Rig 1 Emergency Generator

FMEA Report

Project Title
Client Name
Job No.
Team Leader
Project Analyst (s)
Report Author (s)

Rig 1 FMEA Study Emergency Generator

S1266
Alastair Krebs

ABSTRACT

Ref: S1266, Rev 1

A Failure Mode & Effects Analysis (FMEA) study was conducted with respect to
the Emergency Generator system of the semi-submersible drilling rig Rig 1. The
FMEA study was conducted at the Company project offices in JSL Shipyard,
Singapore.
FMEA is a methodology used for analyzing potential reliability problems of
systems, with a view to enhancing reliability through design. The FMEA approach
has three basic elements when reviewing potential failure modes. These are the
SEVERITY of the event, the likelihood of OCCURRENCE and the DETECTABILITY
during the design phase of the failure event.
Based on these elements, the FMEA process calculates a Risk Priority Number
(RPN) for each individual Potential Cause of Failure. The aggregate RPN for each
Potential Failure Mode (which may be comprised of a number of individual
Potential Causes of Failure) is then presented in a graphical format for review.
The study team identified 5 subsystems of the Emergency Generator system for
review. These were the starting, fuel, emergency stop, fire damper and
synchronisation / control subsystems. A total of 26 discrete failure modes were
identified and analysed.
Recommendations were developed for the critical and high risk failure modes which, if
implemented, will reduce risk to an acceptable level. Revised RPNs were calculated to
demonstrate the expected reduction in risk for these elements.
Key Words: (e.g. Industry category, study type)
DRILLING, FMEA
Release
Date of Issue
Reviewed by
No.
Draft

Draft 01: Month, Year

VRJ Ref: 000-

Approved by

Client Approval

Rig I FMEA Studies Emergency Generator

Table of Contents

TABLE OF CONTENTS
1. EXECUTIVE SUMMARY....................................................................4
2. ACRONYMS & GLOSSARY................................................................6
3. DISCUSSION..................................................................................7
4. FMEA STUDY TEAM.........................................................................9
5. FMEA METHODOLOGY...................................................................10
6. DISTRIBUTION.............................................................................13
ATTACHMENTS:
1. FMEA RISK PRIORITY NUMBER (RPN) GRAPH
2. FMEA WORKSHEETS
3. PHOTOGRAPHS

Ref: S1266 Rev 1

Page 3 of 13

Rig 1 FMEA Studies Emergency Generator

1.

Executive Summary

EXECUTIVE SUMMARY

A Failure Mode & Effects Analysis (FMEA) studies was conducted with respect to
the Emergency Generator system of the semi-submersible drilling rig Rig 1. The
FMEA study was conducted at the Company project offices in JSL Shipyard,
Singapore.
This report covers the Emergency Generator system. Five subsystems of the
Emergency Generator system were identified for review. The identified
subsystems were:

Starting subsystem

Fuel subsystem

Emergency Stop subsystem

Fire Damper Subsystem

Synchronisation / Control subsystem

Potential failure modes for each subsystem were then identified and the severity,
occurrence and detectability assessed for each potential cause of those failure
modes.
The Fire Damper subsystems were identified as having a significant Risk Priority
Number (RPN) value. The Potential Causes of Failure which resulted in high RPN
values for the Fire Damper subsystem were:

Failure of Fire Dampers to close on signal

Failure of Fire Dampers to seal properly upon closure

The RPN is derived as a mathematical calculation of Severity x Occurrence x

Detectability.
An aggregate RPN is calculated for each of the 26 Potential Failure Modes
identified and is presented in a graphical format for review. The calculation of
RPN values serves to prioritise responses to the findings of the FMEA study (Refer
Attachment 2).
Review of the RPN aggregate graph led to the establishment, by Pareto Analysis,
of two levels where response activities would return significant risk reduction.
These were established at RPN values of 200 and 350 (respectively) for this
study.
It should be noted that these RPN values are specific to this FMEA only and are
not absolute values which can be compared to other RPN values in other FMEA
studies (Refer Attachment 1).

