info@aacsltd.co.uk
in f
Home
Industries
Airlines Airports Business & Commercial Maintenance Part 145 Start-Ups Government & Regulatory Rail, Shipping & Ports Environmental
Services
Safety Management Systems Accident Investigation Aviation Start-Up Airport Consulting Air Cargo & Logistics ISO Quality Management Operations Manuals Aircraft Acquisition Part 145 Approval
Training
SMS Training Airport Training Human Factors CRM Training Online E-Learning
Insight About AACS Meet the Team Customers Contact Us

Independent SMS Audit & Assurance

Independent SMS Audit & Assurance

Independent Safety Management System Audit, Gap Analysis & Assurance for Airlines, Aerodrome Operators, Charter Operators, ATOs, Part 145 Organisations and Transport Operators across UK CAA, EASA and ICAO Frameworks

Every regulated aviation and transport organisation that holds an approved Safety Management System carries the same fundamental risk: the gap between the SMS that is documented and the SMS that actually functions in the operational environment. That gap is not unusual. It is common. It develops gradually, through the accumulation of small divergences between what the system was designed to do and what it is actually doing — an occurrence reporting rate that has quietly declined, a safety performance indicator that is dutifully compiled but never triggers action, a safety review board that produces minutes without producing decisions, a just culture policy that crew no longer trust in practice.
The gap is consequential. The SMS frameworks that fail to prevent accidents are almost never absent. They are present — documented, approved, apparently compliant. What they lack is the operational effectiveness that makes the difference between a safety management system that changes outcomes and one that generates paperwork. The accident investigation reports that follow serious events in organisations with established SMS programmes are consistent in what they find: the systemic conditions that produced the accident were visible within the organisation’s safety data, and the SMS did not surface or act on them.
Independent SMS audit and assurance is the mechanism through which an aviation or transport organisation obtains an honest, external assessment of whether its safety management system is functioning — not whether it is documented, not whether it satisfies the compliance checklist, but whether it is actually doing the safety work it is designed to do. An internal assessment, conducted by the organisation’s own safety team, cannot provide this. The people closest to the system are the least able to see where it has drifted from effective operation. The authority’s oversight assessment provides a degree of external scrutiny but is not structured as a detailed operational effectiveness audit. Independent external assessment fills that gap.
Aerospace and Aviation Consulting Services (AACS) provides independent SMS audit and assurance services across the full range of regulated aviation and transport organisation types — airlines, aerodrome operators, charter and non-scheduled operators, Approved Training Organisations, Part 145 maintenance organisations, maritime operators and rail organisations. We assess SMS frameworks against the applicable regulatory requirements, against the operational reality of the organisation, and against the standard of genuine effectiveness — the standard that determines whether the SMS is actually reducing risk rather than documenting it.

Who We Support

  • Airlines and commercial air transport operators
  • Aerodrome operators and airport authorities
  • Charter and non-scheduled operators
  • Approved Training Organisations and FTOs
  • Part 145 Approved Maintenance Organisations
  • CAMOs and Part-M organisations
  • Maritime operators under the ISM Code
  • Rail organisations under the Common Safety Method
  • Organisations preparing for authority oversight
  • Organisations responding to authority SMS findings
  • Organisations seeking assurance following a safety event
  • Boards and senior leadership seeking independent SMS assurance
  • Investors and acquirers conducting safety due diligence

Why Independent SMS Audit Matters

Internal Assessment Cannot See What External Assessment Can

The safety manager who designed the SMS, has maintained it for three years and reviews it monthly is not the person best placed to assess whether it is functioning effectively. Not because of incompetence or lack of commitment — but because proximity to a system prevents the independent perspective that honest assessment requires. The normalisation of deviation is a well-documented phenomenon in safety management: practices that initially appear as departures from the intended standard gradually become the accepted way of operating, and the people embedded in the system stop seeing them as deviations at all. Independent external assessment is the mechanism that breaks this normalisation — that surfaces the gaps which internal familiarity has rendered invisible.
This is not a criticism of internal safety management functions. It is a structural observation about the limits of self-assessment, and it applies equally to organisations with well-resourced, highly capable safety teams. The question an independent audit answers is not ‘does this organisation have competent safety management?’ It is ‘is this organisation’s safety management system doing what it is supposed to do?’ Those are different questions, and only independent assessment can answer the second one reliably.

Enquire About This Service

Speak to one of our specialists about how AACS can support your organisation.

Get in Touch
info@aacsltd.co.uk

Standards We Work To

  • ICAO Annex 19
  • EASA Regulations
  • UK CAA Standards
  • ISO 9001:2015

Related

The Authority’s Oversight Is Not a Detailed Effectiveness Audit

Competent authority oversight — whether by the UK CAA, EASA, the Maritime and Coastguard Agency, the Office of Rail and Road, or an equivalent national authority — provides an important external perspective on SMS compliance. But authority oversight is not structured as a detailed operational effectiveness audit. It assesses whether the required SMS elements are present, whether the documentation is adequate, and whether the organisation appears to be operating the system as described. It is not designed to conduct the deep assessment of reporting culture, SPI quality, investigation rigour and safety review board effectiveness that operational effectiveness requires.

An independent SMS audit from AACS is not the same as an authority oversight assessment. It is more granular, more operationally focused and more honest in its findings. The authority oversight assessment determines whether the organisation is compliant. The AACS independent audit determines whether the SMS is working — and those two assessments frequently produce different answers.

The Triggers for Independent SMS Audit

Organisations commission independent SMS audits for a variety of reasons. The trigger is not always an obvious problem. Some of the most valuable independent audits are conducted by organisations whose SMS appears to be functioning adequately — and which discover through independent assessment that the apparent adequacy conceals material gaps in operational effectiveness.

TriggerWhat Independent Audit Provides
Pre-oversight audit preparationIndependent assessment of SMS readiness ahead of UK CAA, EASA or other authority oversight visit — identifying and addressing gaps before the authority finds them.
Authority SMS finding responseStructured independent analysis of the finding, its root causes and the corrective action required — providing the authority with credible, expert-backed remediation.
Post-safety event assuranceFollowing a serious incident or accident, independent assessment of whether the SMS was functioning as designed and what systemic conditions the event has revealed.
Periodic independent assuranceOrganisations with mature SMS programmes commissioning periodic independent review to verify operational effectiveness and identify drift from intended performance.
Organisational changeFollowing merger, acquisition, management change or significant operational expansion — verifying that the SMS remains fit for the evolved organisation.
SMS maturity developmentOrganisations seeking to develop SMS maturity beyond initial regulatory compliance — using independent assessment to identify the improvement priorities that will make the most difference to safety performance.
Board-level assuranceBoards and senior leadership teams seeking independent confirmation that the safety management reporting they receive accurately reflects the organisation’s safety performance.
Safety due diligenceInvestors, acquirers and principals commissioning independent SMS assessment as part of due diligence on a regulated aviation or transport organisation.

An independent SMS audit is not a compliance check. It is an effectiveness assessment. The question it answers is not whether the SMS is documented — it is whether the SMS is working. AACS provides both the regulatory knowledge to assess compliance and the operational depth to assess effectiveness.

What AACS Independent SMS Audit Assesses

An AACS independent SMS audit is structured around eight assessment domains, each of which addresses a dimension of SMS effectiveness that compliance documentation alone cannot reveal. The assessment is calibrated to the organisation type and its applicable regulatory framework — the audit methodology for an airline differs from that for an aerodrome operator, and both differ from a Part 145 maintenance organisation. But the eight domains apply across all organisation types.

1. SMS Framework Completeness & Regulatory Alignment

The foundation of any SMS audit is an assessment of whether the four ICAO pillars — safety policy, safety risk management, safety assurance and safety promotion — are present in the organisation’s SMS and whether the framework satisfies the applicable regulatory requirements. This assessment is conducted against the specific regulatory framework: ORO.GEN.200 for AOC holders, ORA.GEN.200 for ATOs, CAP 168 for aerodrome operators, Part 145.A.200 for maintenance organisations, the ISM Code for maritime operators, or the Common Safety Method for rail organisations.

Completeness assessment examines:

  • Whether all four SMS pillars are present and substantively implemented, not merely referenced in policy documentation
  • Whether the SMS framework is proportionate to the organisation’s size and operational complexity, as required by applicable AMC and guidance material
  • Whether the organisation’s SMS documentation — OM-A, Aerodrome Manual, exposition, Safety Management System description — accurately describes the system as implemented
  • Whether the SMS has been updated to reflect regulatory changes, organisational changes and operational evolution since initial implementation
  • Whether integration with the compliance monitoring function is present and operational — compliance findings treated as safety data, audit outputs feeding the SMS improvement cycle

2. Hazard Identification & Risk Assessment Quality

A Safety Management System whose hazard identification process has not been conducted with genuine rigour — or whose risk assessments have not been updated as the operational environment has evolved — is operating on a false picture of the organisation’s risk profile. The controls in place may be controlling the wrong risks. The SPIs may be monitoring the wrong indicators. The safety review board may be making decisions based on a hazard register that no longer reflects current operations.

AACS assesses hazard identification and risk assessment quality by examining:

  • Whether the hazard identification process has captured the specific hazards of the organisation’s operational environment — not generic aviation hazards, but the hazards present in this operation, with this fleet, on these routes or at this aerodrome
  • Whether risk assessments are methodologically sound — likelihood and consequence criteria appropriate to the operational context, risk ratings that reflect real operational exposure rather than optimistic assumptions
  • Whether the barrier and control analysis accurately identifies the defences in place, and whether those defences are tested for effectiveness rather than assumed to be working
  • Whether the hazard register has been updated to reflect operational changes, fleet changes, route changes, regulatory changes and the learning from occurrence investigation
  • Whether the risk assessment process is documented in a form that supports the organisation’s safety review and corrective action processes

3. Safety Performance Indicator Effectiveness

Safety Performance Indicators are only useful if they measure the right things, are governed by meaningful alert and action thresholds, are analysed with genuine rigour, and drive corrective action when thresholds are breached. An SPI framework that measures what is easy to count rather than what is operationally significant, that generates data reviewed at safety board meetings without producing decisions, or that is not connected to the hazard register and risk assessment process, provides no meaningful safety assurance — regardless of how well it is documented.

AACS assesses SPI effectiveness by examining:

  • Whether the SPIs selected are operationally meaningful for the specific organisation type — whether they surface the leading indicators of developing risk rather than only lagging counts of events that have already occurred
  • Whether alert and action thresholds are defined, whether they are set at levels that provide genuine warning rather than simply confirming that a problem already exists, and whether threshold breaches reliably generate the escalation and intervention they are supposed to trigger
  • Whether SPI data is analysed for trend — whether the organisation can distinguish a statistically significant deterioration in safety performance from normal variation
  • Whether SPI outputs are connected to the hazard register, the occurrence reporting system and the safety review process in a way that enables integrated safety intelligence rather than isolated metric reporting
  • Whether SPI monitoring generates safety improvements that can be demonstrated — whether the SPI framework is driving the SMS improvement cycle or simply documenting safety performance

4. Occurrence Reporting System & Reporting Culture

The occurrence reporting system is the primary data collection mechanism of the SMS. Its effectiveness depends not on its design but on whether operational personnel actually use it — and the degree to which they use it is determined by the safety culture, the just culture framework, the quality of feedback to reporters, and the evidence they see that reports produce action. An occurrence reporting system that is technically well-designed but produces a reporting rate significantly below what the operation’s risk profile would suggest is not functioning. The hazards are present. They are not being reported.

AACS assesses the occurrence reporting system and reporting culture by examining:

  • Reporting rate analysis — evaluating whether the volume and category distribution of occurrence reports is consistent with the operational risk profile, and identifying the gap where it is not
  • Report quality assessment — examining whether reports contain sufficient information to support meaningful safety analysis, or whether reporting culture produces minimal, formulaic submissions that tell the safety team little
  • Just culture framework assessment — evaluating whether the just culture policy is credible in the operational environment: whether its boundary definitions are clear, whether the organisation’s application of just culture principles in practice matches the policy commitment, and whether operational staff believe the protection it offers is real
  • Feedback mechanism assessment — evaluating whether reporters receive meaningful feedback on what their report identified and what the organisation did about it, and whether the absence or inadequacy of feedback is suppressing reporting behaviour
  • Near miss reporting assessment — specifically evaluating whether the reporting culture produces near miss reports, which are the leading safety data that enables proactive risk management, at rates consistent with the operational environment
  • Anonymous reporting assessment — where anonymous reporting channels exist, evaluating their accessibility, usage rates and integration with the main reporting system

5. Safety Investigation Quality & Systemic Rigour

The purpose of occurrence investigation in a safety management system is to identify the systemic conditions that produced the event — the organisational factors, the latent hazards, the absent or failed defences — so that corrective action can address the root cause rather than its surface manifestation. Investigation that identifies only the immediate cause and recommends retraining of the individual involved does not reduce the probability of recurrence. It redistributes the failure mode, and it generates corrective actions whose closure can be documented without any actual improvement in safety.

AACS assesses investigation quality by examining:

  • Systemic focus — whether investigation methodology consistently identifies organisational and systemic causal factors rather than stopping at proximate human error
  • Investigation methodology rigour — whether the organisation’s investigation process employs structured root cause analysis, causal factor identification and barrier analysis, or whether it relies on unstructured narrative description
  • Corrective action quality — whether investigation outputs generate corrective actions targeted at the systemic causes identified, and whether those actions are proportionate to the risk the causal factors represent
  • Corrective action tracking — whether corrective actions are tracked to verified closure, and whether closure verification confirms that the action has actually been implemented and is having the intended effect
  • Investigation triage — whether the organisation’s threshold framework for investigation depth is appropriate — ensuring that significant occurrences receive the investigative resource they warrant, and that investigative capacity is not consumed by events that can be adequately managed through trending and monitoring
  • Closed-loop learning — whether investigation findings feed back into the hazard register, the risk assessment, the SPI framework and the safety review board in a way that closes the SMS learning cycle

6. Safety Review Board Governance & Effectiveness

The safety review board is the governance mechanism through which the SMS’s safety intelligence is reviewed by leadership and converted into decisions. A safety review board that meets, receives data presentations, produces minutes recording what was presented, and adjourns without making decisions that change operational practice is not performing its function. It is performing the appearance of its function. The gap between safety data received and safety decisions made is one of the most consistently identified failure modes in independent SMS assessment.

AACS assesses safety review board governance and effectiveness by examining:

  • Governance structure — whether the review board has appropriately defined terms of reference, membership that includes genuine decision-making authority, and a meeting cadence that matches the operational risk environment
  • Data quality and presentation — whether the safety data presented at the safety review board is sufficient in quality and analytical depth to support genuine safety decision-making, or whether it is primarily a reporting exercise
  • Decision quality — whether the safety review board makes genuine safety decisions — directing corrective action, authorising resource for risk treatment, escalating unresolved risks — or whether it produces observational minutes without directive content
  • Action tracking — whether corrective actions agreed at the safety review board are tracked to verified closure, and whether the board reviews progress at subsequent meetings
  • Senior leadership engagement — whether the Accountable Manager and senior post-holders are genuinely engaged with the safety review board’s outputs, and whether leadership safety behaviour is consistent with the organisation’s stated safety policy
  • Cross-functional integration — whether the safety review board receives safety intelligence from across the organisation’s operational functions, not only from the safety management team

7. Safety Culture Assessment

Safety culture is the organisational condition that determines whether the SMS’s formal mechanisms — the reporting system, the investigation process, the SPI framework, the safety review board — actually work in practice. An organisation with strong safety culture will generate reporting rates, investigation engagement and management safety behaviour that amplifies the effectiveness of every other SMS component. An organisation with weak safety culture will undermine those same components, producing reporting systems that are not used, investigation processes that identify surface causes, and safety review boards that do not generate decisions.

Safety culture cannot be assessed from documentation. It must be assessed through direct engagement with the operational community — the people who work in the safety-critical roles and whose behaviour determines whether the SMS functions. AACS assesses safety culture by:

  • Structured interviews with operational personnel across all relevant role categories — flight crew, instructors, ramp agents, maintenance engineers, operations controllers, depending on organisation type
  • Management safety leadership assessment — evaluating whether the visible behaviour of senior management and post-holders is consistent with the safety policy commitment, and whether that behaviour reinforces or undermines the reporting culture
  • Just culture credibility assessment — going beyond policy documentation to evaluate whether the people who are supposed to be protected by the just culture framework actually trust that protection in practice
  • Reporting culture observation — understanding why people do or do not report, what they believe happens to reports when they are submitted, and whether their experience of the feedback and action cycle supports continued reporting behaviour
  • Safety communication assessment — evaluating whether safety information is communicated effectively to the operational community, whether safety performance is visible to the people whose behaviour it depends on, and whether the safety management framework is understood at the operational level

8. SMS Documentation & Regulatory Compliance

The SMS must be accurately documented in the organisation’s mandatory documentation — OM-A for AOC holders, the Aerodrome Manual for aerodrome operators, the organisation exposition for ATOs and Part 145 organisations, the Safety Management System description for maritime operators. The authority will examine this documentation at oversight. But more importantly, the documentation must accurately describe the SMS as it actually functions — not the SMS as it was designed to function at initial approval, and not the SMS the organisation aspires to operate.

AACS assesses SMS documentation by examining:

  • Accuracy — whether the documented SMS reflects the system as actually implemented in the organisation’s current operational environment
  • Completeness — whether all required SMS elements are addressed in the documentation to the depth the applicable regulatory framework requires
  • Currency — whether the documentation has been updated to reflect organisational changes, operational changes, regulatory changes and the learning from occurrence investigation and safety review
  • Consistency — whether the SMS documentation is internally consistent and consistent with other mandatory documentation (operations manual, exposition, aerodrome manual) that references the SMS
  • Authority readiness — whether the SMS documentation is structured and presented in a way that will withstand scrutiny at authority oversight, and whether it accurately represents what the authority will find when it examines the operational SMS

The AACS Audit Process

Stage 1: Scope Definition & Pre-Audit Documentation Review

Every AACS independent SMS audit begins with a structured scoping discussion to define the audit objectives, the organisation’s specific concerns, the regulatory framework applicable to the audit scope, and any particular areas of focus — whether driven by authority findings, safety events, organisational change or the organisation’s own assessment priorities. This scoping stage ensures that the audit delivers what the organisation actually needs, not a generic assessment product.

The pre-audit documentation review examines the organisation’s SMS documentation — OM-A, Aerodrome Manual, exposition, occurrence reports, SPI data, safety review board minutes and investigation reports — before the on-site audit phase. This enables the auditor to identify the divergences between documented and operational SMS that on-site assessment will then investigate in depth, and to prepare structured interview frameworks calibrated to the specific gaps the documentation review has identified.

Stage 2: On-Site Assessment

The on-site audit phase is the core of the independent assessment. It combines structured interviews across the full range of relevant personnel categories, direct observation of safety management processes in operation, and examination of safety data in the operational context where it is generated and used. The on-site phase is designed not to confirm what the documentation says but to test whether it is accurate — to understand how the SMS actually functions in the operational environment rather than how it is described in the manual.

On-site assessment activities include:

  • Structured interviews with Accountable Manager and senior post-holders — assessing safety leadership, governance engagement and the credibility of the just culture framework at leadership level
  • Structured interviews with operational personnel — flight crew, instructors, ramp agents, engineers, controllers, depending on organisation type — assessing reporting culture, SMS awareness, just culture credibility and the operational reality of the safety management framework
  • Safety Manager and safety team interviews — assessing SMS operational capability, investigation methodology, SPI analysis practice and safety review board preparation
  • Safety review board observation or review — attending a safety review board or reviewing recent board records to assess governance quality, decision-making and action tracking
  • Occurrence reporting system walkthrough — examining the reporting process from submission through assessment to feedback and action, identifying where reports are lost, delayed or inadequately processed
  • SPI data review — examining the actual SPI data being generated against the defined indicators and thresholds, assessing analytical practice and the connection between SPI outputs and safety decisions
  • Investigation file review — examining a sample of recent investigation reports in detail to assess systemic rigour, corrective action quality and closed-loop learning

Stage 3: Finding Analysis & Report Production

AACS produces a structured independent audit report that is direct, evidence-based and actionable. The report does not present findings as diplomatic observations that require interpretation. It presents each finding with the evidence that supports it, the regulatory or effectiveness standard against which it is assessed, the risk that the finding represents, and the corrective action required to address it. Findings are prioritised by risk significance, enabling the organisation to direct its remediation resource where it will have the greatest impact on safety performance.

The audit report includes:

  • Executive summary — a direct assessment of overall SMS effectiveness for senior leadership and board audiences, without the technical detail of the full report
  • Findings by assessment domain — structured findings across each of the eight assessment domains, with evidence, risk rating and corrective action for each
  • Compliance assessment — specific assessment of compliance with the applicable regulatory framework, clearly distinguishing compliance findings from effectiveness findings
  • Strength identification — identifying the elements of the SMS that are functioning effectively and should be preserved as the organisation addresses areas of weakness
  • Prioritised improvement roadmap — a structured, sequenced corrective action plan that addresses findings in order of risk significance and builds on the organisation’s existing SMS strengths
  • Regulatory engagement guidance — where findings are relevant to authority oversight, specific guidance on how to present the organisation’s remediation to the competent authority

Stage 4: Remediation Support

AACS provides structured support for the remediation of audit findings, whether through advisory on the corrective actions the organisation will implement itself, or through direct involvement in the redesign of SMS components that the audit has identified as inadequate. Remediation support is provided on the terms the organisation requires — from high-level advisory on corrective action priorities through to hands-on redesign of the occurrence reporting system, the SPI framework, the investigation methodology or the safety review board governance.

For organisations responding to authority findings, AACS supports the development and presentation of the corrective action plan — ensuring that the organisation’s response is credible, structured and sufficient to satisfy the authority’s remediation expectations.

SMS Audit Scope by Organisation Type

While the eight assessment domains apply across all organisation types, the specific audit scope, regulatory framework and operational focus vary significantly by organisation type. AACS audits are calibrated to the specific environment — not a generic aviation SMS audit methodology applied uniformly regardless of organisation.

Organisation TypeSpecific Audit Focus & Regulatory Framework
Airlines & Commercial Air TransportORO.GEN.200 / ICAO Annex 19. Specific focus: crew reporting culture across flight, cabin and ground operations; SPI framework across route network scale; investigation systemic rigour; safety review board governance in large-carrier structures; compliance monitoring integration.
Aerodrome OperatorsCAP 168 / CAP 642 / ICAO Annex 14 / Annex 19. Specific focus: multi-employer SMS interface governance; tenant and contractor safety management standard setting and monitoring; movement area hazard management; runway incursion risk management; integrated safety data from across the airside community.
Charter & Non-Scheduled OperatorsORO.GEN.200 / ICAO Annex 19. Specific focus: proportionality — whether the SMS is right-sized for the operator; commercial pressure risk management; just culture credibility in small-operator environments; NP dual-role governance; OM-A accuracy.
Approved Training OrganisationsORA.GEN.200 / ICAO Annex 19. Specific focus: solo flight risk management framework; instructor fatigue risk management; progression pressure identification and control; student reporting culture; just culture dynamics in the instructor-student relationship.
Part 145 Maintenance OrganisationsPart 145.A.200 / ICAO Annex 19. Specific focus: maintenance error reporting culture; human factors integration; shift handover and task interruption risk management; certifying staff just culture; compliance monitoring SMS integration; contracted maintenance interface.
Maritime Operators (ISM Code)ISM Code / SOLAS / flag state requirements. Specific focus: shipboard vs shore-based SMS integration; DPA effectiveness; near miss reporting culture across vessel and shore office; emergency preparedness; port state control readiness.
Rail OrganisationsCommon Safety Method / Railway Safety Directive. Specific focus: interface risk management between infrastructure manager and train operator; safety performance indicator framework; occurrence investigation systemic rigour; safety verification and validation processes.

What Genuine SMS Effectiveness Looks Like

The standard against which AACS conducts independent SMS audit is not the minimum required for regulatory compliance. It is the standard of genuine operational effectiveness — the SMS performance level at which the framework is actually reducing risk rather than documenting it. Understanding what that standard looks like in each assessment domain provides the benchmark against which audit findings are assessed.

Assessment DomainWhat Genuine Effectiveness Looks Like
Hazard identification & risk assessmentThe hazard register reflects the operational environment as it currently exists — not as it was when the SMS was first certified. Risk assessments have been reviewed following operational changes. The barrier analysis has been tested: controls are verified to be working, not assumed. The risk picture the leadership sees in safety review accurately reflects the risk the operation faces.
Safety Performance IndicatorsSPIs measure the leading indicators of developing risk, not only the lagging counts of events already occurred. Alert thresholds are set at levels that provide genuine early warning. Threshold breaches reliably trigger investigation and corrective action. SPI data is analysed for trend, not merely compiled. The safety review board makes decisions based on SPI outputs.
Occurrence reporting cultureReporting rates are consistent with what the organisation’s operational risk profile would predict. Near miss reporting is active — the organisation is receiving intelligence about conditions before they produce events. Just culture is credible in practice: operational staff trust the protection it offers and the feedback they receive confirms that reports are acted upon. The reporting system is not the mechanism that limits reporting — the remaining limit is the irreducible residual of events that staff genuinely did not recognise as reportable.
Safety investigationInvestigation consistently identifies systemic causal factors — organisational conditions, latent hazards, absent defences — rather than stopping at proximate human error. Corrective actions address the systemic causes, are proportionate to the risk and are tracked to verified effectiveness. Investigation learning feeds back into the hazard register and the SPI framework. The organisation’s safety data record shows evidence of systemic improvement over time.
Safety review boardThe safety review board receives safety intelligence of sufficient quality to support genuine decision-making. It makes decisions — directing corrective action, authorising resource, escalating unresolved risk. Corrective actions are tracked at subsequent meetings. The Accountable Manager and senior leadership are genuinely engaged. Board minutes demonstrate that safety data produced decisions, not observations.
Safety cultureOperational staff at all levels can accurately describe the organisation’s safety reporting system and their role in it. They trust the just culture framework in practice. They submit reports and receive feedback that tells them their reports made a difference. Management safety behaviour is consistent with the safety policy commitment and is visible to the operational community. Safety management is not a separate department’s activity — it is a shared organisational value.

The AACS Independence Standard

An independent SMS audit is only as valuable as the independence of the auditor. AACS has no commercial relationship with any aviation authority, training software provider, SMS platform vendor or industry group that would influence our findings. We do not audit organisations whose SMS we have designed, where this would compromise genuine independence. Our findings reflect the evidence. We do not moderate them to manage a client relationship.


The value of an independent audit depends entirely on the auditor’s willingness to report what they find — including findings that are uncomfortable, that identify systemic problems in functions the organisation values, or that require significant corrective action. An independent audit that moderates its findings to preserve a commercial relationship is not providing independent assurance. It is providing the appearance of independent assurance, which is worse than no audit at all because it gives the organisation false confidence.

AACS advisors bring direct operational and regulatory experience across the full range of aviation and transport organisation types. We have held Nominated Person positions in commercial aviation organisations, designed and implemented SMS frameworks from the ground up, and engaged with competent authorities on SMS compliance across UK CAA, EASA and ICAO frameworks. Our audit findings are grounded in operational understanding of what effective SMS performance looks like in practice — not in a checklist of regulatory requirements.

We are direct in our reporting. An organisation whose SMS has serious effectiveness gaps will receive a report that clearly describes those gaps, their risk significance and the corrective action required. That directness is the product the organisation is commissioning. Without it, the audit has no value.

