Auditing Techniques for aviation

Auditing Techniques for
Aviation

Course Topics

The course is divided into 4 Modules;

Overview of Auditing – Definitions and Principles
Audit Planning
Audit Execution
Corrective Action & Audit Follow ups

NB: The course schedule has been shared with you as a
timetable in a separate sheet.

Overview of Auditing M1S2

Course Objectives

• Introduce the participants to the overview of auditing.

• Enable the participants to prepare an audit plan following
the guidelines provided in ISO 19011.

• Enable the participants to prepare an audit report after
conducting an audit following the guidelines provided in ISO
19011.

• Enable the participants to develop a corrective action plan
following the guidelines provided in ISO 19011.

• Give participants insight on how to do audit follow up and
perform audit closure.

Overview of Auditing M1S3

MODULE 1

OVERVIEW OF AUDITING

Module Objective

At the end of this module you will be able to:
• Explain the common audit terminologies used;
• Identify the objectives of auditing
• Explain the 6 auditing principles

Overview of Auditing M1S5

Background of Auditing

• Auditing is as old as accounting

• Mainly used in accounting and within financial institutions;

• However increased momentum occurred after WW2 due to
advancement in military procurements & a boom in
construction (rebuilding of bombed out cities);

• Standards had to be set within the scope of security, safety,
performance and environmental concerns;

• In 1947 International Organization for Standardization was
founded to promote worldwide industrial and commercial
standards.

Overview of Auditing M1S6

Audit Terminologies • Auditor
• Audit team
• Audit • Audit scope
• Audit criteria • Audit plan
• Audit evidence • Conformity
• Audit findings • Nonconformity
• Audit conclusion • Management system
• Audit client
• Auditee

Ref: Handout H1.1 M1S7

Overview of Auditing

Importance of Audit M1S8

Why Audit?

• Adequacy
• Compliance
• Effectiveness
• Efficiency
….of the management system

AIM of Audit = Fact finding NOT Fault finding

Overview of Auditing

ISO 9001:2015

9.2.1 The organization shall conduct internal audits at
planned intervals to provide information on whether the
quality management system:

a) conforms to:

• the organization’s own requirements for its quality management
system;

• the requirements of this International Standard;

• b) is effectively implemented and maintained.

Overview of Auditing M1S9

Audit Objectives

• To identify improvements opportunities, risks and non
conformities

• Support staff to deliver their goals and objectives

• Measure performance of the business processes (efficiency,
effectiveness and conformance).

• Assess conformance with customer requirements, internal
and external rules and regulations).

• Facilitate the process of identifying and sharing best
practice.

Overview of Auditing M1S10

Classification of Audits

• Audits can be classified as:

• Audit by focus
• Audit by parties

Overview of Auditing M1S11

1. Audits based on Focus

Product Audit

Process Audit

System audit

• It can either be combined or joint Combined audit: when two or
more MS are audited together e.g. QMS and EMS

• Joint audit: when two or more auditing organizations cooperate to
audit a single auditee

Overview of Auditing M1S12

2. Audit based on Parties

• 1st Party Audit (Internal audits)

• Conducted by, or on behalf of, the organization on its own QMS
according to a set quality standard

• Forms basis of self declaration

• 2nd Party Audit (Supplier Audits)

• Conducted by, or on behalf of, parties having an interest in the
organization.

• The organization audits the QMS of a supplier

• 3rd Party Audit (Certification Audits)

• Conducted by an external independent institution in order to
certify/register the QMS

Overview of Auditing M1S13

Dimensions of Auditing

• There are three dimensions of Auditing

• Intent

• May be done on or off site
• This is done to verify the intent of the QMS
• Describes how the organization intents to implement the QMS
• Shows how the QMS is documented

• Implementation

• Is performed on site
• Does the implementation of the QMS reflect the intent reflected in the

design e.g routine conformance audit done within a defined cycle

• Effectiveness

• Is performed on site
• Is the system operating in an effective manner (does it meet the

parameters established by the intent) e.g Special purpose (event driven)
audit done after an accident/incident or no-notice audits

Overview of Auditing M1S14

Audit vs Inspection

• An inspection is a critical examination usually following a
predefined checklist, and with a defined frequency (daily,
weekly, monthly, bimonthly, etc.) in order to verify
compliance of a particular unit, work environment, process
or a product to a given standard or regulation.

