. Additionally, the system specification documents the function of each block
in the block diagram, as well as the inputs and outputs, how the blocks work together, test
plan, calculations, computer simulations and laboratory tests. It usually follows this structure:

Introduction (project definition)


Concept/objectives
Principles of operation
Background
List of functional elements
Block diagrams + inputs and outputs + process description + test plan (for each element)
Description of system
How individual blocks interact
System analysis
Results from mathematical analysis, simulations and laboratory tests

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Abstraction
Abstraction helps avoid fixation on currently available solutions and identify fictitious constraints
and to eliminate non-genuine restrictions. The steps for abstraction are the following:

1. From the problem statement, stakeholder impact and requirements specification, identify what
are the required functions and the essential constraints.
2. Broaden the problem formulation and express the solution in the general form of the problem
T is a phenomenon that occurs in
seeking a solution to a given problem. Instead of solving a specific type of problem, which
would seem intuitively easier, it can be easier to solve a more general problem, which covers
the specifics of the sought after solution.
3. Look for solutions to the general form (either on the same field or in a different one).

Decision analysis
Design matrices can be particularly useful for comparing different solutions/concepts based on
established criteria. The best design will be chosen based on how it meets each of the criteria and
how it outstands from the alternative designs. There are 3 main types of design matrices:

 Alternatives evaluation matrix (Y and N): each design is evaluated in terms of whether it meets
the criterion Y N T Y
 Non-weighed matrix: the criteria are not weighted in terms of importance and each design is
rated using a specific scoring system for each criterion. The total scores are added for each
design.
 Weighed matrix: the criteria are weighed in terms of importance (e.g. portability 10%, ease of
use 15%, etc.) and designs are rated with a scoring system. Each score is multiplied by the
weight of the respective criterion, and then all of these results are added. For example:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART A
Question 3. Stage Gate Process, Industrial Design & DFX

New product development process (NPD)


A new product development process (NPD) is a process by which new ideas, concepts or
suggestions are transformed into real products and services that cater the needs of the customers.
This often involves the assessment and selection of different ideas and concepts and analysing the
possible market success of each concept. One of the main objectives of the NPD process is to
minimise the number of products that are cancelled in the later stages of development, where
costs are much higher and the need for successful products is greater. Another objective of the NPD
process is to accelerate the time for the product to be released on the market and reduce break-
even times, taking into consideration the continuous improvement of the product. Critical success
factors for NPD

These factors can be classified into three categories: project, people and environment and strategic.
These are described below:

1. Project level:

a. Striving for unique superior products


b. Market driven, customer focused
c. Predevelopment work
d. Stable project and product definition
e. Planning and resourcing the launch
f. Quality of execution of key tasks from idea to launch
g. Speed (without compromising quality) 2. People and environment:
a. Organisation of project teams
b. Climate, culture, environment
c. Top management support 3. Strategic:
a. Product innovation and technology strategy for the business
b. Synergy and familiarity
c. Targeting attractive markets
d. Project portfolio management (PPM)
financial goals
e. A multi-staged, NPD process covering Idea-to-Launch

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Stage Gate Development model


The main steps for this model are illustrated below:

1. Initial stage discovery


• Technical research and brainstorming of new, innovative, attractive ideas.
• Uncovering unarticulated needs by working with lead users (e.g. innovative customers)
and disruptions in the marketplace, which can lead to the identification of gaps and
good business opportunities.
• Suggestion schemes to encourage ideas from all employees.
• Gate 1: analysing the project feasibility, existence of the market, product advantage,

2. Stage 1 scoping
• D
• Preliminary market, technical and business assessment (usually takes 10 20 days for a
person to complete) based on new, more detailed research.
• Gate 2: re-evaluation of product based on new research, and subjection of project to
G N G . Financial return of the product may be assessed by simple
calculations on payback period.
3. Stage 2 building business case
• Clear description of the product based on advanced research and verification of the

• Market research studies including analysis of customer needs, wants and preferences
for a winning product.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

• Appraisal of the technical feasibility of the project and possible manufacturing


operations and processes, delineating how these are real and achievable.
• Definition of the target market, product concept and its attributes and functionality,
benefits and advantages, design requirements and specifications.
• Detailed business and financial analysis involved a discounted net cash flow approach
such as NPV (Net Present Value) or IRR (Internal Rate of Return), with a sensitivity
analysis to account for possible financial risks and downfalls.
• As a result from this stage, a project justification and detailed product plan are
developed by taking into consideration the aforementioned aspects.
• Gate 3: this gate signs off the project for development and heavier expenditures. This
gate reviews the results from the business case and analyses solid data to make the
G T he decision making
process.
4. Stage 3 development
• Physical development of the product (acquisition of materials, tools, equipment,
manufacturing processes, etc.) takes place.
• Controlled laboratory or in-house (alpha) tests are performed to ensure the product
meets the requirements. At the same time, market analysis and customer-feedback are
performed as iterative processes to make improvements on the design. Rapid
prototyping can be used to receive customer assessment and feedback.
• Management and project control achieved through milestone check points for periodic
review of the project and its development.
• Production of an internally-tested prototype of the product.
• Development of test plans, market launch plans and production plans, with an updated
financial analysis.
• Gate 4: review of the progress and attractiveness of the product. Quality and
consistency of the product development is reviewed. Revision of financial analysis
based on new and more accurate data. Test and validation plans are approved for
implementation.
5. Stage 4 testing and validation
• Validation of the viability of the entire project including the product, production
process, customer acceptance and economics.
• More in- der controlled
conditions.
• U
product and its functionality.
• Trial or pilot production to test, debug or troubleshoot production and operations
processes. Additionally,
and estimate market shares and revenues. Revised business and financial analysis with
updated, more accurate data.
• Gate 5: final point at which the project can be cancelled. This gate decides whether the
product goes for full commercialisation or not. Review of the quality of testing and
validation activities and their results. Strong focus on financial returns and marketing
plans.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

6. Stage 5 launch
• Implementation of marketing launch plan and operations plan. This includes a plan of
action and assessment of unforeseen events, predictions and estimations.
• Launching the product for full commercial wholesale.
7. Final stage post-launch review
• After 6 18 months of commercialisation, the new project is terminated and the team

• P
timing, and are all compared to the results in gate 3.
• Post-
of possible improvements.

Benefits of using the Stage Gate Development model


 Accelerates speed to market and increases the likelih
 Introduces discipline and organisation to an often chaotic process
 Reduces re-work and waste, improves focus via gates and reviews
 Achieves efficient and effective use of scarce resources and ensures a complete success

Industrial design
Role of the industrial designer
Industrial design is the application of art and science to the development of products, by focusing
on elements such as aesthetics, ergonomics*, functionality and usability. Although it is often similar
to engineering design, it defers from the aforementioned in the way that industrial design is more
concerned with the aesthetics and the user-interface of the product than the functionality, and this
is more useful for making the product marketable and attractive for the customers. It is therefore
the role of the industrial designer to create, plan and style manufactured goods or products,
ranging from cars to musical instruments, electronic devices, furniture and so on. They usually
make use of various graphical design tools, which can range from very simple hand sketches to
more sophisticated 3-dimensional CAD models and drafts. They usually take into account the way
products are bought by consumers and how they react to these products, to take advantage of the
like and dislikes of the audience to optimise the marketability of new products. They usually follow
these 5 goals of industrial design:

1. Utility: safe, easy to use by a range of users and user-friendly interface that allows for an easy
interaction between the user and the product.
2. Appearance: shape, form, size, colour and external features that make the product more
attractive.
3. Ease of maintenance: clear instructions of how the product should be maintained and repaired
so as to enlarge its durability.
4. Low cost: the correct selection of materials, features and manufacturing processes allows for a
reduction of cost in production and this makes the product more affordable.
5. Communication: the product should communicate the corporate design philosophy and mission
T
imprinted in each design and should be easily recognisable as a product of that company (e.g.
A

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

*Ergonomics: this term refers to the ease of use and maintenance, as well as user interactions, and
analysing how important these features are for the customer and how they influence the
marketability of the product. Training, education and skills

Industrial designers are trained in a variety of visual arts, including 2D and 3D expression, drawings,
paintings and sculptures, and liberal arts (history, psychology, sociology, literature). In addition to
this, industrial designers learn some applied sciences such as physics, materials and processes, and
human factors. Some of their most important skills are communication (in all forms), problem-

product. Among their practical skills are: drawing, painting, sculpting, model building, crafting, CAD
and solid modelling. They often look at many different attributes in a product, including

experience. It is their ability to approach the design of a product from an artistic point of view, by
applying different concepts from science and technology.

Industrial designers may specialise in a variety of areas and fields, which are often classified
according to the type of products they want to work with. For instance, an industrial designer may
want to work for Apple or Samsung, so they would need to specialise in electronic devices including
PC F is they will need to
acquire more detailed knowledge on electronics and operating systems.

How industrial designers contribute value to the design process


Industrial designers are good at looking for solutions from many different angles and expanding the

T P )
process, which is basically that stage where the company just wants to come up with something
I -
oriented research and examine trends in current markets to obtain new ideas which may not
always be technically feasible, but can be very attractive once the technology becomes available.
Researching user needs ensures that the development team is solving the right problem for the
T
of view, and how, why, where and when the product is used and under what circumstances. For
instance, in the design of a new medical device, the designer must understand how the doctor or
nurse would interact with the product, how it will fit into an overall procedure, how it will be
carried from one place to another, etc. The whole aim of researching user needs is to learn as much

Some types of user research include the following:

 Qualitative market research: using focus groups with targeted users to discuss their opinions
about a product, as well as using online surveys, user feedback, etc. The aim is to learn about
how the users react to a particular product. This differs from traditional market research in that
it focuses more on how functions are performed, how environmental factors affect the product
and how the user responds emotionally to the product, including their frequency of use,
behaviour, dependability, etc.
 Ethnographic research: observing how people use products in their natural habitats and how
each ethnic group responds to the product, based on the differences in culture, religion,
ideologies, and more. The industr

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Once needs and market trends have been properly analysed, it is time to brainstorm ideas to aid
the conceptualisation of new designs. Diagrams, sketches and crude models are used in
brainstorming sessions to communicate a wide range of ideas. Rapid visualization is a process that
helps accelerate this brainstorming and decision making process, by providing fast and clear
representations of the individual concepts. Some rapid visualization tools include Adobe
Photoshop, Adobe Illustrator, ALIAS Studio Software, CAD software and even 2D hand sketches.

In the development stage of the product, industrial designers work closely with engineers and
marketing team members to refine the concept and prepare it for physical development. Some of
the most involved in this process are mechanical designers and mechanical engineers, and there is
an alternation between the designers and engineers in reviewing the internal and external features
of the product in order to maximise functionality and attractiveness. Design for manufacturing
(DSM) is used to consider the issues with manufacturing processes during the product
development, with the aim of reducing production cost without compromising quality. Similarly,
design for assembly (DFA) is used to reduce the cost of assembly by minimising the number of parts
and maximising the ease of handling and inserting parts. Rapid prototyping is very useful for
visualising the physical design and consists on using a variety of techniques to produce quick
physical representations of the product, such as stereolithography (SLA), 3D printing, selective laser
sintering (SLS) and direct shell production casting (DSPC).

In summary, it can be said that industrial designers are crucial in bridging the communication
between users and companies and researching what the user wants and needs from a more
personal point of view. They are good at brainstorming and generating creative designs that are
presented through a variety of rapid visualization tools, which help other employees in the
company or firm to understand what needs to be done and what would be the benefit of doing it.
They contribute to the ergonomics of each product
requirements to the user needs, and improving the overall outlook of the product by focusing on
aesthetics, elegance, functionality, user interactions, ease of use and maintenance. Industrial
designers are e

DFX

What is DFX?
DFX is a systematic approach for making decisions in product development related to products,
processes and plants, where the X(s) may be in conflict. A DFX
the product developer selects and weighs different DFX criteria. Some of these Criteria include:

- Design for Approach: The concept of DFX draws together all the tasks that are necessary in
order to form a product with respect to the diverse goals and restrictions which apply to that
product.
- Design for Criteria: All production-oriented characteristics that are conceivable in the frame
DFX X
appropriate for each criterion. Some of the main examples include Design for Assembly and
Manufacture.
- D M A DFX
and weighs the different DFX criteria for the respective product. It can be seen as a way of
navigating through a large number of DFX criteria
- D “ A DFX DFX
the DFX method.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

- D T DFX DFX
strategy. They enable the synthesis and analysis of one or more DFX criteria.

PART A
Question 4. Hierarchy of Control, Safety Engineering & ALARP/
SFAIRP and Hazards

HOC A L A Reasonably
P ALA‘P T H
the OHS (Occupational Health and Safety) management practice and describes the preferred order
of risk controls taken in a system. The whole aim of HOC is to identify all the hazards present in an
environment or system and eliminate or minimise exposure to those hazards. There are two levels
of HOC:

Level 1: this consists on completely eliminating hazard and hence removing the associated risk. This
should be the first priority in any scenario.

Level 2: this one is implemented when complete elimination of the hazard cannot be practically
achieved. It consists of minimisation options which substantially reduce the risk. They are listed in
order of priority:

 2nd priority substitution: the risk is replaced with one that is less dangerous and less likely
to cause injury. This may involve changing a process or a device.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

 3rd priority isolation/engineering: changing the work environment in such a way that the
workers are isolated from the risk (e.g. protective infrastructure such as protective glass
panels).
 4th priority administration: this may involve upgrading training for the workers, changing
rosters, increasing supervision, providing workers with more detailed manuals and
handbooks, adding more safety procedures or warnings, being more strict with certification
and licenses for operating special machinery, etc. Administration is often one of the most
common procedures in environments where the risk cannot be eliminated. For example,
consider a courier truck service in which the company needs to reduce the risk of a road
accident near a bridge for the drivers.
Some administrative measures that could be taken are: adding more warning signs near the

icle
from starting if the driver exceeds a limit, scheduling courier timetables to avoid night
travel and driver fatigue, providing more training and limiting age, competency, etc.

 Last priority personal protective equipment: when the risk cannot be reduced by any
other means, the last resort is to provide protective equipment, such as helmets, gloves,
goggles, vests, clothing, ear plugs, thermal protection, insulation, etc.

The aforementioned hierarchy is summarised in the following table:

Safety engineering
Safe design
Safe design is a process that consists on identifying hazards and assessing risks early in the design

cycle. It includes all types of design such as facilities, hardware, tools, systems, equipment,
products, materials, energy controls, layout, configuration, and more.

A safe design will usually rely on the correct choice of materials and manufacturing processes to
enhance the product I
aesthetics, practicality, cost and operation, and it is essential that safety is always taken into
account, even if it means compromising one of the other objectives. The design function is
influenced by a range of parties including:

• Design professionals: engineers, architects, industrial designers, software developers.


• Clients, developers, builders, owners, insurers, managers, etc.
• Suppliers, manufacturers, contractors, maintenance personnel.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

• Government regulators and inspectors.

Principles of safe design


There are 5 key principles in achieving a safe design:

Principle 1 Persons with control: persons who make decisions affecting the design of products,
facilities or processes are able to promote health and safety at the source.

Principle 2 Product lifecycle: this involves eliminating hazards or minimising risks in the earlier
stages of the design.

Principle 3 Systematic risk management: the application of hazard identification, risk assessment
and risk control processes to achieve safe design.

Principle 4 Safe design knowledge and capability: should be either demonstrated or required by
persons with control over the design.

Principle 5 Information transfer: effective communication and documentation of design risk and
risk control information between all persons involved in the phases of the lifecycle is essential for
the safe design approach.

Systems approach to safety


Safety must be approached by taking into consideration the system or environment within which it
is to be achieved. The reason for this is that each system might have different constraints and
requirements, and so eliminating risks from the very beginning might not be the most practical
choice. This is exemplified in industries or factories in which hazards cannot be eliminated or
substituted by less harmful ones, because they naturally arise from the specific processes that take
place inside the facility. In these cases, an industrial safety practitioner would need to train the
other workers and employees to co-exist with the hazards in the facility, and applying some
administrative controls (as for HOC) or providing personal protective equipment.

Identifying hazards in a design


A hazard is defined as the source of potential harm or a situation with a potential for harm. An
accidental event is defined as an event which can cause harm. Harm itself is a physical injury or
damage to health, property or the environment. In contrast, risk is the likelihood (probability) that
death or injury might result from the hazard.

Identifying hazards in a design should be straight-forward but also taken seriously, for those
hazards that are ignored may actually have serious consequences at any point in time. Some of the
ways in which hazards can be identified are:

• Examining similar existing systems or products


• Reviewing previous hazard analyses for similar systems
• Reviewing hazard checklists and standards
• Considering all hazardous materials or processes
• Considering interactions between system components
• Considering the human-machine interface
• Using small scale testing or theoretical analyses
• List all the worst-case scenarios and define them
• Implementing HOC, ETA, FTA or FMEA
• Brainstorming all the possible scenarios and possible ways in which injury may occur

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

• Identifying all the existing controls and all the ones that could be added to the system

Types of hazards
Hazards can be classified according to their source. Some of the common types found in the
engineering profession are:

Mechanical hazards: these include the properties of machine parts such as shape, location, stability,
strength, toughness, energy, as well as cutting, shearing, entangling, bending, impact, puncture,
friction or abrasion hazards.

Electrical hazards: these include improper insulation of electrical components, lack of protection,
contact of persons with electrical components with poor controls, exposure to corrosive
environments, contact with flammable liquids, high voltage areas, radiation, short circuits,
overloads, fires, etc.

Thermal hazards: extremely high temperatures, fires, burns, ignition of flammable liquids or
substances, explosions, heat radiation, high pressure environments, poor protective equipment and
controls.

Noise or vibration hazards: hearing loss, lack of vibration dampening that may result in neurological
or vascular disorders in the machine operators, interference with communication, acoustic signals,
etc.

Materials and environmental hazards: contact with corrosive substances such as acids, flammable
liquids and gases, biological hazards (diseases, viruses), pollutants, natural phenomena such as
flooding, typhoons, hurricanes, volcanic eruptions, bush fires, earthquakes, storms, snow, etc.

Qualitative and quantitative risk assessment


Qualitative risk assessment consists on analysing and evaluating the risks using a pre-defined rating
scale, and they will be scored according to their likelihood of occurring and the potential impact
they could have on the system. This may also include the categorisation of risks, in either source-
based or effect-based.

Quantitative risk assessment in the other hand is the assignation of numerical values or measures
to the high-priority risks so that a probabilistic analysis can be performed. This type of analysis

uncertainty, creates realistic and achievable cost, schedules or scope targets. Additionally, a
quantitative risk assessment will require high-level data and well defined risks.

ALARP & SFAIRP


ALARP Principle
1. All efforts should be made to reduce risks to the lowest level possible until the point is
reached where the cost of introducing further safety measures is grossly disproportionate to
the safety benefit that would be achieved.
2. 2. A risk should be tolerated only if it can be demonstrated that there is a clear benefit in
doing so.
3. Residual Risk to should be As Low As Reasonably Practicable.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

4. The basis for the ALARP judgement is that the risk is to be treated to the point where the
cost of further treatment is excessive compared with the resulting reduction in risk, no
further treatment is possible, or the risk is negligible.

SFAIRP Principle
1. Safety risk to be eliminated or minimised So Far As Is Reasonably Practicable.

ALARP vs. SFAIRP


- ALARP asks what is the risk associated with the hazard and then can that risk be made as low
as reasonable practicable.
- SFAIRP asks what are the available practicable precautions to deal with the identified issue
and then tests which precautions are reasonable based on the common law balance (of the
significance of the risk vs the effort required to reduce it).

Hazards

Major Hazard Facility Study

Major hazard facilities (MHFs) are locations such as oil refineries, chemical plants and large fuel and
chemical storage sites where large quantities of hazardous materials are stored, handled or
processed.

Operators of determined MHFs have obligations to:

 Identify all major incidents and major incident hazards for the facility

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

 Conduct and document a safety assessment in relation to the operation of the facility that
involves a comprehensive and systematic investigation and analysis of all aspects of risks to
health and safety that could occur in the operation of the MHF
 Implement control measures that eliminate or minimise the risk of a major incident occurring
at the MHF
 Prepare an emergency plan
 Establish a Safety Management System (SMS) for the operation of the MHF
 P “ C MHF MHF “M“
arising from major incidents and major incident hazards and demonstrates the adequacy of the
measures to be implemented by the operator to control risks associated with the occurrence of
major incidents.

