RAPAT® for Excel 365
Technical Risks (FMECA) Help Sheet

Overview

A Failure Modes, Effects and Criticality Assessment (FMECA) is a requirement for some applications and should also be considered for novel technology, complex devices or safety critical applications. Although some FMECA columns can be populated by the technology developer, best practice recommends workshop input/review to capture relevant technology and user expertise as part of understanding the risk and appropriate mitigation - including facilitation by an experienced FMECA practitioner.

Dashboard

Provides an at-a-glance overview of the risks identified on the sheet which highlights the total number of risks and identifies the number of risks at each criticality and risk mitigation level. The dashboard will dynamically update as the sheet content is changed.

FMECA (Failure Mode, Effects and Criticality Analysis)

This is where risks are identified, described, and evaluated. Each row represents one failure mode. The current status of each risk will be reflected in the dashboard.

FMECA Risk Matrix

The risk matrix for the FMECA sheet is located on a separate sheet, to allow for easier navigation between the two rather than scrolling up and down the same page. The generic 5 x 5 risk matrix provides an assessment of risk. This includes 5 columns which define the consequence severity levels. Generic example business, user, and technology consequences are provided for the example severity levels (negligible, noticeable, significant, major, and catastrophic). These example definitions may be modified to align with the device / equipment application and any required industry regulations / codes / standards.

The risk matrix includes 5 rows which define the likelihood of the risk occurring. Two generic example likelihood scales are provided, one based on the number of uses and the other on time periods. These definitions should be modified as required to align with the device / equipment application and any required industry regulations / codes / standards. It is important that time / use scales appropriately reflect the user application; definitions for a device used several times a day may need to be different to those for a device used once a month / year, or for a disposable device which is only used once.

The risk criticality matrix includes 5 default risk criticality levels (very low, low, medium, high, very high) with the risk criticality level for a specific risk likelihood and consequence severity combination determined from the corresponding cell colour on the risk matrix (i.e. red cells correspond to very high criticality).

Risk Management Process

There are a series of steps involved in the process of identifying and evaluating risks:

Risk Identification

The 'Requirements' worksheet identifies the functions and requirements for the device / equipment. For each component, list the relevant requirement / performance targets and the associated failure mode(s). For each failure mode, identify the failure mechanisms (the underlying physical / chemical process leading to the failure event) and the underlying causes initiating this. These could include design or manufacturing errors (e.g. incorrect material specification), damage during transit or incorrect use, storage, testing or maintenance by users, etc. Each row is automatically given a unique reference number for traceability.

Risk Criticality Assessment

The risk matrix likelihood and severity values are used to evaluate each risk. The 'Risk Criticality' will be automatically populated from these values, based on the corresponding risk matrix cell. Note any assumptions made in assessing the level of risk.

Risk Management

Identify what can be done to mitigate and control the risk - this is particularly important for high / very high criticality risks. Examples include use of alternative materials / parts, manufacturing quality control checks, improved product labelling, instructions, and user training. The mitigated risk criticality column is used to understand the effectiveness of the mitigation action; consider the extent to which the mitigation action has reduced risk likelihood or the consequence severity, and from this, identify the mitigated risk criticality using the dropdown list. It is unusual for both the likelihood and the consequence severity to be reduced.

Each mitigation action should be assigned an owner, who has responsibility for ensuring the action is implemented, and a target completion date. The status column reflects the current status of the action.

Using the Worksheet

There are various interactive and dynamic features on this worksheet:

Sheet-wide / cross-sheet features

• Completion Status: Indicates progress towards sheet completion. The value provided from the dropdown will update the 'Navigation' page accordingly.
• Add Row(s): Rows can be added to the FMECA table, allowing an unrestricted overview of identified risks. This functionality can be accessed by right-clicking a cell in the FMECA table and selecting 'Add Row(s)' from the 'RAPAT' option in the context menu. If the currently selected cell is in the final row of the table, a dialog box will appear where the number of new rows to be added to the bottom of the table can be defined. If the currently selected cell is elsewhere in the table, a single row will automatically be inserted beneath the current cell. Reference numbers, formatting, and functionality will be automatically applied.
• Delete Row(s): Rows can be removed from the FMECA table, to a minimum of one remaining row. This functionality can be accessed by right-clicking a cell in the FMECA table and selecting 'Delete Row(s)' from the 'RAPAT' option in the context menu. If this action is applied while multiple rows are selected, all of the selected rows will be deleted.

Table features

• FMECA Table
  • Likelihood / Consequence Severity: Select an option from the dropdown menu. These options are defined in the risk matrix and will contribute to the evaluation of the risk criticality. If both 'Likelihood' and 'Consequence Severity' have been defined for an identified risk, 'Risk Criticality' will be automatically populated and colour-coded. The dashboard's 'Initial Risks' row will also be updated.
  • Mitigated Likelihood / Mitigated Consequence Severity: Select an option from the dropdown menu which best reflects the status of the risk after applying a mitigating action. These options are defined in the risk matrix and will contribute to the evaluation of the mitigated risk criticality. If both 'Mitigated Likelihood' and 'Mitigated Consequence Severity' have been defined for an identified risk, 'Mitigated Risk Criticality' will be automatically populated and colour-coded. The dashboard's 'Proposed (Mitigated) Risks' row will be updated. If the value of the 'Risk Criticality' column is 'TBC', a value cannot be entered into the 'Mitigated Risk Criticality' column.
  • Status: Select an option from the dropdown menu. If the value is '-select-', 'Not Started', or 'In Progress', the risk will be accounted for in the 'Outstanding (Unreviewed) Risks' row of the dashboard. 'Completed' cannot be selected until both the 'Risk Criticality' and the 'Mitigated Risk Criticality' have been defined. If 'Completed' is successfully assigned, the risk will then be counted in the 'Completed Mitigated Risks' row of the dashboard. If 'No Action Required' is selected, 'Mitigated Risk Criticality' will automatically match 'Risk Criticality', and the 'Completed Mitigated Risks' row of the dashboard will be updated. The value of 'Mitigated Risk Criticality' cannot be changed while 'No Action Required' is selected. Updates to 'Risk Criticality' will automatically be reflected in 'Mitigated Risk Criticality'.
• FMECA Risks Matrix
  • Severity: The three severity categories, and the associated severity descriptions can be modified to best reflect the technology's vulnerabilities. The 5 'Severity' categories can also be updated. Any changes here will be applied to the FMECA table 'Severity' dropdowns,and if any rows contained the overwritten severity category, they too will be updated.
  • Likelihood: The likelihood definitions can be modified to use metrics which are most appropriate for the project. The 5 'Likelihood' categories can also be updated. Any changes here will be applied to the FMECA table 'Likelihood' dropdowns, and if any rows contained the overwritten likelihood category, they too will be updated.
  • Risk criticality combinations: Each Likelihood / Severity combination can be updated using the dropdown in the risk matrix cells. Selecting a different dropdown item will update the cell with the associated colour. If the affected combination has been used in the FMECA table, this too will be updated.