Risk assessment to identify, manage, and
mitigate potential hazards
By Polly Thomson

"Risk assessment is a crucial process of your
Safety Management Systems (SMS) in Maintenance", Polly says

Risk assessment is an evaluation based on engineering and operational judgement and/or analysis methods in order to establish whether the achieved or perceived risk is acceptable or tolerable.

Risk assessment is a crucial process involving evaluating potential risks based on various methods such as engineering analysis or operational judgment

Its primary goal is to determine whether the identified or perceived risks are at an acceptable level of safety (ALOS) that an organization or industry can manage or tolerate safely. 

Risk assessment serves as a valuable tool to recognize and address potential hazards within an organization or industry. By identifying these risks, it enables the development and implementation of strategies aimed at managing or mitigating these potential threats effectively, thus enhancing overall safety measures.

Risk Assessment Process is a part of SRM

Hazard identification and risk assessment start with the identification of all the parties involved in the arrangement, including independent experts and non-approved organisations. This identification process extends to cover the overall control structure, and assesses in particular the following elements across all subcontract levels and all parties within such arrangements:

(1) coordination and interfaces between the different parties;

(2) applicable procedures;

(3) communication between all the parties involved, including reporting and feedback channels;

(4) task allocation, responsibilities and authorities; and

(5) the qualifications and competency of key personnel with reference to point 145.A.30.

The safety manager plays a key role in
Risk Assessment

The role of a safety manager encompasses facilitating several crucial functions within an organization, primarily centered around hazard identification, risk assessment, and risk management. These functions are pivotal in ensuring a safe working environment and preventing potential incidents. The safety manager plays a key role in:

Hazard Identification: Actively seeking and recognizing potential hazards or risks within the workplace or operational procedures.

Risk Assessment: Evaluating these identified hazards to determine their potential impact and likelihood, typically through various methods such as engineering analysis, operational judgment, or specialized risk assessment techniques.

Risk Management: Developing and implementing strategies to control, mitigate, or eliminate identified risks. This includes creating policies, procedures, and safety protocols aimed at reducing or managing these risks effectively.

Overall, the safety manager serves as a critical figure in establishing and maintaining a safe work environment by actively engaging in hazard identification, assessing risks, and implementing strategies to manage and minimize these risks.

Risk Assessment on Production planning

The organisation shall have a system appropriate to the amount and complexity of work to plan the availability of all necessary personnel, tools, equipment, material, maintenance data and facilities in order to ensure the safe completion of the maintenance work.

As part of the management system, the planning of maintenance tasks, and the organising of shifts, shall take into account human performance limitations, including the threat of fatigue for maintenance personnel.

The organisation should have a procedure (including mitigations) to address cases where the working hours are to be significantly increased, or when the shift pattern is to be significantly modified, such as for urgent operational reasons. In cases not covered by that procedure, the organisation should perform a specific risk assessment and define additional mitigation actions, as applicable. 

Basic mitigations may include:

(1) additional supervision and independent inspection;

(2) limitation of maintenance tasks to non-critical tasks;

(3) use of additional rest breaks.

Risk Assessment also for Facility

Subject to a risk assessment and agreement by the competent authority, the organisation may use facilities at the approved location other than a base maintenance hangar for certain aircraft base maintenance tasks, provided that those facilities offer levels of weather and environmental protection that are equivalent to those of a base maintenance hangar, as well as a suitable working environment for the particular work package. This does not exempt an organisation from the requirement to have a base maintenance hangar in order to be approved to conduct base maintenance at a given location. 

The AMC1 145.A.25(a) underline the assessment of the protection from the weather elements relates to the normal prevailing local weather elements that are expected throughout any twelve month period. Aircraft hangar and component workshop structures should prevent the ingress of rain, hail, ice, snow, wind and dust etc. Aircraft hangar and component workshop floors should be sealed to minimise dust generation

Storage facilities for serviceable aircraft components should be clean, well-ventilated and maintained at a constant dry temperature to minimise the effects of condensation. Manufacturer’s storage recommendations should be followed for those aircraft components identified in such published recommendations.

Storage racks should be strong enough to hold aircraft components and provide sufficient support for large aircraft components such that the component is not distorted during storage.

All aircraft components, wherever practicable, should remain packaged in protective material to minimise damage and corrosion during storage.

