If you wish to contribute or participate in the discussions about articles you are invited to join SKYbrary as a registered user
From SKYbrary Wiki
Risk-based Oversight (RBO): A way of performing oversight, where:
- planning is driven by the combination of risk profile and safety performance; and
- execution focuses on the management of risk, in addition to ensuring compliance.
Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:
- the specific nature of the organization/operator;
- the complexity of its activities;
the risks stemming from the activities carried out.
Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:
- comply with the applicable requirements;
- implement and maintain effective safety management;
- identify and manage safety risks;
- achieve and maintain safe operations;
the results of past certification and/or oversight also need to be taken into account.
EASA explains the relationship between Performance-based Oversight (PBO) and Risk-based Oversight (RBO) as:
- The concept of "performance" conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance. Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks or monitoring actions mitigating these risks. This means that a PBO can also support the identification of areas of greater risk and serve the risk assessment and mitigation exercise. This is where PBO meets RBO. 
The implementation of Safety Management Systems signals a shift from reactive and compliance based oversight to a new model that includes proactive and performance-based tools and methods.
Recognising that compliance alone cannot assure safe operations, and that effective and affordable regulatory oversight needs to be targeted, most regulators have altered the relationship between the operators and the Competent Authorities to ensure that greater oversight is applied to those that need it. To achieve this, Inspectors need to be able to assess safety performance and the key factors that influence it. If an Operator's Compliance Monitoring Function demonstrates that regulatory and procedural compliance is being monitored effectively internally then it will attract less external oversight.
A risk-based approach to oversight entails the assessment of the performance influencing factors, organisational changes and other safety performance indicators that make up an operator's risk profile. An operator's risk profile will inevitably be dynamic. The regulator must have a process that acquires and analyses different sources of intelligence that provide insight into the changing risks in an operation such as:
- reported occurrences;
- reorganisation and restructuring (e.g new management and reporting structures, new operating bases, new aircraft types, changing working practices);
- retirement/departure of a key employee (e.g new accountable manager, safety manager, or operations director);
- financial health of the organisation;
Those operators with a high-performing SMS and clear safety leadership will attract less oversight.
Accidents and Incidents
The following events in the SKYbrary database of Accident and Incident reports feature Ineffective Regulatory Oversight as a contributory factor:
- E195, Exeter UK, 2019 (On 28 February 2019, an Airbus A320 abandoned takeoff from Exeter when fight deck fumes/smoke accompanied thrust applied against the brakes. When informed of similar conditions in the cabin, the Captain ordered an emergency evacuation. Some passengers using the overwing exits re-entered the cabin after becoming confused as to how to leave the wing. The Investigation attributed the fumes to an incorrectly-performed engine compressor wash arising in a context of poorly-managed maintenance and concluded that guidance on overwing exit use had been inadequate and that the 1.8 metre certification height limit for exits without evacuation slides should be reduced.)
- B763, en-route, east southeast of Houston TX USA, 2019 (On 23 February 2019, a Boeing 767-300 transitioned suddenly from a normal descent towards Houston into a steep dive and high speed terrain impact followed. The Investigation found that after neither pilot had noticed the First Officer’s inadvertent selection of go around mode during automated flight, the First Officer had then very quickly responded with an increasingly severe manual pitch-down, possibly influenced by a somatogravic illusion. He was found to have had a series of short air carrier employments terminating after failure to complete training, had deliberately and repeatedly sought to conceal this history and lacked sufficient aptitude and competency.)
- E190, manoeuvring, northeast of Lisbon Portugal 2018 (On 11 November 2018, an Embraer 190-100LR just airborne on a post maintenance non revenue positioning flight became extremely difficult to control as it entered cloud despite the complete absence of any flight control warnings. After reversion to Direct Law, partial normal control was regained and, once visual, the flight was guided to an eventually successful landing. The Investigation found that the aircraft had been released from heavy maintenance with the aileron system incorrectly configured and attributed this primarily to the comprehensively dysfunctional working processes at the maintenance facility involved. Extensive airframe deformation meant the aircraft was a hull loss.)
- B38M, en-route, northeast of Jakarta Indonesia, 2018 (On 29 October 2018, a Lion Air Boeing 737-MAX 8 crew had difficulty controlling the pitch of their aircraft after takeoff from Jakarta and after eventually losing control, a high speed sea impact followed. The Investigation found that similar problems had also affected the aircraft’s previous flight following installation of a faulty angle-of-attack sensor and after an incomplete post-flight defect entry, rectification had not occurred. Loss of control occurred because the faulty sensor was the only data feed to an undisclosed automatic pitch down system, MCAS, which had been installed on the 737-MAX variant without recognition of its potential implications.)
