What Are Best Practices for Risk Mitigation in Aviation Safety Management
The term risk mitigation, broadly speaking, means to try and prevent danger. You might think of it as “reducing exposure.” In general, there are four best practices employed in aviation SMS to mitigate risk, and they include:
- Risk Avoidance;
- Risk Transference;
- Risk Segmentation; and
- Risk Likelihood Reduction.
In aviation safety programs, these strategies are all used depending on:
- The context of the environment;
- The type of risk; and
- Resources available.
If you are wondering ways to mitigate risk in aviation safety management systems, here are four best practices.
Avoid Risk Completely
Avoiding a risk is a common best practice in the aviation industry. Where it is convenient, it is almost always the best way to mitigate a risk.
Commonly, this practice is known as risk avoidance, and entails limited or non-participation in actions/tasks that have an unacceptable level of risk.
Risk avoidance is extremely desirable because it:
- Is extremely effective in completing removing potential problem from aviation SMS; and
- Offers high degree of assurance of reduced exposure.
Despite these excellent benefits, risk avoidance has some distinct limitations:
- Many hazards and risk (occurrences) simply cannot be avoided; and
- Avoiding certain practices can impact the efficiency of operations, and is not practical.
This is a good risk strategy to use if:
- The task/mission is not essential and can simply be removed from your processes; and
- There are multiple ways of completing a task/mission and you can substitute a different process for completing the task/mission.
Risk avoidance and risk substitution are in actual practice much the same thing, though you might see them listed separately.
Break the Risk up into Smaller Parts
Breaking up risk into smaller parts is called Risk Distribution or Risk Segregation. This is a fantastic best practice to mitigate risk in aviation safety management systems.
Risk Distribution means distributing hazardous mechanisms into separate locations, roles/duties, or barriers. This is kind of a confusing definition, but in actual practice is means breaking up a task into:
- Different locations; or
- Multiple parts (i.e., multiple barriers).
For example, some real-world examples of risk segregation are:
- Storing fuel in specially reinforced containers (segregating flammable substance from outside hazards);
- Having security based SMS software (segregating information based on role in company);
- Keeping backup servers in off-site location (segregating location of primary and backup servers); or
- Keeping fuel storage away from combustible machinery (segregate chemicals and fire sources).
Risk Segmentation is beneficial because:
- Easy way to drastically reduce likelihood/severity of risks;
- Easy to control; and
- It’s very practical - many opportunities to use this type of strategy.
Some situations where it is not a best practice to use this strategy are:
- Can be very expensive – such as moving a backup server to an entirely differnet location, or purchasing a bunch of new specialized materials; and
- Can involve significant changes to existing operations (locations, processes, parts, etc.).
The mantra of this risk mitigation strategy is don’t put all of your eggs in one basket. Distribute risks around your organization, both physically and organizationally.
Transfer Risk Responsibility to Someone Else
Risks are owned by your company. Ideally, you have assigned different risks to different subject matter experts in your company. Ownership means that you are responsible for mitigating the risk and preventing it from happening.
With some risks, it does not make sense for you to “own” that risk. Common scenarios where it doesn’t make sense for an aviation service provider to own a risk is when the risk is the result of one of your vendors like:
- Parts providers; or
- Maintenance crew.
The vendors are probably better subject matter experts for those types of risks and are better equipped to deal with those risks.
This is called Risk Transference, which is usually a formal (i.e., contractual) commitment for a third party to accept ownership of a risk. For example, in a contract agreement with a vendor you might state what types of problems they are liable for.
Use this risk mitigation strategy as a best practice when:
- The subject matter expert is not in your company, but in a third party;
- You are entering into contract with a new vendor and deciding which risks that your company has direct oversight over; and
- You are trying to free up manpower and resources to focus on most relevant risks to company.
Risk responsibility has some pitfalls, and it’s very important that the transference is formal. Despite this risk transference:
- May or may not be reliable – your organization might ultimately be the one who suffers;
- May introduce further risk that is unaccounted for if the third party is unreliable; and
- Is prone to problems because many risks fall into the gray area of responsibility, and “transfer” is simply not an option.
Reduce Chances of Risk or Hazard Occurrence
Probably the most common best practice for risk mitigation is in simply reducing the chances of occurrence. Reducing risk likelihood and/or severity can be active or passive, meaning:
- Passive - Keeping certain actions to a minimum (only when necessary); and
- Active - Implementing actions that actively reduce risk.
For example, a runway monitoring system is an active risk reduction technique. An emergency response plan is a passive technique because it only happens under certain circumstances.
This type of mitigation works well because it
- Offers solution for risks that are impossible to avoid;
- Allows you to gain some “control” over complex situations; and
- Requires that you thoroughly analyze and understand your operations.
Some of the downsides of this strategy are:
- Will need ongoing risk control monitoring to verify that mitigation technique remains effective;
- Can be hard to test a risk control’s effectiveness before implementing it; and
- No assurance that risk avoidance will actually work - so it can be “expensive” use of resources to create and implement.
Published June 2018. Last updated January 2019.