FAA’s SRM Risk Control Component – Defining Risk
The FAA’s SRM Risk Control component is the 5th and final element in the Safety Risk Management process.
The Risk Control component is the phase in which you will bring hazards and hazards’ risks into an acceptable level of safety.
Creating effective risk controls is essential – messing up here means you wasted the analysis and assessment efforts done in previous phases.
SRM Risk Control Based on Four Pillars
The FAA’s SRM Risk Control process is outlined in the Advisory Circular and is based on the 4 Pillars of SMS. Of all the Safety Risk Management Processes, the FAA probably outlines expectations the best for the Risk Control component.
The Federal Aviation Administration defines risk controls as, “anything that would lessen the likelihood or severity of a potential incident/accident." Risk control can be:
- New safety policies or procedures;
- New aviation SMS software or equipment
- New employees;
- New subcontractors;
- New duties and/or responsibilities;
- New bureaucratic elements, such as a checklist; and
- Any other type of beneficial change.
The FAA doesn’t box you in as to what risk control is. You just need to be able to demonstrate:
- The need for the risk control; and
- Why the risk control lessens risk likelihood/severity to an acceptable level.
As we discussed in the SRM Risk Assessment article, “acceptable level” is something that your company decides – you just need to be able to vindicate your decisions.
Important Language Points in SRM Risk Control
There are a couple of subtle but extremely important points mentioned in the Advisory Circular.
- Control measures mitigate a hazard’s potential negative consequences (risk) (Section 5.55(d));
- Before a risk control is implemented, you need to ensure that it will actually work (Section 5.55(d)); and
- You need to develop a “process to develop safety risk controls” (Section 5.55(c)).
All of the above points need to be strictly adhered to as you create and implement types of risk controls. Basically, make sure your controls are:
- Specific to particular risks;
- Analyzed and evaluated for “acceptability” before implementation; and
- Developed with the same process each time.
Fortunately, the FAA outlines the process that you need to “develop and maintain.”
Related Articles on Risk Controls in Aviation SMS
- How to Monitor and Control Risk in Aviation SMS
- How to Evaluate Risk Controls and Risk to Aviation SMS Implementations
- FAA Part 5 - Monitor Safety Risk Controls in Aviation SMS
Process to Develop Control Measures
The FAA strongly implies that there are three distinct phases in this component:
- Design new risk control (3.f.1);
- Analyze potential negative side effects of new control (“substitute risk”) (3.f.2); and
- Reassess risk on the hazard’s negative consequence (3.f.2).
The FAA doesn’t offer guidance on what they mean by “designed,” though this isn't a problem. The straightforward implication seems to be that you need to develop an idea for risk control, including the purpose, function, and goal of the risk control. This is a pretty standard concept.
What the FAA is clear about is that you need to analyze new control measures to ensure that:
- It adequately brings the risk to an acceptable level of safety; and
- Does not accidentally introduce any new risks, known as “substitute risks.”
Controls should not be implemented before analysis!
After analysis, you need to perform a residual risk assessment (aka, a reassessment) on the risk that the control measure addresses. You should already have an initial assessment performed on the risk during the SRM Risk Analysis component.
What’s Missing From the FAA’s SRM Risk Control Component
While the Risk Control component does an excellent job outlining how it wants you to address creating control measures, it’s hard not to feel like the SRM Risk Control requirements are missing something crucial. It’s important to understand just what the FAA’s requirements are asking for from your airline SMS or airport SMS program.
Namely, the requirements call for your safety program to:
- Create control measures in response to hazardous conditions in order to prevent risk; but
- There is no requirement in the Advisory Circular to create control measures that mitigate the likelihood of the hazardous condition from being present.
Hazards are the prerequisite for accidents and safety incidents. The FAA needs to require aviation service providers to develop risk controls for hazard mechanisms too. If you cut out the hazard, you cut out the risk.
Though not required yet, your SMS program should definitely try to mitigate the likelihood of hazardous conditions through control measures that are:
- Detective;
- Corrective; and
- Preventative.
If you've come this far, chances are this information was helpful. The good news is we have much more guidance to offer in this free eBook that offers FULL coverage of what you need to know to comply with each element of the FAA's Safety Risk Management process.
Last updated September 2024.