Risk Management

Risk Management


Risk management. The identification, analysis and elimination (and/or mitigation to an acceptable or tolerable level) of those hazards, as well as the subsequent risks, that threaten the viability of an organisation.” (ICAO Doc 9859).

Safety risk management (SRM) - A process within the Safety Management System composed of describing the system, identifying the hazards, and analyzing, assessing, and controlling the risk.” (FAA AC No: 120-92B, Safety Management Systems for Aviation Service Providers)


The objective of Risk Management is to ensure that the risks associated with hazards to flight operations are systematically and formally identified, assessed, and managed within acceptable safety levels.

ICAO Provisions

Several Annexes of the Chicago Convention aim to harmonise and extend the provisions relating to safety management by aircraft operators and aviation service providers. These changes introduce a framework for the implementation and maintenance of a safety management system (SMS) by the operators/service providers. The framework consists of four main components:

Consistent with the ICAO provisions, the European Regulation 1035/2011 - Common Requirements for the Provision of Air Navigation Services and EUROCONTROL ESARR 3 identify risk assessment and mitigation as an essential component of the Safety Achievement domain of the SMS. (see further reading)


The complete elimination of risk in aviation operations obviously is an unachievable and impractical goal (being perfectly safe would require stopping all aviation activities and to grounding all aircraft) as not all risks can be removed and not all possible risk mitigation measures are economically practical. In other words, it is accepted that there will be some residual risk of harm to people, property or environment, but this is considered to be acceptable or tolerable by the responsible authority and the society.

Risk management, being a central component of the SMS, plays vital role in addressing the risk in practical terms. It requires a coherent and consistent process of objective analysis, in particular for evaluating the operational risks. In general, Risk Management is a structured approach and systematic actions aimed to achieve the balance between the identified and assessed risk and practicable risk mitigation.

Risk Management Elements

Risk management consists of three essential elements:

  1. Hazard identification - Identification of undesired or adverse events that can lead to the occurrence of a hazard and the analysis of mechanisms by which these events may occur and cause harm. Both reactive and proactive methods and techniques should be used for hazard identification.
  2. Risk assessment - Identified hazards are assessed in terms of criticality of their harmful effect and ranked in order of their risk-bearing potential. They are assessed often by experienced personnel, or by utilising more formal techniques and through analytical expertise. The severity of consequences and the likelihood (frequency) of occurrence of hazards are determined. If the risk is considered acceptable, operation continues without any intervention. If it is not acceptable, the risk mitigation process is engaged.
  3. Risk mitigation - If the risk is considered to be unacceptable, then control measures are taken to fortify and increase the level of defences against that risk or to avoid or remove the risk, if this is economically feasible.

The flow chart below depicting the Risk Management process:

Risk Management process (extracted from ICAO Doc 9859 - Safety Management Manual)

Furthermore, effective Risk Management requires that the safety “cost-benefit” of the planned and implemented course of actions is analysed, including the case of choosing a “do nothing” strategy. If it is decided to act for limiting the exposure to the identified risks, each risk control measure needs to be evaluated, to reveal possible latent hazards and dormant risks that may arise from activating that measure. Once these control measures are implemented, the organisation needs to ensure they are engaged in a correct way, and this is achieved through a set of arrangements, processes and systematic actions, which build the Safety Assurance domain of the SMS.

Risk Management is based on a variety of hazard identification means. According to ICAO Doc 9859 this SMS component may include both proactive and reactive methods and techniques. Safety occurrence reporting and investigation, being assigned to the reactive category, are well known essential means for identifying key risk areas and corrective risk mitigation measures. In addition, the increasing integration, automation and complexity of flight operations requires a proactive, systematic and structured approach to risk assessment and mitigation using predictive and monitoring techniques. Risk assessment need to be conducted for any changes that may impact the safety of services provided by the operator/service provider.

The risk management concept is equally important in all aviation sectors and should be implemented in a consistent manner by airline operators, air navigation service providers, certified aerodrome operators, maintenance organisations and training organisations. Its strategies include identifying the risk, assessing the risk, avoiding or reducing the risk and accepting certain risks.

Related Articles

Further Reading


European Commission





SKYbrary Partners:

Safety knowledge contributed by: