What are Internal SMS Audits in Aviation, and Why Conduct Them
Internal SMS audits are an extremely important action in every aviation SMS program. They’re also a neglected process in most risk management programs. Just ask yourself, when was the last time you performed an internal audit? Let’s also be clear about what we mean when we say “audit”, as this word is thrown around loosely. An internal audit:
- Is not a regular review process (as in, reviewing previously managed safety issues);
- Is a specific type of activity that companies will perform once or twice a year; and
- Is a best practice for external audit preparation, such as an impending audit from oversight agency.
In short, conducting internal audits is similar to an audit conducted by compliance authorities, except you are in control of:
- Who conducts the internal audit;
- What you are auditing; and
- Your auditing format.
- Hire a third-party company to lead your internal SMS audit;
- Conduct the audit with trusted company employees; or
- Perform audit with a combination of third-party and trusted employees.
Beyond this, here are the basic elements needed to conduct internal SMS audits in the aviation industry.
Gather Auditing Checklists
Internal audits should be performed with a SMS audit checklists, as they:
- Provide guidance;
- Align with standards; and
- Ensure that audits are consistent, as well as thorough.
These checklists are generally provided by oversight agencies, and align with the standards that the agency will use when auditing your company.
Likewise, you can create your own auditing checklist based off of company standards. For example, an airport, airline, or other aviation service provider might walk through the FAA's Advisory Circular and create checklist items based on important elements of SMS highlighted in the Circular.
Create Auditing Team
Audits are best performed in teams. Team members should be trusted employees in your company, such as:
- Veteran front line employees;
- Members of the safety team;
- Department heads; or
- Other trusted managers.
Each team member should be charge of evaluating a particular area of the program that they are familiar with. Your audit team is where checklists become very important. They don’t need to know compliance rules and standards – they only need to have a clear checklist to follow.
The scope of each team member’s responsibility will probably vary depending on their experience and knowledge. You might charge one team member with an entire section of the audit, and charge another member with a very specific set of checklist items.
Review Previous Audit Findings
One of the most common use case scenarios for conducting internal SMS audits is to prepare for an impending audit by an oversight agency. The implication here is that you want to ensure past audit findings are now in a state of compliance.
Regardless of the reason for the internal audit, safety managers should review past audits and become familiar with what he findings, concerns, and other comments were. This information will then be used to:
- Inform the audit team what particular areas of the audit to pay attention to;
- Compare with the internal audit results to establish any areas of repeat non-compliance; and
- Give you a general idea of what results to expect.
Tips for Conducting Internal Audits
Internal audits are not formal audits. The team conducting the audit should keep in mind the fact that an internal audit is as much a discover as it is an exploration and assessment of “how things are going.” Doing some of the following will help keep the internal audit process flexible:
- Making sure audit team members are trained and understand the terms in the checklist that are being used;
- If a team member is unsure about a particular item, they should never make “their best guess”;
- If unsure, always note or mark that item as incomplete, so that safety management or some other review team can evaluate this item later;
- If possible, keep deadlines flexible so that audit team members are thorough with their assessment;
- Notify all employees of upcoming internal audit;
- Create an audit “plan” or schedule, so that audit team members and employees know what is happening and when.
The long and short of it is to keep stress at a minimum, take your time, and remain as organized as possible.
Review Audit Findings, Concerns, and Unsure Areas
Once the internal audit is complete, the safety manager or committee should follow up by doing the following (and in this order):
- Review all areas where team members “weren’t sure” and complete the audit;
- Review all findings and concerns;
- Verify that those findings and concerns are legitimate and properly marked, such as all findings are findings and not concerns, etc.;
- Create a corrective action plan;
- Process the corrective actions just like in any other safety issue; and
- Once those CPAs are implemented, re-evaluate that area of that SMS program to ensure that compliance is now met.
The above steps are more or less standard operating procedure for any audit, in any industry.
Final thought: Choosing Employees vs Third Party to Conduct Audit
Choosing a third party to conduct your audit has some pros and cons.
- Can be more objective;
- Test how organized and easy it is to maneuver through your SMS program (which oversight agency will have to do); and
- Can be more thorough, as audits are the third-party’s specialty.
- Less control over how they conduct audit;
- Can be less thorough if the third party doesn’t have much experience; and
- It costs money.
For the most part, creating an audit team internally will suffice. However, there may be situations where hiring a third party to evaluate can also be very beneficial, such as when preparing for major oversight audits.
These safety audit checklists should give you a solid idea of what good audit checklists look like.