Hazard identification and risk management are two major activities of formal, aviation safety management systems (SMS). Once the hazard is identified, the safety concern is reported to management for treatment via the SMS risk management processes. SMS risk management processes evaluate:
Simply put, risk control is a measure that an organization takes to either detect manifesting hazards, avoid risks, or lessen consequences resulting from an uncontrolled hazard.
A “measure” is simply anything management does with the goals of lessening/avoiding risk and consequences, such as:
Risk controls are the ultimate expression of risk management in aviation SMS implementations. Corrective actions and preventative actions, issue management, and safety data are all used with the end goal of implementing risk controls that:
As an aviation SMS becomes more mature, the organization will gradually improve the effectiveness and sophistication of risk controls. Employees and stakeholders in robust safety cultures continuously monitor the "systems" for anomalies and promptly submit safety reports as potential safety concerns are identified. Safety management teams react to the reported safety issues. One of the subsequent risk management activities is to review the affected systems and evaluate the effectiveness of implemented risk controls, which are also called "control measures" by many safety professionals.
Risk controls need to be monitored and periodically updated to meet changing safety needs and emerging risks. As we have seen, failing risk controls can be reported by stakeholders as they interact with the "system." Other environmental changes requiring action are identified by quality assurance departments through auditing, evaluations, and inspections. Through a process of continuous monitoring and improving risk controls, the aviation service provider becomes more efficient and safe.
When we talk about risk controls, we are generally talking about proactive risk controls and mitigative risk controls.
Proactive risk controls in aviation SMS implementations are used to avoid risks and prevent undesirable events from happening. Some common examples of proactive risk controls are:
There are obviously countless more proactive risk controls, but the primary way to identify a proactive risk control is to determine whether or not the risk control is used to detect or avoid undesirable safety events. If so, then the risk control should be considered a proactive risk control.
Monitoring and implementing proactive risk controls are critically essential activities for all proactive risk management practitioners. This is one of the core activities of SMS. In fact, when the FAA was drafting SMS legislation, they stated the purpose of SMS implementations as:
The objective of Safety Management Systems (SMS) is to proactively manage safety, identify potential hazards, determine risk, and implement measures that mitigate the risk. The FAA envisions operators being able to use all of the components of SMS to enhance a carrier’s ability to identify safety issues and spot trends before they result in a near-miss, incident, or accident. For this reason, the FAA is requiring carriers to develop and implement an SMS.
Federal Register / Vol 80, No.5 (emphasis added).
Being able to implement proactive risk controls requires a detailed understanding of:
The primary goals of proactive risk control center around pre-risk operations. Once a hazard has manifested itself, different types of controls are used to address potential hazard-related consequences.
Whereas mitigative controls often exist in the realm of being able to make decisions, proactive controls usually exist on a level of safety awareness. What this means is that proactive controls:
We measure the effectiveness of proactive controls in two ways:
Mitigative risk controls in aviation SMS are implemented with the purpose of:
Some examples of mitigative risk controls are:
There are as many mitigative as proactive risk controls, but the hallmark of any mitigative risk control is that it is put in place in order to help return to safe operations once safe operations are lost.
It would be easy to say that mitigative risk controls are not as “ideal” as proactive risk controls because mitigative controls arise from reactive risk management. However, this is a terrible misconception that exists in some safety cultures. Mitigative risk controls are as critical (if not more) to safe operations as proactive risk controls.
Being able to implement mitigative risk controls requires a details understanding of:
The primary goals of risk controls that mitigate are:
Some risks can be eliminated completely with proper actions. Other risks, such as low-probability, and high-impact risks, can be very difficult to avoid and so require actions that attempt to lessen inevitable damages.
Mitigative risk controls absolutely require risk analysis and recurrent risk assessments on the risk. Uncertainties around the severity and likelihood of various damages will make a risk event all but impossible to eliminate or mitigate once it has occurred.
Mitigative risk controls correspond to aviation lagging indicators because they rely on historical performance. In other words, in actual operational environments, mitigative risk controls are almost always implemented in response to some kind of safety event.
Risk controls have always been a "big deal" in aviation SMS; however, there has not been sufficient guidance on how to monitor risk controls. Furthermore, regulatory authorities have not been focusing too heavily on risk controls during their regular SMS audits. This will change.
An SMS implementation may require three to five years to fully implement. During the first years, SMS auditors are focused on the structure of a compliant SMS. Does the operator have all the "pieces" required for a compliant SMS implementation?
Once the SMS implementation is expected to be "mature," SMS auditors become more demanding. They want to see a demonstration of the SMS' performance and how risk controls are evaluated for effectiveness. In order to demonstrate whether a risk control is effective, you will need to analyze and measure its effectiveness on a regular basis. Evaluating risk controls in a spreadsheet is a non-starter, as the process is not efficient, nor is it sustainable for prolonged time periods.
Do you have a way to analyze control measures in your risk management process? If your SMS is in phase 3 or phase 4, then you should have a way to document risk controls. For an auditor, if there is no documentation, then it didn't happen. A best practice is to document risk controls in a centralized database and then review them whenever a new safety issue enters your risk management process.
If you don't have the tools to monitor and measure your risk controls, we can help.
Are you monitoring your risk controls? Can you select a risk control from your list of control measures and tell me how many times it has failed within the past year, two years, or five years?
If you are interested in improving your risk management activities, check out these short demo videos to learn how we can help. Since 2007, SMS Pro has been providing SMS data management tools to the aviation industry to specifically address the ICAO SMS mandate. SMS Pro is considered the best SMS database on the market. SMS Pro is not cheap, but it provides tremendous value to your SMS.
Last updated March 2024.