Operational Risk Assessment and Control

/ Safety Management Systems / March 21, 2011
Operational Risk Assessment and Control / Version 1
Definitions / Page 1

One of the main tools that one can use when setting up an operational risk assessment and control system is to try and catalogue the various identified risks that you have in your operation.

Definitions

Assumption / Accepting the risk and proceeding.
Avoidance / Use of an alternative approach that does not have as high a level of risk.
Consequence / The possible negative outcomes of the current conditions that are creating uncertainty.
Hazard / a source of potential harm, or a situation with a potential for causing harm, in terms of human injury; damage to health, property, the environment, and other things of value; or some combination of these.
Hazard Matrix / A table used in the prioritizing of analyzed risks
Hazard Risk Index / The analysis of a hazard by estimating its probability and severity, the result of which is the Risk Index.
Mitigation / The measures to eradicate the hazard or to reduce the probability or the severity of a risk, thereby reducing the Risk Index.
Potential Remedial Action / Possible action, such as procedural or equipment changes that are use to lower the risk index.
Probability / An expression of how likely the risk is to cause loss, damage, or injury.
Risk / The potential consequences of a hazard, measured in terms of severity and probability
Risk Control / Controlling risks involves the development of a risk reduction plan and then tracking to the plan.
Risk Management / The sum of all proactive management-directed activities that are intended to acceptably accommodate the possibility of failure.
Risk Management Process / A systematic way of identifying, analyzing, and managing risks.
System Safety / A risk management process wherein a systematic process is employed to identify and control risks throughout the life cycle of a project, program or activity.
System Deficiency / The circumstances which permit hazards of a like nature to exist within a system.
Severity / Severity is a measure of the negative impact which could result from an occurrence caused by a hazard.
Terminate / Action will be taken to immediately cease operations until acceptable correction action is taken.
Tolerate / Risks that have a Risk Index so low that they will be tolerated without further action.
Transfer / An attempt to pass the risk to another entity, external or internal.
Treat / Action will be taken to correct the situation and develop mitigation activities.

Risk

In all types of undertaking there is the potential for events and consequences that constitute opportunities for benefit or threats to success. The risks facing an organization and its operations can result from factors both external and internal to the organization. Figure 1 summarizes examples of key risks in these areas and shows that some specific risks can have both external and internal drivers and therefore overlap the two areas.

This risk management procedure is used to deal with strategic and operational risks. Flight school operational risks are associated with an identified hazard.

Types of Risk

In the realm of risk management there are several categories under which risk can be listed. See Figure 1.

Total risk is the sum of identified and unidentified risks.

Identified risk is that risk which has been determined through various analysis techniques. The first task of risk management is to identify, within practical/imitations, all possible risks. This step precedes determining the significance of the risk (severity) and the likelihood of its occurrence (probability). Unacceptable risk is that risk which cannot be tolerated by the managing activity. It is a subset of identified risk which must be eliminated or controlled.

Once the risk analysis and risk control exercises are complete, the identified risk can be broken down into three subsets:

Controlled risk is the risk that has been identified and control measures are in place to mitigate either the severity or likelihood of the hazard, resulting in an acceptable level of risk.

Eliminated risk is the result of taking steps to completely eliminate the hazard. Some of the actions that can be taken to do this are through engineering fixes or ceasing the hazardous activity or operation.

Residual risk is the risk left over after risk management efforts have been fully employed. It is not necessarily the same as acceptable risk. Residual risk is the sum of acceptable risk and unidentified risk.

Acceptable risk is the part of identified risk which is allowed to persist without further engineering or management action.

Unidentified risk is the risk not yet identified. Some unidentified risks are subsequently identified when a mishap occurs. Some risk is never known.

Figure 1

Risk Management Procedure

This risk management process has 4 activities which must be performed continuously. These 4 activities are defined in the sections below.

Risk Identification

The purpose of risk identification is to identify the organization’s exposure to uncertainty. Risk Management is the direct responsibility of all staff and students at the flight school. Throughout all operations all operational personnel will continuously watch for hazardous conditions or situations that may be occurring or developing. Operational personnel are required to take appropriate action to ensure the safe completion of the operation in question.

Risk identification is a methodical way to ensure all significant activities within the organization have been identified and all risks and potential hazards flowing from these activities are defined. As shown in Figure 2 risks can originate both internally and externally.

Potential areas of risks include but are not limited to:

Schedule / Resources / Maintenance / Health & Safety
Students / Technical / Sub Contractors / Software
Facility / Quality / Equipment / Environmental
Customers / Market / Aircraft / Regulatory
Competitors / Financial / Hardware / Design
Sales / Process / Communication / Training
OEM / Manufacturing / Purchasing / Technology

Figure 2

Techniques to identify risks and hazards include structured or unstructured brainstorming, interviews, and voluntary reporting. It is a good idea to condense related statements into one risk item and the categorize statements with common factors such as subject matter, risk owner, type of safety issue, type and focus of risk control action, or other appropriate categories.

Risk statements should include what could possibly occur and a brief description of the perceived consequences. Additional contextual information may be recorded which would capture circumstances, events, safety issues, and interrelationships within the business or program.

Risk Analysis

In performing risk analysis the initial risk statement(s) should be expanded into a complete risk description. The components of a complete risk description are defined in Table 1 below.

If current methods to manage the risk appear to be inadequate then personnel who have the knowledge, expertise, background, and resources to effectively deal with risks are responsible for developing the risk mitigation plans. The components of risks mitigation planning are:

Determine approach:

Can the impact of the consequences be accepted?
Can the risks be transferred to a group more equipped to handle the risk?
Is it necessary to take immediate action?
Are their mitigation actions that can be taken to reduce the possibility of occurrence or reduce the impact? Examples of risk reduction actions would be increasing staffing or obtaining schedule relief.
Is there a hazard to life or property?
Should all operations be stopped?

Define additional resources required, if any

Assign risk owner

Define criteria for closure and closure date,

Set specific review dates for risks review and go/no-go decisions or contingency planning

Risk Description

Selected management actions should be documented in the complete Risk Description:

Name of Risk / The risk should be given a descriptive name to help identify it.
Risk Owner / Person(s) or area responsible to implement action plans and monitor risk reduction activities
Scope of Risk / Qualitative description of the events, their size, type, number, and dependencies
Nature of Risk / Ex. Strategic, financial, operational, technological, compliance, communication, resources, schedule, etc.
Stakeholders / Stakeholders and their expectations
Quantification of Risk / Significance and Probability
Risk Tolerance / Loss potential & financial impact of risk
Probability and size of potential losses/gains
Objective(s) for control of the risk
Risk Treatment & Control Mechanisms / Means by which the risk is currently managed
Confidence in existing controls to manage risk
Identification of opportunities for monitoring and reviewing current methods
Revised Quantification of Risk / Using the results of the Risk Treatment and Control Mechanisms, a revised Quantification of Risk is estimated to ensure that the risk is at an acceptable level.
Potential Action for Improvement / Recommendations to reduce the risk in the future. This is not required in the short term. This can be viewed as actions that may be considered at a future date.
Assumptions for Quantification of Risk and Revised Quantification of Risk / All assumptions made in the quantification of risk should be listed here. This will better explain how certain values were established.

Table 1 Risk Description

Risk Estimation and Prioritization

Risk estimation is performed for each risk to quantify the severity of consequences or impact and likelihood of occurrence.

