Regulations, standards and contracts define what need to be audited and in what timeframe (e.g. in 1 or 2 years). Consequently scheduled audits, internal and external, are performed in repeating (e.g. yearly or bi-yearly) auditing cycles, usually (directly or indirectly) approved by the applicable National Aviation Authority (NAA).

Frequency of scheduled audits might be increased due to in service experience, recent safety reports and previous audit finding or combined with unscheduled audits, usually focused only on the problematic part of scheduled audit. Based on risk assessment, frequency of scheduled audits might also be reduced, but usually in combination with some kind of desktop audits or updating questionnaires in between, to maintain the contact. Frequency of external service providers audits may vary even inside the same type of provider due to different scope (e.g. line and/or base maintenance) and/or size (e.g. one weekly or 20 wet lease flights daily) of supplied service resulting in different impact/influence on our operations and safety aspects in particular.


Audit Cycle Plan is the initial point for strategic planning of all internal and external audits. This Audit Cycle Plan (usually prepared by the Compliance Manager and approved by the Accountable Manager) is also a part of a controlled company safety documentation, separately or indirectly (as a part of related documents approval) approved by National Aviation Authority.

Audit Cycle Plan covers one audit cycle (e.g. 1 or 2 years), at the beginning as a planning document and later as the cover auditing record. Actually it is a list of all scheduled audits, which need to be performed inside one audit cycle. It contains information about what (defined by the name of the audit) and who (defined by organizational unit / process / organization and related Lead Auditee) need to be audited, duration of the audit (by audit days / hours and when approximately (e.g. in which month) the audit shall be performed. Who will perform the audit (names of Lead Auditor and Auditors) is defined in the operational version of the approved Audit Cycle Plan.

Some companies prefer frequent small (e.g. 1 audit day) audits, while others prefer broad audits which takes several days at once. Broad audits are usually preferred by big companies due to scheduling and logistic reasons. Audit Cycle Plan is the source for operational planning of all there listed scheduled audits, usually periodically (e.g. monthly) performed by the administrator.

Audit Plan is the initial point for operational planning of each audit. In addition to data contained in the approved Audit Cycle Plan, it contains information about actual audit start/end time and location, audit scope(s) and the list of all audit Items which need to be checked during the audit.

Audit Team is also part of the Audit Plan, identifying Lead Auditor and usually one or more Scope Auditors. Smaller companies are fond of “one man band” audit teams, however Audit Team with at least two members, Lead Auditor and one Scope Auditor, were found in practice as a more effective way to conduct audits. Rotating auditors' roles (lead auditor - scope auditor) during 3 audit cycles is considered as good industry practice and therefore three members Audit Teams are ideal for such purpose. Starting as new in the team in cycle 1, the auditor will be already familiar with the audited organization or unit in cycle 2, very knowledgeable in cycle 3 and removed before cycle 4 to avoid complacency.

While rotating auditors' roles is optional, auditor’s independence is mandatory and shall be established by ensuring that audits are carried out by personnel not responsible for the function, procedure or products being audited. It is also mandatory that all audits are performed under the responsibility of the Compliance Manager. (When internal staff has been engaged in the audit management process, all audits and findings reports should be forwarded to the Compliance Manager and not to theirs Operational Managers)

Lead Auditor & Scope Auditors shall be planned i.a.w. their endorsements or capabilities, meaning for audits from the audit area of their competences, resulting from their background, knowledge, skills and experience. Audit areas might be structured per related regulations (e.g. Continuing Airworthiness / Maintenance, Air Operations, Air Crew) and/or standard sections (e.g. ORG, FLT, CAB, DSP, MNT, GRH, CGO). Auditors shall fulfill initial / continuous qualification & training requirements (covering auditing techniques and applicable regulations / standards). Related to auditing experience, every auditor shall accumulate a certain number of audit days per audit cycle to be considered current. Also, one of audits per audit cycle shall be performed under supervision of evaluator and formally managed and recorded as auditor’s assessment or evaluation.


All above elements shall be taken into account and defined before the audit is announced, soon enough, to the Auditee and Audit Team. Soon enough in practice means before the Auditee plans are made; e.g. if the Auditee and his/her team members are crew members planned on a monthly basis and plan inputs shall be received the latest till the middle of the previous month, we need to announce the audit 3-7 weeks earlier. It was found as a good practice to inform crew scheduling dept about the auditing needs (who to be present on the audit from auditor’s and auditee’s side and for how many days/hours) and they respond by the most optimal dates in possible audit period defined in Audit Cycle Plan.

Some NAAs allow some audit performance flexibility (due to operational reasons) by allowing some deviations in advance (e.g. audit might be performed also a month before or a month after the month stated in the approved Audit Cycle Plan) without notifying them, some NAAs don’t. I see this as a result of how trustful the relation between NAA and the Company is. Therefore I suggest you consider open and honest communication with your NAA as long term investment. Finally you share the same goal and common goals are easier to reach by partnership.

Andrej Petelin

Aviation Safety and Compliance Professional
July, 2020