Auditing: IS-BAO & SMS

* International Business Aviation Council (IBAC) International Standard for Business Aircraft Operations (IS-BAO)

IS-BAO is a voluntary standard. Companies that apply IS-BAO and subscribe to its amendment service have no obligation in respect to its implementation.  IS-BAO is a code of "best practices" and highly professional operational practices. IS-BAO is intended to build upon the excellent safety record already established by business aviation and is accepted by ICAO.

Organizations may use IS-BAO for reference purposes, to determine how well your company matches recognized international best practices, implement IS-BAO with internal audit evaluation or implement IS-BAO with third party audit to obtain a Certificate of Registration from the IBAC Standards Board.

Certificate of Registration
Flight Departments implementing IS-BAO may wish to obtain a Certificate of Registration from IBAC, thus demonstrating compliance to a recognized international standard. IS-BAO is a voluntary standard and registration is voluntary; however, there may be considerable benefits to a flight department by advising Boards of Directors, regulators and insurance companies, of compliance to the international standard.

Audits
Certificates of Registration are issued by IBAC to flight departments that have demonstrated compliance through successful completion of a third party industry audit by an IBAC Accredited Auditor such as ATC Vantage. The audits are conducted in accordance with the IBAC Audit Procedures Manual, which is provided to accredited auditors.

Safety audits assess the operational management and control system of your organization. A review of your flight or maintenance operations by auditors will yield improvements in safety and efficiency.  A "pre-audit will also help identify areas of concern that have the potential to cause difficulties with your impending audit. These findings will yield financial benefits and eliminate problems, often avoiding mistakes and misunderstandings with the upcoming audit, auditors and operators.  Our ATCV auditors will work closely with your organization to ensure that we understand your procedures, operations and records.

SMS Auditing - Common Issues in SMS Review & Validation

1. Does the SMS cover the entire company?

2. Are all 12 elements and their major processes accounted for? (Suggest drawing up a “map” or correlation matrix of the documentation before commencing a detailed review if the documentation is not in the same format as the framework).

3. What responsibilities are given to operational/line managers (e.g. flight ops, maintenance, ground services, etc.)? The system should be management driven rather than focused on the safety officer/safety department. Look for directions regarding involvement of management including top management (e.g. CEO, COO, SVPs , Division Managing Directors, etc.) in:
   • policy,
   • safety risk management,
   • safety assurance (particularly management reviews – element 3.1.10).

4. Are the safety risk management and safety assurance functions focused on the safety office/safety department of are they driven by managers of line organizations (managers who can allocate resources and direct employees’ activities)?

5. Are there a good set of checks and balances between line management and oversight activities of the safety officer/safety department (e.g. auditing and evaluation by both line managers/organizations and the safety officer/organization, access to and accountability of top management)?

6. Does the SRM process look at all levels of risk? SRM should be included in:
   • Strategic decision making and system/process design,
   • Change management,
   • Operational control/supervision,
   • Line operations (crew/team/individual employee activities).

7. Are there clear, practical instructions on how to use and interpret risk assessment tools such as risk matrices?

8. Does the reporting system allow for reporting potential hazards in operations or in the workplace as well as reporting events?

9. Is there a path from data collection to analysis, to assessment, to control or problem resolution? (Data must be used to have value in decision making. This is fundamental to the idea of a “system.”)

10. Do the analysis functions look across reports and data sources to identify patterns and trends or is the system limited to looking at each event, report, or finding independently?

11. Is there a method of tracking hazards and problems in and between SRM and SA processes as well as tracking progress on resolution (e.g. hazard database, action log)?

12. Is hazard status, progress toward mitigation and resolution of problems reviewed periodically? (Must be part of the process and not something “pushed uphill” by the safety officer/safety organization).