Systems Engineering & Voice of the Customer
US Automotive RecallsVehicle Sold
(Millions) Vehicles Recalled
2011 2012 2013 2011 2012 2013
Toyota 1.6 1.7 2.2 219% 312% 241%
Honda 1.2 1.4 1.5 325% 243% 187%
BMW 0.2 0.3 0.3 150% 200% 300%
Hyundai 1.1 1.3 1.3 109% 138% 169%
Chrysler 1.4 1.4 1.8 57% 76% 261%
Ford 2.1 2.2 2.5 157% 64% 48%
Nissan 1.0 1.0 0.9 30% 100% 133%
GM 2.5 2.6 2.8 68% 58% 54%
Slide 2
System understanding
HoQ1→Boundary→HoQ2→P-diagram→DFMEA→PFMEA→SCIF→Control plan
HoQ1→Boundary→HoQ2→P-diagram→DFMEA→PFMEA→SCIF→Control plan
HoQ1→Boundary→HoQ2→P-diagram→DFMEA→PFMEA→SCIF→Control plan
HoQ1→Boundary→HoQ2→P-diagram→DFMEA→PFMEA→SCIF→Control plan
System validation plan
System verification plan
Sub-system verification plan
Component verification plan
Time line
System
Sub-system
Component
System
Sub-system
Requirements Flow Down Example
We Must Know the Mathematical Relationship to Flow Down Requirements• What are the options if the engineering is not
known?• Safety factor
• Pass responsibility to customer
• Refuse the business
• Increase price to compensate for the additional risk
• Use experiments to create empirical models
• Basic research
Never accept a known risk for safety or compliance with government regulations
Slide 6
Relationships
Boundarydiagram
Parameter diagram
DesignFMEA
R&Rmatrix
HoQ #1
ProcessFMEA
Critical characteristicsidentificationform
Manufacturingcontrol plan
Field performance
Project goals Knowledge storage & re-use is
critical
Our Influence Over Risk
Start
up
RISK MANAGEMENT PROCESS
(APQP)
ABILITY TOINFLUENCE RISK
Design &
Develop
Product
Design &
Develop
Process
Product &
Process
Validation
RISK
Start
up
RISK MANAGEMENT PROCESS
(APQP)
ABILITY TOINFLUENCE RISK
Design &
Develop
Product
Design &
Develop
Process
Product &
Process
Validation
RISK
TimeStart
up
RISK MANAGEMENT PROCESS
(APQP)
ABILITY TOINFLUENCE RISK
Design &
Develop
Product
Design &
Develop
Process
Product &
Process
Validation
RISK
Start
up
RISK MANAGEMENT PROCESS
(APQP)
ABILITY TOINFLUENCE RISK
Design &
Develop
Product
Design &
Develop
Process
Product &
Process
Validation
RISK
Time
DEFINE IT RIGHT
House of Quality (HoQ)• Features:
• Inputs from customer
• Measurable functional requirements to test against
• Targets and limits set by customer
• We will use rooms 1 and 3 to assist in creating the FMEA
• May be:• Used as an aid when completing a CSCM or
• Not used if the CSCM is sufficient in define customer needs
7
3
5
4
6
2
8
Direction of improvement
Calculated importance
Competitive comparison of
customer ratings
Conflicts
Correlations
Competitive benchmarks
Targetsand limits
Functional requirements
1
Cu
sto
me
r e
xp
ect
ati
on
s
Fast Car Example
91 3 9
Types of Requirements• Functional Requirements
• Define what functions need to be done to accomplish the mission objectives• Example
• The Thrust Vector Controller (TVC) shall provide vehicle control about the pitch and yaw axes.
• This statement describes a high level function that the TVC must perform.
• Statement has form of Actor – Action Verb – object acted on
• Performance Requirements (Specification)• Define how well the system needs to perform the functions• Example: The TVC shall gimbal the engine a maximum of 9 degrees, +/- 0.1 degree
• Constraints• Requirements that cannot be traded off with respect to cost, schedule or performance• Example: The TVC shall weigh less than 120 lbs.
• Interface Requirements• Example: The TVC shall interface with the J-2X per conditions specified in the CxP 72262
Ares I US J-2X Interface Control Document, Section 3.4.3.
• Environmental requirements• Example: The TVC shall use the vibroacoustic and shock [loads] defined in CxP 72169, Ares 1
Systems Vibroacoustic and Shock Environments Data Book in all design, analysis and testing activities.
• Other -illities requirement types including availability, reliability, maintainability, etc.
Attributes of Acceptable Requirements• A complete sentence with a single “shall” per numbered
statement
• Characteristics for Each Requirement Statement:• Clear and consistent – readily understandable
• Correct – does not contain error of fact
• Feasible – can be satisfied within natural physical constraints, state of the art technologies, and other project constraints
• Flexibility – Not stated as to how it is to be satisfied
• Without ambiguity – only one interpretation
• Singular – One actor-verb-object requirement
• Verify – can be proved at the level of the architecture applicable
• Characteristics for pairs and sets of Requirement Statements: • Absence of redundancy – each requirement specified only once
• Consistency – terms used consistent
• Completeness – usable to form a set of “design-to” requirements
• Absence of conflicts – not in conflict with other requirements or itself
• Clarified with boundary and P-diagrams
• NASA Systems Engineering Handbook for Reference
Requirements Definitions Mistakes• Writing implementations (How) instead of
requirements (What)• Forces the design
• Implies the requirement is covered
• Using incorrect terms• Use “shall” for requirements
• Avoid• “support”
• “but not limited to”
• “etc”
• “and/or”
• Using incorrect sentence structure or bad grammar
• Writing unverifiable requirements• E.g., minimize, maximize, rapid, user-friendly, easy,
sufficient, adequate, quick
• Requirements only written for “first use”
Did any Changes or Improvements Have a Negative Impact on Another Function?
Potato Cannon Exercise• Customer wants to win the potato cannon contest
• Fire a potatoes into squares• Square are 20 meters long on each side
• Center of square is 150 meters away
150 meters
10 meters
Potato Cannon• How it works
• Potato is pushed into the sharpened barrel which cuts potato to size
• Hair spray (propane – C3H8) is added at the back end
• Spark creates explosion
• Demonstration
• Components• Loading rod
• Combustion Chamber, end cap, end cap connector and igniter
• Barrel & reducer
• Teams of 3 or 4
• Use “TBD” if exact valuescannot be determined
• Additional Links• Search for potato cannon fails
• Fire
Barrel
Combustion
Chamber
Igniter
Reducer
End Cap ConnectorEnd Cap
Igniter
Seal
Scoping and Definition of Responsibility• The customer needs a solution and is looking to SKF to deliver some functions
• To deliver the functions, we need clear definition of the functions, and detail regarding the conditions our product is expected to work under• The CSCM provides the function definitions
• The boundary diagram contains these functions and• the operating conditions
• responsibility for each component
Our Solution
System Part 1 System Part 2
System Part 3
Condition 1
Condition 2
Condition n
Function 1
Function 2
Function p
Las Vegas High Roller
Las Vegas High Roller• Multiple companies designing simultaneously
• Used the boundary diagram to:• Understand the tolerances of all interfaces
and non-interfacing parts that potentially impact the bearing
• Define loading• Wind loads• Seismic events
• Define bearing handling and installation
• This was challenging• Strengthened hub design• Changed spindle design• Given responsibility for installation procedure
and equipment design• Automatic lubrication • Automatic Condition monitoring
Las Vegas High Roller Boundary Diagram
Spindle
Tapered
sleeve
Housing
Grease
Support
Legs
Brace
Leg
CablesRim
Mounting
ringCabin
Drive
system
Spherical
roller
bearing
Inputs
•Loads (Cable, wind, passengers)
•Contamination (dust, water)Desired Outputs
•Fatigue life
•Wheel rotation
•Accommodate heat growth
Undesired Outputs
•Friction
•Vibration
Operating conditions analyzed:
– Service case 1
– Service case 2
– Service case 3
– Service case 4
DESIGN IT RIGHT
What Could Go Wrong?• Now the boundary of our solution is clearly defined, we should
question what could cause the functions not to be delivered.
