Management Levels

SMS Considered

While in Bali talking Runway Safety with a wide range of industry personalities, I found myself at the hotel bar talking SMS with Bill Voss from Flight Safety Foundation. The topic was obviously on Bill's mind because upon my return, I found his latest president's piece in FSF's AeroSafety World to be a good overview of his main SMS points. Some of these points have been on my mind too. Since I'm not one to recreate the wheel (providing it works and is fit for purpose), I'll use some of Bill's well-formed words to kick this off.

Guidance Material

Back when the international standards for SMS were signed out at ICAO, we all knew we were going to launch a new industry full of consultants. We also knew that all these consultants couldn’t possibly know much about the subject and would be forced to regurgitate the ICAO guidance material that was being put out.

The title of the piece is SMS Reconsidered but I'm a little bit more critical of how SMS has been implemented in some places and would argue it was never really considered in the first place. The "regurgitation" of guidance material has been a big problem.

ICAO guidance material touting the "four pillars" was, as I saw it anyway, what the title suggested - guidance material. The industry was meant to consider the material and apply it within their operational context, corporate structure and organisational culture. The level of complexity within the operator, the existing systems in place, the attitudes of everyone involved were/are meant to be considered and a tailored SMS developed.

The reasons behind the current state of SMS are many, varied and probably not worth going over. It is more important to get the concept back on track. That's a big task and bigger than this little blog post. Instead, I wanted to discuss Bill's "four audit questions".

Levels Revisited

Bill's piece outlines four seemingly simple questions designed to test the operation of an SMS:

1. What is most likely to be the cause of your next accident or serious incident? 2. How do you know that? 3. What are you doing about it? 4. Is it working?

When posted on the FSF discussion forum on LinkedIn1, a fifth question (taken from the text) was added:

5. Can you show in the budget process where resources have been re-allocated to manage risk?

Interestingly, it was initially assumed that these were questions posed to the safety manager or some other safety professional as part of discussion between like-minded professionals. However, later comments did swing around to my first initial understanding that they could be asked of anyone within the organisation.

In fact, they should be asked of multiple people at different levels of the organisation.

A couple of weeks ago, I discussed the need to find the right solution at the right level and that the same tools may not be appropriate at different levels.

When thinking about SMS as a whole, there are an infinite number of ways of implementation but all must permeate all levels of the organisation with systems, processes and tools suitable to the needs of each level with communication channels between the various levels.

Bill's five questions, being agnostic to any specific SMS approach, can be applied to every level of the organisation. They should be asked of the safety manager, the operations manager, the training manager, the maintenance manager, the line supervisor and, probably most importantly, the CEO.

They aren't the only questions which need to be asked, but they are a good starting and ending point. Having all the "bits" of an SMS is required from a regulatory point of view but system effectiveness is vital to maintaining an ongoing level of assurance in an operator's ability to manage safety.

Pearls

I've audited or reviewed quite a few SMSs - only a few have showed any real consideration of the SMS concept and were tailored to suit the operator's needs. These were often the better performing systems and they bore little resemblance to the "four pillars".

At the Bali conference, I spied the completely different approach taken by Bombardier. It was mentioned a number of times that it is copyright, so I haven't included a picture here but you can find a presentation outlining their approach on the Transport Canada website. I can't comment on the effectiveness of the system but it is definitely food for thought and a ray of hope that the SMS concept is being considered, digested, pondered, manipulated, tailored, and so on.

1. It's a closed group, so I'm not sure who is able to see the discussion.

Integrating Runway Safety Teams with your Safety Management System

I've just spent an amazing week in Bali1 workshopping with operators and regulators from the Asia-Pacific region (and some from further afield) on the issue of runway safety. We got a lot of good information from the Flight Safety Foundation, ICAO and COSCAP as well as airlines, airports and regional regulators. The primary objective of the week was to provide information on and practice in the establishment and conduct of Local Runway Safety Teams (LRSTs). To this end, the seminars and workshop were great but I left feeling like one connection had been missed. The final question on my mind and many others, I am sure, was:

How do these runway safety initiatives integrate into my SMS?

I discussed this with a few of the other attendees and felt compelled to flesh out a few of my initial thoughts.

LRSTs are airport-based teams of representatives from runway safety stakeholders - the airport operator, the air traffic services provider, the airlines, the ARFFS provider and so on. The objective of this team is to collaborate on runway safety matters and coordinate responses to identified hazards or concerns. Much emphasis was placed on the inter-organisational and inter-disciplinary approach required when dealing with runway safety.

So how does this fit in with an operator's SMS?

The obvious relationship is through the committee arrangements found in most SMSs. In the ICAO approach to SMS, it is easy for me to imagine the LRST as a Safety Action Group (SAG).

According to the Safety Management Manual (SMM), a SAG is a "high-level committee, composed of line managers and representatives of front-line personnel" that "deals with 'grass roots' implementation issues pertaining to specific activities to ensure control of the safety risks of the consequences of hazards during line operations".

The language paints the SAG as an internal body but I see no reason why such a SAG of inter-organisational representatives cannot be convened as required when a safety issue requires it. The diagram on page 8-7 of the SMM suggests that multiple SAGs can be established and at Australian aerodromes, a safety committee of stakeholder representatives has been common thanks to some early advisory material.

A SAG sits under the Safety Review Board for that particular organisation, be they airport, airline, etc. The SRB is a higher-level committee tasked with strategic-level safety policy direction and safety assurance.

Graphically, the relationship could look something like this:

For complex environments, separate SAGs would be required and for smaller, less-complex environments, perhaps one committee is all that is needed with the various safety issues becoming working groups or even standing agenda items. It would be up to the operators involved to find the sweet spot - somewhere between the being so specific that there isn't enough work to do and being too general and having too much to do.

