How Much Risk Are You Taking On?
How much risk are you will you willing to accept? This is one of the most critical questions that every aviation service provider needs to answer. The answer will inform every single risk management activity in the aviation SMS program.
Commonly, we think about this question in terms of Acceptable Level of Safety (ALoS) or “as low as reasonably practicable” (ALARP). However, it may be less effective to address the issue of acceptability in terms of a concept (ALoS, ALARP) rather than a question. This is because attacking risk permissibility from the point of view of ALoS or ALARP allows you sidestep actually asking yourself the all-important question (), “How much risk are we willing to accept?” (HMRA)
The difference between ALoS/ALARP and HMRA is subtle, but very important:
- ALARP addressed the practice of reducing risk;
- ALoS addresses risk from a point of acceptability; and
- HMRA directly considers the amount of risk for a given safety concern.
In other words, ALoS focuses on the amount of safety for a given concern, while asking HMRA focuses on the amount of risk being taken on for a given safety concern. Specifically asking how much risk you are willing to accept is a natural way of shifting your focus to what risks you are taking on and accepting, rather than the safety of the issue in question.
That being said, every aviation service provider should consider all three of the above points, but in a cycle.
The Circle of Risk Acceptance
ALOS, ALARP, and HMRA should all be established in your safety documentation and practices. However, they should be established in a particular order. It works like this:
- Choose given safety concern, i.e. a risk (potential damages) or hazard (dangerous conception);
- For that safety concern, ask “How much risk are we willing to take on?” (HMRA);
- Document what/how much risk will be taken on by your company;
- Document the extent to which the hazard/risk will be mitigated (ALARP); and
- Based on this documentation, establish (or verify) goals for acceptable level of safety.
This process should happen on a high level, such as in safety goals and objectives documentation. It should also exist on a micro level, such as during issue management of individual safety concerns.
This process is also a cycle, whereby reviewing ALoS goals should be reviewed by asking the HMRA question.
What Does It Mean to “Take-On” Risk
Assessing how much risk is being taken on is an important first step in establishing acceptable level of safety and as low as reasonably practicable. By “taken on” we are talking about:
- Overall organizational risk that is being taken on; or
- Risk that is being taken-on for a specific concern.
Taken-on is similar to “accepted.” It arises from the fact that absolute safety is unachievable. What this looks like is identifying aspects of a risk or hazard that:
- Are beyond company control;
- Are unlikely or mild enough that they are not worth resources to address; and
- Company does not have resources/technology to fully address.
In summary, taking on risk means addressing what potentialities remain after SMS mitigation efforts.
Risk Mitigation and Taking-On Risk
Asking and answering how much risk is being taken on is an essential part of segregating:
- What specific elements of a risk/hazard are being mitigated; and
- What specific elements of a risk/hazard AREN’T being mitigated.
Establishing both elements is an essential part of risk mitigation effort, as it helps identify:
- Potential elements of a risk/hazard that can be further mitigated;
- Elements of risk/hazard that have no risk controls; and
- How risk controls work on hazard/risk potentialities.
The main argument here is that mitigating risk is as much about understanding what you are mitigating as what you aren’t mitigating.
Final Though: Assessing If What Organization is Taking-On is Acceptable
Taking-on a certain amount of risk actually makes sense for organizations. It would be a poor and unmanageable use of resources to try and mitigate a particular risk “entirely.” Therefore:
- Anticipate that every hazard/risk will take-on a certain level of exposure;
- Review what exposure your organization is taking-on;
- Do a risk assessment on that exposure; and
- See if the risk assessment falls within your defined level of acceptability.
Doing this assumes that your organization has already defined the line in your risk matrix that separates acceptability from non-acceptability.
For further information about defining acceptability and analyzing risk that your company is taking-on, these resources should prove valuable: