2015 Etc Fmea Template

formula student electric
FS2015 - ETC FMEA

Car Number
XXX
University
Inventive Thinkers State University
This template contains an examples of how to fill out the FMEA. Furthermore, it contains a number of failure modes which are both
starting points and examples for the failures to be covered in your team's FMEA. NOTE: Not every given failure may apply to
every team's Electronic Throttle Control. The given failures may also be incomplete with respect to your specific system.
Add failures to the list, if appropriate for your system.
Change the complete example given, i.e. No.1, to suit your system. Add missing failure modes with respect to your car's system.
Be as complete as possible, adding any failures that affect the safety of your car, the driver, or other persons. Before submitting
your FMEA please make sure it is complete. This way you will avoid unnecessary delays and queries.
Edit the coloured cells to your specific data and reset the cell colour to white
Only add additional failures at the end of the list to keep the numbering scheme of the original template. This makes reviewing the
document much easier and thus faster. Do not delete any failures, if they do not apply to your system. Just write "Does not apply."
or similar with a short reason why.
In addition to completing the FMEA page, also complete the System Description page so that the technical judges can understand
how your system works and the components that are contained within it
Do not change the template's format!

Seite 1
FMEA definitions of column headers and Key for Severity, Occurance and Detection ratings
Rating
Occurrence (Occ)
Detection (Det)
No injuries may be
caused, but general
safety is affected by this
failure
Failure occurrence
is very unlikely
Certain detection of
the failure
Light injuries may be

caused by this failure
Medium injuries may be
Relatively few
failure occurrence
Occasional failure
occurrence
High chance of
detecting this failure
Medium chance of
Heavy injuries may be

Fatal injuries may be
Frequent failure
occurrence
Persistent failure
occurrence
Low chance of
Failure cannot be
detected
3
4
5
Component/Item
Function
Failure Mode
Failure Cause
Failure Effect Local
Failure Effect Global
Sev
Severity Reasoning
Occ
Occurrence Reasoning
Failure Detection
Det
Detection Reasoning
Risk
Failure Handling - Vehicle
Failure Handling - Team
Severity (Sev)
The system or component that is affected

What the system or component does
The method by which the component fails
The root cause of the failure
What happens locally to the component as a consequence of the failure
What happens to other systems or the rest of the vehicle as a consequence of the failure
The severity rating - see table above
Your reasoning for the severity rating that is given
The likelihood of the occurrence - see table above
Your reasoning for the occurance rating that is given
How will the failure be detected - what are the systems on the car that detect this
The rating for failure detection - see table
Your reasoning for the failure detection rating
Calculated automatically from Sev, Occ and Det
Once a failure has been detected, what is the immediate reaction of the ECU and the driver to mitiga
How do you determine what has failed and what type of action is taken to remedy this? What precau
ce of the failure
ect this
CU and the driver to mitigate the risk

remedy this? What precautions do you take whilst doing this?
Formula SAE Electronic Throttle Control FMEA Template

Electra Watt, Electra.Watt@mail.com
Car No.:
FMEA No.:
Component/Item
XXX
University: Inventive Thinkers State University

Function
Failure Mode
Failure Cause
Failure Effect
Local
Sensor moves or sensor

takes an offset
Contact:
Sensor outputs the wrong

signal
Sev
Severity Reasoning
Occ
Occurrence Reasoning
Failure Detection
Det
Detection Reasoning
Risk
Failure Handling - Vehicle
Failure Handling - Team
Global
1 Accelerator Pedal
Position Sensors
Signaling the pedal position
Sensor 1 and Sensor 2

deliver different position
values
Engine delivers torque that is

not in line with drivers
expectation
2 Accelerator Pedal
Position Sensors
Sensor 1 or Sensor 2 signal

(analog or digital) not
plausible
3 Accelerator Pedal
Position Sensors
Sensor 1 or Sensor 2
broken
4 Accelerator Pedal
Position Sensors
Signal connection (analog

or digital) to Sensor 1 or
Sensor 2 broken
5 Accelerator Pedal
Position Sensors
Pedal stuck at maximum

position
6 Accelerator Pedal
Position Sensors
Digital communication
between sensors and
receiving ECU is corrupted
(e.g. bits change due to
EMI)
7 Accelerator Pedal
Position Sensors

or digital) between
implausibility check ECU
and throttle actuator
8 Throttle Position Sensors
Signaling the throttle postion
Sensor 1 and Sensor 2

deliver different position
values
Uncontrolled acceleration
could result in a crash
Could be damaged with vibration ECU compares two

etc
signals
ECU should detect this unless

it occurs to both sensors
30
Sensor 1 or Sensor 2 signal

(analog or digital) not
plausible
Sensor 1 or Sensor 2
broken

or digital) to Sensor 1 or
Sensor 2 broken
Throttle stuck at maximum

position
between sensors and
EMI)

or digital) between
15 Brake System Encoder
Signaling the brake system

actuation state
Sensor signal (analog or

digital) not plausible

actuation state
Sensor broken

actuation state

or digital) to Sensor broken

actuation state
Pedal stuck at maximum

torque position

actuation state
between sensor and
EMI)

actuation state

or digital) between
21 Throttle Actuator
Achieves target throttle

postion
Target position is not

achieved in required time
22 Throttle Actuator
Achieves target throttle

postion
Actuator Failed
23 Brake System Plausibility Checking for implausibility

Brake Pedal Sensor broken
Device
between brake pedal sensor
and power delivered to the
motor(s)

Device
between brake pedal sensor or digital) to Brake Pedal
Sensor broken
motor(s)
FMEA: Page 4+1
ECU kills power to the throttle so Team will test the sensors to
that the throttle shuts and
determine which sensor is faulty
provides a fault flag
and replace the sensor if
required
Comments

Throttle position sensor
Device
between brake pedal sensor brokem
motor(s)
Device
between brake pedal sensor or digital) to throttle position
sensor broken
motor(s)

Brake system plausibility
Device
between brake pedal sensor device lost power supply
motor(s)

Device
between brake pedal sensor
motor(s)
Powerstage
(relay/transistor) to kill
power to the throttle
actuator is broken

Connection to powerstage
Device
between brake pedal sensor to kill power to the throttle
actuator is broken
motor(s)
Brake system plausibility
Device
between brake pedal sensor device not installed
motor(s)
31 Brake-Over-Travel-Switch Detecting an over-travelling
brake pedal
Electrical Connection to
shut-down circuit broken
32 Brake-Over-Travel-Switch Detecting an over-travelling

brake pedal
Switch broken / does not

switch
33 ShutDown Button
Opening the shutdown

circuit, when pushed
34 ShutDown Button

Button broken / does not

switch
35 Cockpit-mounted
ShutDown Button

36 Cockpit-mounted
ShutDown Button

Button broken / does not

switch
37 Tractive System Master

Switch
Switches off the tractive

system

switch
38 Grounded Low-Voltage
System Master Switch
Switches off the GLVS

switch
39 Vehicle Dynamics
Function / ECU
Additional influence on
requested motor torque
Vehicle Dynamics
Function / ECU has a
general fault
40 Vehicle Dynamics
Function
Vehicle Dynamics
Function / ECU circuitry is
erroneous
41 Vehicle Dynamics
Function
Vehicle Dynamics
Function / ECU signal
connection to steering
wheel sensor is broken
42 Vehicle Dynamics
Function
Steering wheel sensor is

faulty
43 Vehicle Dynamics
Function
Vehicle Dynamics
connection to acceleration
sensor is broken
44 Vehicle Dynamics
Function
Acceleration sensor is faulty
45 Vehicle Dynamics
Function
Vehicle Dynamics
connection to wheel speed
sensor is broken
46 Vehicle Dynamics
Function
Wheel speed sensor is

faulty
47
Motor controller
0
HV wire skinned out by
high curent drawn from the
faulty connection or due to accumulators
the over heating of the
motor windings
causes exessive heating of

the windings and also
damages the motor and the
controller
10 in case of faluty connections

it causes threat of
uncontrolled drive damagiing
the drive train
faulty connections or uvscientific

wiring without safety
connections made to the

controller lost because of
loose contacts which are
discoonected because of
jerks of the vehicle
controller does not

rececive any valid signal
in case of normal controller

defective signals due to
noise may cause
uncontrolled drive
fualty signals may cause the

vehicle to crash
could have lost connaction

controller pulls down the
because of excessive vibration of pins with no connection to
the vehicle during the drive
the ground voltage level
and indicate sthe fault
contrller ot able to
comprehend the signaks
from the sensors
defective signals may lead to

uncontrolled drive
crash of the vehicle due to

error in the controller
cooling system fails causing

the efficiency to reduce in
components such as the
battery and the damage to
the controller
may cuse fault in the working

of the component or melt
down of the insulatrion
nearby due to excessive
heat
may be due to the damage in the

controller due to mechanical
shock or over heating because of
insufficient cooling
sensors damaged due to over
haeating
controlling the speed anmotor controller output
48
Motor controller
controlling the speed anmotor controller connec
Motor controller
controlling the speed anmotor controller does no
Motor controller
cool the motor controller,the motor and maintai
49
controller working in an
errotic manner
50
defctive connections or
erronious outputs from the
break down of the
temperature sensors
temperature sensing circit
like failure in the sensors
51
52
53
54
55
FMEA: Page 5+1
controller should detect

the short circuit and shut
down the power supply to
the motor and the GLV
system
vehicle is not put into

motion until the controller
responds properly to the
control signal in case
occurs
the drive it
in
case during
of the controller
then thehave
controller
should
a shutshould
down
be shut down until the
circuit
fault is rectified
controller should sense the

current that has exceeded
withreference to the demand
controller should detect that the

connections from the sensors
have been lost
0 controller shuts down the power

supply to the motor and also the
fuses ins eries with the
accumulator blows out
protecting the controller from
being damagaed
controller auotmatically shuts
down the ower to the motor
controller and hence the motor

is shut down automatically in
order to prevent the hazards
externals terminals of the

controller will be shorted and the
action of the controller shutting
down and the fuses blowing out
in case the current exceedes the
safer limits
controllers connections will be
removed to demonstrate the
action of the controller shuting
down
one of the main protection issues

since the current in the external
short circuit is high may cause a
threat to the driver seated in

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
FMEA: Page 6+1
FSAE2015 - ETC FMEA - System Description

Car Number
University
XXX
Inventive Thinkers State University
Provide details of the TPS, APPS, BSE, the ECU that you have used, their configuration and plausibility checks that are conduc
Also provide details of the Brake System Plausibility Device
Datasheets can be added on additional sheets
System Description
ntive Thinkers State University
that you have used, their configuration and plausibility checks that are conducted.
ity Device

2015 Etc Fmea Template

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

2015 Etc Fmea Template

Transféré par

Droits d'auteur :

Formats disponibles

formula student electric

FS2015 - ETC FMEA

Inventive Thinkers State University

Do not change the template's format!

Light injuries may be

Heavy injuries may be

The system or component that is affected

CU and the driver to mitigate the risk

formula student electric

Formula SAE Electronic Throttle Control FMEA Template

University: Inventive Thinkers State University

Sensor moves or sensor

Sensor outputs the wrong

Failure Handling - Vehicle

Failure Handling - Team

Signaling the pedal position

Sensor 1 and Sensor 2

Engine delivers torque that is

Signaling the pedal position

Sensor 1 or Sensor 2 signal

Signaling the pedal position

Signaling the pedal position

Signal connection (analog

Signaling the pedal position

Pedal stuck at maximum

Signaling the pedal position

Signaling the pedal position

Signal connection (analog

8 Throttle Position Sensors

Signaling the throttle postion

Sensor 1 and Sensor 2

Could be damaged with vibration ECU compares two

ECU should detect this unless

9 Throttle Position Sensors

Signaling the throttle postion

Sensor 1 or Sensor 2 signal

10 Throttle Position Sensors

Signaling the throttle postion

11 Throttle Position Sensors

Signaling the throttle postion

Signal connection (analog

12 Throttle Position Sensors

Signaling the throttle postion

Throttle stuck at maximum

13 Throttle Position Sensors

Signaling the throttle postion

14 Throttle Position Sensors

Signaling the throttle postion

Signal connection (analog

15 Brake System Encoder

Signaling the brake system

Sensor signal (analog or

16 Brake System Encoder

Signaling the brake system

17 Brake System Encoder

Signaling the brake system

Signal connection (analog

18 Brake System Encoder

Signaling the brake system

Pedal stuck at maximum

19 Brake System Encoder

Signaling the brake system

20 Brake System Encoder

Signaling the brake system