As an aviation safety manager or accountable executive, preparing for an FAA Part 5 Safety Management System (SMS) audit is critical to ensuring compliance and maintaining a robust safety culture.

The FAA’s Part 5 regulation, outlined in 14 CFR Part 5, mandates SMS for certificate holders under Parts

• 121,
• 135,
• 91.147, and
• certain Part 21 operations.

A successful audit demonstrates that your organization’s SMS meets regulatory standards across four pillars: Safety Policy, Safety Risk Management (SRM), Safety Assurance (SA), and Safety Promotion.

This guide provides actionable steps to prepare for an FAA Part 5 audit, helping you avoid common pitfalls, streamline processes, and foster continuous improvement. Whether you’re a seasoned safety manager or new to SMS, these strategies will set you up for success.

Stick around, an FAA Part 5 SMS Audit Checklist is included at the end for your review.

Why FAA Part 5 Audits Matter

FAA Part 5 audits evaluate whether your SMS is not only compliant but also effective in identifying and mitigating safety risks. Failing an audit can lead to operational restrictions, increased scrutiny, or reputational damage. Conversely, a well-prepared audit showcases your commitment to safety, enhancing trust with regulators, employees, and stakeholders.

For safety managers and accountable executives, preparation is about more than checking boxes—it’s about embedding a proactive safety culture that aligns with FAA requirements and ICAO Annex 19 standards. Let’s dive into the steps to ace your audit.

Step 1: Understand FAA Part 5 Requirements

Know the Four Pillars

FAA Part 5 is built on four core components:

• Safety Policy: Establishes your organization’s commitment to safety, with clear objectives and an accountable executive.

• Safety Risk Management (SRM): Involves identifying hazards, assessing risks, and implementing controls.

• Safety Assurance (SA): Ensures ongoing monitoring through audits, data analysis, and corrective actions.

• Safety Promotion: Fosters a positive safety culture through training and communication.

Familiarize yourself with 14 CFR Part 5, FAA Advisory Circular (AC) 120-92, and FAA Order 5200.11 for detailed guidance. These documents outline expectations for documentation, scalability, and compliance.

Review Applicability and Timelines

Confirm that your organization is subject to Part 5 (e.g., Part 121 air carriers, Part 135 operators, or Part 21 certificate holders). Note key deadlines:

• Part 135 operators must submit SMS implementation plans by May 28, 2027, with full implementation within 36 months.

• Part 121 operators have earlier timelines, often already in effect.

Understanding your regulatory obligations ensures you’re audit-ready.

Step 2: Conduct a Gap Analysis

Before the FAA auditors arrive, perform an internal gap analysis to identify weaknesses in your SMS. Use a comprehensive checklist (like the one provided in industry resources) to evaluate:

• Documentation: Is your SMS manual complete, accessible, and up-to-date?

• Safety Policy: Does your policy statement reflect current operations and leadership commitment?

• SRM Processes: Are hazard identification and risk controls documented and effective?

• SA Processes: Do you have robust audit programs and data monitoring systems?

• Safety Promotion: Are employees trained and engaged in safety reporting?

Engage key stakeholders—pilots, maintenance crews, and management—to gather insights. Document gaps and prioritize corrective actions to address them before the audit.

Pro Tip: Review past audit findings to avoid repeat issues, as these are red flags for FAA auditors.

Related Articles on Gap Analysis in Aviation SMS

• What Is a Gap Analysis in Aviation SMS?
• 4 Best Aviation SMS Gap Analysis Strategies for SMS Implementations
• SMS First Steps - Gap Analysis

Step 3: Strengthen Documentation and Recordkeeping

Auditors will scrutinize your SMS documentation, so ensure it’s thorough and organized. Key documents include:

• SMS Manual: A centralized guide detailing your SMS processes, aligned with Part 5 requirements.

• Hazard Register: A current list of identified hazards, risk assessments, and controls.

• Audit Records: Evidence of internal audits, findings, and corrective actions.

• Safety Reports: Records of employee-reported issues and their resolution.

• Training Records: Proof of SMS training tailored to employee roles.

