The Value of Risk Management

Written by Sergio Romero

Don’t do any harm, be honest in your dealings, do a good job”.

Chris Marlowe

The office is small and aggressive. It was my first time working overseas. The temperature gets high and nobody feels it whatsoever. The air conditioner just turned off and no one could do anything about it. I just began working for this organization. My mood is high and my passion remains in a continuous getting-high-and-higher mode. On the other side, my partners’ unhappiness and body language will be a matter that I would eventually understand rapidly during the next days. I was making a review on the pending issues of the former QC Manager. No management report at all. I knew I was flying blind, so I had to audit emails, logbook sheets, carry on forms and MEL items. I made a listing of priority items and sent emails to get some parts, which were pending for three months, tires and bulbs included!

I was really worried on the management system, the ethics and effectiveness of the operational safety, but no time to sob and feel sorry for myself. It’s a challenge I was telling myself when I received a beep from my phone. It was a HR Manager email replying to me that “in this company we do not buy items to be stored, because this is not a rich airline!” The end of the message was strong, irrational, and the door to what I had to deal with, because I never sent this email to such an officer in the first place. “No matter what, I am resilient enough. This is the first battle and safety will prevail”, I was convinced of that. But it turned out I was too naïf or impractical or an improper risk-management-based officer.

The evening is threatening us since we began early in the morning. Meetings are always set in the afternoon and its commencement is shifted until 6 or 7 o’clock after ten or eleven hours of safety inspections, training planning, design and delivery, meetings and component escalation requests to the CAA. I remember after one of such meetings I had a conversation with my boss once:

  • Sergio: Though this is a common practice, it is really unsafe what you guys are doing here by robbing parts from the other airplane and not actually following the procedure as accepted by CAA or asking for component escalations all the time without any risk management or even not taking such a process into account!

  • Boss: I know that, Sergio. But what would you prefer? Waiting for the part to come on time, making AOG requests all the time, or telling the client we are not ready to take this challenge, which means we are not safe?

  • Sergio: We must have a sound management system, including enforcing our Safety Policy, planning and setting relevant objectives and KPIs. Additionally, we need to have a functional and operational Continuous Analysis and Surveillance Program required by the regulations and which I detected it was inactive for more than five months, to comply with the rules and regulations, and more importantly to reply to my emails with the risk analysis I am sending to you all the time!

  • Boss: Come on, buddy, this is an ideal world. We need money for all the things you are asking, and this is impossible here!

When did his way and mine turn into different paths? It was a question hammering my brain over and over. I was daydreaming on lots of training sessions I delivered on aviation quality and safety along with managing safety for airlines, AMOs, aerodromes and even for the CAA of my country, and something came into my mind. It was a flashback, a screenshot in my brain. It was a statement I remembered from Jan Wachter, Associate Professor in the Department of Safety Sciences at Indiana University of Pennsylvania, “You don’t have to defend it on a cost-benefit analysis; you don’t have to base it on compliance with regulations; you don’t have to necessarily state that you’re going to reduce risk. The ultimate determinant is because it is the right thing to do”.


This above is Safety Ethics and could be easily understood by recalling one of the scenes of the film “Erin Brockovich”. A discussion is being held between the defendant and the main character. She’s trying to explain her opponents about a fair price for the harm they caused. Almost at the end of the discussion, one of the counselors is trying to take a glass full of water, and in the meantime, the main character tells her “by the way, we had that water brought in special for you, folks. It came from one in Hinkley”. Then, the counselor decides not to have the water. It’s just as simple as this: Are you as a provider willing to use the services or products you just rendered or made to the public?


I guess organizations are unsafe, because they don’t just want or decide to be like this. It is a matter of direction and control, as designed and fostered by the Top Management, which includes planning, having a policy at hand, objectives and ways to measure if the correct way to achieve those objectives has been followed. The operational functions may be more visible than the administrative ones. One could even say they require more resources. But believe me, guys, operational or administrative functions must dance pursuant to a music sheet set to listen to a state-of-the-art piece. Sometimes it could be quite complicated to operate in accordance with a plan, but it will be not only more effective, but safer and cheaper if organizations act as planned using the risk management process for setting controls to defend the organization from new threats and hazards.


Many times organizations are trying to avoid to be scored from the opponent, who could be the CEO, peer or operational pressure, without a plan, without a clear way, just erratic movements to keep the boss happy. This is expensive, makes the crew gets tired and stressed all the time. I heard once from one of the officers in one airline I worked several years ago: “Let’s dance to the CEO’s rhythm. If we do like that, no one could say anything if a problem arises. We were just following a Top Manager decision”, he added. But what do we really need? We need direction, including policy, procedures and control for foreseen/unforeseen events within a context. This is the core of the risk management process along with the management of change. Risk Management controls and will be able to define resources. What for? To run an efficient and safe organization!

About the author

Sergio Romero