The Anticipatory Failure Determination Fact Sheet

Steve Ungvari, SPI, Inc.
810-220-8440
sufield@aol.com

 

Introduction

While product failures have always been a problem, it seems that with the complexity of today's engineered systems, the number and the severity of these incidences both in terms of human suffering and damage to the corporation is increasing at an exponential rate.  The question as to the root cause of this phenomenon and more importantly, the "fix" is an appropriate one.  Why have traditional methods failed at preventing product failures? To be sure, some of the fault lies with engineers "going through the motions" of using the failure prevention tool.  That fact notwithstanding, the conventional tools themselves are not "foolproof."  The Ideation/TRIZ methodology has a unique component called Anticipatory Failure Determination(AFD) which, used with conventional methods, greatly enhances the process of failure prediction and failure prevention.  The Fact Sheet below provides a basis for comparing AFD and conventional methods such as Failure Mode & Effects Analysis(FMEA) and Hazard Operability Analysis (HAZOP).

 

What is Anticipatory Failure Determination (AFD). 

Anticipatory Failure Determination™ is based on the concepts that were called “subversion analysis” in earlier TRIZ work by Zlotin, Zusman, Altshuller, and Filatov (ref.1, 2) and Kaplan (ref.3).   Software is now available to make the method easier to apply (ref.4)  The term “subversion analysis” refers to the basic technique, described below, of using TRIZ in reverse; that is, TRIZ is used to find ways to cause the design to fail, or to subvert the basic purpose of the design.   With the knowledge of how to subvert the design, the developer knows how to make the design better, so that the failures cannot occur.  

AFD  is  a TRIZ method that is a disciplined, rigorous process by which the user can:

What is the difference between AFD and other conventional failure prevention techniques?

The principle difference between AFD and conventional techniques such as Failure Mode and Effects Analysis and Hazard and Operability Analysis is the perspective from which potential failures are determined.  In the conventional techniques, the process of failure prediction proceeds linearly from an articulation of the system's function(s) to what may occur if there is a failure (absence) in deliverance of these functions.  In other words, the analytical line of logic follows design intent.  Given a potential failure, the effect of the failure, probability of its occurrence, and the ability to detect the failure is determined.  Once these parameters are quantified, often times very subjectively, a calculation of risk is made.  If the risk is determined to be unacceptably high, changes in design, or detection capability can be suggested. 

On the surface the process sounds logical.  There are, however, serious structural weaknesses with these traditional approaches. 

1.  The first weakness stems from the process used to determine failures.  The process of failure determination is essentially a brainstorming exercise initiated by probing what failures "might" occur.  This process suffers from the same syndrome that the original product design process is subject to - Psychological Inertia (PI).  Also, because the analysis of potential failures is accomplished within the same mental context that created the design in the first place, there is a serious question of objectivity to be raised with this approach.  Engineers do not like to admit that their designs are failure prone.

2.  A second shortcoming of traditional approaches is that he analysis of failures is deemed to result from the absence of an intended or designed function.  The issue of "prohibited" functions is not considered.  For example, the function of a handgun is to shoot a bullet.  All of the failure analysis proceeds along the lines of the original design intent.  The original designers of the weapon system, for example, did not design it to be used by children to shoot other children in schools.  This prohibited function is not a part of conventional failure prevention techniques.  Additionally, to be more complete, functions also need to be analyzed not only from the absence of intent but also from the perspective of the function being performed insufficiently or in an excessive way.

3.  The most serious drawback of traditional approaches, however, is the absence of an integrated problem solving mechanism to pinpoint design deficiencies accurately as a series of "inventive" problems.  An inventive problem is one characterized by an inherent conflict. Traditional techniques do not make provisions for solving difficult technological problems in an inventive way.  An inventive approach recognizes system conflicts and attacks them head-on.  In traditional approaches, if the design is deemed to be too risky, correction of the problem is accomplished through a number of design and redesign iterations or, as a stopgap, - redesign of the detection systems.  When the system deficiency is not defined as an inventive problem, the results are often costly over designs, or the addition of auxiliary compensating systems making the original design more complex. 

 

What is different about The AFD System?

 All of the structural deficiencies noted above have been designed out of AFD. First of all, the approach to determining potential failures is the reverse of the one used in conventional approaches.  In AFD, the power of the technique comes from the process of deliberately "inventing" failures.  The engineer has to transform him or herself into a subversive.  The idea is to invent, cause and create failures. In the case of past failures, the analytical process challenges one to invent a past failure.  In future failure prevention, the logic proceeds along the lines of inventing, creating or devising the most catastrophic failures conceivable.

In both instances, the engineer inverts the problem.  The advantage to this approach is analogous to a defense attorney becoming a prosecutor.  The system's potential flaws are viewed from a perspective that allows for full exploitation of a system's weaknesses.  It is obvious, when all system deficiencies are made explicit, the team or individual can take more effective countermeasures.   Failure prevention is transformed from a defensive to an offensive "inventive" exercise creating a seamless process for failure determination and prevention.

The process is so effective that users will sometimes become disenchanted with their system as having so many drawbacks that it is a wonder it will work at all.  This is normal as these are potential failures.  It is incumbent on the technical analyst to prevent these from ever occurring.

Comparative Criteria

Traditional (FMEA)

AFD

Purpose of the technique

  • Identify potential failure modes and to rate the severity of their effects

  • Identify Critical and Significant Characteristics

  • Rank order potential design and process deficiencies

  • Help focus on elimination of product and process deficiencies.

  • Analyze previous failures and be able to understand how to "invent" such failures

  • Identify an exhaustive list of potential failure scenarios as well as any negative, harmful or undesired effects or phenomenon

  • Transform the process of problem analysis from asking why a failure occurred to how can a failure be produced

  • To incorporate the full complement of TRIZ operators to develop innovative solutions

Scope of applicability

  • System design, product design, process design

  • System design, product design, process design

Analytical tools

  • Previous FMEAs, subject matter expertise, internal engineering and warranty data, logic of the FMEA process

  • Same as FMEA plus rigorous problem formulation and inventive analogs utilizing: Inventive Principles, Standard Solutions, incorporation of System and Environmental Resources

Process for completion

  • Generally linear following design intent

  • Iterative and "inverted" or subversive by probing how failures can be deliberately created.

Thoroughness of the analysis

  • Fair to good, depending on the rigor of application and the knowledge level of the team/individual

  • Good to excellent because of the access to the AFD Knowledgebase, the TRIZ Inventive Principles, Problem Formulation and analysis of all resources

AFD can be used as a stand-alone failure prediction/prevention technique or as an enhancement to traditional methodologies. For example, the synthesis of AFD into the FMEA process can be accomplished as follows: 

FMEA Step

AFD Integral

Potential Failure Mode

Failure Prediction mode of AFD:

  • Cause – effect diagrams for the system (sub-system, component)

  • Automatic Inverted Problem formulation

  • Automatic access to AFD knowledge base (Checklists and Operators)

Potential Effects of Failure

Access to AFD knowledge base, in particular the checklists:

  • Destroying the system's resistance to a specific effect

  • Making the system vulnerable

  • Intensifying the failure

  • Masking the failure

Potential Causes/Mechanisms of Failure

Application of Failure Analysis mode of AFD, in particular:

  • Cause – effect diagrams for the system (sub-system, component)

  • Localizing the failure

  • Automatic Inverted Problem formulation

  • Identifying general methods of providing the failure

  • Identifying components necessary for providing the failure

  • Revealing components of the failure among the system resources

  • Automatic access to AFD knowledge base, in particular the checklists:

  • Typical sources of high danger

  • Transforming a harmless object into a source of danger

  • Intensifying an available harmful effect

  • Destroying the system's resistance to a specific effect

 

Recommended Actions

Application of Prevention and/or Elimination of the Failure mode of the AFD, in particular:

  • Automatic Problem formulation

  • Automatic access to AFD knowledge base, in particular the Operators:

  • Eliminating the causes of the failure

  • Removing the source of harm or change its properties

  • Modifying the harmful effect

  • Counteracting the harmful effect

  • Isolating the system from the harmful effect

  • Increasing the system's resistance to the harmful effect

  • Modifying or substituting the object effected by harm

  • Localizing the harmful effect

  • Reducing the harmful effect

  • 'Blending in' defects

  • Transient using of a harmful effect

  • Facilitating detection

The intent of this Fact Sheet is not to denigrate traditional approaches such as FMEA and HAZOP. They have been used to good purpose in the past and will undoubtedly continue to be used to good purpose in the future.  The intent is to point out that some of the deficiencies inherent with these approaches can be minimized if not eliminated altogether. The general method of “subversion analysis” can be applied by anyone who is knowledgeable in TRIZ.  With the assistance of the AFD™ software, they have access to automated problem generation and extensive problem solution databases.

 

References:

1.     Genrich Altshuller, Boris Zlotin, Alla Zusman, Vitalii Filatov.  “Searching for New Ideas.”  Kishniev:  Kartya Moldovenyaska Publishing House, 1989.  

2.     Boris Zlotin, Alla Zusman,  “Solving All Scientific Problems” Kishniev:  Kartya Moldovenyaska Publishing House, 1989.

3.     Stan Kaplan, “Finding Failures before They Find Us:  An Introduction to The Theory of Scenario Structuring and the Method of Anticipatory Failure Determination.”  Proceedings of the 9th Symposium on Quality Function Deployment, June, l997.  http://www.qfdi.org

4.     Ideation International AFD™ Software, 1999.  http://www.ideationtriz.com