Presentation on theme: "Module 13 Oversight Assessment of Auditor Authentication Bodies"— Presentation transcript:
1 Module 13 Oversight Assessment of Auditor Authentication Bodies February 2015
2 Module Summary In this module we will discover: All about Auditor Authentication Bodies (AAB)Requirements for AAB’sas applicable to AAB’s (Section10)How to conduct AAB OversightOffice Assessment including Form G
3 9104 Series Requirements for AAB’s We will examine the following requirements inSection 10 - “Requirements for Auditor Authentication Bodies”We will also review requirements in :Section 5 – Aerospace Auditor CompetencySection 7 – Requirements (for the AAB)Section 8.1 – Maintenance (of authentication)Section 8.2 – Withdrawal of authenticationEach SMS or CBMC has it’s own procedures to control the process of authentication of auditorsNote: Form G questions will be referenced (Gxx)
4 Auditor Authentication Bodies: Auditor Authentication Bodies (AABs)May be part of the SMS or CBMC, orSubcontracted to an independent organisation (G6)Similarly, AAB authentication decision making can be: (G15)Delegated to the AABRetained by the SMS or CBMCIn either case AABs are subject to oversight annuallyOversight of AABs is described in clause 7.8Oversight of the AAB is to be conducted independently and objectively using OP Assessors that are not part of the processHave you been authenticated by the AAB you have been asked to oversight?
5 Section 10: Auditor Authentication Bodies: Section 10: Auditor Authentication Bodies:AAB is responsible for the authentication and re-authentication of AQMS Auditors and must comply with requirements (G11)Authentication is only for AQMS Auditors grade AA or AEAAAB agrees to periodic oversight and access to records (G7)The AAB has to have a documented management system for authentications but not to any specific standards and includes: (G1)AAB to work a process for authentication includes evaluation of each application against requirements (G2-3) (G12)Auditor applicant disclosure of any previous applications, authentications or rejections (G18)Records to be kept for 2 authentication cycles (G35)ISO/IEC referenced as guidance material only
6 Section 10: Auditor Authentication Bodies: Section 10: Auditor Authentication Bodies:The AAB documented management system includes (continued):A person with aviation, space or defence knowledge to support AEA authentication decisions (G32-33)Requirements for independence of authentication decisions (i.e. no conflicts of interest) and communication of decision to applicant (G34)Auditor complaint and appeal processes including feedback to originator within 60 calendar days (G8-9) (G27)Process to address auditor competency feedback and sector recommendations for withdrawal of authentication (G25-26) (G28)Prevention of re-application for 12 months after withdrawal unless due to inactivity or lack or renewal (G14)Entry to OASIS of authentication data (G16) (G30)Recognition of AQMS auditor authentication in other sectorsNote: Does not imply ability to transfer authentication
7 Scope of :provides the minimum requirements (Body of Knowledge) for AQMS Auditors who will participate in AQMS Certification activities including the Auditor Authentication process and for training organisations.It is applicable to auditors seeking formal authentication to conduct audits of the AQMS systems under the IAQG and those who manage the competency element of an AQMS audit program and to training organisations.
9 Section 5: Aerospace Auditor Competency: Section 5: Aerospace Auditor Competency:There are two different categories of Auditors:Aerospace AuditorsAerospace Experienced AuditorsAerospace Auditors can be AA or AEA for each AQMS standard (9100, 9110 and 9120)Detailed requirements are defined in the standard, Tables 1 and 2 (G13)
12 Section 5: Tables 1 and 2 - Notes: Section 5: Tables 1 and 2 - Notes:If during witness audit a candidate shows insufficient knowledge of aerospace requirements as mentioned under Sec & 4.1 of Aerospace specific training course in Appendix A, additional training and/or practical experience will be required.Witness shall be performed by authenticated AEA who themselves have not become qualified via an industry specific training. The witness AEA shall not perform the audit as a member of the assessment team.
13 Auditor Authentication: Auditor Authentication:Process by which trained and competent auditors become recognised by industry to be able to audit third-party AQMS certification auditssection 7 – Requirements: (G2)The Auditor Authentication Body (AAB) must be approved by the SMS (and is visible on OASIS)AAB shall have documented processes and procedures for authentication of AA & AEA. (G2) (G11)The AAB may sub-contract the auditor authentication process to another body, arrangement to be documented and the AAB retains full responsibility for the sub-contracted auditor authentication. (G6)Auditor Authentication Body (AAB):
14 Section 7: Auditor Authentication Process: Section 7: Auditor Authentication Process:Sections 7.4 to 7.8:Auditors can be authenticated by any AABAuthentications from any AAB are recognised by all other AABs and sectorsAAB evaluates an application and submission against requirements for AA or AEA for 9100, 9110 or 9120Authentication is valid for three (3) years – no extensions! (G19)All authenticated AA and AEA are registered in the IAQG OASIS database.
15 Section 8: Auditor Re-Authentication Process: Section 8: Auditor Re-Authentication Process:Section 8.1 – Maintenance (G12) (G21-22)Each Auditor (AA or AEA) shall:Participate in a minimum of 4 (four) audits over 3 (three) yearsNote: Error in EN ‘conducted to the applicable AQMS’ to be ignoredParticipate in 15 hours of continuing education activities over 3 (three) years in the following:Changes to the applicable aerospace industry standard;AQMS auditing methodologies;Changes to Aviation Authority RequirementsUpdates or changes to IAQG or Sector policies, criteria and proceduresMust apply at least 3 months before expiration to re-authenticate (G20)
16 Section 8.2: Withdrawal of Authentication: (G23) Section 8.2: Withdrawal of Authentication: (G23)Authentication can be withdrawn if the auditor:The auditor is not fulfilling the 9104 series standardApplication for AQMS auditor authentication contains false informationThe auditor has falsified audit findingsThe auditor has performed / taken action during an audit activity that will bring the IAQG into disreputeWithdrawal must be supported by objective evidenceDecision by AAB ratified by SMSRe-instatement or authentication possible again in the future
17 Requirements for Auditor Authentication: Also IAQG OPMT Resolutions impact the process:61: Use of existing work experience for other AQMS authentication64: Decision-making, withdrawal and impartiality65: Definition of work experience79: Correction of publishing mistake in EN91: Clarification of ‘participation’ in an audit97: Definition of a ‘full’ audit102: requirements as applied to AB Assessors109: Clarification to table 2 for Repair and Maintenance trg111: Process for an AQMS auditor go to another AAB112: Use of previously submitted audits when applying for AEA115: Consolidation of AQMS training requirements for AQMS auditorsclause 7.3 and clause 10.3 requires each AAB to have documented processes and proceduresYou will need to take account of all of these requirements when assessing an AAB
18 EN 9104-003 clause 8.1: Maintenance EN :2010 Section 8.1 “Maintenance of AEA approval” has been published with an error in the text.The sentence “Participate in a minimum of 4 (four) audits over 3 (three) years conducted to the applicable AQMS” should read:“Participate in a minimum of 4 (four) AQMS standard audits over 3 (three) years.”IAQG OPMT Resolution 79 ensures applicability of the second sentence in EN :2010Requirements for authentication and re-authentication apply to both AA and AEA AQMS Auditors (see clause 6.7c)
19 AAB Assessment: OP Assessor Requires: 9104-002 Forms Form D – Oversight Nonconformity RecordForm G – AAB Assessment Check SheetStandards and Reference Documents:9104 series ( , , and )Sector specific proceduresIAQG Supplemental Rules (if applicable)IAQG Resolutions LogAAB proceduresAudit PlanCopy of previous oversight reports
20 AAB Assessment: Conduct the assessment Gather objective evidence that the AAB has implemented 9104 series requirements and is working effectivelyFollow your audit planUse checklist for guidanceFocus on AAB implementation and activity:Ensure conformance to section 5.3 (Confidentiality and Conflict of Interest) andReview of previous oversight assessment reports including actions takenA review of the last accreditation evaluation (if applicable)
21 9104-002 Form G Check Sheet: Review the check sheet now: Questions on content?
22 Assessing Applicant Files: Follow the authentication processApplication – form, complete, required information?Evaluation of application against criteriaIndustry experience valid?Audit logs demonstrate ‘full’ audits?Are certificates of training only from approved courses?Fulfilment of IAQG ResolutionsIndependence of authentication decision-makingCorrect entry of auditor details, authentication and period of authentication on OASIS?
23 Assessing Applicant Files: Follow the authentication processTimely submission of re-authentication processat least 3 months before expiryCompliance with correct re-authentication criteria (audit logs)Don’t forget the correct use and interpretation AATT based training courses for authentication
24 Some other items to assess: Structure in relation to SMS/CBMCConstitution including independenceArrangements for subcontracting and control (if subcontracted)SMS endorsement or delegation of decision-makingAppealsComplaintsWithdrawals
25 Some other items to assess: Procedures in compliance with requirementsActivities and records in compliance with proceduresIndependence of evaluators and decision-makersCompetence of those involved in the process?
26 After the AAB Assessment: Provide report to the AAB and SMS or CBMC Oversight WG ChairEnsure the AAB and SMS or CBMC have records of the verification and closure of any Form D Nonconformity Records