FAA Part 5 Compliance | Safety Risk Management Risk Assessment Element

FAA’s SRM Risk Assessment Element

The FAA’s SRM Risk Assessment element is the 4^th component in the Safety Risk Management Process. This process is outlined in the Advisory Circular and is based on the 4 Pillars of SMS.

The FAA's SRM Risk Assessment will naturally result from the SRM Risk Analysis component. Once a thorough risk analysis has been performed, responsible managers should have a good idea of the chances of a risk occurring, as well as potential damages/injuries.

Risk Assessment in Safety Risk Management Process - It's About Consequences

Remember that “risk assessment” in this case refers to the assessment of consequences discovered during SRM Risk Analysis. Each hazard may therefore have multiple risk assessments for each of its negative outcomes or "risk scenarios." Here are the most important elements of assessing risk:

• Risk assessments are performed by documenting the likelihood and severity of a consequence (risk) occurring;
• Assessments are almost always summarized with a risk matrix; and
• Assessments will be the deciding factor as to whether a risk moves into the FAA’s Safety Assurance process or moves into the FAA’s SRM Risk Control element.

It’s important to note that the SRM Risk Assessment component is the bridge between the FAA’s Safety Assurance and Safety Risk Management processes. This is important because the SRM and SA processes need to intimately tie together for the aviation SMS program to adequately meet regulatory requirements and reduce risk to as low as reasonably practical (ALARP).

FAA’s Expectation of Likelihood and Severity

It’s important to understand what the Federal Aviation Administration’s expectations are regarding severity and likelihood, both in how you define them and how you use them. They are integral terms to performing risk assessments:

• Severity definition: how bad is the potential damage/injury of the consequence;
• Severity indication: how are you measuring damages (cost, lives lost, etc.);
• Likelihood definition: chances that the consequence will happen if the risk condition occurs; and
• Likelihood indication: what frequency are you using to measure likelihoods (happened in the industry, happened in the company, happened in company 3 times in last year, etc.).

You not only need to understand how the FAA defines severity and likelihood, but the FAA specifically says that it is your responsibility to “develop criteria for severity and likelihood…”

All this means is to indicate:

• How you are measuring severity; and
• How you are measuring likelihood.

This is usually indicated on a risk matrix by simply defining the measurement next to the associated column/row header. For example, a risk matrix says in one column under severity, “Catastrophic: multiple loss of life and/or $1,000,000+ in damages.” Or, in the likelihood header row, “Frequent: occurred 3 times in company in last year.”

Creating your own criteria for likelihood and severity is an essential component of demonstrating compliance and performing consistent risk assessments.

Process for Conducting Risk Assessment

You already probably have considerable experience assessing risk, which basically means reviewing all relevant details and summarizing the exposure with a risk matrix.

• Review relevant data related to consequence;
• Review relevant risk controls that help mitigate consequence;
• Establish where the consequence aligns with how you indicated severity;
• Establish where the consequence aligns with how you indicated likelihood; and
• Summarize the assessment by choosing the appropriate box on the risk matrix.

The end result of the risk matrix will be a number and a letter, which is the code that summarizes your exposure. For more information, see this article covering how to perform risk assessments with a risk matrix.

The process can be done by an individual, such as an owner. In medium/larger organizations, the FAA recommends that this process be “coordinated across the divisional and geographic units of the company.”

Related Articles on Risk Assessments in Aviation SMS

• How to Justify Severity of Risk Assessments - Best Practices
• 5 Questions to Ask Before Making Risk Assessment
• Flight Risk Assessment Tool Good Aviation SMS Backbone?

Outcomes and Goals of SRM Risk Assessment

The goals of SRM Risk Assessment are:

1. Quantify and document exposure for all consequences of a hazard;
2. Establish whether the hazard is adequately controlled;
3. Establish whether the hazard is ready to be monitored in the SA process; and/or
4. Establish whether the hazard needs further measures to control consequences.

As you can see in the diagram below, the outcomes of a risk assessment will determine what you do next. When the FAA says the objective of the SRM Risk Assessment element is, “To make a decision,” this decision IS whether to monitor the hazard in SA (e.g. SA System Monitoring) or implement further risk controls.

What Is “Acceptability” of Operation

“Acceptability of operation” is a key phrase used in the Objective of the SRM Risk Assessment component. In layman's terms what this means is that the objective of performing the FAA's SRM Risk Assessment component is to answer the question:

• Does this risk need more work to be "acceptable", or can we begin monitoring control measures?

Where you draw the line for more work or more monitoring is your acceptability threshold. The FAA specifically says it's up to you to define what acceptability is, "If you decide the risk is not acceptable."

Many companies use the following parameter, and this seems to be satisfactory:

• Risk assessments that are assessed as “low” (green) or the lower end of “medium” (yellow) are generally considered within “acceptability of operation”;
• Risk assessments that are on the higher end of “medium” or are “unacceptable” are not within “acceptability of operation.”

Of course, some discretion is needed. Acceptability is also a product of available risk controls. If a risk control is outdated for a low-risk issue, companies may find that to be “unacceptable.”

As the FAA says, “Risk assessment is based on judgment, experience, and input…” Long story short, you should simply be able to create a strong argument for each assessment.

If you've come this far, chances are this information was helpful. The good news is we have much more guidance to offer in this free e-book that offers FULL coverage of what you need to know to comply with each element of the FAA's Safety Risk Management process.

Last updated October 2024.