IEP Auditor Training — Gold Aviation SMS Training

1

IEP Foundation & Regulatory Basis

Purpose, objectives, and who oversees the program

▼

▶

Module 5 Overview Video

Video coming soon — complete the reading below to continue

The Internal Evaluation Program (IEP) provides the procedural guidance for auditing Gold Aviation's Safety Management System. The SMS Manual establishes the regulatory requirements under 14 CFR Part 5, AC 120-92B, and ICAO SMS standards — the IEP Manual specifies how audits are actually planned, executed, reported, and followed up.

Important distinction: FAA-required CASS (Continuous Analysis and Surveillance System) activities for maintenance are managed separately under the FAA-approved maintenance program. The IEP addresses SMS-driven internal audits and vendor oversight — though the two are linked, and IEP findings feed into the broader CASS picture you'll see in Section 5.

The IEP exists to:

Ensure compliance with regulatory and internal safety requirements
Verify the effectiveness of implemented safety risk controls
Identify and correct gaps in safety performance before incidents occur
Support oversight of internal operations and contracted organizations
Promote continual improvement of the SMS
Provide senior management with data for accountability and informed decisions

Every IEP audit ultimately evaluates SMS implementation against ICAO's four foundational elements:

Documentation — are policies, procedures, and records current?
Monitoring — is safety performance data being collected on an ongoing basis?
Measuring — are Safety Performance Indicators (SPIs) tracked effectively?
Analysis — do audit results and data actually inform risk management decisions?

IEP oversight responsibilities:

Accountable Executive (AE) — overall authority and approval of the IEP
Director of Safety (DOS) — manages the IEP, administers the annual audit plan, oversees corrective action closure
Audit Team Leads — assigned by the DOS; must complete Auditor Training before conducting audits independently
Department Managers — ensure corrective actions in their area are implemented on schedule

Regulatory basis: Internal evaluation programs for air carriers trace to AC 120-59 (Air Carrier Internal Evaluation Program), implemented within the broader SMS framework required by 14 CFR Part 5 and AC 120-92B, and aligned with ICAO Annex 19's four-component model.

14 CFR Part 5 AC 120-59 AC 120-92B ICAO Annex 19 IEP Rev-1 §1.1-1.4

2

Audit Scope & Schedule

What gets audited, and how often

▼

The IEP covers ten distinct areas: employee training compliance, safety performance monitoring, risk controls (MOC/FRAT), the safety reporting system, safety governance, contractor oversight, SMS functional audits (Policy/SRM/Assurance/Promotion), evaluation of the SMS as a whole, operational departments, and compliance monitoring.

Audits run on a rolling 12-month cycle:

Area	Frequency
SMS Training and ERP Training	Annually
Safety Performance Indicators (SPIs)	Quarterly
Risk Controls (MOC, FRAT)	Semi-Annually
SMS Reporting System	Quarterly
Contractor Safety Oversight	Annually
Safety Review Board Meetings	Quarterly
Evaluation of SMS Elements (4 components)	Annually
CASS Audits	Quarterly (June & December)
FBO Usage and Fueling	Annually
FRAT (completion, scoring accuracy)	Semi-Annually
Training Records	Annually
Scheduling & Fatigue Risk Management	Semi-Annually
Follow-up of Audit Findings	Ongoing

Each calendar year, the DOS develops an Annual Audit Plan with input from senior management, outlining which areas will be audited and when. The plan is presented to the Accountable Executive for approval before the start of each calendar year.

Special and ad-hoc audits may be initiated at any time in response to: significant safety events, changes in operations or organizational structure, findings from external audits or inspections, or requests from senior management or the AE.

AC 120-59 AC 120-92B §5.4 IEP Rev-1 §2.1-2.5

3

The Four-Stage Audit Methodology

Planning, Execution, Reporting, Follow-Up

▼

Every IEP audit follows the same four-stage structure, ensuring consistency, objectivity, and comprehensive coverage regardless of who's conducting it or what area is being reviewed.

Planning — defined by the annual audit schedule; risk-based focus areas are identified using safety data and hazard reports from the SAG and prior audit findings.
Execution — standardized checklists and templates are used for consistency. Objective evidence is gathered through interviews, record reviews, and direct observation.
Reporting — findings are documented in the SMS software; a risk assessment is completed across all applicable stages; corrective actions are issued where needed.
Follow-Up — the responsible manager implements corrective actions; the DOS verifies effectiveness; closure is documented in the SMS system.

Why this matters as an auditor: The methodology isn't bureaucracy for its own sake — it's what makes findings defensible, comparable across audit cycles, and traceable through to closure. A finding that skips straight to "Reporting" without documented Planning and Execution evidence is much harder to defend if it's ever questioned by the FAA or in an external audit.

