Sofema Aviation (SA) considers in depth the process to identify systemic risks before they become findings in an EASA audit, additionally how to ensure that the Quality Control processes are compliant and effective.
Introduction
In the EASA environment, the shift from purely compliance-based oversight to performance-based oversight requires organizations to move beyond “checking boxes.” To maintain a robust AOC (Air Operator Certificate), Part-145, or Part-CAMO approval, internal audits must function as a diagnostic tool rather than just a verification exercise.
Enhancing Audit Depth with Root Cause Analysis (RCA)
Audits often fail because they stop at the Direct Cause (what happened) rather than reaching the Root Cause (why the system allowed it to happen).
Summary of Concerns for EASA Compliance
The “Paperwork vs. Reality” Gap: The biggest risk in EASA auditing is an organization that looks perfect on paper but operates differently on the hangar floor or in the cockpit.
- Focus on Documentation: Ensure that the CAME (Continuing Airworthiness Management Exposition) or MOE (Maintenance Organization Exposition) actually reflects what people do.
- Evidence-Based Auditing: Auditors should spend 20% of their time in the office and 80% “on-site” observing real-time tasks.
How would you describe the current relationship between your Quality department and the operational teams—is it viewed as a partnership or a “policing” force?
Identifying Systemic Risks Before They Become Findings
EASA expects a proactive Safety Management System (SMS). Systemic risks are the “latent conditions” that sit quietly in your organization until a specific set of circumstances triggers a non-compliance or incident.
The Swiss Cheese Model Approach
Systemic risks occur when the “holes” in your layers of defense align. To catch these before an external EASA auditor does:
- Data Aggregation: Don’t look at audit findings in isolation. Use Trend Analysis to see if minor discrepancies in different departments (e.g., Training and Maintenance) point to a shared cultural or resource issue.
- The “Pre-Mortem” Technique: During internal audits, ask staff: “If this process were to fail tomorrow, how would it happen?” This identifies “Normalization of Deviance” where staff have created “workarounds” that haven’t caused trouble yet.
- Safety Culture Surveys: Systemic risk is often rooted in culture. If technicians feel pressured to meet “On-Time Performance” (OTP) at the expense of “Technical Dispatch,” that is a systemic risk that will eventually manifest as a major audit finding.
Enhancing Audit Depth with Root Cause Analysis (RCA)
Audits often fail because they stop at the Direct Cause (what happened) rather than reaching the Root Cause (why the system allowed it to happen).
- The “Blame” Trap – Identifying “Human Error” as a root cause is a common failure. In EASA terms, human error is a symptom of a systemic weakness, not the cause.
- Use structured tools like the Fishbone (Ishikawa) Diagram or the 5 Whys. Auditors should be trained in Human Factors (HF) to understand why a technician or coordinator deviated from a procedure.
- “Repeat Findings.” If the same finding appears in consecutive audits, the previous RCA was likely ineffective or the corrective action was only a “band-aid.”
Strategic Shift: From “What” to “How”
Instead of asking, “Is this document signed?” (Compliance), ask, “How does the current workflow ensure this document is signed every time, even during peak operational pressure?” (Performance/Depth).
Ensuring Quality Control (QC) is Compliant and Effective
While Quality Assurance (QA) checks the system, Quality Control (QC) checks the product (the aircraft, the part, the data). In an EASA framework, QC must be the “first line of defense.”
Challenges: QC vs. QA Confusion
A common item of concern is when an organization relies on the Internal Auditor to catch technical errors. By the time an auditor finds a mistake, the QC process has already failed.
Best Practices for Effective QC:
Layered Audits (LPA): Implement high-frequency, very short checks by department leads. This ensures that “Quality” is owned by production, not just the Quality Department.
Competency-Based Assessments: Ensure that QC staff (e.g., Certifying Staff or Support Staff) are not just “qualified” on paper but “competent” in practice. EASA Part-145.A.35 emphasizes this distinction.
Independence of the Compliance Monitoring Manager (CMM): To remain effective, the quality system must have a direct reporting line to the Accountable Manager, bypassing intermediate operational pressures.
Summary of Concerns for EASA Compliance
The “Paperwork vs. Reality” Gap: The biggest risk in EASA auditing is an organization that looks perfect on paper but operates differently on the hangar floor or in the cockpit.
- Focus on Documentation: Ensure that the CAME (Continuing Airworthiness Management Exposition) or MOE (Maintenance Organization Exposition) actually reflects what people do.
- Evidence-Based Auditing: Auditors should spend 20% of their time in the office and 80% “on-site” observing real-time tasks.
How would you describe the current relationship between your Quality department and the operational teams – is it viewed as a partnership or a “policing” force?
Next Steps
Join Sofema for a free EASA Compliance Auditors Masterclass on 20 May, led by industry expert and CEO, Steven Bentley. This session will explore the evolving auditor role under Part-CAMO and SMS, focusing on risk-based auditing and modern competencies. Register here as places are limited.
Explore 525+ aviation courses at Sofema, or contact [email protected] for support.
Tags:
Part 145, Root Cause Analysis, AOC, CAME, MOE, EASA compliance, Part CAMO, sasblogs, Sofema Aviation Services (SAS), Sofema Aviation (SA), EASA audit
