A Conversation on Due Diligence
By Louis A. Sorrentino III
CEO & Managing Director, Aviation & Marine Safety Solutions International (AvMaSSI)
Beyond Regulatory Compliance: Considerations for OEMs and Aircraft Operators
Using a quality management system (QMS) audit process1 is one of the best ways to determine an original equipment manufacturer’s (OEM’s) level of compliance with applicable regulations and whether it has moved beyond a prescriptive approach to addressing quality and safety. This method evaluates the organization’s performance against additional indicators such as corporate policy, procedures, processes, voluntary standards and best practices.
Applying the equally important and voluntary2 Safety Management System (SMS) elements to the quality program adds that much more insight into the quality and safety effectiveness of a company’s internal oversight and external due diligence activities.
Let’s start with a few definitions. For the purposes of this article, a QMS is defined as an independent department or assigned individual within the larger organization that is empowered, resourced (trained) and authorized to evaluate the company’s adherence to established policies, client requirements and applicable regulations. Concurrently, the QMS ensures conformance to company policies and procedures, as well as industry standards and best practices.
If properly implemented, the QMS/SMS becomes the eyes and ears of senior leadership. It ensures that functional managers and employees are reporting correctly and that, from that initial report, hazards and incidents are being effectively analyzed and acted upon. Remember, in the role of a leader, it’s about trust and verification.
Due diligence is the systematic method to premptively analyze risk within a business or financial arrangement so that it can be addressed before an incident, accident or financial loss occurs. It is the exercise of care that a reasonable company or person is expected to take before entering into an agreement or contract with another party. In risk management circles, we call this a risk assessment or management of change (MoC) exercise.
Standard of care is the care exercised by a reasonably prudent product manufacturer or a reasonably careful professional in that line of work.
Exceeding Low-End Operational Expectations
For any organization engaged in aircraft operations, it is fundamental that some level of oversight is performed to ensure the entity complies with applicable regulations and company policies and practices. This is the most basic level of oversight and should not be assumed to meet the standard-of care-threshold.
There are many additional resources and data points organizations can use to more effectively assess operational performance. Regulations are merely the lower limits of what is required to maintain the authority to operate.
The fact that an operator has been granted the authority to operate an aircraft or provide services that support aircraft operations is no indication of verifiable operational safety. A number of regulators have historically given little credence to industry or voluntary standards3 such as:
- IBAC’s International Standard for Business Aircraft Operations (IS-BAO) program
- IATA’s Operational Safety Audit (IOSA) program
- Flight Safety Foundation’s BARS program
Each of these programs indirectly aligns with the International Civil Aviation Organization (ICAO), which is the guiding force for aviation standardization to which most countries align their legislation and regulations. What separates programs such as IS-BAO and BARS from commercial marketing logo shops is that they go beyond the baseline recommendations and establish voluntary performance standards based on industry experience and analysis for scaled enhancement of practices.
Other Ways to Demonstrate Operational Awareness
Additional strategies that demonstrate an organization’s awareness to its operational environment are due diligence services and risk transfer.
Due diligence services are typically provided by an independent organization whose primary mission is to deliver factual information on and analysis of the operator’s ability to sustain its programs over and above mere regulatory compliance while embracing industry best practices.
These services come in the form of physical audits, interviews and operational diagnostics. They look beyond the singular operation of a specific aircraft and/or crew to the organization’s ability to sustain regulatory compliance and industry best practices that directly affect operational safety and quality. Advanced vetting services are also available to provide organizations with Plan B alternatives that have been pre-vetted to meet the approval requirements of the company.
Memorializing Due Diligence Practices
Another topic is the importance of documenting your due diligence and vetting processes. They should be memorialized as policy, frequently reviewed for enhancement, applied consistently and demonstrable.
Vetting services run the gamut from simply finding research data online4 to comprehensive independent operational diagnostics of an organization’s financial, administrative, operational and safety/quality performance criteria. Vetting is usually based on a comparison to a standard. Best practices suggest the standard should be designed around the specific performance-based criteria aligned to the type of operations conducted.
Building an effective vetting procedure and applying risk transfer strategies to vendor selection processes provides a formidable posture, representing a high standard of care that demonstrates an organization’s thorough due diligence.
Risk transfer is the incorporating of contractual provisions into service-level agreements (SLAs) to encourage operators to meet certain performance standards and best practices. These covenants, supplemented by ample insurance coverage and indemnification clauses favoring the customer (you), add to the robustness of protections in favor of the customer.
While effective due diligence activities provides greater insight into the capabilities, controls and limitations of the aviation resources you are researching, insurance and risk transfer mechanisms should be included in your analysis. In all cases, contact your professional aviation broker for specific information on the tools available to you.
1 For internal and expernal auditing and monitoring of vendors.
2 SMS is mandated only for 14 CFR Part 121 air carriers and certain 14 CFR Part 139 international airports within the United States. In the US, SMS remains a voluntary program for Parts 91, 125, 135, 145 type operations. Voluntary standards such as IBAC’s IS-BAO for aircraft operations, and IS-BAH for ground handlers and FBOs embrace the full concept of SMS for enterprise wide safety management.
3 This reactive attitude has changed throughout the years, and regulators are embracing these industry standards as a way to ensure that stakeholders maintain proactive, safe operations.
4 A practice profoundly discouraged by AvMaSSI.