Sofema Online (SOL) www.sofemaonline.com considers the fundamentals concerning regulatory oversight of an EASA compliant Reliability Program

 Aviation Regulatory Authorities face several challenges in auditing and ensuring effective oversight of operator Mandatory Aircraft Reliability Programs. These challenges include

>> The complexity of the programs

>> The need for specialized technical expertise

>> The limited resources of regulatory agencies

Sofema Online (SOL) www.sofemaonline.com considers the challenge of performing a QA audit of an SMS system

Introduction

SMS is a business system just like any other, so as part of our Compliance Auditing obligations we will be looking at the following elements as suitable for our auditing activities.

1. Management
2. Documentation
3. Competence
4. Training

Introduction by Sofema Aviation Services (SAS) www.sassofia.com – SAS EASA Compliant Aviation Quality Audit Training Programs have more than 30 Years of relevant commercial aviation experience sitting behind our courses. This level of experience enables us to offer the most practical and immersive training experience.

See Course Details here https://sassofia.com/course/easa-compliant-aviation-quality-assurance-senior-and-lead-auditor-course-5-days/

Introduction to our 5 Day EASA compliant course specifically developed for building competence related to Aviation Quality Assurance Senior and Lead Auditors.

Steve Bentley CEO of Sofema Aviation Services (SAS) www.sassofia.com explains the role of the training material presented by SAS & SOL (Sofema Online) and considers the obligations of the receiving organisation 

Introduction

Sofema Aviation Services was founded back in 2008 – currently, we provide over 550 Classroom & Webinar Courses and over 220 Online courses through our sister site www.sofemaonline.com

Since the beginning of Jan 2020, we have had over 17500 enrollments in our regulatory training.

• Training for Internal Auditors
• How to satisfy Independent Audit Requirements within an EASA Compliant Organisation
• Developing Aviation Auditing Skills for all Staff

Message for EASA Compliant Organisations - Operations/CAMO/AMO/Airports/ATO/ - How do you manage your internal auditing objectives?

SofemaOnline (SOL) wwww.sofemaonline.com offers the following course to support the development of your internal auditors

A review carried out by SofemaOnline (www.sofemaonline.com)

Checklist for CAO Organisational Audit

While this checklist is presented as a “sample” of the areas which should be covered during an independent audit of a “small” CAO organisation - It will also serve to provide guidance as to the required scope of the Quality System for a non-small CAO Organisation 

For every item it should be considered that this audit is against a “standard” it is a compliance audit - where there is no documented standard directly available from the regulations - The organisation should develop & document its own standard.

Practical Base Maintenance Audits - Advanced Techniques for Auditing Workshops

A SofemaOnline Review (www.sofemaonline.com)

Auditing workshops

What is Unique within the Workshop Environment is that there is no Workshop Licence – So, for this reason, it is necessary to pay particular attention to the competence of the workshop certification personnel.

A typical workshop audit would start with the Organisations Quality System and ask the questions:

What are we Trying to Verify?

An Audit will typically generate a number of findings, and whilst the first step is usually to take an immediate “short term” action, the important business is ensuring the fundamental cause or “root cause” is addressed – the challenge is that this is far from easy!

Essentially, we are seeking evidence that the cause or “causes” of the problem have either been removed or mitigated in an acceptable way. (It is not always possible to completely fix the issue and sometimes the best outcome we can hope for is a reduction of the causes.)

Essential Evidence for Verification

To deliver effective EASA compliance audits it is necessary to pay attention to a number of key areas which are identified below for discussion purposes.

a) Maintaining Objectivity
b) Sample Size
c) Value of Finding Raised
d) Operator’s Authority on Area of Audit

Maintaining Objectivity

Objectivity requires both perspective and balance on the part of the auditor. We should also pay attention to the fundamental reason we are carrying out the audit.

Introduction

The essential purpose of an EASA compliance audit is to support the maintenance of the regulatory approval.

Quality Assurance Compliance Audits are a systematic and independent comparison of the way the system process or objective is met. Using the observations made during this audit, as “objective evidence” a comparison is thus made against the standard, generating non-conformities or corrective actions in the event of any discrepancy.

The audits should be documented with a checklist which shows the details of the audit standard or audit criteria which is being applied to the audit.

Note 1 Quality Assurance Audits are Prescriptive in as much as they are always referenced against a standard – means compliant.

Management system audit requirements may include reference to documents such as policies, objectives, processes, procedures, instructions, quality plans, which can when combined with an audit scope statement, deliver internal audits which can be either wide-ranging or focused on any aspect of the organization or part thereof and which has the potential to address risk performance.

ISO 19011 considers that there is a risk associated with delivering an audit program which addresses all the requirements of the various standard or the management system are covered within a year.

Why does this method of scheduling create a risk?

Essentially audit programs which are fitted into an annual 12-month calendar program rarely take risk into consideration.

Changing the Audit Focus to a Performance Based System where the audits are driven by needs related to both System Performance and Management Objectives rather than by simple schedule.

For maximum benefit the internal management systems audits should connect with an overarching objective to evaluate "risk".

IS031000, defines risk as: "An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence" or the "effect of uncertainty on objectives".

It is increasingly understood that the explicit and structured management of risk brings benefits.

It is common for internal audit programs to be developed on an annual calendar that predicts which aspects of the Quality Management System are going to be audited.

Compliance Auditing brings with it the daily challenge of ensuring that the organisation remains at all times fully compliant with both internal and external obligations.

The Audit Management, Control and Oversight system should ensure that the established safety and quality procedures are fully complied with.

In addition :

a)     To plan and deliver audits

b)     To review findings

c)     To perform root cause analysis and develop additional actions where necessary (under the specific control or guidance of the business area owner of post holder)

In an effective Quality Management System QMS monitoring is a continuous process. It is essential to ensure robust and continuous oversight of all internal processes, and procedures.

Let’s consider the difference between Assessment & Audit

Assessment

The evaluation process used to measure the performance or effectiveness of a system and its elements.

Our goal is to perform an assessment of the auditing process follow up to determine both the cost effectiveness and overall value to the business.

Audit

An EASA Audit is a systematic and independent examination to determine whether quality activities comply with external regulatory requirements and internal organisational specifications and whether these specifications are implemented effectively.

A primary indicator of a poor or failing system is repeat findings or findings which should be addressed at a lower level – for example the Competent Authority should not identify problems which are normally expected to be found within the internal Quality Assurance System audit process.

Why should we wish to measure the performance of our Compliance Audit Process?

Essentially for 2 reasons

1/ The first is that we have an organisational obligation to ensure both regulatory and organisation compliance and of course there is a cost for this – so the question becomes is the organisation receiving value for money?

2/ The second is because there is a cost associated lets call it a return on investment – if we invest more will we return more- without a measure we will not be able to understand this.

The Internal Audit function was predominantly existing as a mandatory process to ensure and demonstrate compliance is also able to focus on improving business performance and add value by supporting strategic business objectives.

Management communication of the various shortfalls related to the audit findings should be strong and consistent and to be demonstrated to have a contributory impact on a culture of compliance within an organization

EASAOnline is pleased to discuss the role of the EASA Quality Assurance Auditor. Quality Auditors will be found in all organisations which work under the umbrella of the European Aviation Safety Agency (EASA), including Airlines, Airports, and Maintenance Organizations.

Considering the Nature of Audits

When we talk about audits we are generally talking about the need to ensure compliance. Regulatory audits are essentially compliance audits where we are looking to compare the actual with the expected. The expected typically being compliance either with EASA or another regulatory body.

Let’s first consider a fundamental difference between ISO 9001-2015 and EASA Regulatory Compliance Audits.  In the ISO world one reason to perform internal audits is to support the continual improvement of the organisation system. Conversely when in EASA compliance audit is carried out it is essentially to support the identification of a non-conformance.

Let’s also consider that the criteria by which we audit is called our audit “standard” Such a standard may in fact be a regulatory requirement driven directly from the Implementing Rule IR or the Acceptable Means of Compliance (AMC).

It may also be a requirement based on the need for compliance with internal documentation, for example any of the following - OPS Manual Part A, EASA Part 145 Maintenance Organisation Exposition (MOE), EASA Part M Continuous Airworthiness Management Exposition (CAMO) or EASA Part 147 Maintenance Training Organisation Exposition (MTOE).  All of the aforementioned documents contain detailed procedures which need to be complied with by the organisation.

Step 1 is to fully understand the standard or requirement which we are auditing against

If it is a regulation – what is the current issue (are there any changes due – check for Notice of Proposed Amendments) the more background knowledge the better able you are to make good audit decisions.

It if is an internal process or Procedure – who is the owner or responsible person (do they know that you are going to be auditing there procedure?) it is good business manners to inform them – again take the opportunity to ask if there are any planned changes to the procedure or process.

Always taking the opportunity to ask open questions which will aid and benefit understanding of the background related to the audit subject matter.

How does the role the Quality Assurance (QA) Auditor differ within the EASA environment compared to say other aviation regulatory systems? (FAA for example?)

Well the first thing to consider is that the role of the Quality Assurance Auditor within the EASA system is quite specific in that it requires “Independence” This is not the case for example when you consider ISO 9001-2015.

9001: 2015 has removed the requirement for a single point of contact regarding the QMS replacing it with a new section on leadership to better emphasis a greater involvement from the leadership team. Compare with EASA where we have specific roles and responsibilities (Including Independent Compliance Manager (CM) and a clear understanding of who is managing each business objective, whilst still ultimately identifying the responsibility of the nominated persons.