Good Aviation SMS Auditors Are Important
Aviation SMS auditors are usually not welcomed with open arms. They tend to be sources of high-stress for safety managers and company executives. An auditor wielding a pen and checklist can be quite nerve wracking.
It’s easy to view auditors as someone who is trying to seek out what your aviation SMS program is doing “wrong.” It’s equally easy to forget that audit preparation is one of the most valuable time periods for building your safety program.
Learning to think like an auditor will not only help you perform better on aviation SMS audits, but it will:
- Improve productivity during audit preparation;
- Hone ability to spot compliance red flags; and
- Improve global risk management abilities (not just during audit preparation).
Good aviation auditors provide a benchmark for how to “think like an auditor.” These kinds of auditor show up at your door ready to illuminate and cooperate in order to improve your safety management system. This is the same attitude safety managers need to have when working with their safety programs as well.
Interpret Compliance Requirement of Oversight Agency
Compliance requirements are not set in stone. They are also most certainly not immune to interpretation. In fact, you should interpret how compliance requirements relate to your operations. Do not rely on auditors for guidance:
- SMS auditor’s job is not to guide you; but
- To assess how your SMS program is being guided by your safety management team.
This is great news for airport SMS programs, airline SMS programs, and other aviation service providers because it means two things:
- Flexibility in conducting operations; and
- Ability for you to create operations that best fit your company, and make compliance requirements work for you.
When auditors are evaluating your SMS program, they are interpreting requirements to see how your SMS program fits. If you as a safety manager have not already done this, you will have a much harder time justifying within the bound of compliance why you made certain decisions.
If you HAVE interpreted compliance, you will cut out much of the auditors work for them, as they will see that you have done your homework and understand what you are doing.
Look for Documentation of “Why” in Risk Analysis Activities
One of the things we hear about most is that companies are hit with findings:
- NOT because their risk analysis outcomes were necessarily “wrong”; but
- BECAUSE they couldn’t show why or how they came to certain conclusions.
When an auditor asks you why you classified a safety issue with a particular classification, such as a hazard or root cause, and you “can’t remember” why you made that decision, it’s the same as saying I don’t know. Even if you had perfectly good reasons at the time of classification, it is all for nothing if you can’t show that to an auditor.
The implication here is that many findings are products of lack of documentation rather than poor decision making. As inspectors have said, they mostly want to see that:
- You know what you are doing; and
- What you are doing is working.
Having strong documentation for why you make choices during issue management:
- Makes it much harder for auditor to attack your conclusion;
- Significantly reduces “forgetting” why certain decisions were made; and
- Further demonstrates that you are meticulous in risk management activities.
Thinking like an auditor means being meticulous in documentation, such as documenting each step of decision making (i.e. history of how conclusions were arrived at) and justifying those steps with reason.
Eye for Well-Organized SMS Manual or Aviation Safety Database
Organization looks good. Organization in aviation SMS manuals and aviation safety databases means:
- Consistent language and syntax (such as abbreviations and codes);
- Having no anomalies, such as SMS elements that are not in the right section;
- Looks neat;
- Includes clear navigational elements; and
- Logical sub-sections.
You know something is well organized when a stranger can follow and/or find things with little difficulty. Organization indicates that you have a proper high level understanding of the role of each SMS element. As with the other “think like an auditor" examples, it’s one more demonstration that you know what you are doing.
A good test is to invite a stranger to see how well they can navigate your SMS documentation.
Look for These 3 “Symptoms” of Compliance
Good auditors have a radar for symptoms of compliance. We might call these “underlying markers” of compliance. In other words, when these things are happening in an aviation safety management system, then usually the program has a high degree of compliance:
- Consistent behavior in activities means similar pattern in how things are documented, assessed, classified, and accounted for;
- Data backed reasoning for operations means that service providers can justify certain decisions with specific safety charts, data, tables, etc.; and
- Can show relationship between documented SRM/SA process and safety issue management.
Safety managers will be best-in-class audit performers when they take the time to ensure that their activities are consistent, backed by safety data, and follow documented processes.
Final Thought: Thinking like an Auditor Means Conscious Decision Making
All of the above points have one thing in common: they demonstrate conscious decision making on the part of safety managers, including:
- Ensuring that each decision matches processes;
- Decisions are documented and justified; and
- That the process is not out of line with compliance guidance.
Make sure decisions are made passively or routinely.
For more information about oversight agency compliance, you may find this FAA SRM Process compliance ebook very helpful:
Published June 2017. Last updated April 2019.