Regulations, standards and contracts define what need to be audited and in what timeframe (e.g. in 1
or 2 years). Consequently scheduled audits, internal and external, are performed in repeating (e.g.
yearly or bi-yearly) auditing cycles, usually (directly or indirectly) approved by the applicable National
Aviation Authority (NAA).
Frequency of scheduled audits might be increased due to in service experience, recent safety reports
and previous audit finding or combined with unscheduled audits, usually focused only on the
problematic part of scheduled audit. Based on risk assessment, frequency of scheduled audits might
also be reduced, but usually in combination with some kind of desktop audits or updating
questionnaires in between, to maintain the contact. Frequency of external service providers audits
may vary even inside the same type of provider due to different scope (e.g. line and/or base
maintenance) and/or size (e.g. one weekly or 20 wet lease flights daily) of supplied service resulting in
different impact/influence on our operations and safety aspects in particular.
ELEMENTS OF AUDIT PLANNING
Audit Cycle Plan
is the initial point for strategic planning of all internal and external audits. This Audit
Cycle Plan (usually prepared by the Compliance Manager and approved by the Accountable Manager)
is also a part of a controlled company safety documentation, separately or indirectly (as a part of
related documents approval) approved by National Aviation Authority.
Audit Cycle Plan covers one audit cycle (e.g. 1 or 2 years), at the beginning as a planning document
and later as the cover auditing record. Actually it is a list of all scheduled audits
, which need to be
performed inside one audit cycle. It contains information about what (defined by the name of the audit)
and who (defined by organizational unit / process / organization and related Lead Auditee) need to be
audited, duration of the audit (by audit days / hours and when approximately (e.g. in which month) the
audit shall be performed. Who will perform the audit (names of Lead Auditor and Auditors) is defined in
the operational version of the approved Audit Cycle Plan.
Some companies prefer frequent small (e.g. 1 audit day) audits, while others prefer broad audits which
takes several days at once. Broad audits are usually preferred by big companies due to scheduling
and logistic reasons. Audit Cycle Plan is the source for operational planning of all there listed
scheduled audits, usually periodically (e.g. monthly) performed by the administrator.
is the initial point for operational planning of each audit. In addition to data contained in the
approved Audit Cycle Plan, it contains information about actual audit start/end time and location, audit
scope(s) and the list of all audit Items
which need to be checked during the audit.
is also part of the Audit Plan, identifying Lead Auditor and usually one or more Scope
Auditors. Smaller companies are fond of “one man band” audit teams, however Audit Team with at
least two members, Lead Auditor and one Scope Auditor, were found in practice as a more effective
way to conduct audits. Rotating auditors' roles (lead auditor - scope auditor) during 3 audit cycles is
considered as good industry practice and therefore three members Audit Teams are ideal for such
purpose. Starting as new in the team in cycle 1, the auditor will be already familiar with the audited
organization or unit in cycle 2, very knowledgeable in cycle 3 and removed before cycle 4 to avoid
While rotating auditors' roles is optional, auditor’s independence is mandatory and shall be established
by ensuring that audits are carried out by personnel not responsible for the function, procedure or
products being audited. It is also mandatory that all audits are performed under the responsibility of
the Compliance Manager. (When internal staff has been engaged in the audit management process,
all audits and findings reports should be forwarded to the Compliance Manager and not to theirs
Lead Auditor & Scope Auditors
shall be planned i.a.w. their endorsements or capabilities, meaning
for audits from the audit area of their competences, resulting from their background, knowledge, skills
and experience. Audit areas might be structured per related regulations (e.g. Continuing Airworthiness
/ Maintenance, Air Operations, Air Crew) and/or standard sections (e.g. ORG, FLT, CAB, DSP, MNT,
GRH, CGO). Auditors shall fulfill initial / continuous qualification & training requirements (covering
auditing techniques and applicable regulations / standards). Related to auditing experience, every
auditor shall accumulate a certain number of audit days per audit cycle to be considered current. Also,
one of audits per audit cycle shall be performed under supervision of evaluator and formally managed
and recorded as auditor’s assessment or evaluation.
All above elements shall be taken into account and defined before the audit is announced, soon
enough, to the Auditee and Audit Team. Soon enough in practice means before the Auditee plans are
made; e.g. if the Auditee and his/her team members are crew members planned on a monthly basis
and plan inputs shall be received the latest till the middle of the previous month, we need to announce
the audit 3-7 weeks earlier. It was found as a good practice to inform crew scheduling dept about the
auditing needs (who to be present on the audit from auditor’s and auditee’s side and for how many
days/hours) and they respond by the most optimal dates in possible audit period defined in Audit Cycle
Some NAAs allow some audit performance flexibility (due to operational reasons) by allowing some
deviations in advance (e.g. audit might be performed also a month before or a month after the month
stated in the approved Audit Cycle Plan) without notifying them, some NAAs don’t. I see this as a
result of how trustful the relation between NAA and the Company is. Therefore I suggest you consider
open and honest communication with your NAA as long term investment. Finally you share the same
goal and common goals are easier to reach by partnership.
Aviation Safety and Compliance Professional