Printer Friendly

An enhanced risk reduction methodology for complex problem resolution in high value, low volume manufacturing scenarios.

ABSTRACT

This paper reports on a methodology for risk reduction, developed and tested at a brand new aerospace manufacturing facility, producing high value aero-structures. The facility was formed as part of a 'Risk Sharing Partnership' between Airbus and GKN for production of the Airbus A350 'Fixed Trailing Edge' (FTE). Whilst operating in New Product Introduction (NPI), the challenge for GKN was to increase production volume for each successive year of operations. At the time of writing, the facility was producing FTE structures at a rate of 4 per month i.e. Rate 4, and attempting to transition to Rate 6. The ultimate aim was to produce FTE structures at Rate 13 within an 8 year period whilst concurrently engineering the product and improving its processes. For schedule adherence, elimination of process failures was critical and often manifested at the final stage of assembly (integration cell). The 'integration cell' comprised of turnkey solutions where, on attempting to increase to scheduled rate, failures increased impacting on cycle times. Most failure types encountered were considered complex, since their permutations were often unknown i.e. caused through varying interactions between hardware, software and staff. To explore the problem further, a conventional Failure Mode and Effects Analysis (FMEA) was conducted but proved subjective, since the standard template was restricted to ordinal and qualitative outputs. A process FMEA (PFMEA) was then developed to account for the risks posed through safety, quality, cost, delivery and people (SQCDP). Utilising SQCDP criteria enabled a means of quantitative analysis for capturing optimal RPN values. Further, whilst the enhanced PFMEA proved effective, the method was limited for in-depth determination of root cause, apparent from the permutations of failure observed. The literature provided options, where the properties of Fault Tree Analysis (FTA) were deemed most suitable for identifying critical path, common cause and probability of failure on demand. Combining enhanced PFMEA with FTA provided a holistic means for quantitative risk prioritisation, plus in-depth determination of root cause when faced with complexity. From the root cause analysis, a set of functional requirements were derived that detailed how the solution would perform in practice. The methodology was then effectively completed once the solution had been implemented, validated and verified delivering improved Value Stream performance over the life cycle of the aircraft programme. Two cases are provided where the outputs have delivered marked reductions in process cycle time and predictability.

CITATION: Winter, D., Ashton-Rickardt, P., Ward, C., Gibbons, P. et al., "An Enhanced Risk Reduction Methodology for Complex Problem Resolution in High Value, Low Volume Manufacturing Scenarios," SAE Int. J. Mater. Manf. 9(1):2016,

INTRODUCTION

This paper reports on a methodological approach for risk reduction. The methodology was developed and tested in a live production scenario of a brand new aerospace manufacturing facility manufacturing high value, low volume wing structures. The facility was formed as part of a 'Risk Sharing Partnership' between Airbus and GKN Aerospace for production of the Airbus A350 'Fixed Trailing Edge' (FTE). Fig 1.0 details A350 XWB FTE in flight attitude and the region outlined highlights where the FTE resides on the wing-box structure:

Importantly, the FTE consists of three carbon fibre C-sections for each port and starboard structure: Inboard (INBD), Middle (MID) and Outboard (OTBD) to which FTE components are attached. The spar C-section effectively transfers the load to the wing-box from the FTE structure to cope with the stresses imparted on take-off and landing; via the faps, ailerons and landing gear. Fig 2.0 details an INBD carbon fibre C-section manufactured by GKN Western Approach.

The FTE attachments for each of the three C-section spars are assembled and fastened while held in jigs. These jigs are then loaded into an integration fixture where all three assembled INBD, MID and OTBD FTE's are then aligned. Fig 3.0 shows a section of the integration fixture where 'A' highlights the inside of the wing spar surface and 'B' details the outside surface. The 'Outboard' direction towards the wing-tip is also shown. On assembly, the Spars are aligned and fastened 'end to end' by joint plates to form the final component spanning 30m.

The challenge for GKN was to increase production volume for each successive year of operations whilst concurrently engineering the product and improving its manufacturing processes. For schedule adherence, elimination of process variation and failures was critical and often manifested at the final stage of assembly i.e. The Integration Fixture. The causes of these failures were broad and ranged from subtle variations in process times, to maintenance issues beleaguering the performance of the cell. To explore the problem further, the Initial Requirements of the process were first examined. If a series of failures were evident, a conventional Failure Mode and Effects Analysis (FMEA) was conducted. However, in practice the traditional FMEA proved subjective. This was due in part to the standard template being restricted to ordinal and qualitative outputs. Consensus on risk priority numbers (RPN) often proved difficult to reach since responses varied between various members of the focus group. To counter this, a methodology was developed, beginning with a process FMEA (PFMEA) to account for the risks posed through safety, quality, cost, delivery and people criteria. As a result, a means of quantitative analysis was therefore enabled, capturing optimal RPN values and easily reaching consensus of opinion. Whilst the enhanced form of PFMEA proved effective, the method was still limited for in-depth determination of 'root cause'; as apparent from the high mix of failure permutations observed. The literature provided many options for 'root cause analysis' (RCA), ranging from 5 whys, Ishikawa diagrams, cause and effect matrices to Fault Tree Analysis (FTA). It was here where the focus group would down-select an appropriate from of RCA, according to the nature in which the hardware (HW), software (SW) and human machine interface (HMI) were affected. In situations where the HW/SW/HMI elements were interacting, the failures were often considered complex. Therefore, FTA was often down-selected in these instances as a means of establishing and quantifying the causes of failure. A high risk Failure Mode (FM) would form the top event of the Fault Tree, under which, the causes of that failure mode formed the first tier failures that contributed to the top event. Further, FTA readily aided in identifying critical path, the common mode/cause and probability of a failure on demand (PFD), thus enabling a more deductive and quantitative form of analyses. On understanding the root cause of a complex failure, Requirements Engineering was then relied on to encapsulate how a solution should perform in practice; naturally building on the initial requirements. The requirements specified would then influence the solution generated, such that it could be verified and validated post implementation. Hereafter, the methodology was effectively completed once the improved Value Stream performance was measured. In this sense, the verified improvements could be catalogued and the new increased rate of manufacture could be reported. This paper provides two approaches for how the methodology was employed to resolve failure modes identified by PFMEA. The first example details a simple case where the Failure Modes identified were resolved purely through functional requirements generation. The second case was more complex in nature and utilized the full methodology: PFMEA, FTA, Requirements Engineering and finally a prediction of future performance.

LITERATURE REVIEW ON THE USE OF FMEA AND FTA

This review aims to appreciate FMEA and FTA as standalone tools and then, through the combined use of FMEA and FTA, the review identifies strategies adopted by various authors for enhancing reliability across a range of systems. Importantly, the review also aims to understand the grounds on which FMEA-FTA has been justified, and why other methods were discounted. The review also gives an appreciation for the efficacy of FMEA in combination with FTA by quantitatively detailing the results of the papers reviewed.

