Using FMEA to Manage Risk Under ISO 14001

ISO 14001:2015 deliberately expands the mandates for risk management by replacing the previous Preventive Action requirement with the wider “risk-based thinking” (RBT). This larger focus on risk anticipation, identification, mitigation and recurrence prevention is a foundational change in the ISO 14001 Environmental Management System: Addressing risks as a need for the entire system to work properly. To accomplish this, most organizations will need specific risk examination processes. While not new, because of its past performance and wide applicability, FMEA is starting to fulfill a greater role based on this expanded application of RBT within the ISO management standard world.

Jump to Section:

What is FMEA?

FMEA stands for Failure Mode Engineering Analysis. FMEA is a type of risk assessment that uses a step-by-step approach to identify potential failures in a design, process or a product or service. This identification allows for analysis to prevent or reduce future failures. “Failure modes” refers to the ways in which something can fail. “Effects analysis” refers to the scrutinizing of the consequences of each of those failures. FMEA is a preventative action, meant to be implemented before a process or product is designed, modified or applied in a new way. It’s also wise to use FMEA periodically throughout the life of a product, process or service.

What Does FMEA Accomplish?

FMEA helps companies identify and prioritize failures according to how serious their consequences are, their frequency, and the ease with which they can be detected. The purpose of conducting an FMEA is to take action to reduce or eliminate each potential failure. FMEA documents existing knowledge and actions companies are already using in their continuous improvement process and can be used to prevent potential failures with future processes and products. The results of a risk analysis are documented in an FMEA worksheet where they are used to help plan preventative measures, resulting in the production of more effective environmental management systems.

Resources for interpreting and documenting risks:

The implementation of FMEA could have a dramatic impact on the aerospace and defense industries with the prevention of environmental impacts by an organization, and more efficient continuous improvement environmental practices during the delivery of products and processes.

Where FMEA Can be Applied…

FMEA can be applied to other specific areas such as testing/evaluating concepts, improving in-field reliability, software functioning and security, hazard analysis, human factors and service-based analysis, business processes and more.

(See FMEA courses available for only $69 for full 8-hour course)


There are three major types of FMEAs:

System FMEAs look at the more expansive processes and sub-processes that make up any system and their interactions. These can include interactions as well as specific areas and instances of failures. For example, a system FMEA might examine the entire procurement process including those items which are custom vs. generic, how they are specified, how sources are collected and evaluated, how compliance to specifications are ensured and so forth.

Design FMEAs focus on functioning of specific products, with the goal of improvement of the finished good in terms of reliability, safety, functioning, user interface, etc.

Process FMEAs are focused on the creation or assembly actions in producing a good or service with the goal of wringing out more efficiency in the process (i.e. lowering the cost and increasing the level of quality), and often making the process easier to support and proliferate within the organization.

FMEA Examples

As denoted in the name, failure modes and effects are the outputs of this type of analysis. The following chart lists some examples of failure modes using a bicycle as the “system” being analyzed.

Source: Effective FMEAs by Carl Carlson, John Wiley and Sons, publisher.

Similarly, the effects of this type of analysis is used to anticipate the effect of a given failure. Here’s an example using a component of a construction tool, in this case A pile driver which a typically large scale-device used to force support shafts/girders/poles into the ground, often as a foundational support for buildings, highways, bridges or similar structures.


Safe workplace solvent transfer


Provide incident-free storage, transport and application of chemical solvent between locations within a multi-site manufacturing complex

Failure Mode:

Unintended exposure of solvent to workers, plant equipment, buildings, atmosphere, soils and ground and surface water sources

Effect 1

Worker health and safety compromise

Effect 2

Local and area environmental short -term and long – term  impact

Effect 3

Increase operational costs from remediation, EPA/OHSA enforcement, civil/criminal lawsuits

Effect 4

Market share loss from negative public perception of product or process safety and operational responsibility

Typical FMEA Steps

FMEA is a living document that can be constructed, adapted and modified in a variety of different ways. Below is a summary of the steps included in an FMEA analysis:

  1. Select a process to analyze.
  2. Identify individuals from all departments with specific knowledge of processes, products and client needs to brainstorm potential failure modes.
  3. Describe the process and/or product in detail.
  4. Identify all potential failures. This includes all of the components, systems, processes and functions that could potentially fail to meet the quality or reliability standard and the potential causes.
  5. Identify all the potential consequences of each failure.
  6. Assign a severity rating (S) to each failure according to the significance of the impact it has. Severity is often ranked on a scale from 1 to 10, one being insignificant and 10 being catastrophic.
  7. Identify all possible root causes of each failure. Some companies use cause analysis tools in addition to the knowledge and experience of their staff.
  8. Assign each cause an occurrence rating (O). This is often rated on a scale of 1 to 10, with 1 being rare and 10 being inevitable.
  9. For each cause, identify current process controls that are in place to prevent these failures from impacting customers.
  10. For each control, assign a detection rating (D) to determine how well the controls are able to detect the cause or failure mode once they have occurred, but before a customer is affected. This is typically rated on a scale of 1 to 10, with 1 meaning the problem will be detected with absolute certainty and 10 meaning the control will most likely never detect the problem.
  11. Determine a risk priority number (RPN) based on the rankings (SxOxD) for each potential failure and rank them.
  12. Plan and implement changes to address the failures based on the RPN identifications.
  13. Measure and document the success of each process change.

Continuous improvement is a key element of the FMEA process in recording observed data and results regarding the potential for, and actual, failures. This process can be used as an input for the continuous improvement mandated by ISO 14001.

FMEA Resources

FMEA SBS Software

FMEA database software can help companies easily manage the FMEA process. Sunday Business Systems’ FMEA software makes it easy to develop an efficient Quality Management System (QMS) and implement risk-based thinking required by ISO 14001. This collaborative, intuitive program helps companies identify and address failure modes and visualize data from each FMEA analysis.

ISO 9001 All in One Package