The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment

Abstract

FMEA is as a method for assessing IT risks. This research aimed to examine the consistency of both traditional FMEA and improved FMEA in IT risk assessment. Improved FMEA is the result of a synthesis framework to minimize consistency in traditional FMEA. Two sets of action research cycles (plan, act, observe, reflect) were applied in this research. Action Research 1 was used to examine and prove the consistency of traditional FMEA. On the other hand, Action Research 2 was applied to examine the consistency of improved FMEA. Tests were carried out by two different teams in the same case study. The consistency was observed in the gap of the RPN results in both teams, and the differences result in both action research cycles. Action Research 1 proved that traditional FMEA was not consistent. The gap in the amount of risk at a very high level was four risks. However, Action research 2 had the same amount of risk at a very high level. Based on the correlation test, the consistency of action research 1 was 0.848 (very large correlation), and the action research 2 was 0.937 (near-perfect correlation). The consistency of improved FMEA proved to be more consistent than traditional FMEA. The limitation of this study was memory issues because both action research cycles were carried out by the same team and with similar case studies. Further research is expected to compare traditional FMEA and improved FMEA in different case studies. The theoretical contribution was the improved FMEA synthesis based on limitations of traditional FMEA. The FMEA team may use Improved FMEA Framework.