- SF34 / PA27, Nassau Bahamas, 2018 (On 22 September 2018, a Saab 340B taking off in accordance with its clearance at Nassau came close to a midair collision over the main runway after a light aircraft began an almost simultaneous takeoff in the opposite direction of the same runway contrary to its received and correctly acknowledged non-conflicting takeoff clearance for a different runway without the TWR controller noticing. The light aircraft passed over the Saab 340 without either aircraft crew seeing the other aircraft. The Investigation noted that the light aircraft pilot had “forgotten” his clearance and unconsciously substituted an alternative.)
- GLF4, Abuja Nigeria, 2018 (On 12 September 2018, a Gulfstream G-IV overran the runway at Abuja after the air/ground status system failed to transition to ground on touchdown and the crew were slow to recognise that as a result neither spoilers nor thrust reversers had deployed. In the absence of recorded flight data, it was not possible to establish why the air/ground sensing system did not transition normally but no fault was found. The aircraft operator’s procedures in the event of such circumstances were found to be inadequate and regulatory oversight of the operator to have been comprehensively deficient over an extended period.)
- A320, Malé Maldives, 2018 (On 7 September 2018, an Airbus A320 was inadvertently landed on an under- construction runway at Malé in daylight VMC but met no significant obstructions and sustained only minor damage. The Investigation attributed the error to confusion generated by a combination of pilot inattention to clearly relevant notification, controller distraction, the failure of the airport operator to follow required procedures and the failure of the safety regulator to ensure that sufficient arrangements to ensure safety were in place and complied with.)
- JU52, en-route, west of Chur Switzerland, 2018 (On 4 August 2018, a Junkers Ju-52 making a low level sightseeing flight through the Swiss Alps crashed killing all 20 occupants after control was lost when it stalled after encountering unexceptional windshear. The Investigation found that the pilots had created the conditions which led to the stall and then been unable to recover from it and concluded that the accident was a direct consequence of their risky behaviour. It found that such behaviour was common at the operator, that the operator was being managed without any regard to operational risk and that safety regulatory oversight had been systemically deficient.)
- AT76, Fez Morocco, 2018 (On 6 July 2018, an ATR 72-600 followed an unstable approach at Fez with a multiple-bounce landing including a tail strike which caused rear fuselage deformation. The aircraft then continued in operation and the damage was not discovered until first flight preparations the following day. The Investigation found that the Captain supervising a trainee First Officer as handling pilot failed to intervene appropriately during the approach and thereafter had failed to act responsibly. The context for poor performance was assessed as systemic weakness in both the way the ATR fleet was being run and in regulatory oversight of the Operator.)
- B737 / B738, vicinity Amsterdam Netherlands, 2018 (On 29 March 2018, a Boeing 737-700 commenced a late go-around from landing at Amsterdam on a runway with an extended centreline which passed over another runway from which a Boeing 737-800 had already been cleared for takeoff. An attempt by the controller responsible for both aircraft to stop the departing aircraft failed because the wrong callsign was used, so low level divergent turns were given to both aircraft and 0.5nm lateral and 300 feet vertical separation was achieved. The Investigation concluded that the ATC procedure involved was potentially hazardous and made a safety recommendation that it should be withdrawn.)
- AS50, manoeuvring, East River New York USA, 2018 (On 11 March 2018, an Airbus AS350 engine failed during a commercial sightseeing flight and autorotation was initiated. The pilot then noticed that the floor-mounted fuel cut-off had been operated by part of the tether system of one of the five passengers but there was insufficient time to restore power. On water contact, the automatic floatation system operated asymmetrically and the helicopter submerged before the occupants could evacuate. Only the pilot was able to release his harness and escape because the unapproved adapted passenger harnesses had no quick release mechanism. The Investigation found systemic inadequacy of the operator’s safety management system.)
- A320 / Vehicle, London Gatwick UK, 2018 (On 3 February 2018, a runway inspection vehicle was cleared onto the active runway at London Gatwick ahead of an aircraft which had just touched down and driven towards it having been cleared to do so because the aircraft crew’s confirmation that they would clear the runway before reaching the vehicle was considered by the controller as a clearance limit. The Investigation found that the associated runway inspection procedure had not been adequately risk-assessed and noted that many issues raised by it had still not been addressed by the time it was completed eighteen months later.)
- Predictive Risk Management
- Safety Accountabilities and Responsibilities
- Just Culture
- Safety Oversight
- Safety Culture
- EASA: Practices for risk-based oversight; Edition 1, EASA, published 22 November 2016.
- UK CAA: CAP1092: Strategic Plan 2011-16, updated June 2014