The FMEA is an extract of the Hazard Log
The DSM uses matrices for hazard analysis. This page shows you how to build a FMEA matrix from a hazard log in the DSM.
Traditional safety management treats the hazard log and the FMEA as separate artefacts. This duplicates information, increases costs and creates errors and inconsistencies. The DSM stores the hazard log as a model within the tool. You build a FMEA from the model by tracing from causal events. Data about events and hazards, such as severity and likelihood, are stored as extension data and included in the FMEA.
Try it yourself: When you start the DSM it loads an initial template model which already contains the FMEA matrix and its associated queries, along with an example bow tie diagram. Download and install the DSM to follow along with a free one month trial license.
Here is a sample output from the basic FMEA matrix:

Important:This is just an example. The DSM was designed to be as flexible as possible, to fit the way you work instead of making you fit in with it. So instead of building just a FMEA the way we would do it, we built the tools you need to create a FMEA, or any other matrix that you might need in your work.
Building the Bow Tie Diagrams

The chains of events that lead from component failures to accidents are described using bow tie diagrams. Each bow-tie diagram associates a hazard with a “top event” where control is lost. Events (grey boxes) are linked into possible chains using “threat line” arrows. You can add Controls (green boxes) to threat lines to denote measures that will reduce the likelihood or severity of an accident.

Here is a completed bow tie diagram. It contains one of the hazards used to generate the table above.
The FMEA Queries
The FMEA matrix uses queries to find the entities to display. Each query locates entities which will appear in the FMEA, either as rows or as a list in a column. These are the queries it uses:
Hazard Causes

This finds all the causal events for all hazards. The left hand side of the matrix consists of fields taken from these events.
This query has no “Input” box, so it produces the same list regardless of any input it is given.
Cause Controls

This query is more complex. It starts from a causal event found by the previous query and looks for all the downstream threat lines.
We need the threat lines rather than the boxes they connect, so this query does not use “Follow forwards”. Instead it steps from the event box to the connected arrows, and then to the event boxs at the arrow heads, accumulating the arrows as it goes. Then it finds the controls that have been pegged to those threat lines.
So the result is every control which might apply to the chain of events starting with the input. This is the list which appears in the “Controls” column of the matrix above.
Causes Hazard

This query does the reverse journey of the “Hazard Causes” query above; it starts from a causal event and finds all the hazards downstream of it.
The FMEA Matrix Definition

In the DSM the FMEA matrix design looks like this.
The design of a matrix consists of a list of queries, each of which has a list of columns. Here we have two queries; the “Hazard Causes” and the “Causes Hazard“, both sorted by the “Name” field.
The matrix displays the items from the first query using the columns specified. The second query produces sub-rows for the results of the first. Compare this with the output of the matrix at the top of the page.
Most of the causes here only lead to single hazards, but “Driver presses Open” and “Electrical Fault” can both lead to two hazards.
Most of the columns in this matrix are just entity fields, but there are two exceptions:
- The “Cause Controls” query we saw earlier generates the “Controls” column.
- The “Risk” column on the far right uses a lookup table containing a risk matrix (terminology: in the DSM a risk matrix is defined in a lookup table rather than a matrix). The table maps a severity and likelihood to a risk acceptability. In this case it finds the severity field in the hazard and the likelihood field in the causal event.
Entities & Fields for the FMEA
The DSM starts with an initial template model with some basic fields set up, but you will need more for a real FMEA. This diagram shows a mapping between typical FMEA fields at the top and data in the DSM below. Apart from name and description all the fields shown here are extension fields defined by the user as part of the model, so you can tailor the DSM for your existing process.