A Brief Appreciation of FMEA

FMEA can be defined as a risk management tool for 'evaluating a system, design, process or service for possible ways in which failures can occur' (Stamatis, 2003). FMEA originates from reliability engineering where it was first codified by American military standard MIL-P-1629 (Military, 1949). Successive decades saw FMEA achieve global recognition through deployment within commercial aviation, space and the automotive sectors (Arnzen, 1964). Commonly, FMEA is employed as early as possible in a product lifecycle for risk mitigation and reduction of failure modes. As a product design matures, greater consideration is given to how economically a design may be manufactured; nominally in terms of time, quality and cost. It is here where Process FMEAs are employed (PFMEA) to focus on existing and potential failures that occur during manufacture. PFMEA output is also of importance for 'knowledge based engineering' since manufacturing feedback can influence a design to meet the manufacturing capability of a given process (Teoh and Case, 2004). In scenarios where production is already underway, a PFMEA can mitigate existing process risks by reducing variation and enhancing production flow. Stamatis (2003) classifies a range of FMEA types, each tailored to suit a particular context: Systems, Services, Equipment, Design or a Process. Traditionally, all FMEA's impart a 'Risk Priority Number' (RPN) whose size is established through a Failure Mode's Severity (S), Probability (P) and Detection (D). The RPN is typically scaled from 1 to 10 and factored S*P*D to yield RPN. It is important to note that the S ranking is assigned on the effects of a Failure Mode. The P ranking is based on Cause, and the D ranking is based on the level of control employed to prevent the failure from occurring (Ford internal, 2004). Once established, individual RPN's are ranked in descending order to highlight the risk posed by the Failure mode, and in turn, prioritise which should first undergo corrective action (Palady et al., 1994). A review of the extant literature has revealed how RPN is an ordinal number, merely possessing rank not magnitude (Kmenta and Ishii, 2000). Rhee and Ishii (2003) agree but also question the subjectivity of the S, P and D criteria; particularly if the same standard FMEA template is applied across a range of scenarios. Rhee also warns that Detection 'D' could be applied either at the point of manufacture, or worst, where the failed product is in the hands of the customer. Narayanagounder and Gurusami (2009) and Franceschini and Galetto (2001) have stipulated how the three S, P and D indices can equate to identical RPN numbers and propose methods for differentiating aggregate RPN scores. It is therefore important that, when dealing with a multitude of RPN numbers, a means of segregation is provided to ensure high priority risks are dealt with first.

A Brief Appreciation of FTA

Ericson (1999) classifies FTA as a rigorous deductive form of graphical systems analysis. The method logically identifies and displays failure pathways, faults, errors and normal events that lead to an 'undesirable' top event (UE). The method originated from Bell Laboratories in 1961, where it was first employed in military systems before its widespread adoption in aerospace towards the latter end of the 1960s (Ericson, 2011). The method is commonly employed in mission critical systems where a qualitative and quantitative understanding of the probability of root causes is required. Lee et al., (2004) provide four key steps for Fault Tree Analysis: 1. System definition, 2. Fault Tree construction, 3. Qualitative evaluation, 4. Quantitative evaluation; here, the system definition refers to the failed state i.e. where the UE has occurred. The Fault Tree is essentially constructed downward away from the top event, where sub-tier modes of failure are transversely listed. Further sub-tier causes are continually categorised downwards, via logic gates, until all relevant causes are captured and the primary sub-events are established. The Fault Tree branches are then rationalised and reduced into Minimum Cut Sets i.e. the shortest possible routes to failure, such that further reduction is not possible without affecting the accuracy of the UE. A case for using software over manual Fault Tree construction is given by Powers and Tompkins (1974), since large scale or complex systems can prove arduous and critical pathways can be inadvertently overlooked.

Contrasting the Combined use of FMEA and FTA

As part of their review into continuous improvement strategy, Satrisno et al., (2013) highlight a gap in the knowledge regarding combinatorial approaches with FMEA. The authors discuss the application of FMEA as a standalone technique within a range of environments, before considering its use with other methods such as SWOT analysis, quality functional deployment (QFD), theory of constraints (TOC) and the TRIZ methodology. The review omits any reference to the use of FMEA alongside, or in combination with FTA. However, the authors were open in their conclusions regarding the scope of the review and encouraged researchers to consider the gap highlighted in future publications regarding improvement strategy. The use of FMEA in combination with FTA was being considered as early as the 1970s, where the two methods were being contrasted for their usefulness in the face of broadening complexity within chemical processing systems. Powers and Tompkins (1974) review risk management methods and the consequences of failure in light of unpredictability in large-scale chemical reactions. From a systemic viewpoint, the authors state how the relationship of the system, its environment and the possible pathways of failure are manifest, given the probabilities of their occurrence. In more recent years, case studies utilising both methods have been reported on, ranging from analyses of hardware and software for a range of applications. Nadji et al. (2004) published their findings on the application of FMEA and FTA for reliability analyses of uninterrupted power supply Systems; stating FMEA as an inductive and FTA as a deductive technique respectively. The authors offer insight as to the qualitative and quantitative nature of the two methods, and conclude with an 'unavailability' calculation and state how redundancy must be built into the system under analysis. The authors omit detail on the quantitative nature of the FMEA from the results provided. A more thorough systems analysis is provided by (Aksu et al., 2006) who investigated the reliability of marine pod propulsion systems through FMEA and FTA. From a systems perspective, the system boundaries were explored; outlining the scope of their analyses via spatial reliability block diagram (RBD), detailing the system configuration under scrutiny. On appreciation of the boundary and spatial analysis, the authors conduct a functional FMEA which, although omitted, 'provided the basis for the FTA'. A quantitative FTA is then given relying on a rich set of failure data including: time dependant reliability calculations (failure rates), enabling the authors to derive reliability curves for the mission duration time. The FTA makes full use of gate symbology and includes detailed sub-events; thus enabling minimum cut sets and full probabilistic analysis. The work is further complimented by Birnbaum (1975) and 'Fussell and Vesely' (1972) importance measures, plus a Markov analysis detailing the minimum operational units for the pod propulsion system to function; thus enabling the authors to deduce a maximum operational time ([10.sup.3] hours). Given the extent of the analyses, the results were very brief but the authors' state how their findings were in agreement with manufacturer's reliability criteria, enabling confidence in design and use in service. Despite the extensive FTA analysis, little evidence of the FMEA was provided; thus, an opportunity to state how failure modes were prioritised and their corresponding relationship with the FTA was omitted.

