Presentation

Causal Analysis Tools
Webinar No. 4
Causal Analysis Trees/Maps
(including Fault Trees)
Name
Jody Page
Title
Quality Engineering
Approved for Public Release DAL201209012
File name – Web No. 4
Causal Analysis Trees/Maps
Approved for Public Release DAL201209012
File name – Web No. 4
History of These Tools
Dean Gano, having worked incident
investigations for years in the nuclear industry,
developed a robust, simple method that could be
used in any level of investigation. His 1999 book
(right) challenged conventional thinking on the
subject at the time.
The software – RealityCharting RCA, is a robust
tool that assists the user by automating some of
the drafting decisions, as well as providing checks
and balances to ensure the method is being used
properly. The company has re-branded under the
single RealityCharting RCA name.
Dean Gano
Mark Galley, founder of ThinkReliability,
deploys a similar philosophy and tree
structure approach to causal analysis, but
instead utilizes MS Excel as a drafting / data
collection tool, providing templates and
training to facilitate investigations.
Mark Galley
Approved for Public Release DAL201209012
File name – Web No. 4
Reason To Use This Method
Think Reliability Cause Mapping
• To study and capture the entire
“System of Causes” contributing to
your issue, so that robust solutions can
be deployed.
• When an issue is recurring after
previous solutions have not
worked.
• To facilitate documenting the
information obtained for knowledge
transfer and retention.
• To incorporate causes found from
other Causal Analysis tools into
“the big picture”
• When precise mapping of causes
and effects are warranted.
RealityCharting RCA Method and Software
Approved for Public Release DAL201209012
File name – Web No. 4
Characteristics of Cause & Effect
Each Effect has a Least Two Causes
–
–
Actions – momentary causes that bring conditions together to cause an effect (trigger)
Conditions – causes that exist over time prior to the companion action
Action
Striking
A Match
Condition
Open
Fire
Caused
By
Ignition
Source
Condition
Combustible
Material
Condition
Oxygen
Identify an Action & Condition for Every Problem
Approved for Public Release DAL201209012
File name – Web No. 4
Causal Analysis Tree/Map
– Jefferson Memorial
Use of 5 Whys, Fishbone, and Causal Chain Mapping
Primary
Effect
1st Why
2nd Why
3rd Why
4th Why
5th Why
Excess Bird
Droppings
Jefferson
Memorial is
Deteriorating
Washing
Too
Much
Action
Water
Pressure
Erodes
Material
Lots of
Gnats
to Eat
Action
Birds
Present
Lights
Turn On
at Dusk
Lots of
Spiders
to Eat
Spiders
Like to Eat
Gnats
Gnats Are
Attracted to
the Lights
Condition
Birds
Like to Eat
Spiders
Condition
Gnats Mate
at Dusk
Action
Water
Pressure
Required to
Clean Area
Condition
Public
Complaints
On Odor
and Safety
Condition Causes lend
themselves more to
Mistake Proofing
Approved for Public Release DAL201209012
File name – Web No. 4
Think Reliability Cause Mapping
Approved for Public Release DAL201209012
File name – Web No. 4
RealityCharting RCA Method and
Software
Approved for Public Release DAL201209012
File name – Web No. 4
Module 4
Causal Analysis Trees / Maps Polling Question
In the fire example, would there ever
be a situation where introducing the
ignition (match struck) would not be
the action cause (last thing to
happen)?
a. No
b. Yes
Approved for Public Release DAL201209012
File name – Web No. 4
Fault Tree Analysis
Approved for Public Release DAL201209012
File name – Web No. 4
History of Fault Tree Analysis
1962 - Bell Labs by H.A. Watson and A.
Mearns under a U.S Air Force Ballistic
Systems Division contract to evaluate the
Minuteman Intercontinental Ballistic Missile
(ICBM) Launch Control System.
1975 - U.S. Nuclear Regulatory
Commission began using probabilistic risk
assessment (PRA) methods including FTA.
1979 - Three Mile Island - significantly
expanded PRA/FTA use / research during
and following the incident investigation.
1981 - publication of the NRC Fault Tree
Handbook NUREG–0492, and mandatory
use of PRA under the NRC's regulatory
authority.
Approved for Public Release DAL201209012
Probabilities were
added to causes a
few years after the
tool’s creation
File name – Web No. 4
What is Fault Tree Analysis?
Fault tree analysis (FTA): an analysis in which an
undesired event is described and analyzed using
Boolean logic from a series of lower-level events.
Is a thorough method to quantitatively determine the
probability [or bounds] of a undesired event.
Cutset: The route through a FTA between an event
and its primary causes. One set of events upon their
occurring results in the top event.
Minimal cutset: The shortest credible way through
the tree from the top event to primary causes.
Approved for Public Release DAL201209012
File name – Web No. 4
Reason to Use Fault Tree Analysis
This analysis method is mainly used in the fields of Safety
Engineering and Reliability Engineering to determine the
probability of a safety accident or a particular system level
(functional) failure.
FTA can be used to:
• show compliance with the (input) system safety / reliability requirements.
• prioritize the contributors leading to the top event - Creating the Critical
Equipment/Parts/Events lists for different importance measures.
• monitor and control the safety performance of the complex system (e.g. Is it still
safe to fly an Aircraft if fuel valve x is not "working"? For how long is it allowed
to fly with this valve stuck closed?).
• minimize and optimize resources.
• assist in designing a system. The FTA can be used as a design tool that helps to
create (output / lower level) requirements.
• function as a diagnostic tool to identify and correct causes of the top event. It
can help with the creation of diagnostic manuals / processes.
Approved for Public Release DAL201209012
File name – Web No. 4
Unintended Event
1st Level Causes
ESD Induced Dielectric
Breakdown in or
adjacent to propellant
with sufficient joules for
ignition
Unintended
Rocket Motor
Ignition
Mass impact at
propellant surface
exceeding detonation
velocity
Unintended initiation of
electroexplosive device
Presence of mass
heat/fire exceeding
propellant autoignition
temperature
Sympathetic detonation
from blast overpressure
2nd Level Causes
Approved for Public Release DAL201209012
File name – Web No. 4
1st Level Causes
ESD Induced Dielectric Breakdown in or adjacent to
propellant with sufficient joules for ignition
ESD with sufficient
joules
Insufficient
Grounding
Propellant ESD
Sensitive
High joule
ESD
Propellant
damaged
(cracks or
“dusting”)
Insufficient
ESD Barrier
Failure to
connect
grounds
properly
Grounding
System
Defect
ESD from
equipment
materials
Leg
Stats
Missing
2nd Level causes
Personnel
generated ESD
Leg
Stat
Failure
Approved for Public Release DAL201209012
Static
Floor
Failure
Propellant
Formulation
not
“insensitive”
Lightning
Side Flash
Static
Buildup
File name – Web No. 4
LMCO Fault Tree Analysis Example
1.1 Oil Leaks
1.0 Compressor Test Failures
1.1.4.2 Defective Part
1.1.1
Salazar
1.1.4.1
McCrary
Overfill
Improper Assembly
1.1.2
McCrary
Caps Left on
1.1.4.2
McCrary
1.1.3
McCrary
1.1
Oil Leaks
Pg 4
1.1
Loose fittings
Compressor
Oil Leaks
1.1.4
1.1.4.3
McCrary
Faul ty Seal s
Defective Material
1.2
Air Pressure
Defective Part
1.1.5
McCrary
Pg 5
1.1.4.4
McCrary
Cracked Hardware
Compressor Fault Tree
1.3
Other
Pg 2
1.1.6
Pg 6
Drawing not speci fic
enough
1.1.7
McCrary
Pg 7
Improper venting of
breather valves.
1.5
1.1.8
McCrary
High Torque
Contaminated Oil
Compressor
Failures
and
Anomalies
1.2.1
McCrary
2.0
1.2.2
Reserved
Pg 3
1.2
Compressor
Air Pressure
1.1.6.2
McCrary
Part doesn’t meet
drawing
1.2.5.1.1
Salazar
Blocked Inlet
Hardware
Damage
Anomalies
1.1.6.1
McCrary
Interference at
mounting flange
1.4
Low Volume
Air Out
1.0
Compressor
Test Failures
1.0
Compressor
Test
Failures
Seal Design
Oil Overfil l
1.2.5.1
Hydro-lock
1.2.5.1.2
Salazar
Tilted while full
1.2.3
McCrary
1.2.5.2.1
Hartwell
Loose fi ttings
Lack of
Maintenance
1.2.4
McCrary
Cracked Hardware
1.2.5.2.2
1.2.5
1.2.5.2
Moisture
Intrusion
3rd Stage Relief
Valve Popping
Corroded 4 th
Stage
1.2.5.2.2.1
Hartwell
Moisture
Separator
Malfunction
1.2.5.2.2.2
Hartwell
1.2.5.2.3
Hartwell
Back feed from
Outlet
Incompatible
Materials
1.2.5.2.4
Air Intake
Contaminates
1.2.5.3
4th Stage
defecti ve parts
Approved for Public Release DAL201209012
File name – Web No. 4
LMCO Fault Tree Analysis Example
– Detailed Close Up
1.1.4.2
Defective Part
Approved for Public Release DAL201209012
File name – Web No. 4
LMCO FTA Summary Report
Sample
Approved for Public Release DAL201209012
File name – Web No. 4
Module 4
Fault Tree Analysis Polling Question
What was the fault tree analysis created to do?
a. To evaluate the probability of human error.
b. To increase the safety level of the space
program.
c. To improve the safety of missile systems.
d. To illustrate where to place blame/fault in the
process.
Approved for Public Release DAL201209012
File name – Web No. 4
References:
RealityCharting Home Page:
http://realitycharting.com/
RealityCharting Training:
http://coach.realitycharting.com/
RealityCharting Downloads:
http://www.realitycharting.com/downloads/badge/simplified
ThinkReliability Home Page:
http://www.thinkreliability.com
ThinkReliability Template:
http://www.thinkreliability.com/excel-tools.aspx
ThinkReliability Training:
http://www.thinkreliability.com/excel-tools.aspx
Fault Tree Template:
http://www.fault-tree.net/
Fault Tree Training:
http://www.fault-tree.net/
Approved for Public Release DAL201209012
File name – Web No. 4
Approved for Public Release DAL201209012
File name – Web No. 4