Tag Archives: third party audit

Compliance: A New Year’s Resolution

I know you are likely in the flurry of holiday festivities but let’s take a moment to look ahead to 2014. Over 40% of Americans make New Year’s resolutions – to lose weight, keep to a budget, spend more time with family, whatever it is. Do you make New Year’s resolutions for your company? You probably do, but you likely call them “goals”, “metrics”, or “performance indicators”.

I have a suggestion for one of your 2014 company goals: verify the regulatory compliance of your organization.

An individual seeking a Part 135 air carrier certificate must complete a letter or statement of compliance to prove their compliance to the FAA. The statement of compliance is essentially a table that lists each regulation applicable to the air carrier and also the manual or document location in which the operator demonstrates compliance. Many companies believe this statement of compliance is a one-time deal – once the air carrier obtains certification, the company never needs to look at the statement of compliance again. However, the FAA has indicated the letter of compliance should be a “living document” which should be updated when the operator makes changes to manuals and other documents. (And even if the FAA doesn’t require a new statement of compliance with every manual revision, wouldn’t it be great to say, “Here’s my new manual revision, Mr./Ms. POI. You’ll see the revisions are compliant with the regulations by referring to the handy dandy statement of compliance I’ve provided.” Then smile and offer the inspector a cookie. More on cookies in a future post.)

Many operators think their annual audit by XYZ Auditing Firm or their IS-BAO registration ensures their Part 135 regulatory compliance. That is a false and potentially costly assumption. The Air Charter Safety Foundation Industry Audit Standard is the most complete compliance audit currently available but for various reasons, only a handful of operators have completed that audit. Don’t assume you are compliant with Federal Aviation Regulations just because you have a fancy audit certificate in your lobby. Also don’t assume you are compliant just because your FAA-assigned inspectors have approved or accepted your manuals. (See the “My Inspector Said” post.)

I often see companies in business for many years that are on revision 30 or higher for operations and maintenance manuals but seldom have they updated their statement of compliance since certification. It’s not difficult for manuals to fall out of compliance. Occasionally companies that have experienced significant management or ownership changes or have had numerous manual revisions inadvertently drop manual language that is required by regulation. Federal Aviation Regulations change frequently and it can be difficult for operators to keep up. Many operators forget to make appropriate changes to Department of Transportation (DOT) regulations (hazardous materials, anyone?) and National Transportation Safety Board (NTSB) regulations. (Go look at your operations manual or whatever document outlines the NTSB accident reporting requirements. If the revision date of that section is older than June 22, 2010, your manual is out of date and you risk failing to submit a required report if you use your manual as a reference. Forgot about that one? You’re in good company. Most operators do. Don’t get me started on hazmat. The DOT seems to change 10 words every few years. Identifying those 10 words and revising your manual and training program is kind of like a riddle – but a riddle that could cost you big bucks if you mess up.)

Your New Year’s resolution for 2014 should be to assess your manuals and documents by completing a new statement of compliance. Then identify any omissions or inconsistencies and make appropriate corrections to ensure your company is in compliance. It is best for YOU to identify these gaps before another party (*cough cough* the FAA) does.

“But Lindsey, why do I need to be concerned about regulatory compliance if the FAA has approved or accepted my manuals?” I refer you once again to the “My Inspector Said” post, not to mention the fact inspectors are human too and mistakes happen. Plus there are some situations that prompt “special” FAA surveillance. The sale of a company that holds a Part 135 air carrier certificate, significant management or business model changes, financial hardship/bankruptcy of an air carrier, and a number of other scenarios can trigger in-depth FAA inspections, including detailed manual reviews. Certainly a significant accident can prompt an investigation of your compliance by the FAA, NTSB, and even plaintiffs’ attorneys. Aside from the desire to keep the FAA happily at bay, you should consider completing a new statement of compliance or revising your current statement of compliance if you’ve been in operation for a long period of time (say 10 or more years) or you are considering selling your company.

Are you sure your company is in compliance with all applicable FAA, DOT, and NTSB regulations? Pretty sure? Maybe? Have I mentioned OSHA compliance? Now there’s the holiday spirit!

Give me a call (703-445-2450) or send me an email if you have compliance questions or want to start off the new year with a clean statement of compliance. Then if you don’t lose weight, stick to your budget, or spend more time with the kids in 2014, at least one resolution was successful!

Click here to visit or return to McFarren Aviation Consulting’s website.


Smart Supplemental Lift

Every Part 135 operator is a charter broker at some point. A crewmember gets sick, an airplane breaks, or demand simply exceeds your fleet capabilities and you’re out looking for another charter operator to pick up a flight for you. How do you choose your supplemental lift providers? Do you have a vetting process in place or will any operator with a 135 certificate on the wall do in a pinch? Developing and consistently using a documented vetting process can help limit your liability when sending a customer to another air carrier.