Ref: S1266 Rev 1

Page 4 of 13

Rig 1 FMEA Studies Emergency Generator

Executive Summary

Potential Failure Modes with an RPN value in excess of 350 have been ranked as
Risk Reduction Measures Required. These can also be viewed as critical risks.
There were two Potential Failure Modes identified by the team as having an RPN
value in excess of 350. Both of these identified items related to the Fire Damper
subsystem.
Potential Failure Modes with an RPN value in excess of 200 but less than 350
have been ranked as Risk Reduction Measures Recommended. That is to say,
these risks were recommended for action but such action was not seen to be
mandatory.
There were two Potential Failure Modes identified by the team as having an RPN
value in excess of 200 but less than 350. Two of these items related to the Fire
Damper subsystem and one item related to the Starting subsystem.
Potential Failure Modes with an RPN value less than 200 have been ranked as
Continuous Improvement. These are items which have no immediate impact
on the operability and safety of the system and thus can be dealt with in due
course, as resources become available to do so.
There were twenty items identified over the range of subsystems which fell into
this category.
Recommendations to mitigate the critical risks were identified by the team. These
recommendations were compiled during the FMEA study and were included in
this report at the Clients request.
For the Fire Damper subsystem the following was recommended to mitigate the
risks to an acceptable level:

Adopt planned maintenance routine to periodically clean and check louvres clean of
debris

Periodic maintenance of the main, auxiliary and emergency switchboards.

Include periodic maintenance of emergency starting batteries in planned maintenance

program.

Ensure that regular emergency exercises are held and crew are made aware of the
emergency generator room fire damper system limitations.

The study showed that the Emergency Generator system was a fit-for-purpose
design provided that the appropriate asset integrity activity recommendations
such as maintenance, testing and inspection, are carried out during the life of the
system.

Ref: S1266 Rev 1

Page 5 of 13

Rig 1 FMEA Studies Emergency Generator

2.

Acronyms & Glossary

ACRONYMS & GLOSSARY

ACRONYMS
AC
ALARP
BHPB
FMEA
HAZID
Hp
L
M
N
NDT
Occ
PM
RPN
Sev
SOP
E-Stop
U

Ref: S1266 Rev 1

Alternating current
As Low As Reasonably Practicable
BHP Billiton
Failure Modes & Effects Analysis
Hazard Identification
Horse Power
Likelihood
Marginal Risk
Negligible Risk
Non Destructive Testing
Occurrence
Preventative Maintenance
Risk Priority Number
Severity
Standard Operating Procedure
Emergency Stop
Unacceptable Risk

Page 6 of 13

Rig 1 FMEA Studies Emergency Generator

3.

DISCUSSION

3.1.

Background

Discussion

The emergency generator system is a critical piece of equipment on every vessel as it

provides ongoing power to those systems required for the management of emergency
situations.
3.2.

Analysis

The results of this FMEA are supported by industry data. The DNV Offshore Reliability Data
handbook provides specific data relating to reliability of emergency generator systems. The
following empirical data with respect to worldwide experience of emergency generator
reliability was extracted as part of the FMEA study:

Number of failures per 1 x 106 hours of operation = 685

Number of critical failures per 1 x 106 hours of operation = 120

(This includes 100 failure to start events and 19 failure while running events.)

Mean number of manhours to repair a critical failure = 16.2 hours

Number of overheating related failures per 1 x 106 hours of operation = 9.57.

(This failure mode is often related to fire damper operation and is of major concern as
the mean number of hours for repair of such failure stands at 82.5)

Number of degrading events per 1 x 106 hours of operation includes the following:
-

Leakage on auxiliary systems = 9.5

Faulty output frequency = 4
Fail to synchronize = 14.32
Fail while running = 5

In line with the above reliability data, the FMEA study for the Emergency Generator on Rig 1
resulted in high RPN levels for the following Potential Failure Modes:

Failure to start

Failure of fire dampers to operate correctly

3.3.