For smaller operators demonstrating FAA SMS compliance, manual documentation (e.g., spreadsheets) may suffice. Larger organizations should leverage SMS software to integrate SRM and SA data, ensuring traceability and ease of access.

Step 4: Enhance Safety Risk Management (SRM)

A strong SRM process is the backbone of your SMS. Auditors will assess how you identify, analyze, and mitigate risks. To prepare:

• Update Your Hazard Register: Ensure it reflects current operations, including new routes, equipment, or procedures.

• Document Risk Assessments: Use a consistent methodology (e.g., likelihood vs. severity matrix) and involve relevant stakeholders.

• Verify Controls: Confirm that risk controls are implemented and monitored for effectiveness.

For example, if a hazard involves runway incursions, document mitigations like enhanced pilot training or improved signage, and track their impact through safety data.

Best Practice: Engage interfacing persons (e.g., contractors or vendors) to share hazard information without disclosing proprietary data, as required by §5.57.

Step 5: Bolster Safety Assurance (SA)

Safety Assurance ensures your SMS is working as intended. Auditors will look for evidence of continuous monitoring and improvement. Key actions include:

• Conduct Internal Audits: Perform annual internal audits using a Part 5 checklist. Address findings promptly to avoid repeat issues.

• Monitor Safety Performance: Track metrics like incident rates, ASAP report trends, or FOQA data to demonstrate proactive oversight.

• Implement Corrective Actions: Document and verify corrective actions for non-compliance or substandard performance.

For instance, if an audit reveals gaps in maintenance reporting, implement a new reporting protocol and verify its adoption through follow-up checks.

Related Aviation SMS Audit Articles

• How Often Should You Conduct Aviation SMS Audit
• 9 Best Strategies for Aviation Safety Audit Preparation [Free Audit Checklists]
• Aviation Safety Audit Preparation - 4 Free SMS Audit Templates

Step 6: Promote a Positive Safety Culture

Safety Promotion is about engaging your team in the SMS. Auditors will assess your training programs and communication strategies. To excel:

• Provide Role-Specific Training: Ensure all employees—from pilots to dispatchers—understand their role in hazard reporting and risk management.

• Encourage Reporting: Maintain a confidential, non-punitive reporting system to boost employee participation.

• Communicate Safety Goals: Share safety objectives, performance metrics, and success stories through newsletters, briefings, or posters.

A strong safety culture reduces audit risks by ensuring employees are active participants in SMS processes.

Step 7: Prepare for the Audit Day

As the audit approaches, finalize your preparations:

• Organize Documentation: Create a digital or physical audit binder with all required records, clearly labeled and indexed.

• Brief Your Team: Prepare key personnel to answer auditor questions confidently. Role-play common scenarios to build readiness.

• Engage with Auditors: Establish a point of contact to coordinate with FAA auditors and clarify expectations (e.g., preferred document formats).

During the audit, be transparent about your processes and proactive in addressing questions. Demonstrating a commitment to continuous improvement can offset minor deficiencies.

Common Pitfalls to Avoid

• Incomplete Documentation: Missing records or outdated manuals can lead to findings.

• Repeat Findings: Unresolved issues from past audits signal weak SA processes.

• Lack of Employee Engagement: A disengaged workforce undermines safety culture.

• Overcomplicating Processes: Ensure your SMS is scaled to your operation’s size and complexity, as required by Part 5.

Conclusion: Build a Resilient SMS

Preparing for an FAA Part 5 SMS audit is an opportunity to strengthen your organization’s safety framework. By conducting a gap analysis, enhancing documentation, and fostering a proactive safety culture, you’ll not only pass the audit but also build a resilient SMS that drives long-term safety performance.

Ready to take the next step? Download our free FAA Part 5 audit checklist or contact our SMS experts for tailored guidance. Stay compliant, stay safe, and keep your operations soaring.

Call to Action: Share your audit preparation tips in the comments below or subscribe to our newsletter for more aviation safety insights!

If you need reputable tools to manage these requirements, SMS Pro is here to help.

Bonus Section: Review FAA Part 5 SMS Audit Checklist

Part 5 SMS Requirements

The Federal Aviation Administration (FAA) Part 5, outlined in 14 CFR Part 5, establishes the requirements for Safety Management Systems (SMS) for certain certificate holders, including those operating under Parts 121, 135, 91.147, and specific Part 21 certificate holders.

