What failure tree analysis actually does — and why it matters for investment decisions

Failure tree analysis (FTA) is a top-down, deductive analytical technique that starts from a single defined undesired event — a system failure — and works backward through logic to identify every combination of lower-level component failures capable of causing it. The output is a hierarchical diagram of Boolean logic gates and basic failure events that maps, with mathematical precision, every pathway from component-level fault to system-level consequence. That map is the foundation engineers use to decide where to spend reliability improvement budgets.

The reason FTA is particularly valuable for investment prioritisation — rather than simply fault diagnosis — lies in its quantitative outputs. Once failure probabilities are assigned to each basic event, the analyst can calculate the probability of the top-level event and, crucially, determine how much each component or subsystem contributes to that probability. Components with the highest contribution to system unreliability are the ones where investment in redesign, redundancy, or improved maintenance yields the greatest return in risk reduction. This is the direct link between the fault tree and the capital allocation decision.

For complex electromechanical systems — which combine mechanical wear mechanisms, electrical degradation modes, thermal effects, and software-hardware interactions — this structured approach is especially important. The failure space is large, interactions between subsystems are non-obvious, and the cost of unplanned downtime or safety incidents is high. Standards bodies including IEC, IEEE, and SAE have formalised FTA methodology precisely because informal engineering judgement is insufficient for systems of this complexity.

Building the fault tree: from top-level event to root causes

Constructing a fault tree begins with a precise, unambiguous definition of the top-level undesired event — for example, “loss of drive torque in an electromechanical actuator under rated load.” Vague top events produce trees that are too broad to be actionable. Once the top event is defined, the analyst identifies the immediate necessary and sufficient causes that could produce it, connecting them with the appropriate logic gate.

An AND gate is used when all of a set of sub-events must occur simultaneously for the parent event to occur — this models redundant systems where multiple independent failures must coincide. An OR gate is used when any one of a set of sub-events is sufficient to cause the parent event — this models non-redundant failure paths. The distinction between AND and OR gates has direct investment implications: an OR gate at a high level of the tree means that any single failure path is sufficient to cause the top event, making every branch beneath it a candidate for investment. An AND gate means that all branches must fail simultaneously, so improving any single branch breaks the failure path entirely.

The tree is developed iteratively, decomposing each intermediate event until the analyst reaches basic events — failures that can be assigned a probability from field data, manufacturer specifications, or reliability databases such as MIL-HDBK-217 or the OREDA handbook. In electromechanical systems, basic events typically include bearing failure rates, insulation breakdown probabilities, connector contact resistance degradation, and sensor drift rates. Each of these can be expressed as a failure rate (failures per hour) or a probability of failure on demand, depending on whether the system is continuously operating or demand-activated.

The depth to which the tree is decomposed depends on the granularity of available failure data and the resolution needed for investment decisions. A tree decomposed only to the subsystem level can identify which subsystem warrants the most attention; a tree decomposed to the component or even failure-mode level can specify exactly which part number, material, or manufacturing tolerance is the investment target. In practice, engineers often build the tree to different depths in different branches, going deeper where the failure data is available and the investment stakes are highest.

Quantifying risk: minimal cut sets, importance measures, and investment ranking

The qualitative fault tree identifies failure pathways; quantitative FTA assigns probabilities and ranks them. The central concept is the minimal cut set (MCS): the smallest combination of basic events that, if they all occur, will cause the top-level event. Each MCS represents one failure pathway, and the probability of the top-level event is approximated by the sum of the probabilities of all minimal cut sets (with corrections for overlapping events in more rigorous analyses).

For investment prioritisation, the minimal cut set ranking is the first filter: MCSs with the highest probability represent the failure pathways most likely to produce the top-level event, and therefore the pathways where investment in prevention yields the greatest expected reduction in system failure probability. A single-element MCS — where one component failure alone is sufficient to cause the top event — is a single point of failure and typically the highest investment priority of all.

“A single-element minimal cut set is a single point of failure — one component whose failure alone is sufficient to cause the top-level system event. Identifying and eliminating single points of failure is the highest-return reliability investment an engineer can make.”

