ERM and SMS Working Together in Harmony

Transcription

1 ERM and SMS Working Together in Harmony

2 Mike Smith CAA & Operations Auditing Lisanne Sison Director and Practice Leader, Risk Management Consulting

3 Agenda I. Overview of SMS II. Overview of ERM III. Review of common principles IV. Exercise Risk Assessment V. ERM and SMS in Practice

4

5

6

7 Benefits of SMS: US FAA Study Improved communication, Increased safety awareness, Integration of disparate departments and staff through collective assessment of risk and budgets, and Data collection and trending analysis to provide a higher level of awareness are reported as benefits of the SMS pilot studies

8 A framework for Safety Management Current Future Checklist Maint. Schedule Training Plan Security Policy Ops QA Manual Audit Plans CAA Regs. ERPs Worksheets JAR Alcohol & Drugs Policy MRM Safety Drills HSE Policy Policy Process Task No Structure Structured

9 Finance and Safety Financial Management System Finance Plan Targets & Objectives Company Board Management & Direction Establishes Objectives & Targets Sets Policy Safety Management System Safety Plan Targets & Objectives Budget Accountabilities Levels of Authority Procedures Delivers the Business Plan Raises and Approves Budgets Allocates Resources Budget Accountabilities Line Management Authorities Procedures Checks and Balances Internal Audit Accountants Management of Major Loss Generators makes Business Sense Monitoring/Line Checks Internal Audit Safety Committee Audit Findings Balance Sheets Audit Findingss Safety Achievement Profit/Loss Finance Case Safety Case Profit/Loss

10 Aerodrome Complexity Aircrew Firecrew ATC Security Staff Front Line Staff Dispatch Staff Ramp handlers Drivers Ground navigation Emergency Response Separation Security management Pax management Planning & Preparation Load Configuration Load transport Aircraft ER Hardware Navigational aids Detection systems Computer systems Computers / coms Hardware Vehicles Human Operators X Complexity X Technology =? Technology magnifies the consequences of Human Error

11 Prof. James Reason Chronic Unease Chronic Unease the hidden ingredient in successful safety leadership

12

13 Traditional Risk Management Hazard Risks Only Possibility of loss or no loss Restore an organization to its former pre-loss condition Focus on the accident loss Focus on specific loss exposure Enterprise Risk Management Hazard Risks + Business Risk Possibility of gain, loss, or no loss Enable an organization to fulfill its greatest productive potential Focus on the value of the organization Focus on the organization as whole Credit: G31000

14

15 Enterprise Risk Management (ERM) is a process, effected by an entity s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. - Committee on Sponsoring Organizations Enterprise Risk Management Integrated Framework, 2004

16

17

18 Einstein s* explanation ERM is a process that helps manage diverse organizational risks and supports successful achievement of objectives.

19 The ERM Triangle Utilize risk information for decision making Engage the entire organization in managing risk Continuously improve risk management capabilities

20 Alignment with ERM Frameworks Utilize risk information for decision making Engage the entire organization in managing risk Continuously improve risk management capabilities Governance Framework Risk Assessment Risk Ownership Control Activities Monitoring Control Effectiveness

21 Policies and Objectives Risk Assessment Mitigation Continuous Improvement Ongoing Engagement

22 ERM Only Common SMS Only Policies and Objectives Establishes management s commitment to continuous improvement of safety Establish goals and objectives Define program parameters and communication channels Establish risk appetite Risk Assessment Focus on safety risks Identify, assess, and prioritize risk Evaluate adequacy of existing controls Identify and define root cause risks from symptomatic risks Focus on strategic risks Mitigation Mitigations are both mechanical and operational Implement and test effectiveness of control activities over time Ownership of risk mitigation occurs at all levels of the organization Mitigations primarily operational Continuous Improvement Emphasizes a reporting culture Leverage metrics to advise action Structured and frequent training and education Seeks a state of contentment, but not complacency Emphasizes a collaborative culture Ongoing Engagement

