Aircraft Reliability: Safety in Aviation

Download as pdf or txt
Download as pdf or txt
You are on page 1of 30

AIRCRAFT RELIABILITY

MA4872

Lecture 7

Safety in Aviation
Risk Management

Nanyang Technological University

25 Jan 2017
(Wednesday)

MA4872 Aircraft Reliability


What is Safety?
• A condition of being free from harm or risk - Webster Dictionary
• Control of hazards through risk management to obtain an acceptable level of risk –
G .Dupont
Why is Aviation Risk special?
Aviation is a High Consequence Industry… that means an error can
have very heavy consequences for the stakeholders.
Stakeholders include : Airline operators, Aviation employees,
Airports, Regulatory Authorities, Passengers, Government, … all of
us here

Why is a Safety Culture so important?


The probability of being killed in an aircraft accident varies from
1 in 260,000 to 1 in 11,000,000
That means it can be made 42 times better with a Safety Culture
MA4872- Aircraft Reliability
WB 8
Some definitions …

Safety A state of being away from physical harm

Risk A possibility that something unpleasant or undesirable might


happen
Hazard Something which could be dangerous to you, your health or
safety, or your plans or reputation
Threat Something or someone that may harm a person, thing,
organisation or system
Possibility Something that might be true or might happen
Probability A mathematical measurement of how likely that an
event will happen, expressed in a ratio

Hazard Identification & Risk Assessment

MA4872- Aircraft Reliability


Why do we need Risk Management?

The Public has a perception that flying is a risky activity – this is


quite justified as we are operating in a very unforgiving
environment. Risk Management is important to demonstrate to
the traveling public that we are able to deliver effective service
and monitor safety in air travel.

It is important to address stakeholders’ perception of risk –


perceptions which often differ and must be taken into account in
determining the best course of action for minimizing risk.

Communicating the reasons behind public safety decisions


requires special skills because such decisions often arouse strong
emotions.

While Crisis Management is Shaping Perception,


Risk Management is Un-shaping Perceptions

MA4872- Aircraft Reliability


Perception of Risks

Probability (Frequency)
How likely is the risk to result in an accident?

Severity (Consequences)
How bad are the consequences of this risk?

Benefit (Why was the risk taken)


Is the benefit really worth the risk?

Four distinct personal reasons for taking risks:


Passion Many very high risks have been taken for this reason
Pride The risk is often taken without considering the benefits
Time The risk is often not worth the benefit as the perception of time value
varies with the psychological state of a person
Money The risk may appear to be worth the benefits, but it has seldom been
analyzed critically

MA4872-
WB 80Aircraft Reliability
Risk
Any uncertainty about future events that impact and organisation’s ability to
achieve its objectives.
Risk is measures in terms of its impact and the likelihood that it will happen.

High
Impact

Risk Assessed

High
Low Likelihood
MA4872- Aircraft Reliability
Risk Management
1. Identifying risks
2. Assessing their implications
3. Deciding on a course of action
4. Evaluating the results.

MA4872- Aircraft Reliability


RISK ASSESSMENT
Assessment of risk of aircraft accidents may be carried out in different
ways, from highly intuitive to very formal and analytical models. It can be
divided into 3 sub-tasks

Risk determination
the probability of occurrence of risky events and the likely consequences

Risk evaluation
may be further divided into risk avoidance and risk outcome

Risk measurement
usually involving complex quantitative measures of risk.
Air accidents are often viewed in terms of fatal events with the system’s
output defined as aircraft-km, seat-km, pax-km or aircraft departures
over a given period.

MA4872- Aircraft Reliability


Managing Uncertainty and Confidence

MA4872- Aircraft Reliability


Example
Risk Assessment – Richard Feynman on NASA
During the investigation into the Space Shuttle Challenger crash,
Feynman asked the engineering team to assess the probability of an
incomplete launch due to engine failure?

The answers from four engineers:


Engineer 1: “99.44/100 % pure” meaning about 1 in 200
Engineer 2: Complex statistical formula - about 1 in 200
Engineer 3: 1 in 300
Engineer 4: Cannot quantify. Reliability is judged from past experience
quality control in manufacturing engineering judgment

When pressed for an answer, the figure “1 in 100,000” was given. This is the
standard figure quoted by NASA personnel, but nobody could explain how the
figure was derived.

MA4872- Aircraft Reliability


Risk Categories

Identified risk: That risk that has been determined to exist using
analytical tools. The time and costs of analysis efforts, the quality of the
risk management program, and the state of the technology involved
affect the amount of risk that can be identified.

Unidentified risk: That risk that has not yet been identified. Some risks
are not identifiable or measurable, but are no less important.. Mishap
investigations may reveal some previously unidentified risks.

Total risk: The sum of identified and unidentified risks. Ideally, identified
risks will comprise the larger proportion of the two.

MA4872- Aircraft Reliability


Risk Categories

Acceptable risk: The part of identified risk that is allowed to persist after
controls are applied.
Risk can be determined acceptable when further efforts to reduce it
would cause degradation of the probability of success of the operation,
or when a point of diminishing returns has been reached.

Unacceptable risk: That portion of identified risk that cannot be


tolerated, but must be either eliminated or controlled.

Residual risk: The portion of total risk that remains after management
efforts have been employed. Residual risk comprises acceptable risk and
unidentified risk.

MA4872- Aircraft Reliability


Types of Societal Risk
• Real risk to an individual – determined on the basis of future circumstances
• Statistical risk – meant for other people, eg fatal accidents on motorways
• Predicted risk – from models, e.g. global warming, volcanic ash, asteroid, …
• Perceived risk – intuitively felt by individual – Fear of flying

Voluntary or Involuntary Risks

Traveling by air represents voluntary exposure of risk to death or injury.

Living near an airport or a nuclear plant represents involuntary risks.

Risk may involve objectively or subjectively known or assumed exposure


probabilities in relation to space, population and time dependence.

Dependent exposure probability to risk may be continuous, periodic or


cumulative.
MA4872- Aircraft Reliability
HIDDEN RISKS

Organisational Factors Associated with HUMAN RESOURCE

1. Staff Morale
Organisational
2. Inadequate manpower Factors

3. Insufficient training – leading to Human


Errors
incompetence
External
4. Industrial culture not conducive to Conditions
promoting safety
Equipment
Failures
5. Reporting Culture
6. Administrative Policy – Just Culture
7. Succession Planning

MA4872- Aircraft Reliability


Benefits Defined
Benefits are not limited to reduced mishap rates or decreased injuries, but may
also be realized as increases in efficiency or mission effectiveness.

Benefits are realized through prudent risk-taking. Risk management provides a


reasoned and repeatable process that reduces the reliance on intuition.

Acceptability of Risk
Risk management requires a clear understanding of what constitutes
unnecessary risk, i.e., when benefits actually outweigh costs.

There are cases where risks were taken with no tangible benefits at all.

Accepting risk is a function of both risk assessment and risk management, and
is often complex with many variables to consider, some of which has very high
uncertainties.

MA4872- Aircraft Reliability


Principle of Risk Management
Risk management can be defined as:
The eradication or minimisation of the adverse effects of risks to which an
organisation is exposed.

Stages in Risk Management


• Identifying the hazards.
• Evaluating the associated risks.
• Controlling the risks.
The Safety Risk component of an SMS can be divided into three
areas:
(1) Hazard identification processes.
(2) Risk assessment and mitigation processes.
(3) Internal safety investigation.

Risk Assessment and Mitigation Process


Following the identification of a hazard a form of analysis is required to
assess its potential for harm or damage. This involves three
considerations;
(a) Probability: The probability of the hazard causing adverse
consequences.
(b) Severity: The severity of the potential adverse consequences.
(c) Exposure: The rate of exposure to the hazard.

Risk Assessment and Mitigation Processes analyse and eliminate or


mitigate to an acceptable level risks that could threaten the capabilities
of an organisation.
The Risk Management Process

Hazard Identification
Hazard :
The potential to cause harm. Harm including ill health and injury,
damage to property, plant, products or the environment,
production losses or increased liabilities.

• Comparative Methods. e.g. checklists and audits.


• Fundamental Methods: e.g. Deviation Analysis, Hazard and
Operability Studies, Energy Analysis, Failure Modes & Effects
Analysis.
• Failure Logic: e.g. Fault Trees, Event Trees & Cause- Consequence
diagrams
Assessing the Risks
Risk
The likelihood that a specified undesired event will occur due to the
realisation of a hazard by, or during work activities or by the
products and services created by work activities.

• Qualitative risk assessment involves making a formal


judgement on the consequence and probability using:
Risk = Severity x Likelihood
Risk Assessment
Risk Assessment involves taking into account the probability and severity of any
adverse consequences resulting from an identified hazard. Mathematical
models may give credible results but typically these analyses are supplemented
qualitatively by subjective critical and logical analysis of the inter-related facts.
A Risk Matrix is useful for assessing hazard. While the severity of the
consequences can be defined, the probability of occurrence may be more
subjective, based on the maturity of the organisation’s operational activities.
The assessment process should be recorded at each stage to form a substantive
record.

Risk Mitigation
Risks should be managed to be as low as reasonably practicable. Risk must be
balanced against the time, cost and difficulty of taking measures to reduce or
eliminate the risk. The level of risk can be lowered by reducing the severity of
the potential consequences, reducing the probability of occurrence or by
reducing exposure to that risk. Corrective action will take into account any
existing defences and their inability to achieve an acceptable level of risk.
Corrective action should be subject to further risk assessment in order to
determine that the risk is now acceptable and that no further risk has been
introduced into operational activities.
Severity Risk Assessment Matrix
Catastrophic 5 5 10 15 20 25
Hazardous 4 4 8 12 16 20
Major 3 3 6 9 12 15
Minor 2 2 4 6 8 10
Negligible 1 1 2 3 4 5
1 2 3 4 5
Probability Extreme Improbable Remote Occasional Frequent
Improbable

Hazard Unacceptable
Active Failure Review
Acceptable
Consequence

Probability X Severity
= Risk
Value Aviation Meaning
Definition
5 Catastrophic Equipment destroyed. Multiple deaths.

4 Hazardous A large reduction in safety margins, physical distress or


a workload such that organisations cannot be relied
upon to perform their tasks accurately or completely.
Serious injury or death to a number of people. Major
equipment damage.
3 Major A significant reduction in safety margins, a reduction in
the ability of organisations to cope with adverse
operating conditions as a result of an increase in
workload, or as a result of conditions impairing their
efficiency. Serious incident. Injury to persons.

2 Minor Nuisance. Operating limitations. Use of emergency


procedures. Minor incident.
1 Negligible Little consequence.
Value Qualitative Frequency Meaning
Definition Per hour
5 Frequent 1 to 10−3 Likely to occur many times
4 Occasional 10−3 to 10−5 Likely to occur sometimes
3 Remote 10−5 to 10−7 Unlikely, but can occur
2 Improbable 10−7 to 10−9 Very unlikely to occur
1 Extremely <10−9 Almost inconceivable that it will occur.
Improbable
Risk Classification
Acceptable The consequence is so unlikely or not severe enough to be of
concern; the risk is tolerable. However, consideration should
be given to reducing the risk further to as low as reasonably
practicable in order to further minimise the risk of an
accident or incident.

Review The consequence and/or probability is of concern; measures


to mitigate the risk to as low as reasonably practicable should
be sought. Where the risk is still in the review category after
this action then the risk may be accepted, provided that the
risk is understood and has the endorsement of the individual
ultimately accountable for safety in the organisation.
Unacceptable The probability and/or severity of the consequence is
intolerable. Major mitigation will be necessary to reduce the
probability and severity of the consequences associated with
the hazard.
Example of a Risk Management Process – source Transport Canada

1. Initiate Process
This step requires that the problem (or opportunity) be defined, along with
associated issues. The people who can help should be identified, and the
process for resolving it set out. For example, if a team is assembled, their
authority, responsibilities and resources should be assigned. The stakeholders
should be involved at the outset and a consultation process established.

2. Perform Preliminary Analysis


Once the problem has been defined, the preliminary analysis must define the
risk associated with it. This entails an initial identification and analysis of
potential risk to determine if immediate action is required, whether further
study is advised, or if no further action is needed because the problem is
determined not to be an issue.

3. Estimate Risk
The probability and consequences of various risk scenarios are discussed.
Uncertainties will always exist, no matter how reliable the information is about
risk. Stakeholders should continue to be consulted so that their perceptions
about the risk involved are accurate and understood.
MA4872- Aircraft Reliability
4. Evaluate the Risk Activity
This step is a follow-on from the previous step in that it requires more in-depth
evaluation of the risk involved. An estimation of the benefits and costs of the
activity with which the risk is associated should be completed. Stakeholders’
feedback is considered, particularly in light of whether or not the risk would be
acceptable to them if it could be mitigated. This will lead to a better
understanding of alternatives available for mitigating risk. At the end of this
step, one should be able to say:
• the risk is acceptable as it currently stands, or
• the risk is unacceptable at any level; or
• if the risk could be mitigated, it would be acceptable

5. Control Risk
Various options for mitigating risk are suggested, and their pros and cons
discussed. Contingency plans should be made to deal with any residual risk that
cannot be mitigated to the satisfaction of all concerned, and the feasibility of
financing these plans as discussed. Stakeholders should be made aware of the
decision and given the opportunity to comment.

MA4872- Aircraft Reliability


6. Take Action
At this point, the decision is implemented and the strategy for
communicating it is put into play. Controls may need to be placed on
the implementation plan to be sure target dates for various
components are met.

7. Monitor Impact
It’s important to agree on how the effectiveness of the decision is
going to be monitored over time. Monitoring is key because it
provides an opportunity to identify new risks, or assess the impact of
changes in known risks.

Documenting all the processes and actions taken will provide


confirmation of the appropriateness of the decision(s) taken.

MA4872- Aircraft Reliability


Bankruptcy Safety Margin
Trademark of experts is not just years of experience, but how effectively you use your
experience to manage the compromise between production and safety. --
Protection

Captain Daniel E Maurino, ICAO :

Less Negative
Outcomes

Increased
Profit
Catastrophe

Production
James Reason

MA4872- Aircraft Reliability


WB 12
HIGH CONSEQUENCE INDUSTRIES
Life is too short for anyone to learn from his own mistakes.

High consequence industries shared resources in risk management.


Traditionally, high consequence operations include Nuclear Power
Station, Aircraft Carrier, Aviation, Petrochemical Plant and Offshore Oil
Drilling Platform
Today : Pharmaceutical and GM products are also included.
Research and experience from catastrophic failures over the years have
helped to improve the safety level.
These have been identified because of their potential impact of
accidents in terms of human lives.

MA4872- Aircraft Reliability


SOME EXAMPLES OF EXTREMELY HIGH RISKS
1. LHC – Black hole swallowing up the Earth
2. First Nuclear Explosion – Edward Teller vs Hans Berthe
3. Space Shuttle Columbia – heat shield tile
4. Space Shuttle Challenger – O-ring
5. Petrobras - World Largest Offshore Oil Platform (Mar 2001)
6. Apollo-13 aborted mission to the moon (April 1970)
7. Pandemic - SARS and H1N1
8. Volcanic Ash impact on flying aircraft
Utility Theory of Risk Management – Risk Appetite
The Soviet Satellite Story….
1. USSR satellite weighed 5 tons, US satellite was 500 kg.
2. Are Soviet engineers 10 times cleverer than US engineers?

MA4872- Aircraft Reliability

You might also like