From SKYbrary Wiki
Risk-based Oversight (RBO): A way of performing oversight, where:
- planning is driven by the combination of risk profile and safety performance; and
- execution focuses on the management of risk, in addition to ensuring compliance.
Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:
- the specific nature of the organization/operator;
- the complexity of its activities;
the risks stemming from the activities carried out.
Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:
- comply with the applicable requirements;
- implement and maintain effective safety management;
- identify and manage safety risks;
- achieve and maintain safe operations;
the results of past certification and/or oversight also need to be taken into account.
EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:
- The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. 
The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.
Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.
A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:
- reported occurrences;
- reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
- retirement/departure of a key employee (e.g new accountable manager, safety manager, or operations director);
- financial health of the organisation;
Those operators with a high-performing SMS and clear safety leadership will attract less oversight.
Accidents and Incidents
The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:
- L410, vicinity Lukla Nepal, 2017 (On 27 May 2017, a Let 410 attempting to complete a visual approach to Lukla in rapidly deteriorating visibility descended below threshold altitude and impacted terrain close to the runway after stalling when attempting to climb in landing configuration. The aircraft was destroyed by the impact and two of the three occupants fatally injured. The Investigation concluded that the Captain had lost situational awareness at a critical time and had been slow to respond to the First Officer’s alert that the aircraft was too low. Safety Recommendations included the establishment of an independent and permanent Air Accident Investigation Agency.)
- L410, Isle of Man, 2017 (On 23 February 2017, a Czech-operated Let-410 departed from Isle of Man into deteriorating weather conditions and when unable to land at its destination returned and landed with a crosswind component approximately twice the certified limit. The local Regulatory Agency instructed ATC to order the aircraft to immediately stop rather than attempt to taxi and the carrier’s permit to operate between the Isle of Man and the UK was subsequently withdrawn. The Investigation concluded that the context for the event was a long history of inadequate operational safety standards associated with its remote provision of flights for a Ticket Seller.)
- C402, Virgin Gorda British Virgin Islands, 2017 (On 11 February 2017, a Cessna 402 failed to stop on the runway when landing at Virgin Gorda and was extensively damaged. The Investigation noted that the landing distance required was very close to that available with no safety margin so that although touchdown was normal, when the brakes failed to function properly, there was no possibility of safely rejecting the landing or stopping normally on the runway. Debris in the brake fluid was identified as causing brake system failure. The context was considered as the Operator’s inadequate maintenance practices and a likely similar deficiency in operational procedures and processes.)
- RJ85, vicinity Medellín International (Rionegro) Colombia, 2016 (On 29 November 2016, a BAe Avro RJ85 failed to complete its night charter flight to Medellín (Rionegro) when all engines stopped due to fuel exhaustion and it crashed in mountainous terrain 10 nm from its intended destination killing almost all occupants. The Investigation noted the complete disregard by the aircraft commander of procedures essential for safe flight by knowingly departing with significantly less fuel onboard than required for the intended flight and with no apparent intention to refuel en route. It found that this situation arose in a context of a generally unsafe operation subject to inadequate regulatory oversight.)
- RJ1H, vicinity Gothenburg Sweden, 2016 (On 7 November 2016, severe airframe vibrations occurred to an Avro RJ-100 which, following ground de icing, was accelerating in the climb a few minutes after departing from Gothenburg. The crew were able to stop the vibrations by reducing speed but they declared an emergency and returned to land where significant quantities of ice were found and considered to have been the cause of the vibrations. The Investigation concluded that the failure of the de icing operation in this case had multiple origins which were unlikely to be location specific and generic safety recommendations were therefore made.)
- B737, New York La Guardia USA, 2016 (On 27 October 2016, a Boeing 737-700 crew made a late touchdown on the runway at La Guardia and did not then stop before reaching the end of the runway and entered - and exited the side of - the EMAS before stopping. The Investigation concluded that the overrun was the consequence of a failure to go around when this was clearly necessary after a mishandled touchdown and that the Captain's lack of command authority and a lack of appropriate crew training provided by the Operator to support flight crew decision making had contributed to the failure to go around.)
- C500, vicinity Kelowna BC Canada, 2016 (On 13 October 2016, a Cessna 500 crashed and was destroyed after an apparent loss of control shortly after taking off from Kelowna at night. In the absence of recorded flight data the Investigation was unable to explain the circumstances which led to loss of control but did identify significant safety concerns about both lack of progress in mandating the carriage of lightweight flight data recorders on small aircraft and a significant lack of effectiveness in the regulatory oversight of the business aviation sector in Canada.)
- ATP, Vilhelmina Sweden, 2016 (On 6 April 2016, a BAe ATP partly left the side of the runway soon after touchdown, regaining it after 155 metres before completing its landing roll. It sustained damage rendering it unfit to continue flying but this was not noticed until five further flights had been made. Investigation attributed the excursion to lack of pilot response to unexpected beta range power and the continued flying to the aircraft Captain's failure to ensure proper event recording, accurate operator notification or a post-excursion engineering inspection of the aircraft. Systemic inadequacy in safety management and culture at the operator was identified.)
- E190, Kupang Indonesia, 2015 (On 21 December 2015, an Embraer 195 crew continued a significantly unstable approach which included prolonged repetition of 'High Speed' and a series of EGPWS Alerts which were both ignored and which culminated in a high speed late touchdown which ended in a 200 metre overrun. The Investigation attributed the event to poor flight management and noted the systemic lack of any effective oversight of pilot operating standards compounded in the investigated event by the effects of a steep flight deck authority gradient and the failure to detect anomalies in the normal operating behaviour of both the pilots involved.)
- H25B, vicinity Akron OH USA, 2015 (On 10 November 2015, the crew of an HS 125 lost control of their aircraft during an unstabilised non-precision approach to Akron when descent was continued below Minimum Descent Altitude without the prescribed visual reference. The airspeed decayed significantly below minimum safe so that a low level aerodynamic stall resulted from which recovery was not achieved. All nine occupants died when it hit an apartment block but nobody on the ground was injured. The Investigation faulted crew flight management and its context - a dysfunctional Operator and inadequate FAA oversight of both its pilot training programme and flight operations.)
- B739, Yogyakarta Indonesia, 2015 (On 6 November 2015, a Boeing 737-900 overran the 2,200 metre-long landing runway at Yogyakarta after a tailwind approach with airspeed significantly above the applicable Vref followed by a long landing on a wet runway without optimum use of deceleration devices. The flight crew management of the situation once the aircraft had come to a stop was contrary to procedures in a number of important respects. The aircraft operator took extensive action to improve crew performance following the event. The Investigation found significant fault with the airport operator's awareness of runway surface condition and an absence of related significant risk management.)
- B743, vicinity Tehran Mehrabad Iran, 2015 (On 15 October 2015 a Boeing 747-300 experienced significant vibration from one of the engines almost immediately after take-off from Tehran Mehrabad. After the climb out was continued without reducing the affected engine thrust an uncontained failure followed 3 minutes later. The ejected debris caused the almost simultaneous failure of the No 4 engine, loss of multiple hydraulic systems and all the fuel from one wing tank. The Investigation attributed the vibration to the Operator's continued use of the engine without relevant Airworthiness Directive action and the subsequent failure to continued operation of the engine after its onset.)
- Predictive Risk Management
- Safety Accountabilities and Responsibilities
- Just Culture
- Safety Oversight
- Safety Culture
- EASA: Practices for risk-based oversight; Edition 1, EASA, published 22 November 2016.
- UK CAA: CAP1092: Strategic Plan 2011-16, updated June 2014