Risk-based Oversight

Risk-based Oversight

Definitions

Risk-based Oversight (RBO): A way of performing oversight, where:

  • planning is driven by the combination of risk profile and safety performance; and
  • execution focuses on the management of risk, in addition to ensuring compliance.

Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:

  • the specific nature of the organization/operator;
  • the complexity of its activities;

the risks stemming from the activities carried out.

Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:

  • comply with the applicable requirements;
  • implement and maintain effective safety management;
  • identify and manage safety risks;
  • achieve and maintain safe operations;

the results of past certification and/or oversight also need to be taken into account.

Performance-based Oversight

EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:

The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. [1]

Discussion

The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.

Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.

A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:

  • reported occurrences;
  • reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
  • retirement/departure of a key employee (e.g new accountable managersafety manager, or operations director);
  • financial health of the organisation;

Those operators with a high-performing SMS and clear safety leadership will attract less oversight.

Accidents and Incidents

The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:

On 27 April 2021, a Boeing 737-400 commenced a night takeoff at Porto in good visibility without seeing a runway inspection vehicle heading in the opposite direction on the same runway. On querying sight of an opposite direction aircraft on a discrete frequency the driver was told to quickly vacate the runway. The aircraft became airborne 300 metres before reaching the vehicle and passed over and abeam it. Both vehicle and aircraft were following the controller’s clearances. The detailed Investigation confirmed controller error in a context of multiple systemic deficiencies in the delivery of runway operational safety at the airport.

On 26 December 2019, an Airbus Helicopters AS350 on a commercial sightseeing flight over the Hawaiian island of Kauai impacted terrain and was destroyed killing all seven occupants. The Investigation concluded that the experienced pilot had decided to continue the flight into unexpectedly encountered cloud contrary to Company Policy. Contributory factors were identified as the delayed implementation of a Hawaiian aviation weather camera programme, an absence of regulatory leadership in the development of a weather training program for Hawaiian air tour pilots and an overall lack of effective regulatory monitoring and oversight of Hawaiian air tour operators’ weather-related operating practices.

On 13 November 2020, a Boeing 727-100 configured for cargo operations veered partially off the landing runway at Kigali after a late touchdown on a wet runway before regaining it approximately 1,000 metres later. The Investigation concluded that viscous hydroplaning after touchdown which occurred a significant distance left of the runway centreline had been contributory but absence of a prior go-around was causal. It was also found that the flight crew licences were invalid and that there were significant discrepancies in respect of the aircraft registration, the status of the operator and the validity of the Air Operator Certificate. 

On 24 February 2016 a DHC6 (9N-AHH) on a VFR flight to Jomsom which had continued towards destination after encountering adverse weather impacted remote rocky terrain at an altitude of almost 11,000 feet approximately 15 minutes after takeoff after intentionally and repeatedly entering cloud in order to reach the destination. The aircraft was destroyed and all on board were killed. The Investigation attributed this to the crew’s repeated decision to fly in cloud and their deviation from the intended route after losing situational awareness. Spatial disorientation followed and they then failed to respond to repeated EGPWS cautions and warnings.

On 3 January 2019, a Boeing 737-500 en-route to Port Harcourt experienced signs of intermittent distress to an engine which subsequently failed during final approach there. After a mismanaged initial response before and after a go around, the failed engine was eventually shut down. After a delay of about 20 minutes, an attempted second approach was discontinued when it could not be stabilised. A third approach was then successfully completed. The engine was damaged beyond economic repair and the Investigation found that the operator had been aware of the intermittent malfunction of both engines over several months but ignored it.

On 12 September 2020, during a largely autopilot-controlled ILS glideslope capture from above and despite being unstabilised after the crew had intentionally ignored required approach management procedures, a flight was continued without hesitation to a landing. The Investigation found that the operator’s oversight of operating standards relating to unstabilised approaches was systemically flawed and also insufficiently supportive of their ‘Evidence Based Training’ method used for pilot training. It was also noted that the Captain involved had stated to the Investigation that “he considered this flight as a non event”.

On 28 November 2020, in uncontrolled Class ‘G’ airspace, an Airbus A320 inbound to and in contact with Ballina and an en-route light aircraft tracking abeam Ballina both listening out on a shared Common Traffic Advisory Frequency (CTAF) did not recollect hearing potentially useful CTAF calls and converged on intersecting tracks with the light aircraft TCAS only selected to Mode ‘A’. The A320 received a TCAS TA but neither aircraft visually acquired the other until the minimum separation of 600 feet with no lateral separation occurred. Changes to the air traffic advisory radio service in the area were subsequently made.

On 19 November 2020, the police operator of a DJI Matrice M210 UA lost control of it over Poole when it drifted beyond Visual Line Of Sight (VLOS) and communication ceased. It was subsequently damaged when colliding with a house in autoland mode. The Investigation found that a partial power failure had followed battery disconnection with its consequences not adequately communicated to the pilot. It faulted both the applicable UA User Manual content and the absence of sufficient UA status and detected wind information to the pilot. A failure to properly define VLOS was identified but not considered directly causal.

On 23 January 2020, a Cessna S550 departed George to conduct a calibration flight under VFR with three persons on board and was about to begin a DME arc at 4,000 feet QNH when control was lost after entering IMC. Recovery from a significant descent which followed was not achieved before the aircraft hit mountainous terrain 1,800 feet below and was destroyed killing all occupants. The Investigation considered that the transition into IMC had probably occurred without preparation and that the inability of the crew to perform a prompt recovery reflected unfavourably on the conduct of the aircraft operator.

On 16 May 2013, a DHC6-300 on a domestic passenger flight made a tailwind touchdown at excessive speed in the opposite direction of the of 740 metre-long runway to the notified direction in use and, after departing the runway to one side during deceleration, re-entered the runway and attempted to take off. This failed and the aircraft breached the perimeter fence and fell into a river. The Investigation identified inappropriate actions of the aircraft commander in respect of both the initial landing and his response to the subsequent runway excursion and also cited the absence of effective CRM.

Related Articles

Further Reading

References

<references>

  1. ^ "Practices for risk-based oversight"; Edition 1, published by EASA 22 November 2016
Categories

SKYbrary Partners:

Safety knowledge contributed by: