Our recommendations
Our recommendations are aimed at assisting the Civil Aviation Authority (the CAA) to address the reasons for its inadequate progress with earlier recommendations and to make effective improvements to strengthen certification and surveillance. Our recommendations include those parts of our 2005 recommendations that the CAA has yet to address.
Two of our recommendations are addressed to the CAA's governance body (which we refer to as "the Board"). We also make one recommendation to the Ministry of Transport.
The recommendations are grouped according to our observations on why the CAA has been slow to change (as outlined in the Auditor-General's overview).
More effective governance of, and accountability for, the CAA's certification and surveillance functions
We recommend that:
- the Civil Aviation Authority put in place measures to better assess the effectiveness of its certification and surveillance functions and use these measures to report and account to the Board for its performance in achieving its outcomes;
- the Board extend its internal audit of the Civil Aviation Authority to include assurance over the executive management team's assessment of how well the Airlines Group's and General Aviation Group's certification and surveillance are contributing to its strategic priorities and achieving its overall goals and objectives;
- the Board's Audit and Risk Management Committee take a more active role to ensure that the Airlines Group and the General Aviation Group actually address the internal audit findings; and
- the Ministry of Transport, on behalf of the Minister of Transport, more actively monitor the Civil Aviation Authority to provide assurance to the Minister of Transport that the Civil Aviation Authority is addressing our recommendations and performing certification and surveillance effectively and efficiently.
Clarifying the CAA's regulatory focus, and providing better guidance to ensure that regulatory responses are appropriate and consistent
We recommend that the Civil Aviation Authority:
- prepare and implement better measures of the strength and effectiveness of its regulation of the civil aviation sector, including measures to assess the relative effectiveness of advisory and enforcement actions;
- clarify how its regulatory focus is to be applied in practice through certification, surveillance, and other regulatory action by providing more detailed guidance to staff about what circumstances constitute a significant risk to public safety, and what action they should take when these safety risks are identified; and
- give priority to completing the project to improve the integrity and reliability of safety data in its Management Information System, and improve the analysis of this data so that it can be used to better inform regulatory decision-making.
Improving the CAA's management practices to focus on improving performance and introducing continuous quality improvement
We recommend that the Civil Aviation Authority:
- assess and, where necessary, provide training to improve its managers' capability to effectively manage and lead staff. This includes improving the staff performance assessment process in the General Aviation Group.
Improving the CAA's management oversight of new certification and surveillance processes
We recommend that the Civil Aviation Authority:
- give priority to completing the project to review and improve the surveillance process and tools, and ensure that all managers and auditors are using the new certification and surveillance processes;
- introduce more robust quality assurance of certification and surveillance work, including input into planning for certification and surveillance, reviewing the results, and moderating auditors' findings;
- provide better guidance to its auditors on the level of documentation that needs to be retained as evidence of the certification and surveillance work that has been carried out, and reinforce the importance of clearly documenting the basis for decisions that involve serious consideration of evidence for a judgement to be made; and
- provide better guidance to its auditors on how to apply the "fit and proper person" criteria when carrying out assessments of senior persons.
Focusing staff training on improving organisational proficiency in auditing
We recommend that the Civil Aviation Authority:
- give priority to providing training in risk-based audit methodologies for its auditors, to ensure that they have the appropriate skills to carry out effective certification and risk-based surveillance; and
- provide detailed guidance to its auditors on risk-based auditing, including how information about risk can be used to tailor audits at the planning stage, how this information should be documented, how systems-based auditing should be applied, and how risk influences the size of samples checked during audits.