• An audit is a tool to assess compliance against an existing
written Management System, Standard, Regulation and/or
Process; in order to verify documentation, implementation
and effectiveness. It is an end to end in depth review of a
process or system and is performed less frequently. E.g.
annually or every 2 yrs.

Summary: Inspection is most often associated with inspecting
a product or a service to make sure it is right, and an audit is
most often associated with a higher-level review of the whole
system to ensure overall compliance.

Overview of Auditing M1S15

Audit vs Inspection Regulatory Inspections

Regulatory Audits

Apply to the overall arrangements, or Apply to particular ANS service or
elements thereof, of the ANS processes specific parts of the ANS system.
or services.

Verify compliance of: Verify by testing and/or examination
- Documented provisions and other whether prescriptive safety regulatory
established arrangements against safety requirements/standards have effectively
regulatory requirements/standards, been complied with.
ICAO
SARPs, CAA rules/regulations (KCARs);
- Actual operational practices against
documented procedures and other
established arrangements.

Overview of Auditing M1S8

PPT 1.17

Audit Vs Inspection (Cont.)

Regulatory Audits Regulatory Inspections

Focus special attention on processes with Focus normally on a particular element of

wider scope. ANS system with smaller scope.

Represent prime safety oversight May serve as an oversight technique
technique. supplementary to audits.

Usually conducted by a team of auditors May be conducted by one inspector in
in accordance with more comprehensive accordance with simpler procedures.
procedures.

Overview of Auditing M1S9

Typical Audit Process M1S18 18

1 •Initiate the Audit
•Prepare Audit Activities

2

3 •Conduct Audit Activities
4 •Prepare and Distribute Audit Report
5 •Complete the Audit
6 •Conduct Audit Follow up

Overview of Auditing

Auditing Principles

Diagram

Overview of Auditing M1S19

Integrity:

• the foundation of professionalism

• Auditors and the person managing an audit programme
should:
• perform their work with honesty, diligence, and
responsibility;
• observe and comply with any applicable legal
requirements;
• demonstrate their competence while performing their
work;
• perform their work in an impartial manner, i.e. remain fair
and unbiased in all their dealings;
• be sensitive to any influences that may be exerted on
their judgement while carrying out an audit.

Overview of Auditing M1S20

Fair presentation:

• the obligation to report truthfully and accurately
• Audit findings, audit conclusions and audit reports
should reflect truthfully and accurately the audit
activities.
• Significant obstacles encountered during the audit and
unresolved diverging opinions between the audit team
and the auditee should be reported.
• The communication should be truthful, accurate,
objective, timely, clear and complete.

Overview of Auditing M1S21

Due professional care:

• the application of diligence and judgement in auditing
• Auditors should exercise due care in accordance with the
importance of the task they perform and the confidence
placed in them by the audit client and other interested
parties.
• An important factor in carrying out their work with due
professional care is having the ability to make reasoned
judgements in all audit situations.

Overview of Auditing M1S22

Confidentiality:

• security of information
• Auditors should exercise discretion in the use and
protection of information acquired in the course of their
duties.
• Audit information should not be used inappropriately for
personal gain by the auditor or the audit client, or in a
manner detrimental to the legitimate interests of the
auditee.
• This concept includes the proper handling of sensitive or
confidential information.

Overview of Auditing M1S23

Independence:

• the basis for the impartiality of the audit and objectivity of
the audit conclusions

• Auditors should be independent of the activity being audited
wherever practicable, and should in all cases act in a manner
that is free from bias and conflict of interest.

• For internal audits, auditors should be independent from the
operating managers of the function being audited.

• Auditors should maintain objectivity throughout the audit
process to ensure that the audit findings and conclusions are
based only on the audit evidence.

Overview of Auditing M1S24

Evidence-based approach:

• the rational method for reaching reliable and reproducible
audit conclusions in a systematic audit process

• Audit evidence should be verifiable.
• It will in general be based on samples of the information

available, since an audit is conducted during a finite period of
time and with finite resources.
• An appropriate use of sampling should be applied, since this
is closely related to the confidence that can be placed in the
audit conclusions.

Overview of Auditing M1S25

Audit Criteria

• Set of policies, procedures or requirements used as a
reference against which audit evidence is compared.

• May include;

• Policies and procedures (Internal Audit)
• Applicable standard (LEI of ICAO SARPS)
• Laws and regulations
• QMS requirements (e.g ISO 9001)
• Contractual requirements
• Industry/business sector codes of conduct (e.g IOSA)

Overview of Auditing M1S26

Audit Criteria

Requirement Aviation QMS
level
Global 8 critical elements (LEI) ISO 9001
National
Organizational Regulations Cert Body
Operational
M OF STANDARDS QMS POLICY

MANSOPS (Manual of Air Svc PROCEDURES

Ops)

Overview of Auditing M1S27

Discussion Exercise

• Analyse a relevant MS to lay out an audit criteria (To explain
a relevant MS)

What criteria would you use to audit your department within
your organisation?

Overview of Auditing M1S28

Mastery Test

• Matching Exercise

Overview of Auditing M1S29

MODULE 2

AUDIT PLANNING

Module Objectives

At the end of this module, you will be able to;
• Explain the audit planning process
• Outline the auditor attributes and competencies
• Identify the roles and responsibilities of the audit team

members
• Identify the responsibilities of the Auditee

Reference Material: ISO 19011:2018

Audit Planning M2/S2

Auditor

• Person who conducts an audit.
• A person with relevant qualifications and competence to

perform audits or specified parts of such audits.
• Person with the demonstrated personal attributes and

competence to conduct an audit.

Audit Planning M2/S3

Attributes of an Auditor

• Auditors should exhibit professional behavior during the
performance of audit activities, including being:

• Ethical - fair, truthful, sincere, honest and discreet;
• Open-minded - willing to consider alternative ideas or points of

view;
• Diplomatic - tactful in dealing with people, team player;
• Observant - actively observing physical surroundings & activities;
• Perceptive - aware of and able to understand situations;
• Versatile - able to readily adapt to different situations;
• Tenacious - persistent and focused on achieving objectives;
• Decisive - able to reach timely conclusions based on logical

reasoning and analysis;
• Self-reliant - able to act and function independently whilst

interacting effectively with others.

Audit Planning M2/S4

Auditor Competency

• Competence – these are demonstrated personal attributes
and demonstrated ability to apply knowledge and skills

• In deciding the appropriate knowledge and skills required of
the auditor, the following should be considered:

• the size, nature and complexity of the organization to be audited;
• the management system disciplines to be audited;
• the objectives and extent of the audit program;
• other requirements, such as those imposed by external bodies,

where appropriate;
• the role of the audit process in the management system of the

auditee;
• the complexity of the management system to be audited;
• the uncertainty in achieving audit objectives.

Audit Planning M2/S5

Auditors’ Generic Knowledge & Skills

• Audit principles, procedures and methods:

enables the auditor to apply the appropriate principles,
procedures and methods to different audits, and to ensure that
audits are conducted in a consistent and systematic manner.

• Management system and reference documents:

enable the auditor to comprehend the audit scope and apply audit
criteria,

• Organizational context:

enable the auditor to comprehend the auditee’s structure,
business and management practices,

Audit Planning M2/S6

Auditors’ Generic Knowledge & Skills

• Applicable legal and contractual requirements and other
requirements that apply to the auditee:

enable the auditor to be aware of, and work within, the
organization’s legal and contractual requirements.

• Discipline and sector-specific knowledge and skills of
management system auditors

Overall competence of the audit team needs to be sufficient to
achieve the audit objectives.

Audit Planning M2/S7

Responsibilities of the Auditor

• Complying with the applicable regulatory requirements for
auditing

• Helping auditee understand the requirements

• Planning and performing assigned responsibilities
objectively and efficiently within the audit scope

• Co-operating with and supporting the lead auditor

• Collecting, analyzing and documenting relevant objective
evidence to establish conclusions regarding compliance with
regulatory requirements

• Establishing that procedures, documents and other
supporting information are known, available, understood
and used by auditee’s personnel

Audit Planning M2/S8

Responsibilities of the Auditor

• Establishing that procedures, documents and other
supporting information are known, available, understood
and used by auditee’s personnel

• Remaining alert to any indications or evidence that can
influence the audit results and possibly require more
extensive auditing

• Informing the lead auditor of audit findings in a timely
manner

• Assisting the lead auditor in preparing the report of the
audit

Audit Planning M2/S9

Responsibilities of the Auditor

• Safe guarding the confidentiality of all documents and
information obtained during the audit

• Verifying that corrective actions have been taken and have
been effective

• Minimizing disruption to the auditee’s personnel and
processes during the audit while attaining the audit’s
objectives

• Complying with any health and safety or other applicable
requirements of the auditee

• Informing the lead auditor immediately of any major
obstacles encountered in performing the audit

Audit Planning M2/S10

Responsibilities of the Auditee

• Informing relevant employees about the objectives and
scope of the audit

• Appointing responsible members of staff to accompany
members of the audit team and ensuring that audit team
members are aware of health, safety and other applicable
requirements

• Providing resources needed for the audit team in order to
ensure an effective and efficient audit process

• Providing access to the facilities and evidential material
pursuant to the regulatory requirements as requested by
the auditors

Audit Planning M2/S11

Responsibilities of Auditee

• Co-operating with the auditors to permit the audit
objectives to be achieved

• Receiving the audit findings

• Determining what follow-up corrective actions are to be
taken to address nonconformities and other audit findings

• Implementing corrective actions in a timely and effective
manner and informing the auditing organization as required

• Informing the auditing organization of any significant
change to the management system as required

• Informing any other auditees that may be affected by the
audit, of its objectives, scope & any other relevant
arrangements

Audit Planning M2/S12

Audit Team Leader

• Audit team leaders should have additional knowledge and
skills to manage and provide leadership to the audit team, in
order to facilitate the efficient and effective conduct of the
audit.

• An audit team leader is responsible for the following:

a) balances the strengths and weaknesses of the individual audit
team members;

b) develops a harmonious working relationship among the audit
team members;

c) manages the audit process, in these aspects:

planning the audit and making effective use of resources during the
audit;

managing the uncertainty of achieving audit objectives;

protecting the health and safety of the audit team members during
the audit;

Audit Planning M2/S13

Audit Team Leader… cont.

ensuring compliance of the auditors with the relevant health, safety
and security requirements;

organizing and directing the audit team members;
providing direction and guidance to auditors-in-training;
preventing and resolving conflicts, as necessary;

d) represents the audit team in communications with the person
managing the audit program, audit client and auditee;

e) leads the audit team to reach the audit conclusions;

f) prepares and completes the audit report

Audit Planning M2/S14

Competence of an Audit Team Leader

• In order to achieve competence of an auditor, a
combination of the following may be used:

a) formal education/training and experience that contribute to
the development of knowledge and skills in the management
system discipline and sector the auditor intends to audit;

b) successfully completing training programs that cover generic
auditor knowledge and skills;

c) experience in a relevant technical, managerial or professional
position involving the exercise of judgement, decision making,
problem solving and communication with managers,
professionals, peers, customers and other interested parties;

Audit Planning M2/S15

Competence of an Audit Team Leader

d) audit experience acquired under the supervision of a senior
(lead) auditor in the same discipline.

• An audit team leader should have acquired additional audit
experience in order to give intended roles mentioned above. This
additional experience should have been gained by working under
the direction and guidance of a different audit team leader.

Audit Planning M2/S16

Audit Teams - Teamwork

• When teams operate at their optimum, the results can be
more than simply additive- they can be multiplicative with
the optimal talents of one-person catalyzing the optimal of
another and to produce the results far beyond what any one
person might have achieved.

• This concept is known as team synergy. It is a term that
means that when two people get together they create more
than if they were working alone.

• The combination of common interests, common values, and
complementary talents defines the potential for team
synergy.

Audit Planning M2/S17

Team Development

• Management scholars have identified four stages in the
development and performance of teams.

• Each of these stages is necessary to build a cohesive team.

• Team members can be more or less bound together given
differences of values, opinions and characteristics but going
through these natural and almost unconscious steps,
increases the cohesion of the team.

Audit Planning M2/S18

Stages of Team Development

• Forming

• This is the stage in which the team is formed and members come
to know each other.

• Storming

• This is the ‘brainstorming’ stage in which the members try to
assert themselves with one another. This is when tensions and
conflicts might first appear.

Audit Planning M2/S19

Stages of Team Development

• Norming - Compromise

• Negotiation allows the team to reach a common understanding.
The team identifies common objectives and establishes ground
rules- norms, to work together. It adopts a mode of reactions in
the event of internal tensions or divergences.

• Performance

• Members are now part of a cohesive team. The team has adopted
common standards and procedures in the event of problems. The
team is now ready to accomplish the audit objectives.

Audit Planning M2/S20

AUDIT PROGRAMME