An audit checklist for FAA Part 5 compliance ensures that an organization’s SMS meets these regulatory standards, covering the four core components: Safety Policy, Safety Risk Management (SRM), Safety Assurance (SA), and Safety Promotion. Below is a comprehensive FAA Part 5 audit checklist tailored for aviation SMS, based on the requirements in 14 CFR Part 5 and guidance from FAA resources, such as Advisory Circular (AC) 120-92 and FAA Order 5200.11.

Applicability of Part 5 SMS Audit Checklist to My Operations

This following checklist is designed to be scalable, as required by FAA Part 5, and can be adapted for organizations of varying sizes and complexities. For smaller operators, focus on simplified processes and manual documentation, while larger operators may leverage automated systems for data management.

Remember: Before an audit, review past findings to avoid repeat issues, as these can significantly impact audit outcomes. If you need specific templates or further customization, please review these free SMS resources to download.

FAA Part 5 SMS Audit Checklist

This checklist is designed to evaluate compliance with FAA Part 5 (14 CFR Part 5) requirements for an aviation Safety Management System (SMS). It covers the four components: Safety Policy, Safety Risk Management, Safety Assurance, and Safety Promotion, as well as general requirements for documentation and scalability.

1. General Requirements (§5.1 - §5.5)

• [ ] Applicability (§5.1): Verify that the organization is subject to Part 5 (e.g., Part 121 operators, Part 135 operators, Part 91.147 LOA holders, or Part 21 certificate holders with TC/PC).

• [ ] SMS Implementation Plan (§5.3): Confirm submission of an implementation plan to the FAA within the required timeline (e.g., by May 28, 2027, for Part 135 operators) and full implementation within 36 months of plan submission.

• [ ] SMS Documentation (§5.5): Ensure the SMS is documented, including:

  • A summary of aviation-related processes, procedures, and activities.

  • Records of SMS outputs (e.g., hazard analyses, audit findings, corrective actions).

  • Accessibility of SMS documentation to all relevant personnel.

• [ ] Scalability: Verify that the SMS is scaled appropriately to the size and complexity of the organization’s operations.

2. Safety Policy (§5.21 - §5.27)

• [ ] Safety Policy Statement (§5.21):

  • [ ] Exists and is signed by the accountable executive.

  • [ ] Reflects commitment to safety, defines methods/processes to meet safety goals, and establishes clear safety objectives.

  • [ ] Is periodically reviewed to ensure relevance and appropriateness.

• [ ] Accountable Executive (§5.25):

  • [ ] Designated with ultimate responsibility for SMS implementation and performance.

  • [ ] Has authority over operations and resources to address safety issues.

• [ ] Management Commitment (§5.23):

  • [ ] Key safety personnel are identified with defined roles and responsibilities.

  • [ ] Organizational structure supports SMS implementation.

• [ ] Employee Reporting System (§5.27):

  • [ ] A confidential reporting system exists for employees to report hazards, issues, or incidents without fear of reprisal.

  • [ ] Processes are in place to protect confidentiality and encourage reporting.

• [ ] Code of Ethics (§5.27):

  • [ ] A code of ethics is established, supporting a positive safety culture.

3. Safety Risk Management (SRM) (§5.51 - §5.57)

• [ ] SRM Processes (§5.51):

  • [ ] Defined processes for hazard identification, risk analysis, and risk control.

  • [ ] Applied to new systems, operational changes, or identified hazards.

• [ ] Hazard Identification (§5.53):

  • [ ] Proactive methods exist to identify hazards (e.g., safety reporting, hazard registers).

  • [ ] Hazard register is current, documenting top hazards and associated controls.

• [ ] Risk Analysis and Assessment (§5.53):

  • [ ] Risks are analyzed for likelihood and severity.

  • [ ] Risk assessments are documented and involve relevant stakeholders.

• [ ] Risk Controls (§5.55):

  • [ ] Controls are implemented to mitigate identified risks.

  • [ ] Effectiveness of controls is monitored and documented.

• [ ] Interfacing Persons (§5.57):

  • [ ] Processes exist to notify interfacing persons (e.g., contractors, vendors) of hazards that could affect safety, without sharing proprietary information.

4. Safety Assurance (SA) (§5.71 - §5.75)

• [ ] SA Processes (§5.71):

  • [ ] Systems are in place to monitor safety performance, including:

    • [ ] Safety reporting system for reported issues.

    • [ ] Internal and external audit programs.

    • [ ] Monitoring of operational processes and changes.

• [ ] Data Acquisition (§5.71):

  • [ ] Processes acquire data from:

    • [ ] Safety reports (e.g., ASAP, voluntary reporting).

    • [ ] Audit findings (internal and external).

    • [ ] Operational environment monitoring (e.g., FOQA data).

  • [ ] Data is analyzed to identify trends or patterns.

• [ ] Performance Monitoring (§5.73):

  • [ ] Safety objectives are monitored against performance metrics.

  • [ ] Evidence of continuous improvement is documented.

• [ ] Internal Audits (§5.71(a)(3)):

  • [ ] Conducted at least annually or before external audits.

  • [ ] Audit findings are tracked, and corrective actions are implemented.

  • [ ] No repeat findings from previous audits remain unaddressed.

• [ ] Corrective Actions (§5.75):

  • [ ] Processes exist to address non-compliance or substandard performance.

  • [ ] Corrective actions are documented, tracked, and verified for effectiveness.

5. Safety Promotion (§5.91 - §5.93)

• [ ] Safety Culture (§5.91):

  • [ ] Activities promote a positive safety culture (e.g., open communication, non-punitive reporting).

  • [ ] Management demonstrates commitment to safety through actions and communication.

• [ ] Training (§5.91):

  • [ ] SMS training is provided to all employees, tailored to their roles.

  • [ ] Training covers hazard identification, risk management, and reporting procedures.

  • [ ] Training records are maintained and up to date.

• [ ] Communication (§5.93):

  • [ ] Safety policies, objectives, and performance are communicated to all employees.

  • [ ] Feedback mechanisms exist for employees to engage with safety processes.

6. Documentation and Recordkeeping

• [ ] SMS Manual:

  • [ ] Comprehensive manual exists, detailing SMS processes and procedures.

  • [ ] Manual is accessible to employees and auditors.

• [ ] Hazard Register:

  • [ ] Up-to-date, documenting hazards, risks, and controls.

  • [ ] Correlates with safety objectives and operational data.

• [ ] Audit Records:

  • [ ] Records of internal/external audits, findings, and corrective actions are maintained.

• [ ] Safety Reports:

  • [ ] Evidence of managed safety reports, with no abandoned or neglected reports.

• [ ] Data Management:

  • [ ] SRM and SA data are integrated or compatible for effective monitoring.

  • [ ] Automated systems (if used) report exceptions and support data analysis.

7. Additional Considerations

• [ ] Previous Audit Findings:

  • [ ] Review past audits to ensure no repeat findings.

  • [ ] Document corrective actions for previously identified issues.

• [ ] Stakeholder Engagement:

  • [ ] Engage with auditors to clarify preferred documentation formats.

  • [ ] Coordinate with interfacing persons (e.g., vendors, contractors) to ensure compliance.

• [ ] Compliance with ICAO Annex 19:

  • [ ] SMS aligns with ICAO standards for safety management.

• [ ] Voluntary Programs (if applicable):

  • [ ] Participation in programs like ASAP or FOQA is documented and integrated into SMS.

Notes

• Preparation: Conduct internal audits using this checklist before external audits to identify and correct deficiencies.

• Evidence: Ensure all processes are supported by documented evidence (e.g., reports, training records, risk assessments).

• Continuous Improvement: Demonstrate ongoing efforts to enhance SMS performance through data analysis and corrective actions.

• Sources: Based on 14 CFR Part 5, FAA AC 120-92, FAA Order 5200.11, and industry best practices from resources like aviationsafetyblog.asms-pro.com.

Need auditing tools? SMS Pro has a robust auditing suite to manage both internal and external audits. We also provide an Audit suite without all the SMS related tools.