Do As I Say And Not As I Do

By Didrik Strand offroadpilots@gmail.com
Do as I say, and not as I do is a common management system within airlines and airport operators, and it is their definite purpose to set the stage for an accountable executive (AE) to use ultimate powers at their own discretion. 

The safety management system (SMS) regulations are set up for one person to make the final decision. This is not wrong, incorrect, or bad, but safety in aviation has not yet evolved into the concept of SMS but is still operating in the pre-SMS era where safety was used as an emotional tool to design corrective action plans. Cultural change is time-consuming, and it could take a generation before SMS has fully evolved. In the meantime, accountable executives will continue to make emotional safety decisions. The regulator is onboard with this, and it does not help the aviation industry to evolve into a successful SMS, that regulatory inspection focuses on other than SMS assessments. It was not long ago that the regulator admitted not to have fundings for full SMS assessments of operators. At one airport, the only inspection conducted by the regulator the last three years was a wildlife inspection, which only inspected if there was a perimeter wildlife fence, if birdstrike reported, and if the wildlife manual was reviewed within two years. Anyone can pass this inspection with flying colors.     

The role of accountable executive is to be accountable to safety and to lead an airport or airline in aviation safety for continuous safety improvements by maintaining a viable safety management system. An accountable executive is the final authority over operations authorized to be conducted under the certificate. An AE controls the financial resources required for the operations to be conducted under the certificates, and an AE controls the human resources required for the operations authorized to be conducted under the certificates. An AE is responsible for designating sufficient management personnel for acceptable safety performance, for effective operations under the SMS and to facilitate hazard identification and safety risk assessments. An AE is also the authority of definitions, and in the event of discrepancies within the text of the safety management system manual, the accountable executive is authority on interpretation. An AE regularly review the safety policy to ensure it remains relevant appropriate to the certificates, and an AE regularly review the safety performance assessment of the organization and direct actions necessary to address substandard safety performance in accordance with the regulations for continuous safety improvements.

Just as a CEO of a corporation may reject an accountant’s recommendation for tax-filing, an AE may reject a recommendation from the risk management expert, or the SMS manager. Rejecting an accountant’s recommendation has consequences, while rejecting an SMS manger’s recommendation does not. An AE may at anytime, and without cause, reject a recommendation and issue a directive of the accountable executive. When an accountable executive rejects a control action or reject the assigned risk level of a system analysis, it is not within their SMS authority to demand that it is the SMS manager who does the changes. An SMS manger is appointed by the certificate holder, and this would be intentional manipulation of a risk analysis if specific outcomes were demanded. On the other hand, there are often other operational tools available for an AE to intimidate the SMS manger to make changes. Intimidations are never documented and did therefore not happen. It is the prerogative of an AE to use the “Do as I say, and not as I do” principle. An acceptable method is for an AE to conduct their own risk analysis, or system analysis and sign their own assessment as the accepted control action or risk level of a system analysis. 

An AE directive is when, in the opinion of the AE, there is substandard safety performance. Public relations and customer service may be an integrated part of safety performance and the AE may apply different data inputs for an analysis. In organizations, being an airport or airline, the SMS manager is often the person responsible to maintain a positive customer relationship. A customer relationship may be terminated should an SMS manager oppose to comply with a third-party, or customer’s risk assessment opinions. An AE may assess the safety risk level from a different point of view than the SMS manager and issues an AE directive to satisfy their customers.    

When SMS was implemented with the four-year phase-in exemption, the expectation was that it would take 12-15 years before SMS was fully accepted and evolved into its definite purpose. Over the following years SMS was misunderstood with large groups of opposition. SMS was also assigned blame for accidents, and for future accidents that had not happened yet. 

