If you wish to contribute or participate in the discussions about articles you are invited to join SKYbrary as a registered user

Risk-based Oversight

From SKYbrary Wiki
Article Information
Category: Safety Management Safety Management
Content source: SKYbrary About SKYbrary
Content control: SKYbrary About SKYbrary

Definitions

Risk-based Oversight (RBO): A way of performing oversight, where:

  • planning is driven by the combination of risk profile and safety performance; and
  • execution focuses on the management of risk, in addition to ensuring compliance.

Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:

  • the specific nature of the organization/operator;
  • the complexity of its activities;

the risks stemming from the activities carried out.

Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:

  • comply with the applicable requirements;
  • implement and maintain effective safety management;
  • identify and manage safety risks;
  • achieve and maintain safe operations;

the results of past certification and/or oversight also need to be taken into account.

Performance-based Oversight

EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:

The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. [1]

Discussion

The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.

Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.

A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:

  • reported occurrences;
  • reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
  • retirement/departure of a key employee (e.g new accountable manager, safety manager, or operations director);
  • financial health of the organisation;

Those operators with a high-performing SMS and clear safety leadership will attract less oversight.

Accidents and Incidents

The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:

  • E190, Kupang Indonesia, 2015 (On 21 December 2015, an Embraer 195 crew continued a significantly unstable approach which included prolonged repetition of 'High Speed' and a series of EGPWS Alerts which were both ignored and which culminated in a high speed late touchdown which ended in a 200 metre overrun. The Investigation attributed the event to poor flight management and noted the systemic lack of any effective oversight of pilot operating standards compounded in the investigated event by the effects of a steep flight deck authority gradient and the failure to detect anomalies in the normal operating behaviour of both the pilots involved.)
  • H25B, vicinity Akron OH USA, 2015 (On 10 November 2015, the crew of an HS 125 lost control of their aircraft during an unstabilised non-precision approach to Akron when descent was continued below Minimum Descent Altitude without the prescribed visual reference. The airspeed decayed significantly below minimum safe so that a low level aerodynamic stall resulted from which recovery was not achieved. All nine occupants died when it hit an apartment block but nobody on the ground was injured. The Investigation faulted crew flight management and its context - a dysfunctional Operator and inadequate FAA oversight of both its pilot training programme and flight operations.)
  • B739, Yogyakarta Indonesia, 2015 (On 6 November 2015, a Boeing 737-900 overran the 2,200 metre-long landing runway at Yogyakarta after a tailwind approach with airspeed significantly above the applicable Vref followed by a long landing on a wet runway without optimum use of deceleration devices. The flight crew management of the situation once the aircraft had come to a stop was contrary to procedures in a number of important respects. The aircraft operator took extensive action to improve crew performance following the event. The Investigation found significant fault with the airport operator's awareness of runway surface condition and an absence of related significant risk management.)
  • HUNT, manoeuvring, vicinity Shoreham UK, 2015 (On 22 August 2015 the pilot of a civil-operated Hawker Hunter carrying out a flying display sequence at Shoreham failed to complete a loop and partial roll manoeuvre and the aircraft crashed into road traffic unrelated to the airshow and exploded causing multiple third party fatalities and injuries. The Investigation found that the pilot had failed to enter the manoeuvre correctly and then failed to abandon it when it should have been evident that it could not be completed. It was concluded that the wider context for the accident was inadequate regulatory oversight of UK civil air display flying risk management.)
  • AT76, vicinity Taipei Songshan Taiwan, 2015 (On 4 February 2015, a TransAsia Airways ATR 72-600 crashed into the Keelung River in central Taipei shortly after taking off from nearby Songshan Airport after the crew mishandled a fault on one engine by shutting down the other in error. They did not realise this until recovery from loss of control due to a stall was no longer possible. The Investigation found that the initial engine fault occurred before getting airborne and should have led to a low-speed rejected take-off. Failure to follow SOPs and deficiencies in those procedures were identified as causal.)
