It’s The Smart Phone Flying

The standard for accepting a risk level is a floating standard, where one enterprise may set the risk acceptance bar at one level, while another enterprise sets the bar at a more complex level or at a less complex level for the same hazard. Risk levels are referred to as levels of risk based upon a numerical or alphabetical scale. A risk matrix is applied for ranking events in the decision-making process to accept, reject, mitigate, eliminate or transfer a risk level. Applying a risk matrix is an industry wide accepted risk analysis standard. While the risk level identification are standard levels, data applied to establish each level may vary. This in itself establishes a floating risk level bar of identical hazards. In addition, an established risk level bar has little or no chance to be moved after a re-assessment. The nature of human factors is to take the path of least resistance and status quo is that path.   

A risk-matrix scale are arbitrary selected levels.
It might be true that an aircraft Captain is in the final authority in the risk level acceptance process, but there could also be severe consequences for a Captain who makes a decision contradicting established risk level acceptances. Risk level decisions are based on hierarchy of decisions and are not based on the safe operation of an aircraft or airport. This can best be explained by the several automated systems with software installed that have authority beyond a Captain’s authority. Some systems cannot be manually overridden flight crew. The hierarchy of decisions are first the regulator’s authority to make regulations. That a regulation is in place, does not automatically ensure safety. A flight crew must accept the authority of a regulation and they could be charged with consequences if they did not conform to one specific regulation. E.g. in 2001 a Captain experienced heavy smoke in the cockpit and required to deviate from multiple regulations to ensure a safe landing. This action caused severe consequences with the regulator, the operator and her career in the aviation industry. The aircraft manufacturer conducts risk analyses of aircraft structures and systems. An aircraft is not placed in service unless risk levels are acceptable. A Captain has no options but to accept these pre-accepted risk levels. During 2019 there were several news articles of safety concern with aircraft systems that had been pre-accepted and therefore could not be changed. On May 11, 1996 an airliner crashed about 10 minutes after takeoff. News media reported that the Captain had safety concerns with operations and had made notebook comments to document the issues. Since these were not officially entered, they became irrelevant to safety. This is another example of how pre-qualified risk assessments cannot change unless it make it to the top of the safety hierarchy. 

Risk decisions must be at the operations level.
Risk levels are in essence not the level of risk, but a conglomerate of simple risk analysis decisions implemented separately to generate one complex system. Risk levels should be defined as the complexity of risks assessments rather that one single level of risk. The domino effect is an inherent risk in any system, including a safety system. A safety system is not immune to hazards due to its intent or for its name. Residual risks (left over risks) and substitute risks (new risks) are included in the Safety Management System but are limited to the scope of a corrective action to one identified hazard. Systems in aviation has become too complex for humans to comprehend. An Accountable Executive has veto powers to override any safety decisions made at lower organizational levels or at the other end of the spectrum, unconditionally accept these risk level decisions. The Safety Management System has become a Checkbox System, where it’s more important to accept the decision based on who made the decision, rather than analyse the facts of the hazard.

SMS is an operational system and the final decision must be at the operations level. It might be a drastic change in operations to allow for Captains to make final decisions. However, the conglomerate of simple system in aviation is no longer comprehendible when combined into one complex system. The only person who must have control of safety in operations at that time is the Captain. Any aircraft, no matter how automated it is, must include a function with the capability for the Captain to disengage any system, any time during the flight and have full control of the aircraft. The Captain is the only person who can maintain safety of a complex system. When the software is in control of an aircraft, human errors are transferred from a pilot’s control inputs, to software developers control inputs. The automated software is nothing else but your smart-phone or laptop flying the airplane.  

Catalina9

Comments

Popular posts from this blog

Accepting or Rejecting Risks

Strategies for SMS Expectations

Why SMS Does Not Prevent Accidents