Speak to an AACS Specialist

Whether you are preparing for authority oversight, responding to a regulatory finding, seeking assurance following a safety event, commissioning periodic independent review of your SMS maturity, or conducting safety due diligence on a regulated organisation, AACS provides the independent expertise to deliver an honest, rigorous and operationally grounded assessment.

We will be direct about what independent audit involves, what it will identify, and what value it will deliver for your organisation.

Independent SMS Audit & Assurance

Independent Safety Management System Audit, Gap Analysis & Assurance for Airlines, Aerodrome Operators, Charter Operators, ATOs, Part 145 Organisations and Transport Operators across UK CAA, EASA and ICAO Frameworks

Every regulated aviation and transport organisation that holds an approved Safety Management System carries the same fundamental risk: the gap between the SMS that is documented and the SMS that actually functions in the operational environment. That gap is not unusual. It is common. It develops gradually, through the accumulation of small divergences between what the system was designed to do and what it is actually doing — an occurrence reporting rate that has quietly declined, a safety performance indicator that is dutifully compiled but never triggers action, a safety review board that produces minutes without producing decisions, a just culture policy that crew no longer trust in practice.

The gap is consequential. The SMS frameworks that fail to prevent accidents are almost never absent. They are present — documented, approved, apparently compliant. What they lack is the operational effectiveness that makes the difference between a safety management system that changes outcomes and one that generates paperwork. The accident investigation reports that follow serious events in organisations with established SMS programmes are consistent in what they find: the systemic conditions that produced the accident were visible within the organisation’s safety data, and the SMS did not surface or act on them.

Independent SMS audit and assurance is the mechanism through which an aviation or transport organisation obtains an honest, external assessment of whether its safety management system is functioning — not whether it is documented, not whether it satisfies the compliance checklist, but whether it is actually doing the safety work it is designed to do. An internal assessment, conducted by the organisation’s own safety team, cannot provide this. The people closest to the system are the least able to see where it has drifted from effective operation. The authority’s oversight assessment provides a degree of external scrutiny but is not structured as a detailed operational effectiveness audit. Independent external assessment fills that gap.

Aerospace and Aviation Consulting Services (AACS) provides independent SMS audit and assurance services across the full range of regulated aviation and transport organisation types — airlines, aerodrome operators, charter and non-scheduled operators, Approved Training Organisations, Part 145 maintenance organisations, maritime operators and rail organisations. We assess SMS frameworks against the applicable regulatory requirements, against the operational reality of the organisation, and against the standard of genuine effectiveness — the standard that determines whether the SMS is actually reducing risk rather than documenting it.

 

Who We Support

Airlines and commercial air transport operators │ Aerodrome operators and airport authorities │ Charter and non-scheduled operators │ Approved Training Organisations and FTOs │ Part 145 Approved Maintenance Organisations │ CAMOs and Part-M organisations │ Maritime operators under the ISM Code │ Rail organisations under the Common Safety Method │ Organisations preparing for authority oversight │ Organisations responding to authority SMS findings │ Organisations seeking assurance following a safety event │ Boards and senior leadership seeking independent SMS assurance │ Investors and acquirers conducting safety due diligence

 

Why Independent SMS Audit Matters

Internal Assessment Cannot See What External Assessment Can

The safety manager who designed the SMS, has maintained it for three years and reviews it monthly is not the person best placed to assess whether it is functioning effectively. Not because of incompetence or lack of commitment — but because proximity to a system prevents the independent perspective that honest assessment requires. The normalisation of deviation is a well-documented phenomenon in safety management: practices that initially appear as departures from the intended standard gradually become the accepted way of operating, and the people embedded in the system stop seeing them as deviations at all. Independent external assessment is the mechanism that breaks this normalisation — that surfaces the gaps which internal familiarity has rendered invisible.

This is not a criticism of internal safety management functions. It is a structural observation about the limits of self-assessment, and it applies equally to organisations with well-resourced, highly capable safety teams. The question an independent audit answers is not ‘does this organisation have competent safety management?’ It is ‘is this organisation’s safety management system doing what it is supposed to do?’ Those are different questions, and only independent assessment can answer the second one reliably.

The Authority’s Oversight Is Not a Detailed Effectiveness Audit

Competent authority oversight — whether by the UK CAA, EASA, the Maritime and Coastguard Agency, the Office of Rail and Road, or an equivalent national authority — provides an important external perspective on SMS compliance. But authority oversight is not structured as a detailed operational effectiveness audit. It assesses whether the required SMS elements are present, whether the documentation is adequate, and whether the organisation appears to be operating the system as described. It is not designed to conduct the deep assessment of reporting culture, SPI quality, investigation rigour and safety review board effectiveness that operational effectiveness requires.

An independent SMS audit from AACS is not the same as an authority oversight assessment. It is more granular, more operationally focused and more honest in its findings. The authority oversight assessment determines whether the organisation is compliant. The AACS independent audit determines whether the SMS is working — and those two assessments frequently produce different answers.

The Triggers for Independent SMS Audit

Organisations commission independent SMS audits for a variety of reasons. The trigger is not always an obvious problem. Some of the most valuable independent audits are conducted by organisations whose SMS appears to be functioning adequately — and which discover through independent assessment that the apparent adequacy conceals material gaps in operational effectiveness.

 

Trigger

What Independent Audit Provides

Pre-oversight audit preparation

Independent assessment of SMS readiness ahead of UK CAA, EASA or other authority oversight visit — identifying and addressing gaps before the authority finds them.

Authority SMS finding response

Structured independent analysis of the finding, its root causes and the corrective action required — providing the authority with credible, expert-backed remediation.

Post-safety event assurance

Following a serious incident or accident, independent assessment of whether the SMS was functioning as designed and what systemic conditions the event has revealed.

Periodic independent assurance

Organisations with mature SMS programmes commissioning periodic independent review to verify operational effectiveness and identify drift from intended performance.

Organisational change

Following merger, acquisition, management change or significant operational expansion — verifying that the SMS remains fit for the evolved organisation.

SMS maturity development

Organisations seeking to develop SMS maturity beyond initial regulatory compliance — using independent assessment to identify the improvement priorities that will make the most difference to safety performance.

Board-level assurance

Boards and senior leadership teams seeking independent confirmation that the safety management reporting they receive accurately reflects the organisation’s safety performance.

Safety due diligence

Investors, acquirers and principals commissioning independent SMS assessment as part of due diligence on a regulated aviation or transport organisation.

 

An independent SMS audit is not a compliance check. It is an effectiveness assessment. The question it answers is not whether the SMS is documented — it is whether the SMS is working. AACS provides both the regulatory knowledge to assess compliance and the operational depth to assess effectiveness.

 

What AACS Independent SMS Audit Assesses

An AACS independent SMS audit is structured around eight assessment domains, each of which addresses a dimension of SMS effectiveness that compliance documentation alone cannot reveal. The assessment is calibrated to the organisation type and its applicable regulatory framework — the audit methodology for an airline differs from that for an aerodrome operator, and both differ from a Part 145 maintenance organisation. But the eight domains apply across all organisation types.