• Our solution will work and be used in some uncontrolled
conditions. These external factors are called noise factors.
• The standards define 5 types of noise factors:
• Piece to piece variation (tolerance stack-ups)
• Degradation over time
• Environment
• Customer use and abuse
• System interaction
• Listing these potential noise factors is key, as these noise factor will
become the potential causes of failure.
Unintended Functions• Unintended Failures
• Electric car burns down garage (Alleged)
• “Toyota announced it was recalling 7.4 million vehicles to repair power-window switches that can break down and pose a fire risk”
• Sooner or later everything will fail• 100 year old car
• Modified car (Pimp my Ride)
• How is a car’s brake system designed to fail safe?
• The DFMEA should be used to• Anticipate failures and ensure failures are as benign as possible
• Limp home mode in a vehicle
• Assure no injuries
• Boeing considered encapsulating dreamliner batteries in fire proof container
• Explore and eliminate unintended failure modes
• Other unintended failures• Scully
• McDonnel Douglas
Foreseeable Use & Abuse
Potential Causes• Potential causes of failure are taken from the P-
diagram
• The engineer is NEVER the failure cause; examples• Wrong bolt plating specified
• Lower plating thickness is incorrect
• In identifying potential causes of failure, use concise descriptions of the specific causes of failures• Bolt plating allows rusting from exposure to humidity
• Potential cause of failure is defined as an indication of how the design or process could allow the failure to occur, described in terms of • Something that can be corrected or can be controlled
• Something remedial action can be aimed at
• Something that can be identified as a root cause
• The system allowed or even facilitated the failure cause – the system must be changed
Failure Modes• How can the function not be
delivered?
• There are 4 potential failure modes:• No function at all
• Intermittent function
• Degradation of performance
• Unintended function
Identification of Potentially Special Characteristics• Utilize two stages of special characteristics
• Potential• Confirmed
• Potential special characteristics are identified by• Design – as a rule-of-thumb 80% of all variation
• Cannon animation• Reservoir example
• ISO or other standard• Customer• Supplier
• Potential special characteristics are identified on the drawing and SCIF• Manufacturing (or the supplier) confirms if special controls are needed
for these characteristics based on capability (including special causes)• There is no set capability limit• Maintain flexibility based on severity and industry
• The SCIF records the confirmation decision and reasoning• The decision is reviewed as part of the ECM process
Solution Space for Projectile Distance• Solution 1
• Angle 70°± 1°
• Velocity 316.5 ± 1 ft/sec
• Solution 2
• Angle 70°± 0.8°
• Velocity 316.5 ± 2.5 ft/sec
• Solution 3
• Angle 45°± 1°
• Velocity 253.8± 6.2 ft/sec
• Solution 4
• Angle 45°± 2°
• Velocity 253.8± 6.0 ft/sec
• Solution 5
• Angle 45°± 5°
• Velocity 253.8± 4.5 ft/sec
2100 ft
1900 ft
2000 ft
Gearbox Example
Only one special
characteristic
Airbus Super Puma Crash• What items should be added to the
P-diagram?• Customer use & abuse (Dropped
gearbox)• This has been moved to the boundary
diagram
• Piece-to-piece (worst case roller & raceway profiles)
• What is the failure cause?• Worst case roller & raceway profiles &
max shock load
• The accident could have been prevented if there was a warning• Detection of a metal particle• Vibration
Video
Failure Effect• The effects should always be stated in terms of the
specific project, system, product or process analyzed
• Remember that a hierarchical relationship exists between the component, sub-system, and system levels. For example, a part could fracture, which may cause the assembly to vibrate, resulting in an intermittent system operation.
• Do not list effect beyond your area of responsibility
• Brake tube designer cannot have “No Brakes” as effect
• The effect is “Loss of Brake Pressure”
• State clearly if the failure mode could impact safety, non-compliance to regulations
Severity• Severity is defined as how serious the effects of a failure
would be should they occur
• It is important to realize that each failure mode may have more than one effect, and each effect can have a different level of severity
• It is the effect which is being rated and not the failure, therefore each effect should be assigned its own severity ranking
• A scaling system from 1 to 10 should be used, with 10 being reserved for the most severe failure modes
• You may have to defer to the customer• Build to print PFMEA with no access to DFMEA
Is the Product Designed Right?
• Green specifications – provide the customer’s functions
• Blue specifications – artificially tight providing a safety factor• Improperly built parts may deliver the customer’s functions
• Red specifications – the design is not correct• Properly produced parts will not always deliver the
customer’s functions
What Happens if You Drive Off with the Gas Pump Nozzle Still in the Car?
• This should be on the P-diagram• Customer use (and mis-use)
• What was the severity of this incident in 1950?
• What is the severity of this incident today?• The hose that attaches the nozzle to the gas pump is designed to break into two
pieces when a certain amount of force is applied to it
• Next time you’re at the gas station, check the hose for a metal coupling
• That’s the break-away point
• Once the hose is broken and you’re off on your merry way, check valves in the hose keep fuel from leaking out and creating a hazard
• Severity can only be improved by a design change• Failure mode designed out
• This is the design control
• It is important to keep this information in the DFMEA so future designs don’t repeat the mistake• Remove the coupling for cost save
• Remove check valves for cost save
What Happens if You Drive Off with the Gas Pump Nozzle Still in the Car?
Controls• There are two types of design controls to consider
• Prevention controls• Aim to eliminate or prevent the cause of the failure mechanism or the failure mode from
occurring
• Aim to reduce rate of occurrence
• The preferred approach is to use prevention controls• Gives a more robust product or process
• Initial occurrence rankings will be affected by the prevention controls
• Prevention controls• Predict performance based on scientific knowledge or
• Ensures performance based on historical experience
• Design out failure mode
• Examples of prevention controls• Fail-safe designs (if two wheel speed sensors disagree, the ABS system is disabled)
• Follow proven design and material standards (internal and external)
• Calculation & Simulation studies (computing the maximum deflection by computing deflection for every possible combination of tolerances)
• Use of components proven under less stressful conditions
• Error-proofing (using non-symmetrical parts to make it impossible to install a component backwards)
Controls• Detection controls
• Aims to identify the existence of a cause that results in a mechanism of failure
• The detection ranking is associated with the best detection control listed in the current design control detection column
• Should include identification of those activities which detect the failure mode as well as those that detect the cause, and could include:• Prototype testing
• Validation testing
• Design of experiments including reliability testing
• Mock-up using similar parts
• A suggested approach to current design control detection is to assume the failure has occurred and then assess the capabilities of the current design controls to detect this failure mode
• Warning • Often the detection method is assumed to be good because no parts with
the failure mode have passed through the detection method
How Much Confidence Do You Have?• Compare this to a design change, or
a choice between two materials• Is George Bush equivalent to the
university player?
• They are both one-for-one (the same performance)
• What should be considered for a DV test• Choose parts and loads that target the
highest risk areas• Minimum thickness
• Highest wavieness
• Maximum preload
• Highest load, etc
Occurrence Rating
• The occurrence ranking is solely a function of prevention controls
• No prevention control gives a ranking of 10
• Ranking of 1• DFMEA: perfect knowledge of engineering with calculations at worst
case
• PFMEA: perfect error proofing or PPM less than 1
• This forces a separation of the prevention and detection controls and strengthens the thinking of prevention over detection
• Ideally, prevention=1 and detection=10
• Weaker prevention mandates stronger detection
Detection Rating• The detection rating is determined by how well a test
can discover the failure mode or effect
• The rating is dependent on:• The correlation of the test to real world conditions
• The parts tested• If parts built very close to nominal are tested, the detection test
provides little value
• The best test utilizes parts built close to the worst case condition that aggravates the failure mode or effected targeted
Priorities• Severity is the primary driver
• Action Priority (AP)• Low, Medium or high based on a combination of severity, occurrence
and detection
• Risk Priority Number (RPN) • This is calculated by multiplying the 3 rankings recorded for severity,
occurrence and detectionRPN = Severity (S) * Occurrence (O) * Detection (D)
• RPN can range between 1 and 1000
• The use of an RPN threshold is NOT a recommended practice for determining the need for actions• Establishing such thresholds may promote wrong behavior (trying to justify
a lower occurrence or detection ranking value to reduce the RPN)
• This type of behavior avoids addressing the real problem that underlies the cause of the failure mode and merely keeps the RPN below the threshold
• IF customers require actions based on thresholds, we shall follow the customer requirements
AP
Recommended Actions
• The intent of recommended actions is to improve the design
• Identifying these actions should consider reducing rankings in the following order:• Severity
• Occurrence
• Detection
• Be sure to include any actions that may be the responsibility of the customer
• Never list a recommended action without a completion date and responsibility for actions related to safety or adherence to government regulation
Robust Design ExampleCost was
reduced by
32% while
the process
capability
was
increased by
132%
BUILD IT RIGHT
The Transition from the DFMEA to the PFMEA• The drawing has so many characteristics … how do I control them all?
• When creating the DFMEA, the characteristics with the biggest impact and severity on the functions to be delivered were identified as potentially special characteristics
• Other characteristics must also be controlled, but the consequences of the non-special characteristics does not warrant the level of oversight that must be taken with special characteristics
• Special characteristics are only potential at the design phase; manufacturing may have error proofing or outstanding capability, that eliminates any need for special controls
The Transition from the DFMEA to the PFMEA
• The Special Characteristics Information Form (SCIF) lists all the potentially special characteristics from the DFMEA, eliminating the possibility of overlooking a potentially special characteristic
• The SCIF also records the origin of the characteristic• Was the characteristic determined from an engineering calculation?
• Was the characteristic flowed down by our customer?
• Was the characteristic flowed up by a supplier?
• Is the characteristic required by a standard?
• The SCIF also records why each characteristic was confirmed or not, and what controls are in place for those characteristics confirmed
Transition to the PFMEA with the SCIF• Forms the bridge from the DFMEA to the PFMEA
• Prevents Special Characteristics from being misses
Internal
PFMEA• What do we have now :
• The specifications for all characteristics
• Potentially special
• Not potentially special
• Now we have to determine how to build the product to specification
• We have the requirements for the final part
• What are the requirements for the intermediate steps?
• What are the requirements for purchased material?
• How do we ensure purchased material conforms to our specifications?
Product Flow
• Just like functions are flowed down from the end customer to sub-systems and eventually components, the manufacturing characteristics needed to deliver these functions are flowed back from the final assembly to previous manufacturing steps and eventually purchased materials
• The inputs for each step are the required outputs for the previous step
What Could Go Wrong?• Now the boundary for each manufacturing step is clearly defined, we should question what could
cause the characteristics not to be achieved.
• There are only 4 potential failure modes:• No characteristic (part not hardened)• Characteristic not achieved for the entire part (roughness is OK for 90% of the raceway, but
not the remaining 10%)• Degradation of performance (part is hardened, but not to specification)• Unintended function (part is scratched)
• There is variability in manufacturing. This variability is defined by noise factors.
• The standards define 5 types of noise factors:• Man• Machine• Material• Measurement• Environment
• Listing these potential noise factors is key, as these noise factor will become the potential causes of failure.
People are not the Problem• The system is always at fault
• Do not blame the operator
• Do not blame the engineer
• Root cause is found by determining how the system allowed a defect to be created and escape
• Example• The label is placed in an incorrect position on a box
• 8D corrective action – the operator was sent to training
• Noooooooooooooo!
• Why did the system allow the operator to incorrectly place the label?• No orientating fixture?
• Poor light?
• What can be done to prevent an operator from locating the label incorrectly?
What Happens if the Characteristics are not Delivered
• If a special characteristic is produced outside the green specification, it does not matter if design determined the specification wrong, or if the part was produced wrong, the result is the same
• This must be reflected in the PFMEA; the severity and the effect in the PFMEA must be the same as in the DFMEA
• The PFMEA also includes an internal severity ranking• Is there a possibility of injury?
