iSixSigma

Risk Priority Number (RPN)

Definition of Risk Priority Number (RPN):

« Back to Glossary Index

Dealing with risks associated with failure modes in projects and processes is part of normal business activity, but when is a risk acceptable? By evaluating the impact and likelihood of the failure to occur, we can prioritize which risks to accept and which to address. Welcome to the Risk Priority Number.

Overview: What is RPN?

Risk Priority Number (RPN) is an integral part of the creation of a Failure Mode and Effect Analysis (FMEA) document but is also used widely wherever a risk management strategy is deployed.

RPN is a multiplication of a number of factors that aim to assess the risk of a failure mode escaping and potentially presenting to the customer as a defect. The factors used are:

  • Severity (S) – the impact of the failure mode being present, ranked 1 to 10 with 10 being highest severity and typically hazardous without warning, with the potential for significant harm
  • Occurrence (O) –  the probability of the failure mode being present, ranked 1 to 10 with 10 being the highest occurrence and typically defined as almost inevitable
  • Detection (D) – the ease or capability of failure mode detection and escape prevention, ranked 1 to 10 with 10 being the highest uncertainty of detection

RPN is then calculated as the multiplication S x O x D. There are a couple of things to be aware of with RPN:

  • The scale is not continuous due to the possible multiplication of numbers e.g 13 is not a possible RPN
  • It is possible to have a high RPN with a low severity rating which can lead to teams focussing upon low customer impact failure modes

Whilst it is possible to use only the RPN value as a strategy to determine which failure modes to address first, for example all RPN values > 120, it is also common to use both the severity rating and the RPN value to prioritize risk reduction activities. This approach utilizes a risk priority matrix, an example of which is shown below for illustration only.

RPN — risk priority number — cchart

An industry example of RPN

A cosmetic company with an online shop for purchase of their products wanted to improve their customer purchase experience due to a number of poor ratings and negative feedback. Recognizing that changing the current online order and dispatch process would potentially introduce new risks and failure modes, their manager for Continuous Improvement (CI) assembled a team to review failure modes and develop a risk management strategy. Being familiar with FMEA techniques the CI manager utilized the RPN methodology to drive the risk management strategy.

Following brainstorming sessions to document the new potential failure modes the severity, occurrence and detection of the modes were discussed and agreed. The RPN was then calculated and the team reviewed the numerical values for RPN and cross referenced these to the severity rating. The team devised a strategy to address all of the failure modes with a severity rating of 7 or higher in combination with an RPN of 150 or higher as priority one. The team also agreed that any modes with a severity of 2 or less would be accepted and no action required.

Following a systematic review of RPN and severity, the risks associated with the new failure modes were addressed or mitigated leading to acceptable risk classification for all items and successful deployment of the updated customer purchase experience.

Frequently Asked Questions (FAQ) about RPN

1. How is RPN calculated?

The Risk Priority Number (RPN) is typically calculated by multiplying the Severity (S), Occurrence (O) and Detection (D) ratings for a particular failure mode, RPN = SxOxD

2. What is an acceptable RPN?

There is no simple answer to this question. The acceptability is a function of how risk averse a company is plus factors such as product or process maturity. Often the combination of high severity and a high RPN is used to help focus on risks that must be addressed as a priority

3. Is RPN only used in FMEA?

Whilst RPN is probably most well known from Failure Mode and Effects Analysis (FMEA) it can also be used wherever a risk management strategy is deployed to focus on the high impact items.

« Back to Dictionary Index