Introduction to Risk-Based Auditing presented by Sofema Aviation Services (SAS) www.sassofia.com
Definitions
Risk-based Oversight (RBO): A way of performing oversight, where:
- planning is driven by the combination of risk profile and safety performance; and
- execution focuses on the management of risk, in addition to ensuring compliance.
Risk Profile: The elements of risk that are inherent to the nature and the operations of the regulated entity, this includes:
- the specific nature of the organization/operator;
- the complexity of its activities;
- the risks stemming from the activities carried out.
Safety Performance: The demonstration of how effectively can a regulated entity (e.g. operator) mitigate its risks, substantiated through the proven ability to:
- comply with the applicable requirements;
- implement and maintain effective safety management;
- identify and manage safety risks;
- achieve and maintain safe operations;
Note – The results of past certification and/or oversight also need to be taken into account.
What Is a Risk-Based Approach in Auditing?
A Traditional audit approach typically embraces a controls-based approach that inspects and verifies that compliance and other required controls are operating according to an established set of criteria.
Conversely, a risk-based approach provides a more forward-looking perspective which is aimed at addressing potential risks that could prevent an organization from achieving its objectives.
Win-Win
When a risk-based auditing approach is paired with a service delivery mindset the benefit of developing bespoke approaches is based on the importance / Value / Risk of the particular business area.
A risk-based audit approach starts with a conventional audit plan which is essentially modified based on various assessment criteria. However to note the important consideration:
A true risk-based audit approach starts with an assessment of managementās top risks. As well as ensuring mandatory compliance audits on the plan shall be designed to ensure that we address those risks and provide insights back to senior management.
What is the Difference between Performance-Based Oversight (PBO) and Risk-Based Oversight (RBO)
The concept of āperformanceā conveys the idea of tangibly measuring the health of the system under scrutiny and ultimately assessing its overall performance.
- Performance indicators, as a means to measure, may specifically help to either identify risks within that system or measure safety risks, or monitor actions mitigating these risks.
- This means that a PBO can also support the identification of areas of greater risks and serve the risk assessment and mitigation exercise. This is exactly where PBO meets RBO.
Additional Features of a Risk-Based Audit System
- Planning is driven by the combination of risk profile and safety performance.
- Delivered with a focus on the management identified risks.
- Must address compliance
- Must address managementās highest priority risks.
Benefits of Risk-Based Approaches in Internal Audits
- Data collection is critical to the success of Risk-Based Auditing
- Timely Response to organizational risks
- Specific feedback to Management to support a better understanding of ongoing issues
Next Steps
Sofema offers EASA Compliant Organizational Development through Risk-Based Auditing & Measurement of Effectiveness as a 2 Days training program available as a classroom, either in company or open or as a web-based instructor-led training course.
Please seeĀ www.sofemaonline.comĀ or emailĀ team@sassofia.com
To view course details Check hereĀ
Tags:
Aviation Training, EASA, safety performance, SAS training, Risk-Based Auditing, Risk-based Oversight, Performance-Based Oversight, Internal Audits, Audit System