Skip to main content

Why AIAG-VDA Changed FMEA

Traditional FMEA methods used Risk Priority Number (RPN) — a simple multiplication of Severity × Occurrence × Detection ratings. The problem? RPN treats a catastrophic failure that rarely occurs (S=10, O=2, D=5, RPN=100) the same as a minor annoyance that happens constantly (S=2, O=10, D=5, RPN=100). The AIAG-VDA standard replaced RPN with Action Priority (AP), a categorical classification system that prioritizes severity first, then considers occurrence and detection. The AP Decision Logic: diagram This categorical approach ensures that high-severity failures always receive high priority, regardless of how rare they might be. TestAuto2 implements this logic as a JavaScript formula in its FMEA risksheet configurations, automatically calculating both pre-mitigation and post-mitigation AP values.

The Seven-Step FMEA Process

AIAG-VDA defines a structured seven-step methodology for conducting FMEA. TestAuto2 encodes this process through nine progressive workflow views in its risksheet configurations, revealing columns only when users reach the appropriate analysis stage:
StepAIAG-VDA ActivityTestAuto2 ViewVisible Columns
1Planning and PreparationSetup (outside Risksheet)Document type, team, scope
2Structure AnalysisDefaultItem, Function, Requirements
3Function Analysis1. Identify Failure Modes+ Failure Mode, Failure Effects
4Failure Analysis2. Initial Risk Ranking+ Severity, Occurrence, Detection, Pre-AP
5Risk Analysis3. Link Downstream DFMEA+ Downstream Risks (causes link)
6Optimization4. Define Mitigations, 5. Verify Controls+ Risk Controls, Test Cases
7Results Documentation6. Final Risk Evaluation, 7. Risk Summary+ Post-mitigation S/O/D, Post-AP
This progressive disclosure prevents overwhelming users with 30+ columns simultaneously while enforcing the logical workflow sequence. You cannot assess post-mitigation risk until you’ve identified current controls and linked test cases — the views enforce this discipline.

Multi-Level FMEA Cascade

Unlike ISO 26262’s single HARA analysis at the vehicle level, AIAG-VDA requires Design FMEA (DFMEA) at three hierarchical levels: diagram TestAuto2 implements this cascade through the causes relationship in its risksheet configurations. A failure mode at the system level can link to multiple downstream failure modes at the subsystem level, which in turn link to component-level root causes. The System DFMEA Report visualizes this hierarchy as a drill-down tree. Separately, Process FMEA (PFMEA) analyzes manufacturing and assembly processes: Unlike DFMEA which uses Action Priority, PFMEA in TestAuto2 still uses traditional RPN calculation (S × O × D) because process risks typically involve controllable occurrence rates and measurable detection capabilities.

Why Severity Never Changes Post-Mitigation

A common misconception: “We added a safety control, so severity should decrease.” This is incorrect per AIAG-VDA. Severity represents the inherent consequence of a failure mode occurring — it describes “what happens IF the failure occurs,” not “how likely it is.” Risk controls reduce occurrence (making failures less likely) and improve detection (catching failures before they cause harm), but they cannot change the physics of what happens when the failure actually occurs.
If a brake cable snap causes vehicle collision (S=10), installing a redundant cable reduces occurrence (now both must snap), but IF both snap, the consequence remains collision (S=10). TestAuto2 enforces this by using the same fmSeverity field value for both pre-mitigation and post-mitigation AP calculations.

SC/CC Special Characteristics

AIAG-VDA integrates with IATF 16949 requirements for Special Characteristics — product or process parameters that can affect safety, regulatory compliance, or critical customer requirements:
  • SC (Safety Critical): Directly affects occupant safety or regulatory compliance
  • CC (Critical Characteristic): Affects fit/function/durability but not immediate safety
TestAuto2 automatically propagates SC/CC classifications through the traceability chain: diagram SC characteristics typically require 100% inspection with statistical process control, while CC characteristics may use sampling plans. The Control Plan Risksheet displays SC/CC badges using orange (SC) and red (CC) color coding.

Integration with ISO 26262

TestAuto2 unifies AIAG-VDA FMEA with ISO 26262 functional safety requirements:
AspectISO 26262AIAG-VDA FMEATestAuto2 Integration
Risk MetricASIL (QM, A-D)Action Priority (L/M/H)Parallel fields: asil + premitigationAP
ScopeHazards at vehicle levelFailure modes at all levelsHARA feeds system requirements → SFMEA
MitigationSafety goals → requirementsRisk controls → test casesSafety goals become system requirements verified by test cases linked to risk controls
CoverageISO 26262-8 traceabilityFMEA coverage by system elementRequirements Traceability Report + FMEA Coverage Report
The workflow: conduct HARA to identify hazards and derive safety goals, convert safety goals to system requirements, then create System FMEA to analyze how those requirements can fail. ASIL drives design rigor; AP drives where to focus mitigation effort.

Practical Application in TestAuto2

To apply AIAG-VDA FMEA methodology in your project:
  1. Structure Analysis: Define system elements using the System Structure Navigator
  2. Create FMEA Documents: Start at system level with Create System FMEA, cascade to subsystem/component
  3. Progressive Analysis: Use workflow views to enforce the seven-step process — Define Failure Modes, Assess S/O/D, Calculate Action Priority
  4. Link Controls: Connect failure modes to Risk Controls and verification test cases
  5. Track Mitigation: Update occurrence/detection ratings, monitor Post-Mitigation AP
  6. Generate Reports: Use FMEA Reports to demonstrate risk reduction for management and auditors
The FMEA Reports Dashboard provides executive visibility into DFMEA and PFMEA coverage across your project, while the Risk Control Effectiveness Report validates that mitigation measures actually reduced risk per AIAG-VDA requirements.