 

1. SMS Framework Completeness & Regulatory Alignment

The foundation of any SMS audit is an assessment of whether the four ICAO pillars — safety policy, safety risk management, safety assurance and safety promotion — are present in the organisation’s SMS and whether the framework satisfies the applicable regulatory requirements. This assessment is conducted against the specific regulatory framework: ORO.GEN.200 for AOC holders, ORA.GEN.200 for ATOs, CAP 168 for aerodrome operators, Part 145.A.200 for maintenance organisations, the ISM Code for maritime operators, or the Common Safety Method for rail organisations.

Completeness assessment examines:

  • Whether all four SMS pillars are present and substantively implemented, not merely referenced in policy documentation
  • Whether the SMS framework is proportionate to the organisation’s size and operational complexity, as required by applicable AMC and guidance material
  • Whether the organisation’s SMS documentation — OM-A, Aerodrome Manual, exposition, Safety Management System description — accurately describes the system as implemented
  • Whether the SMS has been updated to reflect regulatory changes, organisational changes and operational evolution since initial implementation
  • Whether integration with the compliance monitoring function is present and operational — compliance findings treated as safety data, audit outputs feeding the SMS improvement cycle

 

2. Hazard Identification & Risk Assessment Quality

A Safety Management System whose hazard identification process has not been conducted with genuine rigour — or whose risk assessments have not been updated as the operational environment has evolved — is operating on a false picture of the organisation’s risk profile. The controls in place may be controlling the wrong risks. The SPIs may be monitoring the wrong indicators. The safety review board may be making decisions based on a hazard register that no longer reflects current operations.

AACS assesses hazard identification and risk assessment quality by examining:

  • Whether the hazard identification process has captured the specific hazards of the organisation’s operational environment — not generic aviation hazards, but the hazards present in this operation, with this fleet, on these routes or at this aerodrome
  • Whether risk assessments are methodologically sound — likelihood and consequence criteria appropriate to the operational context, risk ratings that reflect real operational exposure rather than optimistic assumptions
  • Whether the barrier and control analysis accurately identifies the defences in place, and whether those defences are tested for effectiveness rather than assumed to be working
  • Whether the hazard register has been updated to reflect operational changes, fleet changes, route changes, regulatory changes and the learning from occurrence investigation
  • Whether the risk assessment process is documented in a form that supports the organisation’s safety review and corrective action processes

 

3. Safety Performance Indicator Effectiveness

Safety Performance Indicators are only useful if they measure the right things, are governed by meaningful alert and action thresholds, are analysed with genuine rigour, and drive corrective action when thresholds are breached. An SPI framework that measures what is easy to count rather than what is operationally significant, that generates data reviewed at safety board meetings without producing decisions, or that is not connected to the hazard register and risk assessment process, provides no meaningful safety assurance — regardless of how well it is documented.

AACS assesses SPI effectiveness by examining:

  • Whether the SPIs selected are operationally meaningful for the specific organisation type — whether they surface the leading indicators of developing risk rather than only lagging counts of events that have already occurred
  • Whether alert and action thresholds are defined, whether they are set at levels that provide genuine warning rather than simply confirming that a problem already exists, and whether threshold breaches reliably generate the escalation and intervention they are supposed to trigger
  • Whether SPI data is analysed for trend — whether the organisation can distinguish a statistically significant deterioration in safety performance from normal variation
  • Whether SPI outputs are connected to the hazard register, the occurrence reporting system and the safety review process in a way that enables integrated safety intelligence rather than isolated metric reporting
  • Whether SPI monitoring generates safety improvements that can be demonstrated — whether the SPI framework is driving the SMS improvement cycle or simply documenting safety performance

 

4. Occurrence Reporting System & Reporting Culture

The occurrence reporting system is the primary data collection mechanism of the SMS. Its effectiveness depends not on its design but on whether operational personnel actually use it — and the degree to which they use it is determined by the safety culture, the just culture framework, the quality of feedback to reporters, and the evidence they see that reports produce action. An occurrence reporting system that is technically well-designed but produces a reporting rate significantly below what the operation’s risk profile would suggest is not functioning. The hazards are present. They are not being reported.

AACS assesses the occurrence reporting system and reporting culture by examining:

  • Reporting rate analysis — evaluating whether the volume and category distribution of occurrence reports is consistent with the operational risk profile, and identifying the gap where it is not
  • Report quality assessment — examining whether reports contain sufficient information to support meaningful safety analysis, or whether reporting culture produces minimal, formulaic submissions that tell the safety team little
  • Just culture framework assessment — evaluating whether the just culture policy is credible in the operational environment: whether its boundary definitions are clear, whether the organisation’s application of just culture principles in practice matches the policy commitment, and whether operational staff believe the protection it offers is real
  • Feedback mechanism assessment — evaluating whether reporters receive meaningful feedback on what their report identified and what the organisation did about it, and whether the absence or inadequacy of feedback is suppressing reporting behaviour
  • Near miss reporting assessment — specifically evaluating whether the reporting culture produces near miss reports, which are the leading safety data that enables proactive risk management, at rates consistent with the operational environment
  • Anonymous reporting assessment — where anonymous reporting channels exist, evaluating their accessibility, usage rates and integration with the main reporting system

 

5. Safety Investigation Quality & Systemic Rigour

The purpose of occurrence investigation in a safety management system is to identify the systemic conditions that produced the event — the organisational factors, the latent hazards, the absent or failed defences — so that corrective action can address the root cause rather than its surface manifestation. Investigation that identifies only the immediate cause and recommends retraining of the individual involved does not reduce the probability of recurrence. It redistributes the failure mode, and it generates corrective actions whose closure can be documented without any actual improvement in safety.

AACS assesses investigation quality by examining:

  • Systemic focus — whether investigation methodology consistently identifies organisational and systemic causal factors rather than stopping at proximate human error
  • Investigation methodology rigour — whether the organisation’s investigation process employs structured root cause analysis, causal factor identification and barrier analysis, or whether it relies on unstructured narrative description
  • Corrective action quality — whether investigation outputs generate corrective actions targeted at the systemic causes identified, and whether those actions are proportionate to the risk the causal factors represent
  • Corrective action tracking — whether corrective actions are tracked to verified closure, and whether closure verification confirms that the action has actually been implemented and is having the intended effect
  • Investigation triage — whether the organisation’s threshold framework for investigation depth is appropriate — ensuring that significant occurrences receive the investigative resource they warrant, and that investigative capacity is not consumed by events that can be adequately managed through trending and monitoring
  • Closed-loop learning — whether investigation findings feed back into the hazard register, the risk assessment, the SPI framework and the safety review board in a way that closes the SMS learning cycle

 

6. Safety Review Board Governance & Effectiveness

The safety review board is the governance mechanism through which the SMS’s safety intelligence is reviewed by leadership and converted into decisions. A safety review board that meets, receives data presentations, produces minutes recording what was presented, and adjourns without making decisions that change operational practice is not performing its function. It is performing the appearance of its function. The gap between safety data received and safety decisions made is one of the most consistently identified failure modes in independent SMS assessment.

