I am sitting on the end of the runway, looking at the windsock. It’s gone from calm to blowing a gentle north-westerly. I have got to get from Manchester to the Isle of Man, a flight that will take me one and half hours, but I am not happy. I can’t quite put my finger on why. Should I go?
I’m a pilot in my spare time and I’m currently training to become an instructor, which means I will be legally allowed to teach people to fly. A key thing pilots are taught from the very beginning is Safety and Risk Management. When a pilot says, “Safety is our number one priority”, they really mean it. The pilot’s life, and passenger lives, literally depend on it.
Pilots and Safety
Contrary to the Hollywood image, good pilots are not macho, impulsive, invulnerable, anti-authority figures best seen in Tom Wolfe’s “The Right Stuff”. These attributes are described in the training as Hazardous Behaviours! Most pilots are incredibly calm and organised decision-makers.
Much of training to fly is about what to do when things go wrong, dealing with situations that become an instinctive or learned behaviour, in the same way, that many drivers learn how to deal with skids in a car, for example. The training then moves on to understanding and managing situations where problems arise.
Once a pilot has the right attitude and skills to cope with problems, the next stage is how to avoid risk in the first place and how to “work a problem” when things do go wrong.
There is a saying, “truly superior pilots use their superior judgement to avoid having to demonstrate their superior piloting skills”. The goal is to avoid unnecessary risk in the first instance.
Managing Risk on the Ground
One of the most important aspects of managing risk as a pilot is to have well-ordered and well-drilled ‘check-lists’ in any given situation. Some of these can be extensive and detailed, such as pre-flight checks, and others that are less granular are well suited to be captured by key acronyms.
Decision making starts on the ground – the simple acronym PAVE allows a quick check through key areas: –
P – Pilot – I was well, all my licenses and paperwork were correct.
A – Aeroplane – the aeroplane was mechanically fine, there were no major issues, all of the maintenance was up to date.
V – enVironment – the weather was changing, was there a trend? A swing to the North for the wind often indicates the arrival of a front, which would mean rain and clouds. I was headed straight towards that. Should I go or should I wait?
E – External – I had a meeting. That was driving me to go now.
Using PAVE, what decision did I make?
I decided not to fly.
I did not need to be there until late morning the next day, so I could leave early the next day when the weather was calmer. I had really wanted to get there the night before with an opportunity to relax, but not at the cost of a poor flight. At a minimum, a poor flight could mean at the minimum an unwell passenger, a diversion, or worse.
Managing Risk in the Air
That was the approach taken when still on the ground. What if I had already been in the air? How does decision making happen in the air?
When in the air there are two sequences to be followed.
First is risk mitigation – by determining what should be done to manage risks. A simple framework
TEM– Threat, Error, Management
Threatsare events that can occur that you have no control over (e.g. Weather, mechanical failure).
Errorsare events that occur where it was the pilot a factor in the fault.
Management is the pilot’s response to either the Threat or Error.
The idea is to anticipate these events and prevent them from occurring or else have a plan in place. That could be part of your training, or a checklist list telling you what to do, an active task such as managing fuel, or it could simply be avoidance of weather.
Secondly – when something untoward does occur another sequence comes up to deal with the management of the situation.
D – Diagnose – what is the problem, how long have we got to make a decision.
O – Options – hold, divert, immediate landing etc.
D – Decide – which option?
A – Act or Assign carry out selected option and assign tasks.
R – Review – assessing or gathering information and/or the ongoing result of selected option.
To bring this one to life, you may have seen the film or come across the story of The Miracle on the Hudson where an Airbus landed on the Hudson River in New York shortly after take-off from La Guardia. That incident used exactly this model.
Within 2-3 minutes of working with the controller, they diagnosed the problem, evaluated three options and picked and executed an option. Most importantly they then stuck to their decision and devoted all their efforts to executing the choice they made. In that way the outcome was successful.
Once they had a course of action in place, they divided the tasks between landing successfully and continuing to restart the engines.
As you may have already seen in the best movies, the language of pilots can be very economical and direct. There is no time for anything else.
In this situation, the language is sometimes very terse. At one point the controller offers them priority on any runway. The short response was “unable”. Nothing else needed to be said, the crew were focused on saving the lives of everyone on board not getting into debates.
This is a full transcript – https://tailstrike.com/database/15-january-2009-us-airways-1549/).
Bringing it back to architecture
So, what has all this got to do with architecture?
Architecture is about making a difference, moving a business from A to B, to assessing and understanding the risks at hand.
Risk is inherent and obvious in aviation. If a plane falls out of the sky, that is a very bad thing. The safest flight is one that never leaves the ground. The risks associated with technology design may seem less obvious, however, software is everywhere. The Post Office Horizon project has had a very real and detrimental impact on many people’s lives, and that was a ledger system. Perhaps more obviously, software played a role in the 737 Max safety systems.
Without taking risks in design we will never move forward, but taking unguarded hazardous risks is equally foolhardy. Managing them with appropriate methods to identify their nature is the key.
Using the same approach that I used with my flight, as an architect we have a key role to play in assessing the risks and outcomes before the plane gets off the ground. We then have an ongoing responsibility to continuously assess and guide the plane once it is in flight.
When issues do arise, working the problem may involve dividing the decisions out and trusting the other person to progress a problem. Once that choice is made, devoting efforts to the course of action rather than becoming distracted can mean the difference between success and failure. Chasing an ever-better solution often means failure to deliver any solution. In aviation that might mean an extremely poor outcome.
So maybe next time you’re frustrated at a delay to your flight, take a moment to think – what decisions are the pilots making, is safety an aspect of why this flight is late?