Jacques VanierICAO EUR/NAT Regional Officer

Almaty, 5 to 9 September 2005

SAFETY MANAGEMENT SYSTEMS

RISK VERSUS SAFETY

Almaty, 5 – 9 September 2005 2

SUMMARY

WHY THE SCIENCE OF SAFETY MANAGEMENT?

TERMINOLOGY

COSTS (ACCIDENTS, INCIDENTS, SAFETY)

RISK CLASSIFICATION & ANALYSIS

RISK MANAGEMENT

QUESTIONS

Almaty, 5 – 9 September 2005 3

WHY USE THE SCIENCEOF SAFETY MANAGEMENT?

People often overreact to perceived risk:

Train crash in the UK – 5 die

Within one month, more death on car accidents then in trains for 30 years!

In risk management one must not transfer risk from one area to another!

Almaty, 5 – 9 September 2005 4

TERMINOLOGY

HAZARD

RISK

MITIGATION

RISK MANAGEMENT

Almaty, 5 – 9 September 2005 5

TERMINOLOGY - HAZARD

Hazard - a scenario which, if it occurs, can have negative consequences to personnel, material (or the environment)

Hazard - an event that has the potential to result in damage or injury.

Almaty, 5 – 9 September 2005 6

TERMINOLOGY - RISK

Risk: a hazard, chance of or of bad consequences, loss or injury, exposure to mischance … (source: the Oxford dictionary)

Risk is two-dimensional: Likelihood of an occurrence (probability) Severity of consequences

“The degree of risk is based on the likelihood that damage or harm will result from the hazard and the severity of the consequences.”

RISK =probability

consequences

Almaty, 5 – 9 September 2005 7

TERMINOLOGY - MITIGATION

Mitigation is the action taken to lessen the severity, violence or effect of a change.

Almaty, 5 – 9 September 2005 8

TERMINOLOGY – RISK MANAGEMENT

Risk management: the identification, analysis and elimination (and/or mitigation to an acceptable level) of those hazards, as well as the subsequent

risks that threaten the viability of an organisation

Risk management serves to focus safety efforts on those hazards posing the greatest risks.

Almaty, 5 – 9 September 2005 9

BALANCING RISK

Risks can be balanced using cost-benefit methodology

Risk

Unacceptable region

Acceptableregion

Tolerableregion

(ALARP as low as

reasonably practicable)

Negligible Risk

Risk cannot be justified except in extraordinary circumstances

Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement gained

Tolerable if cost of risk reduction would exceed the improvement gained necessary to maintain assurance that risk remains at this level

risk “limit”

risk “target”

Costs

Almaty, 5 – 9 September 2005 10

COST OF ACCIDENTS

Direct costs (related to physical damage)

Indirect costs: Loss of business; Loss of use of equipment Loss of staff productivity; Investigation and clean-up; Insurance deductibles; Legal actions and damage claims;

Industry and social costs

Almaty, 5 – 9 September 2005 11

COST OF INCIDENTS

Flight delays and cancellations;

Alternate passenger transportation, accommodation, complains;

Crew change and positioning;

Loss of revenue and reputation;

Aircraft recovery, repair etc. and

Incident investigation.

Almaty, 5 – 9 September 2005 12

COST OF ACCIDENT PREVENTION

Difficult to quantify;

SMS implementation cost-benefit analysis – complicated but should be done;

Requires senior management involvement.

If you think safety is expensive, If you think safety is expensive, try an accident!try an accident!

Almaty, 5 – 9 September 2005 13

COST OF SAFETY

Total Costs

Risk ReductionLosses

Protection

Costs

Almaty, 5 – 9 September 2005 14

TERMINOLOGY – RISK MANAGEMENT

Risk management: the identification, analysis and elimination (and/or mitigation to an acceptable level) of those hazards, as well as the subsequent

risks that threaten the viability of an organisation

Risk management serves to focus safety efforts on those hazards posing the greatest risks.

Almaty, 5 – 9 September 2005 15

ORGANISATIONAL ACCIDENT STAGES

DANGERDANGERHazardsHazards

Losses

Unsafe acts

Local workplace factors

Organisational factors

Causes

Investigation

Latentcondition pathway

Defences

Event

System

Stages in the development and investigation of an organisational accident

Almaty, 5 – 9 September 2005 16

RISK MANAGEMENT PROCESS

Identify the hazards to equipment,

property, personnel or the organisation

Evaluate the seriousness of the

consequences of the hazard occurring

What are the chances of it happening?

Is the consequent risk acceptable andwithin the organisation’s safety

performance criteria?

YES

Accept the risk

NOTake action to reduce the

risk to acceptable level

HAZARD IDENTIFICATION

RISK ASSESSMENT

Severity/Criticality

RISK ASSESSMENT

Probability of occurrence

RISK ASSESSMENT

Acceptability

RISK MITIGATION

Almaty, 5 – 9 September 2005 17

HAZARD IDENTIFICATION

Design factors;

Procedures and operating practices;

Communications;

Personnel factors;

Organisational factors;

Work environment factors;

Regulatory oversight factors;

Defences.

Almaty, 5 – 9 September 2005 18

FUNCTIONAL HAZARD ASSESSMENT

Functional Hazard Assessment (FHA): determine how safe the system shall be!

Reminder! … a system consists of: People (humans, liveware: L); Equipment (hardware: H); Procedures (software: S) and Environment (E).

Almaty, 5 – 9 September 2005 19

THE FHA PROCESS

Almaty, 5 – 9 September 2005 20

RISK ASSESSMENT

Risk is the assessed potential for adverse consequences resulting from a hazard!

THREE CONSIDERATIONS INVOLVED: Probability Severity Rate of exposure

Almaty, 5 – 9 September 2005 21

RISK CLASSIFICATIONS & ANALYSIS

The assessment of severity of the consequences always involves:

some degree of subjective judgment;

the use of structured grouped discussions: guided by a standard risk classification scheme, and using participants with extensive experience in their

respective fields.

and …. should ensure that the outcome will be an informed judgment.

Almaty, 5 – 9 September 2005 22

STANDARD RISK CLASSIFICATION

Likelihood of event per operational hour per sector/unit

Severity Category

Qualitative Quantitative Cat 1 Cat 2 Cat 3 Cat 4Frequent Ps> 10-3 Low Low Low Serious

Probable 10-3 > Ps > 10-4 Low Low Medium High

Occasional 10-4 > Ps > 10-5 Low Low Serious High

Remote 10-5 > Ps > 10-6 Low Medium High High

Improbable 10-6 > Ps > 10-7 Medium Serious High High

Extremely improbable

Ps > 10-7 Serious High High High

Almaty, 5 – 9 September 2005 23

RISK MITIGATION

There is no such thing as absolute safety!

Risk has to be managed to a level “as low as reasonably practicable” (ALARP)

Almaty, 5 – 9 September 2005 24

“AS LOW AS REASONABLY PRACTICABLE”

Risk

Unacceptable region

Acceptableregion

Tolerableregion

(ALARP as low as

reasonably practicable)

Negligible Risk

Risk cannot be justified except in extraordinary circumstances

Tolerable only if risk reduction is impracticable or if its cost is grossly disproportionate to the improvement gained

Tolerable if cost of risk reduction would exceed the improvement gained necessary to maintain assurance that risk remains at this level

risk “limit”

risk “target”

Costs

Almaty, 5 – 9 September 2005 25

RISK MITIGATION STRATEGIES

Exposure avoidance (if risk exceeds benefits);

Loss reduction (reduce frequency of unsafe events);

Segregation of exposure (separation or duplication):

Isolate the effects of the risk; Build in redundancy.

Almaty, 5 – 9 September 2005 26

RISK MANAGEMENT – STATE LEVEL

Policy;

Regulatory change;

Priority Setting;

Operational Management;

Operational Inspections.

Almaty, 5 – 9 September 2005 27

RISK MANAGEMENT – BENEFITS

Avoiding costly mistakes;

Ensuring all aspects of the risk are identified;

Ensuring the legitimate interests of affected stakeholders are considered;

Providing decision-makers with solid defence;

Making decisions easier to explain;

Providing significant savings (time and money).

Almaty, 5 – 9 September 2005 28

QUESTIONS, COMMENTS

?

Jacques VanierICAO EUR/NAT Regional Officer

Almaty, 5 to 9 September 2005

SAFETY MANAGEMENT SYSTEMS

- END -