AACS assesses safety review board governance and effectiveness by examining:

  • Governance structure — whether the review board has appropriately defined terms of reference, membership that includes genuine decision-making authority, and a meeting cadence that matches the operational risk environment
  • Data quality and presentation — whether the safety data presented at the safety review board is sufficient in quality and analytical depth to support genuine safety decision-making, or whether it is primarily a reporting exercise
  • Decision quality — whether the safety review board makes genuine safety decisions — directing corrective action, authorising resource for risk treatment, escalating unresolved risks — or whether it produces observational minutes without directive content
  • Action tracking — whether corrective actions agreed at the safety review board are tracked to verified closure, and whether the board reviews progress at subsequent meetings
  • Senior leadership engagement — whether the Accountable Manager and senior post-holders are genuinely engaged with the safety review board’s outputs, and whether leadership safety behaviour is consistent with the organisation’s stated safety policy
  • Cross-functional integration — whether the safety review board receives safety intelligence from across the organisation’s operational functions, not only from the safety management team

 

7. Safety Culture Assessment

Safety culture is the organisational condition that determines whether the SMS’s formal mechanisms — the reporting system, the investigation process, the SPI framework, the safety review board — actually work in practice. An organisation with strong safety culture will generate reporting rates, investigation engagement and management safety behaviour that amplifies the effectiveness of every other SMS component. An organisation with weak safety culture will undermine those same components, producing reporting systems that are not used, investigation processes that identify surface causes, and safety review boards that do not generate decisions.

Safety culture cannot be assessed from documentation. It must be assessed through direct engagement with the operational community — the people who work in the safety-critical roles and whose behaviour determines whether the SMS functions. AACS assesses safety culture by:

  • Structured interviews with operational personnel across all relevant role categories — flight crew, instructors, ramp agents, maintenance engineers, operations controllers, depending on organisation type
  • Management safety leadership assessment — evaluating whether the visible behaviour of senior management and post-holders is consistent with the safety policy commitment, and whether that behaviour reinforces or undermines the reporting culture
  • Just culture credibility assessment — going beyond policy documentation to evaluate whether the people who are supposed to be protected by the just culture framework actually trust that protection in practice
  • Reporting culture observation — understanding why people do or do not report, what they believe happens to reports when they are submitted, and whether their experience of the feedback and action cycle supports continued reporting behaviour
  • Safety communication assessment — evaluating whether safety information is communicated effectively to the operational community, whether safety performance is visible to the people whose behaviour it depends on, and whether the safety management framework is understood at the operational level

 

8. SMS Documentation & Regulatory Compliance

The SMS must be accurately documented in the organisation’s mandatory documentation — OM-A for AOC holders, the Aerodrome Manual for aerodrome operators, the organisation exposition for ATOs and Part 145 organisations, the Safety Management System description for maritime operators. The authority will examine this documentation at oversight. But more importantly, the documentation must accurately describe the SMS as it actually functions — not the SMS as it was designed to function at initial approval, and not the SMS the organisation aspires to operate.

AACS assesses SMS documentation by examining:

  • Accuracy — whether the documented SMS reflects the system as actually implemented in the organisation’s current operational environment
  • Completeness — whether all required SMS elements are addressed in the documentation to the depth the applicable regulatory framework requires
  • Currency — whether the documentation has been updated to reflect organisational changes, operational changes, regulatory changes and the learning from occurrence investigation and safety review
  • Consistency — whether the SMS documentation is internally consistent and consistent with other mandatory documentation (operations manual, exposition, aerodrome manual) that references the SMS
  • Authority readiness — whether the SMS documentation is structured and presented in a way that will withstand scrutiny at authority oversight, and whether it accurately represents what the authority will find when it examines the operational SMS

 

The AACS Audit Process

Stage 1: Scope Definition & Pre-Audit Documentation Review

Every AACS independent SMS audit begins with a structured scoping discussion to define the audit objectives, the organisation’s specific concerns, the regulatory framework applicable to the audit scope, and any particular areas of focus — whether driven by authority findings, safety events, organisational change or the organisation’s own assessment priorities. This scoping stage ensures that the audit delivers what the organisation actually needs, not a generic assessment product.

The pre-audit documentation review examines the organisation’s SMS documentation — OM-A, Aerodrome Manual, exposition, occurrence reports, SPI data, safety review board minutes and investigation reports — before the on-site audit phase. This enables the auditor to identify the divergences between documented and operational SMS that on-site assessment will then investigate in depth, and to prepare structured interview frameworks calibrated to the specific gaps the documentation review has identified.

Stage 2: On-Site Assessment

The on-site audit phase is the core of the independent assessment. It combines structured interviews across the full range of relevant personnel categories, direct observation of safety management processes in operation, and examination of safety data in the operational context where it is generated and used. The on-site phase is designed not to confirm what the documentation says but to test whether it is accurate — to understand how the SMS actually functions in the operational environment rather than how it is described in the manual.

On-site assessment activities include:

  • Structured interviews with Accountable Manager and senior post-holders — assessing safety leadership, governance engagement and the credibility of the just culture framework at leadership level
  • Structured interviews with operational personnel — flight crew, instructors, ramp agents, engineers, controllers, depending on organisation type — assessing reporting culture, SMS awareness, just culture credibility and the operational reality of the safety management framework
  • Safety Manager and safety team interviews — assessing SMS operational capability, investigation methodology, SPI analysis practice and safety review board preparation
  • Safety review board observation or review — attending a safety review board or reviewing recent board records to assess governance quality, decision-making and action tracking
  • Occurrence reporting system walkthrough — examining the reporting process from submission through assessment to feedback and action, identifying where reports are lost, delayed or inadequately processed
  • SPI data review — examining the actual SPI data being generated against the defined indicators and thresholds, assessing analytical practice and the connection between SPI outputs and safety decisions
  • Investigation file review — examining a sample of recent investigation reports in detail to assess systemic rigour, corrective action quality and closed-loop learning

Stage 3: Finding Analysis & Report Production

AACS produces a structured independent audit report that is direct, evidence-based and actionable. The report does not present findings as diplomatic observations that require interpretation. It presents each finding with the evidence that supports it, the regulatory or effectiveness standard against which it is assessed, the risk that the finding represents, and the corrective action required to address it. Findings are prioritised by risk significance, enabling the organisation to direct its remediation resource where it will have the greatest impact on safety performance.

The audit report includes:

  • Executive summary — a direct assessment of overall SMS effectiveness for senior leadership and board audiences, without the technical detail of the full report
  • Findings by assessment domain — structured findings across each of the eight assessment domains, with evidence, risk rating and corrective action for each
  • Compliance assessment — specific assessment of compliance with the applicable regulatory framework, clearly distinguishing compliance findings from effectiveness findings
  • Strength identification — identifying the elements of the SMS that are functioning effectively and should be preserved as the organisation addresses areas of weakness
  • Prioritised improvement roadmap — a structured, sequenced corrective action plan that addresses findings in order of risk significance and builds on the organisation’s existing SMS strengths
  • Regulatory engagement guidance — where findings are relevant to authority oversight, specific guidance on how to present the organisation’s remediation to the competent authority

Stage 4: Remediation Support

AACS provides structured support for the remediation of audit findings, whether through advisory on the corrective actions the organisation will implement itself, or through direct involvement in the redesign of SMS components that the audit has identified as inadequate. Remediation support is provided on the terms the organisation requires — from high-level advisory on corrective action priorities through to hands-on redesign of the occurrence reporting system, the SPI framework, the investigation methodology or the safety review board governance.