Risk Assessment for MOC 


The organisation should manage changes to the organisation in accordance with point (e) of AMC1 145.A.200(a)(3). For changes requiring prior approval, it should conduct a risk assessment and provide it to the competent authority upon request

Changes may introduce new hazards or threaten existing safety risk controls. The management of change should be a documented process established by the organisation to identify external and internal changes that may have an adverse effect on the safety of its maintenance activities. 

It should make use of the organisation’s existing hazard identification, risk assessment and mitigation processes

The following changes to the organisation shall require prior approval by the competent authority:

(1) changes to the certificate, including the terms of approval of the organisation;

(2) changes of the persons referred to in points 145.A.30(a), (b), (c) and (ca);

(3) changes to the reporting lines between the personnel nominated in accordance with points 145.A.30(b), (c) and (ca), and the accountable manager;

(4) the procedure as regards changes not requiring prior approval referred to in point (c);

(5) additional locations of the organisation other than those that are subject to point 145.A.75(c).

(b) For the changes referred to in point (a) and for all other changes requiring prior approval in accordance with this Annex, the organisation shall apply for and obtain an approval issued by the competent authority. The application shall be submitted before such changes take place in order to enable the competent authority to determine that there is continued compliance with this Annex and to amend, if necessary, the organisation certificate and the related terms of approval that are attached to it.

The organisation shall provide the competent authority with any relevant documentation.

The change shall only be implemented upon the receipt of a formal approval from the competent authority in accordance with point 145.B.330.

The organisation shall operate under the conditions prescribed by the competent authority during such changes, as applicable.

Effective management of change should be supported by the following:

(1) implementation of a process for formal hazard identification/risk assessment for major operational changes, major organisational changes, changes in key personnel, and changes that may affect the way maintenance is carried out;

(2) identification of changes that are likely to occur in business which would have a noticeable impact on:

(i) resources — material and human;

(ii) management direction — policies, processes, procedures, training; and

(iii) management control;

(3) safety cases/risk assessments that are focused on aviation safety;

(4) the involvement of key stakeholders in the change management process, as appropriate.

During the management of change process, previous risk assessments and existing hazards are reviewed for possible effect.

Risk Assessment risk also for maintenance standard

The organisation may only modify maintenance instructions in accordance with a procedure that is specified in the MOE. With respect to changes to maintenance instructions, the organisation shall demonstrate that they result in equivalent or improved maintenance standards, and shall inform the author of the maintenance instructions of such changes. For the purposes of this point, “maintenance instructions” mean instructions on how to carry out a particular maintenance task; they exclude the engineering design of repairs and modifications.

The referenced procedure should address the need for a practical demonstration by the maintenance personnel proposing the change to the compliance monitoring personnel, of the modified maintenance instruction. 

Depending on the nature of the maintenance instruction modification, a risk assessment may be required to demonstrate that an equivalent or improved maintenance standard is reached.

Risk Assessment risk of Audit Plan

An essential element of the compliance monitoring function is the independent audit.

The independent audit should be an objective process of routine sample checks of all aspects of the organisation’s ability to carry out all maintenance to the standards required by this Regulation. It should include checking compliance of the organisation procedures with the Regulation, adherence of the organisation to these procedures, and product or maintenance sampling (i.e. product audit), as this is the end result of the maintenance process.

The independent audit should provide an objective overview of the complete set of maintenance-related activities. It should include a percentage of unannounced audits carried out on a sample basis while maintenance is being carried out. 

This means that some audits should be carried out during the night for those organisations that work at night. 

The independent audit should sample check one product (such as one aircraft or engine or component) while undergoing maintenance on each product line every year as a demonstration of compliance with the maintenance procedures and requirements associated with that specific product. This should include in particular the verification of:

− the maintenance data and compliance with the organisation procedures, including consideration of human factors issues;

− the facility and maintenance environment;

− the standard of inspection and precautions;

− the completion of work cards/worksheet;

− the tools and material;

− the authorisation of the person carrying out maintenance.

The audit planning cycle specified may be increased by up to 100 %, subject to a risk assessment and/or mitigation actions, and agreement by the competent authority.

STEIA AVIATION - Specialized Safety Promoter

eMAIL : polly.steiaviation@gmail.com