January 12, 2024


Sofema Aviation Services (SAS) www.sassofia.com considers several key aspects related to the Advanced Compliance Auditing of the Air Navigation Services  Quality System.


Regulation (EU) 2017/373 outlines the responsibilities and procedures for competent authorities in the aviation sector when non-compliance with safety regulations is detected in service providers.

  • It establishes a system for analyzing findings, deciding on enforcement measures, and ensuring corrective actions are taken.

Key System Features

  • Ensure that the QA team remains independent from the audit process.

o   This will ensure unbiased audits and maintain the integrity of the quality system.

  • Within the entire business process it is important to clearly define the roles and responsibilities of QA (Compliance) and QC (System Process Delivery)

o   This will prevent overlaps and ensure that both functions operate efficiently.

  • Business area owners must take responsibility for the delivery of effective QC.

o   In this way they can ensure that they are accountable for the quality of their processes and products.

  • Continuous Training should be evident to ensure regular training of staff, supervisors, and managers on the importance of QC and their respective roles in ensuring quality.
  • Ensure open communication between the QAM, business area owners, and the Accountable Manager.

o   Ensure that any deficiencies are promptly addressed.

  • Establish a robust feedback mechanism where employees can report issues or provide suggestions.

o   This will foster a culture of continuous improvement.

  • Continuously review and update organizational processes and procedures to ensure they are in line with regulatory requirements and best practices.
  • When issues are identified, focus on understanding the root cause rather than just fixing the symptom. This will ensure that similar issues do not recur.

What Makes the Role of Compliance Auditing / Quality Assurance “Somewhat” Unique

  • EASA mandates that the QA auditor should be “Independent” from the Audit Process – This one-step removed requirement requires a fresh pair of eyes to perform the audit
  • Whilst Quality Assurance is independent and essentially looking at compliance the Quality Control role is embedded throughout the entire production process.

o   Consider Quality Control as the need to follow all the rules to deliver the production objectives in the best way. In terms of individual QC it depends where you are in the delivery process

  • For Front line staff QC means following the rules.
  • For Supervisors it means mentoring and managing the delivery of the rules and
  • For managers it means “writing” the rules.

Who is in Charge with Compliance Auditing?

Absolutely not the Compliance Manager / QAM!  Some organisations place the QAM in charge of the process and procedures believing in this way that the organization will demonstrate compliance and minimize any findings.

  • For such companies there are 2 comments:

o   The first is that the business is about producing a cost-effective product in the most efficient way if you provide this task to the QAM then the focus changes and the focus moves from business benefit to compliance benefit.

o   The second comment is that we either have a conflict between QAM & Business Area or worse the QAM is taking control and undermining the Business Area Owner

So please consider the following as a takeaway

  • EASA Quality Assurance is a service provider of “conformity status” to the Leadership Team & should share understanding of shortfalls & discrepancies and provide support to consider “possible solutions” but not to provide ownership of decisions which MUST sit with the Business Owner.
  • One of the many roles of the Post Holder is to protect the Accountable Manager by ensuring that all required compliances are satisfied in respect of the relevant business area.
  • It is very healthy within the organisation to ensure that the Post Holder is able to deliver Regulatory Compliance Independently of the QAM
  • It is incumbent on the QAM to ensure any identified deficiencies are also brought to the attention of the Accountable Manager in the most appropriate way. (If necessary with the support of the PH / NP and Safety Manager)

The Role of the Competent Authority

  • The Competent Authority (CA) will perform “oversight” audits of the organisation, however it should be understood that the purpose of these audits is entirely different to the needs of the organisation.
  • The regulatory authority is off course not part of the organisations QC or QA process and independently assesses what they wish when they wish.
  • It should also be said that lack of awareness not identified by the regulatory does not exonerate the organisation anyway from compliance.)

Concerning Regulatory Findings

The first question to ask is what findings has your organisation received from either regulatory auditors or other organisations (this could indeed include your organisation!)

  • These findings carry significant weight as it is possible that there are systemic issues within the organisation which should be understood.
  • As an auditor you should be very interested in understanding how the quality assurance system (the safety net) failed and how the business area created the issue in the first place.

This is the crux of an effective system – not that there are problems! Rather that the organisation is able to understand, address and mitigate its problems in the most effective way.

Concerning the depth of findings during the delivery of the Organizations Quality Assurance Program

  • Pay particular attention and what you are looking for is in fact effective identification and closure
  • Look for any repeat or system issues which have not been addressed
  • Consider to look back over the last 2 years (going further back is not of so much value).
  • Consider the size and depth of the audit program – how many hours spent auditing? Consider if you do not look then you do not find. (This will also guide you when you take a look within a business area)
  • Next look at the Internal Reporting System – how effective is this process – how willing are the employees in general to engage with the Compliance Auditing/ Quality Assurance System.

Next Steps

Follow this link to our Library to find & Download related documents for Free.

Please see the following course  EASA Quality Assurance Auditing Introduction for Air Navigation Services (ANS) – 3 Days

Visit our websites www.sassofia.com and www.sofemaonline.com or email team@sassofia.com



Accountable Manager, Air Navigation Services ANS, Audit Process, Aviation Compliance Auditing, Business Area Owner, Competent Authority (CA), Compliance Manager, EASA, Quality Assurance, Quality Assurance Program, Quality Control, Regulation (EU) 2017/373, SAS blogs, System Process Delivery