Auditing EASA Risk Based Oversight of Air Navigation and Air Traffic Management

Sofema Aviation Services (SAS) www.sassofia.com considers the fundamentals of Risk Based Oversight related to Air Navigation and Air Traffic Management

Introduction

Risk-Based Oversight (RBO) is a dynamic approach to the safety oversight of the aviation industry, driven by the combination of the risk profile and safety performance of an organization. It focuses on ensuring compliance while also managing risks effectively.

Adopting a Risk-Based Oversight approach can lead to a more efficient and effective oversight process. By integrating data, focusing on identified risks, and ensuring collaboration, aviation authorities can enhance safety while optimizing resource use. Utilizing checklists ensures consistency and comprehensiveness in audits, leading to a more robust safety environment.

Risk-based oversight (RBO) is an approach that shifts the emphasis from a strictly compliance-based oversight system to one that is risk-informed and evidence-based.

• By using a combination of an organization’s risk profile and safety performance, planning and execution of oversight activities are more targeted and efficient.

RBO is an oversight approach that:

• Uses data to identify, assess, and prioritize risks.

 – Based on the Swiss model, data is at the heart of the RBO approach. It is crucial to gather, analyze, and interpret safety data to inform oversight decisions.

 – Track the effectiveness of corrective actions, manual revisions, occurrence reports, and more.

 – Analyze the number of reports, findings from inspections, aircraft data, etc.

 – Incorporate expert assessments or “gut feelings” to provide additional context.

 – Align resources and interventions based on the identified risks.

 – Monitors the safety performance of organizations.

Benefits of RBO

• Efficient use of limited resources.
• A proactive approach to managing safety risks.
• Better identification and understanding of emerging risks.

Flexibility

• Adjustments to oversight activities can be made depending on the changing risk profiles and safety performance of organizations.
• Cooperation with international partners, e.g., the European Strategic Safety Initiative (ESSI) of EASA, can provide additional insights into risks and best practices.

Implementing RBO

Planning Oversight Activities

• Planning for audits and inspections should be based on:
  • Ensure that all entities meet the relevant legal provisions.
  • Focus on areas with higher identified risks.

Developing a Checklist for RBO Audits

• Gather baseline data on the organization’s safety performance and risk profile.
• Verify compliance with national and international legal provisions and standards.
• Risk Assessment Prioritization of areas based on the safety risk portfolio.
• Evaluate the effectiveness, completeness, and alignment with the expected standards.
• Review corrective actions, manual revisions, occurrence reports, etc.

Example – The Swiss risk profile linked with the SSP

FOCA (Switzerland) has defined a simple risk profiling process, which is linked to the hazard identification process in place at the State level and supports the State Safety Programme (SSP).

Steering of oversight activity based on safety data

• Switzerland has for many years been carrying out integral oversight in the civil aviation sector encompassing airports and airfields, air traffic control, and other aviation entities
• Within the scope of its oversight of Swiss companies, the FOCA carries out audits and inspections to verify compliance with national and international legal provisions and standards.
• The planning of audits and inspections is carried out by a risk-based approach. In addition to carrying out audits and inspections of all companies, the FOCA focuses on companies or areas in which weak points have been identified.
• In the FOCA safety management system, the planning of these activities is described in the processes of the safety divisions. Generally speaking, the planning of oversight activities is based on the following criteria:

 – Compliance with the relevant legal provisions;

 – Prioritisation of safety areas based on the safety risk portfolio;

 – Need for action according to safety recommendations resulting from investigations by the SAIB;

 – Safety-related topics specified internally (by divisions/sections);

 – Recommendations of the Safety Risk Management division [using the Hazard identification process to collate the Hazard and Risk Register;

Oversight of safety management systems

• The assessment of stakeholders’ safety management systems is carried out as part of audits and inspections based on standardised catalogues of questions. This method permits a qualitative assessment of a safety management system and a comparison with the anticipated standard.
• Within the FOCA, the Safety Risk Management division is responsible for coordinating the further development of safety management systems and making recommendations regarding standardisation.

The goals are:

• To obtain a quantified statement about the performance of the operation;
• Data should be readily available;
• Easy input in the system;
• Various aspects of the operations are to be taken into account

Risk-Based Oversight (RBO) Guidance Document for EASA Air Navigation and Air Traffic Control

• Principles of Risk-Based Oversight.
• Risk Identification: Recognize hazards and evaluate associated risks.
• Risk Evaluation: Determine the severity and likelihood of risks.
• Prioritization: Target the highest risks for immediate action.
• Continuous Monitoring: Continuously monitor safety performance to ensure risks are managed.
• Feedback Loop: Use feedback to improve the oversight process.

Implementation of RBO in Air Navigation and ATC Oversight

Risk Profile Creation:

• Collect data related to operations, incidents, and other relevant metrics.
• Use this data to identify areas with elevated risks.
• Regularly update this profile as new data becomes available.
• Safety Performance Assessment:
• Evaluate the safety measures in place by the organization.
• Assess the effectiveness of safety management systems (SMS).
• Review historical safety performance data.
• Determine Oversight Priorities:

Risk Performance

• Use the risk profile and safety performance data to pinpoint areas requiring immediate attention.
• Direct resources to these high-risk areas for a more effective oversight process.

Risk Management Focus during Audits:

• Rather than checking for simple compliance, prioritize understanding how the organization manages and mitigates identified risks.
• Assess the efficacy of risk controls and mitigation strategies in place.

Effective Audit Assessment under RBO

• Review the organization’s risk profile and safety performance data.
• Develop an audit plan that targets the identified high-risk areas.
• Focus on understanding the risk management strategies in place.
• Evaluate how effectively risks are being controlled and mitigated.
• Ensure compliance but prioritize understanding of risk management.

Follow up

• Provide feedback on risk management effectiveness.
• Recommend improvements based on findings.
• Update the risk profile based on the audit findings for future oversight activities.

Developing a Checklist for RBO

• Risk Identification and Assessment:

 – Are all potential hazards identified?

 – Are risks evaluated for severity and likelihood?

 – Is there a system in place for continuous risk identification?

• Safety Performance:

 – Is there a Safety Management System (SMS) in place?

 – How effectively has the SMS been implemented?

 – Are there historical data on safety performance?

• Risk Management and Mitigation:

 – Are there clear procedures to manage identified risks?

 – How are risks communicated across the organization?

 – Are there effective mitigation strategies for each identified risk?

• Continuous Monitoring:

 – Are there metrics in place to continuously monitor safety performance?

 – How frequently is the risk profile updated?

• Feedback and Improvement:

 – Is there a system to collect feedback from all stakeholders?

 – How are improvements implemented based on feedback?

Next Steps

Follow this link to our Library to find & download related documents for Free.

Please see the following course EASA Quality Assurance Auditing Introduction for Air Navigation Services (ANS) – 3 Days

Visit our websites www.sassofia.com and www.sofemaonline.com or email team@sassofia.com

Tags:

Air Navigation, Air Traffic Control, aviation safety, EASA Air Navigation Services (ANS), Risk Assessment, Risk Identification, Risk Management, Risk Mitigation, Risk Profile Creation, Risk-Based Oversight (RBO), safety performance, Safety Risk Management, SAS blogs