Morello et al. (2008) report on the development of FTA methodology as applied to heavy commercial gearboxes. The authors construct a FTA that identifies four critical components of a gearbox system: microprocessor, sensors, actuators and relays. Qualitative FTA data was entered into a FMEA template (the content of which was omitted from the paper) and on so doing, the authors found difficulty in connecting the FTA output with that of FMEA and claim: 'FMEA doesn't help in connecting the physical causes to the final effects and thus, presents a gap between the two levels of abstraction in the reliability analysis'. The FMEA had apparently revealed differing modes of failure unconnected from the findings of the FTA. A statistical 'sensitivity' analysis was then conducted with the purpose of understanding the failure distributions of each component from the FTA output; an eight step methodology was then proposed. In redacted form, the methodology commences with the collection of failure rate data to acquire an understanding of failure distributions. An FTA is then constructed to infer reliability before conducting a statistical sensitivity analysis. The final step sees that the sensitivity analysis is applied to the original FTA for the purpose of optimising its quantitative output for accurate prediction of Mean time to failure (MTTF). The authors claim that through factorial analysis, the MTTF can be predicted to within a 2% error. de Queiroz Souza and Alvares (2008) report on the application of a 'Reliability Centred Maintenance' methodology (RCM) for hydraulic turbines and consider a case study using FMEA and FTA independently of each other. Within the report, FMEA is incorrectly detailed as a deductive technique, usually the realm of FTA. It could also be argued the FMEA criteria presented are incorrectly assigned under each heading i.e. the inputs for each Functional Failure, Failure Mode, Cause and Effect. Encouragingly, the authors tailor the Severity, Probability and Detection criteria specifically for the product under scrutiny, thus enabling a quantitative appreciation and providing a means for the focus group to easily reach consensus. Post FMEA, the system was analysed via FTA utilising comprehensive failure rate data. The authors provide an in-depth analysis via FTA, yielding failure rates/hour for critical components suffering from unfiltered debris. However, the corresponding results between the FMEA and FTA appear fragmented, with only a single causal link drawn between the two. The intent of the paper was to improve the structure of planned maintenance and only a single event was exploited in the results i.e. the original objective of the paper for how the system was improved was not met. Povolotskaya and Mach (2012) provide a further case study addressing the final bond quality of electrically conductive adhesives in electronic assembly. On commencing their analyses, the authors rely on a 'cause and effect matrix' (C&E) to aid in the construction of a qualitative Fault Tree. A FMEA template is then populated from the qualitative FTA output to complete the analyses. The authors discuss the merits of risk analysis methods in terms of qualitative and quantitative terms. Further, they elaborate on the basic methods of data acquisition for risk analysis, namely: 1. Analogy, 2. Expert opinion, 3. Statistical methods and 4. Modelling. From 1, the authors state that analogies can originate from a range of sources; but do not discuss their potentially detrimental effects i.e. how sensitive results may be to contextual bias. Since failure rate data from the FTA was omitted, the FTA was not galvanised and a temporal failure rate analysis was unable to be completed. Further, the FMEA RPN numbers were not based on quantitative inputs, leaving the output open to a higher degree of subjectivity; particularly where, as discussed above, analogous inputs were relied on. Objectively, the authors claim the methodology applied to be an appropriate estimation of risk. The author feels that by characterising the variation in the bond (via ANOVA), an appreciation of the influencing factors would be developed i.e. through 'Design of Experiments' (DoE). Ongoing statistical analysis through 'Statistical Process Control' (SPC) may have also been of benefit in serial production for monitoring the tolerance of bonded components. The authors fail to report any quantitative improvements made as result of using FMEA-FTA.

FMEA-FTA analysis has also been applied to a 'safety critical' software application. In their conceptual work, Han and Zhang (2013) utilise 'preliminary hazard analysis' (PHA) early on in an iterative software development cycle prior to FMEA. On reaching an appropriate degree of maturity, their aim was to enhance the reliability of software outputs via FTA for industrial system control. The authors claim a direct correspondence between the granular output of FMEA and FTA; such that 'the FMEA output could input directly into the FTA itself'. Further, the authors also propose a stepped method for their analyses: 1. Identify hazards via PHA, 2. Conduct a FMEA enquiring into the system and its sub- systems, 3. Conduct an FTA utilising the output from the FMEA and finally 4. Verify the corresponding failures and faults between the FMEA and FTA conducted. Critically, the authors state that steps 2 to 4 should be cyclically repeated until a reversible systems analysis is complete and thus, direct correspondence between the FMEA and FTA is achieved. In their conclusions, the authors claim novelty and a differing perspective utilising a combined FMEA-FTA method. They claim a gap exists with traditional software analysis, since software is merely tested and verified as opposed to pro-actively seeking out how failure modes or faults could occur, before conducting mitigation activity. Objectively, solid examples were omitted and neither the outputs of the FMEA nor FTA was included in their report.

In summary, the extant literature has revealed how FMEA is used in combination with other techniques for enhancing reliability. Individually, FMEA and FTA have been used in a complementary manner, yet often separately for analyses of the same process or system. Single setting case studies were the most common research strategy where the two methods were adopted to yield credible internal validity, yet no authors present their findings over longitudinal time periods. In this sense, there appears to be a gap in the body of knowledge, particularly where authors have yet to report on a generalisable combined FMEA-FTA approach with a high degree of external validity over longitudinal time horizons. Most works utilise FTA as the mainstay of the analyses and report extensively on its output. To this end, the FMEA element is somewhat marginalised or incomplete. It has also been the case that FMEA-FTA has been forcefully applied where the problem at hand may have been resolved by simpler means i.e. the justification for its use in general and in combination was lacking. Regarding FMEA alone, some authors have mixed views as to how failure modes, causes and effects should be applied, but in some cases, do include quantitative criteria for enhancing the severity, probability and detection for establishing RPN numbers. Despite there being a general appreciation for the inductive nature of FMEA, there appears to be a lack of appreciation for why the outputs of either FMEA or FTA should be different. There are instances in the literature where attempts have been made to homogenise the FMEA and FTA outputs with scant regard for how the methods are two distinctly different forms of analyses. The lack of understanding stems from how FTA analysis imparts the interaction between faults and events that culminate in a top event failure, something that is not possible by conventional FMEA. In turn, this leads to a subsequent lack in understanding for how FMEA-FTA should be employed in combination to yield synergistic outputs. To conclude, the literature contains a varied picture for how FMEA and FTA can be applied in a cross-sectional sense; yet no firm means or systemic approach has been reached for managing complex industrial processes over longitudinal time horizons i.e. the purpose of this paper. Future research efforts should focus on how the two techniques may best be combined to yield a rigorous methodology, culminating in a longitudinal approach to systems improvement in the manufacturing arena.

RESEARCH APPROACH

This paper reports on a methodology using FMEA, FTA and Requirements Engineering in combination where the techniques are used extensively, and appropriately, to achieve deeper insight into the causes of complexity within manufacturing processes before sustainable solutions can be generated. The problem resolution process consists of 5 stages and is aimed at resolving highly complicated or complex production issues. The 5 step risk reduction methodology is based on the classical risk reduction cycle. Figure 4.0 outlines the steps necessary for reducing process risk. Stage 1 examines the problem statement by way of a 'query note' from production operations, where manufacturing engineers will typically review and supply solutions to minimise faults, variation and the potential for defects to occur. It is here where an adept systems understanding of the production cell is required. Process mapping is often relied on where each process step and its dependencies are understood. Process mapping can also be performed in-depth via parameter diagrams (p-diagrams) or boundary diagrams to depict the cell or operation in question. Appreciating the systemic view of a process aids the Engineer in their understanding of the ideal and failure states. Stage 2 of the process is implemented where an indeterminable level of risk and/or variation has been identified. An enhanced PFMEA is conducted via focus group to inductively evaluate and prioritise risk and provide Optimal RPN numbers.

Stage 3 utilises the PFMEA output to perform a root cause analysis on each of the causes associated with the failure mode in question. The type of root cause analysis conducted was in accordance with the level of complexity posed. For the simplest of problems, one may need no root cause analysis at all and hence, proceed directly onto step 4 to generate requirements. However, as complexity increases, the root cause analysis down-selected becomes more thorough. One may adopt 5 Why's analysis, or for more complex issues a Fishbone diagram, and so on to more deductive engineering approaches such as FTA. Stage 4 relies on the findings from the root cause analysis to generate functional requirements. Operating within the problem domain, requirements are elicited, analysed and specified prior to the generation of any solutions. This measure alone ensures the focus group agrees and understands how a given solution should perform in practice, such that the provision of inadequate solutions is avoided. Operating within the solution domain, Stage 5 enables the development of solutions based on the agreed and complete set of requirements. Considerations such as solution longevity are considered i.e. whether a short, medium or long term solution is appropriate. In addition, the sustainability of the solution derived is considered to deal with efficacy issues such as future proofing. Time, quality and cost aspects are also considered to minimise time to implementation. Lastly, the solution is verified, validated and its contribution to Value Stream performance is catalogued. Thereafter, the methodology is further employed where the facility wishes to improve rate for any given process. The methodology therefore becomes part of cyclical improvement process, see Fig 5.0.

