Critical Controls

Performance: Going for the Deep Dive

In this series’s previous post, I discussed the identification of critical controls in the service of a fully-functioning airport (or anything for that matter) safety assurance, but that is not the end of the story.

The point of having these critical controls is to provide your organisation with an account of how it manages risk.

The role of the Accountable Executive, supported by their subordinates, is to be in a position to provide that account and to ensure that it aligns with the organisation’s strategy and objectives, or vice versa.

There may be some discussion on the level to which this account should reach but the following article outlines what is thought to be an effective and achievable middle ground.

A Model for Doing Stuff

When approaching the problem of assessment, it is advisable to have general model of how stuff gets done. In this case, you need a model of a systematic approach to doing.

Probably one of the most widely accepted models is PDCA which stands for Plan, Do, Check, Act. There is plenty of information on the Internet on PDCA and perhaps it is the result of an inadequate understanding on my part but I like to modify it slightly.

For me (and others), the D(o) and the A(ct) are the same thing, and you may not want to act if you haven’t planned that action appropriately.

So I like to look at it as PDC and while the P-D-C steps are in order, they may not always flow one after the other. You might have ten goes at the doing before you do a check and that might send you right back to the doing part. Below, is a somewhat colourful and hopefully informative diagram.

PDC Diagram

Starting at the Start

I hope it is obvious that this circular, feedback driven process starts with a plan. This plan will be based on the identified risk, any legislated standards and/or regulatory requirements as well as industry best practices. This is where your assessment standard will also need to start.

The assessment of the “plan” step will include answering the following questions:

  1. Does the plan address the risk, does it meet standards and requirements and is it best practice?
  2. Is the plan documented (for example, in the Aerodrome Manual or in the Wildlife Hazard Management Plan)?
  3. Does the plan result in assessable procedures, tools and/or training?

Going for a Ride

The next step of the assessment (and therefore the next part of the assessment standard) will look at the “do” part. This process will involve:

  1. Checking that the do-er has access to the procedures
  2. Checking that the do-er’s tools are fit-for-purpose, available and serviceable
  3. Checking that the do-er is trained
  4. Checking that it all comes together to achieve the plan

Who Checks the Checkers?

Some people might argue that the process I am outlining here (critical controls and assessment standards), is the “check” step - I don’t agree.

This step in the cycle is for those in the cycle. This overall process of assurance discussed here, sits outside the cycle. It is independent (and hopefully, objective) as its goal is not in the doing but in the managing or governance.

The “check” step is about feedback to the do-er and will be, itself, laid out in the plan. The plan should discuss when a supervisor or manager will review records to identify trends or sign-off work as complete - it will vary. At the very least, you are looking for feedback.

Probably, the best example I can think of is for regular but random checks of airside drivers. The authorising of drivers is the “doing” part but going out on the movement area and checking licences or measuring vehicle speeds is the “checking”.

Your assessment standard should include these steps to provide an overall picture of the system in action.

Pulling it Together

With assessment standard in hand, it is time to get to work - auditing. Some might not consider auditing real work but it can be challenging, especially when your goal is addressing risk in a functional, yet efficient way.

Runway Entry

The end result will be a condense but complete picture of how a critical control is performing. This digestible form will allow your Accountable Executive to have a full appreciation of the process by which your organisation manages risk. Put it together with some contextual statistics (e.g. significant events, losses, magnitude of operations), and your assurance processes will put you in the drivers position in terms of accountability and improvement.

This was part 3 in a 3-part series on proactive safety assurance in relation to risk assessment - part 1 looked at the Safety Assurance process overall while part 2 explored the concept of critical controls.

Feel free to contribute to this post and other posts by leaving a comment below (registration needed before you can comment).

Photo of sun by APilotsEye

Editor's note: New Airport Insider is independent and free from advertising. We want to keep it this way to create an optimal user experience. At the same time, we are growing fast and this requires further financial investment. This is why we are now seeking sponsors and benefactors. If you are interested, contact us at hello[at]dcdesigntech.com. Thank you.

Subscribe to New Airport Insider by Email

Critical Controls: What Keeps You Up at Night?

airport safety assuranceToday's post on safety assurance will focus on identifying and measuring critical controls.

Checking an entire system of controls is a big job. Reporting on those checks would be an even bigger job and not necessarily a welcome thing if your senior management is as busy as mine. The company I work for employs a criticality filter to focus our accountability on those activities that mean the most.

This article is going the explore both why you might want to use criticality and how you might apply it to your long list of controls.

How Do You Manage a Deluge?

Anyone who has dealt with a large spreadsheet knows about filters. Power users of Excel or Numbers will have used them to their advantage and, if they have done it in front of others, have probably earned themselves a few admirers.