  • A320, en-route Karimata Strait Indonesia, 2014 (On 28 December 2014, an A320 crew took unapproved action in response to a repeating system caution shortly after levelling at FL320. The unexpected consequences degraded the flight control system and obliged manual control. Gross mishandling followed which led to a stall, descent at a high rate and sea surface impact with a 20º pitch attitude and a 50º angle of attack four minutes later. The Investigation noted the accident origin as a repetitive minor system fault but demonstrated that the subsequent loss of control followed a combination of explicitly inappropriate pilot action and the absence of appropriate pilot action.)
  • GLF3, Biggin Hill UK, 2014 (On 24 November 2014, the crew of a privately-operated Gulfstream III carrying five passengers inadvertently commenced take off at night in poor visibility when aligned with the runway edge instead of the runway centreline. When the aircraft partially exited the paved surface, the take-off was rejected but not before the aircraft had sustained substantial damage which put it beyond economic repair. The Investigation found that chart and AIP information on the taxiway/runway transition made when lining up was conducive to error and that environmental cues, indicating the aircraft was in the wrong place to begin take-off, were weak.)
  • A321, en-route, near Pamplona Spain, 2014 (On 5 November 2014, the crew of an Airbus A321 temporarily lost control of their aircraft in the cruise and were unable to regain it until 4000 feet of altitude had been lost. An investigation into the causes is continuing but it is already known that blockage of more than one AOA probe resulted in unwanted activation of high AOA protection which could not be stopped by normal sidestick inputs until two of the three ADRs had been intentionally deactivated in order to put the flight control system into Alternate Law.)
  • FA50 / Vehicle, Moscow Vnukovo Russia, 2014 (On 20 October 2014 a Dassault Falcon 50 taking off at night from Moscow Vnukovo collided with a snow plough which had entered the same runway without clearance shortly after rotation. Control was lost and all occupants died when it was destroyed by impact forces and post crash fire. The uninjured snow plough driver was subsequently discovered to be under the influence of alcohol. The Investigation found that the A-SMGCS effective for over a year prior to the collision had not been properly configured nor had controllers been adequately trained on its use, especially its conflict alerting functions.)
  • AT75, vicinity Magong Taiwan, 2014 (On 23 July 2014, a TransAsia Airways ATR 72-500 crashed into terrain shortly after commencing a go around from a VOR approach at its destination in day IMC in which the aircraft had been flown significantly below the MDA without visual reference. The aircraft was destroyed and48 of the 58 occupants were killed. The Investigation found that the accident was entirely attributable to the actions of the crew and that it had occurred in a context of a systemic absence of effective risk management at the Operator which had not been adequately addressed by the Safety Regulator.)
  • B190 / B737, Calgary Canada, 2014 (On 29 March 2014, a Beech 1900D being taxied by maintenance personnel at Calgary entered the active runway without clearance in good visibility at night as a Boeing 737-700 was taking off. The 737 passed safely overhead. The Investigation found that the taxiing aircraft had taken a route completely contrary to the accepted clearance and that the engineer on control of the aircraft had not received any relevant training. Although the airport had ASDE in operation, a transponder code was not issued to the taxiing aircraft as required and stop bar crossing detection was not enabled at the time.)
  • JS32, Torsby Sweden, 2014 (On 31 January 2014, an Estonian-operated BAE Jetstream 32 being used under wet lease to fulfil a government-funded Swedish domestic air service requirement landed long at night and overran the end of the runway. The Investigation concluded that an unstabilised approach had been followed by a late touchdown at excessive speed and that the systemic context for the occurrence had been a complete failure of the aircraft operator to address operational safety at anything like the level appropriate to a commercial operation. Failure of the responsible State Safety Regulator to detect and act on this situation was also noted.)
  • … further results


Related Articles

Further Reading

References

  1. ^ "Practices for risk-based oversight"; Edition 1, published by EASA 22 November 2016