For new aviation safety managers, creating effective safety management system (SMS) documentation can be a daunting task, especially when it comes to residual risk.
Residual risk—the risk that remains after mitigation measures are applied—is a critical component of aviation safety risk management. Properly identifying and documenting residual risk ensures compliance with Federal Aviation Administration (FAA) regulations, enhances operational safety, and prepares organizations for audits.
This evergreen guide provides a step-by-step approach to help aviation safety managers master this process, even if they’re starting from scratch.
Residual risk is the level of risk that persists after controls or mitigations have been implemented to address an identified hazard. In aviation, where safety is paramount, understanding and documenting residual risk is essential for meeting FAA requirements under 14 CFR Part 5. The FAA’s Advisory Circular 120-92B emphasizes that organizations must assess whether residual risk is acceptable within their acceptable level of safety (ALoS).
For example, a hazard like “bird strikes during takeoff” may be mitigated with wildlife control measures, but some risk remains. Documenting this residual risk ensures transparency, supports decision-making, and demonstrates compliance. This guide outlines practical steps to identify and document residual risk in your SMS risk management workflows.
Before identifying residual risk, ensure your SMS includes a standardized risk management framework. This framework, often centered around a risk matrix, provides the foundation for assessing initial and residual risks. According to FAA’s [Order 8040.4C](https://www.faa.gov/documentLibrary/media/Order/FAA_Order_8040.4C.pdf), the risk management process involves:
Hazard Identification: Recognizing potential safety issues (e.g., runway incursions).
Risk Assessment: Evaluating severity and likelihood.
Risk Mitigation: Implementing controls to reduce risk.
Residual Risk Evaluation: Assessing the risk that remains.
Document the risk matrix, which plots severity (e.g., negligible, minor, major, catastrophic) against likelihood (e.g., improbable, remote, occasional, frequent). For example, a 5x5 matrix assigns risk levels (low, medium, high) to guide mitigation decisions. This framework will be used to compare initial and residual risk levels.
Related Articles on Aviation SMS Risk Matrix
Residual risk cannot be assessed without first identifying hazards and their initial risks. Use the following methods to identify hazards:
Safety Reports: Encourage employees to report hazards via SMS reporting systems.
Audits and Inspections: Conduct regular safety audits to uncover operational risks.
Incident Analysis: Review past incidents, such as near-misses or equipment failures.
For each hazard, assess its initial risk using the risk matrix. For instance, a hazard like “taxiway congestion during peak hours” might be rated as “Major + Occasional = Medium Risk.” Document:
Hazard Description: A clear summary of the issue.
Initial Risk Assessment: Severity, likelihood, and risk level.
Data Sources: Incident reports, employee feedback, or audit findings.
This documentation sets the baseline for evaluating residual risk after mitigations.
Once initial risks are assessed, develop mitigation strategies to reduce them. Mitigations should be specific, measurable, and tailored to the hazard. For example:
Hazard: Bird strikes during takeoff.
Mitigation: Install bird deterrent systems, train ground crews on wildlife management, and adjust flight schedules to avoid peak bird activity.
Document the mitigation plan, including:
Control Measures: Specific actions taken.
Responsible Parties: Who will implement and monitor the controls (e.g., operations manager).
Timelines: When mitigations will be completed.
Resources: Budget, equipment, or training required.
Effective mitigations reduce the severity and/or likelihood of the hazard, but they rarely eliminate risk entirely. This remaining risk is the residual risk.
After implementing mitigations, reassess the hazard to determine the residual risk. Follow these steps:
Evaluate the hazard’s severity and likelihood post-mitigation. For the bird strike example, mitigations might reduce the likelihood from “Occasional” to “Remote,” resulting in a lower risk level (e.g., “Major + Remote = Low Risk”).
Document the difference between initial and residual risk to show the effectiveness of mitigations. For example:
Initial Risk: Major + Occasional = Medium Risk.
Residual Risk: Major + Remote = Low Risk.
Determine if the residual risk is acceptable based on your organization’s ALoS. FAA guidance suggests that “Low” risks are typically acceptable, while “Medium” or “High” risks may require further action. Document the rationale for accepting or rejecting the residual risk, referencing FAA standards or organizational policies.
