What Is Safety Risk Management in Aviation SMS?
Depending on the context and your educational background, safety risk management in aviation safety management systems (SMS) can mean a couple different things:
- Second component of ICAO's four pillars; and
- Processes to identify, describe, monitor and manage hazards affecting safe aviation operations.
In both instances, the objectives remains the same, which is to ensure that risks surrounding safe operations are controlled.
When risk are not controlled, there is an increased chance that the operator will suffer consequences from an uncontrolled event. In most cases, these events will be minor and cause slight disruptions in business. However, the potential for a major event with fatalities must be accounted for to ensure that the public does not lose confidence in the safety of the "aviation system."
In this article, we will not center the discussion on the four pillars of an aviation SMS, but on the second instance where we explore the processes to identify and manage operational hazards and risks.
Related Articles on Four Pillars in Aviation SMS
- What Are the 4 Pillars of SMS?
- Who Started Four Pillars of Safety Management in Aviation?
- Which Pillar of Four SMS Pillars Carries Most Weight in Aviation SMS?
Safety Risk Management (SRM) as a Process
The most important things safety managers need to understand about what Safety Risk Management (SRM) is, is that SRM is a process. This process is cyclical, and is broken down into several stages.
Different oversight agencies account for these stages differently, but the international themes of SRM are:
- Hazard identification and risk analysis;
- Evaluation of the system being protected by the SMS implementation, such as behavior, bureaucracy, and other safety elements; and
- Hazard mitigation efforts, such as creation of risk controls.
The above SRM elements receive considerable attention. However, there are other, more subtle SRM elements that are either hastily skimmed over or overlooked entirely. These sub-components of SRM are extremely important because they determine the quality of your SRM process, and will influence how much “value” you get out of the above-mentioned bullet points.
These sub-elements of SRM are things like:
- Clarifying how your company is defining likelihood and severity;
- Where you draw the line for what risks are acceptable and unacceptable;
- Being able to show what your SRM process looks like; and
- How you will monitor your control measures (who, what, where and when).
These activities are perhaps the most important activities in Safety Risk Management (SRM), as they strongly influence all SRM operations.
Define Hazard, Risk, Likelihood, and Severity
Quite often, we see disagreement regarding the definitions of likelihood and severity in aviation risk management. This arises because of differing educational levels, backgrounds and opinions about:
- About what hazards and risks are;
- What likelihood is addressing; and
- What severity is addressing.
The most commonly accepted opinions are:
- Hazard: dangerous condition that leads directly to accidents;
- Risks: potential accidents, mishaps, etc.;
- Risk: the overall likelihood/severity of a safety incident;
- Severity: the amount of damages that can occur from likely risks; and
- Likelihood: the probability that these risks will occur.
However, these definitions are not set in stone. Some companies accept hazards as being non-dangerous “things” that can become dangerous, and a risk as the dangerous condition. This definition tends to feel more natural and cause less confusion, but can be at odds with definitions of oversight agencies (such as the FAA).
Based on those definitions, your organization should decide what likelihood and severity are addressing.
Related Aviation Risk Management Articles
- Difference between Hazards, Risks & Control Measures in Aviation SMS
- Relationship between a Hazard and Risk Occurrence in Safety Management
- How to Identify Hazards and Assess Risks in Aviation SMS - with Free Resources
Define What Constitutes Likelihood and Severity
Regardless of your viewpoints regarding these basic risk management definitions, your organization needs to be crystal clear about what a hazard is and what a risk is. Not only should everyone have a clear understanding of the relationship between a hazard and risk, but your definitions must align with your civil aviation authority. Everyone must be on the same page, otherwise, there will be considerable frustration and possible audit findings.
After aligning risk and hazard definitions, you need to:
- Define what constitutes severity, such as how much damage, loss of life, financial loss, etc., for each level of severity; and
- Define what constitutes likelihood, such as how often the hazard/risk has been seen in the company/industry, expectations of happening again with current risk controls, etc., for each level of likelihood.