Safe Work Australia has developed guidance material for MHF operators to help them meet these
obligations. This includes information on:

 Notification and determination of a MHF


 Safety assessment of a MHF
 Safety management systems for MHFs
 Developing a safety case outline for a MHF
 Preparation of a safety case for a MHF
 Safety Case: demonstrating the adequacy of safety management and control measures
 Information, training and instruction for workers and others at the facility
 Providing information to the community, and
 Developing an emergency plans for a MHF.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART B
Question 5. Event Tree Analysis *(Didn’t include the case study)

Description
This is a risk assessment tool that is very similar to FTA, but the different is that in this one there is a
I
components that are dependent of each other in the sense that if one fails, then the next one starts
operating as a back-up, and if that one fails too, the next one starts operating and so on. ETA is
useful for reducing the probability of failure of a system by considering the characteristics of each
component, as each one will often have its own probability of failure.

Figure 1.5 shows a very common and simple event tree diagram. It is easy to see that there is a
direct relationship between the probability of failure and the probability of success of each
component. This relationship can be presented in two forms:

(failure success) OR (success (failure)

Everything else is pretty straight-forward. If we want to calculate the probability from start to end,
we multiply the probabilities along the path we follow. If we want to calculate the total probability
of success, we simply add all the probabilities for success across the branches of the event tree
diagram. This is better illustrated with an example.

Example
A failsafe system mechanism consists of 3 components, namely A, B and C. B and C are back-up
components that activate when the previous component fails to respond. This means that if A fails,
B starts operating. If B also fails, then C starts operating, and so on. This is illustrated in the
following event tree diagram:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

The following data is also provided:

Component Cost per unit Probability of failure


A $100 0.5
B $150 0.2
C $200 0.1

a) What is the probability that the whole failsafe system will succeed in responding to a fault?

To do this we simply find the probability of failure of the whole system, which is just:

Total (failure) = 0.5(0.2)(0.1) = 0.01

And then subtract this from 1 to get:

Total (success OR 99%

b) Given that a fault occurs, what is the probability that component C will be required to operate?

What this question is asking is what is the likelihood that C will be needed. We can see that C will
only be required to operate if both A and B fail, so we simply multiply their probabilities of failure:

( is required) = 0.5(0.2) = 0.1 OR 10%

c) Using any combination or multiples of the available components what would be the cheapest
system that has a probability of failure of less than 0.005?

To answer this question, we just use trial and error. For this we will use different combinations of
components that will give us a probability of failure of less than 0.005 and then calculate the total
cost of the system:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Combination Probability of failure Total cost


B 0.016 $600
C 0.001 $600
B C 0.004 $500

We therefore find that the cheapest system will cost $500 and will consist of two B components
and one C component, with a probability of failure of 0.004 or 0.4%.

Important note: if an initial probability for the initiating event is provided, it should be included in
the calculations. Such as in:

So every one of the final probabilities was multiplied by 10-2.

Bow-tie diagram
A bow-tie diagram shows the relationships between hazards and outcomes in a system.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

PART B
Question 6. Fault Tree Analysis

Description
A Fault Tree is a graphical representation of logical combinations of causes of a defined undesired
event or state. Final events may include explosions, failure of equipment, release of toxic gases, etc.
An FTA is used to analyse the safety of a particular system based on a range of known probabilities.
Some advantages of FTA include:

Advantages Disadvantages
• It helps identify risks in a system • It is relatively detailed time
• It helps focus on one fault at a time without and consuming
losing overall perspective • It requires expertise and training
• It links how faults can lead to • Possible sources of error
consequences • It cannot guarantee all faults identified are
• It provides easy to understand results or predicted
• It requires enough information

FTA involves the use of the following symbols:

FTA Procedure
The procedure for constructing a Fault Tree consists of the following steps:

1) Prepare: gather assumptions and pre-conditions, boundaries, constraints, etc.


2) Select top event: select one event to be analysed (ultimate failure).

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

3) Sum up known causes: use existing knowledge of faulty states and failure events to facilitate
the analysis.
4) Construct fault tree: determine whether the top event can occur in more than one independent
way (if so, use an OR gate). Move downwards and search more basic causes.
5) Revise, supplement and test: it is hard to know when the fault tree will be complete. Use trial
and error and make sure you leave no causes of failure out of the analysis.
6) Assess results: this may involve the following steps:
a. Direct evaluation of the result
b. Preparation of a list of minimum cut sets: cut sets are collections of basic events which
can together give rise to the top event. A minimum cut set is one which does not
contain a further cut set within itself.
c. Ranking of minimum cut sets: combinations of failures should be ranked in the basis of
minimum cut sets.
d. Estimation of probabilities: if information about probabilities for bottom events is
known, then the probability of occurrence of the top event can be calculated.
7) Conclude: write a summary with information about the assumptions and results from the
analysis.

The table below shows the description of the main logic gates used in FTA:

A simplified way to calculate probabilities is to follow these simple rules:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

AND Gate

OR Gate

Identifying cut sets and single points of failure


Cut sets are groups of basic (independent) events that when combined can lead directly to the top
event. This is better illustrated with an example:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Following the path from bottom to top, taking into consideration the logic gates, we can draw the
following combinations:

Cut set Justification


{1, 2} If 2 occurs, no water is pumped, and if at the
Logic interpretation: same time 1 occurs, then the system fails.
If (1 AND 2) This is rather obvious since there is no water to
Then failure occurs put out the fire.
{1, 6}, {1, 7}, {1, 8} Logic If 6, 7 or 8 occur independently of each other, it
interpretation: will lead to an engine failure. Thus if 1 occurs
If (1 AND 6) OR (1 AND 7) OR (1 AND 8) Then when the engine fails, the sprinkler system will
failure occurs fail.
{1, 4, 5} If 4 and 5 occur simultaneously, leading to a fire
Logic interpretation: If pump failure from both pumps, and then 1
(1) AND (4 AND 5) occurs, the system fails.
Then failure occurs
{1, 3} If 3 occurs, no water will be pumped, and if 1
Logic interpretation: If occurs as well, then the system fails. This is very
(1 AND 3) similar to the case {1, 2}.
Then failure occurs

It can be seen that any combination of the aforementioned basic events will lead to the top event.
Changes could be made to the sprinkler system (such as adding an extra engine so that each pump
runs on a different engine), which would decrease the probability of failure and increase the
reliability and safety of the system.

Single points of failure are those independent events that form part of the inputs of an OR gate. If
we look back at figure 2, we can see that such events will be {2}, {3}, {6}, {7} and {8} because they
are all followed by an OR gate. Events {1}, {4} and {5} are followed by an AND gate, so they do not
count as single points of failure, because they require other inputs to lead to a different event or
state. You may also notice that {4} AND {5} is an input of an OR gate. This is a combination of
independent events that rely on each other to lead to the next event, and hence combinations of
basic events like this one are also not considered as single points of failure.

Calculating probabilities
To calculate the probability of a top event, we must construct an equation based on the specific
fault tree. To do this, we will use the previous example from figure 2. We shall denote the
probability of each independent event as P1, P2, P3, and so on. We take a close look at the way the
logic gates are arranged. Starting from the top, we see that we have an AND gate. So we start by
setting the equation:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

A N
each of the pumps runs on a different engine. Let the new engine be identical to the first one. We
redraw the fault tree as:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Using the same procedure as before, we arrive at the following probability of top event occurring:

Conversion of a fault tree to a success tree


A success tree is the opposite of a fault tree. In it, all the events lead to the proper operation of the
system rather than its failure. It is possible to transform a fault tree to a success tree or vice-versa
by the following simple steps:

1. Negating all statements (writing the opposite).


2. Transforming all AND into OR gates.
3. Transforming all OR into AND gates.

Nevertheless, a fault tree cannot be constructed solely by inversing a success tree. A fault tree
should be constructed by taking into consideration the more negative side of events, by going into
more depth to properly identify the faults.

PART B
Question 7. Failure Mode and Effects Analysis (FEMA)

Steps to a successful FMEA


1) Review the process or product: by looking at either an engineering drawing or a process
I FMEA
2) Brainstorm potential failure modes: list all the ideas in a brainstorming session. Then, group all
the ideas into categories such as types of failure (electrical, mechanical, etc.), components of
the product, or severity. Then list the failure modes on an FMEA worksheet.
3) List potential effects of each failure mode: think of the consequences of each failure.
4) Assign a severity rating for each effect: rate each effect (consequence) from 1 to 10, with 10
representing the almost impossible detection of an error, and 1 being the prevention of the
error. The higher the rating, the more likely the error/effect is to occur.
5) Assign an occurrence rating for each failure mode: this might be drawn from previous data on
how frequently an error or failure occurs in the system or product. Again, this should be rated
from 1 to 10, outlining the
6) Assign a detection rating for each failure mode or effect: this will depend on what type of
control mechanisms (if any) is currently implemented in the product or system to detect any
errors or failure. The more controls there are, the lower the detection ranking will be (hence
the more likely it will be to detect errors).
7) Calculate the Risk Priority Number (RPN) for each failure mode: this is easily found from by
multiplying the severity, occurrence and detection ratings for each failure mode:

RPN = Severity × Occurrence × Detection

Then, the total RPN is calculated by adding all the individual RPN’s together.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

8) Prioritise the failure modes for action: arrange the items from highest RPN to lowest. The tem
may then set a cut-off RPN above which risk is unacceptable. Now it is necessary to identify the
most essential failure modes and develop ways to reduce their ratings.
9) Take action to eliminate or reduce the high-risk failure modes: try to eliminate as much risk as
possible. If this is not applicable, then reduce them as much as possible. One way to do this is to
look back at the individual severity, occurrence and detection ratings and try to reduce the
rating on one, two or all of them.
10) Calculate the new RPN as the failure modes are reduced: once actions have been taken to
reduce risk, a new RPN must be calculated. The aim of an FMEA is to reduce the RPN by at least
50% after appropriate actions have been taken. The target RPN will depend on the company or
industry based on their tolerances and margins of error, and also their interests in eliminating
risks completely.

Example

Additionally, we are told that the initial RPN was calculated at 180.

a) Calculate the initial severity rating for this failure mode.

To perform this calculation, we use:

We notice however that we were not given a detection rating, but were given a hint. If we read the
C NO
W us is that there is no control system

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

for the detection of the failure mode, and we could infer that the detection rating should be the
highest possible, which is 10.

So we put this value in and get:

a) You have been asked to reduce the RPN to a value of less than or equal to 80. Using one or
more of the following actions in combination, determine the optimum action to take to achieve
an RPN less than or equal to 80 with the least expense.

What we can do is simply try each option individually and see which one is the most effective one.
For instance:

Option 1: RPN = 4(3)*(10) = 120

Option 2: RPN = 6(3)*(6) = 108

Option 3: RPN = 6(2)*(10) = 120

Clearly we need to combine more than one option. The first logical choice in terms of low cost is
options 2 and 3:

Option 2 and 3: RPN = 6(2)*(6) = 72 < 80

And clearly this is the optimum action, given that it meets the target RPN at the lowest cost. The
solution can therefore be restated as:

B
‘PN

Limitations of FMEA as a risk analysis tool


FMEA is a good tool for analysing risks in a system and predicting ways to reduce the likelihood of
failures occurring within the system. Nevertheless, it has some disadvantages:

• Failure modes must be foreseen by the designer(s).


• FMEA does not analyse dangers or problems that may occur when the system is operating
properly.
• FMEA may only identify major failure modes in the system. Fault Tree Analysis (FTA) is better
suited for top-down analysis (from top event to independent events).

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

• It is not able to discover complex failure modes involving multiple failures in a subsystem, or to
report expected failure intervals of particular failure modes up to the upper level subsystem or
system.
• Human factors are not considered in the analysis.

PART B
Question 9. Boeing Dreamliner Case Study

Stakeholder needs and requirements


Who were the influential stakeholders and what were their most important needs?
Stakeholder Need
Passengers and crew A comfortable flight experience that would be
unique and not offered by any other plane
Pilots More advanced flight controls
Foreign suppliers such as Italy, Japan, France and Good profit margin and security that the
Korea investment would pay off, breaking even in a
short period of time, good incentives
Customers (e.g. ANA airlines, Japan) Product to be delivered on time and with
exceptional quality, deadlines to be met
International Aerospace Machinists Union (over To ensure that their jobs were stable and
“ secured and they would not lose them due to
more than 2 thirds of them were plane builders) B
to other cities. Reduce outsourcing.
Competitors (Airbus) To maintain their place as the first largest global
aircraft manufacturer and maintain
competitiveness with Boeing by improving their
own designs

What were the competitive forces?

Boeing is currently the second largest global aircraft manufacturer, behind Airbus in terms of
revenue and deliveries. It is also the second largest aerospace and defence contractor in the world
behind Lockheed Martin. The 787 Dreamliner offering a wider body actually forced Airbus to
redesign their A350 and make the body even wider, for which they introduced the A350XWB (Extra
Wide Body) to compete with the 787.

How were the main stakeholder needs met by the final design strategy? (Concept of operation)
Stakeholder How the need was met
Passengers and crew Faster cruising speed, increased cabin humidity
for comfort, cost savings from less fuel usage,
smart glass that adjusts to different light
intensities, in-cabin noise reduction, and fewer
delays.
Pilots P-Beta control law, vertical gust suppression
(turbulence), enhanced stall protection
(limiting angles of attack), enhanced thrust

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

asymmetry compensation (inertial yaw


deflection on ground, rudder and steering for
yaw disturbances)
Foreign suppliers such as Italy, Japan, France and A B
Korea increased revenue from manufacturing entire
sections instead of small parts
Customers (e.g. ANA airlines, Japan) Discounts of up to 50% as compensation for
production delays
International Aerospace Machinists Union (over Settlements and agreements to maintain
“ assembly line at Seattle for at least 10 more
more than 2 thirds of them were plane builders) years and increased salaries and job stability for
all builders
Competitors (Airbus) Development of A350XWB (Extra Wide Body)

Design process
What were the fundamental changes in traditional aircraft design, supply chain and risk
management introduced for the 787 Dreamliner? Or what were the differences with previous Boeing
commercial aircraft?

Aircraft design features of the 787 Dreamliner:

Changes in the supply chain:

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Fundamental changes in risk management:

Concurrent engineering
How was the new design process to address the trade-off between innovation, cost-cutting and time to
market?

The new design process, based on an unconventional supply chain, was to address this tradeoff in
the following way:

Outsourcing more: by outsourcing over 70% of the development and production activities under
the 787 program, Boeing intended to reduce the development time by using the fact that
having more suppliers work on different parts simultaneously would cut down the time of
production. Similarly, this would also reduce the overall production cost by exploiting the

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Reducing direct supply base: by letting about 50 tier-1 suppliers from all over the world
manufacture entire sections of the aircraft and ship them to an assembly plant at Seattle,
Boeing intended to also cut down the development time and save some money.

Reducing financial risks: Boeing introduced a risk-sharing contract under which strategic
suppliers would not receive any payments from Boeing until they had delivered their first, fully
operational 787 Dreamliner. This also was meant to cut down the development costs for Boeing
as it worked as some sort of credit acquired from the suppliers.

Increase production capacity without incurring additional costs: using outsourcing to reduce
capital investment, and taking advantage of the fact that Boeing only needed 3 days to
assemble the 787 Dreamliner since all major sections of the plane were produce by external
suppliers.

Where did the engineering design for the major subsystems take place? What design roles were kept
in-house? What was outsourced?

Design and production of major subsystems took place in the following countries: Japan, Italy,
France, Korea and the UK. About 70% of all components including fasteners, engines, landing gear,
fuselage and wings were outsourced. The design roles kept in-house were the technology

indoor mood lighting, humidity controls, etc. The main assembly took place in Seattle, with all
subsystems brought from other suppliers.

How did suppliers work as a team across the supply chain? What contractual incentives were in place
to ensure suppliers met their obligations? Did these decisions achieve better supplier performance?

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

The suppliers worked as a team by maintaining constant communication and using a webbased tool
called Exostar to monitor the supply chain and its activities at each stage of the process. This

Though the risk-sharing contract established by Boeing with their strategic partners across the
globe, Boeing freed itself from the obligation to pay any of the development costs to the suppliers
until such time that the first 787 Dreamliner was sold. Despite the financial risks imposed on Boeing
if deadlines were missed, this contract incentivised the suppliers by allowing them to own their
intellectual property, which could be licensed to other companies in the future. Another incentive
was that the suppliers were allowed to increase their revenues by taking up the development and
production of an entire section of the plane instead of a small part. All these incentives and
contracts ensured that the suppliers met their obligations.

It is hard to say whether these decisions achieved better supplier performance. The reason for this
is that the development of the 787 was delayed by almost 3 years, and this incurred several
B “
sequence, creating log jams in the Seattle assembly line. Most problems came from the smallest
parts such as fasteners. Delays with the deliveries of parts also caused delays in the assembly of the
787. It is estimated that Boeing spent between 17 and 23 billion dollars developing and building the
Dreamliner. Around 56 customers ordered more than 800 Dreamliners (altogether), the most
successful launch of a new commercial plane in Boeing history. However, analysts estimated that
Boeing needed to sell 1,000 planes to break even. Another issue was that since many deadlines
were not met, including that for ANA airlines in Japan, Boeing had to give them a discount of up to
50%, which also incurred many additional costs for the company.

Who was to perform the role of systems integrator? Was this approach useful? How was systems
integration actually achieved?

Boeing was responsible for the role of systems integration, as usual. With its assembly lines in
Seattle and Washington D.C., Boeing was in charge of receiving all the components and subsystems
from the suppliers and putting them together within 3 days. Initially, this was thought to be very
efficient as the assembly time was reduced from 30 days to 3 days (in comparison with the 737
model). However, many problems were encountered, such as parts not fitting together, delays in
deliveries, and more. Therefore the approach was not as useful as it was expected, and it actually
caused Boeing a lot of additional costs. Systems integration was achieved using a large workforce of
approximately 80,000 workers (in Seattle alone), from which two thirds were experienced aircraft
builders and machinists. Since all subsystems were outsourced, including fuselage, wings and large
components, assembly was much easier. Nevertheless, the issues with poor organisation and
excessive outsourcing still made the whole process difficult and not as efficient as it needed to be.

Which of the following concurrent engineering benefits were not achieved and why?

1) Shorter product life cycles

This was not achieved. The excessive outsourcing of parts and sub-assemblies of the 787 actually
elongated the product life cycles and caused several delays of up to 2 3 years, because many parts
did not arrive on time, some others did not fit together, and many other technical issues were
encountered during the assembly stage, incurring further setbacks.

2) Improved product design quality

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Despite the heavy delays in development, the quality of the 787 Dreamliner was quite satisfactory
for many airlines including ANA airlines in Japan, and in a way the delays in production helped
identify some structural problems in the plane before it was completed. One example of this was
the fact that the carbon composite wings were found to break apart during bending tests, and
months later this problem was solved by adding two titanium fittings fixed to an outer ring to
strengthen the wings. All the other features that make the 787 unique were of good quality and
satisfied the customers.

3) Lower development costs

Once again, this was not achieved due to the same reasons as in (1). Additionally, development
costs were higher for Boeing since they had to give their customers large discounts as
compensation for not meeting the set deadlines.

What were the difficulties in achieving concurrent engineering in the 787 Dreamliner and how were
these to be overcome? Were these solutions successful in addressing the problems?

Most difficulties were related to logistics problems that have already been discussed. Some of the
solutions for these problems were:

Problem Solution Was it successful?


Incomplete parts, delays, Increase pressure on Not very much. Problems
parts not fitting together suppliers caused a lot of delays.
Carbon composite wings Titanium fittings on outer rings Yes. This solved the whole
breaking during static to strengthen wings problem.
loading tests
Not meeting deadlines Giving customer airlines To some point. Customers were
discounts as compensation B
reputation suffered a heavy
blow.
Worker and trade Increase pay and extend Yes. Strikes ceased.
union strikes contracts for several years
High development costs Risk-sharing contract to At first. Then as problems
incentivise suppliers to work appeared, development costs
harder got even higher.

PART B
Question 10. Boeing Dreamliner Case Study

Stakeholder needs and requirements


Who were the influential stakeholders and what were their most important needs?
Stakeholder Need
NSW Government Join the two cities and bring social order (thus
preventing a potential civil war)

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

North Shore residents Commuting


City businesses Affordable, fast transportation
B Integrated road rail and trams
Bridge workers and builders Jobs during the depression, economical
stability to support their families
Residents displaced by bridge works Compensation
Ferry operators Overhead clearance under the bridge for ships of
many different sizes

What were the alternative solution concepts?

Ever since 1805, there were many proposals for connecting Dawes Point to Milsons Point. These
ranged from simple beam bridges to suspension bridges and arch bridges. Amongst the most
notable were:

1854 Floating steam bridges: these would connect the points guided by chains and cables. It

1871 Steam driven trolley car: similar to the floating steam bridges but featuring high end
towers and a cable car that travelled along the top powered by steam. This was even more
inefficient than the floating steam bridge concept, since the capacity was even more limited
B

many people living in Sydney, so it might have been practical after all)

1879 Double story truss bridge: engineer T. S. Parrott designed a two-story truss bridge from
Dawes Point to Milsons Point, one for trains and another one for carriages. The estimated cost
was 450,000 pounds.

1899 Triple arch bridge: engineer Norman Selfe proposed a bridge from Dawes Point to
Mcmahons Point consisting of three arches.

1908 HH Dare Subaqueous Tubes: a tunnel beneath the harbour was proposed by many people
based on a similar one already implemented in Detroit, USA.

1912 Suspension bridge: engineer J. J. C. Bradfield proposed a suspension bridge sharing


tramway, vehicle and pedestrian traffic, connecting both Dawes Point and Milsons Point.

1921 Grand cantilever bridge: again Bradfield and his team proposed a cantilever bridge design
connecting Dawes Point to Milsons Point.

1922 Three-way bridge: engineer Francis Ernest Stowe proposed a three-way bridge
connecting the Sydney CBD harbour to Balmain and Balls Head, with all three sections meeting
at a central pillar on Goat Island, which would serve as an ANZAC memorial.

1924 Dorman Long and Co bridges: many concepts submitted and reviewed, including a
cantilever beam and other arch bridge designs. The Dorman Long and Co A3 is the one that was
B

How were the main stakeholder needs met by the final design strategy? (Concept of operation)
Stakeholder How the need was met

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

NSW Government The Sydney Harbour Bridge was built


successfully, creating a link between two
previously conflicting cities and creating unity
among residents by working as a symbol for
progress and union.
North Shore residents The bridge certainly brought closeness and unity
amongst residents from both sides of the city.

City businesses The bridge was 49m wide and had plenty of
space for trains, cars, buses, pedestrians, which
meant transportation was affordable and
relatively fast since no traffic took place on the
bridge.
B Rail road was integrated, and trams were used
on the eastern side of the bridge for almost 30
B
covered, and converted into two additional
vehicle lanes. It became clear that trains were
much faster and efficient than trams for
transporting passengers over the bridge.

Bridge workers and builders They got jobs in the construction of the bridge,
but there was no safety at all. In total, sixteen
men lost their lives building the bridge. Despite
the heavy economic deficit during the
depression, the government maintained the jobs
on the bridge (up to 5,000 people) by refusing to
pay more interest for the loans Australia owed
Britain. Jack Lang* (premier of NSW at the time)
also increased taxes for high and middle class
people, to help keep the project running.

Residents displaced by bridge works Many buildings, churches and homes were
demolished on both sides of the harbour during
the development stage and residents received
little if no compensation whatsoever. The need
was ignored.
Ferry operators Clearance for shipping of 49m, allowing for the
safe transit of large ships.
*Jack Lang (from the Labour party) was accused of being a communist several times by many
people due to his bad reputation and indifference towards capitalist property relations and
believed that his focus was on the working class people more than anything. One of the decisions
made by him that shook people from the higher classes was to stop paying interest to the British for
all the loans Australia had taken from them, including all those from WWI. This caused violent
unrest in Sydney, although the bridge continued to be built. The Commonwealth government
passed an act that allowed them to confiscate money from NSW banks and pay back the interest
for the loans from Britain. As a response, Jack Lang decided to rob his own banks, taking all the
money out in cash, and this was the only way he could ensure that the money could be used to pay
all his workers. In the end, after the bridge had been inaugurated, Jack Lang was dismissed by the
state governor.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Why was this concept of operation the best choice?

This concept of operation (two- T A


choice because it met the following requirements:

1) The bridge must be of incredible strength and stability. It should be the best that engineering
can advice. An arch bridge was by far the most adequate to meet this description.
2) The bridge should be simple to erect and assemble at all stages of construction. Although an

knowledge and technology at the time.


3) Suitability for railway traffic. This means that the bridge should share both trains and
automobiles. The two-hinged arch bridge met all the requirements of railway traffic much more
efficiently than other concepts, and also provided the capability of building a wider deck, which
allowed for more traffic and less delays.
4) Appearance. The two-hinged arch bridge was also the best choice for this requirement.
5) As far as practicable the bridge should be fabricated in New South Wales. The English Electric
Company of Australia and Dorman Long and Co Ltd. would take care of the whole construction
of the bridge in NSW.
6) The cost should be reasonable and consistent with the engineering and economic aspects. The
total cost for tender A3, with abutment towers and piers faced with granite masonry, was
estimated at £4,217,721 and was the most acceptable one out of all the tenders. Since the arch
bridged required less steel, it was much cheaper than a cantilever bridge. Although tender A1
which was also an arch bridge was cheaper by approximately £718,000, but it did not possess
abutment towers (hence it would not be as aesthetically pleasant as tender A3).
7) In addition to these requirements, tender A3 also met many of the stakeholder requirements
described in the previous section, making it the most suitable concept of operation for a
Harbour Bridge.

An interesting fact about the Sydney Harbour Bridge is that it was designed to withstand loads
much greater than it would ever face. As a test of its strength and integrity, 108 locomotives were
driven and stationed over the bridge before its official opening. The bridge bent, but once the
locomotives drove off, it recovered its normal shape. It took 8.5 years of construction, 6 million
rivets, 52,800 tons of steel and the lives of 16 men to complete the Harbour Bridge.

Design for manufacture


Identify four major construction problems of the Sydney Harbour Bridge. How were these problems
solved?
Problem Solution
Depression, heavy economic deficit, not enough NSW government refused to pay interest for
money to pay for the materials and workforce. loans to the British government, increasing taxes
for high and middle classes and borrowing even
more money for the bridge.
High rise arches too far from the water, no cranes Mounted steam cranes that could travel on top of
high enough to reach them. the arches and erect the truss panels.*

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

Extremely high moment reactions generated Systematically adding more support cables to the
about abutment towers due to the increasing free ends of the cantilevering arch panels,
weight of the cantilevering arches and all the anchored to inclined shafts in tunnels bored
materials being added. directly on rock foundations. The shafts were
sunk to approximately 120 feet below ground
level, connected with semi-circular crosstunnels.
A minimum factor of safety of 3.5 was used.

The two halves of the arch needed to be Both arches were built simultaneously. Towards
perfectly aligned at the crown, or else this would the very end, where there was a small gap
cause several issues in finishing the bridge. between the two halves, a temporary hinge
arrangement was attached to the ends of the
bottom chords, together with a tapered steel
locating spike that helped align the two halves.
Once the two halves met, the temporary crown
unit formed a structural hinge.

*As the cranes moved forward on top of the arches, more support cables were added to the bridge
to counteract the weight of the cranes. As the two arches became larger and came closer to
meeting in the centre (or crown), lighter cranes were used to lift the panels up.

Design for manufacture:

1) What were the major components of the bridge?

The major components of the bridge were all the steel panels that make up the whole arch and
deck of the bridge. All of the steel structure was made from silicon steel, which at the time was a
novelty in terms of high strength materials. These included all the panels that made up the sections
of the truss arch and the deck.

2) How were these components manufactured?

Various steel workshops were constructed in Milsons Point by Dorman Long and Co. There was a
light shop, a template shop and a heavy shop. All BHP C
works at Newcastle. The light shop was in charge of strengthening the steel members and cutting
them to size, and having them planed and drilled. A press machine was used to straighten the rolled
steel sections and cut sections. Plate shears were used to cut the sections to the desired length. The
edges of the steel plates were planed using two edgeplaning machines featuring rack and pinion
drives.

In the template shop, steel members were brought form the light shop, and here they were marked
for drilling from drawings and templates made within the shop, and then passed on to the drilling
machines. Radial drilling machines and gantry-type travelling drilling machines were used to
perform all the drilling in accordance with the specifications. The various parts of the steel
members were then held together by pins and bolts and riveted by hydraulic riveters.

Finally, on the heavy shop, the assembled members were finished by planing the ends to a true
surface and working with larger assemblies.

3) Identify the design aspects of the Harbour Bridge that allowed for the intended manufacture of
these component pieces.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

The fact that Dorman Long and Co had planned to originally manufacture all the steelwork for the
bridge here in NSW meant that the process would be much easier and efficient. Additionally, the
inclusion of steel workshops in Milsons Point further facilitated the manufacture of all the steel
members and assemblies. Simple sections were used, many of which were rolled pieces of steel
brought from Newcastle, which were then straightened, cut and reshaped on site near the bridge.

Design for assembly, DFx


What were the design features that specifically aided construction?

The use of only one material, silicon steel, for the whole structure of the arch and deck of the
bridge made it a lot easier to manufacture and assemble all the sections of the bridge. Additionally,
the construction of two shops in Sydney allowed for all the components of the steel structure to be
manufactured on site. The addition of manholes in the chords of the arch also made it much easier
for workers to join steel sections together from both sides using rivets. Similarly, the use of
abutment towers and support cables throughout the construction of the bridge provided good
stability and strength for the cantilevered arches on both sides of the harbour. The whole shape of
the top chord of the arch, and its relatively low steepness, also facilitated the use of mounted
cranes to lift the sections up.

Assembly was facilitated by the use of pre-assembled truss sections that were constructed in the
steel workshops in Milsons Point and then hoisted up by the cranes. This meant that the whole arch
could be build by modules instead of member by member, which sped up the whole construction
process.

Were there any other design constraints (DFx)? Such as safety, maintainability, mandated use of
construction materials or workforce?

• Safety: the bridge was designed to be as rigid as possible and to be able to withstand loads
much higher than it would ever need to (this included the weight from all vehicles on the
bridge, strong winds, etc). Additionally, special coating was applied to all the steel sections
of the bridge to protect it from corrosion. Over 6,000,000 rivets were used to join panels
and sections together, making it much stronger and stable. Despite these measures, the
workers were provided with no safety equipment whatsoever, so it was a very dangerous
job.
• Maintainability: manholes on chords of the arch to provide access for workers and allow
them to perform internal inspections in various sections of the arch truss. These were
present during the construction stage and were left there for future use. Additionally, a
light weight gantry was mounted on the underside of the deck that is able to travel the full
length, and is still used for maintenance and painting.
• Mandated use of construction materials: only silicon steel was to be used on the bridge as
it was the strongest material available at the time and it was thus a novelty. The pylons and
abutment towers would be made of concrete and masonry for added compressive
strength.
• Workforce: workers would require good skills in the use of riveters, and operation of
cranes, hoists, press machines, rolling machines, drilling machines, etc.

D
Who were the design engineers?

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)


lOMoARcPSD|2315113

The two main design engineers were essentially J. J. C. Bradfield, from Sydney, and Sir Ralph
Freeman, from the Dorma L C L G B B
manufacturer, and as a company it had actually never designed or built a bridge).

What was each of their roles? (e.g. customer, system integrator, designer)

J. J. C. Bradfield was both a designer and system integrator. He worked in the whole design process
for the bridge for more than 20 years, changing his designs many times. He was also the chief
engineer during the construction of the bridge and was responsible for overseeing all the assembly
of the steel components. Freeman in the other hand was a customer and a designer. He worked for
Dorman Long and Co Ltd, which was hired by the NSW government to manufacture all the steel
components for the bridge. At the same time, prior to 1924 he had also worked on several designs
featuring an arch bridge. He performed many calculations regarding the structural integrity of the
bridge, the sizes, weights and loads the bridge would need to withstand, and so on.

Did the design role of J.J.C. Bradfield complement or conflict with the design role of the Dorman
Long and Co Ltd. engineer Sir Ralph Freeman?

There was a clear rivalry between the two engineers as Bradfield did not want to acknowledge the
involvement of Freeman in the design and construction of the bridge, for he thought it would give
Britain too much credit for the bridge. They argued on how they each worked on the design of the
bridge, and there were conflicting views because here in Australia, Bradfield was seen as the man
who owned the bridged in every sense, whereas back in Britain, the public saw Freeman as being
F B
Harbour Bridge were completely reproduced from the Hell Gate Bridge in New York City, which was
actually what inspired Bradfield to change his original cantilever design to an arch design back in
1923. Freeman added that Bradfield simply copied the Hell Gate Bridge and did not inspire a single
feature of the Sydney design.

Des B
F
hence making the whole process more efficient. One last thing to point out however, is that
Bradfield and Freeman hated each other and there was probably little communication between
T
most of their time arguing.

What were their sign-off/certification roles?

Freeman was mostly in charge of calculations and design so his role was to certify that the design of
the bridge met all the requirements in terms of the calculations performed. Bradfield in the other
hand was the chief engineer of the project and therefore was the one who made the decisions as to
how to build the bridge.

Was there formal certification of the design?

Yes. Tender A3 was certified by Bradfield and the NSW government and endorsed by the premier
Jack Lang. Were there design reviews?

Yes. There was a report on tenders submitted to the NSW government that explained the different
features and attributes of each tender and also evaluated their feasibility based on a range of
criteria such as cost, manufacture or parts, assembly, construction, stability, strength, etc. This
report reviewed each design and also justified why tender A3 was the best concept of operation.

By Oscar A. Nieves and Jion Rao

Distributing prohibited | Downloaded by Ray gunn (360184@gmail.com)