Sofema Aviation Services (SAS) Considers Best Practice Risk Process & How to Assess.
Introduction – Business Risk & Assessment of Change in EASA Part 145
While Safety Management Systems (SMS) focus on aviation safety, EASA regulations acknowledge that business risks (financial pressure, commercial expansion, restructuring) are often the root cause of safety risks.
- Managing the safety impact of business decisions is a core principle of a mature SMS.
Business Risk Change Management Principles
The management of change (MoC) process serves as the bridge between “Business Reality” and “Safety Obligations.” The following principles guide how an organisation should handle business-driven changes:
Principle 1: Economic Reality is a Hazard Source
The regulation acknowledges that changes in an organisation’s economic situation (e.g., commercial or financial pressure, a supplier’s bankruptcy, loss of a major contract) constitute distinct hazards.
- A business risk (e.g., “We need to cut costs by 10%”) immediately becomes a safety risk (e.g., “Will we reduce training or extend shifts?”).
- The SMS must treat a “budget cut” with the same rigour as a “tooling failure.”
Principle 2: The “Three Pillars” of Business Impact
When a business change occurs (e.g., a merger, new base, or restructuring), the organisation must assess the impact on three specific areas defined in the guidance material:
- Resources: Will the change affect the availability of human resources (staff numbers/competence) or material resources (tools/facilities)?
- Management Direction: Will the change alter policies, processes, or the training strategy?
- Management Control: Will the change weaken the supervision or oversight capabilities (e.g., removing a layer of middle management to save money)?
Principle 3: Proportionality and Scalability
The rigour of the change management process must match the magnitude and criticality of the change.
- A “large” business change (e.g., acquiring a competitor) requires a complex safety case, whereas a “small” change (e.g., changing a roster pattern) requires a simpler risk assessment.
- However, the potential impact on human performance must be assessed regardless of the size of the change.
Principle 4: Integration with Contracting
Business risks often lead to outsourcing.
- The SMS must specifically address the risks inherent in complex operational and maintenance arrangements, such as subcontracting or multiple levels of contracting.
- The principle is that “you can outsource the work, but not the safety accountability.”
How to Assess Change: A Structured Approach
The assessment of change is not just a “box-ticking” exercise; it is a structured investigation into what could go wrong before the change is implemented.
Step 1: Define the Change & The “Transition Period”
Before assessing risk, clearly define the “Future State” (where you want to be) and, critically, the “Transition Period”.
- Assessment Question: How will we operate during the change? (e.g., while moving hangars, will we be working from temporary containers? Are old and new IT systems running in parallel?)
- Regulatory Focus: Special consideration must be given to this period as it is often where confusion and risk are highest.
Step 2: Hazard Identification (The “Business” Triggers)
Identify hazards triggered by the specific business change. Use the “Business Impact” pillars as a checklist:
- Organizational Structure: Does the new chart leave gaps in accountability?
- Personnel: High turnover or influx of new staff (loss of tribal knowledge)?
- Commercial Pressure: Does the new contract require turnaround times that physically cannot be met with current staffing?
Step 3: Risk Assessment (Safety Case)
For major changes, develop a Safety Case. This is a formal argument supported by evidence that the change is safe.
- Analyze: What is the probability of an error occurring due to this change? What is the severity?
- Human Factors (HF): Specifically assess the HF impact. Will the new process increase fatigue? Will the new software increase cognitive load?
Step 4: Define Mitigating Actions
If the risk is unacceptable, define controls before implementation.
- Example: If a business decision reduces staff by 20%, the mitigation might be to reduce the approved scope of work or extend turnaround times to prevent “time pressure” errors.
Step 5: Implementation & Verification
The assessment does not end when the change starts. You must verify if the change is working as planned.
- Verification: Did the mitigation work? (e.g., “We hired contractors to fill the gap—are they actually competent?”).
- Continuous Improvement: Use the internal investigation process to capture any “teething problems” or errors caused by the change and feed this back into the system.
Next Steps
Sofema Aviation Services (SAS) and Sofema Online (SOL) Provide Classroom and Online Training – offering almost 1000 Courses, packages, and diplomas compliant with EASA, FAA, UAE GCAA, Saudi GACA, UK CAA, and UK OTAR.
Tags:
aviation safety, EASA Part 145, Human Factors, Aviation Management, Safety Management Systems (SMS), Sofema Online (SOL), Aviation Risk Management, Aviation Best Practices, Aviation Risk Assessment, Sofema Aviation Serices (SAS)
