Compare Audit Checklists for FAA, ICAO and EASA

Below is a curated list of questions commonly found in Federal Aviation Administration (FAA) Safety Management System (SMS) audit checklists, specifically for Part 121 and voluntary SMS programs (e.g., Advisory Circular 120-92B), compared with equivalent or related questions from the European Union Aviation Safety Agency (EASA) and International Civil Aviation Organization (ICAO) SMS audit checklists. This comparison focuses on SMS audits for aviation service providers (e.g., airlines, maintenance organizations) and draws on publicly available guidance, such as FAA’s AC 120-92B, ICAO’s Safety Management Manual (Doc 9859), EASA’s compliance checklists, and related sources.

Since full audit checklists are often proprietary or restricted (e.g., FAA’s internal tools, EASA’s Part-145 checklists, ICAO’s USOAP protocol questions), we provide representative questions based on SMS requirements and highlight similarities and differences. Note that the FAA, EASA, and ICAO align closely with ICAO Annex 19 for SMS, but their checklists differ in scope, specificity, and regulatory focus.

FAA SMS Audit Checklist Questions (Based on AC 120-92B and Part 5)

The FAA’s SMS audits for Part 121 operators and voluntary programs focus on the four SMS pillars: Safety Policy, Safety Risk Management (SRM), Safety Assurance (SA), and Safety Promotion. Below is a sample of questions derived from FAA guidance and audit practices:

  1. Safety Policy
    • Is there a documented safety policy signed by the accountable executive?
    • Does the safety policy define roles, responsibilities, and authorities for SMS implementation?
    • Are safety objectives and key performance indicators (KPIs) established and communicated?
    • Is there a process to ensure compliance with FAA regulations (e.g., 14 CFR Part 5)?
    • Does the organization have a non-punitive safety reporting policy in place?
  2. Safety Risk Management (SRM)
    • Is there a documented hazard identification process, including a hazard register?
    • Are risk assessments conducted for identified hazards, with documented risk controls?
    • Are SRM processes integrated into operational changes (e.g., new routes, equipment)?
    • Can the organization demonstrate how risk controls are developed and prioritized?
    • Are safety reports analyzed to identify trends and mitigate risks?
  3. Safety Assurance (SA)
    • Are internal audits conducted regularly to monitor SMS performance, with documented findings?
    • Is there a process to track and close corrective actions from audit findings?
    • Does the organization monitor KPIs to assess SMS effectiveness?
    • Are safety performance monitoring tools (e.g., Flight Data Analysis Program) in place?
    • Is there evidence of continuous improvement based on safety data analysis?
  4. Safety Promotion
    • Are employees trained on SMS roles and responsibilities, with records maintained?
    • Is there a communication plan to disseminate safety information across the organization?
    • Does the accountable executive actively promote a positive safety culture?
    • Are safety lessons learned shared with employees through briefings or newsletters?
    • Is there a process to recognize and reward safety reporting contributions?

EASA SMS Audit Checklist Questions (Based on Part-145, Part-TCO, and Compliance Monitoring)

EASA’s SMS audits are embedded in regulations like Part-145 (maintenance organizations), Part-TCO (third-country operators), and compliance monitoring requirements. Questions focus on regulatory compliance, SMS integration, and operational oversight.

  1. Safety Policy and Objectives
    • Is the safety policy included in the organization’s exposition and approved by the competent authority?
    • Are safety objectives aligned with EASA regulations and measurable?
    • Does the accountable manager ensure sufficient resources for SMS implementation?
    • Is there a documented process to ensure compliance with EASA regulations (e.g., Part-145.A.65)?
    • Are safety responsibilities clearly defined for all staff levels in the exposition?
  2. Safety Risk Management
    • Is a hazard identification process documented, including a risk register?
    • Are risk assessments conducted for maintenance or operational changes, with mitigation measures recorded?
    • Does the organization use approved data (e.g., Component Maintenance Manuals) for risk assessments?
    • Are processes in place to identify and manage human factors in risk assessments?
    • Is there a system to review the effectiveness of risk controls periodically?
  3. Safety Assurance
    • Is a compliance monitoring function established to conduct regular SMS audits?
    • Are audit findings documented, tracked, and resolved within specified timelines?
    • Does the organization maintain records of safety performance indicators (SPIs)?
    • Are maintenance processes compliant with EASA Form 1 requirements for components?
    • Is there a process to monitor third-party contractors under the quality system?
  4. Safety Promotion
    • Are staff trained on SMS requirements, including human factors and safety reporting?
    • Is there a communication system to share safety information with all employees?
    • Does the organization promote a just culture to encourage safety reporting?
    • Are safety meetings held regularly, with minutes documented?
    • Is there evidence of employee engagement in safety improvement initiatives?

ICAO SMS Audit Checklist Questions (Based on Annex 19 and USOAP)

ICAO’s Universal Safety Oversight Audit Programme (USOAP) and Safety Management Manual (Doc 9859) provide SMS audit questions for states and operators, focusing on the eight critical elements of safety oversight and Annex 19 requirements.

  1. Safety Policy and Objectives
    • Does the state/organization have a documented SMS policy aligned with Annex 19?
    • Are safety objectives defined and monitored at the state or operator level?
    • Is there a clear delineation of SMS responsibilities for senior management?
    • Does the SMS framework comply with ICAO SARPs (e.g., Annex 19)?
    • Is there a process to integrate national regulations with SMS requirements?
  2. Safety Risk Management
    • Is a systematic hazard identification process implemented and documented?
    • Are risk assessments conducted for significant safety issues, with mitigation plans?
    • Does the organization/state use data-driven tools for hazard analysis?
    • Are risk controls reviewed for effectiveness during operational changes?
    • Is there a process to prioritize hazards based on severity and likelihood?
  3. Safety Assurance
    • Are regular SMS audits conducted, with findings reported to senior management?
    • Is there a system to track corrective actions for identified safety deficiencies?
    • Are safety performance indicators (SPIs) defined and monitored regularly?
    • Does the state/organization collect and analyze safety data for trend identification?
    • Is there evidence of compliance with ICAO’s eight critical elements (e.g., Doc 9734)?
  4. Safety Promotion
    • Are SMS training programs implemented for all relevant personnel?
    • Is there a communication strategy to promote safety awareness across the organization?
    • Does the state/organization foster a positive safety culture through policies?
    • Are safety reporting systems accessible and promoted to all employees?
    • Is there a mechanism to share safety lessons learned with stakeholders?

Comparison of FAA, EASA, and ICAO Audit Checklists

Aspect FAA (Part 5, AC 120-92B) EASA (Part-145, Part-TCO) ICAO (Annex 19, USOAP)
Scope Focuses on U.S. operators (mandatory for Part 121, voluntary for others). Emphasizes practical SMS implementation. Targets EU operators, maintenance organizations, and third-country operators. Strong focus on regulatory compliance. Applies to states and operators globally. Focuses on oversight systems and compliance with SARPs.
Safety Policy Requires a signed policy by the accountable executive, with clear KPIs and compliance with 14 CFR Part 5. Requires policy in the exposition, approved by the competent authority, with resource allocation emphasis. Requires state/operator policy aligned with Annex 19, with clear responsibilities and national integration.
Safety Risk Management Detailed hazard register and risk assessment processes, integrated with operations. Hazard register required, with focus on maintenance data and human factors. Systematic hazard identification, with data-driven risk prioritization.
Safety Assurance Strong emphasis on internal audits, KPIs, and continuous improvement via data analysis (e.g., FDAP). Compliance monitoring function mandatory, with strict documentation and third-party oversight. Audits tied to eight critical elements, with state-level oversight and SPI monitoring.
Safety Promotion Focus on training, communication, and fostering a positive safety culture. Emphasizes just culture, human factors training, and documented safety meetings. Promotes safety culture, training, and stakeholder communication at state/operator levels.
Checklist Accessibility Publicly available guidance (e.g., AC 120-92B), but detailed checklists may be internal. Partially public (e.g., Part-145 checklists on SafetyCulture), but exposition-specific. USOAP checklists restricted, but templates in Doc 9859 are referenced.
Question Specificity Practical, operation-focused (e.g., SRM integration with new routes). Regulatory and maintenance-focused (e.g., EASA Form 1 compliance). Broad, oversight-focused (e.g., state compliance with SARPs).
Auditor Approach FAA auditors assess operator performance, with flexibility for voluntary programs. EASA auditors emphasize compliance with EU regulations, with strict documentation. ICAO auditors focus on state oversight, with operator audits as part of USOAP.

Key Similarities

  • Alignment with Annex 19: All three frameworks align with ICAO Annex 19’s four SMS pillars, ensuring consistency in safety policy, SRM, SA, and promotion.
  • Hazard Identification: Each requires a documented hazard register and risk assessment process.
  • Audit and Monitoring: All emphasize regular audits, corrective action tracking, and safety performance monitoring (KPIs/SPIs).
  • Safety Culture: Training and communication to promote a just culture are common across all checklists.

Key Differences

  • Regulatory Scope: FAA focuses on U.S. operators with practical SMS integration; EASA emphasizes EU regulatory compliance, particularly for maintenance (Part-145); ICAO targets state oversight and global standards.
  • Checklist Detail: FAA checklists are practical and operator-specific; EASA’s are detailed for maintenance (e.g., tooling, EASA Form 1); ICAO’s are broader, covering state-level oversight.
  • Access Restrictions: FAA’s AC 120-92B is publicly accessible; EASA’s Part-145 checklists are partially public but exposition-specific; ICAO’s USOAP checklists are restricted, though Doc 9859 provides templates.
  • Auditor Focus: FAA auditors assess operator performance; EASA focuses on compliance documentation; ICAO evaluates state systems, indirectly affecting operators.

Notes Regarding Aviation SMS Audit Checklists

  • FAA Checklists: Reference AC 120-92B for sample questions and summarize key elements like hazard registers or KPIs. These are practical for operators and freely accessible.
  • EASA Checklists: Link to public Part-145 checklists (e.g., SafetyCulture, https://public-library.safetyculture.io/) and discuss maintenance-specific questions (e.g., tooling, component traceability).