Use a standardized template to document residual risk. A sample template includes:
Hazard Description: Taxiway congestion during peak hours.
Initial Risk: Medium (Major + Occasional).
Mitigation Measures: Implemented taxiway flow management and additional ground staff.
Residual Risk: Low (Major + Remote).
Acceptability: Acceptable per ALoS.
Approval: Safety manager’s sign-off.
Include this template in your SMS manual to ensure consistency.
Residual risk documentation must be integrated into broader SMS processes to support safety assurance and promotion. Key integrations include:
Safety Performance Indicators (SPIs): Use residual risk levels to monitor safety trends. For example, track the number of “Low” vs. “Medium” residual risks over time.
Corrective Action Plans: If residual risk is unacceptable, document additional mitigations and reassess.
Safety Reporting: Link residual risk assessments to employee-reported hazards to close the feedback loop.
Training: Educate staff on how residual risk informs safety decisions.
Document these integrations in your SMS manual, showing how residual risk assessments contribute to a proactive safety culture.
FAA audits require traceable records of risk management processes, including residual risk assessments. To prepare:
Centralize Documentation: Store records in a digital SMS platform or secure database.
Maintain Version Control: Track changes to risk assessments or mitigation plans.
Retain Records: Keep documentation for at least 5 years, per FAA requirements.
Document your record-keeping procedures, specifying who is responsible for maintenance and how records are accessed during audits. This ensures compliance with FAA SMS Voluntary Program guidelines.
New safety managers often overlook the importance of training. Ensure all relevant personnel understand how to identify and document residual risk. Develop a training program that covers:
Risk Matrix Application: How to assess initial and residual risks.
Mitigation Development: Best practices for creating effective controls.
Documentation Standards: How to complete residual risk templates.
Include practical exercises, such as assessing the residual risk of a hypothetical hazard like “fuel spills during refueling.” Document the training program, including schedules and attendance records, to demonstrate FAA compliance.
Residual risk assessments must be dynamic, reflecting changes in operations, regulations, or incident data. Document a review process that includes:
Scheduled Reviews: Conduct annual or semi-annual reviews of residual risk assessments.
Trigger-Based Reviews: Reassess risks after significant incidents, audits, or operational changes.
Lessons Learned: Incorporate findings from safety reviews to refine mitigations.
Document all updates, including the rationale for changes, and communicate them to staff. This ensures your SMS remains FAA-compliant and effective, especially when your finding have been included in the Lessons Learned Library.
Related Articles on Lessons Learned Library in Aviation SMS Context
SMS software can streamline residual risk identification and documentation. Tools like SMS Pro or ABC offer features such as:
Automated risk matrix calculations.
Digital templates for residual risk assessments.
Dashboards for tracking residual risk trends.
Document how your organization uses technology to support residual risk workflows. This demonstrates a commitment to best practices and simplifies FAA audits.
FAA audits evaluate SMS effectiveness, including residual risk documentation. To ensure readiness:
Organize Records: Ensure all residual risk assessments are complete and accessible.
Demonstrate Consistency: Show that residual risk is assessed uniformly across hazards.
Highlight Integration: Provide examples of how residual risk informs safety decisions.
Document an audit preparation checklist in your SMS manual, including steps to verify residual risk records. This helps new safety managers navigate inspections with confidence.
New safety managers may encounter pitfalls when documenting residual risk. Avoid these common mistakes:
Incomplete Assessments: Always reassess risks after mitigations to document residual risk.
Vague Documentation: Use specific, FAA-aligned terms for severity and likelihood.
Neglecting Training: Ensure staff are trained to assess and document residual risk.
Static Processes: Regularly update assessments to reflect operational changes.
Identifying and documenting residual risk is a critical component of aviation SMS risk management workflows. By
For new safety managers, the key is to follow a structured approach, prioritize training, and maintain traceable records.
This process may feel complex, but with the steps outlined above, it becomes manageable. Effective residual risk documentation not only meets regulatory requirements but also fosters a proactive safety culture. Start implementing these practices today to build a stronger, safer aviation operation.
FAA SMS Guidance
Advisory Circular 120-92B
Order 8040.4C