But even the most tech-noob amongst us is using filtering all the time. Human perception filters out, supposedly, unneeded data automatically either to allow us effectively operate or because our body is suffering under stress (think, tunnel vision leading passing out when subject to G-force).

As stated above, a criticality filter can take your lists of (potentially hundreds of) controls down to 3-10 and if this list if truly your most importance risk control activities, then now you have the time go into depth on these controls and then report up to your Accountable Executive in a way that they can digest, comprehend and articulate, if required.

Pick Your Favourite Child?

Once you've accepted that you need to choose some of your control activities for special attention, now you need to pick them. This is probably the part of the process where things have the potential to become contentious and to be stalled.

The primary piece of advice given to me when I was first introduced to this approach was to consider "what controls, if not working properly would keep me up of night?" At that time, I was still new in my job, so I have a few things I wanted to change and these kept me up at night already - so it was easy.

But having been through the process now, I have developed some other guidelines to help identify the critical aspects of your operations. They are proactivity, persistence and multi-purposes.

  • Proactive Controls

Don't rely on a trigger to be enacted/implemented. Obviously, this applies to activities like habitat control (grass management) and serviceability inspections.

  • Persistent Controls

These are ones that are always there during operations. Passenger screening and approach slope guidance lights are good examples having this quality.

  • Multi-purpose Controls

These are signal activities that address two or more hazards/risks. A perimeter fence is a great example of this as it address both the safety risk of animals and the security risk from agents with intent.

Don't Forget Context

As with nearly everything in the field of safety management, a definitive answer on critical controls cannot be given. Because your context will be different to mine, and even mine is changing over time.

The matrix below shows the critical controls I've been working with for the last year but they are under review at the moment.

Example Airport Critical Control Matrix (CC) Dan Parsons

Given I think that this is a contentious topic, I'd love to hear your point of view in the comments below.

In part 3, we'll go into what you do with these critical controls through the development of a standard against which your audit/review is conducted.  Part 1 provided an overview of Safety Assurance.

Photo credits: 1 is by APilotsEye 

Rest Assured: Safety Assurance for a Good Night's Sleep

This is part 1 in a 3-part series on proactive safety assurance. This article provides a little overview on safety assurance as a process and a potential way to lighten the load to get started. Of the 4 pillars of ICAO's Safety Management System (SMS) framework, I tend to think that Safety Assurance is the biggest lost opportunity. Policy, risk management and training tend to get done in same manner but a truly proactive assurance program is, in my experience, often overlooked. And that is a shame, because I see the assurance part as the difference between doing safety and managing safety. But the challenge is where to draw the line in terms of detail and reporting. This series looks at how to tackle that problem.

Without a feedback loop, a safety manager can't provide assurance to the highest level of the organisation that safety objectives are being met. Without that assurance, accountable executives cannot provide an account (the definition of the title) of how safety is achieved.

Without that accountability, I don't know how they sleep at night.

Investigation and statistical analysis are a key part of a safety assurance program but they aren't the full story. Looking at where you have had problems in the past is important but it's not going to cover all your bases - it is not going to help in a dynamic environment, during periods of change or to help catch that insidious black swan.

To complement this reactive approach, you need to get proactive.

That means going out and looking at the operation in action, making sure it is performing as designed and that the design achieves the objectives of the system (including safety). Again, this is the difference between doing and managing.

Going out and measuring normal performance will give you a better chance of spotting deviation and catching problems before they become problems.

Information Overload

So did that just double your workload?

It did seem that I suggest you not only do your job but then you check that your job was done correctly.

Well, yes, it does mean that. It gets even worse when you consider that many operational tasks airside on an airport are checks in themselves. So I am actually asking that you check that your checks are functioning as expected by you, your stakeholders and your regulator.

Regulatory guidance tends to suggest that the expectation is that operators will check their entire system and maybe that should be the goal.

But in implementing a new or revitalised proactive assurance program it might pay to focus on what is important or in other words critical.

Let's Get Critical

Critical is such a good word in this context. It has a generally accepted meaning that does allow it to be honed in specific contexts. No one seems to get upset when you specify what critical means in a particular context like they do when you define risk in anything but ISO31000 terms.

And it is tied to that concept of risk so neatly that now you start to have the ability to assess what aspects of your operations need to be looked at closely.

The organisation I work for focuses on critical controls and they are the pivot points for a standardised approach to auditing, review and reporting.

In part 2 of this series, we'll dive into critical controls and how they can be defined and then used to get a good night's sleep every night. But before you go to bed, leave a comment below and keep the conversation going.

Editor’s Note From today we will publish bimonthly, so 2 posts a month. Our next article will be on the 26th March 2014 then on the 9th of April and so forth. We thank you for being part of our community.