Conducting the PFMEA with the Focus Group

The authors have kept the PFMEA truly inductive, gathering data via focus groups responsible for each production cell i.e. those closest to the process are relied on to elicit the potential and existing failure modes. In descending order of closeness to the process, typical staff include: two operators, a team leader, a shift manager, plus an engineer. Typically, the engineer in question is responsible for the production cell, and often, maintenance engineers are included as part of the data gathering process. As a cross check, the PFMEA begins by contrasting systems or process mapping data against the process phases listed from the ERP system (SAP) i.e. each successive step is examined to ensure that no disparity exists between the system intent and those prescribed by the ERP system. Each process phase is then listed from beginning to end before detailing all possible failure modes. Thereafter, the failure mode's causes are considered prior its effects. Intentionally, this is performed in order to engrain a 'causal approach' to the PFMEA analysis that will eventually be of benefit to the FTA in the latter part of the methodology. Furthermore, it is the causes of variance or failures within a manufacturing process that need to be reduced in order to enhance its capability and thus, where the initial focus should be retained. Other aspects are also considered, in addition to controls, control owners are accounted for to yield the proportion of risk that can be attributed to the relevant functions or teams within the business. Table 1.0 below details each successive PFMEA heading in order:

A full account of the enhanced Severity, Probability and Detection criteria, based on quantitative measures for: Safety, Delivery, Cost, Quality and People (SQCDP) are provided in appendix 1. From the S, P and D criteria, the RPN outputs are essentially governed and tailored to the single setting; by retaining SQCDP principles, the content can be re-tailored and transferred in other settings.

Analysing the PFMEA Outputs

A range of 'Causes' and 'Effects' were possible for each Failure Mode established. RPN's were therefore assignable to each Cause and its corresponding Effects. Hence, the first set of RPN calculations traditionally established RPN values for the Causes of each Failure Mode using the quantitative S, P and D criteria in equation 1:

S*P*D = [RPN.sub.CE] = RPN of each cause and effect (1)

Once all RPNs within a Failure mode were known for all causes, they were then summed, giving the Failure Mode RPN as shown in equation 2:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (2)

Further, the 'Process' in question consists of a number of 'Phases' and each Phase consists of a number of 'FMs', therefore RPN numbers can be calculated to derive RPN for the phase, as shown in equation 3:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (3)

A 'Phase' histogram can then be constructed utilising all [RPN.sub.phase] data to demonstrate where risk resides within the process; see Plot 2.0 in results section. The RPN for the entire process is then summed to yield [RPN.sub.process], as shown in equation 4:

[MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] (4)

A Pareto of [RPN.sub.phase] was then constructed in order to discern

the high risk phases within the process; Plot 3.0 details the [RPN.sub.phase] Pareto within the results section. Adopting this method of RPN analysis enables an investigation to be performed from the micro to macro levels.

Furthermore, the process RPN can be analysed alongside all other Process RPNs within the manufacturing facility to determine which processes pose the highest risk. The two approaches applied to the integration fixture are now contextually described.

Approach 1: Utilising Requirements Engineering for Problem Resolution post-PFMEA

Phase 450 of the integration manufacturing operation concerns itself with the location and alignment of the Inner, Mid and Outer FTE assemblies (IMO FTE) whilst held in movable jigs; see Fig 6.0 detailing the Inner spar with FTE attachments.

On commencing phase 450, the IMO FTE jigs are located adjacent to the integration fixture. Then, on alignment, the FTE spar assemblies are positioned to their final wing attitude i.e. within close tolerances that will enable its next level assembly at the customer site. Prior to loading the jigs, laser tracking systems are first positioned around the periphery of the cell. The cell location is then scanned via optical tooling points, and on contrasting the data to a master model, the Engineering Reference System (ERS) is established. The jigs that hold the FTE structures are then located via a 'cup and cone' system and rotationally orientated about the X and Y axes to achieve alignment; see Figs 7.0 and 8.0.

On full alignment, the jigs are locked and set. Completing this operating instruction ensures the FTE (Port or Starboard) is fully aligned ready for surface scanning. The surface (or topographical) scan enables the 'joint plates and angles', which will ultimately fasten the spars together, to be reverse engineered and machined to allow a close tolerance bespoke ft of mating surfaces on assembly; Fig 9.0 details the joint plates and angles:

For phase 450, the PFMEA failure modes, plus their causes and effects were fully understood and prioritised. A level of complexity was apparent that required staff to structure and characterise problems within a 'problem domain' context; as opposed to the determination of immediate solutions. Here, the focus group drew on the discipline of 'Requirements Engineering' and considered how each task functioned within the phase, be it via the interaction between SW, HW or HMI. The way in which failure modes manifested themselves formed a platform that allowed the 'present' performance of the system to be appreciated and thus enabled 'future' performance requirements to be ascertained within a 'solution domain' context. Requirements were elicited, analysed and structured in the traditional language format, outlining the way in which each process step should perform.

Approach 2: Utilising FTA then Functional Requirements post-PFMEA

Phase 650 utilises the topographical scanning system discussed in Phase 450. On commencement, the FTE structures are already held within their jigs and aligned ready for the surface scan. A robot, located on rails, collects the high-density CCD scanner head from its stowed location and attaches via an automated interlock system. Prior to scanning, the head must calibrate itself in accordance with the lighting levels present to function, Fig10.0 details the scanner head and the three angles which enable 3D point cloud data to be collected.

On passing calibration, the inside and outside surfaces of the FTE spar structures are scanned, yielding a high density point cloud of data; see Fig 11.0. Post scanning, the robot returns the scanner head to its original stowed location. Thereafter, specialist software is relied on to reverse engineer the scan data into CNC code. The CNC code is then programmed into a 5-axis machine for the fettling of 'joint plates and angles' to achieve the aforementioned close tolerance ft of mating surfaces. Fig 11.0 illustrates the scanner located on the fixture above the FTE held in jig.

For Phase 650, a level of failure complexity was appreciated such that a detailed form of root cause analysis was required to resolve the calibration problem. The interaction between SW, HW and HMI that culminated in the top event failure as imparted by PFMEA was determined. On understanding the root cause of the base events, the focus group could transition from the 'problem space' and formulate informed and complete requirements for the 'solution space' context.

In this sense, constructing the Fault Tree enabled both qualitative and quantitative forms of cause analyses for assessing the high priority risks from [RPN.sub.phase]. The phase failure formed the top event and the Failure Modes were positioned beneath as first tier faults. The first tier failures derived by PFMEA were considered as single points of failure, such that a degree of consistency remained between the FMEA and FTA analysis. Then, utilising Isograph[R] software, the analysis focussed on determining further causes and the interaction of failures that led to the primary event.

Utilising the systems boundary to confine the analysis, the principle of 'immediate cause' was followed to maintain a level of rigour and simplicity. The qualitative FTA was then rationalised to form minimum cut sets (MCS) that in turn, simplify the quantitative mathematical analysis. AND/OR/XOR gates were then added to determine failure types. Rationalising the Fault tree in this manner has enabled the input of probability data. The probability data was determined as function of 'mission duration', or in the case of manufacturing, cycle-time over the life-cycle of the manufacturing programme.

The analysis then focused on the quantitative nature of FTA by inputting the PFD (Q) data into the Fault Tree software to establish 'Critical Path' i.e. the failure mode that was the highest contributor to the system. Further, 'Common Cause' (CCF) and 'Common Mode' failures (CMF) could then be derived, along with the 'Probability of Failure on Demand' (PFD).