Risk management processes in aviation SMS use risk matrices to easily and intuitively communicate risk among stakeholders with varying degrees of risk management expertise. The most common risk matrix is a 5x5, such as illustrated at the right. Your risk matrix may look different than the one illustrated. For example, you may have only a 3x3 or 4x4 risk matrix, where numbers represent the number of cells along the x and y axis.
There are no requirements to use a specific risk matrix in your aviation SMS. If you have not yet chosen a risk matrix, here is a word of advice: "don't make a science out of it." If you are starting an SMS implementation, you probably don't have the time or experience to recreate the wheel," so keep it simple. Use the default 5x5 risk matrix.
Define Risk Matrix Cells Based on Agreed Levels
Each level of severity and likelihood should have specific “markers” to represent the different gradation between probability and severity axes. For example, level 3 severity might be defined by having:
- Major injury;
- < $250k damages;
- Localized environmental effects;
- And so on.
The goal is that based on how you define what constitutes severity/likelihood, you can easily perform risk assessments with each reported safety issue and be:
- Consistent; and
- Inherently justifiable.
Related Articles on Defining Risk Matrix Used in Aviation SMS
- How to Define Severity and Likelihood Criteria on Your Risk Matrix
- How to Justify Severity of Risk Assessments - Best Practices
- How to Assign Severity and Likelihood to Issues When Assessing Risk
Define Acceptable Level of Safety (ALoS)
An aviation SMS' Safety Assurance (SA) processes and Safety Risk Management (SRM) activities are intimately connected. When hazards and/or risks are adequately controlled, they will need to be monitored in the SA process to provide "assurance" that risk is managed appropriately. This sounds straightforward enough; however “adequately controlled” is a muddy and subjective phrase.
By adequately controlled, what we are really talking about is whether the level of risk is “acceptable.” But what is acceptable? Oversight agencies and organizations handle this by requiring the organizations to define what acceptable is, based on the risk assessment.
This makes a lot more sense than making a “case by case” judgment about whether a particular issue is acceptably controlled. Assigning “acceptable” to a level of risk assessment:
- Formally defines what “acceptable” is; and
- Ensures that “acceptable” remains consistent and justifiable.
If your organization isn’t extremely clear about what ALoS is for your organization, you can count on an audit finding against any one of your SRM process elements.
Establish Hazard Identification Process
Where many aviation service providers get their SRM process right is understanding the importance of identifying hazards. Where organizations go astray is not understanding that hazard identification is a process, not just a single activity. This process includes:
- Initial identification of hazards;
- Monitoring those hazards for changes;
- Understanding the relationship and responsibilities for managing hazards among the various "interfaces;" and
- Monitoring operations for new hazards.
Many different activities are related to this risk management process, such as:
- Risk management treatment of reported safety issues and audit findings;
- Management of change in response to changing environmental conditions;
- Trend analysis; and
- Data mining.
What’s important is that you understand your hazard identification process well enough to:
- Diagram it;
- Outline it; or
- Clearly explain what activities are used to manage and promote hazard identification activities.
Related Aviation Hazard Identification Articles
- What Is Hazard Identification in Aviation SMS
- 4 Tips to Approach Hazard Identification in Aviation SMS
- Understanding Role of Hazard Identification Training and Safety Reporting Forms in Aviation SMS
Final Thought: Review Your Oversight Agency's SRM Guidance
Oversight agencies provide guidance on what their expectations are for the SRM process. Most follow ICAO's guidance. If this guidance is vague or unclear, review ICAO’s Safety Management Manual for further SRM guidance.
Guidance aside, something we hear over and over is that above anything else, oversight agencies want:
- To see consistent SRM activities that are adequately documented over a prolonged time period;
- Strongly justified decisions; and
- Clear processes.
For information about the FAA’s SRM requirements, see our 30+ page eBook covering in great detail exactly what the FAA expects from aviation service providers:
Published April 2017. Last updated October 2019.