A 2013 survey of Canada’s aviation inspectors shows they are increasingly concerned about aviation safety because of Transport Canada rules that leave responsibility for setting acceptable levels of risk up to the airlines. The survey, conducted by Abacus Data on behalf of the Canadian Federal Pilots Association (CFPA), indicates 67 per cent of Canadian aviation inspectors believe the current system increases the risk of a major aviation accident, up from 61 per cent in 2007. It should be noted at this point the CFPA, has had a record of opposing SMS for the start. They are the major critics of the SMS approach. A similar survey in 2007 found 74 per cent of inspectors expected a major aviation accident or incident in the near future. Now, 84 per cent of inspects expect such an accident. This survey was set up for the SMS to fail. Ten years later, there are zero reports that the safety management system was the root cause of any aviation accident.

On 4 March 2019, an aircraft was attempting to land off an ILS approach in procedure-minima weather conditions flew an unsuccessful first approach and a second in similar conditions which ended in a crash landing abeam the intended landing runway substantially damaging the aircraft. The accident was attributed to the crew decision to continue below the applicable minima without acquiring the required visual reference and noted that the ILS localiser had not been aligned with the runway extended centreline and that a recent crew report of this fault had not been promptly passed to the same Operator. Three days after the accident, a flight inspection of the runway ILS confirmed that the LOC signal was out of tolerance by about 200 feet to the right of course. The depth of accumulated snow around the LOC signal transmitter was estimated at between 2 feet and 5 feet in the area of the LOC signal transmitter. After this snow had been removed, another inspection found that both LOC and GS signals were within the required tolerances and the ILS was returned to service. With an airport SMS, the airport at a minimum had process tools available for snow removal. It is not the SMS causing accidents, it is the lack of using available tools. 

Safety accountability is a safety culture for personnel with roles or responsibilities under the safety management system. All personnel are accountable within their job function, job description, or job performance are accountable to safety and the safety management system. 

An airport operator needs to design and develop airside operations plans to establish operational processes. There might not be a regulatory requirement to clear snow by the ILS antenna, which then become the reason why an airport operator needs to take on that accountability. A precision approach path indicator (PAPI) is a visual guidance system to the runway. There is guidance material for PAPI maintenance, and there is a standard requirement for a preventive maintenance program in order to prevent a failure or degradation of` facilities and systems. A preventive maintenance program may not directly specify ILS antenna maintenance, but when reviewing one maintenance item, the airport also must review other facilities requiring maintenance. Airside operations of facilities without guidance material, is no different than developing a corrective action plan after an identified root cause. When conducting a root cause analysis, the problem must be defined, and assigned to a system, process, procedure or acceptable work practice within human factors, organizational factors, supervision factors or environmental factors. An airport operator must action airside facilities in the same way as a root cause analysis and develop a corrective action plan, or an airside operations plan for that facility. An AE may have reference statements in their SMS policy to the matter but excluding it from operational accountability. Airside operations plans are also designed corrective action plans for airside findings and may only require minor adjustment to make finding corrections.

A system analysis is required prior to changes affecting the SMS, operations, or acceptable work practices. A system analysis process is to establish the context. Establishing the context is to understand the safety performance objectives of the system, operations, or SMS. For system impacts, and to analyze risk controls developed under a safety risk management system (SRM) and review the system analysis conducted under SRM. Included in the system analysis is to identify the objective of the analysis. The objective is to analyze safety performance of a system, of an operation, and the SMS itself. Data must be secured appropriately. Securing data is the framework for data sources of internal reports, external reports, incidents and accidents reports prepared internally, or by TSB, daily occurrence reports, internal surveys, onsite observations, newspapers and other information sources or publicly available data information sources. Data needed may be already on hand, or additional data-gathering may be needed, such as conducting a special audit with focus on a specific problems. An appropriate data analysis method must be selected. Data is entered into a spreadsheet and processes analyzed in a Statistical Process Control (SPC) software. An effective SPC software is SPCforExcel. Data is compared to other data, including routine reporting data compared to unplanned event data. Data is collected from both airline or airport operations as it relates to the system analysis, including respective subdepartments or third-party contractors. Third-party contractors are included since they perform tasks on behalf of the AE and affect the perception of oversight by the accountable executive.  