The PFD was based on the inputs of 'Mean Time To Failure' (MTTF) and enabled Fussell-Vesely importance measures to be established. For a comprehensive summary of FTA terminology, properties and construction, the reader is referred to Ericson (2011).

On completing the FTA analysis, the methodology essentially transitioned from an inductive to deductive approach; culminating in the establishment of an enriched quantitative FMEA-FTA methodology for determination of true root cause within complex manufacturing processes. As a result, the engineers were more informed on the true root causes on which to elicit, analyse and specify requirements for future state performance improvements.

RESULTS AND DISCUSSION

PFMEA Results From the Integration Fixture

The PFMEA for the integration fixture was conducted over a 3 month period and contained 186 Failure Modes in total; along with 400 associated Causes and Effects. To aid in interpreting the results, Table 2.0 summarises the RPN data derived:

Forty five manufacturing phases were required for FTE integration, within which, 186 failure modes were derived by focus group and 316 [RPN.sub.CE] of 400 had values >100. A frequency distribution of the RPNs is given in plot 1.0 below:

The RPN frequency data highlights no discernible trend, except for the larger portion of the population residing within the lower half of the dataset. As 720 is approached, the higher RPN numbers tend to diminish, except for a recognisable spike at RPN 540.

Plot 2.0 itemises each phase of the operation by summing the [RPN.sub.CE] values, the in-process risk can be appreciated as [RPN.sub.PHASE].

A progressive step in analysing Plot 2.0 is to determine the importance between the higher risk phases from the lower. The Pareto chart shown in Plot 3.0 reconfigures the phases from Plot 2.0 in descending order and applies the Pareto rule; thus highlighting those phases which must be improved in order to bring robustness to the integration process:

Plot 3.0 illustrates the Pareto chart of [RPN.sub.phase] as derived from plot 2.0. The cumulative percentage curve is reasonably flat and it can be determined that the 80% rule accounts for 21 of the 43 phases present i.e. 48%, not 20%. In this sense, the 80/20 Pareto rule does not apply since 80% of the risk does not come from 20% of the sources. Note the location of phases 450 (Jig Alignment) and 650 (Joint Scanning). Both phases lie above the 88th percentile of the sources present and will are used as the subject for analyses.

Results from Approach 1: Phase 450

Table 3.0 details the Phase 450 Failure modes, [RPN.sub.FM] and Pareto calculations shown in Plot 3.0. The corresponding requirements number (Corr Req't No.) and post-intervention [RPN.sub.FM] are also given with respect to the requirements generated. An 84% reduction in 'risk' was evident where [RPN.sub.PHASE] was reduced from 4288 to 676.

Plot 4.0 highlights the Pareto chart where the first four sources from the left must first be addressed by the 80% rule. These four sources highlight the degree of risk for the reference points used to set up the ERS, plus other processes lacking definition.

The eight failure modes evident were deemed by the focus group to be resolvable without the use of a detailed root cause analysis and hence, all were addressed relying on requirements engineering methodology at the [RPN.sub.FM] level i.e. not [RPN.sub.CAUSE], as is the case for Phase 650. Table 4.0 summarises the functional requirements specified within the 'problem domain' and how the focus group resolved the issues within the 'solution domain'.

The summary of timings shown in Table 5.0 were inserted into a business case for the senior management team to review, who then gave authorisation to make the improvements based on the focus group's recommendations. The post-implementation cycle times are also shown.

Table 5.0 details how, on average, the cycle time for phase 450 was reduced from 8.3 hours to 4 hours i.e. a 51.8% observable reduction in cycle time. The best and worst case scenarios are also shown. Singular values are shown for 'New Cycle Time' for the 'Loading' and 'Alignment' of the jigs, since this activity was now simultaneously performed from requirement 1a described in Table 4.0.

Results from Approach 2: Phase 650

From the PFMEA, the focus group were able to impart that Phase 650 posed the highest risk to the success of the FTE Integration process. Table 6.0 details the Failure modes, [RPN.sub.FM], Pareto calculations and Predicted [RPN.sub.FM] values. A 50.6% predicted reduction in risk was evident between for [RPN.sub.PHASE] from 5508 to 2720.

Twelve failure modes were evident from Table 6.0. Most of the failures involved a combination of software, hardware, plus the human interface. From this, the focus group deemed the failures to be complex enough to warrant a thorough route cause investigation. Note, the failure modes acted upon were derived from [RPN.sub.CE], not [RPN.sub.FM] as per Phase 450. The Pareto for Plot 7.0 highlights six key issues where 'Scanner Fails to Calibrate' will be used as the example for Fault Tree Analysis.

The Pareto details a relatively flat curve and it can be determined that the 80% rule accounts for 6 of the 12 phases present i.e. 50%, not 20%. In this sense, the 80/20 Pareto rule does not apply since 80% of the risk does not come from 20% of the sources. Of the sources to be focused on, 'scanner fails to calibrate' was down-selected for examination by FTA.

To reduce the problem further, Table 7.0 summarises the FMEA content to illustrate the individual causes for why the scanner system would fail to calibrate. The corresponding requirement numbers are also given with reference to the fuctional requirements generated. Within Table 7.0 a 'Software Issue' is also highlighted that resided within the Fault Tree as a second tier sailure as shown in appendix 2.0.

The Fault Tree shown in Fig 12.0 highlights the first tier causes beneath the Failure Mode 'Scanner Fails to Calibrate', as derived by the PFMEA. Each first tier failure is, in itself, an OR gate that contains 'Q' values for 'Probability of Failure on Demand' i.e. the probability that, via the gate in question, a failure will occur causing a process failure via the top event.

The Fault tree largely relied on the input of external events that lead to the top event i.e. not failures intrinsic to the components within the system. A qualitative version was first constructed which, when rationalised, was reduced to minimum cut sets as shown in appendix 2.0. PFD (Q) data was derived from previous experience of manufacturing 50 FTE wing shipsets.

The PFD 'Q' was highest for GT3 'Calibration program failure' that would lead to the top event, this stems from GT6 where the operator was removed and the scanner was not returned to stowage. Plot 8.0 details the Fusell-Vesely importance measure that agrees on the significance and overall contribution of GT3 to the top event failure.

Table 8.0 highlights the requirements and solutions to be developed on the back of the findings from the FTA conducted. GT3 is addressed by requirement 2 where mistake proofing is employed to raise an alarm, should the scanner not be returned within the time frame specified. To aid in the sustainability of the solution, additional work instructions (to be contained within the ERP planning) and training are provided. Table 8.0 summarises the functional requirements specified within the 'problem domain' and how the focus group resolved the issues within the 'solution domain'.

Costings were calculated for the functional requirements shown in Table 8.0. These were inserted into a business case for the senior management team to assess. At the time of writing the case was under review.

CONCLUSIONS

Enhanced PFMEA

The RPN values at either CE FM or Phase level were not predictable since risk resided at varying levels across the entire process i.e. The RPN data did not therefore show any trends as such. The mean [RPN.sub.CE] values and the +/-1 standard deviation reveal how variable the data was and is further proved by the 67.1% C of V value.

Utilising Pareto analysis proved highly effective for the examination of data at the [RPN.sub.PHASE] level. Despite its complexity, Engineering staff were immediately and reliably directed to the highest risk areas of the Integration process.

