P4-SAF-0004 Operational Risk Management Procedure

Operational Risk Management Procedure
P4-SAF-0004
SUBMITTED BY: AAR WASS 1 AAR WAY, Rockledge, FL 32955
1 JULY 2021
AAR WASS P4-SAF-0004

Dept: Safety Eff. Date:07/01/2021 Rev: 1 Page 2 of 28
Table of Contents
1. Revision History .................................................................................................................. 3
2. Scope .................................................................................................................................... 3
3. Owner .................................................................................................................................. 3
4. References ........................................................................................................................... 3
5. Associated Documents/Forms ............................................................................................ 3
6. Definitions ........................................................................................................................... 3
7. Responsibilities .................................................................................................................... 3
8. Hazards ................................................................................................................................ 7
9. Risks ..................................................................................................................................... 8
10. What Are Assets ................................................................................................................ 11
11. SAFETY RISK ASSESSMENT PROCEDURE .............................................................. 13
12. Hazard Identification ....................................................................................................... 18
13. Principles of Risk Management ...................................................................................... 20
14. Terms and Definitions ..................................................................................................... 22
ATTACHMENT 1 – RISK MANAGEMENT WORKSHEET EXAMPLE ............................... 27
ATTACHMENT 2 – RISK MANAGEMENT WORKSHEET ................................................... 28
TABLES
Table 1: Revision History *Add, Modification or Deletion ......................................................... 3
Table 2: Risk Probability Categories .......................................................................................... 15
Table 3: Risk Severity Categories ............................................................................................... 16
Table 4: Root Cause Table.......................................................................................................... 19
Table 5: Acceptable Risk Determination.................................................................................... 21
FIGURES
Figure 1: SRM/Safety Assurance Diagram ................................................................................. 9
Figure 2: Risk Assessment Potential Risk Chart ....................................................................... 12
Figure 3: Risk Assessment Matrix ............................................................................................. 14
Printed or saved copies are considered uncontrolled and shall be used for reference only.

1. Revision History
Change Date Number of Figure, Table *AMD Title or Brief Description Change
Number or Paragraph Requester
PID
Rev 1 07/1/21 Annual Review of M Operational Risk Management HH9292
SOP Procedure
Table 1: Revision History *Add, Modification or Deletion
2. Scope
To provide all levels of management with a standardized written process to identify and
control undesirable events before they occur. This document shall be used as the
primary risk management tool for all CONUS and OCONUS AAR ground and flight
support activities. An actual “Flight Risk Management” shall be conducted in accordance
with the “Guide for Aviation Training and Standardization (GATS).”
3. Owner
The Aviation Safety Manager owns this procedure. No changes, additions, or alterations
may be made without the owner’s written approval.
4. References
Appendix C to 29 CFR 1910.119 – Compliance Guidelines and Recommendations for
Process Safety Management (Non-Mandatory)
U.S. Army – FM 3-100.12 (DoD Joint Services Publication for Risk Management)
U.S. Army Regulation 385-10
ICAO Safety Management Manual DOC 9859 Fourth Edition, 2018
FAA Advisory Circular Number No: 120-92B
FAA Order 8040.4A Safety risk Management Policy Effective Date 04/30/12
5. Associated Documents/Forms
Plan-4-SAF-0001 Flight / Ground Safety Operations
6. Definitions
Terms and definitions are found in Section 13.
7. Responsibilities
Organizationally, risk management is a shared responsibility at all levels of management.
Employees, at all levels, are responsible for complying with rules, regulations, and
policies, and for avoiding/mitigating risks both in daily activities and in supporting
operational missions and management decisions.

The Program Director acting as the Accountable Executive (AE) and all Directors and
Site Managers have all signed a Safety Management Systems (SMS) Policy statement
establishing an effective risk management process to mitigate or eliminate the risks
encountered while conducting Air Wing operations and support activities. Supervisors
and Leads must ensure a supportive risk management environment; provide employees
with the necessary skills and knowledge to identify and mitigate risks and hold them
accountable for doing so; monitor risk indicators and ensure necessary corrective actions
are taken.
7.1. Safety Risk Management (SRM)
SRM Is the core activity of the Safety Management System. It is a decision-making tool
that utilizes a set of standardized processes to proactively identify and fully document
hazards, analyze and assess potential risks, and prescribe appropriate mitigation
strategies.
Throughout the SRM process, hazards are identified; risks are analyzed, assessed,
prioritized, and then mitigated appropriately.
The end state of the process is to reduce risk to “As Low as Reasonably Practicable”
(ALARP). Staff members must work towards risk mitigation in daily activities, alert
supervisors to possible problems, and help take corrective actions.
7.2. Purpose of Safety Risk Management
The purpose of risk management is to identify potential problems (undesirable events)
before they occur so risk-handling activities may be planned, developed, and invoked as
necessary to mitigate identified hazards. The objective is to protect personnel and assets
against the negative consequences of non-desirable events in order to achieve desired
objectives.
The overriding objective for implementing risk management is to provide reasonable
assurance to both executive and senior-level management that the organization’s goals
and objectives are achieved. It is a primary management tool to assist in the alignment
of risks and strategy, enhance risk response decisions, reduce operational surprise and
losses, identify and manage cross-MOB/FOL risks, provide integrated responses to
multiple risks, seize opportunities and improve rapid response capabilities.
7.3. Applicability of the SRM process
The SRM process is designed to be multifaceted and can be applied in one of three
ways:
Reactive – The reactive application of the SRM process is typically in response to the
identification of a hazard or an ineffective risk control resulting from an event that has
already occurred (investigation or quality escape). The process will allow for further
review of additional or hidden risks associated with the event as well as any new risk
controls required for mitigation purposes.
Proactive – The proactive application of the SRM process is initiated in response to
significant changes to the organization or its operations that could lead to new hazards.
The intent is to prescribe appropriate mitigation strategies to control risk before an event

occurs. The SRM process will be applied to high-risk audit findings and may apply to
lower-risk audit findings at the discretion of the Site Manager.
Predictive – The predictive application of the SRM process is initiated with any observed
“trend” resulting from internal trend analysis processes or key performance indicators.
The intent is to provide insight into any undiscovered hazards that may not be readily
identified by trend analysis.
7.4. Risk Management and When to Use It
Risk management tends to facilitate the exchange of information, ideas, and expertise
across functional areas and disciplines. Its purpose is to generate ideas and promote the
good business practice. All too often, assessments of hazards are crudely made and the
consequences of getting things wrong can be serious, including lost opportunities, loss
of business, loss of reputation, and even life. In the long run, risk management can save
time, money, and protect assets.
Risk management must be used whenever there is a likelihood of a non-desirable event
or negative outcome that may place the organization, assets, or personnel at an
unacceptable risk. This also includes the inability to meet desired goals and objectives.
Risk consideration must include those activities or circumstances associated with
business, finance, operational support, politics, legal activities, security, accidents,
safety, or the environment.
7.5. Safety Risk Management Assists Management
Safety Risk management (SRM), corporate policies, and program standard operating
procedures must be integrated and should augment each other. Risk management
strengthens executive-level oversight, forces an assessment of existing senior
management-level oversight structures, clarifies risk management roles and
responsibilities, sets risk management authorities and boundaries, and effectively
communicates risk responses in support of key business objectives:
• Evaluating the likelihood and impact of non-desirable events
• Developing responses to either prevent those events from occurring or
manage their impacts if they do occur.
There are many silos of ideas and stove-piping of information within the organization,
each having a point of view on managing risks. Silo or stove-piping mentality inhibits
efficient allocation of resources and management of common risks, program wide. When
managing multiple risks there is a need for a common framework within the SMS
program in order for risk management to be effective.
As AAR and other departments within AAR talk more about the importance of Safety
Risk Management (SRM), senior management may be required to disclose and
comment on the department’s capabilities for understanding and managing risks. Formal
and informal assessments are necessary to determine whether expected results are
adequate in relation to the risks undertaken.
As the business environment continues to change and the pace of change accelerates,
management must become better at identifying, prioritizing, and planning for risk. Risk

Management drives management to identify alternative future scenarios, evaluate the

likelihood and severity of those scenarios, identify priority risks and improve the
organization’s capabilities around managing those risks. As the environment changes,
new risks emerge and should be escalated in a timely manner for disclosure and action.
Risk management helps management create risk awareness and a positive culture
concerning risk and risk management. Individuals can raise issues without fear of
retribution and voluntary reporting of hazards becomes more accepted within the
workforce.
7.6. (SRM) Risk Analysis
The output of the SRM Risk Analysis process (unlike the Risk Assessment process) is
intended to be used as a decision-making tool for safety events.
As a general guideline, the following steps shall compose the SRM process:
Step 1 - System Analysis—Identify the system, process procedure, or change to be
analyzed.
Step 2 – Identify Hazards—Individually list all potential and existing hazards and risks
relating to the event, hazard, process, or change. If ineffective risk controls are
suspected, ensure they are identified, and new controls are applied accordingly.
Step 3 – Conduct a Risk Assessment—On the risk as it currently exists without controls
applied using the INL/A Program Directive Risk Matrix. This risk will be identified as either
a “Low” “Medium” or “High” score.
Step 4 – Control Safety Risk—Safety Risk Controls will be developed to control the level
of risk to “As Low as Reasonably Practicable” (ALARP) by reducing the severity and/or
probability of the threat/hazard unless authorized by the Accountable Executive in
accordance with the risk acceptance section of this manual. Reassessments of risk and
events or processes with controls now applied shall be identified as ‘residual risk”.
7.7. SRM Trigger Points
This Safety Risk Management Plan includes Risk Trigger Points. A “Risk Trigger Point”
shall be referred to as an element of time or a specific situation when recognized or
achieved will require the activation of the Emergency Action Plan, a Contingency Plan,
and/or the elevation of the hazard to a higher risk level. Notification must be made to the
responsible Functional Area Director or Site Manager anytime a risk level is elevated to
a higher level.
7.8. SRM Triggers
The SRM process shall be “triggered” by any of the following changes:
• Implementation of new systems.
• Revision of existing systems.
• Significant employee injury.
• High-risk damage to a customer’s aircraft.

• High-risk quality escape on a customer’s aircraft.

• Development of Operational procedures or significant revision of company policy,
processes, or procedures.
• Introduction of new customers or contracts.
• A significant change to a customer’s work scope.
• New or revised products or services.
• New tooling or equipment, or a lack of required tooling or equipment
• Identification of hazards or ineffective risk controls through the Safety Assurance
process.
• Internal investigations or trend analysis items assigned a high-risk assessment
score.
8. Hazards
A hazard is defined as any existing potential condition that can lead to personal injury,
illness, death, damage to or loss of a particular system, equipment, property, or damage
to the environment.
Identification of hazards is done through all accessible means for example:
• SMS reports
• Audits planned within the Quality Assurance Program
• Incident and safety reports
• Daily reports stemming from various sectors of the company
• Incident reports stemming from service providers
• Incident reports stemming from customer operations
• External information provided by Flight Safety Organizations
The analysis should consider at least the following minimum inputs to the system or
process:
• Operating environment
• Function and purpose of the system or process being analyzed
• An outline of the systems process and procedures.
• The personnel, equipment, training, and facilities used for operating the
system.
• Any human factors that may potentially affect the system or process.
• Factors causing injury, illness, or death to personnel.
• Factors causing damage to or loss of equipment or property, or mission

degradation because of an accident or incident.

• Factors causing negative environmental impact.
• Effects of weaken security efforts.
• Personnel and assets at risk because of natural disasters as well as
deliberate attacks from an adversary.
8.1. Threats
For this document, a “threat” represents the failure mode through which the
hazard can materialize. It is a “sub-set” of a hazard and a direct immediate
source of danger or an undesirable event including any opposing force,
condition, source, or circumstance with the potential to negatively impact
personnel, program assets, or mission accomplishment and/or degrade mission
capability. Example: The risk is severe weather – the hazards are tornadoes,
hurricanes/tropical storms, lightning, severe thunderstorm, etc. – the “threat” is
a 15-foot storm surge associated with Hurricane Daniel, a category IV hurricane
approaching Central Florida coastline from the southeast.
9. Risks
A risk can be made up of one or more hazards (undesirable events or outcomes)
associated with organizational activities or situations. They are stated in terms
of probability meaning the likelihood that an undesirable event or hazard will
occur and the severity of the potential impact of adverse consequences or the
outcome of an undesirable event if the non-desirable event (hazard) were to
occur. Consideration must also be made to the rate of exposure to hazard. The
probability of adverse consequences becomes greater through increased
exposure to the negative conditions. Thus, exposure or trigger points may be
viewed as another dimension of probability or severity.
9.1. Effective Risk Management
This risk management includes early and aggressive risk identification through
the collaboration and involvement of relevant stakeholders. Strong leadership
across all relevant stakeholders is needed to establish an environment for the
free and open disclosure and discussion of risk.
Strategies of risk mitigation include transferring the hazard to another party,
avoiding the hazard, reducing the negative effect or impact of the hazard, and/or
accepting some or all of the consequences of a particular hazard. The process
entails organized and structured activities that facilitate the management and
control of identified hazards and threats. Safety Risk Management as a
functional risk management tool is used to ensure conformance with SMS risk-
management policies, directives and shall be used by all functional areas and at
all locations in support of program activities to balance risk with mission benefits.

9.2. The SRM/Safety Assurance processes depicted
Figure 1: SRM/Safety Assurance Diagram

9.3. Benefits of Risk Management

The benefits of a proactive organizational risk management program are:
• Improved collective and individual decision making.
• Improved probability of the achievement of objectives.
• The ability to deliver improved performance, effectiveness, and efficiency of
operations.
• Enhanced mission accomplishment by:
- Improving customer satisfaction.
- Improving operational efficiency and regulatory compliance.
- Avoiding waste and hazard waste mismanagement.
- Avoiding resource drain of responding to allegations of mismanagement.
- Not having to do work over to correct faults.
• Early warning and intervention of problems; fewer “Mistakes” from outside.
• Credibility with all stakeholders, including customers, senior management,
corporate leaders, and other functional area managers.
• Enhance management confidence that functions under their responsibility
are being properly managed; effective; and free from ethical lapses, waste,
fraud, abuse, and threats to health and safety and;
- Confidence that they will be the first to know if things start going off track
and will have time to fix them.
- Credibility with supervisors; data and information to make a case for
improvements and supporting resources.
9.4. Employee and Management Responsibilities
All Functional Area Directors, Managers, and Site Managers are responsible and
accountable for assessing their operational risks as a total functional entity (or
system), employing the procedures listed below:
• The Program Director or his designated appointee shall have program risk
management oversight and shall be responsible for ensuring functional
area compliance with risk management policies and procedures.
• The Safety Director will comply with all program contract requirements,
including providing training on the application and use of the Safety Risk
Management (SRM)/Safety Assurance Process.
• Supervisors will evaluate mission requirements, operational capabilities,
and limitations so they can make sound risk decisions in the
accomplishment of the mission.

• The “Safety Risk Management Worksheet” form (sample sheet and

worksheet attached at the end of this SOP) should be used as a tool to help
supervisors in the decision-making process for critical operations.
• Employees will be knowledgeable of their mission task, will not take any
unnecessary risks, and maintain safety awareness. All employees must
notify their supervisor about recognized risks that may compromise the
mission or personnel safety.
Safety Risk Management is required for all flight operations and should be
accomplished for all deployments, FOL relocations, and logistical movements
involving large volumes of assets or sensitive equipment. Risk management
should be used as part of an operational safety briefing prior to the
commencement of operational tasks.
A risk is defined as what may occur if the hazard should manifest itself. Risks
are managed with mitigation (control) measures to prevent the hazard from
occurring.
The risk may involve more than one of the following elements:
• Regulatory Compliance
• Safety of Flight
• Operational Missions
• Physical Injury
• Damage to Assets (including customer assets)
• Potential Increase in Costs or Revenue Loss
• Customer Relationship
10. What Are Assets
The five broad categories of assets representing sources of value, and examples
within each category, are illustrated below. These five asset categories include
sources of value underlying an organization’s business strategy. By
emphasizing strategy-setting, risk management can be transitioned to a
differentiating skill for enhancing and protecting assets and values as
management seeks to make the best decisions in the pursuit of achieving
operational goals, new opportunities for growth, enhancements, and returns.
Risk management should help managers become confident in their
understanding of the risks and the capabilities at hand within the organization to
manage those risks.
The risk assessment process can lead to more comprehensive risk responses
when management identifies potential future events that could affect each
category of assets critical to the execution of the mission.

The schematic below illustrates categories of potential future events that might
be considered during a risk assessment:
Pervasive quality
Unauthorized use Physical Customer Significant losses of
Inefficient use Assets Assets key customers or
channels
Catastrophic loss
Inefficient channels
Unacceptable costs
Loss of market or
business opportunities
Organizational
Assets
Talent shortages
Poor economic performance Employee Work stoppages
Lack of economic sources of debt Finance
or equity capital Supplier Loss of morale
Unacceptable losses Assets Assets

Poor supplier
performance
Insufficient liquidity
Excessive cost and
Inefficient use lead times
Lack of leadership Inadequate information for

Unclear or obsolete strategies decision making
Lack of resiliency Financial restatement
Lack of institutional learning False executive certifications
Ineffective or inefficient processes Business interruption
Irresponsible Erosion of intellectual property
Poor quality
Ineffective partnership
Figure 2: Risk Assessment Potential Risk Chart

11. SAFETY RISK ASSESSMENT PROCEDURE

It is important to remember the likelihood or severity of risk may change as a result of
time, distance, intensity, or other variables which may or may not have been
previously identified. Regardless, these variables are referred to as trigger points. A
trigger point may also include a quantitative event or outcome that will require the
elevation (or reduction) of a risk, activation of the Emergency Action Plan, or the start
of a Contingency Plan to help mitigate the immediate threat associated with the
hazard and to protect assets and personnel. Remember, a trigger point may elevate
or lower the risk. Anytime there is a change in operational tasks/requirements or if the
conditions/variables change, the risk assessment must be reevaluated.
11.1. Risk Assessment Matrix
A risk assessment is a risk tool utilized to quantify and categorize varying levels of
risk. The objective of risk management is to ensure that significant risks are identified,
and appropriate actions are taken to minimize risks as much as is reasonably
achievable. Risk Assessments include the determination of a risk score which is
quantified by combining the product of probability (likelihood) and severity of the
potential effect of a hazard or undesired event.
The tool is presented in a matrix format through the risk evaluation matrix. Risk
assessments are intended to quickly conclude the overall safety exposure resulting
from an event. Risk assessments are generally NOT utilized to make safety related
decisions (as risk analysis is) but are generally used to:
• Quantify safety events
• Rank safety events
• Determine the overall exposure from a specific safety issue
• Track exposure
• The document, categorize and prioritize safety events

11.2. Risk Assessment Matrix Probability Scale (Top of Matrix – Left to Right)
Risk Probability Risk Severity (X-Axis)
(Likelihood) Minimal Minor Major Hazardous Catastrophic

(Y-Axis) 5 4 3 2 1
Frequent
A-5 A-4 A-3 A-2 A-1
A
Probable
B-5 B-4 B-3 B-2 B-1
B
Remote
C-5 C-4 C-3 C-2 C-1
C
Extremely
Remote
D-5 D-4 D-3 D-2 D-1
D
Extremely
Improbable
E-5 E-4 E-3 E-2 E-1
E
Figure 3: Risk Assessment Matrix
11.3. Risk Assessment

This step involves consideration of both the probability and the severity of any adverse
consequences or undesirable events. In other words, this is how the loss potential is
determined. In carrying out risk assessments, it is important to distinguish between
“hazards”, the potential to cause harm, and “risks”, the likelihood of that harm is
becoming a reality within a specified period of time and preventing the organization
from achieving its objectives. Consider Trigger Points in the event the hazard
becomes an active threat or if the hazard should become elevated to a higher level of
severity.
Trigger points may also require the activation of an Emergency Action Plan or
Contingency Plan. The Risk Assessment Matrix, shown above, shall be used as the
program standard in the risk assessment process.
• Probability: Determine the probability or likelihood that an undesirable event will
occur.
• Severity: In terms of potential or expected consequences determine the most
likely severity level if an undesirable event were to occur. Severity considerations
must be made in terms of the degree of injury, property damage/loss, and
business or operational process-impairing factors (actual or potential loss of

personnel or assets, adverse publicity or damage to brand name, legal

ramifications, or fines and/or penalties). When considering a severity level, the
rate of exposure to the hazards must be included. The probability of these
adverse consequences becomes greater through increased exposure to unsafe
conditions. Thus, exposure may be viewed as another dimension of probability.
• Risk Assessment Matrix: The intersection of the probability and severity scales
(see Matrix above) will indicate the risk exposure or risk level. There are three
sub-steps in this step. They are:
- Assess the probability of the event or occurrence.
- Estimate the expected result or severity of an event or occurrence.
- Assess the impact of each hazard in terms of potential loss and cost based
on probability and severity using the Risk Assessment Matrix.
Without proper mitigation what is the probability or likelihood that the identified risk or
threat may occur over a period of time or during a mission/task? Consideration must
be made to the individual item/system, fleet or inventory, individual employee, and all
personnel exposed.
11.4. Risk Probability (Likelihood) Categories
Quantitative - Time/Calendar - based Occurrences

Qualitative
Domain- wide/ System-wide
Frequent Expected to occur more than 100 times per year (or
Expected to occur routinely
A more than approximately 10 a month)
Probable Expected to occur between 10 and 100 times per year

Expected to occur often
B (or approximately 1 -10 a month)
Remote
Expected to occur infrequently Expected to occur one time every 1 month to 1 year
C
Extremely
Remote Expected to occur rarely Expected to occur one time every 1 to 10 years
D
Extremely
Improbable Unlikely to occur, but not impossible Expected to occur less than one time every 10 years
E
Table 2: Risk Probability Categories

11.5. Risk Severity Categories

To select the proper severity level, consider the worst-case scenario for the identified
hazard. Then select the severity category from the list shown below. The severity will
either be catastrophic, hazardous, major, minor, or minimal.
Minimal Minor Major Hazardous Catastrophic

Personnel injury or Minor medical Lost workdays due Serious Death, critical
illness requiring treatment beyond to injury or illness injury/illness injury/illness, or
only First Aid First Aid, no lost not exceeding 3 requiring permanent total
workdays months hospitalization, disability
permanent partial
disability, or
temporary total
disability in excess
of 3 months
Slight equipment, Minor equipment, Major system, Significant system, Equipment
system, or system, or equipment, or equipment or destroyed; total
property damage, property damage, property damage, property damage, system or
but fully functional but fully functional repairable on site or requiring off-site equipment (hull)
with on-site repair repair or loss, severe
within 24 hours replacement property, or
environmental
damage
Aircraft: affects Aircraft: total hull

structural strength, loss
performance, or
flight
characteristics
Operational
showstopper,
Degraded mission Significant mission
Little or no complete mission
No impact on readiness or impact or
adverse impact on failure, or loss of
mission capability marginal impact to degradation to
mission capability ability to
the mission mission readiness
accomplish the
mission
Little to no Significant Unacceptable
No collateral or Minor collateral or
collateral or collateral or collateral or
environmental environmental
environmental environmental environmental
damage damage
damage damage damage
Table 3: Risk Severity Categories

11.6. Develop Controls & Make Risk Decisions

Hazards are assessed and an initial risk level is determined. Controls are developed
and applied then the hazard is reassessed to determine residual risk. Final risk
decisions are always based on residual risk. The process of developing and applying
controls measures and reassessing risks are:
• Consider risk control options.
- Avoid the risk.
- Transfer the risk.
- Accept the risk and all of the consequences of the particular hazard.
- Take action to reduce the risk to an acceptable level.
• Start with the most serious risk first.
• Refer to preliminary hazard analysis causes.
• Does the benefit outweigh the risk?
• Communicate with higher authority if required.
• Determine residual risks after controls are put into place.
- What will be the residual risk after controls are in place?
• Mitigation may include the development of both contingency and continuity
plans.
• Do not average your risks. The highest residual risks associated with your
hazards shall be the risk level for the risk assessment and not an average.
11.7. Risk Mitigation: Implement Controls
Leaders and Managers must ensure mitigation controls are converted into clear and
simple processes in order to facilitate proper and prompt execution. Implementing
controls includes coordination and communication with all affected organizations and
departments.
11.8. Risk Mitigation: Supervise and Evaluate
The last step of the risk management process is to ensure risk controls are
implemented and enforced to a known and achievable standard. It also provides the
means of validating the adequacy of selected control measures in supporting the
objectives and desired outcomes. Supervision and evaluation must occur throughout
all phases of any mitigating activities, operations, or process. This continuous process
provides the ability to identify weaknesses and to make changes or adjustments to
controls based on available personnel, assets, performance, changing situations,
conditions, or events.

The following is a checklist to help supervise and evaluate this process.

• Evaluate and Monitor for Effectiveness of Controls and adjust as necessary.
• Watch for Changes.
• Develop Contingency Plans.
• Test Contingency Plans.
• Table Talk Scenarios.
12. Hazard Identification
Risk is an aggregate of one or more hazards (non-desirable events or outcomes)
associated with organizational activities or situations. A hazard is any real or potential
condition that can cause harm, injury, illness, death, damage to the business or
assets, financial loss, mission degradation, negative political or business impact.
12.1. Phase of operation
Identify each major phase of the operation that supports the overall task to perform.
For example, the overall task may involve moving a FOL. Phases may include
packing, loadout, transport, set up, etc.
12.2. Identify Hazards
Once each phase of the operation has been recorded, identify those hazards
associated with each phase of operation. Hazard considerations include; but, not
limited to:
• Business factors: includes planning, decision making, brand name, project
management, business development.
• Communications: includes the medium, terminology, culture, and language.
• Defenses: includes such factors as the provision of adequate detection and
warning systems, the error tolerance of equipment, and the extent to which the
equipment is hardened against failures.
• Design Factors: includes equipment and task design.
• Environmental Considerations: includes weather anomalies such as severe
weather, hot/cold temperature extremes, seismic activity, and obstructions.
• Mission Support: includes such factors as operational processes involving
logistical, maintenance, administrative, IT, and safety support activities.
• Operational Missions: includes hostile threat, training, terrain, time of day,
weather, and other pertinent issues involving both ground and flight operations.
• Organizational Factors: includes the compatibility of production and safety goals,
the allocation of resources, operating pressures, and the corporate safety
culture.
• Other Considerations: includes the availability of personnel, personnel skill sets,

available facilities, available time, host nation, and civil considerations. These
factors are used because they have a direct impact on our mission and operation.
• Personnel Factors includes company policies for recruitment, training, and
remuneration.
• Procedures and Operating Practices: This includes documentation of procedures
and operating practices, checklists, and their validation under actual operating
conditions.
• Regulatory Oversight Factors: includes the applicability and enforceability of
regulations, the certification of equipment, personnel and procedures, and the
adequacy of surveillance audits.
• Security Factors: includes individual employee non-compliance, criminal
violations, and deliberate attacks from an adversary.
• Work Environment Factors: includes ambient noise and vibration, facilities,
temperature, hazardous materials, lighting, and the availability of protective
equipment and clothing.
12.3. Root Causes
Identify the root cause(s) for each hazard identified. Think of the reason why this
undesirable event could occur. There may be several root causes of a hazard. Use
the table to assist in the identification of root causes.
Root Cause
1.0 Process 2.0 People, Organization 3.0 Information 4.0 External and Environment
and Culture Technology
1.1 Inefficient/ineffective 2.1 Employee error 3.1 Unavailability and 4.1 Natural disasters, catastrophic
process design 2.2 Employee fraud and instability of systems events, terrorist attacks
1.2 Inadequate delivery of misconduct 3.2 Lack of information 4.2 Key supplier and partner
outsourced activities 2.3 Inability to attract, integrity exposure
1.3 Insufficient customer develop, and retrain 4.3 Political and economic
assessment 3.3 Inappropriate impacts
intellectual capital
infrastructure
2.4 Lack of clear roles and 4.4 Unresponsive to
responsibilities 3.4 Lack of timely, reliable, legal, regulatory, or
2.5 Deficient values, and relevant information compliance changes
integrity,and ethics for decision making 4.5 Product misuse
(internal and external)
2.6 Insufficient organizational 4.6 Physical asset misuse
structure, oversight, and 3.5 Inadequate data security or theft
accountability and access 4.7 Inadequate workspace
2.7 Inappropriate 3.6 Inappropriate data usage 4.8 Insufficient time
performance (internal andthird party)
incentives (customer-imposed
3.7 Competitor Actions schedule)
2.8 Inadequate
workplace safety
Table 4: Root Cause Table

12.4. Root Cause Analysis

Root cause analysis is defined as the process of determining the primary causal
factor of a finding or event. The identification of the root cause is the key to the
implementation of effective corrective action.
Items to consider when determining the root cause should include:
• Materials
• Methods
• Manpower
• Mother Nature (Environment)
• Machines
• Measurements
12.5. Root Cause Analysis Tool
A variety of tools to assist in determining root cause are generally available industry
wide; however, the most widely utilized (and simplistic) tool to determine root causes
are as follow:
• The 5 Why’s – the 5 why’s is the process of identifying the finding or event issue
and asking why the issue occurred until an endpoint is reached. The root cause
is determined when the question of why cannot be asked any further.
12.6. Human Factors Analysis in Determining Root Cause
As with root cause determination, there are various methodologies related to viewing
human factors analysis.
• A popular approach in aviation is the Dirty Dozen. It focuses on one or more of
12 specific factors impacting human performance.
• Dirty Dozen - A list of the most common sources of errors in aviation maintenance
is known as "The Dirty Dozen". This list has been widely distributed in the aviation
maintenance community and has become the basis to highlight the human error.
13. Principles of Risk Management
13.1. Accept No Unnecessary Risk
An unnecessary risk is any risk that, if taken, will not contribute meaningfully to
mission accomplishment or will needlessly endanger lives or resources. No one
intentionally accepts unnecessary risks. The most logical choices for accomplishing
a mission or task are those that meet all mission requirements while exposing
personnel and resources to the lowest acceptable risk. All activities and operations
while at work or home involve some risk. The risk management process identifies
risks and threats that might otherwise go unidentified and provides tools to reduce or
offset the risk. Use the following table, as a tool to determine whether a risk is
acceptable or not.

Acceptable Risk Determination
RISK LEVEL ACTION REQUIRED
Extremely High Catastrophic Risk - Mission cancellation or implementation of Risk Mitigations until
levels are controlled to Medium Risks.
High Unacceptable – Mission cancellation or implementation of Risk Mitigations until

levels are controlled to Medium Risks.
Undesirable – Efforts should be made to reduce the risk, but the cost or complexityof
prevention should be carefully measured and limited. Risk reduction measures should be
Moderate implemented within a defined period.
Where the moderate risk is associated with extremely harmful consequences, further
assessment may be necessary to establish more precisely the likelihood of harm as
a basis for determining the need for improved control measures.
Acceptable – No additional controls are required. Consideration may be given to a more
Low cost-effective solution or process improvement that imposes no additional costburden.
Monitoring is required to ensure that the controls are maintained.
Table 5: Acceptable Risk Determination
13.2. Risk Decisions and Authorization at the Appropriate Level

Anyone can conduct risk analysis; however, the appropriate level for making risk
decisions is the one that can make decisions to eliminate or minimize the hazard,
implement controls to reduce the risk or accept the risk. Senior Management at all
levels must ensure subordinates know and understand how much risk they are
authorized to approve/accept and when to elevate the decision to a higher level.
Ensuring that risk decisions are made at the appropriate level will establish clear
accountability. The risk management process must include those accountable for the
mission or given task. After the individual responsible for executing the mission or
task determines that controls available to them will not reduce risk to an acceptable
level, they must elevate decisions to the next level in the management chain of
authority.
Each Country Site Manager: shall develop and maintain a current written
memorandum statement of those personnel who are authorized to approve low,
medium, high, and extremely high operational risks for both flight and non-flight
activities.
NOTE: The only person authorized to approve Extremely High Risks is the Program
Director/Accountable Executive. All requests to continue mission operations involving
Extremely High Risks must be sent to the AAR Program Director/Accountable
Executive, through the Director of Operations. Copies of the Risk Assessment
Authorization shall be maintained by each functional area Manager.
Accept Risk When Costs Outweigh the Benefits: The process of weighing risks
against opportunities and benefits helps to maximize operational success. Balancing
costs and benefits are a subjective process.

Anticipate and Manage Risk by Planning: Integrate risk management into planning
at all levels. Managers must dedicate time and resources to apply risk management
effectively in the planning process, where risks can be more readily assessed and
managed. Integrating risk management into planning as early as possible provides
leaders the greatest opportunity to make well-informed decisions and implement
effective risk controls. During execution phases of operations, the risk management
process must be applied to address previously unidentified risks while continuing to
evaluate the effectiveness of existing risk control measures and modify them as
required.
13.3. Risk Assessment Pitfalls
The following are some pitfalls that should be avoided during the Risk Assessment
process:
• Over-optimism: “It can’t happen to us. We’re already doing it.” This pitfall results
from not being honest and not looking for root causes of the hazard.
• Lack of Urgency: This is not an “over-optimism” or the “sky is falling” attitude, but
it may be necessary to jolt people out of complacency to make them believe that
the current situation is more serious or dangerous than first believed. Without
motivation, people won’t help, and the effort goes nowhere.
• Misrepresentation: Individual perspectives may distort data. This can be
deliberate or unconscious.
• Alarmism: The “sky is falling” approach, or “worst case” estimates are used
regardless of their possibility.
• Lack of follow through: “An out of sight out of mind” attitude – you start the risk
assessment but fail to supervise, enforce changes, or make changes after risk
factors have been altered or have changed.
• Lack of Communication: Risk management is not possible unless personnel are
informed and understand the process or goals. Personnel must be informed and
willing to help even if only making short-term sacrifices.
• Lack of Planning: Risk management is not possible due to the lack of proper and
timely planning.
13.4. In Review
Risk management is the process of identifying hazards, assessing the hazard, and
taking steps to eliminate the risk or reduce risk to an acceptable level. It is an integral
component of business and operational support activities which involves a logical
process of objective analysis, particularly in the evaluation of the hazards.
14. Terms and Definitions
Hazard – is any real or potential undesirable event that can: (1) have a negative
impact on financial markets; (2) prevent the company from meeting business or
operational objectives; (3) have a negative impact on the project or program; (4)

cause or increase legal liabilities; (5) increase credit risk; (6) cause or have the
potential to cause injury, illness, death to personnel; (7) cause damage to or loss of
equipment or property, or environmental impact; (9) undesirable events resulting in
criminal actions, fines or other financial responsibility; (10) affect or weaken security
efforts; (11) have negative political impacts; (12) put personnel and assets at risk
because of natural disasters as well as deliberate attacks from an adversary.
Business Disruption and System Failures – Losses arising from the disruption of
business, operations, or system failures.
Execution, Delivery, and Process Management Breakdowns – Losses from
failed transaction processing or process management, from relations with trade
counterparties and vendors.
Clients, Products, and Business Practices Failures – Losses arising from an
unintentional or negligent failure to meet a professional obligation to specific
clients (including fiduciary and suitability requirements), or from the nature or
design of a product.
Damage to Physical Assets – Losses arising from loss or damage to physical
assetsfrom natural disasters or other events.
External Fraud – Losses due to acts of a type intended to defraud,
misappropriate property or circumvent the law, by a third party.
Failures of Employment Practices and Workplace Safety – Losses arising from
acts inconsistent with employment, health, or safety laws or agreements, from
payment of personal injury claims, or diversity/discrimination events.
Financial and Regulatory Reporting Errors – Losses resulting from financial or
regulatory reporting errors or failures, thus not ensuring the complete and accurate
disclosure of the Company’s financial, business, and regulatory results.
Internal Fraud – Losses due to acts of a type intended to defraud, misappropriate
property or circumvent regulations, the law, or company policy, excluding
diversity/discrimination events, which involves at least one internal party.
Issue – A concern that will negatively impact forward progress towards programobjectives.
Probability (Likelihood) – The likelihood that an undesirable event or hazard will
occur.
Risk – Any condition, event, or factor that might prevent the organization from
achievingits objectives.
Root Cause – Ultimate source of a defect or hazard, in that if the root cause
isremoved, the defect or hazard would be decreased or removed.
Severity – The expected consequence of an undesirable event (hazardous incident)
interms of the degree of injury, property damage, fines, loss of revenue, or other
mission impairing factor.

Threat – A “threat” represents the failure mode through which the hazard can
materialize. It is a “sub-set” of a hazard and a direct immediate source of danger or
an undesirable event including any opposing force, condition, source, or circumstance
with the potential to negatively impact personnel, program assets, or mission
accomplishment and/or degrade mission capability.
Undesirable Event – An event that interrupts or restricts the continuity of maximum
quality of production and operational effectiveness. Undesirable events also include
negative deviations from standards.
14.1. Operational Risk – Process
• Inefficient/Ineffective Process Design – The Risk of Inadequate or poorly
designed business/transaction processes, including is a lack of end-to-end
process ownership and accountability.
• Inadequate Delivery of Outsourced Activities – The risk that outsourcing partners
do not deliver services in the line with expectations or commit actions that are
inconsistent with AAR's strategies, objectives, and values.
• Insufficient Customer Assessment – The risk of inadequate or failed processes
to assess existing and potential customers for suitability concerning regulatory
requirements and AAR's policies and values.
14.2. Operational Risk – People, Organization and Culture
• Employee Error – The risk of unintentional errors by employees due to a lack of
competence, training, or unfamiliarity with regulations, policies, and procedures.
• Employee Fraud and Misconduct – The risk of intentional misconduct and/or
fraudulent activities against AAR's assets by employees.
• Inability to Attract, Develop and Retain Intellectual Capital – The risk of
insufficient programs and initiatives to attract, develop and retain key personnel,
capture and institutionalize intellectual (knowledge) capital, and protect against
the sudden loss of key individuals or groups of employees.
• Lack of Clear Roles and Responsibilities – The risk that roles and responsibilities
are not clearly defined, communicated, and understood by employees, including
cross-organizational objectives.
• Deficient, Values, Integrity, and Ethics – The risk of an employee breach of AAR
values and Code of Conduct standards related to integrity, ethics, and
discrimination.
• Insufficient Organizational Structure, Oversight, and Accountability
• The risk that business line organizational structure and management oversight
is insufficient to monitor and manage day-to-day business activities and hold
employees accountable for their performance.
• Inappropriate Performance Incentives – The risk of either insufficient
performance incentives or incentives that are unrealistic or misunderstood

causing employees to act inappropriately.

• Inadequate Workplace Safety – The risk of an unsafe and dangerous work
environment for employees.
14.3. Operational Risk – Information and Technology
• Unavailability and Instability of Systems – The risk that critical systems are
unstable or unavailable threatening the delivery of operations and processes.
• Lack of Information Integrity – The risks associated with the authorization,
completeness, and accuracy of transactions/data as they are entered into,
processed, and reported by various systems.
• Inappropriate Infrastructure – The risk that AXP does not have the necessary
technology infrastructure to cost-effective support current and future business
activities.
• Lack of Timely, Reliable, and Relevant Information for Decision Making (Internal
and External) – The risk that relevant internal and external information necessary
for decision making is not available on a timely basis and/or is unreliable.
• Inadequate Data Security and Access – The risk of not adequately restricting
access to and protecting information.
• Inappropriate data usage (internal and third party) – The risk of the misuse of
sensitive or confidential information by employees, partners, or other outside
parties.
14.4. Operational Risk – External and Environment
• Natural Disasters/Catastrophic Events/Terrorist Attacks – The risk of natural
disasters, catastrophic events, terrorist attacks, or hostile fire that significantly
impact AAR’s ability to sustain activities.
• Key Supplier and Partner Exposure (e.g., AAA, Merchants) – The risk that
supplier and partner relationships do not perform in the line with expectations, or
that supplier and partners act in a manner damaging to AAR.
• Competitor Actions – The risk that the actions of competitors or new entrants to
the market impact AAR's ability to sustain a competitive position in the
marketplace.
• Political and Economic Impacts – The risk of direct or indirect impact on activities
from changes in the political or economic environments in locations in which AAR
does business.
• Unresponsive to Legal/Regulatory/Compliance Changes – The risk that we are
unaware of or do not respond to changes in laws and regulations to ensure
compliance.
• Product Misuse – The risk that consumers or other third parties inappropriately
use AAR products, publications, and services.

• Physical Asset Misuse or Theft – The risk of activities perpetrated by no

employees resulting in the unauthorized access to, use, or theft of AAR’s physical
assets.
• Inadequate Workspace – The risk of not providing adequate workspace (by the
customer) to safety and effectively support operational requirements.
• Insufficient Time (Customer Imposed Schedule) – The risk of not being provided
adequate time by the customer to plan, construct, develop, execute the assigned
mission or directive.
AAR P4-SAF-0001
Operational Risk Management
Dept.: Safety Eff. Date: 05/12/2021 Rev.: 1 Pg. 27 of 28
ATTACHMENT 1 – RISK MANAGEMENT WORKSHEET EXAMPLE

OPERATION - MISSION - TASK: COUNTRY LOCATION: Panama DATE WORKSHEET PREPARED:
Relocation of FOL "A" to FOL "B" FOL: Bravo 22 Dec 2018
PREPARED BY: John Smith FUNCTIONAL AREA: OPs PHONE NUMBER: 321-123-4567
PID:JS12345
POSITION / TITLE: Ops Mgr.
STEP (2) RISK STEP (3A) DEVELOP CONTROLS & MAKE
STEP (1) IDENTIFY HAZARDS
ASSESSMENT RISK DECISION STEP (3B) HOW TO STEP (3C) HOW TO
IMPLEMENT SUPERVISE
PHASE OF INITIAL RISK RESIDUAL
HAZARDS CAUSES DEVELOP CONTROLS
OPERATION ASSESSMENT RISK
Initial arrival Pro OPERAT testers 4.4 Political and High Personnel Moderate Training civil affairs, First line supervisors
- riots economic Impacts (Risk Value) awareness, arrive (Risk Value) fencing, guards
after 12/12/2018
Initial arrival IEDs 4.1 Terrorist attacks Extremely High Use different FOL Low Select an acceptable Site Manager
(Risk Value) (Risk Value) location
Initial entry Diseases 2.8 Water and airborne High Immunize Field Low Pre‐deployment actions, FOL Manager
(Risk Value) sanitation (Risk Value) training
Contract cleaning
Transporting non‐ Pilferage 2.6 Insufficient Moderate Increase Security Force Low Augment security force Logistics Manager
sensitive support organizational structure, (Risk Value) (Risk Value)
Equipment oversight and
accountability
Transporting Pilferage 2.6 Insufficient High Increase Security Force, Moderate Augment security force Operations Manager
sensitive organizational structure, (Risk Value) Provide air cover (Risk Value)
Equipment oversight and
accountability
Post Deployment Loss of sensitive 2.6 Insufficient Moderate Proper inventory Low Pre‐deployment actions, FOL Manager
equipment organizational structure, (Risk Value) Double Locks (Risk Value) training
oversight and
accountability
OVERALL RISK LEVEL AFTER CONTROLS ARE IMPLEMENTED: AUTHORIZED APPROVING

AUTHORITY NAME: John Smith PID: JS12345
☐ LOW [x] MODERATE ☐ HIGH ☐ EXTREMELY HIGH SIGNATURE: JOB TITLE: Operations
(Acceptable) (Undesirable) (Unacceptable) (Intolerable) Manager
MAXIMUM RISK LEVEL AUTHORIZED TO APPROVE:
Printed or saved copies are considered uncontrolled and shall be used for reference only
AAR P4-SAF-0001
Operational Risk Management
Dept.: Safety Eff. Date: 05/12/2021 Rev.: 1 Pg. 28 of 28
ATTACHMENT 2 – RISK MANAGEMENT WORKSHEET

OPERATION - MISSION - TASK: COUNTRY DATE WORKSHEET PREPARED:
LOCATION:
FOL:
PREPARED FUNCTIONAL AREA: POSITION / TITLE: PHONE NUMBER:
BY: PID:
IDENTIFY HAZARDS RISK DEVELOP CONTROLS &
MAKE RISK DECISION HOW HOW
PHASE OF INITIAL RISK RESIDUAL TO TO
HAZARDS CAUSES DEVELOP RISK IMPLEMENT SUPERVISE
OPERATION ASSESSMENT
CONTROLS
OVERALL RISK LEVEL AFTER CONTROLS ARE IMPLEMENTED: AUTHORIZED APPROVING AUTHORITY
NAME: PID:
☐ LOW ☐MODERATE ☐HIGH ☐EXTREMELY HIGH SIGNATURE: JOB TITLE:
(Acceptable) (Undesirable) (Unacceptable) (Intolerable)
MAXIMUM RISK LEVEL AUTHORIZED TO APPROVE:
Printed or saved copies are considered uncontrolled and shall be used for reference only

P4-SAF-0004 Operational Risk Management Procedure

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

P4-SAF-0004 Operational Risk Management Procedure

Uploaded by

Copyright:

Available Formats

Operational Risk Management Procedure

SUBMITTED BY: AAR WASS 1 AAR WAY, Rockledge, FL 32955

Operational Risk Management Procedure

Operational Risk Management Procedure

Table 1: Revision History *Add, Modification or Deletion

Operational Risk Management Procedure

Operational Risk Management Procedure

Operational Risk Management Procedure

Management drives management to identify alternative future scenarios, evaluate the

Operational Risk Management Procedure

• High-risk quality escape on a customer’s aircraft.

Operational Risk Management Procedure

degradation because of an accident or incident.

Operational Risk Management Procedure

9.2. The SRM/Safety Assurance processes depicted

Figure 1: SRM/Safety Assurance Diagram

Operational Risk Management Procedure

9.3. Benefits of Risk Management

Operational Risk Management Procedure

• The “Safety Risk Management Worksheet” form (sample sheet and

Operational Risk Management Procedure

Unacceptable losses Assets Assets

Lack of leadership Inadequate information for

Figure 2: Risk Assessment Potential Risk Chart

Operational Risk Management Procedure

11. SAFETY RISK ASSESSMENT PROCEDURE

Operational Risk Management Procedure

Risk Probability Risk Severity (X-Axis)

(Likelihood) Minimal Minor Major Hazardous Catastrophic

Figure 3: Risk Assessment Matrix

11.3. Risk Assessment

Operational Risk Management Procedure

personnel or assets, adverse publicity or damage to brand name, legal

11.4. Risk Probability (Likelihood) Categories

Quantitative - Time/Calendar - based Occurrences

Probable Expected to occur between 10 and 100 times per year

Table 2: Risk Probability Categories

Operational Risk Management Procedure

11.5. Risk Severity Categories

Minimal Minor Major Hazardous Catastrophic

Aircraft: affects Aircraft: total hull

Table 3: Risk Severity Categories

Operational Risk Management Procedure

11.6. Develop Controls & Make Risk Decisions

Operational Risk Management Procedure

The following is a checklist to help supervise and evaluate this process.

Operational Risk Management Procedure

Operational Risk Management Procedure

12.4. Root Cause Analysis

Operational Risk Management Procedure

Acceptable Risk Determination

RISK LEVEL ACTION REQUIRED

High Unacceptable – Mission cancellation or implementation of Risk Mitigations until

13.2. Risk Decisions and Authorization at the Appropriate Level

Operational Risk Management Procedure

Operational Risk Management Procedure

Operational Risk Management Procedure

Operational Risk Management Procedure

causing employees to act inappropriately.

Operational Risk Management Procedure

• Physical Asset Misuse or Theft – The risk of activities perpetrated by no

ATTACHMENT 1 – RISK MANAGEMENT WORKSHEET EXAMPLE

OVERALL RISK LEVEL AFTER CONTROLS ARE IMPLEMENTED: AUTHORIZED APPROVING

ATTACHMENT 2 – RISK MANAGEMENT WORKSHEET