COUNTERFEIT SMS

A counterfeit Safety Management System (SMS) is not simply a weak or immature system; it is a system that never truly operates in daily decision-making. It exists primarily to satisfy oversight expectations rather than to control operational risk. The first and most reliable indicator appears in behavior changes during oversight. Before an audit, work is informal, hazards are handled verbally, and production dominates choices. During an audit, employees suddenly quote policy, manuals are referenced, reports appear, and safety terminology becomes fluent. Afterward, operations return to normal. A real SMS permanently changes how decisions are made; a counterfeit one only changes how people speak when observed. If safety language disappears when oversight leaves, the system is theatrical rather than functional.

Another major sign is the presence of reports without operational change. Genuine systems convert hazard reports into removal of risk. Counterfeit systems convert reports into records. You will see repeated hazards logged over months or years, corrective actions labelled as “monitor,” and files closed without verification. A decisive question is whether the organization can demonstrate a hazard eliminated because someone reported it. If the only evidence consists of meetings, investigations, or discussion rather than removal, the SMS is administrative. Safety performance must be measured in hazards removed, not documents produced.

Risk assessments also reveal authenticity. In counterfeit environments, assessments consistently conclude that risk is acceptable. Probability values are copied across forms, different hazards receive identical ratings, and existing controls are re-listed as new mitigation. The purpose becomes approval of planned work rather than understanding exposure. A real SMS frequently produces inconvenient outcomes: delays, redesign, additional cost, or cancellation. If risk assessment never disrupts production, it is authorizing risk rather than analyzing it.

Counterfeit systems commonly assign safety to a department or individual instead of embedding it across the organization. Employees say “talk to safety” or “the SMS office handles that.” In a real system, maintenance can delay flights, dispatch can reject plans, supervisors can stop tasks, and workers intervene without permission. When safety belongs to a single role, operations belong entirely to production. When safety belongs to everyone, behavior changes across the organization. A safety office should coordinate safety, never contain it.

Investigation quality is another clear diagnostic. Counterfeit investigations end with human error: inattention, lack of awareness, complacency, or need for retraining. Real investigations identify system conditions such as time pressure, staffing levels, conflicting priorities, procedure design, or equipment usability. If corrective actions repeatedly retrain individuals, the organization is repairing people instead of repairing the environment that shaped behavior. Human error should begin an investigation, not conclude it.

Worker communication reveals the true operating climate. In counterfeit systems employees speak cautiously, requesting anonymity and warning investigators not to document their statements. They describe how they “make it work” or how things have always been done. In real systems employees reference previous reports, known fixes, and management-supported changes. Psychological safety determines operational safety. When workers must protect themselves from reporting, the reporting system itself becomes a hazard.

Safety meetings also differentiate real and false systems. Counterfeit meetings review statistics, discuss events abstractly, and end without assigned actions or deadlines. Agendas repeat monthly. Real meetings conclude with clear responsibilities, completion dates, and verification methods. Meetings that generate discussion but no operational decision function as public relations rather than risk control.

Performance indicators can mislead when they measure activity instead of exposure. Counting reports, inspections, or training hours demonstrates motion, not safety. Authentic indicators track risk movement, such as the time required to mitigate a hazard, recurrence rates after corrective action, or exposure reduction trends. If performance graphs cannot demonstrate decreased operational exposure, they measure bureaucracy rather than protection.

Change management provides another decisive indicator. In counterfeit systems the organization documents risk after implementing the change: procedures already in use before assessment, equipment installed before review, staffing reduced before analysis. Documentation becomes historical justification rather than prevention. In functioning SMS environments, operational staff expect no change to proceed before risk understanding.

Emergency preparedness exposes similar patterns. Counterfeit plans are precise but impractical, listing unavailable personnel, outdated contacts, and unrealistic timelines. Exercises emphasize attendance rather than performance. When responders privately describe what would actually happen, the gap between reality and documentation reveals system authenticity. A real plan reflects how people truly operate under pressure.

Ultimately, a counterfeit SMS manages regulatory exposure, while a real SMS manages operational exposure. One protects the organization from findings; the other protects people from harm. The difference appears in consequences. In a functioning system work sometimes stops, schedules move, costs increase, and leaders accept delay. Safety competes with production and sometimes wins. If safety never meaningfully influences decisions, it is not part of operations.

A final diagnostic question captures the distinction: ask any employee to describe the last time safety overruled operations. If the organization struggles to answer, the SMS exists on paper. If multiple employees immediately provide different real examples, the system is alive.

OffRoadPilots