Professional Documents
Culture Documents
Performing of Audits
Learning objectives
At the end of this module you should be
able to understand:
1. Principles of Auditing technique
2. Preparation for the audit / scope, methodology, goals
using Performance Based Oversight principles
3. Definition of applicable legislation
4. Checklist preparation
5. Inclusion of risk assessment
6. Evaluation of service provider’s documentation and
records
Learning objectives
At the end of this module you should be
able to understand:
7. Opening meeting agenda
8. Assessment of conformity
9. Non-conformities & Closing Meeting
10. Collection / security of data
1
Principles of Audit
Preparation
Modular training
Three modules prescribed for the auditors training;
1. Auditing Technique – Initial, with following agenda:
1. Refences to the legislation used during the audit based on audit
scope
2. Preparation of checklists
3. Different methods monitoring of compliance with limitations of the
service provider
4. Working with service providers’ documentation.
Modular training
Three modules prescribed for the auditors training;
3. Last one is this module ‘Auditing Techniques – Audit follow-ups’,
with the agenda focused on;
1.Overview of audit preparation activities
2.Review of the audit checklists and data collected
3.Evaluation of the corrective action plan
4.Verification of effectiveness of the corrective actions
5.Performance evaluation and risk assessment as part of the corrective
actions
6.After-audit activities
7.Review of the audit plan based on data collected
2
Target Audience
Audit Preparation
First module is dedicated to everyone including those having no auditor training before.
Audit Performance
Second module is for those who passed the first module or any formal auditor training.
Audit follow-up
Third module is for those who are or will be appointed as lead auditors or team leaders of
inspection team.
3
Principles of Audit Preparation
10
11
Audit Objective:
• The audit objective really means the purpose or the goal for this
particular audit.
• What are we trying to achieve by doing this audit? What is the aim?
What are we doing it for?
• Options:
a) Certification audit (Authority, ISO, IOSA, ISAGO, code-share
etc.)
b) Oversight audit (Internal, External follow-up etc.)
12
4
Audit Objective, Scope and Criteria
Certification Audit:
• Different names can be used: Certification, Compliance, Initial,
Approval, Conformance etc.
• Performed once, normally as a precondition to obtain privileges
• Compliance means more formal and a legal requirement (e.g.
obtaining AOC, approval of a manufacturer or maintenance
organization etc.). Compliance refers to the government or
international standards (FARs, EASA regulations etc.)
• Conformance is voluntary. Conformance refers to the norms,
expectations, standards, and policies that an organization abides by.
These may be established by the organization itself or by another
organization (e.g. airline alliance, IOSA, ISO)
13
Certification Audit:
• Normally performed by the Authority, Registrar or other independent
organization.
• May be performed by organization itself to achieve internal
approval of:
–External service providers (e.g. ground services provider for an
airline)
–Vendors (e.g. suppliers of spare parts for the maintenance
organization)
–Facilities (e.g. for performing of ditching training)
14
Oversight Audit:
• Different names can be used: Recertification, Oversight,
Surveillance, Supervision, Monitoring, Recurrent, Follow-up etc.
• Performed for those processes/organizations which passed the
certification and are currently performing activities for which they are
certified/approved
• May be either scheduled or unscheduled
• Verifying whether the certified activity keeps all required parameters
and maintain the control over operations
15
5
Audit Objective, Scope and Criteria
Oversight Audit:
• Follow-up audit:
–Specific type of the oversight audit
–This audit is required as part of the corrective action verification
process
–In most cases, follow-up audit scope is more narror than primary
audit
16
Validate
Request Audit of proposed audit
Service Provider Validate findings
logistics
and riska
Identify Audit
Category,Type Assign Audit
&Scope,Schedul Team Leader Communicate
e (Date & Audit Report and
Lead Auditor
Feequency) CAP
Review the
hazards database
and previous audit
reports. Prepare/ Compose Audit
Refine Audit
adjust the report and
Schedule, Arrange
checklist prepare CAP
logistics, assign
audit team
Perform Audit
Agree Audit
Audited Service
Timing and
Confirm Receipt
ensure
Provider
of Audit Report
availability of
required records
17
18
6
Applied exercise
• Explain which criteria and why you will use for the
planning of audit of organization processes:
• In case of airlines
• In case of maintenance organization
• In case of training organization
• In case of airport – ground services
• Work in groups
• Select a group representative to present the conclusion
Time: 15 m
19 © 2022 Copyright Fly 88, s.r.o.
19
Definition of applicable
legislation
20
Applicable Legislation
Define:
1. Legislation based on which audits are performed. It can
be:
a) NAA regulations
b) Legally binding agreement (i.e. IOSA, ISAGO, IS-BAO, Alliance
application)
c) Decision of appropriate authority (NAA, ICAO, enforcement agency
etc.)
d) Internal standards of the audited organization
21
7
Applicable Legislation
Define:
2. Legislation to which audit will refer. It can be:
a) NAA regulations
b) Agreed standards used (IOSA Standards Manual, ISO 9001 etc.)
c) Documented requirements of the customer
d) Internal standards of the audited organization
e) Such legislation should be available within the Q-Pulse software
22
Applicable Legislation
In some cases, the used legislation contains templates for the
audits;
• FAA FSIMS checklists
• IOSA checklists
• Checklist - Safety Management System Manual Structure Evaluation
ICAO Doc. 9859 etc.
In such case auditor should use these checklists either:
• As is (in such case results are comparable with other users)
• Adjust based on PBO principles (it means with changes based on
auditee pre-assessment)
• Software Q-Pulse may offer modules containing such checklists
23
Applicable Legislation
Very often, audits are performed refering to more that one
legislation source:
24
8
Applicable Legislation
During the audit, you should find cross-references between the
applicable regulations and the documentation used by the
audited organization:
25
Applicable Legislation
1. Referring to documentation should be synchronized
between different auditors if an audit team is used:
26
• IOSA ORG 1.3.1: The Operator shall ensure the management system
defines the safety accountability, authorities and responsibilities of
management and non-management personnel throughout the organization
27
9
Applicable Legislation - Terms
Be aware of terms used!
2. Program: An organized set of processes directed toward a
common purpose, goal or objective.
Examples:
• ICAO PQ 3.113: Is there a formal training programme detailing what type
of training should be provided to personnel licensing officers?
• IOSA ORG 1.6.5: The Operator shall have a program that ensures its
personnel are trained to understand SMS responsibilities and competent to
perform associated duties
28
• IOSA ORG 3.1.8: The Operator should have a policy and procedures for
the transport of items in the cargo compartment
29
30
10
Applicable Legislation - Terms
Be aware of terms used!
5. Procedure: An organized series of actions accomplished in
a prescribed or step-by-step manner to achieve a defined
result.
Examples:
• ICAO PQ 1.009: Has the State established procedures for the amendment
of its specific regulations
• IOSA ORG 4.1.17: The Operator should have procedures under the
corporate ERP that ensure a central coordination and control of all
communications with external entities:
31
• IOSA MNT 4.5.1: : The Operator shall have a process to ensure each
maintenance organization that performs maintenance for the Operator has
a training program that requires all maintenance personnel to receive initial
and recurrent training that is appropriate to individually assigned tasks and
responsibilities, and provides maintenance personnel
32 © 2022 Copyright Fly 88, s.r.o.
32
Procedure
Process
Program
System
33
11
What should you remember?
• There is a hierarchy of information used – system
program process procedure. Policy shows intention to
achieve some goal and should be promoted by top
management
• When thinking of audit as a mean for compliance monitoring,
it must be clear:
• Based on which fact you are allowed to do so
• Based on which standards you will be looking for a compliance
34
Applied exercise
• Explain which type of information should be used to
describe:
• Signing of an accomplished AD
• Collection and work with the flight data
• Intention to reach lowering level of emissions
• How to get an AOC
• Work individually
• Defend your position
Time: 10 m
35 © 2022 Copyright Fly 88, s.r.o.
35
Checklist preparation
36
12
Checklist Preparation
Principles are described in the first module of the training:
1. Proper type of a checklist should be chosen based on audit
objective
2. Checklist should clearly specify where the requirements are
taken from
3. Checklist should be organized, and checklist questions
should be grouped:
• Based on the topic (one person can answer the group)
• Based on location
• Based on complexity and cross-references etc.
37
Checklist Preparation
Different types of audits and different type of questions may be
used (see Module 1).
However, now there are available different tools for the audit
checklist preparation (Qpulse, IMX, Q5 etc.).
Such tools ease audit checklist preparation, however, following
is required:
• To be prepared by scope qualified author or with help of SME
• To be trained to use the applicable software
• To be reviewed and coordinated by the Lead auditor
• Such software should be accepted by NAA
38
Checklist Preparation
Questions used during the audit:
1. Should have its rationale clear both to auditor and audited
subject (to avoid “Why are you asking this?”)
2. Should be reviewed before and after the audit to evaluate
their applicability and effectiveness (do not repeat the
questions which are not applicable for the audited
organization)
3. Whenever possible, should be taken from the question
database (avoid “ad-hoc questions coming to your mond
during the audit)
39
13
Checklist Preparation
Questions used during the audit:
4. There should be clear and unambiguous options to reply:
a) Yes or No
b) Satisfactory or unsatisfactory
c) Documented or not documented
d) Implemented or not implemented
5. There should be an option to identify those questions where
there was no reply:
a) Not applicable, Not performed etc.
40
Checklist Preparation
Questions used during the audit:
6. In some audits there are “scoring” options:
41
Checklist Preparation
However, scoring requires:
• In depth knowledge and experience of audited processes by
the auditor
• Full impartiality of the auditor
• Clear rules how to change the scoring / close the findings
More details will be included in the third module for the Lead
auditors
42
14
Checklist Preparation
Reference to evidences:
1. In discretion of the auditor (e.g. in IOSA audits)
2. Based on auditors' consideration (e.g. ICAO PQ using
“Review Evidence & References” box0) whereas evidences
are considered both documentation and records
3. Including a field “Evidence” into checklist or referring to
evidences in the flied “Note” or “Comments”
43
Checklist Preparation
Reference to evidences:
4. It is in the discretion of the auditor to collect, maintain and
disclose the evidences.
5. However, evidences containing information which are
subject to data security, should be maintained based on the
applicable legislation.
6. Therefore, it is recommended to highlight which information
you considered as evidence but do not to keep it (e.g.
Aircraft technical log page number etc.). Such rules should
be agreed cduring the audit preparation.
44
Checklist Preparation
Working with checklist before audit commencement:
• Based on the reference document, the auditor will prepare
the audit checklist in Q-Pulse Software.
• It shall be specific for the verified area/process, containing a
series of questions.
• For each question the auditor actions may be described in
Checklist template Guidance (In Q-Pulse)
45
15
Checklist Preparation
Working with checklist before audit commencement:
1. Fill those parts which you know, such as:
a) Details of audited unit
b) Names of the auditors in the audit team and individual responsibilities
c) Facilities / items required to be visited / reviewed
d) Documentation to be reviewed including its revision status
e) Details of the previous audit
f) Detailed schedule of the planned audit
g) If member of an audit team, coordinate these activities with a lead
auditor and/or other team members
46
Checklist Preparation
Working with checklist before audit commencement:
2. Identify, whether there will be necessary any additional
resources to complete specific checklist questions (e.g.
magnifying glass, measurement instruments, torchlight,
etc.). It is not a duty of audited organization to provide you
with such items.
3. Identify, which resources should be required from the
audited organization during the audit (PPEs, ladders,
specific communication means etc.).
47
48
16
Applied exercise
• Prepare a checklist for one of the following processes:
• Availability of controlled documentation
• Managing access to the maintenance stores
• Scheduling of the cabin crew
• SMS training for ground handling staff
• Work individually
• Send your project to r.domcek@gmail.com today
Time: 1 hour
49 © 2022 Copyright Fly 88, s.r.o.
49
Inclusion of risk
assessment
50
51
17
Inclusion of risk assessment
4. To ensure effective monitoring, different range of internal
and external methods for use in the oversight of service
providers.
5. Methods might include;
– auditing,
– systematic review and risk assessment of reported hazards and/or
occurrences,
– monitoring of performance output (SPIs/KPIs),
– reporting and governance processes;
– monitoring and analysis of targeted risk areas,
– establishment of an effective two-way communication link with the
service provider.
52 © 2022 Copyright Fly 88, s.r.o.
52
Act Study
53
54
18
Inclusion of risk assessment
55
56
57
19
Inclusion of risk assessment
58
Risk Profile:
The elements of risk that are
inherent to the nature and the
operations of the audited entity
59
Safety
performance:
The demonstration
of how effectively
can an audited entity
mitigate its risks
60
20
Inclusion of risk assessment
Scope of Approval
61
Organization Activity
Non
Permanent
staff Use of the
Number of
approval &
& years using Fabrication
Outsourcing Other
the NAA of parts
Part-66 approval
approval
licensed held
Engineers
62
Stability of
the
Quality & Organization Management
Safety of task &
Management contracted
System activities
63
21
What should you remember?
• Both representant of the audited organization, lead auditor
and auditing auditor shall fully understand the question in the
checklist and its meaning
• Question must have its origin in the standards based on
which you perform the audit
• Checklist should be reviewed before commencement of the
audit and all related activities should be planned and
coordinated
64
Audit Types
After certification, Authority should check-up on Service
Provider periodically using surveillance audits to verify
service providers are still upholding national requirements.
Surveillance audits are very much like certification audits, with
the exception that they are not issuing or re-issuing a
certificate. These are typically conducted by DCA inspectors
annually.
65
Audit Types
Based on the scope of the audit, they are generally divided into
three groups:
1. System Audits
2. Process Audits
3. Product Audits
Where:
System Audit focuses on the organization’s management
system as a whole, and compares the planning activities and
broad system requirements to ensure that each clause or
requirement has been implemented. Typical are the audits of
SMS.
66 © 2022 Copyright Fly 88, s.r.o.
66
22
Audit Types
Process Audit is an in-depth analysis which verifies that the
processes comprising the management system are performing
and producing in accordance with desired outcomes. The
process audit also identifies any opportunities for improvement
and possible corrective actions. Process audits are used to
concentrate on any special, vulnerable, new or high-risk
processes. Typical is the case of introduction of DG operations.
67
Audit Types
Product Audit may be a series of audits, at appropriate stages
of design, production and delivery to verify conformity to any
specified product requirements, such as dimensions,
functionality, packaging and labeling, at a defined frequency.
Such audits are performed not only within Airworthiness or
Aerodrome regulations but also in approval of 83bis
operations.
68
69
23
Applied exercise
• Define typical risk profile of:
• Regional airlines
• Maintenance organization with Part 145 and Part 21 approval
• Ground handling company with 6 airports domestic and 2
international
• Airport with no LVO, one RWY, 300,000 pax per year, international
70
71
72
24
Workload planning and preparation of
the audit team / tasks assignment
Normally, auditors participates in following regular activities:
a) Initial Certification or Renewal certification or
Approval/Acceptance of process / service provider
b) On-site inspections and audits of operating procedures;
c) Remote inspections and audits
d) Review of self-audits / self-evaluations performed by the
service providers / vendors
e) Initial / recurrent trainings and evaluations
f) Participation in safety/quality/ERP events by service
providers
73
74
75
25
Workload planning and preparation of
the audit team / tasks assignment
Documentation of the workload:
– Should be included in the organizations manual
– Should include basic rules for planning, e.g.:
– Normal duration of the audits (manhours should be
adjusted to days in case of audits outside of HQ)
– Standard schedule of audits during the day
– Reporting to Lead auditor
– Travelling and logistics rules should comply with the
organization's internal procedures
– Changes in audit timing is performed only by Lead auditor
76
77
Applied exercise
• Define three criteria based on which should appointed
auditor to perform specific audit
• Work inindividually
• Defend your work
Time: 5 minutes
78 © 2022 Copyright Fly 88, s.r.o.
78
26
Evaluation of service
provider’s
documentation &
records
79
80
81
27
Evaluation of service provider’s
documentation & records
• In a real situation:
• It will not always be possible to receive documents prior to an Audit; so
in many cases the auditor will be required to review documents in the
early stages of the on-site visit.
• This obviously leads to a certain degree of inefficiency because of the
on-site time needed for this review.
82
• Documentation may be displayed via electronic or paper media, and may serve
various purposes (e.g. communicating, presenting processes and procedures,
proving conformity, knowledge sharing).
83
• There are many examples of records, however a few common examples include:
a) Reports, (e.g. safety reports, occurrence reports, audit reports, service difficulty
reports);
84
28
Evaluation of service provider’s
documentation & records
• Documentation and Records – Definitions:
Records/2:
e) Rosters and schedules, (e.g flight crew rosters, flight schedules, audit schedules,
maintenance schedules);
g) Records from activities, (e.g. maintenance records, modifications, pilot training &
checking, inspections, LOSA observation records).
Note:
Templates, forms and other documents that are blanks do not constitute a record,
they do not demonstrate that a requirement is active, and does not support the
assessment of implementation.
85
86
87
29
Evaluation of service provider’s
documentation & records
Working with records:
In no records exists because activity is new or never applied
(for example, emergency response or abnormal situations, or the
confidential safety reporting system, when the system has not been used)
88
89
90
30
Evaluation of service provider’s
documentation & records
Working with records – Continued effectiveness:
• For some audits, a number of Mandatory Observations must
be completed and they often contains requirements to verify
records, e.g,:
MO-7-MNT AD/SB Management:
• Direct examination of engineering/planning processes,
documentation, records; interviews of personnel
91
Applied exercise
• Define auditors actions to be taken to verify compliance
with requirement;
• “Safety review Board meeting shall be performed at least
quarterly with presence of all nominated postholders and
relevant safety personnel.”
• Work individually
• Defend your work
Time: 10 minutes
92 © 2022 Copyright Fly 88, s.r.o.
92
Other Evidence of
Conformity
93
31
Other Evidence of Conformity
Evidence:
• The auditor needs to secure sufficient factual or objective
evidence, derived from all available sources of evidence,
information, documentation and activities assessed during
an Audit, to determine that the Auditee is in conformity with
the ISARP or not.
• Conversely, conformity or non-conformity must never be
based on subjective evidence or opinion.
94
95
96
32
Other Evidence of Conformity
BUT: Not all evidence is objective or factual. Auditors must
exercise healthy skepticism and professional judgment when
evaluating information derived from:
(a) individuals that might be operationally uninformed, misinformed or not
fully aware of all audit requirements;
(b) representatives of the auditee who may be attempting to influence the
objectivity of the auditor;
and/or
(c) sources that could have negative intentions designed specifically to
mislead, hinder or prejudice the auditor.
97
98
99
33
Other Evidence of Conformity
Interviews must:
• be of operational personnel, frontline managers and supervisors; and
• cover all levels of the organization (from the Accountable
Manager/Executive/CEO down to the staff on the workshop floor) and
across the operational functions or departments of the operator.
Interviews must not:
• be focused only on the quality department staff, one manager, staff that
compiled the internal auditing against the ISARPs, nor staff/managers from
an external Service Provider. However, the internal auditors should be
encouraged to attend the interviews for professional development, assist in
standardization of interpretation, and to address questions in the
verification of the internal audit results against the checklist questions
100
101
102
34
Other Evidence of Conformity
Observations:
Observing and assessing facilities and/or actual operations
during an audit is required for the evaluation of evidence and
determining of conformity or nonconformity with standards, in
terms of being implemented by the operator.
103
104
105
35
Opening Meeting
106
Opening meeting
• Every audit must be started with a formal opening meeting.
• The opening meeting is conducted by the designated Lead
Auditor and should include the audit team members, unless
logistically not possible, and representatives of the auditee.
• Ideally, auditees representatives include members of senior
management, however it is at their discretion to nominate
participants for the opening as well as the closing meetings.
Attendance needs to be recorded.
107
Opening meeting
Typical agenda:
1) introduction of members of the Audit Team and
representatives of the auditee;
2) roles and responsibilities of the Audit Team and the auditee;
3) exchange of contact information and lines of
communication during the Audit;
4) Audit objective, scope and application:
5) planned schedule of all Audit activities, including the closing
meeting;
6) methods and procedures used to conduct the Audit;
108 © 2022 Copyright Fly 88, s.r.o.
108
36
Opening meeting
Typical agenda:
7) criteria for establishing conformity with standards;
8) administrative arrangements and facilities to be used during
the Audit;
9) arrangements for travel to, and security/ramp passes for,
various Audit venues;
10)arrangements for observations of operational activities;
11)language to be used during the Audit;
12)method of keeping the auditee informed of Audit progress;
109
Opening meeting
Typical agenda:
13)method of reporting findings or observations to the auditee;
14)confidentiality of the audit;
15)safety, security, quarantine or emergency procedures
applicable to the Audit Team;
16)availability and roles of guides or escorts during the Audit;
17)miscellaneous
110
Applied exercise
• Work in pairs
• Defend your opinion
Time: 10 min
111 © 2022 Copyright Fly 88, s.r.o.
111
37
Assessment of Conformity
112
Assessment of Conformity
Evidence of documentation of the process:
• Auditor must find information that addresses the
requirements as specified in the applicable standard(s)
published in a controlled document, such as a manual,
handbook or other similar publication, that comprises
content approved by the operator, and where applicable the
Authority;
• The wording of standard must not to be copied verbatim into
the operator's manuals and/or controlled manuals as a mean
to conform to it’s provision. Instead, the real matters shall be
described for the purpose of conformity to the standard's
provision.
113 © 2022 Copyright Fly 88, s.r.o.
113
Assessment of Conformity
Evidence of documentation of the process:
• Shall be based specifically on whether the provision requires
a system, plan, policy, process or procedure. For example: if
standard states that a process is required, then the auditor
must assess the documentation to see that a process has
been documented.
• It is often an incorrect assessment is made due to the
misunderstanding of these terms.
114
38
Assessment of Conformity
Evidence of documentation of the process:
• A controlled document must have associated processes for
the positive control of content, revision, publication,
distribution, availability and retention, what ensures
appropriate operational personnel always have access to the
current version of the document;
115
Assessment of Conformity
Evidence of documentation of the process:
• Controlled documents are always under the control of the
operator and not another entity;
• Manuals of the DCA are not acceptable for evidence of
documentation.
• Manuals produced by external companies for the operator,
such as navigation manuals, and the manuals produced by
the manufacturer of the aircraft/components can be used for
evidence of documentation.
• Auditor shall ensure that these manuals/documents are
controlled for the latest version/revision.
116 © 2022 Copyright Fly 88, s.r.o.
116
Assessment of Conformity
Assessment of documentation:
1. Identify the manuals and/or other document(s) that contain
the information to address the specification(s) in the
particular standard – it must be contained in a controlled
document
2. The documentation must be under the direct or indirect
control of the operator, not the rulemaker
3. Paper or electronic forms of documentation are both
acceptable, as long as the memory medium meets the
criteria for a controlled document and is traceable
117
39
Assessment of Conformity
Assessment of documentation:
4. The manuals and/or documents being assessed shall be
available for use by all the staff, crews and/or external
service providers (if applicable) involved
5. Confirming that the process, procedure, etc., is documented
and sufficient
6. The content of a document must be written in a language,
style and format that clearly and accurately represents
specification(s), and will be understood by relevant
operational personnel.
118
Assessment of Conformity
Assessment of documentation:
7. Documentary references are not necessarily required to be
listed individually for each sub requirement. However, all
requirements (including sub-requirements) of the standard
must be traceable from the documentary reference(s)
8. The references for documents or manuals must include a
title, edition or revision number, and/or a date of issue, or
other means of recording traceability of the information
9. When a standard is applicable to multiple fleets, then there
must be a document reference applicable to each of the
fleets utilized
119
Assessment of Conformity
Assessment of documentation:
10. Auditor shall record either the full document name,
abbreviation or acronym listed in the Document Reference,
followed by detailed subreferences (e.g. chapter, section,
sub-section number) as applicable to the documented
format and the ISARP specification. (For example: “OMA
Chapt 2.5.3 vi)
11. Documents such as meeting minutes, bulletins, records,
plans, checklists, etc., generally cannot be used as
documentation references unless those documents fulfill all
the document control requirements.
120
40
Assessment of Conformity
Assessment of documentation:
12. Documents of a temporary or transitory nature, or records,
(e.g. letters, email, memos, flyers, posters, MS PowerPoint
presentations), are not acceptable as sources of controlled
documentation, unless the information has been
reproduced and included as part of the content in a
controlled document.
13. If the standard covers a broad range of procedures and
there are document references within the majority of the
sections of a manual, a generalized reference may be used,
i.e. a phrase such as “CAME – complete document” or
“OMA – all sections”.
121 © 2022 Copyright Fly 88, s.r.o.
121
Assessment of Conformity
Assessment of implementation:
• Determine that the requirements as specified in the
applicable IOSA specifications have been established,
activated, integrated, incorporated, deployed, installed,
maintained and/or made available, as part of the operational
system:
• as a part of the operator's organization or operations, or;
• as a contracted or outsourced operational function.
122
Assessment of Conformity
Assessment of implementation:
1. In assessing implementation, the auditor must be familiar
with the content of the auditee’s documentation
2. Provision(s) of requirement must be effectively implemented
in a manner consistent with the way the requirement is
documented (write what you do, do what you write)
3. Based on auditor judgement following, thorough
observations, interviews and reviews of records (among
other audit techniques). Evidence must then be identified to
confirm that the specification(s) is/are being used on a daily
basis by the personnel concerned, in accordance with the
documented requirement
123 © 2022 Copyright Fly 88, s.r.o.
123
41
Assessment of Conformity
Assessment of implementation:
4. Evidence must then be identified to confirm that the
specification(s) is/are being used on a daily basis by the
personnel concerned, in accordance with the documented
requirement
5. Assessment of implementation should be conducted
following the assessment that the requirement(s) is/are
documented
6. Requirements are subject to monitoring to ensure desired
outcomes are achieved
124
Assessment of Conformity
Assessment of implementation:
7. Auditor Actions provide specific information on the actions
that would normally be used to confirm implementation
8. Specific Observations may be prescribed to provide
activities that would contribute in the assessment to confirm
implementation
125
Assessment of Conformity
Not applicable requirements:
• “When making a determination as to the applicability of
individual requirements, it is important to take into account
operations that are conducted within stations and locations
throughout the operator's network”.
• Only when a specific standard is determined to be not
applicable across the whole network, it is not audited and
recorded as N/A
126
42
Assessment of Conformity
Not applicable requirements for outsourced functions:
• Functions currently outsourced cannot be recorded as N/A,
but must be audited through the oversight program of
outsourced functions.
• Standards related to the outsourced functions can only be
recorded as N/A when it has been confirmed that the
specifications do not apply to the processes anywhere within
the organization, or throughout its operational system.
127
Assessment of Conformity
Conditions for N/A Assessments:
1. Can only be used if the process, function, equipment
requirement, etc., is completely inactive, or does not apply
to any part of the operator's system
2. Descriptions for N/A assessments must be clear, complete
and not contradict other assessments
3. Sub-specifications not applicable (usually referred to as
mini N/As) must be independently assessed as N/A,
irrespective of whether the standard is in conformity or not.
128
Assessment of Conformity
Conditions for N/A Assessments:
4. An N/A assessment cannot be used for active outsourced
functions
5. N/A assessments are not required when a sub-specification
is contained in a Table; or a sub-specification is separated
by an ‘or’
129
43
Applied exercise
• Work in groups
• Do not forget to use proper references to the documentation
130
Non-conformities
131
Non-conformities
A determination of conformity or non-conformity must always
be based on the analysis of appropriate factual or objective
evidence collected by the auditors.
• Within IOSA:
• if the nonconformity is due to a deficiency in documentation, then the
assessment is ‘Not Documented’.
• If the nonconformity is due to the requirements not being implemented
in practice, then the assessment is ‘Not Implemented’.
• The final assessment for a nonconformity may be ‘Not Documented Not
Implemented’, ‘Implemented, Not Documented’ or ‘Documented, Not
Implemented’.
132
44
Non-conformities
Within MNA QMS, nonconformity is presented as:
Non-satisfactory
• A nonconformity with a standard results in a Finding; a
nonconformity with a Recommended Practice results in an
Observation.
• A Finding or Observation will be generated only when the
auditor has not been able to obtain the required objective
and factual evidence needed to assess conformity with the
standard.
• All factual evidence that supports a determination of
nonconformity must be recorded on the checklist.
133 © 2022 Copyright Fly 88, s.r.o.
133
Non-conformities
• Before being finalized, evidence or lack of evidence leading
to each Finding and Observation must have been discussed
and agreed upon by the Audit Team.
• Ideally, all Audit Team members and the auditee should have
an awareness of all Findings and Observations prior to the
Closing Meeting.
134
Non-conformities
Description of a non-conformity:
• Description of the non-conformity, i.e. the narrative needs to
define the deviation from the standard and/or documented
processes/procedures in a factual, clear and effective
manner
• Auditors can test the clarity and completeness of their
evidence descriptions by stepping back, looking at the
description though the eyes of the Auditee and asking
themselves – is it clear what type and extent of corrective
actions will be needed?
135
45
Non-conformities
Description of a non-conformity – what NOT TO DO:
• Broad generalization using words such as “incompletely”,
“insufficiently”, “not fully”, etc., must not be used.
• First person or personal terms such as: “I confirmed that”,
“we consider”, “we are of the opinion that” are subjective and
must also not be used for factual evidence
• Information gained from one interview alone will generally
not be enough to verify evidence of implementation; such an
assessment must be supported by other sources of
evidence.
136
Non-conformities
Non-Conformity Classification:
Safety hazard
A ‘safety hazard’ classification is any condition, event or
circumstance based on factual evidence, which could induce
risk of an accident or incident. It directly affects operational
safety or airworthiness of aeroplanes. Safety hazards must be
eliminated (or avoided) immediately.
137
Non-conformities
Non-Conformity Classification:
Level 1 finding
A level 1 finding is any significant non-compliance with
standards, and it must be corrected before next flight. It shows
non-compliance with requirements which lowers the safety
standard and hazards seriously the flight safety. If it is not flight
critical, the final corrective action may be taken with an
implementation date of a maximum of 10 days from the closing
meeting
138
46
Non-conformities
Non-Conformity Classification:
Level 2 finding
A level 2 finding requires a planned action with an
implementation date within a maximum of 1 month from the
closing meeting. If the responsible department requests, a
maximum of 1 additional month implementation period may be
allowed by Director of Quality (Corporate).
139
Non-conformities
Non-Conformity Classification:
Level 3 finding
Level 3 finding requires a planned action with an
implementation date within a maximum 3 months from the
closing meeting. If the responsible department requests, a
maximum of 3 additional month implementation period may be
allowed by Director of Quality (Corporate).
140
Non-conformities
Non-Conformity Classification:
Observation
Observations do not represent non-compliance, but
observations are intended to give information in order to
improve process/procedure effectiveness and quality standard.
Observations do not require a planned corrective actions.
141
47
Non-conformities
Non-Conformity records:
• After completing audit, auditor shall enter non-conformity
into Q-Pulse Software. A non-conformity report (CAPA
record) is notified to responsible manager via email
generated Q-Pulse Software for Internal Audit.
142
Non-conformities
Closing Meeting:
• At the end of an audit, prior to preparing the preliminary
audit report, the audit team will hold a closing meeting with
the auditees. The main purpose of this meeting is to present
audit preliminary results to the auditee in such a manner so
as to ensure that they clearly understand them.
143
Non-conformities
Closing Meeting:
Non-conformities shall be agreed by all parties at this meeting
by:
• Summarizing audit results and present them appropriately to
the auditee management,
• Discussing corrective actions preliminary proposed by
concerned Managers and Team Leaders,
• Re-defining corrective action time limits, if necessary,
• Agreement about distribution of preliminary audit report and
outline the use of the CAPA to concerned Managers.
144
48
Applied exercise
• Work individually
145
146
147
49
Progress check
Where are we now?
• Review the Module objectives
• How confident do you feel in reaching these objectives?
• What are the main takeaways from this module?
• Do you have any questions, concerns?
148
Questions?
149
50