Balancing Safety, Compliance, and Strategic Growth

Digno Bernardino, Head of Risk Management, Philippines AirAsia

Digno’s Professional Journey

My first job is in semiconductor manufacturing. I started as an Assembly Maintenance Technician, climbed the ladder until I became a Senior Process Engineer. As a process engineer, I have applied Total Quality Management tools and methodologies to continually improve the process/throughput. Here I learned the importance and benefits of Failure Modes and Effects Analysis (FMEA) where the team looks at Risk Priority Number of each failure mode. I have brought this methodology in other industries where I worked, from manufacturing to financial industry, and eventually to aviation industry. In aviation, during my days as Head of Corporate Quality, I coupled this methodology (FMEA) with ISO9001 (risk-based quality management. Eventually I was appointed as the Head of Risk Management for AirAsia Philippines where I started adopting the Risk Management framework and process of ISO31000. As the Head of Risk Management, I facilitate the review of risk registers, business continuity plans, and compliance risks; reporting of enterprise risks to Top Management and Board Committee on Governance, Risk, and Compliance. Foster risk culture through Enterprise Risk Awareness sessions, and leads special projects assigned by the CEO.

Addressing Potential Resistance from Stakeholders

Allocate time to gather feedback from stakeholders about the current Risk Management process and from there analyze and align the risk management initiatives. Make sure that the initiatives are part of the Risk Management Roadmap that supports Governance, Risk, and Compliance (GRC) objectives of the company. From the stakeholders’ feedback and the objective/s of the initiative, identify the gaps and alternatives on how the new initiatives can be made acceptable/achievable. That would include identifying the benefits of the initiative to the stakeholders’ objectives or deliverables. It is important to build that link, that connection, so that stakeholders could have a positive view and appreciation of the initiative; Rather than just considering it as another non-value adding compliance task for them.

Managing Risks

Specific examples are proprietary to the company. In general, the management action for complex risk scenario requires approval from the Board of Directors. Therefore, a Board Paper, and sometime a Business Case, is necessary. The important thing is to highlight the risk assessment (how soon the impact will be felt by the company if mitigating action is not in place).

Planning to Adapt and Evolve the Risk Management Framework

I have tried adapting or integrating the company’s risk management framework to the one thought in my Advance Masters in Aviation Safety Management (by Ecole Nationale de I’Aviation Civile), which is called Global Risk Analysis (GRA). Refer to the inserted file (my thesis).

I believe that the best way to adapt and evolve risk management framework is to do an objective-centric approach. Where the organization will look at the uncertainties surrounding the objectives of the company/department, then assess and mitigate those uncertainties.

Risk management is common sense and make “common sense” a common practice. Risk management should add and protect the value of the company

Balancing Effective Risk Management and the Pursuit of Strategic Business Opportunities

An effective risk assessment is key to finding that balance. One of the common risk assessment tool is the 5x5 matrix while others use 2x2 matrix. In most cases, there will be a risk item that has the same risk rating, i.e., two risk items are rated high and exactly on the same grid. To aid in deciding which one is top priority, the use of Risk Velocity is recommended. “Risk velocity measures how fast an exposure can impact an organization. It is the time that passes between the occurrence of an event and the point at which the organization first feels its effects. (PwC)”

Enhancing the Efficacy of Safety Management Systems

Another business is in-charge of our safety management system (SMS). In a nutshell, there are key performance indicators for flight safety and ground safety. The Flight Data Analysis is a complex process performed only by trained and certified staff. There is a set of flight information straight from the aircraft that are evaluated by the FDA team. The need for clarification or investigation is triggered by this team. The clarification and investigation is conducted only by licensed and certified professionals/pilots. Our is non-punitive, therefore, the management always look at improving the process first.

Innovative Practices or Technologies Critical in Advancing Risk Management Methodologies

Making risk management a way of life, make it part of every decision making, this is critical in advancing risk culture in any company/industry. It is a shared responsibility as a team but each member must be accountable on their own scope/area of responsibility.

A Career in the Enterprise Technology Sector

First, understand the concept, framework and process of risk management. Start with the basics and learn from ERM practitioners (coaching and mentoring). Second, risk management is common sense and make “common sense” a common practice. Risk management should add and protect the value of the company.