For organisations responding to authority findings, AACS supports the development and presentation of the corrective action plan — ensuring that the organisation’s response is credible, structured and sufficient to satisfy the authority’s remediation expectations.

 

SMS Audit Scope by Organisation Type

While the eight assessment domains apply across all organisation types, the specific audit scope, regulatory framework and operational focus vary significantly by organisation type. AACS audits are calibrated to the specific environment — not a generic aviation SMS audit methodology applied uniformly regardless of organisation.

 

Organisation Type

Specific Audit Focus & Regulatory Framework

Airlines & Commercial Air Transport

ORO.GEN.200 / ICAO Annex 19. Specific focus: crew reporting culture across flight, cabin and ground operations; SPI framework across route network scale; investigation systemic rigour; safety review board governance in large-carrier structures; compliance monitoring integration.

Aerodrome Operators

CAP 168 / CAP 642 / ICAO Annex 14 / Annex 19. Specific focus: multi-employer SMS interface governance; tenant and contractor safety management standard setting and monitoring; movement area hazard management; runway incursion risk management; integrated safety data from across the airside community.

Charter & Non-Scheduled Operators

ORO.GEN.200 / ICAO Annex 19. Specific focus: proportionality — whether the SMS is right-sized for the operator; commercial pressure risk management; just culture credibility in small-operator environments; NP dual-role governance; OM-A accuracy.

Approved Training Organisations

ORA.GEN.200 / ICAO Annex 19. Specific focus: solo flight risk management framework; instructor fatigue risk management; progression pressure identification and control; student reporting culture; just culture dynamics in the instructor-student relationship.

Part 145 Maintenance Organisations

Part 145.A.200 / ICAO Annex 19. Specific focus: maintenance error reporting culture; human factors integration; shift handover and task interruption risk management; certifying staff just culture; compliance monitoring SMS integration; contracted maintenance interface.

Maritime Operators (ISM Code)

ISM Code / SOLAS / flag state requirements. Specific focus: shipboard vs shore-based SMS integration; DPA effectiveness; near miss reporting culture across vessel and shore office; emergency preparedness; port state control readiness.

Rail Organisations

Common Safety Method / Railway Safety Directive. Specific focus: interface risk management between infrastructure manager and train operator; safety performance indicator framework; occurrence investigation systemic rigour; safety verification and validation processes.

 

What Genuine SMS Effectiveness Looks Like

The standard against which AACS conducts independent SMS audit is not the minimum required for regulatory compliance. It is the standard of genuine operational effectiveness — the SMS performance level at which the framework is actually reducing risk rather than documenting it. Understanding what that standard looks like in each assessment domain provides the benchmark against which audit findings are assessed.

 

Assessment Domain

What Genuine Effectiveness Looks Like

Hazard identification & risk assessment

The hazard register reflects the operational environment as it currently exists — not as it was when the SMS was first certified. Risk assessments have been reviewed following operational changes. The barrier analysis has been tested: controls are verified to be working, not assumed. The risk picture the leadership sees in safety review accurately reflects the risk the operation faces.

Safety Performance Indicators

SPIs measure the leading indicators of developing risk, not only the lagging counts of events already occurred. Alert thresholds are set at levels that provide genuine early warning. Threshold breaches reliably trigger investigation and corrective action. SPI data is analysed for trend, not merely compiled. The safety review board makes decisions based on SPI outputs.

Occurrence reporting culture

Reporting rates are consistent with what the organisation’s operational risk profile would predict. Near miss reporting is active — the organisation is receiving intelligence about conditions before they produce events. Just culture is credible in practice: operational staff trust the protection it offers and the feedback they receive confirms that reports are acted upon. The reporting system is not the mechanism that limits reporting — the remaining limit is the irreducible residual of events that staff genuinely did not recognise as reportable.

Safety investigation

Investigation consistently identifies systemic causal factors — organisational conditions, latent hazards, absent defences — rather than stopping at proximate human error. Corrective actions address the systemic causes, are proportionate to the risk and are tracked to verified effectiveness. Investigation learning feeds back into the hazard register and the SPI framework. The organisation’s safety data record shows evidence of systemic improvement over time.

Safety review board

The safety review board receives safety intelligence of sufficient quality to support genuine decision-making. It makes decisions — directing corrective action, authorising resource, escalating unresolved risk. Corrective actions are tracked at subsequent meetings. The Accountable Manager and senior leadership are genuinely engaged. Board minutes demonstrate that safety data produced decisions, not observations.

Safety culture

Operational staff at all levels can accurately describe the organisation’s safety reporting system and their role in it. They trust the just culture framework in practice. They submit reports and receive feedback that tells them their reports made a difference. Management safety behaviour is consistent with the safety policy commitment and is visible to the operational community. Safety management is not a separate department’s activity — it is a shared organisational value.

 

The AACS Independence Standard

An independent SMS audit is only as valuable as the independence of the auditor. AACS has no commercial relationship with any aviation authority, training software provider, SMS platform vendor or industry group that would influence our findings. We do not audit organisations whose SMS we have designed, where this would compromise genuine independence. Our findings reflect the evidence. We do not moderate them to manage a client relationship.

 

The value of an independent audit depends entirely on the auditor’s willingness to report what they find — including findings that are uncomfortable, that identify systemic problems in functions the organisation values, or that require significant corrective action. An independent audit that moderates its findings to preserve a commercial relationship is not providing independent assurance. It is providing the appearance of independent assurance, which is worse than no audit at all because it gives the organisation false confidence.

AACS advisors bring direct operational and regulatory experience across the full range of aviation and transport organisation types. We have held Nominated Person positions in commercial aviation organisations, designed and implemented SMS frameworks from the ground up, and engaged with competent authorities on SMS compliance across UK CAA, EASA and ICAO frameworks. Our audit findings are grounded in operational understanding of what effective SMS performance looks like in practice — not in a checklist of regulatory requirements.

We are direct in our reporting. An organisation whose SMS has serious effectiveness gaps will receive a report that clearly describes those gaps, their risk significance and the corrective action required. That directness is the product the organisation is commissioning. Without it, the audit has no value.

 

Speak to an AACS Specialist

Whether you are preparing for authority oversight, responding to a regulatory finding, seeking assurance following a safety event, commissioning periodic independent review of your SMS maturity, or conducting safety due diligence on a regulated organisation, AACS provides the independent expertise to deliver an honest, rigorous and operationally grounded assessment.

We will be direct about what independent audit involves, what it will identify, and what value it will deliver for your organisation.