Professional Documents
Culture Documents
Risk Management
Risk Management
Objectives
• The aims of this unit are to provide students studying aviation with a thorough grounding in the theory of
risk and its application in the aviation industry.
• The unit will also promote the development of risk theory and practice, and should enable students to
contribute at a high level to risk management strategy decisions within the aviation industry.
Definitions
Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and
economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events
or to maximize the realization of opportunities.
– The processes and related policies, structures, and systems for identifying, analyzing, evaluating, and
responding to risks
– Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals
Risks:
– directly reduce the productivity of knowledgeable workers,
– decrease:
– cost-effectiveness,
– profitability,
– service,
– quality,
– reputation,
– brand value, and
– earnings quality.
Risk is the possibility that an event will occur and adversely affect the achievement of an objective
Accident: an occurrence, where a person is fatally or seriously injured or the aircraft sustains damage or structural
failure.
Hazard – A condition that poses a level of threat to life, health, property, or environment.
Safety Event – An exposure or contributing event which alone or in combination could result in an unwelcome
event.
Undesirable Event – A stage in the escalation of an event which could without an active recovery measure become
an incident or accident.
Incident - A hazardous situation that has come to pass is called an incident.
Outcome – Actual or Potential scenario and may be assigned a consequence severity.
Consequence – A measure of personnel injury, equipment damage, material loss or reduction in availability of
function.
“Risk management. The identification, analysis and elimination (and/or mitigation to an acceptable or tolerable
level) of those hazards, as well as the subsequent risks, that threaten the viability of an organisation.” (ICAO Doc
9859).
“Safety risk management (SRM) - a formal process within the SMS composed of describing the system, identifying
the hazards, assessing the risk, analyzing the risk, and controlling the risk. The SRM process is embedded in the
processes used to provide the product/service; it is not a separate/distinct process.”
Risks themselves can be from:
• Internal to the project
– the adoption of a new technology,
– team members that are new to the project manager,
– resource constraints and internal dependencies.
• External :
– the health of the financial markets,
– competitive pressures,
– legal liabilities
– accidents.
The sheer number and type of risks that may (or may not) factor in to a given project gives a good idea of how
complex and problematic risk assessment can become.
Elements of risk management process
• Identify, characterize threats
• Assess the vulnerability of critical assets to specific threats
• Determine, the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific
assets)
• Identify(seek)ways to reduce those risks
• Prioritize risk reduction measures
Risk management should:
• create value – resources expended to mitigate risk should be less than the consequence of inaction
• be an integral part of organizational processes
• be part of decision making process
• explicitly address uncertainty and assumptions
• be a systematic and structured process
• be based on the best available information
• be tailorable
• take human factors into account
• be transparent and inclusive
• be dynamic, interactive and responsive to change
• be capable of continual improvement and enhancement
• be continually or periodically re-assessed
Dealing with the Risk
Being aware of what the risks are will dictate how effective each of the individual risk management options might be.
Avoid the Risk – This may seem obvious, but it is an actual technique. There are instances where a perceived risk
can be avoided entirely if certain steps are taken.
E.g. a concern over a vendor supplying a given deliverable at a specific timeframe. It may be decided to
perform the actual work for the deliverable in-house thereby eliminating the risk of the external vendor.
Reduce the Risk – While some risks cannot be avoided, they can be reduced.
accomplished by fine tuning aspects of the overall project plan or making adjustments to specific areas of
scope.
Whatever the case, reducing a risk reduces the impact it will have on your project.
Share the Risk – If a certain risk cannot be avoided or reduced, steps can be taken to share the risk in some way.
results in it being spread out over several different injoint venture with a third-party will reduce the downside
risk for the organization as a whole.
reduces the sunk cost and potential losses of the project if sharing of risk dividuals or groups.
Retain the Risk – This is actually a judgement call.
Once all options are exhausted, the team members, sponsor and project manager may just decide to retain the
risk and accept the downside potential as is.
This decision is usually made by first determining the upside potential of the project.
If it is deemed that the project’s expected upside far outweighs the sunk cost and downside, then the risk
itself may be worth it.
Reinforcing these principles can help demonstrate how a robust risk management program supports achievement of
the organization’s mission and vision.
Risk identification,
Risk analysis,
Risk control,
Risk financing and
Claims management
The analysis
• What is the worst that could happen?
• Put another way, how often could these adverse events happen (frequency), and if it does happen, what’s
the worst it could be (severity)?
– lose of life.
– Lose of property
– Lose of time
– Lose of name
e.g. the driver is never on the highway, only drives in good weather during daylight, on roads with speed
limits of 30 miles per hour or less, in a well-maintained car, etc.
The analysis part of the risk management process should take the individual through several of these “what if”
questions to help arrive at potential frequency and severity of an event.
Risk control
• Offers opportunities for:
– risk avoidance,
– risk prevention and
– risk reduction.
• Risk prevention aims to reduce the frequency or likelihood of the event or loss.
– preventing breakdowns by following maintenance and inspection schedules,
– keeping air in the tires and gas in the tank and following all operating laws.
• Risk reduction aims to lower the severity of a particular loss that has already occurred, for example ensuring
property damage to another person’s vehicle is repaired quickly so the time they are without a car is limited.
• The risk control program implemented will consider the various strategies already in place, and may introduce
new techniques based on the findings of the analysis activity.
Risk financing, is a way to finance losses that the risk control techniques implemented did not stop from happening.
In our example, even with all the proper maintenance on the car, safe driving, etc. an accident may still occur.
By having appropriate insurance, funds are generated by the insurance company to pay for the losses, or in
this case, damage to the car.
Claims management.
When a loss occurs, a claim may be filed to recover damages. If the driver at fault was not insured, a different course
of action may be necessary to hold the driver personally responsible for paying for the damage.
Description
• The complete elimination of risk in aviation operations obviously is an unachievable and impractical goal (being
perfectly safe would require stopping all aviation activities and to grounding all aircraft) as not all risks can be
removed and not all possible risk mitigation measures are economically practical. In other words, it is accepted
that there will be some residual risk of harm to people, property or environment, but this is considered to be
acceptable or tolerable by the responsible authority and the society.
• Risk management, being a central component of the SMS, plays vital role in addressing the risk in practical
terms. It requires a coherent and consistent process of objective analysis, in particular for evaluating the
operational risks. In general, Risk Management is a structured approach and systematic actions aimed to achieve
the balance between the identified and assessed risk and practicable risk mitigation.
Aviation Maintenance Hazard Identification and Risk Management
Objective
The objective of Risk Management is to ensure that the risks associated with hazards to flight operations are
systematically and formally identified, assessed, and managed within acceptable safety levels.
ICAO Provisions
Several Annexes of the Chicago Convention aim to harmonise and extend the provisions relating tosafety
management by aircraft operators and aviation service providers. These changes introduce a framework for the
implementation and maintenance of a safety management system (SMS) by the operators/service providers. The
framework consists of four main components:
Safety Policy and Objectives
Safety Risk Management
Safety Assurance
Safety Promotion
Risk Management Elements
Risk management consists of three essential elements:
Hazard identification - Identification of undesired or adverse events that can lead to the occurrence of a hazard and
the analysis of mechanisms by which these events may occur and cause harm. Both reactive and proactive methods
and techniques should be used for hazard identification.
Risk assessment - Identified hazards are assessed in terms of criticality of their harmful effect and ranked in order of
their risk-bearing potential. They are assessed often by experienced personnel, or by utilising more formal techniques
and through analytical expertise. The severity of consequences and the likelihood (frequency) of occurrence of
hazards are determined. If the risk is considered acceptable, operation continues without any intervention. If it is not
acceptable, the risk mitigation process is engaged.
Risk mitigation - If the risk is considered to be unacceptable, then control measures are taken to fortify and increase
the level of defences against that risk or to avoid or remove the risk, if this is economically feasible.
• Flow chart below depicting the Risk Management process:
• Risk Management process (extracted from ICAO Doc 9859 - Safety Management Manual)
• Furthermore, effective Risk Management requires that the safety “cost-benefit” of the planned and
implemented course of actions is analysed, including the case of choosing a “do nothing” strategy.
• If it is decided to act for limiting the exposure to the identified risks, each risk control measure needs to be
evaluated, to reveal possible latent hazards and dormant risks that may arise from activating that measure.
• Once these control measures are implemented, the organisation needs to ensure they are engaged in a correct
way, and this is achieved through a set of arrangements, processes and systematic actions, which build
the Safety
Assurance domain of the SMS.
Risk Management is based on a variety of hazard identification means. According to ICAO Doc 9859 this SMS
component may include both proactive and reactive methods and techniques. Safety occurrence
reporting and investigation, being assigned to the reactive category, are well known essential means for
identifying key risk areas and corrective risk mitigation measures. In addition, the increasing integration,
automation and complexity of flight operations requires a proactive, systematic and structured approach to risk
assessment and mitigation using predictive and monitoring techniques. Risk assessment need to be conducted for
any changes that may impact the safety of services provided by the operator/service provider.
The risk management concept is equally important in all aviation sectors and should be implemented in a consistent
manner by airline operators, air navigation service providers, certified aerodrome operators, maintenance
organisations and training organisations. Its strategies include identifying the risk, assessing the risk, avoiding or
reducing the risk and accepting certain risks.
Risk Controls – Any system, activity, action or procedure introduced to reduce the risks associated with a hazard.
Mitigation options include – Elimination of the hazard or Reduction in the frequency of the hazard by impacting
either the likelihood or severity of outcome.
There are essentially two ways the hazard will come to our attention, either through the raising of an issue by a
contributor, through incident, accident or observation, or by identifying the risk or exposure through various
organisational processes designed to identify the problems.
The raising of an issue
– There are typically 2 reasons why this will happen:
– i/ Because something has happened and it has to be reported
– ii/ Because something could happen and it should be reported
– In respect of (i) we have to make sure that all maintenance personal are aware of the reporting procedures.
– In respect of (ii) we are faced with behavioural and cultural issues, there is a tendency within the
maintenance environment to under report or to fail to report
b) By identifying the risk or exposure through various organisational processes designed to identify the problems.
Organization Tools which may be employed to support the mitigation of hazards include:
– i/ Selective Brainstorming of selected Personnel (Qualitive)
– ii/ Focused studies aimed at exposing Hazards (Qualitive)
– iii/ Checklists (Qualitive)
– iv/ Audits (Qualitive)
– v/ Surveys (Qualitive)
– vi/ Continuous Collection of Data through feedback activities (Quantative)