To develop an evaluation process, start with the simplest aspects of Part 135 operations.

Is the air carrier legal? That is, do they have a valid Part 135 certificate to conduct the specific type of operation? Many charter operators stop there. Obviously the FAA wouldn’t certificate a company that isn’t really competent to run a Part 135 operation. Right? Well… I’ll let you ponder that one. But just remember – a Part 135 certificate is merely a passing grade. It’s a pretty low bar compared to where the industry really is in terms of safety, security, and efficiency. Do you want your customers flying with the operator who only got a “D” in Part 135 operations? A “D” is a passing grade and personally I don’t want the “D” pilot, the “D” charter operator, or the “D” brain surgeon. Achieving a passing grade really isn’t saying much.

Most operators go beyond the Part 135 certificate and require proof of certain insurance limits. While it’s certainly prudent to verify insurance coverage, that’s like putting on your seatbelt after the car has struck a tree. It’s far better to exercise due diligence and mitigate risk prior to starting the car.

Some charter operators very proudly only use companies with an ARG/US or Wyvern rating or a successful IS-BAO or Air Charter Safety Foundation registration. These ratings and registrations only have value if you know what they mean. What does it take for an operator to earn a particular rating? Is there an on-site safety and operations audit or does the operator just submit data about their fleet and pilots? If an audit is required, what standards must the operator meet in order to be registered? Do findings or concerns have to be addressed before being registered or rated?  All “XYZ Rated!” logos are not equal. I’m not saying one audit or rating is superior to another. They all have some value in our industry. The individual rating or registration’s value depends on your needs and your expectations for your customers but if you don’t know what’s behind the rating, it’s meaningless.

Even an operator’s audit status shouldn’t be a single decision point for choosing supplemental lift. Audits are basically the gym membership of aviation. There are people who buy a gym membership and go work out regularly. Others get the membership and kick themselves every time the monthly fee shows up on their credit card statement because they don’t even remember how to get to the gym. And still other people are very fit and healthy but choose not to have a gym membership.  The operators who work out at the gym regularly not only put themselves out to be evaluated by third party auditors but also strive to keep the audit standards and intent alive and well in between audits. Those who buy memberships and never go back are the operators who pretty up their manuals and bring in donuts for a two or three day audit but if you go back next week, no one knows where the new manuals ended up and the donuts are moldy. (That is purely for illustration purposes, of course. I know no charter operator would do such a thing…) And there are certainly operators who choose not to have a third party evaluation but are still safe, conscientious operators.

This post isn’t intended to tell you how to evaluate charter operators used for supplemental lift. The intent is to get all of us thinking about how and why we choose companies to work with. I get a little knot in my stomach every time an operator says they use any XYZ-rated operator for supplemental lift with no further evaluation beyond verification of the pretty logo. Aside from the personal guilt most of us would feel if we sent a customer to another operator and that flight was involved in an accident, you can limit your legal liability by exercising due diligence prior to choosing supplemental lift providers. You owe it to your employees to protect the company from unnecessary legal risk. You owe it to your customers to put them with carefully chosen air carriers.

I encourage you to develop a detailed, documented process for evaluating your supplemental lift providers and use it for each and every trip you have to send to another air carrier. If you already have a process, give it a good hard look. Is it still valuable? Is it enough? Once you have a reasonable process in place, use it consistently and conscientiously. Be smart about supplemental lift.

Click here to visit or return to McFarren Aviation Consulting’s home page.

How to Have a Happy Audit

Over the past several weeks, I’ve presented several concerns frequently uncovered during third party audits of Part 135 operators, including ineffective internal evaluation programs; flight and duty issues for flight managers; errors in pilot training records; questionable use of “safety pilots”; and more. Here are some other tips for ensuring a happy audit:

1. Know Your Objective

What do you want to get out of this audit? If we’re all honest with each other, we know different audits have different meanings within your company. Is this a marketing move so you have a logo on your website? Does a particular client require the audit? Are you looking for an critical review of your safety program or operations? Do you want to improve operational processes?

None of these objectives are necessarily “wrong” or “bad”, although I don’t recommend telling the auditor you need a logo on your website so make it snappy. Most auditors will figure out your objective on the first day anyway. (True story: I once had four people ask me on the first day of an audit if we could finish the audit a day early. The main contact on that audit darkened the door of the conference room every afternoon promptly at 4:58, asking if the maintenance auditor and I were finished for the day. The operator’s staff wanted to leave at 5 whether we were finished for the day or not.) Your objective shouldn’t change the quality or content of your audit but it should help you gauge the resources you want to put towards the audit and any subsequent findings.

2. Be Prepared

You get the best quality audit if you are prepared. Complete the pre-audit checklist if the audit standard organization provides one. If a pre-audit checklist isn’t provided, complete the actual audit checklist to see where you stand. Close any gaps you identify before the auditor arrives. Send the auditors the checklist and relevant manuals at least a couple of weeks in advance, if it’s part of the standard protocol for this type of audit. It’s important for them to be prepared for the audit too.

Double check the revision status of your documents. Make sure you send the auditors current versions of documents. I’ve arrived to an audit before with an electronic rev 8 of the SMS and been given a hard copy rev 8 of the SMS. The documents didn’t match, even though they were both rev 8. Double check your revision numbers to make sure everyone is on the same page – literally.

3. Be Available

Be sure appropriate individuals (the Accountable Executive, Director of Operations, Director of Maintenance, Chief Pilot, and director of safety if you have one) are scheduled to be in the office for at least part of the audit. This is not a good time for the Accountable Executive to go on vacation or the DO to go to school for a week. If any critical personnel have scheduling conflicts, tell the auditors and determine an interview schedule. I know you fly airplanes for a living – not complete audits for a living – though it might seem that way sometimes – so I understand if the chief pilot or DO has to go fly. I can’t give you a complete audit if those individuals are unavailable for the entire period though. Make sure you are accessible to auditors for at least part of the audit.

This sounds obvious but provide appropriate resources for the auditors. Twice now I have conducted audits in lobbies. That is a really uncomfortable situation for both the auditors and the operator. To conduct a good systems audit, the mx and ops auditor have to be able to communicate and sometimes we’ll say things you don’t want your customers or even staff to hear. You might not even be doing anything wrong – we might just be sorting things out between the auditors – but it can be awkward.

4. Responding to Findings

Each audit standard has different requirements for timelines and expectations for corrective actions, so I won’t go into this in detail. Ask your auditor if the expectations are unclear. Be sure to keep track of the time remaining to submit corrective action plans or completed actions. Many audit standards require a process or procedure to meet a particular standard, not just a policy statement. Make sure the staff closing the audit findings know how to write a process or procedure and don’t just submit a policy statement and hope the auditor will accept it.

5. Solving Conflicts

We’re all human. Sometimes you and your auditor will disagree. This happens on maybe 1 out of 10 audits I conduct. In most cases, the operator and I reach a common understanding and the issue is resolved. In one case, I had to bring in the audit standard organization to mediate the issue. Remember the auditor is obligated to the audit standard organization – be it IBAC, ACSF, whoever – to uphold their standard. You might not like a particular requirement and that’s okay. You don’t have to like it. But if you want to play in their sandbox, you have to play by their rules.

Let’s say a standard is impossible for your particular operation to comply with, it is totally inconsistent with your operations model, or you just don’t like it. Keep in mind all of these standards exist because someone lobbied for the item to be included. If you disagree with a standard, I recommend one of the following actions: lobby the audit standard organization for an exemption; lobby the audit standard organization to change the standard itself (this is often a long process as most of the customer advisory boards or review boards only meet once a year); or convince the auditor you do something else that meets or exceeds the INTENT of the standard.

Final Thoughts

Keep an open mind. Sure some auditors like to hangar fly and drink coffee but many of them have good experience and insight and just want to help operators be safer and more efficient. Most of us would rather be there advising you than playing auditor cop but we do have a responsibility to uphold the audit standard and most audit standard organizations have strict rules against consulting while on the audit.

Know a good audit when you see. Did you have no findings? Not a one? Don’t go celebrate. You just wasted your time and money. Okay, if you’re a 135 operator and this is your 3rd round at IS-BAO or whichever audit, maybe you don’t have any actual findings. But different auditors should have different perspectives and might see something another auditor didn’t. If you don’t have any actual findings, were you at least provided with some suggestions for improvement?

Know the difference between a required standard and an auditor’s opinion. Sometimes I’ll offer a suggestion aside from the actual audit. You’re not required to do anything with that. I just saw something that might help you be safer or more efficient. You can take it or leave it. But if an auditor writes up a finding that you feel is not substantiated by the standard itself, question the auditor. If that doesn’t work, go to the audit standard organization. The auditor is there to verify compliance with the standard, not enforce their own opinion.

And finally, don’t assume because you just passed an FAA inspection that you will sail through an audit.  First, back to the “we’re all human” idea. Your inspectors might have missed something. On the other hand, your inspector might be allowing activity that isn’t really permitted. And guess who gets to pay if another inspector decides you aren’t in compliance? You do. Also, most third party audit standards are meant to enforce best practices, not just regulatory compliance.

Contact me at Lindsey@mcfarrenaviation.com or by phone at 703-445-2450 if you need assistance preparing for your next audit or closing audit findings!

Click here to return to or visit McFarren Aviation Consulting’s website.