Audit tools available to support this process include standardized audit checklists, vendor oversight checklists, root cause analysis tools, and SMS risk assessment templates.

AC 120-59 AC 120-92B IEP Rev-1 §3.1-3.2

4

Findings Classification & Risk Assessment

How findings get their risk level, and why it matters

▼

Every audit finding gets a risk assessment — the same likelihood × severity logic used in Gold Aviation's Safety Risk Management (SRM) process for hazard reports. This is what connects IEP audit findings into the same SRM pipeline as voluntary safety reports.

LOW

MEDIUM

HIGH

SERIOUS

Risk levels assigned during the Reporting stage, driving CAPA priority and timeline

The risk level assigned to a finding directly drives:

CAPA priority — higher-risk findings get faster-tracked corrective action timelines
Escalation — Serious/High findings are reported to the Safety Review Board regardless of normal reporting cycle
Closure verification rigor — the DOS verifies effectiveness of corrective actions, with higher scrutiny for higher-risk findings

Auditor judgment matters here. The same underlying issue — say, an outdated checklist — could be a Low finding if it's a wording inconsistency, or a High finding if it means a required step is being skipped in practice. Your job as an auditor is to describe what you observed clearly enough that the risk assessment reflects the actual operational impact, not just the surface-level paperwork issue.

14 CFR §5.51-5.55 (SRM) AC 120-92B Ch. 4 IEP Rev-1 §3.1.3

5

CASS & Compliance Monitoring

How IEP findings connect to the broader compliance picture

▼

Gold Aviation's compliance monitoring draws from both internal and external sources — and IEP audits are one piece of a larger picture that includes the Continuous Analysis and Surveillance System (CASS).

Internal compliance monitoring sources:

IEP audit checklists, covering both operational and safety topics
Review of the GOM, GMM, SMS Manual, ERP, IEP, FRMP, and SOP Manual for currency and accuracy
Safety Review Board review of audit findings, CAPA status, and SPI trends
CASS quarterly and biannual reviews of maintenance compliance

External compliance monitoring sources:

FAA SAS Portal — DCT findings and surveillance data from the Principal Inspector or FSDO, shared by the DO, reviewed by the DOS, and fed into the IEP CAPA process for tracking and closure
Third-party operator ratings and gap analysis results, monitored by the DOS for compliance gaps
FAA FSDO oversight activities, surveillance findings, and CHDO correspondence

Vendor oversight: Vendor self-audits (such as the Form 411 self-audit checklist) may be accepted as part of contractor oversight, but Gold Aviation retains overall oversight responsibility — a vendor's self-reported compliance doesn't close the loop on its own. This is why the Approved Vendor List tracks last audit date and audit result independently.

When you identify a finding during an IEP audit, think about whether it also has implications for CASS — for example, a training records gap you find during an IEP audit might also be relevant to the next CASS review cycle. Flagging that connection helps the DOS triage and avoid duplicate work.

AC 120-59 IEP Rev-1 §2.1.10 14 CFR Part 135 (CASS)

6

Documentation, Training & Continuous Improvement

Your obligations as an auditor, and how the program improves itself

▼

Auditor training requirements: all IEP auditors must complete this Auditor Training module before conducting audits independently. Refresher training is required every 24 months. If you're auditing a vendor, you also need to demonstrate understanding of the applicable 14 CFR Part 135 and Part 145 requirements for that vendor's scope of work. The DOS maintains training records for all IEP auditors.

Documentation and records:

All audits, findings, and corrective actions are documented in the SMS system
Records are retained for a minimum of five (5) years
Summary reports are presented at Safety Review Board meetings
Corrective action status is tracked through the CAPA process and reported to the Accountable Executive at each Safety Review Board

Continuous improvement:

The DOS conducts an annual IEP Effectiveness Review
The audit schedule and checklists are revised based on findings, safety data, and regulatory changes
Lessons learned are shared with affected departments during SMS promotion activities
The DOS presents IEP effectiveness findings to the Accountable Executive as part of the annual SMS review

Your role in continuous improvement: Every audit you conduct is also feedback on the audit program itself. If a checklist item doesn't make sense for the area you're auditing, or a finding reveals a gap the checklist didn't anticipate, that's exactly the kind of input the annual IEP Effectiveness Review is designed to capture. Note it — don't just work around it silently.

AC 120-59 IEP Rev-1 §4.1-4.3 Gold Aviation SMS Manual §5.14

IEP Auditor Training
Internal Evaluation Program

Knowledge Check

IEP Auditor TrainingInternal Evaluation Program

Knowledge Check

IEP Auditor Training
Internal Evaluation Program