November 29, 2022


Aviation Risk-Based Oversight – Commented by Steve Bentley CEO of Sofema Aviation Services (SAS)

Recommendation 1: The oversight planning and determination of the oversight cycle for each organisation should take into consideration the risk profile and the assessment of the safety performance.

When the risk profile relies on expert judgment, the decision-making should be made by consensus by a team of experts.


  • Developing a Risk Profile for your organisation now becomes an essential activity
  • The following areas may feature as part of your Risk Profile Development

o The cost of funding the business as an ongoing concern
o Compliance will all manner of financial and other regulations
o Information Security
o Cyber Security
o Internal Communication & Process Management
o Effective Reporting within the business and with partners
o New Projects
o Changes to the Business Operation

Recommendation 2: For each organisation, Risk-Based Oversight (RBO) parameters should be continuously monitored at an appropriate frequency in order to identify any trend and to review the oversight programme, its cycle, and the safety objectives.

The competent authority should continuously follow up and improve the overall RBO system.


In order to monitor and review there should be criteria which are established as a baseline ā€“ do you know what this criterion is in respect of your regulatory authority ā€“ If not then ask for guidance.

How is the evidence of continuous improvement identified?

Recommendation 3: The ICAO state safety programme (SSP) should be established and used as a background framework for RBO and the competent authority should have a functioning management system, as required by the rules.


Recommendation 4: The state oversight system should be mature enough before it can be complemented by RBO.

This oversight approach should be linked to the objectives of the SSP and of the management system of the competent authority.

EPAS actions should also be taken into consideration.

What constitutes maturity?

How is the linking effected and evident?

What European Plan for Aviation Safety Actions have been taken into consideration.

Recommendation 5: The management system of the competent authority should capture the different risk profiles of the regulated entities according to a model.

When determination of a risk profile relies on expert judgment, decision making should be made by consensus by a team of experts.

  • Risk-based oversight will contribute to increase the effect of oversight activities as risk areas are subject to increased attention.
  • The regulations instruct the authorities to carry out risk-based oversight, but the development does not move forward at the same pace in all domains.
  • Moreover, the regulatory requirements differ from one domain to the next. The introduction of risk-based oversight is therefore at different stages for the different domains.

Recommendation 6: RBO should be progressively deployed and the extension of RBO to additional domains should be consistent and appropriate. Initial introduction of RBO could be facilitated by a dedicated team of ā€œchampions.

What is your understanding of the current expectations related to Risk Based Activities within your Organisation & engagement with your competent Authority?

Recommendation 7: A system for the collection, analysis, and exchange of safety data at the level of State and regulated entity is a prerequisite for RBO, as well as safety management principles and a just culture environment.

Exchange of information on safety risks between competent authority and regulated entities should be established.

Development of an integrated risk picture in and across different domains should be done in partnership with involved stakeholders.

How is this information communicated to industry within your country?

Recommendation 8: Competent Authorities should develop arrangements for cooperation on oversight, exchange of collected safety information, sharing of RBO experience, feedback on experience with the SSP etc.ā€¦

Recommendation 9: Initial and continuous training should be given to inspectors implementing RBO, to cover:

  • Development of proper culture when interacting with industry
  • Use of expert judgment, especially when safety performance and ā€œgut feelingā€ are blended
  • Use of RBO-specific tools available at the competent authority.
  • Support and coaching should be available during the initial phase of RBO deployment.

Next Steps

FollowĀ this linkĀ to our Library to find & Download related documents for Free.

Sofema offers EASA Compliant Organizational Development through Risk BasedĀ Auditing & Measurement of Effectiveness as a 2-Days training program available as a classroom, either in company or open or as a web based instructor led training course. For additional details, please visit www.sofemaonline.comĀ or emailĀ


Aviation Training, EASA, Risk, Risk & Performance-Based Oversight, Risk Management, Risk-based Oversight, Safety Assurance, safety performance, SAS blogs, SAS training