Procurement. Common risks include lack of vendor shop availability, poor quality equipment and fabrication delays. It's useful to categorize each risk as internal or external.
Technology selection. If your project uses new or unproven technology, consider various sources of uncertainty in technology design. Try to make risks as specific as possible. This may require reviewing the project scope item by item to identify those with the most technical uncertainty.
For each risk in each category, identify and document causes in the FMEA matrix. For risks with multiple causes, list each cause separately so it can be properly managed.
Finally, indicate any controls currently in place to detect and mitigate risks.
After this initial risk-identification exercise, circulate the list to project team members and key stakeholders for comment. In most cases review by people outside the FMEA team uncovers additional risks.
After completing risk identification, the FMEA team should characterize three aspects of each identified risk:
1. severity of its impact;
2. probability of its occurrence; and
3. the project team's ability to detect the event.
Assign each of these risk aspects a value of either 1, 3 or 9. For example, a high negative impact should get a 9, a moderate one a 3, and a minimal one a 1. Risks with a high likelihood of occurrence should receive a 9, ones with a moderate likelihood a 3, and those with remote possibility of happening a 1.
A FMEA should show most risks as 3 on the occurrence aspect, with some scored as either 1 or 9. If instead most are 9 or 1 the FMEA is considered unbalanced. Too many 9s can lead the team to ignore other significant risks. On the other hand, most having 1s could indicate that serious risks have yet to be identified. An unbalanced FMEA should spur the team to verify that it didn't miss any risks.
After estimating probability of occurrence, the team should assess prospects for spotting each risk-and-cause combination. If it's easy to detect occurrence of the risk event, it should get a value of 1, while if the occurrence can't be detected early and easily, it should get a 9.
The final step in FMEA is finding the RPN for each specific combination of risk and cause. You calculate RPN by multiplying the three values assigned earlier: severity of impact, probability of occurrence and ease of detection. Sort results in order of descending RPN. Risks with the highest RPN have a high negative impact, are very likely to occur and will be difficult to detect.
The team then should move on to developing a risk mitigation and management plan using the matrix. Starting with highest RPN risks, consider additional actions needed beyond any controls already in place. For example, if you identify use of new suppliers for major equipment as a cause for schedule impact due to rework and repair, consult your procurement group to review options for increasing supplier quality assurance.
A Potent Tool
FMEA can help teams identify, mitigate and manage risk events that can impair project success. It's a simple but powerful tool that should be an integral part of any project manager's toolkit. Use it first late in the conceptual design stage — but revisit the FEMA matrix on a regular basis to ensure that new risks are identified while obsolete risks are eliminated from project risk-management activities.
Adnan Siddiqui, P.E., is principal of ConcepSys Solutions LLC, Houston. E-mail him at firstname.lastname@example.org.