Two forms of root cause analyses tools were provided for this paper, yet due to the many types and complexity of failure derived, the focus group could determine which level of RCA was most appropriate. This was attributed to both the process knowledge and understanding of RCA held by the group. In this sense, the methodology proved effective where a high degree of process familiarity was evident, combined with a good understanding of RCA methods.

Phase 450

The Phase 450 [RPN.sub.FM] and post-intervention [RPN.sub.FM] values showed an 84% reduction in risk for phase 450. On implementation of the solutions, most [RPM.sub.FM] values were able to be reduced considerably, yet others, such as unanticipated FOD on equipment were unable to be reduced to the same extent.

The [RPN.sub.FM] Pareto details how the first four failures were to

be dealt with first (by the 80% rule), yet due to simplicity, all could be taken care of utilising the principles of Requirements Engineering in order to first understand how a solution should perform. The combination of PFMEA and the solutions generated via functional requirements proved highly effective in practice.

Post implementation, an average reduction in phase cycle time was observed from 8.3 to 4 hours. Further, the bandwidth (or delta) between best and worst cases narrowed from 14 to 3.1 hours, thus increasing the predictability of the process, which in turn aids in the accuracy of production scheduling.

Phase 650

Within Table 6.0, the [RPN.sub.FM] values were highlighted and the Pareto shown in Plot 7.0 illustrates how the first six sources of failure should be addressed. The fifth source: 'Scanner Fails to Calibrate' is then investigated further by examining the raw PFMEA data i.e. [RPN.sub.CE].

Table 7.0 details the six possible causes for how the 'scanner fails'; each with their own [RPN.sub.CE] value. These [RPN.sub.CE] values then from the first tier failures of Fault Tree where, via the Q data, it can be observed that 'Calibration program failure' scores highest (GT3, Q=0.2224); see appendices 2. This failure occurs via 'Scanner not returned to stowage' and the primary failure happens to be where the operator was removed from the job. Via this minimum cut set, the FTA analysis is revealing much richer data than what could be imparted from the PFMEA alone and is further supported via the importance measures shown in Plot 8.0.

FURTHER WORK

The methodology developed has worked exceptionally well for the cases presented. However, after the lengthy task of completing a first round FMEA and yielding sustainable resolutions, the means by which management could review the outputs and buy into improvement activity remained cumbersome. The next steps will focus on decision making support for prioritisation of improvement activity, such that funding and resource can be readily allocated. At the time of writing, the Toyota A3 method of outlining a problem and presenting a solution was being retailored to adopt a risk management perspective.

A scarcity of reliability data was evident from the equipment under review, thereby making the creation of maintenance planning or an asset management strategy difficult to develop. Further, a distinct lack of requirements data was available, such that the original intent of the systems performance was difficult to ascertain. In turn, this made the delta between any old and new requirements generated difficult to establish, apart from where the 3 jigs can now be loaded in parallel reducing the phase cycle time to 4.0 hours. Further work shall overcome the problems faced in existing and future procurement activity by creating statutes within the business processes for requirements planning and failure rate data.

REFERENCES

AKSU, S., AKSU, S. & TURAN, O. 2006. Reliability and availability of pod propulsion systems. Quality and Reliability Engineering International, 22, 41-58.

ARNZEN, H. E. 1964. Failure Mode and Effect Analysis. A powerful engineering tool for component and system optimization.

BIRNBAUM, Z. W. 1975. RELIABILITY AND FAULT TREE ANALYSIS. Reliability and fault tree analysis: theoretical and applied aspects of system reliability and safety assessment: papers, 413.

DE QUEIROZ SOUZA, R. & ALVARES, A. J. FMEA and FTA analysis for application of the reliability-centered maintenance methodology: case study on hydraulic turbines. 2008. 803-812.

ERICSON, C. A. II (1999) "Fault Tree Analysis-A History,".

ERICSON, C. A. 2011. Fault Tree Analysis Primer, CreateSpace Independent Publishing Platform.

FRANCESCHINI, F. & GALETTO, M. 2001. A new approach for evaluation of risk priorities of failure modes in FMEA. International Journal of Production Research, 39, 2991-3002.

FUSSELL, J. B. & VESELY, W. E. 1972. NEW METHODOLOGY FOR OBTAINING CUT SETS FOR FAULT TREES. Georgia Inst. of Tech., Atlanta.

HAN, X. & ZHANG, J. A combined analysis method of FMEA and FTA for improving the safety analysis quality of safety-critical software. 2013. 353-356.

KMENTA, S. & ISHII, K. Scenario-based FMEA: a life cycle cost perspective. 2000

LEE, D. Y., HAN, J. B. & LYOU, J. 2004. Reliability analysis of the reactor protection system with fault diagnosis. Key Engineering Materials, 270, 1749-1754.

MILITARY, U. S. 1949. Procedure for performing a failure mode effect and criticality analysis. United States military procedure MILP-1629.

MORELLO, M. G., CAVALCA, K. L. & SILVEIRA, Z. D. C. 2008. Development and reduction of a fault tree for gearboxes of heavy commercial vehicles based on identification of critical components. Quality and Reliability Engineering International, 24, 183-198.

NADJI, B., KARAKACHE, M. & ABAZI-SIMEU, Z. Dependability analysis of generator phase fault protection system using fault tree method. 2004. IEEE, 810-814.

NARAYANAGOUNDER, S. & GURUSAMI, K. 2009. A new approach for prioritization of failure modes in design FMEA using ANOVA. World Academy of Science, Engineering and Technology, 49.

Palady, P., Horvath, M., and Thomas, C., "Restoring the Effectiveness of Failure Modes and Effect Analysis," SAE Technical Paper 940884, 1994, doi:10.4271/940884.

POVOLOTSKAYA, E. & MACH, P. 2012. FMEA and FTA Analyses of the Adhesive Joining Process using Electrically Conductive Adhesives. Acta Polytechnica, 52.

POWERS, G. J. & TOMPKINS, F. C. 1974. Fault tree synthesis for chemical processes. AIChE Journal, 20, 376-387.

RHEE, S. J. & ISHII, K. 2003. Using cost based FMEA to enhance reliability and serviceability. Advanced Engineering Informatics, 17, 179-188.

SATRISNO, A., MOO, H., LEE, T. & HYON, J. 2013. Improvement strategy selection in FMEA: Classification, review and new opportunity roadmaps. Operat Suppl Ch Manag, 6, 54-63.

STAMATIS, D. H. 2003. Failure mode and effect analysis: FMEA from theory to execution, ASQ Quality Press.

TEOH, P. C. & CASE, K. 2004. Modelling and reasoning for failure modes and effects analysis generation. Proceedings of the Institution of Mechanical Engineers, Part B: Journal of Engineering Manufacture, 218, 289-300.

Darren Winter

University of Bristol

Paul Ashton-Rickardt

GKN Aerospace

Carwyn Ward, Paul Gibbons, Chris Mcmahon, and Kevin Potter

University of Bristol

ACKNOWLEDGEMENTS

The author would like to thank the management of GKN Western Approach, in particular Christine McElhinney, Helen Matthews, Byron Turner and Mike Walker for their tenacity and hunger to resolve production issues. The author would also like to thank the management staff: Paul Ashton-Rickardt and Adrian Marsland for their inputs and continued support in the development of the risk reduction methodology. Lastly, thanks to David Wiseman and Rachel Evans of Isograph for their support and expertise.

This research was supported by the Systems Centre and Industrial Doctorate Centre in Systems at the University of Bristol and funded by EPSRC grant code EP/G037353/1.

