November 24, 2022


Sofema Aviation Services (SAS) considers the best practice process to analyze the available data to determine any Audit Findings.


It is the responsibility of the leadership team to identify the level of risk which can be tolerated by the organizational system (to call it the “Risk Appetite”) moreover to ensure that all Risks, Responses, and Actions are properly classified and reported.

To be effective the process should ensure that responses to risks are effective but not excessive in managing inherent risks within the framework of this risk appetite.

When it is understood that residual risk is not in line with the risk appetite additional action should be taken.

The Entire Process of Risk Management should be monitored on a continuous basis to include both the effective responses and the completion of any previously performed actions

The Use of Data to Develop the Risk Profile

Quality Auditing is a prescriptive process whereas Safety System Auditing is more subjective requiring the auditor’s judgment to continuingly evaluate the evidence and determine when procedures are sufficient to minimize audit risk.

Having a comprehensive set of data allows a quantitative assessment to be made regarding risk and exposure which allows a greater degree of confidence.

Building a Data Model Using Taxonomy Standards

Through the development and use of taxonomies and standards, we are able to benefit from the ability to align data from multiple sources.

Taxonomies support the creation of a framework retrieval and analysis of information.

Each category should be identified consisting of both groups and the associated sub-groups which must be comprehensive exclusive and clearly defined.

Taxonomies May be:

  • Custom based
  • Used from other sources, according to the use, the purpose and the scope, and the extent of their use.
  • Within the aviation industry a typical Taxonomy standard is CAST/ ICAO Common Taxonomy Team (CICTT) standards which are updated every quarter.

o Some of the categories included are: aircraft make/model/series, engines make/model, phases of flight, occurrence categories, Human Factors, aerodrome etc.

Some other aviation related taxonomies are:

(University of Texas) UT ASAP Pilot Reporting

Aviation Safety Reporting System (ASRS) Anomaly Codes

BA Safety Information System (BASIS)

ICAO Accident/ Incident Reports Data Reporting System (ADREP) 2000

Human Factors Analysis and Classification System (HFACS)

Aviation Casual Contributors for Events Reporting System (ACCERS)

Threat and Error Management (TEM)                                   

Data Processing Management & Methodology

It is important that data acquisition and management sources must be supported to ensure we can achieve

  • Capturing,
  • Mapping,
  • Transcribing,
  • Analysis,
  • Mitigation Development,
  • Quality Monitoring (Data quality needs to be an ongoing process with continuous monitoring.

o Validity / Timeliness,
o Consistency,
o Accessibility,
o Completeness,
o Accuracy,
o Security,
o Data quality needs to be an ongoing process with continuous monitoring.

Data Analysis

  • Review to determine whether findings are unique (isolated)or indicative of systemic policy, process, or procedural problems.
  • Safety programs include the capture and analysis of employee safety/hazard reports, the investigation of operational incidents and accidents, the oversight of risk assessment activities, and flight operations data assessment programs.
  • Reactive events require identification of root cause and establishment of corrective actions (mitigations) to prevent reoccurrence or limit frequency to acceptable risk levels.
  • The focus of safety/hazard reports should reveal concentrate on objective facts to identify system deficiencies & improve system reliability.

Next Steps

Follow this link to our Library to find & Download related documents for Free.

Sofema offers EASA Compliant Organizational Development through Risk Based Auditing & Measurement of Effectiveness as a 2 Days training program available as a classroom, either in company or open or as a web based instructor led training course. For additional information, please see or email


Audit, Audit Findings, Aviation Audit, Aviation Risk, Data Analysis, ICAO, International Civil Aviation Organisation (ICAO), Risk Management, Safety System Auditing, SAS blogs, Taxonomy