IS-BAO Auditor Newsletter – February 2013
The 2013 edition of all IS-BAO documents are now available. You may obtain these documents by opening the IS-BAO Home Page, signing in at the upper left-hand corner of the page and following download instructions. If you haven’t yet received your user name and password, complete and return the IS-BAO Amendment Information Form. You may also use this form to order paper copies of the documents.
The revised standards and protocols may be used at the operator’s option until 1 July 2013 when their use becomes mandatory.
Auditors should carefully review changes to the Standard, Protocols and Audit Procedures Manual. This may best be accomplished by reading the IS-BAO and Audit Procedures Manual Covering Letters (available at the respective download sites) to understand the changes incorporated into those documents. Also, note the extensive expansion of protocol elements to provide additional detail in determining whether an operator fully conforms to the standard.
Shortchanging the Client
In a number of recent stage 2 audits, operators have been unable to progress to that level due to a lack of performance in certain aspects of the SMS and allied portions of the standards. Examples:
- No records of a compliance monitoring (internal evaluation) program
- Little or no evidence of a change management program
- Internal evaluation and hazard mitigation results not fed back into the SMS and company procedures to ensure continuous improvement of those programs
- Few safety communications resulting from SMS activities provided to operator personnel
- A significant number of these and others resulted from requirements for those features not being stated or implemented during or after the previous audit. While this is the operator’s responsibility, failure to note and comment on these deficiencies is also the responsibility of the auditor conducting the initial audit.
Failure to provide a complete and thorough stage 1 audit is essential to successful subsequent audits. Stage 1 auditors have a significant responsibility in ensuring that all standards and processes are fully stated and implemented by the operator. If not, they are setting up the operator for a substandard or even unacceptable subsequent audit.
When an auditor performs an audit, there is a tendency to spend a great deal of time with management personnel – flight department manager, chief pilot, director of maintenance, safety officer – because these are the people most responsible for the program. They should have the most knowledge of how the IS-BAO program and SMS work and how they are being embraced by flight department personnel. Importantly, these are the people with whom the responsibility for the program’s success rests.
But, because of managers’ remit to ensure program success, they may not have the most complete view of how the entire organization views and understands it. This is not to say that management personnel may have a biased view of the program in ensuring its success, but it is probably wise to confirm management’s views by interviewing non-supervisory personnel too.
When interviewing the rank-and-file, look for basic understanding, appreciation for and participation in the SMS and IS-BAO standards. Insights regarding the interviewee’s conformance to written processes and procedures should provide a valuable bottom-up view of the entire organization.
Ideally, the “upstairs” and “downstairs” views of the programs coincide. And, put each interviewee’s name on page two of the audit report form.
The Role of Management in SMS
Findings relating to significant or a number of SMS deficiencies usually cite individual segments of the standard relating a lack of hazard identification, risk assessment/mitigation, safety performance monitoring and measurement, etc. But, for serious omissions, lack of performance or multiple standards deficiencies, little is ever mentioned regarding management’s commitment and responsibilities.
The operator’s managers and reporting seniors have supposedly made a commitment to the SMS and have accountabilities regarding the program. … The organization shall also identify the accountabilities of all members of management, irrespective of other functions, as well as of employees, with respect to safety performance of the SMS… (3.2.1.b.)
While it is up to the auditor’s judgment, reminding management of their responsibilities to the program via a stated non-conformity with standard 3.2.1 may provide a wake-up call to those in charge and go to the root cause of deficiencies.
How Many is Enough?
“The operator encountered – choose one: no/few/no significant – hazards since the previous audit…” Is this possible? Is this cause for rejecting the audit? Or, does the department have uncommonly good luck?
While it is possible to encounter few hazards, the concept of “significant hazards” raises the question, when is a hazard not sufficiently significant to warrant a report and require mitigation? While it may be overly simplistic, a hazard is hazard and should be reported: it is up to the reviewer(s) to decide the degree and rapidity of mitigation.
How about no hazards encountered? It beggars belief that absolutely, positively no hazards have been encountered in what is nominally a two-year period of active aircraft operations. While anything is possible, the degree of probability is stretched thin in this case. Similarly, the comment “We handle hazards on the spot and don’t have to report them” essentially makes the SMS program useless since the process of investigation, mitigation and feedback into the SMS to ensure constant improvement and safety communication is effectively cancelled.
The point is that the sheer numbers of hazard reports do not indicate a good or bad SMS. But, a flight department with few or none may not be trying hard enough to recognize what constitutes a hazard. If this is the case, other aspects of the program will likely be lacking as well. This is just one indicator, although significant, of a potentially larger problem within the organization.
Support Services Provider’s Policy
Over the past three years, the IS-BAO Program has pursued measures to upgrade the quality and performance of its standards, audit procedures, auditors, and internal administrative functions. A series of revisions to the standards, audit procedures and policies have been instituted to accomplish these goals. The final item to receive our attention is the Support Services Affiliate/Provider (SSA).
The new SSA qualifying requirements may be found in IS-BAO Policy 2012-04. We ask that all existing SSAs listed on the IS-BAO Implementation Support page to comply with the new requirements as soon as possible but not later than 15 March 2013. If existing providers have not complied with the new policy by that time, their names will be removed from the list.
Operators either implementing IS-BAO or wishing to upgrade their SMS often ask about the availability of examples of items that will help them get started or enhance what they already have. Log into the IS-BAO Downloads section of https://www.sky.ibac.org/is_bao and download the SMS Toolkit Files segment. This contains a wealth of information, especially for SMS issues. Among the tools contained in this section:
- Operational Risk Analysis
- Compliance Monitoring
- Cultural Assessment
- Hazard Identification
- Risk Analysis Guidelines
- SMS Evaluation
- Safety Policies
…and many more.
Knowing about the existence and content of these items will give auditors a view of what is available, and useful, for operators.
Bits and Pieces
- Be aware that IBAC publishes an annual IBAC Business Aviation Safety Brief covering many aspects of the subject that should be of interest to auditors and operations alike. The 2012 edition contains a special review of landing accidents.
- Please complete and submit audit reports promptly to provide the operator with proof of conformance to IS-BAO and SMS standards. Delaying submission of reports following an audit may place an operator in the uncomfortable position of having verify ICAO Annex 6, Part II standards during a ramp check by a means other than an IS-BAO certificate. Besides, operators are anxious to know whether their company was registered or re-registered.
- Beginning 1 January 2013 the expiration of an auditor’s accreditation will be the end of the 24th month following the reaccreditation workshop.
- Employees of interest for interview purposes not present during the on-site phase of the audit may be interviewed via telephone with almost the same effect and impact as an in-person interview. Don’t hesitate to interview missing employees by telephone.
- Please complete all portions of the protocols, leaving no item unanswered by a Y/N or N/A. N/A responses may require an explanation as well.
The following open-book questions are designed to keep you current on the standards and audit procedures. Don’t send us the answers; this is just for you. Hint: use 2013 documents.
1. Under IFR, a takeoff alternate aerodrome/heliport shall be selected and specified in the flight plan if:
a. the weather conditions at the aerodrome/heliport of departure are at or below the applicable operating minima
b. it would not be possible to return to the point of departure for other reasons
c. a takeoff alternate is not required
d. both a) and b) above
2. Personnel who have a role in the emergency response plan should be trained in their role and the plan ______ be exercised periodically in order to test its integrity.
c. should be encouraged to
d. not a valid statement
3. When conducting stage two or three audits the evaluation of the effectiveness of the SMS will be considered the primary focus for the audit. However, at least ___% of the protocols for each chapter must be assessed to substantiate that the operator is in conformity with the requirements of the IS-BAO.
d. No percentage has been established.
4. For an operator progressing from stage 1 to stage 2, which of the following would make it difficult for an auditor to recommend stage 2?
a. Inconsistencies in adherence to operational, maintenance or safety management procedures, including during periods of change; and
b. Feedback from hazard reports, safety committees, audits or risk assessments is either not being obtained, or not being employed to update operator programs, procedures and the risk profile, or to improve the related mitigation (e.g. procedures, training, equipment, etc.).
c. Both a) and b)
d. Neither a) or b)
To confirm your expertise, see the bottom of the page for the references.
Be a discerning and insightful auditor,
IBAC Audit Manager
— see —
APM Appendix C