Recommendations

The analysis showed that the Fire Damper posed significant risks. In this failure
mode one casual mode was identified as significantly high; debris jammed in
the louvres.
Recommendations to mitigate the risk were identified by the team.
Recommendations were compiled during the FMEA study and were included in
this report at the Clients request. For the Fire Damper subsystem the following
was recommended to mitigate the risk to an acceptable level:
Ref: S1266 Rev 1

Page 7 of 13

Rig 1 FMEA Studies Emergency Generator

Discussion

Adopt planned maintenance routine to periodically clean and check louvres clean of
debris

Periodic maintenance of the main, auxiliary and emergency switchboards.

Include periodic maintenance of emergency starting batteries in planned maintenance

program.

Ensure that regular emergency exercises are held and crew are made aware of the
emergency generator room fire damper system limitations.

Ref: S1266 Rev 1

Page 8 of 13

Rig 1 FMEA Studies Emergency Generator

4.

FMEA Study Team

FMEA STUDY TEAM

For the purposes of this FMEA study, Contractor utilised the following personnel:
Table 4.1: FMEA Team Members
Name

Company

These team members backgrounds covered areas such as Electrical Engineering,

Subsea Engineering, Marine Engineering, Petroleum Engineering and Process
Engineering.

Ref: S1266 Rev 1

Page 9 of 13

Rig 1 FMEA Studies Emergency Generator

5.

FMEA Methodology

FMEA METHODOLOGY

FMEA is a methodology Contractor use for analyzing potential reliability problems

of systems, with a view to enhancing reliability through design. The FMEA
approach has three basic elements when reviewing potential failure modes.
These are the SEVERITY of the event, the likelihood of OCCURRENCE and the
DETECTABILITY during the design phase of the failure event.
The FMEA process delivers a Risk Priority Number (RPN) for each Potential Cause
of Failure. The aggregate RPN for each Potential Failure Mode is then presented in
a graphical format for review.
A crucial step is anticipating what might go wrong with a product. While
anticipating every failure mode is not possible, the development team should
formulate as extensive a list of potential failure modes as possible.
The study used the following methodology:

Prepare Technical, failure and reliability data (e.g. drawings and

manuals)

Site visit to the rig

Identify a discrete system for review (Emergency Generator)

Identify assessable functional subsystems of the Emergency Generator

system

Identify the Potential Failure Modes of each subsystem

Identify the Potential Effects of Failure for each Potential Failure Mode

Assess and rank the severity criteria of each Potential Effect of Failure

Identify the Potential Causes of Failure for each of the Potential Effects
of Failure

Assess and rank the Occurrence and Detectability criteria levels for
each Potential Cause of Failure

Quantify the risk by generating a Risk Priority Number (RPN) for each
Potential Cause of Failure.

Prepare and issue draft report

recommendations for comment.

Issue final report

of

the

study

with

appropriate

The aggregate RPN for each Potential Failure Mode is presented in a graphical
format for review and serves to allow a prioritisation of response to the findings
of the FMEA study.

Ref: S1266 Rev 1

Page 10 of 13

Rig 1 FMEA Studies Emergency Generator

FMEA Methodology

The following tables provide the criteria used to ranking the elements of
Severity, Occurrence and Detectability during the FMEA study:
Severity
1
2

None
Very Slight

3
4

Slight
Minor

Moderate

Moderately High

High

Very High

Extremely High

10

Maximum

No effect on vessel or drilling program

Negligible effect on vessel or drilling program. Client not
affected.
Slight effect on vessel or drilling program.
Minor effect on vessel or drilling program. Client slightly
dissatisfied.
Reduced performance of vessel or drilling equipment. Client
dissatisfied.
Vessel and drilling equipment operable and safe but performance
degraded. Client dissatisfied but no downtime occurred.
Vessel and/or drilling equipment severely affected. Client very
dissatisfied. Downtime is expected.
Vessel and/or drilling equipment inoperable but safe. Client very
dissatisfied and contractor on downtime. Drilling program in
jeopardy.
Vessel and/or drilling equipment failure resulting in hazardous
effects highly probable. Compliance with statutory and/or
industry standard in jeopardy. Contractor on downtime. Drilling
program suspended.
Vessel and/or drilling equipment failure resulting in hazardous
effects is almost certain. Non compliance with statutory and/or
industry standards. Contractor on downtime. Drilling program
suspended.

