Risk assessment and management continued, continued

Risk Assessment – Risk Identification:

Risks need to be identified in terms of what, why and how things can arise so further analysis of the risk can be undertaken. This step should identify any risks arising from the operating environment and generate a comprehensive list of risks that could impact on those objectives.

For some activities, especially safety related activities, hazard identification is the first step when identifying risks. A ‘hazard’ can be a situation that poses a level of threat to life, health, property or the environment; or a form of potentially damaging energy.

Risks can be identified using the following tools:

• audits or physical inspections
• accident / incident reports
• brainstorming
• decision trees
• history
• interview / focus groups
• personal or organisational experience
• scenario analysis
• strengths, weaknesses, opportunities and threats (SWOT) analysis
• survey or questionnaires.

Some questions to ask when identifying risks:

• When, where, why, and how are the risks likely to occur?
• What is the source of each risk?
• Who is likely to be affected by the risk?

Identified risks will be documented on the Risk Control Worksheet available in the downloads below

Risk Assessment – Risk Analysis:

The objective of this step is to separate the broadly acceptable risks from those risks requiring subsequent treatment. For each identified risk the existing controls need to be analysed in terms of consequence and likelihood in the context of those controls.

A control is defined as a measure that modifies a risk i.e. reducing the consequence and / or likelihood. Controls include any policy, process, practice, device, people, or other actions which modify risk. The method of analysis to be applied will depend on the particular application, the availability of reliable data and the decision-making needs of the activity. Details on risk analysis techniques can be found in ISO31010:2009 Risk management – Risk assessment techniques. As appropriate, these techniques may involve the qualitative or quantitative assessment of risk.

The risk assessment matrix is an example of a qualitative tool used to assess consequence and likelihood. Consequence (Table 1) and Likelihood (Table 2) values are used to derive a Risk Rating (Table 3). The numeric rating scale should be applied consistently for each activity evaluated and the detailed consequence descriptions need to be considered in the context of the activity that is being assessed.

Risk Assessment – Risk Evaluation:

An evaluation of each identified risk will be conducted to determine those risks that are acceptable and those that require further treatment. Risks that require further action will be mitigated prior to any RPAS operations. The risks that have been accepted will be noted and monitored in accordance with ‘Monitor and Review’ process detailed below.

Existing controls and their effectiveness must be taken into account when analysing the risk to derive a Risk Rating score. Details of this risk analysis will be recorded on the Risk Control Worksheet detailed in Table 4 (below). The analysis will consider the range of potential consequences and how likely they are to occur. Consequence and likelihood are combined to produce an estimated level of risk called the Risk Rating.

Risk Treatment:

In accordance with Table 3 (below), low priority risks (score <4) will be accepted and monitored. Medium risks (score <6), will be reduced to an acceptable level of risk in accordance with ‘As Low as Reasonably Practicable’ ALARP principles detailed below. Risks with a score of 6 or higher are not permitted to be accepted by the Chief Remote Pilot.

The ALARP criteria will be used to manage risks that have a significant safety consequence. It is acknowledged that although the cost of mitigating a risk is a consideration of the ALARP process, it is secondary to what is required by relevant legal standards and measured against what a ‘reasonable person’ would do to control the risk in similar circumstances. For this purpose, ALARP is the situation where risk is negligible, or at least at a level where it can be managed by routine procedures.

The importance of insurance is recognised in the risk management process and as such, the operator will ensure that appropriate insurance exists for all RPAS activities that are being undertaken.

For each risk, the risk treatment(s) will be detailed in the applicable part of the Risk Control Worksheet as detailed in Table 4 (below). A new risk assessment will be conducted to determine the suitability of the risk treatment and these details, including a revised risk score, will be entered in the table.

Monitor and Review:

The last step in the Risk Management process is to monitor and review the effectiveness and performance of the risk treatment options, strategies, and the management system and changes which might affect it as follows:

• each step undertaken should be documented to enable effective monitoring and review
• risks and the effectiveness of treatment measures need to be monitored to ensure changing circumstances do not alter the risk priorities
• identification, assessment, and treatments must be reviewed to ensure the risks remain relevant and continue to be managed and that any new or emerging risks are identified and manage

INSERT TABLES (Will need to be reworked for FL requirements)