For airlines, and in some states, the air traffic service provider, there will be multiple LRSTs and other committees for them to attend. For these and large, complex airports, there maybe additional "mediator" committees required to coordinate and filter the numerous SAG-level committees outputs for input into that organisation's SRB.

So what are these inputs and outputs in terms of SMS functions?

If we look at the good ol' four pillars of SMS, then these inputs/outputs are the various elements of safety risk management, safety assurance and safety promotion.

Safety Risk Management

While each stakeholder's SMS will consider the risk associated with runway safety from their individual viewpoint and tend to identify treatment strategies within their sphere of influence, the real power in the LRST is the bringing together of these viewpoints to get a much more comprehensive picture of risk.

With this picture, the team is able to identify a range of treatment options designed to address the various aspects of the risk picture is ways that work together and cover the many causal and consequential pathways which exist within such a complex safety issue.

Safety Assurance

Again, each SMS in isolation would tend to measure only those aspects of safety performance within that stakeholders activities. As a bare minimum, the sharing of assurance information and at best, co-assurance activities, would greatly enhance the level of confidence each SRB would have that runway safety risk is being addressed.

Safety Promotion

Sharing a room, a team, an objective promotes safety much more than a safety poster. The safety training and communication systems within each stakeholder will be strengthened with the additional perspective provided by the other stakeholders. The possibilities here are endless.

Since I like drawing pretty little diagrams, here is another one describing the above:

Now, I don't want to diminish the progress one would make by establishing an LRST and getting some of the above going. These are very important steps and well worth the effort.

(here it comes)

But...

for those looking to the future, here are some challenges.

Amalgamating risk assessment methods - each stakeholder may have different approaches to risk analysis and they most certainly will have different risk criteria - pulling these together will a challenge.

Sharing assurance information - each organisation is going to need a strong just culture to achieve this one as airing your own dirty socks in public is never easy.

The answers to these challenges are...well, if I had definitive solutions, I probably wouldn't be sitting here blogging about them your free!

What I can suggest however, is that each stakeholder remains open with respect to risk assessment techniques and consider solving the problem on a common level - separate from the higher corporate level that a lot of SMSs operate on. With respect to sharing information, the suggestion at the RRSS Workshop was that if you want someone to share potentially embarrassing information with you, share some of yours first. I'd add to that, that it would be a good idea to establish agreed protections on the safety information to be shared.

Runway safety is a big, complex issue and there is a lot of work to be done on many levels. The LRST is one level, state runway safety groups are another. I am looking forward to some of the technological, operational and regulator advances that will be made in the future and with advances in safety performance monitoring being made, we might very well be able to monitor the effectiveness of progress in this area like never before.

1. I know. I have a tough life, right?

Levels. Levels? Yeah...

Seinfeld fans may remember this short exchange. Kramer might have been on to something and it had nothing to do with interior design. In my research and work, I've been butting up against a few theoretical roadblocks. But I am starting to think that these roadblocks are actually different levels. Internet guru1 Merlin Mann often observes that people need to solve the right problem at the right level. And now, I'm starting to think that is exactly what I need to do.

Identifying the different levels has been my task of late, and it is a task in need of completion.

This is where I'm at so far...

I was initially running with a military-style strategic/operational/tactical taxonomy. Specifically, strategic being the highest level and involving long-term, executive-level decisions through to frontline, troop-level decisions at the tactical level.

But these terms come loaded, so I've been looking elsewhere. Although, I don't think there are any terms left which don't carry some form of baggage.

So I've started down this road:

  • Executive - the highest level; involving the executive oversight or governance of the organisation; typically strategic although may be concerned with lower level issues from time to time.
  • Management - obviously, somewhere between the executive and the shopfront; probably characterised best as the level where enabling work gets done - things like personnel management, information management or hardware management.2
  • Operations - the real do-ers; practical actions taken in the extremely dynamic, real world.

I've been visualising this arrangement as something like this:

Different Levels

So what does this mean?

I believe the point of recognising the existence of the different levels is to accept that within each level, different objectives exist. As such, different tools and techniques may be required.

In thinking about this problem, I realised I posted something related to this before. In that post, I used different risk evaluation techniques at the different levels. While the overall risk management process should be consistent across all levels, the details differ because the objectives, contexts, and decisions differ.

At the highest/executive level, the context was related more to assurance with the decision about whether to accept the determined level of risk or to do more. As the risk picture changed, the executive decided to do more and directed the management level to produce a plan. At this level the risk evaluation methodology was quite different and quite tailored to the wildlife management context and the set of decisions required at that level - what to do about the various bird species.

Different Levels of Risk Assessments

I hinted at a third level of risk management but, to be honest, I haven't really seen that level employed in the real world in this context. OHS practitioners would be familiar with Job Safety Analyses (JSAs) which are a very operations-level activity which I thought would be similar to what I was thinking here.

I guess the moral of this rather rambling post is that I am becoming more and more convinced that an all-encompassing "enterprise risk management system" is not a simple case of having the same small set of tools for all levels. Instead, you need a framework that recognises the different levels (the different contexts, objectives and decisions) and creates linkages between these levels. My immature thoughts at this stage centre around the decisions and their resulting actions being those connections.

For example, the risk management being carried out at the lowest level may itself be a risk control measure for the next level up and so on. This becomes a bit circular but we might as well accept that it's turtles all the way down, people!

There may be more to come on this one, but right now, its bedtime!

1. He would so hate that title ;)

2. Safety management? I'm not too sure. I've been pondering this lately as well and when that thought is half-finished, I'll post it here too.