Goal of Risk Assessment Questions
Before making risk assessments, there are a number of important questions to ask about the issue in question. These questions are extremely important, as they affect how you will rank the issue and how you will respond to it.
You will commonly perform risk assessments on reported safety issues, such as
- Incidents; and
Assessments are integral to helping you establish whether or not a given issue is within an Acceptable Level of Safety.
Most of your questions about an issue before assessing it revolve around trying to gather facts around:
- How severe negative outcomes are; and
- The chances of those negative outcomes happening in the future.
Let’s look at the 5 questions that are essential to providing accurate, good risk assessments.
Resource: What is Risk Matrix/Risk Assessment
1 – What Is the Type of Issue That You are Assessing?
It’s important you first identify what kind of issue is being reported. Is the reported issue:
- A potential hazard?
- An actual negative consequence?
This is an important question because it will determine how you analyze the issue. If it is:
- A hazard, you need to determine the most likely negative outcome of the hazard and analyze that outcome
- A negative outcome, then you only need to analyze the actual outcome.
If it doesn’t seem to be either a hazard or a negative outcome, then it’s likely a concern that, by itself, will not lead to any negative outcomes (this would be lowest assessment level). Such issues are still useful to report, as it likely indicates employees reporting root causes or other threats.
While we mentioned that a negative outcome requires you to analyze the actual outcome, you should not overlook the possibility that the outcome accurately represents the "most likely outcome." You may have been lucky in this instance. What will happen the next time this hazard manifests itself?
In these cases, you may analyze:
- Actual identified consequences; and
- Most likely credible outcome.
Related Aviation Hazard Articles...
- Difference between Hazards, Risks & Control Measures in Aviation SMS
- 5 Tips Reviewing Hazards, Risks & Controls in Aviation SMS - With Examples
- 4 Tips to Approach Hazard Identification in Aviation SMS
- From Reactive to Proactive Hazard Identification in Aviation SMS
2 – What are Your Criteria for Severity?
If you have done your work properly, you will have defined and documented the criteria for each level of severity. You need to be very familiar with your criteria as you will be analyzing the negative outcome in question based on these criteria.
For example, you might define each level of severity based on the following criteria:
- Damage to person(s), such as level of injury or amount of death;
- Damage to environment;
- Damage to mission;
- Financial damages; and
- Any other type of quantifiable damage relevant to your operations.
With these criteria, you will try an ascertain how negative outcome corresponds to each level of criteria.
3 – What are Your Criteria for Likelihood?
You also need to make sure you are very familiar with your criteria for each level of likelihood, such as:
- The rate of occurrence of each level; or
- The qualitative rate of likelihood or expected number of occurrences.
You will use this criterion to understand the likelihood of the negative outcome.
4 – What are the Damages of the Negative Outcome?
Next you need to understand what are particular damages suffered from the issue. You should understand these damages in terms of:
- The criteria you use on your risk matrix; and
- In quantitative terms.
You want to answer each criteria for severity in terms of concrete damages.
- How much financial damage?
- How bad was the injury?
- Did anyone die?
- Did this outcome effect the mission and/or other missions?
You should have specific answers for each criterion. This will help you match the actual severity with the appropriate level of severity.
5 – What Do You Expect the Likelihood of Negative Outcome Happening Again Is
If the hazard occurred again, what do you expect the likelihood of it leading to a negative outcome is? You should factor in:
- Existing risk controls;
- New risk controls that you are implementing; and
- Other factors such as existing Norms and time of year, etc.
If you implement new risk controls, you would ideally see the likelihood and/or severity go down.
Final Thoughts on Risk Assessments
Safety managers are detail oriented and expect their documented work to be reviewed by both upper management and SMS regulatory auditors. In short, they want their risk assessments to accurately depict the reported issue's risk. The expectation of always performing accurate risk assessments is unrealistic. New information comes into the SMS all the time.
New information may affect the initial risk assessment. If you were using a spreadsheet, you have no recourse but to delete the initial risk assessment and replace it with the re-assessed risk. This is not a good practice. There is no documentation trail remaining to communicate what actually happened during the risk management process. A better approach is to use a system that allows multiple risk assessments at predefined workflow stages, such as:
- Closing; and
The best practice is that for each risk assessment, you capture:
- Date of risk assessment; and
- Who performed risk assessment.
Another best practice is to briefly document what the risk assessment team was considering when they performed the risk assessment. In SMS Pro, we call it an "Assessment Justification." The main purpose behind the assessment justification is to serve as a reminder regarding the factors that were reviewed when determining the risk index, i.e., composite of the probability and severity.
These best practices are almost impossible to carry out effectively using spreadsheets. An SMS database is the recommended technology and will serve you well in documenting your risk assessments as they occur in real life. Auditors understand that information doesn't come in all at once, but trickles in as the investigation progresses.
If you need help with an SMS database to perform risk assessments and to monitor the effectiveness of your risk controls, we can help. Sign up for a live demo to see these processes in action.
Published December 2018. Last updated January 2019.