We help build safety risk management systems for business performance, operational capability and overall safety
Risk management ensures that risks are systematically analysed (in terms of probability of occurrence and severity of hazard effects), assessed (in terms of tolerability) and controlled to an acceptable level (by implementation of mitigation or treatment measures).
ICAO introduced harmonised requirements for the implementation of Safety Management Systems (SMS) by aviation service providers in 2009. Since then, aircraft operators and aviation service providers are mandated to establish and apply formal risk management processes within the framework of their organisational SMS.
Risk management should create value, be an integral part of organisational processes and be part of decision-making that explicitly addresses uncertainties. It should be systematic, structured and timely, flexible and based on the best available information. It should also be dynamic, iterative and responsive to change and facilitate continual improvement.
A performance-based Risk Management System will deliver many benefits
- Improve controls on safety critical activities
- Encourage proactive management of safety critical activities
- Effectively allocate and use resources for risk treatment
- Be aware of the need to identify and treat risk throughout the organisation;
- Improve operational effectiveness and efficiency
- Improve the identification of threats and opportunities
- Improve loss prevention and incident management
- Minimise harms and improve organisational learning
- Improve organisational resilience and stakeholder confidence
- Establish a reliable basis for decision making and resource planning
Challenges you may be facing
- You need reassurance that the risk picture of your organisation provided by your safety risk management system is accurate and reflective of the day-to-day reality
- You need to create a clear safety strategy for your organisation that identifies the top risks and their impact on your operations
- You need to understand how to better manage risk across your organisation
- You need to improve your skills and competence regarding Safety Risk Management
- You need an impartial benchmark or Risk Management review
How we can help
We have built a solid reputation within the industry for our safety risk management expertise through our practical experience of designing and implementing Human Factors, Error Management, Safety Culture and Safety Leadership programmes. Through a pragmatic and practical approach to training and consulting, we assist clients achieve the highest levels of safety risk management performance, contributing to enhanced levels of organisational performance and operational capability.
- We can provide technical, practical and strategic skills and experience to help build and implement a Safety Risk Management System
- We can help guide the development of safety strategies and goals to achieve your desired business and organisational objectives in relation to risk
- We can help to facilitate the development and implementation of effective safety metrics – such as key safety risk performance indicators, leading to predictive (as opposed to reactive) safety measurement
- We provide assistance in competence development around the general aims and goals of Safety Risk Management
- Our diagnostic services can help to establish your performance maturity levels assessing the core enablers which underpin the effective risk management system
- We can provide in-depth risk management reviews to evaluate your use of key tools, systems, analysis techniques, spectrum of approach and knowledge to risk profile.
- We can give you practical assistance to implement each stage of the Risk Management process
- We can give you the knowledge to improve how you perform hazard identification and risk assessments
- We can help you gain practical experience in contextualising a BowTie and performing barrier modelling
- We can help you to develop the skills necessary to monitor risks and perform risk reviews
Creating a Performing Safety Risk Management System
With the latest EASA regulations mandating Safety Management and progressing towards performance based regulations, an organisation’s Safety Management System needs to evidence that it is effectively and predicatively managing exposure to safety risk. This is fundamental to ensuring compliance and performance with the regulations.
Safety risk management performance needs to provide for:
- Improved risk-based decision making capability – by providing an enhanced and more realistic risk picture which allows an organisation to prioritise and manage its resources in the most cost-effective efficient way.
- Enhanced visibility of safety risks that enables effective mitigation to an acceptable level (at least tolerable and ALARP), supported by a clear and concise audit trail to demonstrate accountability.
- Provision of a framework to enable the intelligent exploitation of safety data which informs the corporate knowledge-base and contributes to organisational learning and continuous improvement.
A Safety Risk Management System comprises a combination of people, processes, procedures, structures and resources needed by an organisation to identify hazards and understand and manage safety risks. Risk Management needs all the Management Systems and enablers fully performing to be effective. The risk management system needs to be fed by the other management systems to operate.
A core building block to achieving effective safety management is a Safety Risk Management System that enables an organisation to manage safety risk and provide an appropriate level of safety protection through hazard identification, risk assessment, prioritisation and control of safety risks in line with strategic business objectives.
- Hazard Identification is a prerequisite to the safety risk management process. A clear understanding of hazards and their related consequences is essential in order to be able to manage safety risk effectively.
- Risk Assessment is your ability to assess the safety risks associated with identified hazards in terms of projected likelihood and severity of the consequences or outcomes.
- Mitigation & Risk Control is your ability to alleviate the level of safety risk by applying effective mitigating action(s) and control safety risk over time to ensure it does not escalate beyond an acceptable level.
- Risk Monitoring is a continuous review activity which checks that existing risks are not affected by organisational change or external influences and provides assurance that mitigation and risk control remains effective. Challenging your controls and system resilience is the key to success.
- Emergency Response is your ability to transition to emergency operations whilst also maintaining ongoing normal operations. The actions taken whilst reflecting the size, nature and complexity of your business should also enable the swiftest return to normal operations – we can assist with your planning for these unfortunate events.
The BowTie Risk Management Process
The BowTie is a simple diagram to describe the pathway from a cause to a consequence; the risk pathway.
It is essentially a combination of fault tree analysis and event tree analysis; the former deals with the cause and the latter the consequences of the event. However, its main focus is to analyse the barriers between the causes and the risk and the risk and consequences.
BowTies are often drawn using brain storm exercises using all affected parties.
The BowTie analysis displays clearly and simply the range of possible causes and outcomes or consequences. This is simpler than a more complicated fault tree analysis and allows more focus on ensuring there is a barrier for each pathway / failure mode.
The main strengths of the BowTie is that it is simple to understand, focuses the attention on the controls or barriers for prevention (left side) or mitigation (right side). This means expertise is kept to a minimum and the net result is useful as a communication tool across the organisation.
The weaknesses of the BowTie are that is cannot depict multiple causes which occur simultaneously to create the same consequence i.e. no AND gate from fault tree analysis. Additionally it tends to oversimplify complex risks and situations which can undermine quantification of those risks.