FMEA
Failure Mode & Effects Analysis Inductive · bottom-up
MIL-STD-1629A · IEC 60812 · SAE J1739 / AIAG-VDA · ARP 4761

FMEA systematically asks of every component or function: how can this fail, what happens if it does, and how would we know? Each candidate failure mode is described, its local and end effects traced through the system, its causes hypothesised, and its risk ranked — typically by Severity × Occurrence × Detection (the Risk Priority Number, or RPN) — so that limited engineering effort can be directed to the failures that matter most.

Overview of the technique

FMEA originated in US Department of Defense reliability practice (MIL-P-1629, 1949; MIL-STD-1629A, 1980) and was adopted by NASA for Apollo and by the automotive industry through Ford in the 1970s. It has since matured into several variants: System FMEA (architecture and interfaces), Design FMEA (DFMEA) (component design), Process FMEA (PFMEA) (manufacturing or service processes), and FMECA, which adds an explicit Criticality analysis. International standardisation is provided by IEC 60812:2018; the automotive sector now uses the harmonised AIAG-VDA 2019 handbook with its Action-Priority (AP) replacement for the older RPN.

The method is inductive and bottom-up: it starts from the lowest level of indenture in the system breakdown and propagates failure effects upward through the functional hierarchy. A typical worksheet records, per item: function · failure mode · failure cause · local effect · system effect · current controls (preventive and detective) · severity (S) · occurrence (O) · detection (D) · risk index · recommended action · responsibility · status. In aviation it is the workhorse of ARP 4761 alongside FHA, FTA and CCA, and is mandatory for type certification of complex hardware.

FMEA worksheet — bottom-up trace from item to system effect, with risk ranking Item / function e.g. Pitot heat element Function: prevent ice in pitot tube Failure mode Element open-circuit Cause: filament fatigue + moisture ingress Effects Local: no pitot heat System: erroneous IAS End: UAS / loss of control RPN / AP S × O × D → rank → action Severity (S) Occurrence (O) Detection (D) Action priority 1 minor → 10 catastrophic 1 unlikely → 10 inevitable 1 certain catch → 10 hidden High · Medium · Low
Figure 1. The FMEA worksheet trace: every failure mode is propagated to local, system and end effects, then ranked by severity, occurrence and detection.

When to use it

Typical applications

  • Component reliability and design margin assessment
  • Manufacturing process control plan development
  • Maintenance task selection (RCM and MSG-3)
  • Change-impact analysis on existing systems
  • Service-design FMEAs for ground operations and dispatch

Aviation relevance

  • Required by ARP 4761 for civil aircraft safety assessment
  • Underpins MSG-3 maintenance scheduling logic
  • Used in EWIS (electrical wiring) and component certification
  • FMEA worksheets feed FTAs and Common Cause Analysis
  • Process FMEA used in MRO and Part-21 production approvals

Benefits

Comprehensive coverage

The bottom-up search forces analysts to consider every component or process step, surfacing failure modes that top-down hazard thinking can overlook.

Shared engineering language

The standard worksheet is universally understood by design, manufacturing, certification, MRO and supplier organisations — making FMEA effective at organisational seams.

Drives action

Risk ranking (RPN or Action-Priority) translates an inventory of failure modes into a prioritised work list with named owners — closing the loop into design changes and procedure updates.

Reusable knowledge

Mature FMEAs become living documents: lessons-learned databases and supplier qualification artefacts that compound in value over a programme's lifetime.

Limitations

Single failures only

Classical FMEA assumes independent single failures; combinations, common-cause failures and human contributions are weakly handled and need FTA, CCA or HRA companions.

RPN math is fragile

S, O and D are ordinal scales; multiplying them is mathematically dubious and produces non-monotonic rankings — Cox (2008) and the AIAG-VDA Action-Priority replacement both critique this.

Resource intensive

A useful FMEA on a complex system is a multi-week, multi-discipline workshop effort; under time pressure it can degenerate into a tick-box exercise that misses the most subtle failure modes.

Bounded imagination

Identifies only failure modes the team can imagine; novel emergent behaviours, software faults, and integration-level interactions need systems-level methods (STAMP/STPA) to complement FMEA.

In short

FMEA is the disciplined bottom-up walk through every failure mode of every part, with risk-ranked actions. It is a workhorse of certification and reliability engineering — but it needs FTA, CCA, HRA and systems-level methods to cover what single-failure searches miss.

References (APA 7)

International Electrotechnical Commission. (2018). Failure modes and effects analysis (FMEA and FMECA) (IEC 60812:2018). IEC.

Society of Automotive Engineers. (2010). Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment (ARP 4761A). SAE International.

Automotive Industry Action Group & Verband der Automobilindustrie. (2019). FMEA handbook: Design FMEA and process FMEA, FMEA-MSR (1st ed.). AIAG & VDA.

U.S. Department of Defense. (1980). Procedures for performing a failure mode, effects and criticality analysis (MIL-STD-1629A). DoD.

Stamatis, D. H. (2003). Failure mode and effect analysis: FMEA from theory to execution (2nd ed.). ASQ Quality Press.

Cox, L. A. (2008). What's wrong with risk matrices? Risk Analysis, 28(2), 497–512.

Further reading

Bowles, J. B. (2003). An assessment of RPN prioritization in a failure modes effects and criticality analysis. Annual Reliability and Maintainability Symposium, 380–386.

Liu, H.-C., Liu, L., & Liu, N. (2013). Risk evaluation approaches in FMEA: A literature review. Expert Systems with Applications, 40(2), 828–838.

NASA. (2007). NASA system safety handbook (NASA/SP-2010-580).

Air Transport Association. (2018). MSG-3: Operator/manufacturer scheduled maintenance development. ATA.