If you wish to contribute or participate in the discussions about articles you are invited to join SKYbrary as a registered user

Risk-based Oversight

From SKYbrary Wiki
Article Information
Category: Safety Management Safety Management
Content source: SKYbrary About SKYbrary
Content control: SKYbrary About SKYbrary

Definitions

Risk-based Oversight (RBO): A way of performing oversight, where:

  • planning is driven by the combination of risk profile and safety performance; and
  • execution focuses on the management of risk, in addition to ensuring compliance.

Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:

  • the specific nature of the organization/operator;
  • the complexity of its activities;

the risks stemming from the activities carried out.

Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:

  • comply with the applicable requirements;
  • implement and maintain effective safety management;
  • identify and manage safety risks;
  • achieve and maintain safe operations;

the results of past certification and/or oversight also need to be taken into account.

Performance-based Oversight

EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:

The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. [1]

Discussion

The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.

Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.

A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:

  • reported occurrences;
  • reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
  • retirement/departure of a key employee (e.g new accountable manager, safety manager, or operations director);
  • financial health of the organisation;

Those operators with a high-performing SMS and clear safety leadership will attract less oversight.

Accidents and Incidents

The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:

  • A139, vicinity Sky Shuttle Heliport Hong Kong China, 2010 (On 3 July 2010, an AW 139 helicopter was climbing through 350 feet over water two minutes after take off when the tail rotor fell off. A transition to autorotation was accomplished and a controlled ditching followed. All on board were rescued, some sustained minor injuries. The failure was attributed entirely to manufacturing defects but no action was taken until two similar accidents had occurred in Qatar (non-fatal) and Brazil (fatal) the following year and two Safety Recommendations had been issued from this Investigation after which a comprehensive review of the manufacturing process resulted in numerous changes monitored by EASA.)
  • A306, East Midlands UK, 2011 (On 10 January 2011, an Air Atlanta Icelandic Airbus A300-600 on a scheduled cargo flight made a bounced touchdown at East Midlands and then attempted a go around involving retraction of the thrust reversers after selection out and before they had fully deployed. This prevented one engine from spooling up and, after a tail strike during rotation, the single engine go around was conducted with considerable difficulty at a climb rate only acceptable because of a lack of terrain challenges along the climb out track.)
  • A310, Irkutsk Russia, 2006 (On 8 July 2006, S7 Airlines A310 overran the runway on landing at Irkutsk at high speed and was destroyed after the Captain mismanaged the thrust levers whilst attempting to apply reverse only on one engine because the flight was being conducted with one reverser inoperative. The Investigation noted that the aircraft had been despatched on the accident flight with the left engine thrust reverser de-activated as permitted under the MEL but also that the previous two flights had been carried out with a deactivated right engine thrust reverser.)
  • A318/B739, vicinity Amsterdam Netherlands, 2007 (On 6 December 2007 an Airbus A318 being operated by Air France on a scheduled passenger flight from Lyon to Amsterdam carried out missed approach from runway 18C at destination and lost separation in night VMC against a Boeing 737-900 being operated by KLM on a scheduled passenger flight from Amsterdam to London Heathrow which had just departed from runway 24. The conflict was resolved by correct responses to the respective coordinated TCAS RAs after which the A318 passed close behind the 737. There were no abrupt manoeuvres and none of the 104 and 195 occupants respectively on board were injured.)
  • A319, London Heathrow UK, 2013 (On 24 May 2013 the fan cowl doors on both engines of an Airbus A319 detached as it took off from London Heathrow. Their un-latched status after a routine maintenance input had gone undetected. Extensive structural and system damage resulted and a fire which could not be extinguished until the aircraft was back on the ground began in one engine. Many previously-recorded cases of fan cowl door loss were noted but none involving such significant collateral damage. Safety Recommendations were made on aircraft type certification in general, A320-family aircraft modification, maintenance fatigue risk management and aircrew procedures and training.)
  • A320 / B739, Yogyakarta Indonesia, 2013 (On 20 November 2013, an A320 misunderstood its taxi out clearance at Yogyakarta and began to enter the same runway on which a Boeing 737, which had a valid landing clearance but was not on TWR frequency, was about to touch down from an approach in the other direction of use. On seeing the A320, which had stopped with the nose of the aircraft protruding onto the runway, the 737 applied maximum manual braking and stopped just before reaching the A320. The Investigation faulted ATC and airport procedures as well as the A320 crew for contributing to the risk created.)
  • See all


Related Articles

Further Reading

References

  1. ^ "Practices for risk-based oversight"; Edition 1, published by EASA 22 November 2016