Page |1

Fault Tracing
The fault Tracing helps to build up a concrete understanding of the cause-
and-effect relationship for failure. This helps to train the people and equipment
with the dos and don'ts. This helps to bring sustainability to the working
structure and knowledge skillset. The fault Tracing concept helps to reduce
the risk of the damage and is happening. It gives the skillset to cope with the
situation of breakdown.

Decision Tree / Fault Tree Concept

From management point of view-A decision tree is a decision support tool
used to rank a set of predefined decision options and choose one which is
most likely to achieve a goal. It uses a graph to represent possible decision
options and the possible outcomes of each option. The probability,
consequences, resource costs, and utility of each outcome are also described
in the tree.

From fault tracing point of view- A decision / fault tree is a method of

graphically analysing the origins of faults in a system. The fault tree analysis
(FTA) is a systematic approach of identifying the main cause of an event, with
the use of a fault tree diagram. It can also be viewed as a framework that
guides us to a systematic transformation of available information into a
concrete plan of action. This process provides the analyser with a logical
sequence that helps to discover the exact root causes of the event in question.
 Page |2

Various situations in which FTA is used include to:

• Test reliability of a system

• Identify weakest components/functions/phases
• Identify the strengths of a system
• Root cause analysis
• Add redundancies and spare management systems
• Run risk analysis of complex systems
• Measure effect of design changes
• Determine Common Mode failures

By studying, inspecting, and brainstorming the graphical models, one can

identify how faults propagate through the system. This could serve as a litmus
test for the robustness of any system. It also identifies the weakest
components or structures in the system. They can be strengthened to increase
reliability.

Example FT Applications
• Evaluate inadvertent arming and release of a weapon
• Calculate the probability of a nuclear power plant accident
• Evaluate an industrial robot going astray
• Calculate the probability of a nuclear power plant safety device being
unavailable when needed
• Evaluate inadvertent deployment of jet engine thrust reverser
• Evaluate the accidental operation and crash of a railroad car
• Evaluate spacecraft failure
• Evaluate a chemical process and determine where to monitor the
process and establish safety controls

Fault Tree Benefits

It accounts for human error: Many people focus on the faults of the tools,
the system, or other issues that do not involve people. A fault tree analysis
takes into account the people that work the system and the various
bottlenecks that they can create.

It focuses on one fault at a time: When we use a fault tree, we break down
a web of failure into a series of issues that can be solved in a much more
organized way.

It highlights important system elements that are contributing to the

failure(s) in question: When something breaks, people want to know what it
is. Fault trees can get us that information, unlike other reactive methods.

Fault Tree History

 Page |3

Methods to perform risk and reliability assessment in the early 1960s

originated in US aerospace and missile programs. Early in the Apollo project
the question was asked about the probability of successfully sending
astronauts to the moon and returning them safely to Earth. A risk, or
reliability, calculation of some sort was performed.

H. Watson of Bell Labs, along with A. Mearns, developed the technique for the
US Air Force for evaluation of the Minuteman Launch Control System, circa
1961. Recognized by Dave Haasl of Boeing as a significant system safety
analysis tool (1963). The first technical papers on FTA were presented at the
first System Safety Conference, held in Seattle, June 1965. Boeing began
using FTA on the design and evaluation of commercial aircraft, circa 1966.
Boeing developed a 12-phase fault tree simulation program. Adopted by the
Aerospace industry and Nuclear Power Industry.

How to Create a Fault Tree Diagram

Boolean logic is applied on a directed acyclic graph to arrive at the Fault Tree
of the system. The tree is built using event nodes and gates. The first piece of
a fault tree analysis is the diagram of events. This framework is basically a
flowchart. The actual analysis is performed by drawing a series of logical
deductions that start with the failure event and trace back to the root cause
throughout the diagram.

Fault Tree Events

Events are everything that has happened and/or what could have happened.
An event is a cause, or a partial contributor, of the situation at hand. Events
are anything that occurs in the system that is being mapped as a fault tree.
There are six different types of events.

Figure 4.1 A table showing FT event symbols.

Top event (TE): The complete system failure whose root cause is reverse
engineered with fault tree is the TE. The purpose of a fault tree is to analyse
the potential causes for this top event. The symbol used is a rectangle without
any output leads.
 Page |4

Intermediate event (IE): IEs are represented with rectangles with input and
output leads. All events between basic events and the TE are intermediate
ones. They are caused by a combination of one or more basic events and can
eventually lead to the TE.

Basic event (BE): Circles are used as symbols for BEs. These are the events
that do not have any other dependencies and occur on their own without
instigation. BEs are the root causes that lead to any other failure in the
system.

Transfer event: Triangles are used to represent transfer events. When FTA
used to be done on paper, these symbols signified continuation in different
sheets. It helps to partition trees when they become large and unwieldy.

Figure 4.2 Transfer event symbols

Underdeveloped event: Diamonds or rhombuses represent such events.

These are events that do not have sufficient information, but they are not a
BE. Such events are called underdeveloped events.

Condition Events (CEs): A condition event is attached to a gate event. It

establishes a condition that is required to be satisfies in order for the gate
event to occur.

Figure 4.3 Condition event symbol

Fault Tree Gates

 Page |5

The different events are connected with other events and components through
gates. They are the same as the gates used in any other Boolean logic
operations. The most commonly used gates are described below.

Figure 4.4 FT gate symbols

OR Gate: Either A or B is necessary and sufficient to cause C. Both A and B

can occur together to cause C. Example: Light is off because light bulb fails
OR power fails.

Figure 4.5 OR Gate example

AND Gate: Both A and B are necessary to cause C. A and B must occur
simultaneously. The input faults collectively represent the cause of the output
fault.
 Page |6

Figure 4.6 AND Gate example

Exclusive OR Gate (XOR): Either A or B is necessary and sufficient to cause

C. But both A and B cannot occur together (at same time). Example: Relay is
energized OR Relay is de-energized, but not both.

Figure 4.7 Exclusive OR Gate (XOR) Gate example

Priority AND Gate: Both A and B are necessary to cause C. But A must occur
before B. Example: Fault is not detected because Monitor fails before
Computer fails.

Figure 4.8 Priority AND Gate example

Inhibit Gate: Both C and Y1 are necessary to cause D. Y1 is a condition or a

probability. Pass through if condition is satisfied. Example: Ignition
temperature is present, given faults cause over temperature AND probability
that 700 degrees is reached. It is effectively an AND gate.
 Page |7

Figure 4.9 Inhibit Gate example

Sample Fault Trees with Transfer Events

1. No internal transfer with Multiple Occurring Branches (MOBs) on the same
page.

2. Internal transfer with MOB on the same page

 Page |8

3. Internal transfer with MOB on different page

4. External transfer

Analysis Methods of Fault Trees

The analysis methods of the fault trees can be broadly classified into two
categories: qualitative fault tree analysis and quantitative fault tree analysis.
They can be further divided into subcategories according to the purpose for
conducting FTA and the methods involved.

1. Qualitative Fault Tree Analysis

The main focus of qualitative FTA is not to develop a mathematical model of a
system. Qualitative FTA is done to understand the structure and behaviour of
an engineered system. Depending on the reason for conducting qualitative
FTA, it can be subdivided as;
 Page |9

1.1 Cut Set (CS): A cut set in a fault tree is a set of basic events whose
(simultaneous) occurrence ensures that the top event occurs. It is a unique
root cause of the top event. A CS can consist of one event or multiple
simultaneous events or elements. Cut sets provide the mechanism for
probability calculations of failures and reveal the critical / weak links in a
system design.

• Minimal cut set (MCS): A set of events that contain the minimum number
of necessary events to cause the top event or the minimum number of
component failures that result in system failure is MCS. It cannot be
further reduced. If a system failure occurs with the failure of a very small
number of components, it is not a robust system. Additional redundancies
have to be in place to make it more reliable.
• Super cut set (SCS): A set of events that contain a number of events
sufficient to cause the top event (i.e., more than necessary as a minimum).
• Duplicate Cut Sets (DupCS): These are results of multiple occurring
events (MOE) or AND/OR combinations.
 P a g e | 10

1.2 Common cause failure (CCF): If a single component or a subsystem can

be the root cause for different cut sets, it poses a vulnerability. CCF techniques
identify such components to replace them or provide redundancies in the
event of failure.

Typical CCF sources

• Common weakness in design redundancy

Example – close proximity of hydraulic lines
• The use of identical components in multiple subsystems
• Common software design
• Common manufacturing errors
• Common requirements errors
• Common production process errors
• Common maintenance errors
• Common installation errors
• Common environmental factor vulnerabilities
2. Quantitative Fault Tree Analysis
Qualitative FTA is done to obtain stochastic measures for the system. The
result of such an analysis is the overall probability of system failure with the
existing structure and components.

Based on these calculations, ranked significance can be given to different cut

sets and paths. Since fault trees are created using Boolean logic, it is possible
to calculate the probability of a system when the probability of failure for each
component is known.

Fault tree analysis is conducted to test the reliability of a system during the
design phase. This helps to patch any vulnerabilities of the design. The
probability of failure for the system and subsystems can also be calculated
with quantitative FTA techniques.

Basic Reliability Equations;

(a) R = e-λT
(b) R + Q = 1
(c) Q = 1 – R = 1 - e-λT
(d) Q ≈ λT when λT < 0.001 (approximation)

where,

• R = Reliability or Probability of Success

• Q = Unreliability or Probability of Failure
• λ= component failure rate = 1 / MTBF (mean time between failure)
• T = time interval (mission time or exposure time)
 P a g e | 11

Example:

Fault Tree for Problem in Machine Tool (Lathe)

A. O. Oriola et al. (2015) consulted and reviewed series of safety reports
associated to lathe operations of various workshops and found out that the
most probable accident in lathe machining is fly-outs. These fly-outs envisage
the possibility of tool fly out during a machining process, work piece fly-out
as well as the effect of discontinuous chips removal during operations.

Lathe Hazard Identification and Consequences Analysis

Safety concerns on lathe operations have been considered under various
headings of major lathe hazards and the commonest causes of death and
injury from metal include:

• Entanglement of clothing in moving parts such as drive gears, chucks,

lead and feed screws, and the work piece;
• Being hit by loose objects on the lathe such as chuck keys, tools or
swarf;
• Entanglement from inappropriate tooling and polishing techniques;
 P a g e | 12

• Being struck by a workpiece that has not been adequately secured in

the lathe or is oversized.
Figure 4.10 shows the zones of metal turning lathe hazards. Six hazard zones
have been identified. Each zone has been analysed to include the possible
consequence (e.g. entanglement) of the hazard and their recommended
controls. Table 4.1 contains a comprehensive hazard identification and
consequences analysis of identifiable hazards during lathe operations.

Figure 4.10 Hazard Zones of Metal Turning Lathe Machine

Table 4.1 Lathe Operations Hazards and Consequences
Hazards Possible consequence
Zone 1
Workpiece beyond the During spindle rotation, bar can bend and strike
headstock. machinists nearby.
Zone 2
Exposed drive mechanisms Machinists can become entangled in pulleys, belts
(pulley, belts, gears). or gears when lathe is in operation.
Lathe controls can only be Machinists can become entangled in unguarded
reached by passing hand drive mechanisms, chuck, chuck assembly or
through working zone. workpiece when the lathe is in operation.
Lack of function markings on Machinists can activate incorrect controls resulting
controls. in an unplanned function.
Placements of controls do not Machinists can activate incorrect control resulting
follow the machining process. in an unplanned function.
Unsecured tools and objects Stored objects can fall onto the spinning chuck and
stored or placed on the be propelled at the operator or nearby machinists.
headstock.
Zone 3
 P a g e | 13

Exposed chuck. Machinists can become entangled on uneven

surface of chuck or workpiece when spinning.
Chuck key left in chuck. Machinists near lathe can be struck by key when
projected from the lathe.
Jaws of chuck unable to Machinists can be struck by workpiece not
clamp workpiece securely. securely held in the chuck.
Chuck has not been Machinists can be struck by chuck not securely
adequately secured to the held in the spindle.
spindle.
Mounting and removing Machinists can sustain musculoskeletal or
heavy chucks and face plates. crushing injuries when changing heavy chucks
and faceplates.
Use of a chuck that is not Use of incorrect chucks can result in the chuck or
compatible with lathe and/or workpiece becoming loose and striking machinists
task specifications.
Chucks and face plates used Machinists can become caught on chucks and
on the lathe are damaged or faceplates that are poorly maintained or have
have catch points. protrusions.
Oversized workpiece in self- Chuck jaws in full extension to allow for oversized
centring chuck (three-jaw workpieces can be propelled from the lathe when
chuck) operated.
Zone 4
Objects (e.g. cutting tools) Unsecured objects can become projectiles when the
unsecured on carriage lathe is started, possibly striking
(including tool post) or swarf machinists.
Worn or damaged tools being Use of worn or damaged tools can result in tool
used on the lathe. failure and can become projectiles or create
irregular or long cuttings that can lead to
lacerations.
Zone 5
Exposed lead and feed screws Machinists can become entangled in exposed lead
(assessment of risk will need and feed screws when the lathe is in operation,
to include the speed at which particularly if the lathe is being used by a number
the lead and feed screws of users with various levels of experience.
travel).
Zone 6
Unguarded protrusions Machinists can become entangled on protrusions
on the workpiece being turned.
Coupling and clamps used on Machinists can become caught on coupling and
the lathe are damaged or have clamps that are poorly maintained or have
catch points. protrusions.
Unsupported workpieces. Unsupported workpieces can become loose,
striking machinists.
Machining process produces Machinists can become entangled in turning
continuous or unravelled cuttings.
cuttings.
 P a g e | 14

Removing metal shavings, Unprotected handling of shavings, cutting and

cuttings and swarf from swarf can result in lacerations.
machining area with hands.
Neighbouring workspaces are Swarf, cuttings or workpieces can become
exposed to swarf, cuttings or projectiles and strike nearby machinists, causing
workpieces during the injuries such as lacerations and
machining process. fractures.
Frequent traffic (human and While operating the lathe, the operator can be
machinery) passing through bumped or startled by passing traffic, causing
the work area near the the operator to come into contact with the lathe.
operator.
Incorrect methods used Machinist can become entangled in the lathe.
for polishing workpieces
with emery cloth.
Others
Lack of or poorly placed Operator is unable to stop the lathe in case of an
emergency stop button/pedal emergency.
that results in immediate
standstill of lathe operation.
Loose clothing, cuffed or Loose clothing, accessories and hair can become
rolled back sleeves, neckties, entangled in moving parts of the lathe, chuck
jewellery (including watches) assembly or workpiece.
and long hair.
Inappropriate type and The flashing effect of fluorescent light can make a
position of lighting. spinning lathe appear to have stopped. This can
lead to machinists’ entanglement. Lighting placed
over the lathe can be struck by projectiles from the
machining process. Machinists nearby can be
injured by the light shattering.
Untidy and unorganized Machinists can slip or trip on cutting oils, swarf or
working environment. cuttings that are not cleaned from the floor.
Machinists can also trip over lathe parts or
workpieces that are not returned to storage areas.
 P a g e | 15

Figure 4.11
 P a g e | 16

Fault Tree for Single Cylinder Diesel Engine Breakdown

Technical Causes:

• Fuel filter was damaged

• Air cleaner is absent
• Originally it was a diesel engine but was running in petrol in past.
• Change in Compression ratio
• No Cooling arrangement
• Cylinder Head partially damaged
• Valves are not in proper position
• Spark Plug used in place of fuel injector
• Carburettor used in place of fuel pump

Human factors:

• Diesel Engine modified to run with Petrol

• Some additional holes were made
• Some holes which were necessary for cooling were made closed
• No Cleaning and Servicing done for long time
 P a g e | 17

OR
R

Figure 4.12 Fault tree of single cylinder vertical diesel engine

 P a g e | 18

Fault Tree for Boiler Damage

Boiler Damage

Insufficient Insufficient Insufficient Insufficient Insufficient Human

Combustion Water Level Water circulation Feed pressure Maintenance Error

A B C D E F
P a g e | 19
P a g e | 20
 P a g e | 21

Symbol Meaning Symbol Meaning

FP1 Incorrect manual valve setting. LW1 Feed water source improper
supply water
FP2 Fuel Supply line valves not LW2 Loose control
fully open or inoperative
SP1 Supply line valves not fully open LW3 Error reading in gauge glass
or inoperative
SP2 Improper manual control valve LW4 Improper blow down
setting.
SP3 Low supply pressure. LW5 Tube leakage
FT1 Faulty and/or fouled heater LW6 Incorrect level control
element
FT2 Oil temperature control setting HW1 Loose control
too low.
FT3 Heater electric power off. HW2 Error reading in gauge glass
ST1 Steam wet from source. HW3 Electrical power failure
ST2 Steam line not insulated. NW1 Feed water source fails to supply
water.
ST3 Steam traps not working. NW2 Breakdown of feed water line.
NS1 Supply line valves fails to open HFS1 Stack damper fails to open.
NS2 Supply pipe lines break down. HFS2 Blockage of bank tube passes
LA1 Insufficient boiler room air HFS3 High speed of forced draft fan
openings. (FDF).
LA2 Dirty combustion air blower LFS1 Improper position of stack
damper.
LA3 Combustion air blower running LFS2 Low speed of FDF.
slow/ slipping.
LA4 Incorrect fuel/air ratios LFS3 Escaping flue gases due to
adjustment. destroyed insulation / case.
LA5 Blower inlet partial blockage. LWC1 Tube leak
LA6 Outlet damper blockage. LWC2 Improper blow down
HA1 Insufficient burner air damper LWC3 Riser or down comer tube are
opening partially blockage due to
improper turbining
HA2 Combustion air blower running INSP Improper hammer test.
too fast
HA3 Insufficient Outlet damper M1 Improper turbining
opening.
HA4 Incorrect fuel/air ratios setting. M2 Bad joint welding
NA1 Burner air damper blockage. M3 Improper fabrication of joint
NA2 Fails of blower turbine M4 Improper cleaning of tubes.
NA3 Fails of blower. M5 Improper maintaining of all
external valves and gaskets.
NA4 Steam valve of blower turbine M6 Improper replacement of
fails to open. refractory.
HF FDF operator fails to recover. I1 Improper checking of turbining
HF1 FDF operator fails to detect. I2 Improper checking of welding of
joint
HB Firing system operator fails to I3 Improper checking of fabrication
detect of joint.
HB1 Firing system operator fails to I4 Improper checking of cleaning of
recover. outside tubes
I5 Improper checking of improper
maintaining and
replacement of all external valves
and gaskets.
 P a g e | 22

Fault Tree for Centrifugal Air Compressor Trip

Symbol Meaning
PI1 Cable not installed
PI2 Over current
PI3 Nut is loose
PI4 Nut is unsuitable
TI5 Nut is loose
TI6 Unsuitable design
AF1 Poor air quality
AF2 Many airborne particles from
the inlet
OF1 Leakage
OF2 Over heating
 P a g e | 23

Fault Tree for Electric motor

Fault Tree for Pump