Occurrence
1
2
3
4
5
6
7
8
9
10

Extremely Unlikely
Remote
Very Low
Low
Moderately Low
Medium
Moderately High
High
Very High
Extremely Likely

Ref: S1266 Rev 1

Failure highly unlikely.

Rare number of failures likely.
Very few failures likely.
Few failures likely.
Occasional failures likely.
Medium number of failures likely.
Moderately high number of failures likely.
High number of failures likely.
Very high number of failures likely.
Failure almost certain.

Page 11 of 13

Rig 1 FMEA Studies Emergency Generator

FMEA Methodology

Detectability during design process

Detection
Almost Certain

Likelihood of DETECTION by Design Control

Design control will detect potential cause/mechanism and
subsequent failure mode
Very high chance the design control will detect potential
cause/mechanism and subsequent failure mode
High chance the design control will detect potential
cause/mechanism and subsequent failure mode
Moderately High chance the design control will detect potential
cause/mechanism and subsequent failure mode
Moderate chance the design control will detect potential
cause/mechanism and subsequent failure mode
Low chance the design control will detect potential
cause/mechanism and subsequent failure mode
Very low chance the design control will detect potential
cause/mechanism and subsequent failure mode
Remote chance the design control will detect potential
cause/mechanism and subsequent failure mode
Very remote chance the design control will detect potential
cause/mechanism and subsequent failure mode
Design control cannot detect potential cause/mechanism and
subsequent failure mode

Very High
High
Moderately High
Moderate
Low
Very Low
Remote
Very Remote
Absolute
Uncertainty

Ranking
1
2
3
4
5
6
7
8
9
10

FMEA Worksheets
Following is an example of a completed worksheet from the FMEA study. The Risk Priority
number is used to prioritise the process of addressing the findings of the FMEA study.
Table 5.2 FMEA Worksheet Example
Potential
Failure Mode
1. Start motor
failure

Potential
Effects of
Failure
1. Generator
does not start
upon receiving
start signal

Severity

Occurrence

Detectability
during
design
process

Risk
Priority
Number

1. Age of motor

2. Ingress of moisture to
motor winding

42

3. Low voltage/high
amperage starts

42

4. Excessive number of
starts (short cycling of
engine)

28

Potential Causes of
Failure

Table 5.3 FMEA Response Criteria Levels

Criteria
Risk Reduction Measures
Required
Risk Reduction Measures
Recommended

Ref: S1266 Rev 1

Ranking

Page 12 of 13

Rig 1 FMEA Studies Emergency Generator

6.

Distribution

DISTRIBUTION

The FMEA study report distribution is as follows:

Copy No.
1
2
3

Owner
Paper
CD
Contractor Library System

Ref: S1266 Rev 1

Page 13 of 13

Rig 1 FMEA Studies Emergency Generator

Attachment 1: FMEA RPN Graph

ATTACHMENT 1

FMEA RISK PRIORITY NUMBER (RPN) GRAPH

Ref: S1266 Rev 1

Rig 1 FMEA Studies Emergency Generator

Attachment 1: FMEA Risk Priority Number (RPN) Graph

FMEA RISK PRIORITY NUMBER (RPN) GRAPH

Ref: S1266 Rev 1

Page 1 of 1

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

ATTACHMENT 2

FMEA Worksheets

Ref: S1266 Rev 1

Rig 1 FMEA Studies Emergency Generator

7.

Attachment 2: FMEA Worksheets

FMEA WORKSHEETS

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode
1. Start motor
failure
(air/electrical)

2. Start power
failure
(battery/air
failure)

Potential Effects of
Failure
1. Generator does not
start upon receiving start
signal

Sev

1. Generator does not

start upon receiving start
signal

2. Battery explosion

3. Fire

Ref: S1266 Rev 1

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Age of motor

2.
Ingress
of
moisture to motor
air/electric

42

3. Low voltage/high
amperage starts

42

4.
Excessive
number of starts
(short cycling of
engine)

28

5.
Incorrect
application of motor

1.
Lack
maintenance
batteries)

56

2. Low air pressure

42

1.
Shorting
terminals

of

2.
Insufficient
insulation

3. Cable damage

Potential Causes of
Failure

of
(dry

16

cell

24

2. Excessive current
delivery

24

1.
Internal
collapse

Recommendations

Sev

Occ

Detectability

RPN

%
Reducti
on

Page 1 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode
3. Terminal
corrosion

4. Solenoid
failure

5. Flywheel burr

6. Automatic
controller failure

Potential Effects of
Failure
1. Generator does not
start upon receiving start
signal

1. Generator does not

start upon receiving start
signal

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Lack of
maintenance

21

2. Poor installation

3. Choice of material

4. Moisture

28

1. Excessive
number of starts
(short cycling of
engine)

14

2. Low voltage/high
amperage starts

14

1. Damage during
commissioning

21

2. Control system
errors causing start
signals while engine
running

42

Potential Causes of
Failure

1. Generator does not

start upon receiving start
signal

2. Emergency generator
downtime

1. Inability to start
due to flywheel
excessively
burred/damaged.

1. Generator does not

start upon receiving start
signal

1. Poor terminal
connections

42

2. Maintenance
personnel not
resetting controller

14

3. Drift of control
parameters

21

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reducti
on

Page 2 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode

7. Manual
override not
deactivated

8. Fuel shut off

closed

9. Fire dampers
closed

10. Fuel
inventory (day

Potential Effects of
Failure

1. Generator does not

start upon receiving start
signal

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

4. Failure of
monitoring circuit

14

1. Maintenance
personnel not
resetting controller

21

2. Wiring errors

14

Potential Causes of
Failure

2. Emergency generator
does not receive start
signal

1. Switch left in
manual position

10

1. Generator does not

start upon receiving start
signal

1. Fuel supply valve

closed causing zero
fuel supply to engine

28

2. Fuel starvation,
requiring re-bleed of
systems and downtime

1. Engine starting
with fuel valve
closed

14

2. Fuel valve not

fully opened

14

1. Fire damper left in

closed position

2. Inadvertent
operation of damper

14

3. Compressed air
system failures

42

1. Emergency generator
overheats

2. Oxygen starvation to
emergency generator

1. Operating
engines whilst fire
dampers closed

12

1. Generator does not

start upon receiving start
signal

1. Stale fuel (non

circulation of fuel
stocks)

21

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reducti
on

Page 3 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode

Potential Effects of
Failure

Sev

tank empty or
contaminated)

11. Battery
charger failure

After Actions Taken

Occ

Detectability
during design
process

RPN

2. Shipyard blasting
grit

49

1. Clogged filters

12

2. Air in system

Potential Causes of
Failure

2. Fuel starvation,
requiring re-bleed of
systems and downtime

3. Premature shutdown

1. Engine runs out of

fuel

12

1. Generator does not

start upon receiving start
signal

1. Main bus failure

(blown fuse)

42

2. Maintenance
check failures

14

3. PM system does
not cover monitoring
of charging amps

1. Extended non
charging periods

24

2. Excessive
number of starts
(short cycling of
engine)

12

3. Faulty battery

4. Poor battery
maintenance

72

1. Poor quality
battery

2. Flat batteries

3. Reduced battery life

Ref: S1266 Rev 1

Sev

Occ

Detectability

RPN

%
Reducti
on

2. Periodic maintenance of
the main, auxiliary and
emergency switchboards.

21

50.00

3. Include periodic
maintenance of
emergency starting
batteries in planned
maintenance program.

48

33.33

Recommendations

Page 4 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode

Potential Effects of
Failure

4. Reduced cranking
amp availability

12. Alarm
malfunction

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

2. Poor battery
maintenance

36

3. Excessive
number of starts
(short cycling of
engine)

4. Insufficient design
charging current

1. Poor quality
battery

2. Poor battery
maintenance

18

3. Excessive
number of starts
(short cycling of
engine)

4. Insufficient design
charging current

Potential Causes of
Failure

1. Generator does not

start upon receiving start
signal

1. Alarm state
inhibits start signal

2. Alarm flooding

1. Poor design of
alarm systems

3. False alarms

1. Poor maintenance

2. Low quality alarm

systems

3. Inadequate alarm
check procedures

1. False alarm

4. Premature shutdown

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reducti
on

Page 5 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 1. Starting
Potential Failure
Mode

Potential Effects of
Failure
5. Failure to shutdown

Sev

Potential Causes of
Failure
1. Failure to
recognize alarm
state

After Actions Taken

Occ

Detectability
during design
process

RPN

Recommendations

Sev

Occ

Detectability

RPN

%
Reducti
on

System: 1. Emergency Generator

Subsystem: 2. Fuel Systems
Potential Failure
Mode

Potential Effects of
Failure

1. Hose/fuel line
failure

1. Fuel leak/spill environmental release

2. Fire

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Leaking
connection

20

2. Fractured pipe

1. Contact with
exhaust - leak

14

2. Fuel leak
contacting turbo
charger

14

Potential Causes of
Failure

3. Premature shutdown

1. Fuel starvation

84

2. Fuel filter
blockage

1. Premature shutdown

1. Fuel starvation

84

3. Fuel quality

1. Covered under
starting system

4. Fuel inventory
inadequate

1. Covered under
starting system

5. Fuel pump
failure

1. Generator does not

start

1. Mechanical
breakdown

14

2. Poor maintenance

28

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 6 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 2. Fuel Systems
Potential Failure
Mode

Potential Effects of
Failure

2. Premature shutdown

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

3. Inadequate
design

1. Fuel starvation

28

Occ

Detectability
during design
process

RPN

1. Sabotage

32

2. Unprotected
Estop buttons

16

Potential Causes of
Failure

Recommendations

Sev

Occ

Detectability

%
Reductio
n

RPN

System: 1. Emergency Generator

Subsystem: 3. Emergency Stop (Estop)
Potential Failure
Mode
1. Inadvertent
operation

2. Failure To
Operate

Potential Effects of
Failure

Sev

Potential Causes of
Failure

After Actions Taken

1. Unwarranted
emergency stop

2. Degradation
engine/electrical system

1. Short cycling
(loading and
unloading of system)

3. Loss of emergency
power systems

1. Emergency
generator shutdown

54

1. Damage to generator
electrical systems

1. Incorrect voltage

12

2. Loss of control

3. Overload

12

4. Poor maintenance

1. Incorrect voltage

2. Overload

3. Asynchronous
operation

2. Damage to bus
electrical systems

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 7 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 3. Emergency Stop (Estop)
Potential Failure
Mode

Potential Effects of
Failure
3. Damage to motor

3. Incorrect
operation

1. Estop fails to trip

circuit breaker

2. Estop fails to trip air

intake

3. Estop fails to initiate

Estop alarm

Ref: S1266 Rev 1

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Overspeed

2. Overload

1. Circuit breaker
failure

24

2. Poor design of
Estop system

24

1. Poor design of
Estop system

12

2. Mechanical failure
of air intake

1. Poor design of
Estop system

18

2. Poor maintenance

18

Potential Causes of
Failure

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 8 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 4. Fire damper
Potential Failure
Mode
1. Failure to
close on signal

2. Failure to
reset (open)

3. Failure to seal
upon closure

Potential Effects of
Failure
1. Non extinguishing of
fire

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

Recommendations

1. Debris jammed in
louvre

343

2. Seizure due to
lack of maintenance

21

3. Poor design of fire

damper control

4. Loss of air system

42

Potential Causes of
Failure

2. Escalation of fire

1. Non exclusion of
air

42

1. Inability to operate
emergency generator

1. Poor design of fire

damper control

2. Lack of
maintenance

14

3. Lack of
awareness of
procedure

175

4. Loss of air system

42

1. Debris jammed in
louvre

343

1. Non extinguishing of
fire

Ref: S1266 Rev 1

Sev

Occ

Detectability

RPN

%
Reductio
n

1. Adopt planned
maintenance routine
to periodically check
louvres are clean of
debris.

63

81.63

4. Ensure that
regular emergency
exercises are held
and crew are made
aware of the
emergency
generator room fire
damper system
limitations.

63

64.00

1. Adopt planned
maintenance routine
to periodically clean
and check louvres
clean of debris

63

81.63

Page 9 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 4. Fire damper
Potential Failure
Mode

4. Inadvertent
operation

Potential Effects of
Failure

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

2. Lack of
maintenance

14

3. Poor design of
damper

Potential Causes of
Failure

2. Escalation of fire

1. Non exclusion of
air

42

1. Unplanned shutdown
of generator

1. Loss of
Emergency Power

98

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 10 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 5. Synchronization / Control
Potential Failure
Mode

Potential Effects of
Failure

Sev

1. Fails to
synchronize to
main bus (if
applicable)

1. Inability to return to
main power without
power interruption

2. Fails to reach
synchronize
speed

1. Inability to
synchronize to main bus

2. Voltage/frequency
dependant loads
receiving incorrect
power supply (EG AC
motors)

3. Generator
attempts
asynchronous
closure

1. Circuit breaker
damage

2. Explosion/fire

Ref: S1266 Rev 1

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Design of control
system

2. Control system
component failure

16

1. Design of control
system

2. Control system
component failure

20

3. Problems with
main bus (e.g. main
bus voltage
incompatible)

80

1. Generator
damage

36

2. Fuel system
impairment

24

3. Control system
component failure

24

4. Fire damper
malfunction

54

1. Control system
component failure

28

2. Personnel
attempting manual
closure of circuit
breaker

147

1. Circuit breaker
recoil on attempted
closure to main bus

14

Potential Causes of
Failure

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 11 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 5. Synchronization / Control
Potential Failure
Mode

Potential Effects of
Failure
3. Blackout

4. Generator damage

4. Unstable
voltage/frequenc
y

Sev

After Actions Taken

Occ

Detectability
during design
process

RPN

1. Main bus
protection operates
in reaction to
attempted
emergency
generator circuit
breaker closure

40

2. Emergency
generator protection
operates

40

1. Inadequate
protective systems

2. Extreme overload

35

Potential Causes of
Failure

5. Unplanned shutdown

1. Generator
protective devices
operate

32

6. Loss of emergency
power systems

1. Emergency
generator shutdown

20

1. Voltage/frequency
dependent loads
receiving incorrect
power supply (EG AC
motors)

1. Generator
damage

18

2. Fuel system
impairment

24

3. Control system
component failure

24

2. Inability to
synchronize to main bus

1. Inappropriate
voltage/frequency
parameters

3. Generator damage

1. Inadequate
protective systems

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 12 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 2: FMEA Worksheets

System: 1. Emergency Generator

Subsystem: 5. Synchronization / Control
Potential Failure
Mode

Potential Effects of
Failure

Sev

Potential Causes of
Failure

After Actions Taken

Occ

Detectability
during design
process

RPN

4. Unplanned shutdown

1. Emergency
generator protection
operates

48

5. Loss of emergency
power systems

1. Emergency
generator shutdown

20

Ref: S1266 Rev 1

Recommendations

Sev

Occ

Detectability

RPN

%
Reductio
n

Page 13 of 14

Rig 1 FMEA Studies Emergency Generator

Attachment 3: Photographs

ATTACHMENT 3

Photographs

Ref: S1266 Rev 1

Page 1 of 1

Rig 1 FMEA Studies Emergency Generator

8.

Attachment 3: Photographs

PHOTOGRAPHS

Emergency Generator - Air start system

Emergency Generator / Switchboard

Ref: S1266 Rev 1

Page 1 of 3

Rig 1 FMEA Studies Emergency Generator

Attachment 3: Photographs

Emergency Generator Fuel / Lube system

Emergency Generator Fuel / Lube system

Ref: S1266 Rev 1
Page 2 of 3

Rig 1 FMEA Studies Emergency Generator

Attachment 3: Photographs

Emergency Generator Alarms / Protection

Emergency Generator Starting Batteries

Ref: S1266 Rev 1
Page 3 of 3