23

24 The Airport Risk Manager s ERM/SMS Dilemma Or So much to do, so little time!

25 Lou Sorrentino CEO & Managing Director Mike Natale Senior Consultant, Risk Management Consulting

26

27 Safety Management Systems (SMS) I. Safety Policy Establishes senior management s commitment to continually improve safety, defines the methods, processes and organizational structure needed to meet safety goals II. Safety Risk Management Determines the need for, and adequacy of, new or revised controls based on the assessment of acceptable risk III. Safety Assurance Evaluates the continued effectiveness of implemented risk control strategies; supports the identification of new hazards IV. Safety Promotion Includes training, communication and other actions to create a positive culture within all levels of the workforce SMS information courtesy of FAA Website

28 Enterprise Risk Management (ERM) I. ERM Policy Set objectives, identify risk appetite and establish program parameters and communication channels II. III. IV. ERM Risk Assessment Identify, assess and prioritize risks and existing mitigations; evaluate risk treatment alternatives and implement changes to address any gaps ERM Assurance Monitor progress and facilitate continuous improvement through use of internal and external audits, metrics and performance reviews ERM Promotion Build ERM culture through sustained and targeted communication and training that enables people at all levels of the organization to incorporate consideration of risk when decisions are made

29 Two Challenges or One? Safety Management System (SMS) Enterprise Risk Management (ERM) I. Safety Policy II. Safety Risk Management III. Safety Assurance IV. Safety Promotion I. ERM Policy II. ERM Risk Assessment III. ERM Assurance IV. ERM Promotion

30 Risk Management 101 I. Identify loss exposures II. Measure and analyze loss exposures III. Select risk management techniques IV. Implement strategies and monitor results

31 Drilling Deeper I. Need for high level champion II. Organization-wide efforts a. Policy statements b. Risk Analysis c. Audits d. Training e. Communication

32 Drilling Deeper (cont d) I. SMS and ERM are not one size fits all. a. Scalable to your organization II. SMS can be implemented and, with minor tweaks, become the first step in organizational ERM program

33 Resources I. The Airport Risk Manager s ERM/SMS Dilemma by Lou Sorrentino, CEO, Aviation and Marine Safety Solutions International and Mike Natale, Senior Consultant, Bickmorehttp://sm4.global-aero.com/articles/the-airport-riskmanagers-ermsms-dilemma/ II. III. Safety Management Systems for Airports, Volume 1, Overview, Airport Cooperative Research Program, Transportation Research Board, ACRP Report 1 (2007). Application of Enterprise Risk Management at Airports, Airport Cooperative Research Program, Transportation Research Board, ACRP Report 74 (2012).

34

35 What is Risk Assessment? Risk Identification answers the question: What are the uncertainties that could impact the achievement of objectives? (positive and adverse potential outcomes) Risk Analysis answers the question: How likely is the risk to occur? If it occurs, how significant could the impact on our objectives be? Risk Evaluation answers the question: Given the risks and the overall analysis, which ones do we need to focus on and treat?

36 Types of Risks Credit: PRIMA

37 Scenario Runway Extension Project

38 Scope of Work I. Extend the length of the East/West runway by 900 meters westward and width from 30 to 45 meters from a point 100 meters from the intersection with the North/South runway. II. Extend the length of taxiway Delta by 900 meters westward. III. Estimated time to complete the work: Seven (7) months.

39 Scope of Work Runway utilization during the construction work I. Continuous utilization of the North/South runway during the construction project. II. North/South runway length is 3,850 meters and the distance available from threshold to intersection with the East/West runway is 2,600 meters. III. Information must be provided to airport users.

40

41 Identify Hazards I. Identify the hazards using brainstorming techniques. Brainstorm a list of possible hazards, their consequences and suggest mitigations. II. Complete the log as follows: List type of operation or activity State the generic hazard (hazard statement) Identify specific components of the hazard List hazard mitigations

42

43 Identify Hazards I. Extend your hazard identification exercise to consider broader Enterprise Risks: a. Financial Risks b. Environmental / Compliance Risks c. Political Risks d. Reputational Risks

44 Common Risk Assessment Pitfalls Not an accurate way to predict risks Don t get lost in the ratings Tendency to rate risks too high Leads to distrust in results If not conducted in a methodical, interdisciplinary way, can lead to inefficient allocation of resources