Claudio Pacozzi.

Compliance Monitoring Works When It Is Designed to Find Problems

Compliance monitoring systems don’t fail because operators ignore the requirement. They fail because the requirement was implemented on paper while the actual function was left out.

The audits run. The findings get closed. The management review happens once a year. The exposition says the right things. And the system still cannot answer the question it exists to answer: are we actually operating in conformance with our requirements right now?

The five structural gaps we covered are not edge cases. They appear in small operators and large ones, in airlines and in approved organisations. Treating the audit calendar as the monitoring system. Leaving scope undefined or incomplete — particularly for outsourced functions. Reducing the Accountable Manager’s role to one of formal sign-off rather than substantive accountability. Closing findings at the point of corrective action submission rather than effectiveness verification. Conducting management reviews that confirm process completion rather than assess system capability.

None of these gaps require significant resources to close. They require clarity about what compliance monitoring is actually for, and the organisational discipline to use it that way. ORO.GEN.200 does not specify a format. It specifies an outcome: continuous assurance that operations conform to applicable requirements across the full scope of the certificate.

If your system reliably produces that assurance and gets it to the people who can act on it, it is working. If it produces a well-maintained archive of past activity without informing present decisions, it is not — and the next ramp inspection or oversight visit will make that visible before you do.

Take-away:  Compliance monitoring is not a documentation function. It is an operational assurance function. The distinction shows up the moment something goes wrong and someone asks what your system was telling you before it did.

 

 

A management review that changes nothing isn’t a review!

When I’m brought in to help an operator strengthen its compliance monitoring system, the management review is usually the part nobody flags as a problem. It’s the one element almost every operator gets right on paper: scheduled annually, senior attendees, agenda circulated, minutes filed. From a documentation standpoint, it’s the easiest item to clear off a gap-analysis checklist.

ORO.GEN.200 doesn’t leave much room here. The management review exists to assess the continuing suitability and effectiveness of the compliance monitoring system itself — not to review the findings list, not to confirm audit completion rates. The real question is whether the system, as resourced today, is actually capable of catching the compliance issues present in the operation. That’s a harder question than most management review meetings are built to answer.

I’ve seen this scenario more than once in client engagements. A medium-sized operator runs its annual audit programme and comes out with eight minor findings, nothing systemic. That could mean the operation is well-controlled. It could also mean the audit scope is missing where the real risk sits, the auditors lack the understanding to recognise what they’re looking at, or certain non-conformances have been around so long they’ve stopped being written up at all. They’ve just become “how we do it here.” A review that looks at eight closed minors and signs off that the system works hasn’t tested any of that. It has confirmed eight findings were raised and closed.

The questions that should drive the conversation are operational, not administrative. Is the audit programme targeting where the compliance risk actually sits, or where it’s easiest to schedule? Do the auditors still have the technical currency for what they’re reviewing? Are corrective actions changing behaviour on the line, or just generating paperwork? Does the trend data suggest the operation is drifting? If the record doesn’t show those questions asked and answered, what’s been produced is minutes, not assurance. It’s usually visible within the first ten minutes of reviewing the file.

Take-away: If the only output of your management review is a signed record confirming audits were completed, that meeting served an administrative function only. The regulation calls for a substantive assessment of system capability. Those are two different meetings, and running the first does not satisfy the second.

That gap — between a meeting that confirms activity and one that actually tests capability — is where I spend most of my time with operators who bring me in.

 

 

Closing a Finding Is Not the Same as Resolving the Problem

When I ask Compliance Monitoring Managers what happens after a finding is raised, I often get a clear, confident answer:

  1. Corrective action assigned.
  2. Evidence submitted.
  3. Finding closed.

What I rarely get is a convincing explanation of how they know the problem is actually gone. That gap between a closed finding and a resolved condition is where compliance monitoring systems lose most of their practical value.

Most findings are symptoms. A crew member who cannot locate the current revision of a procedure. A maintenance record missing a required signature. A ground handling checklist that has not been updated to reflect the current operation. These are observable. What they point to is usually less visible: a document control process that has not kept pace with operational changes, a training syllabus that glossed over the requirement, a department under enough pressure that corners are being cut in ways nobody has formally acknowledged. Closing the observable condition without examining what produced it means the next auditor will find a variation of the same issue. In some organisations, they find it in the same department, in the same process, three audit cycles in a row.

ORO.GEN.200 requires that the system monitors the effectiveness of corrective actions. In practice, what this step usually looks like is the responsible department confirming that the action was completed. Sometimes it is the same person who raised the action in the first place. That is not effectiveness verification. It is self-certification. Effectiveness verification means going back to the activity, independently, after enough time has passed for the corrective action to have taken effect and checking whether the condition that produced the finding is still present. It is the step that distinguishes a system with a closed-loop process from one that just has a closed-loop on paper.

The tell is simple enough. Pull the last three audit cycles and look for finding categories that appear more than once. If you see them, the corrective actions addressed the surface. The underlying condition was not resolved, it was documented only.

Take-away: Evidence of corrective action and evidence of effectiveness are not the same thing. Build the distinction into your process explicitly — who verifies, when, and independently of whom. Without that, your findings register is a historical record, not a monitoring tool.

 

 

What the Accountable Manager Is Actually Responsible For

The role of the Accountable Manager is often treated as a signature function. Sign the exposition, approve the safety policy, attend the annual management review. The regulatory intent is considerably more demanding.

Under ORO.GEN.210, the Accountable Manager must ensure that the compliance monitoring function has access to all parts of the organisation and, where relevant, to contracted organisations. This is not a passive responsibility. It requires active engagement with the findings and trends produced by the compliance monitoring system — not just formal sign-off on a report.

The most common failure mode: the Accountable Manager receives a summary report confirming that audits were completed and findings were closed. This provides assurance of process activity, not operational compliance. The question that should be asked at every management review is not “were the audits done?” but “what do the findings tell us about the health of our compliance system?”

An Accountable Manager who cannot answer that question has a reporting problem, a monitoring problem, or both.

Take-away:  Accountable Manager engagement with compliance monitoring means understanding what findings indicate — not just confirming that findings were closed.

 

 

You Cannot Monitor What You Have Not Defined

Scope definition is where many compliance monitoring systems quietly fail before a single audit is conducted. It is also an area where organisations frequently challenge inspection findings, because the weakness is structural rather than procedural, and correcting it often requires redesigning the system itself.

The intent of ORO.GEN.200 and its associated AMC is clear: the compliance monitoring function must cover all activities conducted under the AOC. This includes not only operational departments and in-house functions, but also outsourced activities with regulatory relevance performed on behalf of the operator, such as ground handling, line maintenance, or externally delivered crew training.

The practical starting point is straightforward. List every regulated activity conducted by the organisation or contracted to external providers. Against each activity, identify the applicable regulatory requirement and the internal standard or procedure used to demonstrate compliance. If the applicable requirement cannot be identified, conformance cannot be effectively verified. If the activity is absent from the audit programme, it is not being actively monitored.

Assumptions do not satisfy ORO.GEN.200. Neither does reliance on a supplier’s ISO certification or a copy of its internal audit schedule. Where an outsourced activity results in a non-conformance, accountability remains with the certificate holder.

Take away: Monitoring scope must be explicit, documented, and include all outsourced activities with regulatory relevance. Activities that are not clearly defined cannot be effectively monitored, and weaknesses outside the monitoring scope are unlikely to be identified before they become findings during oversight.

 

 

Compliance Monitoring Is Not an Audit Programme

Most organisations build their compliance monitoring system around scheduled audits. They set up an annual audit calendar, train their auditors, and consider the obligation met. EASA Part-ORO.GEN.200 requires something fundamentally different.

Compliance monitoring is a continuous process — not a periodic snapshot. Audits are one instrument within that system, not the system itself. The distinction matters because audits, by nature, look backwards. They confirm what was true on the day of the assessment. A compliance monitoring system, properly implemented, provides ongoing assurance that your operations meet applicable requirements in real time.

The typical gap: organisations produce findings, close corrective actions, and move on. What they rarely do is analyse whether the same finding pattern is appearing across departments, or whether the root cause of a closed action has actually been addressed — or merely documented.

Accountable Managers and Compliance Managers should ask one question of their current system: does it tell us where we stand today, or does it tell us where we stood six months ago?

Take-away:  An audit programme is evidence of compliance monitoring activity. It is not compliance monitoring itself.

 

 

SMS in Civil Aviation — From Compliance to Effectiveness

Most aviation operators are SMS-compliant. Few are SMS-effective.

There’s a critical difference.

Over the past weeks, I have shared a series of reflections on Safety Management Systems in civil aviation. The responses confirmed a recurring industry reality: frameworks are documented, reporting systems are active, management commitment is stated – and yet safety data rarely changes decisions, hazard identification stays reactive, and culture only reveals itself under pressure.

Structural compliance with ICAO Annex 19 is the baseline. It was never meant to be the finish line.

The hard truth: an SMS that doesn’t influence how your organization makes decisions isn’t a safety system. It’s a filing cabinet.

Here’s what separating compliant from effective looks like in practice:

  • Safety outputs feed operational and strategic decisions – or they’re just noise
  • Safety culture is stress-tested, not just declared
  • Hazards are identified before they become events, not after
  • Management commitment is evidenced by resource decisions, not statements
  • The SMS is right-sized to the organization – sophistication ≠ effectiveness
  • SMS is owned by leadership, not delegated to a safety department

SMS maturity isn’t measured by documentation quality or reporting volume. It’s measured by how decisions improve, especially when safety competes with performance.

The gap between compliance and effectiveness is where most operators currently sit. Closing it takes leadership intent, not more regulatory effort.

Where does your organization sit on that spectrum?

 

 

 

SMS as a Leadership Instrument Rather Than a Compliance Mechanism

In numerous organizations, the Safety Management System is functionally isolated within the Safety Department and administratively monitored by Compliance Monitoring.

This structural separation limits the system’s effectiveness.

Under ICAO Annex 19, SMS is designed as a management framework for controlling safety risk. It is not intended to function solely as a regulatory compliance mechanism.

An effective SMS integrates with leadership processes:

  • Risk assessments inform operational planning,
  • Safety performance data influences management review,
  • Strategic planning reflects risk exposure trends,
  • Department heads assume ownership of safety actions within their operational domains.

When safety data remains confined to the Safety Office, SMS cannot influence operational leadership. In such cases, safety becomes a reporting function rather than a management instrument.

Organizational maturity is reached when SMS principles are embedded in leadership behaviour and decision-making structures.

Conclusion: SMS achieves its intended purpose only when it functions as a core leadership tool, not merely as evidence of regulatory compliance.

 

 

Management Commitment: Stated or Demonstrated?

Safety policies universally include formal commitment statements signed by the Accountable Manager. Regulatory frameworks clearly establish accountability at the executive level.

The critical question is not whether commitment is declared, but whether it is measurable.

Management commitment becomes evident through tangible indicators:

  • Allocation of adequate safety resources,
  • Timely implementation of mitigation measures,
  • Executive-level review of safety performance,
  • Integration of safety metrics into corporate dashboards.

A recurring observation in oversight activities is the delegation of safety accountability to the Safety Manager, while strategic decision-making remains commercially driven without systematic safety input.

In mature systems, safety performance indicators carry similar weight to financial and operational performance metrics.

Commitment is not validated during stable operational periods. It is validated when operational pressure increases and safety-related decisions carry economic implications.

Conclusion: Management commitment is demonstrated through consistent executive behaviour and resource allocation, not through policy statements alone.

 

 

Hazard Identification and the Reporting Illusion

Most operators maintain structured occurrence reporting systems. Databases are active, trends are monitored, and internal reporting channels are established.

However, reporting activity must not be confused with comprehensive hazard identification.

Occurrence reporting is inherently reactive. It captures events that have already materialized. Proactive hazard identification, by contrast, aims to detect latent conditions and emerging risks before they result in occurrences.

A common systemic weakness is excessive reliance on voluntary reports as the primary source of hazard data. This creates a “reporting illusion,” where the organization assumes risk visibility is sufficient because reporting volume is high.

Effective hazard identification requires deliberate mechanisms such as:

  • Structured operational risk assessments,
  • Line Operations Safety Audits (LOSA),
  • Focused safety studies,
  • Active engagement of operational management.

Without systematic risk exploration, the SMS remains reactive by design.

Conclusion: A reporting system collects data on what has happened. Hazard identification requires structured efforts to understand what could happen.