Severity:

Category / Severity / Characteristics
1 / Catastrophic / The existence of the site or business is in danger. Mission and/or strategy not completed.Death, loss of life or aircraft.
2 / Serious / Significant impact on financial, strategic, and/or organization activities.
Significant impact on regulatory compliance or customer satisfaction
Serious increase in costs, severe injury or damage to equipment
3 / Marginal / Meaningful impact on financial, strategic, and/or organization activities
Moderate impact on regulatory compliance or customer satisfaction
Moderate impact on schedule and/or increase in costs
Minor injury or damage to equipment
4 / Negligible / Some but very limited impact on financial, strategic, and/or organization activities
Low stakeholder concern
No meaningful effects over time
No injury or damage to equipment

Probability of Occurrence:

Category / Estimation / Description / Indicators
A / Frequent / Highly probable will occur again. 91-100% / Has occurred several times before and has high probability of occurring again
B / Probable / Likely to occur in a relatively short period of time or between 41 and 90%. / Potential of it occurring several times in a relatively short time period or has occurred recently
C / Possible / Likely to occur in a lengthier time period or between 21 to 40% chance of occurrence. / Could occur one of more times over a period of time, could be difficult to control, has this ever occurred in the past?
D / Remote / Not likely to occur or less than a 20% chance of occurrence. Adequate controls are in place to prevent the likelihood of occurrence. / Has not occurred and is not likely to occur.
E / Improbable / So unlikely it can be assumed occurrence may not be experienced. Less that 0.5% probability of occurrence. / Has not occurred and will probably not occur

Risk Profile

Based on the combination of impact and likelihood of occurrence the risk profile is created which ranks each identified risk so as to give a view of the relative importance or the risk.

Risk Index / 1
Catastrophic / 2
Serious / 3
Marginal / 4
Negligible
(A) Frequent / 1A / 2A / 3A / 4A
(B) Probable / 1B / 2B / 3B / 4B
(C) Possible / 1C / 2C / 3C / 4C
(D) Remote / 1D / 2D / 3D / 4D
(E) Improbable / 1E / 2E / 3E / 4E

Risk Responses

Defined below are the possible responses to the risk indices:

Risk Index / Response
1A, 2A, 1B / Cease operation immediately. Operations suspended until corrective action taken to lower HRI to a lower color coding
1C, 2B, 3A / Increased supervision or controls required before any further operation. This is temporary (short term mitigation) only and the hazard is to be formally addressed within 30 days to develop long term mitigation.
1D, 2C, 2D, 3B, 3C / Increased supervision or controls required before any further operation. This is temporary (short term mitigation) only and the hazard is to be formally addressed within 90 days to develop long term mitigation.
1E, 2E, 3D, 3E, 4A, 4B / Operation can continue. Hazard will be reviewed on operational audits and/or safety reviews. System and activities to be monitored during normal operations for possible change in HRI due to changes of procedures, resources, equipment, etc.
4C, 4D, 4E / Current HRI requires no further action.

Risk Monitoring and Reporting

Periodic reviews are conducted to review for the occurrence of new risks and to review the affectivity of risk mitigation plans.

The risk management status report should include:

The prioritized list of current risk items
The mitigation plan for each risk, and
The mitigation status or each risk item.

Sample Risk Table

Name of Risk / Weather related – Lack of Operational Control
Risk Owner / Director of Flight Operations
Scope of Risk / Missing Weather information
Weather General
Excessive Crosswinds
Nature of Risk / Operational, compliance, resources, financial, schedule
Stakeholders / School and students
Quantification of Risk / 2C
Risk Tolerance / Lack of operational control, in regards to proper weather information dissemination and use, can lead to missions being launched without required information or meeting pertinent regulations and operational standards. Results can range from aborted flights and missed rescheduling opportunities to occurrences to accidents.
Risk Treatment and Control Mechanisms /

Multiple computers, in sufficient numbers, with proper internet access available in flight planning.
Student’s weather packages to be checked by authorizing instructor as per FTOM 5.4.4.
Flight Watch procedures to be followed as per company policy number xxxx.
Spot check by standard’s department on a regular basis not to exceed 28 calendar days.
Any missions negatively affected by weather will be reported to the safety officer for review.

Revised Quantification of Risk / 3D
Potential Action for Improvement / Incorporate any lessons learned by the safety officer reviewing weather related problems into ground school briefings.

______