Beyond MCS ranking, FTA produces several component-level importance measures that provide finer investment guidance. The four most widely used are:

• Birnbaum importance (BI): The partial derivative of system unreliability with respect to a component’s unreliability — it measures how sensitive the system failure probability is to a marginal change in that component’s reliability. Components with high BI are those where a small improvement in reliability produces the largest reduction in system failure probability.
• Criticality importance (CI): Birnbaum importance normalised by the ratio of component unreliability to system unreliability — it expresses the probability that a component is both failed and is the cause of system failure. CI is particularly useful for maintenance prioritisation because it reflects both sensitivity and current failure probability.
• Fussell-Vesely importance (FVI): The fraction of the total system failure probability attributable to minimal cut sets containing the component. FVI is the most directly actionable for investment ranking because it answers the question: “What fraction of our system failure risk is associated with this component?”
• Risk achievement worth (RAW): The ratio of system failure probability assuming the component has failed to the baseline system failure probability. RAW identifies components whose failure would most dramatically increase system risk — these are the components whose reliability must be maintained or improved to prevent catastrophic risk increases.

FTA versus FMEA: choosing the right tool for electromechanical complexity

Failure tree analysis and Failure Mode and Effects Analysis (FMEA) are the two most widely used reliability analysis methods in electromechanical system engineering, and they are complementary rather than competing. Understanding which to apply — and when to use both — is essential for engineers designing reliability improvement programmes.

FMEA is a bottom-up, inductive method. The analyst begins with a list of components or processes, enumerates every possible failure mode for each, and traces the effect of each failure mode upward through the system to determine its consequence at the system level. FMEA is exhaustive for individual component failure modes and produces a Risk Priority Number (RPN) — the product of severity, occurrence probability, and detectability ratings — for each failure mode. The RPN is used to rank failure modes for corrective action.

FTA, by contrast, is top-down and deductive. It starts from a specific, defined system failure and asks what combinations of lower-level failures could cause it. According to guidance published by NASA and codified in standards including MIL-STD-1629A (for FMEA) and IEC 61025 (for FTA), the two methods are most powerful when used together: FMEA provides the failure mode inventory and occurrence rates that populate the basic events of the fault tree, while FTA provides the system-level logic that determines which failure modes actually matter for the top-level event.

For investment prioritisation specifically, FTA has a structural advantage over FMEA: it models the interactions between failure modes across different subsystems and identifies which combinations of failures — not just which individual failures — drive system risk. In a complex electromechanical system, the most dangerous failure scenarios are often those where two or more individually non-critical failures coincide. FMEA, analysed at the component level, will not surface these interaction effects; FTA, through its AND gates and minimal cut set analysis, will.

Applying FTA outputs to reliability investment decisions in practice

Translating FTA outputs into concrete investment decisions requires connecting the analytical results to the cost and feasibility of available reliability improvement options. The fault tree and its importance measures identify where investment is most valuable; the investment decision requires also knowing what interventions are available and what they cost.

The standard reliability improvement options available for each identified high-importance component or failure pathway fall into four categories: redesign (eliminating or reducing the failure mode at source), redundancy (adding parallel components or subsystems so that a single failure does not cause the top event), improved maintenance (increasing inspection frequency or switching to condition-based maintenance to catch failures before they cause system-level consequences), and derating (operating components at reduced stress levels to extend their life). Each option has a different cost profile and a different effect on the fault tree.

Adding redundancy to a component converts what was an OR gate relationship (one failure is sufficient) into an AND gate relationship (both the primary and backup must fail). This can dramatically reduce the probability of the top-level event — but only if the redundant components are truly independent, with no common-cause failure modes. Common-cause failure analysis (CCFA) is a critical companion to FTA in electromechanical systems, because many apparent redundancies are undermined by shared power supplies, shared thermal environments, or shared manufacturing defects. The IEC standard IEC 61508 addresses common-cause failure in safety-instrumented systems and provides beta-factor models for quantifying common-cause failure contributions.

The investment decision framework that emerges from a complete FTA study is therefore a ranked list of interventions, each associated with a quantified reduction in system failure probability and a cost estimate. Engineers can then calculate the cost per unit of risk reduction for each intervention — a metric analogous to cost-effectiveness analysis in other engineering disciplines — and allocate budgets to the interventions with the best ratio. This approach is the foundation of reliability-centred maintenance (RCM), which was formalised in the aerospace industry and has since been adopted across industrial, power generation, and transportation sectors, with guidance published by bodies including SAE in JA1011 and JA1012.

For R&D teams and reliability engineers working to stay current with the state of the art in FTA tooling, computational methods, and novel applications to electromechanical systems, patent literature is an underutilised resource. Patent filings from industrial equipment manufacturers, aerospace primes, and reliability software vendors document methodological advances — including dynamic fault trees that model time-dependent failure behaviour, Bayesian fault trees that update failure probabilities from field data, and automated FTA tools that integrate with digital twin environments. Accessing and analysing this patent landscape through a platform such as PatSnap‘s innovation intelligence tools enables engineers to identify best-in-class approaches before they appear in published standards.