• What is the severity of finding a defect at the final production step as opposed to immediately detecting the defect?
DFMEA & PFMEA
• If the failure mode, severity or effect is updated in the DFMEA, the PFMEA must also be updated
Can we Build the Part to Specification
• How strong is our manufacturing knowledge?• Can I predict the process outputs from inputs
(machine settings)?
• Is my SOP reliable given the input conditions specified on the boundary diagram?
• Are error proofing methods in use, and how effective are they?
• This ability to predict function performance provides a probability of the failure to produce the part to specification, and is assessed with the Occurrence rating
Why Occurrence Does Not Come From Defect Data
• Green specifications – provide the customer’s functions
• Blue specifications – artificially tight providing a safety factor• Improperly built parts may deliver the customer’s
functions
• Red specifications – the design is not correct• Properly produced parts will not always deliver the
customer’s functions
• Case 1• Red specifications, but Cpk
is very good, and all production is within the blue lines
• DFMEA occurrence should be high, and PFMEA Occurrence should be low
• Case 2• Blue specifications, and
Cpk is poor resulting production between Green and Blue
• DFMEA occurrence should be low, and PFMEA Occurrence should be high
Can We Build the Part to Specification?
• How strong is our assessment program?• Are all characteristics measured?
• Are characteristics measures at a rate of 100% of sampled?
• How much measurement error is present?
• Has gage R&r been removed from the specifications?
• How often are known good and known bad parts measured?
• Are statistical process control or trend charts used?
• This ability to measure characteristics provides a probability of our ability to detect the failure of our manufacturing process to deliver the required characteristics, and is assessed with the Detectionrating
Purchased Material
• Receiving is a process
• What are the requirements?
• What are the controls?• Prevention
• Supplier certification
• Supplier audits
• Require supplier to send data with each shipment
• Electronic access to supplier data
• Detection• Incoming inspection
Manufacturing Control Plan• The controls in the PFMEA become the Manufacturing Control Plan• Additional information in the control plan
• Measurement assurance activities• Reaction plans
• Following the Manufacturing Control Plan does not ensure zero defects• The occurrence and detection rankings determine the effectiveness of
the manufacturing controls• The effectiveness of the manufacturing controls combined with the
severity ranking highlights internal and external quality risks• Highlighting these risks is a key part of business and technical gate
reviews• The recommended actions portion of the PFMEA provides options for
mitigating these risks
What do I Verify & Validate?
Slide 63
Pool is 50 metres long
500 metres
System boundary diagram
Slide 64
AngleMechanism
VelocityMechanism
Support
Barrel
Distance(475 – 525 m)
Angle43o – 47o
Velocity (m/s)75.5 – 79.2
GravitationalAcceleration(m/sec2)9.81 – 9.82
Sound(100 – 120 dB)
Height(> 90 m)
SoundMechanism
Pool
Side ShowBob
( ) g
2sinvd
2θ
=( )2g
sinvh
22θ
=
Velocity mechanism boundary diagram
Slide 65
SupportInner Barrel
Wall
Spring Constant
Weight
FrictionCoefficient
DistanceCompressed
v = f(spring constant,friction coefficient,weight, distancecompressed)
Rollers Plunger Spring
CompressionLever
CompressionGauge
Side ShowBob
Velocity (m/s)75.5 – 79.2
Spring boundary diagram
Slide 66
Spring Constant
Wire Diameter
Free Length
Number of Active Windings
Young’s Modulus
Force =f(Young’s modulus, wire diameter, free length, number of active windings, Poisson ratio, outer diameter)
Poisson Ratio
Outer Diameter
System P-diagram
Slide 67
AngleMechanism
VelocityMechanism
Support
Barrel
Distance(475 – 525 m)
Angle43o – 47o
Velocity (m/s)75.5 – 79.2
GravitationalAcceleration(m/sec2)9.81 – 9.82
Sound(100 – 120 dB)
Height(> 90 m)
SoundMechanism
Pool
Side ShowBob
Noise1.Piece to Piece
– Angle– Velocity– Gravitational Acceleration
2.Degradation– Barrel surface finish– Velocity– Angle variability
3.Environment– Temperature impact on velocity– Temperature impact on barrel flex– Elevation impact on g– Latitude impact on g– Contaminants
▪ Dust▪ Food▪ Spider webs▪ Water▪ Ice▪ Snow▪ Lightening
4.Customer Use– Is it moved (vibration)– Frequency of use
▪ Launched warm▪ Launched cold
5.System Interaction– Slope between pool & cannon– Stiffness of support (angle)
Velocity mechanism P-diagram
Slide 68
SupportInner Barrel
Wall
Spring Constant
Weight
FrictionCoefficient
DistanceCompressed
v = f(spring constant,friction coefficient,weight, distancecompressed)
Rollers Plunger Spring
CompressionLever
CompressionGauge
Side ShowBob
Velocity (m/s)75.5 – 79.2
Noise1.Piece to Piece
– Spring Constant– Weight– Friction Coefficient– Distance Compressed
2.Degradation– Spring Constant
3.Environment– Temperature impact on spring– Temperature impact on friction– Contaminants
▪ Dust▪ Food▪ Spider webs▪ Water▪ Ice▪ Snow▪ Wasp nest
4.Customer Use– Frequency of use
▪ Launched warm▪ Launched cold
5.System Interaction– Barrel & rollers– Weight– Support firmness (Recoil)– Barrel surface finish– Barrel surface contamination– Barrel damage
P-diagram feeds DFMEA
Slide 69
Potential
Failure Mode and Effects Analysis
( Design FMEA )
_X_ System Design Responsibility:
___ Subsystem
___ Component Key Date:
Manufactured/Assembled at plant using proven processes FMEA REVISION DATE
System Description: Mechanism to launch SideShow Bob into Pool
Core Team:
Item
/ Function
Potential Failure
Mode
Potential
Effects(s) of
Failure
Se
ve
rity
Cla
ss
Potential
Cause(s) /
Mechanism(s)
of Failure
Oc
cu
rre
nc
e
Current
Design
Controls
De
tec
tio
n
RP
N
Recommended
Action(s)
Distance of 1900-2100
ft
Distance less than
1900 ft
Injury to SideShow
Bob
10 YC Excessive gravitational
acceleration
2 Calculation 10 200 1. Add tolerances for
gravitational acceleration. 2.
Include spreadsheet with
gravitational acceleration as
function of latitude and
elevation. 3. Include warning
label that latitude and elevation
effect distance.
10 YC Cannon and pool not at
same elevation
4 None 10 400 Provide equation to adjust
distance as a function of the
elevation difference
10 YC Broken support 1 1. FEA 2. Fatigue test 1 10 None
You may need to includesub-system DFMEA info
Slide 70
_X_ Subsystem
___ Component Key Date:
Manufactured/Assembled at plant using proven processes FMEA REVISION DATE
System Description: Mechanism to provide velocity for SideShow Bob launcher
Core Team:
Item
/ Function
Potential Failure
Mode
Potential
Effects(s) of
Failure
Se
ve
rity
Cla
ss
Potential
Cause(s) /
Mechanism(s)
of Failure
Oc
cu
rre
nc
e
Current
Design
Controls
De
tec
tio
n
RP
N
Recommended
Action(s)
Velocity of 247.8 –
259.8 ft/sec
Velocity less than
247.8 ft/sec
Injury to SideShow
Bob
10 YC Spring constant
degraded
8 Spring durability test 7 560 None
10 YC SideShow Bob too heavy 10 Calculation 10 1000 1. Add tolerances for
SideShow Bob’s weight. 2.
Design for high weight target
so SideShow Bob can add
weight belt to adjust
10 YC Barrel damage increases
frictional force
10 None 10 1000 1. Create a test with various
levels of barrel degredation
and damage to allow friction to
be determined. 2. Include
tolerance for friction between
rollers and barrel.
