Upload
vuminh
View
222
Download
18
Embed Size (px)
Citation preview
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
The Benefits of Bowtie Risk Management in Compliance Systems
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+
Why do this?
Risk at the centre
Focus for all system activities becomes risk
Cumulative learning
Every report, investigation, audit adds to our overall understanding of the risks to our operation – in reality not just in potential
Better use of scarce skills and resource
Currently much of the effort is spent on interpreting, coding and classifying incoming data to help build understanding
Under this approach much of the classifying and coding and some of the interpreting happens automatically.
The result is we monitor risk management performance continuously.
If we move to a system which combines BowTie risk models with Safety/Quality/Compliance data what benefits does that bring?
2
+ The Challenge Managing safety/quality/compliance data to understand risk
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
www.etq.com [email protected]
The Deluge! Sa
fety
R
epo
rts
Tech
nic
al
Dat
a
Au
dit
R
epo
rts
Co
nfi
den
tial
R
epo
rts
Safe
ty
Co
mm
itte
es
Inve
stig
atio
n
Rep
ort
s
Maj
or
Glo
bal
Ev
ents
Exte
rnal
A
ud
its
Co
rrec
tive
A
ctio
ns
Safety Trends
Safety Trends
Investigation Report XXX
Tech Analysis
Ramp Safety
Committee Minutes
Engineering Audit March
Confidential Reports
Safety Committee
Minutes
SMS Audit June
Major Event
involving YYY
Safety Action
Closeout Trends
Regulatory Compliance
Audit
And So On... www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ The “Adding Up” Problem
An increase in safety reports, some fairly concerning audit findings, neck hairs rising –
what does it all add up to?
The range of data we have has grown dramatically – better safety reporting,
observational programs, culture surveys, a range of audits, training data, technical
reliability, ...
We tend to store that data, classify it and report it the way we collect it.
Combining data relies on the “wet” computer.
But the human brain has some built in limitations in dealing with risk and data – in fact
we’re not very good at it.
So, is it really adding up?
5 www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Risk Management – the weak link?
Risk management is the core of safety management
A lot of SMS effort – both operators and regulators is focused on process
But the challenge lies in the content
Hazard identification – Can’t manage unidentified hazard
Risk Assessment – wrong risk level miss directs attention
And we humans are not naturally good at either of these
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ We’re not naturally very good at risk
We can fail to identify critical hazards: Lack imagination – typical scenario is much stronger than “odd” scenario
Don’t expect unexpected
Wrong mental model – simple linear process narrative not complex noisy parallel chaos
Over reliance on procedure
Group think – social effects dominate rational judgement
We can miss-estimate risk: Poor risk calculators
Overconfidence bias
Understanding of complex systems is actually poor
Intuitive sense of random is wrong!
Small data window
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ The Matrix!
Judgement based (about the future)
Standardisation hard
Sensitive to Risk Scenario
Qualitative (but looks quantitative)
Multiple hidden assumptions
Many start towards measuring risk by adding risk measures based on something like this to their data – but...
Catastrophic
A
Hazardous
B
Major
C
Minor
D
Negligible
E
Frequent 5 5A 5B 5C 5D 5E
Occasional 4 4A 4B 4C 4D 4E
Remote 3 3A 3B 3C 3D 3E
Improbable 2 2A 2B 2C 2D 2E
Extremely
improbable1 1A 1B 1C 1D 1E
Risk Severity
Risk Probability
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Risk Scenarios
Worst Case?
Worst Conceivable Case?
Worst Credible Case?
Worst Feasible Case?
Hazard Outcome
E E
E E
E E
E E
Story that links Hazard to Outcome
Will involve barrier failures
Basis for assessing likelihood and
severity
There even if not explicit
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Multiple Risk Scenarios
E E
E E
E E
E E
Threat Risk Control
Undesired
Operational
State
Recovery
ControlConsequence
Threat
Threat
Risk Control Risk Control
Risk ControlRisk ControlRisk Control
Risk ControlRisk ControlRisk Control
Recovery
Control
Recovery
Control
Recovery
Control
Recovery
Control
Recovery
Control
Recovery
Control
Recovery
Control
Consequence
Consequence
Consequence
Hazard Different scenarios may map to
same risk level
But, may not...
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ BowTie Risk Concepts
Threat Barrier
Undesired Operational
State
Recovery Control
Consequence
System & Culture
Threat
Threat
Barrier Barrier
Barrier Barrier Barrier
Barrier Barrier Barrier
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Consequence
Consequence
Consequence
Hazard
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Example – Rail Transport
Source: CGE BowTieXP
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Adding Barriers
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Adding Data
Threats Safety Reports Observations Barrier Failures Safety Reports Observations Investigation Findings Audit Findings Technical Data
Undesired Operational State
Safety Reports Observations Investigation Findings Technical Data
Recovery Failures Safety Reports Observations Investigation Findings Technical Data
Consequences Industry Data
Thre
at
Risk
Contro
l
Undesire
d
Opera
tional
Sta
te
Reco
very
Contro
lC
onse
quence
Thre
at
Thre
at
Risk
Contro
lRisk
Contro
l
Risk
Contro
lRisk
Contro
lRisk
Contro
l
Risk
Contro
lRisk
Contro
lRisk
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Reco
very
Contro
l
Conse
quence
Conse
quence
Conse
quence
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
Safe
ty
Rep
ort
s
Tech
nic
al
Dat
a
Au
dit
R
epo
rts
Co
nfi
den
tial
R
epo
rts
Safe
ty
Co
mm
itte
es
Inve
stig
atio
n
Rep
ort
s
Maj
or
Glo
bal
Ev
ents
Exte
rnal
A
ud
its
Co
rrec
tive
A
ctio
ns
Taming The Deluge!
ThreatRisk Control
Risk Control
Risk Control
Undesired Operational
State
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Consequence
Recovery Control
Recovery Control
Safety System and Culture Threats
Threat
Threat
Consequence
Consequence
Consequence
System Performance • Compliance • SMS Functioning • Safety Culture
Safety Focus Areas
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+ Monitoring the whole risk picture
17
ThreatRisk
Control
Undesired Operational
State
Recovery Control
Consequence
System & Culture
Threat
Threat
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Consequence
Consequence
Consequence
Hazard
Risk Precursor Threat Vulnerability
System Weaknesses
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+
Safety Reports
Threat Rates
Consequence Rates
Control Failures
Recovery Activation
UOS
Risk Register
Vulnerability Assessment
Risk Precursor
Continuously updated risk picture
ThreatRisk Control
Risk Control
Risk Control
Undesired Operational
State
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Recovery Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Risk Control
Consequence
Recovery Control
Recovery Control
Safety System and Culture Threats
Threat
Threat
Consequence
Consequence
Consequence
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
+
Turning the Theory into Reality
19
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
Safe
ty
Rep
ort
s
Flig
ht D
ata
Au
dit
R
epo
rts
Co
nfi
den
tial
R
epo
rts
Safe
ty
Co
mm
itte
es
Inve
stig
atio
n
Rep
ort
s
Maj
or
Glo
bal
Ev
ents
Exte
rnal
A
ud
its
Co
rrec
tive
A
ctio
ns
Organisational Learning Engine
Data Classification
Engine
Internal Data Shared Industry Risk Experience
BowTie Risk Models
Semi-Automatic Data Management
Runway Excursion - TO
Loss of Control in Flight
Runway Excursion - Landing
Controlled Flight Into Terrain
In-Flight Fire
Mid-Air Collision
Turbulence Injury
Threats
Controls
Distraction
Bird Hazard
AC Malfunction
Runway State
Weather
ATC
Weight and Balance
Threat Drivers
A320 A330 A340 B747 B777
Procedures
Competence/Training
Hardware
Software
Control Framework
Risk Dashboards
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
Tools to Implement the Vision 21
EtQ Exchange EtQ Reliance Risk Register
Shared Barrier Models
Dynamic Forms
Auto Import of BTXP into Reliance
Reliance Modules: •Safety Reports •Audit •Etc
APF Metrics
Reliance Dashboards
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
Complete Compliance Management Solution
• Applications for any organization, any industry
– Small or large organization
– Regulated or non-regulated
– Focus on Risk or Regulatory Compliance
• Applications to manage any compliance initiative
• Pre-configured with best practices
• Risk “at the core”
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
Application Breakdown As of version 10.0a of EtQ Reliance: QMS GMP EHS F&B SMS
Aspects, Objectives, & Targets • •
Audits Management • • • • •
Calibration and Maintenance • • • • •
Change Management • • • • •
Complaints Handling •
Corrective Action and Preventive Action (CAPA) • • • • •
Customer Feedback • • •
Deviation • • • • •
Document Control • • • • •
Emergency Preparedness Plans • •
Employee Training • • • • •
Enterprise Risk Management (ERM) • • • • •
Failure Mode and Effects Analysis (FMEA) • • •
Hazard Analysis Critical Control Points (HACCP) •
Incidents, Accidents and Safety Reporting • •
Job Safety Analysis (JSA) • •
Legislative and Regulatory Requirements • • • • •
Material Returns • • •
Material Safety Data Sheets (MSDS) • •
Meetings Management • • • • •
Monitoring & Inspection • •
Nonconformance Management • • •
Product Specification Management • • •
Production Part Approval Process (PPAP) • •
Project Control • • • • •
Quality Records Management • • • • •
Receiving & Inspection • • •
Risk Register • • • • •
Supplier Rating • • • •
Sustainability •
Complete Compliance Management Solution
• Integrated Risk Assessment
– Measure risk in any process, in context
– Track risk levels in centralized Risk Register
• Predictive Analysis using Risk Management
– Identify controls to mitigate risks
– Manage controls (documents, metrics, audits, etc…)
– Measure the effectiveness of controls (risk levels)
• Reduce Risk through Continuous Improvement
– Monitor control effectiveness through dashboard
– Test controls through Audits
– Survey potential risks using ERM
– Improve controls through CAPA and Change
+
CAPA
Document Control
Training
Finding
Risk
Risk Assessment
Reporting
FMEA Job Safety Analysis
HACCP
Risk
Effectiveness Effectiveness
Risk-Based Compliance
ERM
Risk
Effectiveness
Other Event
triggers
Risk Risk
Change Control
Effectiveness
Risk
Risk
Effectiveness
Controls Hazard Analysis
EtQ Risk Register
Audit
Incident
Risk
Effectiveness Effectiveness
+
CAPA
Complaint
NCR
Audit Change Control
Planned Deviation
Document Control
Training
CRM
ERP, MES
Investigation
Investigation
Finding
EtQ Risk Register
Hazards Controls Risk levels Effectiveness
Risk
Risk
Risk
Risk
Effectiveness
Ad Hoc Event
Ad Hoc Request
Regulatory Compliance
Other processes Legislative and Regulatory Requirements Supplier Management Product Registration Recalls HACCP Calibration & Maintenance Incident / Safety Report
Risk
Effectiveness
Investigation
www.etq.com [email protected] www.aloftaviationconsulting.com [email protected]
CONTACT US
www.AloftAviationConsulting.com
www.etq.com