IS-BAO Audit Forms 2015
Operator:Address:
Date:
Evaluation Objective: / Stage One
Stage Two
Stage Three
International Business Aviation Council (IBAC)
Suite 16.33, 999 University Street
Montreal, Quebec, H3C 5J9, Canada
Tel 1-514-954-6198 Fax: 1-514-954-6161
i
IS-BAO Audit Report Form / International Business Aviation Council (IBAC)8.1 Audit Report Form
IBAC Decision / Date: / Stage: / Validity Period:Audit Date / No. of Days on Site
Operator Name & Address
Telephone
Operator Contact Name & Position / IBAC member association from which the operator purchased their copy of the IS-BAO:
Is it the current edition? / Yes / No
Audit Scope / Full System / Follow-up/Partial
SMS Stage One / Two / Three
If partial, elements covered: / `
Auditor / Audit Team Leader / Contact Information
Members / Email and Telephone
Audit Results and IS-BAO Registration Recommendation
Full Conformity / Minor Non-Conformity / Major Non-Conformity
Stage 1 / SMS is documented, approved, resourced, and being implemented.
Stage 2 / SMS is functioning and results are being measured; Safety risks are effectively managed;
Safety management activities are appropriately targeted.
Stage 3 / Stage 2 performance, plus SMS is sustained and supported by an on-going
improvement process; Safety management activities are fully integrated into the operator’s business; and a positive safety culture is being sustained. Applicable Performance Indicators are observed as being effective. (See APM 5.8.3)
1-Year Registration (Provisional)
2-Year Registration
3-Year Registration (Stage 3 only)
IS-BAO Auditor Signature / Date / Operator Representative Signature / Date
Summary of Audit Including Overall Assessment of the Appropriateness and Effectiveness of the Operator’s SMS and Other Management System Controls
Type of Operations Conducted
Non-commercial / Commercial / Aircraft Management Companies
(Comply with IBAC Policy Auditing Mgt Co)
Other / please specify
Total Number of Aircraft Operated
Total Number of Personnel
Total Number of Fixed-Wing
Total Number of Rotor-Wing
Types of Aircraft Operated
Home Operating Base
Additional Operating Bases
List of Persons Interviewed and Position or Job Title
(Interview a representative sample of line and management personnel)
Recommendations to improve or clarify the IS-BAO Standards and Audit Procedures Manual
Please input via this online form: IS-BAO Improvement Form
Additional Information
2
January 1, 2015
IS-BAO Audit Protocols / International Business Aviation Council (IBAC)ref. / Requirement / Conform / N/A / References / Comments/ Evidence of Non-Conformities
Y / N
3 Safety Management System
3.2 / Safety Policy and Objectives
3.2.1a / Management Commitment and Responsibility
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
Is there a safety policy that:
S1. Reflects management’s commitment to safety?
S2. Includes a clear statement about providing necessary resources?
S3. Includes safety reporting procedures?
S4. Clearly indicate which types of behaviours are unacceptable related to the organization’s aviation activities and include the circumstances under which disciplinary action would not apply?
S5. Is signed and dated by the Accountable Executive (AE)?
S6. Is communicated, with visible endorsement, throughout the organization?
S7. Is periodically reviewed to ensure it remains relevant and appropriate to the organization?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is the safety policy relevant to the scope and complexity of the organization’s operations?
A2. Is everyone aware of the safety policy?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is the safety policy reinforced by day-to-day decisions?
E2. Is everyone committed to enhancing safety performance?
E3. Is there visible evidence of management demonstrating by example?
3.2.1b / Safety Accountabilities
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
Has the organization:
S1. Identified the AE who has ultimate responsibility and accountability for the implementation and maintenance of the SMS?
S2. Established defined lines of safety accountability throughout the organization, including a direct accountability for safety on the part of senior management?
S3. Identified the accountabilities of all members of the organization with respect to the safety performance of the SMS?
S4. Documented safety responsibilities, accountabilities and authorities and communicated these throughout the organization?
S5. Defined the levels of management with authority to make decisions regarding safety risk tolerability?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Do the AE’s terms of reference indicate his/her ultimate responsibility for the SMS?
A2. Are there clear lines of safety accountabilities throughout the organisation?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Are the resources available to manage risks effectively?
E2. Does everyone know their role in the SMS and participate accordingly?
3.2.1c / Appointment of Key Safety Personnel
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1.Does the SMS documentation include an appointment of a safety manager?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is the safety manager properly trained?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Are the results of safety management activities formally recorded and analysed?
3.2.1d / Coordination of ERP
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1.Does the SMS documentation include an ERP that is properly coordinated with the emergency response plans of those organizations it must interface with during the provision of its services?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is the ERP regularly tested, updated and addresses all possible or likely emergency/ crisis scenarios including coordination with other organisations as appropriate?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is there a procedure appropriate to the size, nature and complexity of the organization with periodic review of the ERP to ensure its continuing relevance and effectiveness?
3.2.1e / SMS Documentation
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Does the SMS documentation include an SMS implementation plan, formally endorsed by the organization, which defines the organization’s approach to the management of safety in a manner that meets the organization’s safety objectives? (Stage 1 only);
S2. Does the organization’s SMS documentation describe:
i. Safety policy and objectives;
ii. SMS requirements?
iii. SMS processes and procedures;
iv. Accountabilities, responsibilities and authorities for processes and procedures; and
v. SMS outputs?
S3. Does the organization have an SMS manual? (may be part of the operations manual)
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is the SMS documentation readily available to ALL personnel?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is there evidence that the SMS documentation is regularly reviewed and updated?
E2. Does the documentation provide evidence that safety objectives are being met?
3.2.2 / Safety Risk Management
3.2.2a / Hazard Identification
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Is there a formal process to ensure hazards are identified?
Note: A safety-risk profile (SRP) or similar document is the foundation for the SMS and is updated periodically. See “SMS Guidance Manual” Section 9.2, in the SMS Toolkit.
S2. Is the hazard identification process based on a combination of reactive, proactive and predictive methods of safety data collection?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is there a reporting system to capture errors, hazards and near misses that is simple to use and accessible to all personnel?
A2. Is there a procedure to review hazards/risks from external reports?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Are hazards, errors, near misses, and audit findings being identified and reported throughout the organization?
E2. Are employees confident they can report apparent safety deficiencies without retribution?
E3. Are both internal and external information used to update the safety risk profile?
E4. Is there a procedure for periodic review of existing risk analysis records?
3.2.2b / Risk Assessment and Mitigation
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Is there a formal process to manage safety risks that includes:
i. Analysis?
ii. Assessment?
iii. Control?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Does the AE and management team have visibility of medium and high risks and their controls?
A2. Do training programs highlight safety critical issues identified in the safety risk profile?
A3. Does the Ops Manual contain mitigation described in the safety risk profile?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Does the organisation use its risk management results to develop best practices?
E2. Is the information indicating the need to change respected, valued, validated, and used?
E3. Is there consistent feedback to encourage the future participation of managers and employees?
E4. Is the Operations Manual consistently employed by operational managers and staff?
E5. Does mitigation take into account Human Factors and Organizational Factors?
3.2.3 / Safety Assurance
3.2.3a / Safety Performance Monitoring and Measurement
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Is there a process and/or procedure to validate the effectiveness of the safety risk controls?
S2. Has the organization established safety performance indicators (SPI’s) and targets?
Note: For examples of SPIs & Targets, see Measuring Safety Performance and Stage 3 SPIs
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Has the organisation developed a series of safety performance indicators that are appropriate to the type of operation?
A2. Are safety indicators and targets specific, measurable, agreed to, relevant and time-based?
A3. Is the information from occurrences analyzed and where appropriate, used to upgrade policies and procedures?
A4. Are priorities regularly reviewed, reassessed and, if required, reassigned to address safety issues?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Are safety targets being achieved?
E2. Is there a means to measure and monitor trends and take appropriate action when necessary?
E3. Have the controls for the safety risks been evaluated?
E4. Are the results from internal audits used to measure safety performance?
3.2.3b / Management of Change
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Does the organization have a process to identify changes which may affect the level of safety risks associated with its operation and to identify and manage the safety risks that may arise from those changes?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Are stakeholders involved in the change management process?
A2. Are there procedures for managing the revisions of documents, manuals, and checklists?
A3. Are changes to critical documents communicated throughout the organization?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Does the organisation use the SMS to proactively assess all major changes to the organisation and its operations such as new aircraft, hangars or personnel?
E2. Do staff members always use up-to-date documents, manuals, checklists, and/or procedures?
3.2.3c / Continuous Improvement
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Is there a process or procedure to ensure continuous improvement of the SMS?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Is there an internal audit/ assessment process and a follow-up procedure to address audit findings?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is there evidence of improvements to policies, procedures, and/or processes based on internal audit findings?
3.2.4 / Safety Promotion
3.2.4.a / Training and Education
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
S1. Has the organization developed and maintained safety training programmes that ensure that personnel are competent to perform their SMS duties?
S2. Is the scope of the safety training appropriate to each individual’s involvement in the SMS?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Does training include human and organisational factors with the intent of reducing human error?
A2. Does technical training (i.e. pilot, maintenance, dispatch/ scheduling, etc.) reinforce SMS principles (i.e. human factors, organizational factors, risk assessments, risk management, etc.)?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is there evidence that all personnel involved in SMS operations have undergone appropriate SMS training?
E2. Are executives, managers, and staff capable of performing their roles to proactively manage safety?
3.2.4b / Safety Communication
SOUND (Documented, Trained, Foundation in Place to Effectively Manage Risks)
Has the organization developed and maintained a formal means of safety communication that:
S1. Ensures personnel are aware of the SMS to a degree commensurate with their positions?
S2. Conveys safety-critical information?
S3. Explains why particular safety actions are taken?
S4. Explains why safety procedures are introduced or changed?
APPROPRIATE (Properly Targeted, Well-Designed to Effectively Manage Risks)
A1. Are significant events and investigation outcomes from internal and external sources communicated to all personnel?
EFFECTIVE (Measured, Desired Results Being Achieved, Risks are Effectively Managed)
E1. Is there evidence that all personnel are aware of the SMS, safety critical information, and their role in respect of aviation safety?
3.3 / Compliance Monitoring
3.3.1 / Has the operator established and maintained a system for identifying applicable regulations, standards, approvals, exemptions and demonstrated compliance with them?
(See IG for methods to ensure compliance)
3.4 / Flight Data Analysis
3.4.1 / Has the organization established a flight data analysis programme (Recommended Practice)
Comments, Observations, and Recommendations
Analysis of Non-Conformities/Findings
Element / 4 Organization and Personnel Requirements
4.1 Organization and Personnel
4.1.1 / Does the operator have an organization structure that clearly defines qualifications, duties, authorities & accountabilities of the:
a. Manager of the operation;
b. Person responsible for managing the flying operations; and
c. A person responsible for aircraft maintenance?
4.1.2 / Where the organization has more than one operating base, has the organization structure addressed the exercise of management of the above responsibilities at all locations?
4.2 Aircraft Crew Member Duties and Responsibilities
4.2.1 / Does the operator have a procedure to ensure that the minimum number of flight crew as specified in the aircraft flight manual or other document associated with the C of A, and the minimum numbers of cabin crew members, as required by State of Registry regulations, are assigned?