Aviation Hazard Risk Management Using Issue Manager

Use Issue Manager to conduct risk assessments, classify issues, manage corrective actions, conduct investigations and more.

Hazard risk management is the identification, assessment, and prioritization of risks to the company, whether positive or negative. These processes are followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed by professionals from many industries. Methods, definitions and goals vary widely according to whether the risk management method is in the context of  security, compliance, industrial processes, or public health and safety.

Strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.  Certain aspects of many of the risk management practices have come under criticism for having no measurable improvement on risk or improvement in operations.

Hazard Risk Management Process

For the most part, managing reported issues in SMS Pro consist of the following elements, performed, more or less, in the following order.

• Report threats, events or regulatory noncompliance (Identify)
• Assess the vulnerability of critical assets
• Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
• Classify the reported events
• Identify ways to reduce those risks (Corrective Actions)
• Prioritize risk reduction measures based on a strategy and implement
• Communicate the risk (Lessons Learned)
• Analyze data to focus resources

Hazard Risk Management Using SMS Pro Should:

• Create value
• Be an integral part of organizational processes
• Be part of decision making
• Explicitly address uncertainty
• Be systematic and structured
• Be based on the best available information
• Be tailored to your organization
• Take into account human factors
• Be transparent and inclusive
• Be dynamic, iterative and responsive to change
• Be capable of continual improvement and enhancement

Viewing Hazard Risk Management Information

Reported issues may come from several sources, including:

• Web (secured customizable and pre-defined) reporting forms
• Public issue reporting via unsecured Web forms
• Paper reports entered by data entry personnel on behalf of submitter
• Email reports
• System Audits
• Individual issue-item audits
• Gap Analysis

Hazard Risk Management Email Notifications

Once reported, safety managers are notified of the reported issue via email. Issue reporters also typically receive emails thanking them for reporting the issue, thereby closing the feedback loop. Issue reporters also generally have permissions to return to the Issue Manager and inspect the status of their reported issues. This keeps users engaged and develops a sense of commitment.

Which users are notified for particular events is configured in Setup >> Customize Settings >> User Role Setup.

Options include:

• When a new issue is reported for their division
• When a new issue is reported for ANY division
• When reported issues are classified as High Risk
• When High Risk issues are closed

Hazard Risk Management Security

Depending on users' roles, they will have a different view of the Issue Manager.

What issues users sees also is determined by the system configuration in Setup >> Customize Settings >> User Role Setup. They should be able to see their reported issues. 

To extend their permissions, by selecting "View Own Division" in Setup >> Customize Settings >> User Role Setup, users can see all reported issues in their division.

Similarly, general SMS Users can also be configured to see ALL reported issues for ALL divisions. However, this is not a generally accepted practice, except in the most transparent cultures.

• Select Issue
• Details

• Select Issue
• Details
• Manage (Corrective Actions)
• Costs (Manage Costs & Cost Benefit Analysis)
• Attachments
• Investigate

Note: Since Risk Assessment and Classification should be performed only by trained personnel, Dept. Heads do not get access to the Assess and Classify Tabs. When Dept Heads need this access, they should also be given the role of Safety Manager. However, policy should dictate who has the responsibility and authority to classify and perform risk assessments on reported issues.

• Select Issue
• Details
• Assess
• Classify
• Costs (Manage Costs & Cost Benefit Analysis)
• Attachments
• Investigate

Note: Safety Managers facilitate the SMS program. They typically do not possess the authority to assign resources and set deadlines for corrective actions. While ALL users can recommend corrective actions (reporters, safety managers and Dept Heads), only Dept Heads have authority to "accept" corrective actions, assign resources to complete corrective actions, and ultimately sign-off on acceptable completion of corrective actions.

Available Tabs for SMS Admin

All Tabs

Note: SMS Admin should also have the permission to delete reported issues. While this permission can be given to any user role in Setup >> Customize Settings >> User Role Setup, we recommend that only SMS Admins be given this power.

Available Tabs for System Administrator

System Administrators need to be assigned to a division. Otherwise, they will not be able to see any of the tabs.

Issue Manager PowerPoint Presentation