Many people use the Risk Priority Number (RPN) to evaluate their product and process risk. However, not everyone understands the limitations of the RPN and use it correctly. This guide describes the boundaries of the RPN and the way to use it effectively.
1. What is the Risk Priority Number?
The Risk Priority Number is a numerical assessment of the risk level of the potential failure mode in Failure Mode and Effect Analysis.
2. Why RPN?
After analyzing failures in an FMEA project, the FMEA team often faces numerous potential failure modes (risks). Because the team cannot afford to eliminate all the risks, they must decide the risks to provide more attention.
The Risk Priority Number can help the team in making this decision. Depending on the RPN, the FMEA team envisions the risks in the process and determines which failure mode requires corrective action.
Easy to edit FMEA right inside Excel
3. How is the Risk Priority Number calculated?
3.1 Risk Priority Number
The Risk Priority Number is calculated by multiplying Severity (S), Occurrence (O), and Detection (D).
• Severity (S): The severity of the failure mode is ranked on a scale from 1 to 10. A high severity ranking indicates severe risk.
• Occurrence (O): The potential of failure occurrence is rated on a scale from 1 to 10. A high occurrence rank reflects high failure occurrence potential.
• Detection (D): The capability of failure detection is ranked on a scale from 1 to 10. A high detection rank reflects low detection capability.
Therefore, the formula for RPN is as follows:
Risk Priority Number (RPN) = Severity (S) x Occurrence (O) x Detection (D)
In the following example, the RPN is a multiple of E7 (Severity), I7 (Occurrence) and K7(Detection)
#1 FMEA Creator for Excel
RPN is not the only risk assesment number used with FMEA. Some companies use other indexes to assess risks, such as the Critical Number (CN) or Severity-Occurrence-Detection (SOD). However, they are rarely used.
3.2 Critical Number (CN)
Some companies find it difficult to decide on a detection ranking. Therefore, they do not use detection (D) in their calculation of the RPN to avoid arguments regarding the detection ranking.
Critical Number (CN) = Severity (S) x Occurrence (O)
|Failure Mode 1||6||5||5||30|
|Failure Mode 2||5||7||6||35|
The RPN does not cover all the numbers in the range from 1 to 1000. Therefore, some companies use the numerical value of SOD. In this case, the values of S, O, and D range from 0 to 9 (not from 1 to 10).
SOD = 100 x S + 10 x O + D
Consider the following example.
|Failure Mode 1||8||1||1||811|
|Failure Mode 2||7||9||9||799|
Although Failure Mode 1 has a higher SOD than Failure Mode 2, it has lower risk because its potential for occurrence is small and the possibility of detection is high (if it happens). Thus, the disadvantage of SOD is that severity has a more critical role than Occurrence and Detection in the SOD equation.
4. How to use RPN?
The RPN can be used to prioritize high-risk issues and determine the requirement for corrective action. After calculation, most companies prioritize risks from the highest to the lowest RPN. The team can use the Risk Priority Number to prioritize and reduce risks in two following methods:
4.1 Risk Priority Number Threshold
Many organizations use an RPN threshold to determine which failure mode requires corrective action and which risks are acceptable. The RPN threshold is easy to use. However, using an RPN threshold may cause team members to spend excessive time trying to reduce the Detection, Occurrence, and Severity rankings for lowering the RPN. This situation sometimes places the organization and its customers in danger.
4.2 Top Risks
The other organizations may address the corrective action for the top RPNs. After that, the team reset and find another top RPNs for the next improvement process. This method promotes continuous improvement.
5. Risk Priority Number’s disadvantage
The two ways above are based only on the comparison between the RPN of failure modes. The comparison based on the RPN may not reflect the actual risk. A high RPN failure does not necessarily indicate a high risk for the process or product. Moreover, two failure modes with the same RPN value may not have the same risk level.
In the following example from the automotive industry, Failure Mode 1 should be provided a higher priority than Failure Mode 2 although they have the same RPN value because it has higher Severity value.
|Failure Mode 1||7||4||4||112|
|Failure Mode 2||4||4||7||112|
However, because they have the same RPN value, an inappropriate action plan for critical failure may be selected. For this reason, the RPN should not be the only index used to evaluate the risk of each failure mode. The team should also use Severity, Occurrence, and Detection for prioritizing risks.
6. How to use RPN in the right way?
6.1 Risk evaluation using the RPN with the consideration of the S, O, and D rankings
Along with RPN, the team should consider the S, O, and D rankings for prioritizing risks one by one through team discussion. However, the team will be overloaded if there are too many failure modes in the FMEA. Moreover, teams can go through unending arguments to determine which failure requires corrective action.
6.2 Risk Matrix
The team can combine the criteria for the RPN and Severity, Occurrence, and Detection rankings by using a matrix. The following is an example of a risk matrix for the RPN and Severity ranking.
The following example of a risk matrix includes a combination of severity and occurrence.
• Red: The team must eliminate the risk or reduce its level.
• Yellow: The team should eliminate the risk or reduce its level.
• Green: Acceptable risk.
The team can use a three-dimensional matrix of Severity, Occurrence, and Detection, however, this kind of risk matrix is complicated to use.
The organization can create a matrix depending on their process characteristics and available resources. However, the team should apply the criteria consistently.
Using the Risk Priority Number (RPN) in FMEA is the most common and convenient method of evaluating risk because the RPA is easy to develop and understand, whereas the entire FMEA methodology is complicated.
However, using only the RPN to determine the failure mode that requires corrective action can cause severe quality problems in an organization. Companies that wish to avoid the limitations of the RPN should evaluate risk with a combination of indices, such as Severity, Occurrence, and Detection.