The SMS manger conducts the system analysis in cooperation with associate departments and make recommendations to the accountable executive. An accountable executive should not be a part of the system analysis team since the AE is the final authority, and to preserve the integrity of the analysis. As the final authority the AE may accept or reject the analysis. Conventional wisdom and acceptable practices at the AE level, is to allocate errors to persons. The root cause may incorrectly be assigned to compliance failure, and as a tool to prevent further occurrences of error and omissions, enforcement statements directed to personnel are published. What is missing in this equation is that human errors are symptoms, or an incomplete level in the analysis, of human factors, organizational factors, supervision factors or environmental factors, which may be assigned as root cause.  

As a virtual example an accountable executive may issue statements to enforce compliance with “Do as I say, and not as I do”. Such statements may include that multiple requests have been sent to attain details regarding an accident, or a hazard, that the AE as attained no feedback or updates, nor has an SMS manager attempted to contact the AE and ignored messages. Such behavior is a deviation from expectations and portrays an image identifying that defining a root cause and mitigation are not important, and nor is safety within the safety department important. There is a significant lack in professional ethic and has only gotten worse.  

A safety policy, signed by the accountable executive may state that the safety commitment is to maintain a fully functional safety management system with continuous improvements of the level of safety throughout the organization and fulfill safety goals and objective. When intimidating statements are published an SMS enterprise is on a path drifting away from a fully functional SMS. However, since the regulator does not conduct complete SMS assessment inspections, and operators are accident-free, these enforcement statements are hidden within the bureaucracy of an SMS enterprise. Do as I say, [by actions and intimidation] and not as I do [by the text in the SMS policy] is an effective AE oversight tool. By random chance this type of oversight management does not lead to accidents. 



OffRoadPilots


Comments

Post a Comment

Popular posts from this blog

Accepting or Rejecting Risks

By Didrik Strand offroadpilots@gmail.com
Image
Accepting or rejecting risks is a fundamental principle in a successful safety management system (SMS). A person managing the safety management system is expected to maintain a process for identifying hazards to aviation safety and for evaluating and managing the associated risks and ensuring that personnel are trained and competent to perform their duties as they apply to the safety management system. This includes training for both the accountable executive and SMS manager, in addition to other airport and airline operations personnel. A level of risk is an inherent element of aviation safety and there are several types of risks to consider when accepting or rejecting risks. One type of risk may take precedence over another type even if it is not directly associated with operations. Risk control strategies are beyond accepting or rejecting a risk, it is to justify control actions based on defined criteria. There are five categories of risks. The total risk is the sum of identified an...
Read more

Lawless

By Didrik Strand offroadpilots@gmail.com
Image
A safety management system (SMS) is a regulatory requirement for airport and airline operators, the SMS regulations are performance-based, processes must conform to regulatory requirements, but still, a healthy SMS is lawless. In a lawless system events are unrestricted, actions are reactive to immediate threats, and data are collected by random chance. A safety management system contains multiple components to conduct research study of patterns. Research study design is a framework, or the set of methods and procedures used to collect and analyse data on variables specified in a particular research problem. A safety management system research study designs comes in many shape and forms, with advantages and limitations. A rule-based SMS is an overcontrolled system to justify an expected definite and unambiguous output. A system where predetermined results exists, is a system without trust, without learning, without accountability, and a system where information sharing impossible. A la...
Read more

Human Factors

By Didrik Strand offroadpilots@gmail.com
Image
Human factors and human errors are two separate things but are often used interchangeable in conversations and in the aviation industry. Human errors are attached to a person who could be linked to an occurrence. In addition, the severity of the outcome is a predetermining factor how important it is to assign human error as the root cause after an accident.  Human error root cause analysis has widespread support from the aviation industry. However, with the implementation of the Safety Management System (SMS) regulations, accountability came into play, and it became impossible to justify human error as the root cause.  A healthy SMS looks at the organization and its systems, and the fact that a person overlooked, or missed an item is no longer a root cause, such as a pilot missing a checklist item. Checklists are required and are used for any flight, but there is no evidence a missed checklist item was the root cause of any accidents. At the other end of the spectrum, completi...
Read more