APPENDIX

APPENDIX 1. ENHANCED PFMEA SEVERITY, PROBABILITY AND DETECTION CRITERIA

Table 9.0. Enhanced PFMEA Process Severity in accordance with SQCDP
criteria

Rank  Safety                  Quality

                              Process parameter
                              within control limits.
                              Minor process
 1                            adjustments may be
                              performed during
                              process.
                              Process variability not
                              within control limits but
                              within tolerance.
 2                            Continued attention to
                              process adjustment
                              required. No downtime,
                              no defects.

 3                            No defects.


 4                            Minor reactive repair /
                              maintenance required.
                              Minor defect, although
 5                            non-concessionable.




      Health and Safety
                              Defect occurs resulting
 6    awareness necessary
      for local staff.        in a minor concession,



      Near Miss identified    Potential for late
      and logged with         delivery due to defects
 7    Health and Safety       occurring resulting in a
      Representative.         concession.



      Minor Health and
      Safety Implications.
 8    Accident logged         Multiple defects occur
      with local Health       resulting in concessions.
      and Safety
      Representative.
      Staff affected,
      Health and Safety
      implications.
      Accident logged         Major defects occur
 9    with local Health       resulting in engineering
      and Safety              effort to answer
      Representative.         concessions.
      Possible
      Occupational Health
      involvement.
      Majorly affects staff.
      Health and Safety
      implications without    Major defects occur
10    warning. Official       resulting in engineering
      Health and Safety       effort to answer
      investigation           concessions
      conducted.


Rank  Cost                      Delivery




 1





 2


      Consumables require
      change or adjustment      Downtime up to 15
 3    before an 'Out of         minutes
      Tolerance' condition
      occurs.
 4    Low level of              Downtime of 15-30
      maintenance required.     minutes.
      Intermediate reactive     Downtime of 30-60
 5    maintenance/repair        minutes.
      required.



      Intermediate reactive
                                Downtime of 60-120
 6    maintenance / repair
      required.                 minutes



      Equipment supplier
      informed. Intermediate    Downtime >4 hours.
 7    reactive maintenance /    Potential for late
      repair required.          delivery.


      Intensive reactive
      maintenance / repair
      required. Minor detail    Downtime >8 hours.
 8    parts scrapped.           Delivery schedule
      Equipment supplier        impacted, customer
      informed and site         notified.
      attendance required.


      Major parts scrapped.     Downtime >24
      Equipment supplier        hours. Delivery
 9    informed, site            schedule impacted;
      attendance required and   customer processes
      equipment overhaul        impacted.
      required.


                                Downtime >72
      FTE scrapped /            hours. Delivery
      dismantled. Equipment     schedule impacted;
10    supplier informed, major  customer processes
      equipment overhaul        majorly impacted
      required.                 resulting in slip in
                                program.


Rank  People




 1





 2




 3


 4    Team Leader notified.
      Local management
      notified of
 5    inconvenience. Local
      training invoked - single
      employee.
      Local management and
      relevant functions
      notified of

 6    inconvenience. Local
      recovery plan enabled.
      Local training invoked -
      Cell team
      Recovery plan required.
      Local management
      report into senior
 7    Management. Kaizen
      event enabled. Staff
      retrained - work
      instructions addressed.

      Recovery plan required.
      Senior management
 8    notified immediately.
      Kaizen event enabled,
      Staff retrained - work
      instructions addressed.

      Recovery plan required.
      VP and senior
      management notified
 9    immediately. Kaizen
      event enabled. Staff
      retrained - work
      instructions addressed.


      Recovery plan required.
      VP and Senior
      management and
10    relevant functions
      notified. Kaizen event
      enabled. Staff retrained -
      work instructions
      addressed.

Table 10.0. Enhanced PFMEA Process Probability Criteria

Enhanced PFMEA Process Probability Criteria

Rank  Criteria

 1    Almost never. History shows no failures.
 2    Remote. Rare number of failures likely.
 3    Very slight, very few failures likely. Could happen.
 4    Slight, few failures likely. Hasn't yet happened but is a
      concern.
 5    Low, Occasional failures likely. May have happened once or twice.
 6    Medium risk, failures likely. May have happened a few times.
 7    Moderately high number of failures likely. History shows this
      has happened on occasion.
 8    High amount of failures likely, History shows this has happened
      many times.
 9    Very high number of failures likely, strong history of failures.
10    Failure certain, absolute history of failures evident.

Rank  Probability

 1    1/512
 2    1/256
 3    1/128
 4
      1/64
 5    1/32
 6    1/16
 7
      1/8
 8
      1/4
 9    1/2
10    1/1

Table 11.0. Enhanced PFMEA Process Detection Criteria

Enhanced PFMEA Process Detectability Criteria

Rank  Criteria


      Certain detection. Designed in controls will almost certainly
      detect the existence
 1    of a defect
      Very high detectability. Technology and or Quality controls in
      place. Highly
 2    successful history of detection. Machinery controls will prevent
      an imminent
      failure and isolate the cause.
      High detectability, machinery / technology controls will
      prevent an imminent
 3    failure, but possibly not the cause.
 4    Moderate to high detectability. Controlled through error
      proofing, proven highly
      effective.
 5    Moderate detectability. Controlled through adequate error
      proofing. Staff
      sustainably trained i.e. Specialist, refresher and 'new start1
      training in place.
      Moderate to low detectability. Reliance on trained staff for
      error proofing.
 6    Controls relayed through single training event. Defect readily
      identifiable,
      possibility remains of delivery with defect.
      Slight chance of detection. Reliance on skilled staff but
      untrained. Defect
 7    identifiable, likely delivery of product with defect. Control
      level decayed or not in
      place.
 8    Very slight chance of detection, defect not easily identifiable.
      Staff untrained and
      possibly not skilled. High probability of delivery with defect.
      No controls in place.
      Remote chance of detection. Staff not looking for defect even
      though the process
 9    demands it. Very high probability of delivery to customer with
      defect present.
      Zero level of control, also controls difficult to implement.
      Practically impossible to detect. No technique for detection
      available, none is
10    planned. Product will be delivered with defect. Defect is latent
      and would not
      appear during the process.

Rank  Automated  Gauging or  Operator
      Control    Tooling     Visual



 1    X


 2
      X



 3    X
 4
      X          X

 5
                 X




 6
                 X



 7
                 X           X

 8
                             X




 9
                             X



10
                             X


APPENDIX 2. COMPLETE FAULT TREE DIAGRAM

Table 1.0. Enhanced PFMEA Methodology

Enhanced PFMEA Meihodology Steps

 1  Process Steps (as derived from SAP and Systems Diagram)
 2  Functional requirement of ERP phase
 3  Associated failure modes of ERP phase
 4  Causes of failure or error
 5  A Quantitative Probability Value (P) is assigned based on the each
    cause identified
 6  Effects of failure or error of each failure mode
 7  Next level effects of the failure within system boundary
 8  A Quantitative Severity Value (S) is assigned based on the effects
    of
    each failure mode
 9  Controls: current or planned control to prevent failure from
    occurring
10  Control Owner: individual or team responsible for implementing the
    control
11  A Quantitative Detection Value (D) is assigned based on the
    detectability of the controls
12  The associated RPN [PSD] for each failure mode is then calculated
13  The Critical 11 (P+D or S+D [greater than or equal to] 11) is then
    derived
14  RPN Countermeasures: Based on requirements derived from detailed
    root
    cause analysis
15  A predicted intervention RPN value is then assigned against the
    countermeasures
16  Authoritative signature to commence with countermeasure
    implementation
17  New RPN post problem resolution

