A Concept of Risk Prioritization in FMEA Analysis for Fluid Power Systems

: FMEA analysis is a tool of quality improvement that has been widely used for decades. Its classical version prioritizes risk of failure by risk priority number (RPN). The RPN is a product of severity (S), occurrence (O), and detection (D), where all of the factors have equal levels of signiﬁcance. This assumption is one of the most commonly criticized drawbacks, as it has given unreasonable results for real-world applications. The RPN can produce equal values for combinations of risk factors with different risk implications. Another issue is that of the uncertainties and subjectivities of information employed in FMEA analysis that may arise from lack of knowledge, experience, and employed linguistic terms. Many alternatives of risk assessment methods have been proposed to overcome the weaknesses of classical FMEA risk management in which we can distinguish methods of modiﬁcation of RPN numbers of employing new tools. In this study, we propose a modiﬁcation of the traditional RPN number. The main difference is that severity and occurrence are valued based on subfactors. The detection number remained unchanged. Additionally, the proposed method prioritizes risk in terms of implied risk to the systems by implementing functional failures (effects of potential failures). A typical ﬂuid power system was used to illustrate the application of this method. The method showed the correct failure classiﬁcation, which meets the industrial experience and other research results of failures of ﬂuid power systems.


Introduction
Fluid power systems find wide industrial applications as drive or control systems. Due to their advantage, they can perform various functions, including those that may directly impact human safety or as a crucial component in applications that require high reliability. They have been used in aerospace applications as a vital component of aircraft, rockets, and spaceships to actuate critical flight components: actuating flaps, brakes, and landing gears, opening/closing doors, etc. The marine industry uses hydraulics for controlling ships and deck appliances such as winches, cranes, or hatch covers. They found applications in metal making machinery, in production lines, as presses, or other machine tools. They are broadly used in mobile machinery such as cranes, excavators, earth-moving equipment, and automobiles. The mining industry utilized hydraulics in drilling equipment for oil and gas extraction. The energy industry employs hydraulic systems in control systems of wind and water turbines and other processes. Depending on the applications, they can have different levels of complexity and use purely mechanical-hydraulic or electromechanical-hydraulic systems. High power density and almost unconstrained flexibility are the main advantages of these systems, making them peerless to mechanical or electrical power systems. Fluid power is not a new technology, but, complemented with the electronic control system [1], it offers new possibilities and can be one of the leaders among drive systems. Fluid power systems and their components must be highly reliable, their potential failures must be recognized early and investigated, and corrective plans must be prepared. Research on their failures and reliability is conducted using qualitative and quantitative tools and methods individually or together [2][3][4]. One of the widely used methods is the FMEA (failure modes and effects analysis). The origin of the FMEA analysis is dated to the 1950s when it was formalized in the military standard [5]. It found practical application during the NASA Apollo mission and in the automotive industry in the 1980s and finally became a part of international standards: ISO 9000 and SAE 1793 [6]. The FMEA method was an inspiration for other methods and tools such as RCM (reliability center management), concept FMEA and FMEDA [7].
One of the steps of FMEA analysis is a risk evaluation, which, in its conventional form, is calculated using three risk factors: severity (S), occurrence (O), and detection (D). Severity is defined as the ranking of the end effect of failure mode to the system. Occurrence is defined as the likelihood of failure occurrence. Detection is the possibility of failure detection. These risks factors are quantified by experts with integer numbers from 1 to 10 each. The risk of individual failure mode is evaluated using risk priority number (RPN), which is a product of the aforementioned risk factors. A higher RPN value defines a higher risk of related failure modes. However, this approach is widely questioned due to several limitations. The equally weighted risk factors may produce the same RPN number for various combinations of S, O, and D, which may have different risk implications. The utilization of only three factors and related failure modes is also criticized as ineffective. Another problem of conventional FMEA is data uncertainty and subjectivity. All information in FMEA analysis is delivered by a group of experts who have to assign linguistic terms to exact numbers and rely on their own knowledge and experience. All shortcomings of traditional FMEA analysis are widely summarized in previous work [8].
To overcome the FMEA drawbacks, alternatives methods are implemented. The systematic literature review of employed methods was presented by Liu et al. [9]. The main trends which are observed to overcoming drawbacks of traditional FMEA are:

1.
Modification of classical RPN by implementing customer perspective [10], performing risk evaluation in terms of risk factors and their implication to risk scenario [11], other factors [9].
Risk assessment is performed by different methods and with the utilization of various tools. The most common methods that concurrently resolves problems with information uncertainty are:
The FMEA is a hierarchical multicriteria decision-making (MCDM) process that can utilize decision-making tools. Literature review indicates that the following methods mainly find application in risk analysis:
The drawbacks of FMEA analysis were not only recognized by scholars but also by industry, which led to employing ACP (action priority number) in FMEA analysis in the latest automotive standard [30].
Although many attempts have been made and new methods implemented to defeat the weaknesses of classical RPN, a risk assessment in FMEA is still a challenge. All information used in FMEA is delivered by experts who have to rely on their knowledge and/or experience what along with linguistic evaluation methods that can lead to a high level of uncertainty and subjectivity. It also implies that the results of FMEA analysis are unique for specific problems and can not be extended on similar cases. Methods proposed by scholars are too complex or computationally intensive to be employed in the practice. To overcome the aforementioned shortcomings, we proposed a method that combines known methods as a division of severity and occurrence into subfactors and risk prioritization based on associated risk to the system. The severity in the proposed method is calculated based on component importance, failure effect, and factor, which define a relationship to the other failures. The occurrence number was replaced by a failure predictor, which uses a base failure rate, and modification factors, which take into account the influence of size, load, working conditions, and operating time. The detection number is estimated in the traditional way. Risk is evaluated for classified functional failures that directly correspond with system risk. The proposed method is analogous to the conventional FMEA, easy to use, and can reduce uncertainties of severity and occurrence caused by expert subjectivities.

Assumptions
The primary purpose of this study was a qualitative analysis of failure modes, failures, and their end effects for fluid power systems. Failures in fluid power components are complex, and primary failure may only trigger the final failure. In this method, only primary forms of failures were assumed. The analysis was carried out only for primary mechanical failures. The electrical components were omitted. Investigated fluid power system utilizes typical components for mobile fluid power systems without any diagnostic systems. The primary form of failure detection is a visual inspection. Additionally, access to system components is relatively easy and can be compared to a hydraulic system for mobile machinery (e.g., excavator).
We assume that investigated system already exists and only a few essential data are available.

Method
In the presented method, we define criticality C R in a similar way to traditional risk priority number (RPN) as a product of severity S, a failure predictor P, and detection D: where S = c i · c e · f i , P = λ b · m f · t f . All three are valued with numbers from 1 to 20.
We can calculate severity S as a product of component importance c i , failure which can appear in the component f i and modification factor c e : Component importance c i defines how an individual component is important to the system for a specified criterion. It can be safety or ability to perform the specific function. We assumed that components are valued in the way similar to that which was presented in our previous study [31]: • Main components. They are essential for performing the intended function.
• Major components. They ensure the proper operation of the system. Their possible failures may cause the system to malfunction, but its main task is still maintained. • Additional components. Their failure has little effect on the main task of the system. Modification factor c e is an influencing factor that tells which component may influence others in the system in case of failure. It reaches value 1-1.25, where value 1 means that potential failures in the component do not influence others. Failure predictor P is expressed as: where λ b is a base failure rate, m f is failure modification factor, t f is a time factor.
We utilize the failure rate value that is commonly used in reliability and maintainability to rank components in the system. We assumed that the failure rate for individual components is the estimator of its possible failure. The real value of base failure rates for the system components [32] were assigned to individual components and renormalized to scale 1-5. Value 1 indicates a component that unlikely fails, while 5 indicates a component with highly expected failure. The value of failure rate for fluid power components according to handbook [32] depends on the following: Temperature. • Fluid contamination.
Factors "Temperature" and "Fluid Contamination" were joined to one factor, "Environment" (w e ), which considers working conditions as an equivalent of both. Besides primary and internal (in-operation) oil contamination, the ingressed (or external) contamination is also recognized as one of the main sources as states by industry [33][34][35].
To include the above factors, we implemented an equivalent scale defined in the following way: Minor.
Due to components' different structures and performed functions, we can not use one uniform evaluations scale. However, the scale mentioned above was adapted to the individual features of the components. Factor "Size" for hydraulic pumps depends on their volumetric displacement: • Very high, volumetric displacement > 125 dm 3  In general, we can calculate the failure rate for the system based on the failure rate of system components [36]. For a serial system, the total reliability is a sum of the failure rate for individual components: For a parallel system, it is a product: For the majority of fluid power components, base failure rate λ b is available [32]. The failure rate for the accumulator can be calculated as a sum of individual components (as a serial system): where λ bSSE is a failure rate for static sealing, λ bSP is a failure rate for spring, λ bPC is a failure rate for piston-cylinder interface, λ bV is a failure rate for valve, and λ bCW is a failure rate for cylinder wall. For a diaphragm-type accumulator, the failure rate can be simplified to the following formula: For hydraulic actuator, the flow rate can be calculated from the following formula [32]: where λ bPC = 10 × 10 6 N and λ bSD is a failure rate for a dynamic seals. N is a number of wear cycles. The number of cycles was estimated assuming that the equipment pressure should withstand the number of infinite fatigue strength, which is 2 × 10 6 according to [37]. Research shows that fatigue failures may occur much sooner [38,39]. Another reported failure is leaking due to the sealing failure [40]. The values of base failure rates (in failures/million cycles) for other hydraulic components is presented below [32]:

1.
Valves: • spool type: λ bVS = 3.75; • poppet type: λ bVP = 3.9. The values mentioned above are addressed to direct-operated valves. For pilotoperated, we can calculate failure rate as a sum of the pilot valve and main valve. In the simplest case (pilot and main valve are the same types), we can assume that the pilot-operated valve failure rate is twice more than a direct-operated value.
Hydraulic oil: as a common practice, hydraulic oil has to be replaced much sooner than any failure in components may occur. Therefore, the value of the failure rate was set as maximal from other components in the system.
All of the above-mentioned factors were evaluated using the below scale: • and then were renormalized to new scales according to Formula [41]: The "Size" (s) factor value is 1-1.25, the "Operating pressure" (p) factor value is 1-1.25, the "Leakage" factor (t e ) value is 1-1.12, and the "Environmental" factor (w e ) is 1.14. The range of factors range is not equal because operating pressure and size plays more important role than leakage and environmental conditions. The time factor (t f ) allows for distinguishing components with different operating time regimes. The range is 1-2. To make all data easier to identify and recognize, we prepared a practical chart presented in Figure 1. The chart above includes the pairwise comparison matrix, which is used to evaluate component modification factor c e . The weights factors were calculated in the following way: were next renormalized to range 1-1.25. We evaluated the detection D in a similar way to classic FMEA analysis with values 1-20: • detection of failure is almost certain:

Case Study
An example of typical hydraulic system, presented in Figure 2, that includes typical fluid power components was used in this study. It is a hydraulic system that utilizes an accumulator as an auxiliary power source. The presented system's main task is to convert pressure energy into linear displacement of the hydraulic cylinder and actuate the component of a mechanical system (e.g., boom or arm of an excavator). The motor (3) drives a pump (4) and sucks hydraulic oil from the reservoir (1). Before passing the pump, the fluid is cleaned in the filter (2). The pump displaces the liquid to the hydraulic cylinder (10) through the check valve (5) and the directional control valve (7). The check valve (5) secures the system against the back flow. The hydraulic cylinder is a double-action actuator in which fluid acts on both sides of the piston. One side is connected with the supply line (with the pump) while the other is the drain (reservoir). Both ports can be alternatively connected to the supply line by switching a spool position of the control valve (7). In that way, the direction of piston rod movement is determined. The relief valve (6) plays a role of a safety valve in the system and secures the pump against excessive pressure. The other relief valve (8) sets the working pressure. The accumulator (9) is connected parallel to the supply line and is an auxiliary power source. During each operating cycle, the accumulator is charged and release fluid on power demand. Fluid is delivered to all components via rigid pipes or hoses, or both. The directional control valve (7) and relief valve (8) are components of the control system. Reservoir (1), filter (2), and pump (4) are components that generate pressure energy. Pipes or/and hoses transmit energy to the hydraulic cylinder (10), where fluid energy is converted into mechanical energy.
Failures that can occur for the above-mentioned components are as follows [42]: loosening f 3 ; 4. extreme contamination f 4 ; 5.
At the next step, we defined the system functional failures f f i . The functional failure is understood as a system state (failure) that is categorized in the following way:

1.
System is not able to perform intended function f f 1 .

2.
System is partially able to perform intended function.
Major failure occurs f f 2 .

3.
System is able to perform intended function.
Minor failure occurs f f 3 .
Symptoms, failure modes, and failures matched with components corresponding to the above-mentioned functional failures were used to create relation tables presented below on Tables 1-3. Table 1.
Functional failure ( f f 1 ): System is unable to perform intended function.

Failure Mode Failure Components
Actuator: Loss of oil f m 1 Fracture f 1 Tank c 1 no motion

Results
Data from Table A1 along with failure values were allowed for calculating the criticality number C r . The ranking lists were created for each functional failure and are presented on Table 4-6. Oil contamination or aeration appears six times among first five ranks for all functional failures. Pump and actuator failures were also recognized as components, which can lead to presented system failures.  Table 5. Functional failures f f 2 . Criticality. 297.0 wear f 6 relief valve c 5 Table 6. Functional failures f f 3 . Criticality.

Discussion
Criticallity number for pair contamination-oil reached the highest value among all failure-component pairs. Almost all failures and related components for functional failure ( f f 1 ) that are critical to the system are valued lower than for others functional failures ( f f 2 , f f 3 ). There are two reasons responsible for this situation. The first one is the detection number. The "fracture" failure for almost all components can be easily detected-for some, even without any instruments. The second reason is the components prioritization method that is realized by performed function, failure rate, and working regime. The tank, which is recognized as a highly reliable component, can be a source of critical failure for the system. Another aspect is that the components which play auxiliary functions and being in use occasionally (e.g., valve c 6 ) when failing make the system unable to operate. Failures that cause fluid losses are critical to the whole system and even if they occur in the component graded as secondary or minor. Treating such components with the highest importance can lead to overestimating other failures for these components. The nature of almost all failures for critical system failure f f 1 is random and unpredictable caused by sudden and extreme overload or hidden material/manufacturing and design flaws.
The first two criticality numbers for f f 3 , which is less risky for the system than others, reached higher values than fourth rank in f f 2 . Other pairs of failures and the corresponding components are higher for f f 3 than f f 2 . This is caused by the intensity and exposure which determine the final effect, which can be marginal (at initial stages of wear, cavitation, and corrosion) or major after long exposure.
Presented results show that risk prioritization assigned to the system risk allows avoiding underestimating or overestimating potential failures for related components.
In all three functional failures, oil contamination plays the main role and should be recognized as a main problem of fluid power systems. It agrees with practical experience and also with the results of research presented in study [2] where failure analysis was conducted for a hydraulic system of a heavy-duty machine. The failure analysis in this work was conducted with more sophisticated methods and tools than the presented method: fault tree analysis, Dempster-Shafer theory, and rough set theory to fill were implemented to eliminate the incompleteness and the uncertainty delivered by experts.
The comparison of the presented method and conventional RPN approach was conducted for the severity factor, which in the proposed method is calculated according to Equation (2). To the comparison, we used failure: fracture that can occur in all of the system' components. The end effect of this failure for all of the components leads to critical system failure, which is unable to perform the intended function. As such, it should be ranked with maximal value according to the traditional RPN approach. The comparison of RPN value is presented in the Table 7. The occurrence number may mainly depend on a subjective opinion of an expert (or experts), their knowledge and/or experience, and/or availability of relevant data. It means that the occurrence number may be scattered inside a wide range. The proposed method adopts quantitative data, including the essential information about components, which produce the occurrence number with less sensitivity to expert knowledge and/or experience.
The detection number in both methods are estimated in the same way.
Limitations of the method. Although the structural design of fluid power components has remained unchanged for decades, the trend to implementing electronic control and diagnostic system can be observed recently. It brings new possibilities for system diagnostic and its management and makes the components are no longer purely mechanical/fluid but are more sophisticated. Additionally, new manufacturing methods and materials are implemented; thus, base failure rates from this study may not fit the latest components design. Furthermore, the values of base failure rates do not recognize differences in component structures or material and cannot evaluate the same component with various solutions separately. Another limitation of the presented method is its applicability only to components for which base failure rate is available. Those for which is unavailable would have to be estimated what can increase the level of uncertainty.
The proposed method can calculate the same criticality numbers for a few different components and corresponding failures. It can be overcome by detailed failures definition, which is sometimes problematic. Fluid power components encounter mechanical and fluid flow failures, which are too complex for easy identification.

Conclusions
FMEA analysis and its modification play an essential role in increasing reliability and safety despite the drawbacks, which, in classical FMEA analysis, is undoubtedly risk evaluation and uncertainties. In this study, a proposal of risk assessment for fluid power systems has been presented; its main aim was implementing a prioritization method of failures based on quantitative data. A classical risk priority number has been extended with modification factors for severity, while occurrence was replaced by a failure predictor, which uses failure rate value and corrective factors. The detection remained unchanged with classical risk prioritization. The severity number in the proposed method is calculated as a product of component importance, their influence on other components, and failure effects. It allows for prioritizing components that can be nondistinguishable in the classical RPN method. The proposed method's main application is a design stage or situation where details of the system components are unavailable. Therefore, the occurrence number is replaced by a failure predictor, which defines the likelihood of failure based on failure rate value and modification factors. These were determined based on specifications of typical components systems for mobile fluid power systems. If relevant data about components are available, the failure rate can be more precisely described. The proposed method was employed in a typical fluid power system which consists of common components and can be extended to any fluid power system. Modification factors presented in this study are universal and applicable for other systems of fluid power. Failure modes of individual components were classified into system functional failure (effects of component failure modes) to avoid underestimating failures whose consequences are catastrophic to the system. Obtained results allowed identify the most common failure for a considered hydraulic circuit, which agreed with research conducted by more sophisticated tools and methods and proved the usefulness presented method.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: