The Art of Safety Auditing A Tutorial for Regulators The Art of Safety Auditing A Tutorial for Regulators Sasho Andonov CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2020 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-0-367-35108-3 (Paperback) International Standard Book Number-13: 978-0-367-35761-0 (Hardback) International Standard Book Number-13: 978-0-429-32979-1 (eBook) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copy- right.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that pro- vides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Acronyms and Abbreviations .............................................................................ix Definitions of the Terms Used..............................................................................xi Preface .....................................................................................................................xv Author ...................................................................................................................xix 1 Introduction .....................................................................................................1 1.1 Who Can Benefit from This Book? .....................................................1 1.2 General Explanation Regarding the Book .........................................2 1.3 Axioms ....................................................................................................4 2 Clarifications of General Terms ..................................................................7 2.1 Introduction ...........................................................................................7 2.2 Management and Engineering ...........................................................7 2.3 Hazard, Threat, and Risk .....................................................................8 2.4 Two Types of Safety ..............................................................................9 2.5 Quality versus Safety .........................................................................10 2.6 Safety versus Security ........................................................................14 2.7 Oversight versus Audit ......................................................................14 2.8 Inspection versus Audit .....................................................................15 2.9 Compliance versus Conformance .....................................................16 2.10 What Is a Management System? .......................................................17 2.11 Establishing a Management System .................................................18 2.12 Understanding Procedures ................................................................19 2.13 Records .................................................................................................20 2.14 AMC ......................................................................................................22 2.15 Validation versus Verification ...........................................................23 2.16 Safety Case ...........................................................................................24 2.17 Human Factors (HF) ...........................................................................25 2.18 Mistake versus Error ..........................................................................26 2.19 Just Culture ..........................................................................................27 3 Regulation ......................................................................................................31 3.1 Introduction .........................................................................................31 3.2 How to Pass a Regulation? .................................................................31 3.3 Accreditation, Certification, Licensing, Attestation, Approval ........34 3.4 Standards versus Recommendations ...............................................38 3.5 Regulation and Regulators ................................................................39 3.6 “Grey Area” of Regulation .................................................................40 3.7 Regulation and Auditors ....................................................................41 3.8 Post-holder............................................................................................42 v vi Contents 3.9 “Personality” of Regulators ...............................................................44 3.10 Who to “Blame” If There Is Non-Compliance? ..............................47 4 Types of Audits .............................................................................................51 4.1 Introduction .........................................................................................51 4.2 Internal Audits ....................................................................................51 4.3 External Audits ....................................................................................56 4.3.1 Second Party Audits ..............................................................56 4.3.2 Third Party Audits .................................................................57 4.3.2.1 Categories of Third Party Audits .........................58 4.4 Frequency of Audits ...........................................................................60 5 Companies and Audits ................................................................................63 5.1 Introduction .........................................................................................63 5.2 “Personality” of the Company ..........................................................64 5.3 Understanding the Audit of the Company .....................................67 5.3.1 What Is the Purpose of the Audit? ......................................67 5.3.2 How the Companies Are Reacting to Audits ....................69 6 Check Lists (CLs) ..........................................................................................73 6.1 Introduction .........................................................................................73 6.2 Two Types of Check Lists ...................................................................75 6.2.1 Target Check Lists ..................................................................75 6.2.2 Audit Check List ....................................................................78 6.3 What to Do with Filled Audit CLs? ..................................................82 6.4 Compliance and Non-Compliance ...................................................83 6.5 Audit Software ....................................................................................86 7 Management of Findings ............................................................................89 7.1 Introduction .........................................................................................89 7.2 Findings ................................................................................................89 7.3 Objective Evidence ..............................................................................90 7.4 Type of Findings ..................................................................................93 7.5 How to Present the Findings? ...........................................................96 7.6 What Is Next? .......................................................................................97 8 Preparation for Audit ...................................................................................99 8.1 Introduction .........................................................................................99 8.2 Schedule of Audits ............................................................................101 8.3 Establishing the Audit Team ...........................................................102 8.4 Organizing the Approval Audit .....................................................103 8.4.1 Documentation Audit .........................................................104 8.4.2 Preparing On-Site Audit .....................................................106 8.4.3 Executing On-Site Audit .....................................................109 Contents vii 8.5 Sampling.............................................................................................110 8.5.1 How to Choose a Sample? ..................................................112 8.5.2 How to Use Sampling in Audits? ......................................114 9 Conducting the Audit ................................................................................117 9.1 Introduction .......................................................................................117 9.2 How to Do Auditing? .......................................................................117 9.2.1 Auditing Documentation ....................................................117 9.2.2 Auditing Equipment ............................................................119 9.2.3 Auditing Employees’ Qualifications .................................121 9.2.4 Auditing Safety Policy ........................................................122 9.2.5 Auditing Safety Objectives .................................................126 9.2.6 Auditing Procedures ...........................................................128 9.2.7 Auditing Records .................................................................131 9.2.8 Auditing Preventive and Corrective Maintenance .........134 9.2.9 Auditing Preventive and Corrective Actions ..................136 9.2.10 Auditing Management of Change .....................................137 9.2.11 Auditing Alarm Systems ....................................................139 9.2.12 Auditing “Chronology of Events” .....................................141 9.2.13 Auditing Human Factors (HF) ...........................................143 9.2.14 Auditing Process of Monitoring of SMS ...........................144 9.2.15 Auditing Training in the Company ..................................145 9.2.16 Auditing Handling, Storage, and Shipping .....................146 9.2.17 Auditing Internal Audits ....................................................147 9.2.18 Auditing Outsourcing and Partner Companies ..............148 9.3 Final Report .......................................................................................149 9.4 What Next? .........................................................................................152 9.5 The Regulator and the Outcomes from the Audits ......................152 10 “Challenges” for the Auditor during Audits ........................................155 10.1 Introduction .......................................................................................155 10.2 Time Gap ............................................................................................155 10.3 Not Following the Audit Schedule .................................................158 10.4 Company Does Not Allow Access to Some Premises .................158 10.5 Company Is Lying .............................................................................159 10.6 Auditor Found Something Which Is Not in Target CLs .............160 10.7 There Is Not Enough Staff in Company to Maintain Safe Operations .................................................................................161 11 Profile of the Auditor .................................................................................165 11.1 Introduction .......................................................................................165 11.2 What Is Important for the Auditor? ...............................................166 11.3 Yearly Assessment of Auditors .......................................................167 11.4 Improvements of Auditors ...............................................................169 viii Contents 11.5 Things for Which a Good Auditor Must Take Care ....................169 11.6 Qualities of Auditor ..........................................................................171 11.6.1 Training in Audits ...............................................................172 11.6.2 Time Management ...............................................................172 11.6.3 Honesty .................................................................................173 11.6.4 Independence .......................................................................174 11.6.5 Impartiality ...........................................................................174 11.6.6 Communication ....................................................................175 11.6.7 Flexibility ..............................................................................176 11.6.8 Trustworthiness ...................................................................177 11.6.9 Decisiveness ..........................................................................178 11.6.10 Analytical and Understanding ..........................................178 11.6.11 Persistence .............................................................................178 11.6.12 Trust in the Instincts ...........................................................179 11.6.13 Commitment and Determination ......................................179 11.6.14 Professionalism ....................................................................180 11.6.15 Team Work ............................................................................180 11.7 The Most Important Thing! .............................................................181 Final Words ........................................................................................................185 Appendix: Axioms .............................................................................................187 Index .....................................................................................................................189 Acronyms and Abbreviations ADP Automatic Data Processing AIS Aeronautical Information Services AMC Acceptable Means of Compliance or Alternative Means of Compliance ANSP Air Navigation Service Provider ATC Air Traffic Control ATCo Air Traffic Controller BP British Petroleum CAA Civil Aviation Agency CLs Check Lists CNS Communication, Navigation, Surveillance COM Communication DFS Deutsche Flugsicherung DGCA Directorate General of Civil Aviation DME Distance Measuring Equipment EASA European Aviation Safety Agency FAA Federal Aviation Administration FMS Financial Management System GCAA General Civil Aviation Authority GP Glide Path HF Human Factors HSE Health, Safety, and Environment IAEA International Atomic Energy Agency IANS Institute of Air Navigation Services IATA International Air Transport Association ICAO International Civil Aviation Organization IT Information Technology ISO International Organization for Standardization LLZ Localizer LMS Logistic Management System MET Meteorological Services (in aviation) MRO Maintenance, Repair, and Overhaul (Maintenance and Repair Organization) MTBF Mean Time Between Faults (Failure) MTC Military Technological College MTTR Mean Time To Repair NAVAIDs Navigational Aids NTSB National Transportation Safety Board QMS Quality Management System PMS Production Management System ix