Table 2.0. Summary of RPN Data

Summary of RPN Data for Integration Fixture

Total number of manufacturing phases for the
Integration Fixture                            45
Total Number of Failure modes elicited        186
Associated number of Causes and Effects
for all Failure Modes                         400
Total number of Causes and Effects for
Failure Modes with RPN's > 100                316
Maximum RPN                                   720
Minimum RPN                                    32
Mean RPN                                      195
+/-1 STDEV (P) of RPN                         130.9
Coefficient of Variance                        67.1%

Table 3.0. Outlining the Failure modes and RPNfm from Phase 450

Failure Modes for                   Cum.   Cum.   Corr.  Actual
                                                         [RPN.sub.fm]
Phase 450             [RPN.sub.fm]  % age  Sum    Req't  (Post
                                                  No.    Improvement)

Unstable Ref Points      1356       31.6    31.6    1    136
Undefined Process         840       19.6    51.2    2     25
Line of sight to ref
points                    600       14.0    65.2    2     30
Undefined Processes       560       13.1    78.3    2     25
Cone drives               320        7.5    85.7    3    210
unreferenced
Metrology team
unavailable               304        7.1    92.8    4    132
Personnel injury          180        4.2    97.0    5      6
FOD on cones              128        3.0   100.0    6    112
[RPN.sub.phase]          4288                            676
RPN %age Risk
Reduction                                                -84.2

Table 4.0. Showing the Problem and solution domains for the
requirements elicited:

Corr   Problem Domain
Req't
No.    (Functional Requirements)


       System capability must enable
1a     alignment to be completed within
       process i.e. all 3 jigs loaded together
       Station must contain a sufficient
1b     quantity of points on stable locations,
       plus a clear line of sight to all

       Station must have fixed and
2a     permanent locations for trackers i.e.
       on stable platform floor



       The jig positions must be within
2b     alignment tolerances on loading into
       integration cell
2c     Alignment Process must be clearly
       defined and documented


       System capability must enable
3      alignment to be completed within
       defined 'Cycle Time'
       Metrology operators must be capable
4      of completing alignment process
       without tooling engineer support
5      H & S Risk to personnel must be
       reduced to an acceptable level
       Cones must be free from FOD prior
6      to load & alignment operations


Corr   Solution Domain
Req't
No.    (Problem Resolution)

       Permanent laser tracker positions
       to be located inside station on
1a     stable platform to enable multi-jig
       loading
       Additional reference points shall
1b     be located inside station on stable
       platform floor
       Develop and Implement a station
       specific operator preventative
2a     maintenance checklist, for
       completion prior to integration
       operations. Certifiable phase
       within SAP planning for control
       A preventative maintenance
       schedule shall be written to
2b     include a check for wear and tear
       on physical parts and position
2c

       Standard operations: create
       certifiable planning aids that fully
       define the process
3

       Construct and implement
4      certified metrology operator
       training schedule
5      Station re-tailored to ensure
       operators no longer work at height
       Enhanced FOD protection for
6      hardware e.g. flip covers for ERS
       points

Table 5.0. Showing the Prior and post improvement cycle times

Step     Jig Type         Previous
                          Cycle     Time   New   Cycle Time  (Hrs)
                          (Hrs)
                    Best  Average   Worst  Best  Average     Worst
Laser
Track    Fixture    0.5   0.75       1.5   0.5   0.75        0.75
Station
         Inner Jig  0.33  0.5        2
Load     Mid Jig
Jigs                0.33  0.5        2     0.6   0.75        2.00
         Outer Jig  0.33  0.5        2
         Inner Jig  1     1.5        4
Align
Jigs     Mid Jig    1.5   2.25       4     2.0   2.5         3.75
         Outer Jig  1.5   2.25       4
Sum
Cycle
Time:               5.5   8.3       19.5   3.1   4.0         6.5

Table 6.0. Outlining the Failure modes, RPNFM and Predicted RPNFM
values
for Phase 650

Failure Modes for Phase 650     [RPN.sub.FM]  Cum    Cum   Pred.
                                              %
                                              age    Sum   [RPN.sub.FM]

Non conf scan data                   1085     19.7   19.7      678
Scanner picks incorrect mode          819     14.9   34.6      240
Scanner fails to pick up              784     14.2   48.8      348
Scanner fails to warm up              630     11.4   60.2      160
Scanner fails to calibrate (*)        600     10.9   71.1      301
Arm adjustment nut overtight          480      8.7   79.8      224
Scanning software crashes             355      6.4   86.3      220
Delayed of scan data                  240      4.4   90.6      240
Reference template o'written          210      3.8   94.5       84
Gaps OoT in data                      140      2.5   97.0       60
Comms error: scan to robot            105      1.9   98.9      105
Scanner fails to pick up               60      1.1  100.0       60
[RPN.sub.phase]                      5508                     2720
Predicted RPN %age Risk
Reduction                             -50.6

(*) Used in FTA Example Provided

Table 7.0. Summary of the PFMEA for Failure Mode 'Scanner Fails to
Calibrate'

                                                        Corr.
Failure    Causes         P  Effects        s  Ctrl  D  Req't  RPN
Mode                                                    No     CE

           Inconsistent      Await
           lighting       5  onsite         7  -     5  1      175
           level             support
           Calibration       Await
           program        4  onsite         7  -     7  2      1%
           failure           support
Scanner    Software          Await
fails      issue          4  onsite         6  -     5  3      120
to                           support
calibrate  Scanner not
           returned -     3  H'sband        3  -     6  4      54
           FOD
           Calibration       Await
           plate shifted  1  onsite         5  -     5  -      25
                             support
           Calibration       Await
           plate          1  onsite         6  -     5  -      30
           damaged           support
                             [RPN.sub.FM:]

Table 8.0. Summary of requirements generated from the findings of&&
the FTA conducted.

   Problem Domain
   (Functional Requirements)

   The lighting system shall be
   controlled such that sudden changes
   in lighting level cannot occur during
   a scan calibration
1  Provision shall be made to ensure
   external lighting conditions do not
   change that would otherwise exceed
   the tolerance limits of the software
   During calibration, the software
2  shall show diagnostics to inform the
   user of the nature of the fault
   The software shall show diagnostics
3  to inform the user of the nature of
   the fault


   A time frame shall be developed
   and applied for a maximum duration
4  that the scanner can be exposed for
   when not in use



   Solution Domain
   (Problem Resolution)


   Auto lighting system to be overwritten
   to ensure lighting remains stable
   throughout scanner calibration
1
   Ceiling Windows shall be permanently
   covered

   A procedure for local system recovery
2  shall be developed

   A procedure shall be constructed for
3  contacting the correct supplier to deal
   with the fault
   An addition to the software shall be
   made to highlight/raise alarms when
   the scanner has been out of use for a
   period >4 hours
4  Further work Instructions and training
   shall be provided to ensure the scanner
   head is suitably stowed after the
   maximum duration
COPYRIGHT 2016 SAE International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2016 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Winter, Darren; Ashton-Rickardt, Paul; Ward, Carwyn; Gibbons, Paul; Mcmahon, Chris; Potter, Kevin
Publication:SAE International Journal of Materials and Manufacturing
Date:Jan 1, 2016
Words:10722
Previous Article:Reconfigurable assembly system design methodology: A wing assembly case study.
Next Article:New tracking technology enables robots to carry out new tasks on composite parts and its molds.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters