How to Build a Risk-Based Aviation Safety Management System
You can do all the audits you want and assign corrective actions until the cows come home, but unless your aviation Safety Management System (SMS) incorporates the essential element of risk, you’re missing the point.
Reducing risk to individuals, and really the organization as a whole, is the entire purpose of an SMS. And yet, most companies still tend to look at risk management from a siloed perspective, with only 20 percent integrating risk management data with other business systems.
This post looks at essential places to integrate risk into your SMS, helping you shift from reactive approaches focused on past incidents to proactive strategies that help prevent them.
On any given day, you’re probably looking at a laundry list of open corrective actions and safety incidents. How do you know which ones need priority attention today? If the due date is the only criteria you use, you probably need to change your approach.
Key strategies include:
- Quantifying risk for each incident and corrective action in your system. This allows you to filter out the issues that pose the biggest risk and therefore deserve priority action.
- Creating customized workflows to automatically route incident review and corrective action requests through specified processes. This ensures that all incidents go through a standardized process and reduces the chances that critical tasks will get buried or lost.
- Calculating residual risk before closing out an incident or corrective action. This acts as a final effectiveness check, allowing you to see whether you can safely close the issue, or whether it needs additional corrective action.
Complying with all the regulations that apply to your company is a daunting task, simply due to the sheer number of regulatory requirements that likely apply to you. Occupational Health and Safety Administration (OSHA), Environmental Protection Agency (EPA), Federal Aviation Administration (FAA)—all of these agencies expect you to be on top of your compliance game, and getting it wrong can mean stiff fines and penalties.
More than just compiling a list of requirements, you need a way to analyze compliance. Many companies use risk as a key framework for approaching compliance, with a compliance assurance process that looks something like the following:
- Centralize all requirements and determine which ones apply.
- Link each applicable requirement to existing controls, whether training, documents or engineering controls.
- Identify gaps where requirements don’t have controls, or where existing controls are not sufficient to meet the requirement.
- Flag high-risk compliance gaps for follow-up. This is an essential step considering that your compliance check may uncover many potential gaps.
Employee training is central to risk management, but you need a way to track it effectively in order for training to actually reduce your risk.
Key areas to incorporate risk management approaches into your employee training process include:
- Triggering new employee training requirements when critical changes occur, like when you revise important safety documents or processes.
- Automatically notifying supervisors when employees are overdue for required safety training.
- Using post-training assessments and quizzes to gauge training effectiveness.
Internal audits can reduce safety risk, if your audit process is built around risk. Similar to corrective action, you should focus on:
- Flagging high-risk noncompliances.
- Closing the loop on follow-up using risk as a key measure of effectiveness.
- Creating automated workflows that keep critical items moving through a standardized process.
Leveraging Risk Tools
Risk Assessment tools like Job Safety Analysis (JSA), risk matrices and bowtie risk assessment can help you get a big-picture view of risky processes and what’s actually needed to make them safer.
More than just standalone tools, however, they need to be integrated with your SMS. This makes it easier for individuals to access risk information when they need it, whether it’s part of a change management process, a safety audit or a corrective action.
Risk is perhaps the most useful when it comes time to report on your safety activities. That’s because while many higher-ups don’t necessarily understand the inner workings of your department, everybody “speaks” risk.
Centralized, risk-based reporting makes it easier to:
- Spot underlying trends or processes that need reworking.
- Demonstrate how your activities have systematically lowered your organization’s risk profile.
- Create live alerts that notify you of specific events (or even when key metrics approach a threshold).
- Identify leading indicators that your team can use as predictive metrics, a key part of safety culture maturity.
We’ve looked at several different areas where aviation companies need to incorporate risk into their SMS. But in reality, creating a risk-based SMS can’t be achieved from one-off actions. It’s about having a system where all the pieces are connected, sharing data and allowing you to make any process a risk-based process.