|
The “shall not” specification is not limited to failures. That is too simple. We must be able to see the complexity in this
simplicity. This is called interconnectedness. We need to know that safety is intertwined with many elements of life-cycle costs. The costs of downtime, repairs, preventive
maintenance, amount of logistics required, diagnostics and serviceability are dependent upon the level of safety. It is wrong to measure risk in terms of failure rates. Risk
should be measured by life-cycle costs. Those who approve the specification should concentrate on this measure. If all the life-cycle costs are estimated, there will usually
be a high return on investment in safety. The pity is that logical people only see what they want to see. They are limited by what they have seen in the past. The usual
attitude is, “It has never happened before, so it is not going to happen.”
Hidden Hazards Originating in Production
Our goal should be to make the components last as long as the system. For
example, an automobile brake should not fail prematurely. Such a failure is likely to result in a mission failure without warning. We may accept the risk of such failure as
long as the user is not harmed. That is why aircraft are equipped with redundant components. Where there is no redundancy, results can be catastrophic.
Usually, premature failures are due to unreliable processes, oversights, omissions in manufacturing, and mismatching of mating
components. The purpose of the Six Sigma program is to avoid producing components at the tail end of tolerances because they often result in mismatching.
If we go to the root causes of failures, we will find early failures and super-early failures. The failures that occur within a few
days of use are super-early failures. Dead On Arrival (DOA) products are good examples. These are sure to upset customers. More than 95% of the time, they are due to a lack of
manufacturing control, such as assembling a wrong part, loose connections, improper torque and improperly aligned assemblies.
In automobiles, the early failures are usually those that occur during the first three years of the automobile’s life. These can
be either from manufacturing variations or mismatched engineering tolerances of components. Some are due to marginal strength of the interfaces, such as loose joints, seals
and weak solder joints. Examples of early failures are the recent recall of Cadillac CTS luxury sedans to fix a bolt on the steering shaft (which was tight when shipped but
could loosen, potentially causing the driver to lose control) and the recall of Mercury Sables for improper assembly of windshields.
|
|
The remedy for early failures is to make sure that the Process Failure Mode and Effects Analysis demonstrates full control on
all critical design features required for safety.
A Good Rule: Design for Three Lives
Why do we need to qualify components for three times the normal lifetime? The simple
answer is that it is cheaper than qualifying them for one lifetime. Those who understand this paradox and take advantage of it are the real masters of safety. Most
manufacturing processes are unreliable. Virtually no attention is paid to production reliability, which is defined as the ability of the process to produce every piece right
without requiring 100% inspection. So, if you accept the one-lifetime requirement, you will have to spend a lot of time inspecting, rejecting some products, scrapping others
and paying lots of money in warranty costs and safety recalls for the next 50 or so years. Another reason for three times the life is that there are a good number of systems,
such as aircraft and automobiles, used for close to two times the life. The law requires that safety must be ensured as long as the customer is using the system, depending on
industry practice and the knowledge of the customer. Since it is industry practice to use the system beyond its expected life, we are left with no safety margin. This is the
main reason for designing for three times the life.
Also, if we design for three times the advertised lifetime, there are no rejects and no contingency inventory requirements. Much
more production variation can be tolerated and, believe it or not, your warranty costs can be zero! The cost for designing for extra life is a one-time investment, but the
savings are more than the cost of redesigning the component. If you think three times the lifetime is a tough goal, think five times normal lifetime. One of the authors worked
with a company that designs brakes to last five times the advertised lifetime with a return on investment (ROI) of several thousand percent. He also worked for a Midwest
company (acquired by Cooper Industries) that sold components for high-voltage power transformers with zero failures and three times the lifetime to avoid product liability
from power shutdown. In 1974, it invested only $50,000, but increased its market share by 200% in two years by giving a 15-year warranty. Its ROI was the highest among Fortune
500 electrical companies. At that time, no company would have dreamed of a warranty for more than a year. The salesmen were sending flowers to engineers because they were
earning big commissions effortlessly.
There is another good benefit in designing for three times the normal lifetime. We need to reduce the cycle time for testing new
products. To do this, we have to conduct accelerated tests at two to three times the normal load. Without such design, the accelerated life test will not be possible. Luckily,
over 90% of the time, you do not have to spend much on redesign. If you understand how stress causes a failure, then the design change costs very little. Often a different but
cheap alternative is available, such as rounding a sharp corner, changing the chemistry or heat-treating method, or using a different shape. In one case, a square shape was
changed to a round shape, resulting in a tenfold increase in lifetime and 70% reduction in cost. In the case of an electronic product, the reliability was improved 400% by
eliminating 1,200 components. This company had been steadily losing market share because of extremely low reliability. Now it is a market leader. If such improvements are made
at the concept approval stage, the usual cost is only a pencil and an eraser. It may seem too simple. Yes, the solution is often simple, but knowing the root cause of the
problem is not simple.
|
