Claudio Pacozzi.

Scope definition is where many compliance monitoring systems quietly fail before a single audit is conducted. It is also an area where organisations frequently challenge inspection findings, because the weakness is structural rather than procedural, and correcting it often requires redesigning the system itself.

The intent of ORO.GEN.200 and its associated AMC is clear: the compliance monitoring function must cover all activities conducted under the AOC. This includes not only operational departments and in-house functions, but also outsourced activities with regulatory relevance performed on behalf of the operator, such as ground handling, line maintenance, or externally delivered crew training.

The practical starting point is straightforward. List every regulated activity conducted by the organisation or contracted to external providers. Against each activity, identify the applicable regulatory requirement and the internal standard or procedure used to demonstrate compliance. If the applicable requirement cannot be identified, conformance cannot be effectively verified. If the activity is absent from the audit programme, it is not being actively monitored.

Assumptions do not satisfy ORO.GEN.200. Neither does reliance on a supplier’s ISO certification or a copy of its internal audit schedule. Where an outsourced activity results in a non-conformance, accountability remains with the certificate holder.

Take away: Monitoring scope must be explicit, documented, and include all outsourced activities with regulatory relevance. Activities that are not clearly defined cannot be effectively monitored, and weaknesses outside the monitoring scope are unlikely to be identified before they become findings during oversight.

Most organisations build their compliance monitoring system around scheduled audits. They set up an annual audit calendar, train their auditors, and consider the obligation met. EASA Part-ORO.GEN.200 requires something fundamentally different.

Compliance monitoring is a continuous process — not a periodic snapshot. Audits are one instrument within that system, not the system itself. The distinction matters because audits, by nature, look backwards. They confirm what was true on the day of the assessment. A compliance monitoring system, properly implemented, provides ongoing assurance that your operations meet applicable requirements in real time.

The typical gap: organisations produce findings, close corrective actions, and move on. What they rarely do is analyse whether the same finding pattern is appearing across departments, or whether the root cause of a closed action has actually been addressed — or merely documented.

Accountable Managers and Compliance Managers should ask one question of their current system: does it tell us where we stand today, or does it tell us where we stood six months ago?

Take-away:  An audit programme is evidence of compliance monitoring activity. It is not compliance monitoring itself.

Most aviation operators are SMS-compliant. Few are SMS-effective.

There’s a critical difference.

Over the past weeks, I have shared a series of reflections on Safety Management Systems in civil aviation. The responses confirmed a recurring industry reality: frameworks are documented, reporting systems are active, management commitment is stated – and yet safety data rarely changes decisions, hazard identification stays reactive, and culture only reveals itself under pressure.

Structural compliance with ICAO Annex 19 is the baseline. It was never meant to be the finish line.

The hard truth: an SMS that doesn’t influence how your organization makes decisions isn’t a safety system. It’s a filing cabinet.

Here’s what separating compliant from effective looks like in practice:

• Safety outputs feed operational and strategic decisions – or they’re just noise
• Safety culture is stress-tested, not just declared
• Hazards are identified before they become events, not after
• Management commitment is evidenced by resource decisions, not statements
• The SMS is right-sized to the organization – sophistication ≠ effectiveness
• SMS is owned by leadership, not delegated to a safety department

SMS maturity isn’t measured by documentation quality or reporting volume. It’s measured by how decisions improve, especially when safety competes with performance.

The gap between compliance and effectiveness is where most operators currently sit. Closing it takes leadership intent, not more regulatory effort.

Where does your organization sit on that spectrum?

In numerous organizations, the Safety Management System is functionally isolated within the Safety Department and administratively monitored by Compliance Monitoring.

This structural separation limits the system’s effectiveness.

Under ICAO Annex 19, SMS is designed as a management framework for controlling safety risk. It is not intended to function solely as a regulatory compliance mechanism.

An effective SMS integrates with leadership processes:

• Risk assessments inform operational planning,
• Safety performance data influences management review,
• Strategic planning reflects risk exposure trends,
• Department heads assume ownership of safety actions within their operational domains.

When safety data remains confined to the Safety Office, SMS cannot influence operational leadership. In such cases, safety becomes a reporting function rather than a management instrument.

Organizational maturity is reached when SMS principles are embedded in leadership behaviour and decision-making structures.

Conclusion: SMS achieves its intended purpose only when it functions as a core leadership tool, not merely as evidence of regulatory compliance.

Safety policies universally include formal commitment statements signed by the Accountable Manager. Regulatory frameworks clearly establish accountability at the executive level.

The critical question is not whether commitment is declared, but whether it is measurable.

Management commitment becomes evident through tangible indicators:

• Allocation of adequate safety resources,
• Timely implementation of mitigation measures,
• Executive-level review of safety performance,
• Integration of safety metrics into corporate dashboards.

A recurring observation in oversight activities is the delegation of safety accountability to the Safety Manager, while strategic decision-making remains commercially driven without systematic safety input.

In mature systems, safety performance indicators carry similar weight to financial and operational performance metrics.

Commitment is not validated during stable operational periods. It is validated when operational pressure increases and safety-related decisions carry economic implications.

Conclusion: Management commitment is demonstrated through consistent executive behaviour and resource allocation, not through policy statements alone.

Most operators maintain structured occurrence reporting systems. Databases are active, trends are monitored, and internal reporting channels are established.

However, reporting activity must not be confused with comprehensive hazard identification.

Occurrence reporting is inherently reactive. It captures events that have already materialized. Proactive hazard identification, by contrast, aims to detect latent conditions and emerging risks before they result in occurrences.

A common systemic weakness is excessive reliance on voluntary reports as the primary source of hazard data. This creates a “reporting illusion,” where the organization assumes risk visibility is sufficient because reporting volume is high.

Effective hazard identification requires deliberate mechanisms such as:

• Structured operational risk assessments,
• Line Operations Safety Audits (LOSA),
• Focused safety studies,
• Active engagement of operational management.

Without systematic risk exploration, the SMS remains reactive by design.

Conclusion: A reporting system collects data on what has happened. Hazard identification requires structured efforts to understand what could happen.

Safety culture is widely referenced in regulatory frameworks and organizational declarations. Yet its practical meaning is often diluted.

Safety culture is not defined by:

• The presence of a non-punitive reporting policy,
• The volume of occurrence reports,
• Periodic safety surveys,
• Or formal communication campaigns.

True safety culture becomes visible only when operational pressure conflicts with safety considerations.

When operational efficiency is challenged by safety concerns, how does management respond? When mitigation measures affect productivity, are they implemented or deferred? When critical safety data emerges, is it analysed constructively or defensively justified?

A frequent misconception is equating high reporting rates with cultural maturity. While reporting activity may indicate trust, or repeated exposure to risks that management has not effectively mitigated.

Safety culture is ultimately reflected in consistent decision-making behaviour — particularly when safety competes with performance objectives.

Conclusion: Safety culture is not defined by declarations or metrics alone; it is demonstrated through consistent actions under operational pressure.

Many Air Operator Certificate (AOC) holders demonstrate full compliance with ICAO Annex 19, CAR OPS 1 and EASA Part-ORO.GEN requirements. Safety policies are published, hazard logs are maintained, safety performance indicators are defined, and management review meetings are conducted.

However, operational reality often reveals a different picture.

The central issue is not a lack of regulatory awareness, but an overemphasis on formal structure. Risk assessments are frequently conducted to satisfy oversight expectations rather than to inform operational decision-making. Safety performance data is reviewed periodically, yet rarely integrated into strategic planning or commercial decisions.

A Safety Management System is effective only when its outputs directly influence operational control and management priorities. If safety intelligence does not affect scheduling decisions, resource allocation, or operational limitations, the system remains structurally compliant but functionally weak.

Compliance demonstrates the existence of a system. Effectiveness demonstrates its impact.

Conclusion: An SMS that does not shape operational decisions cannot be considered effective, regardless of its documented completeness.

The European Union Aviation Safety Agency (EASA) has published Revision 23 from December 2025 of the Easy Access Rules for Air Operation.

Find details and download link here

I passed with distinction the formal RBI Recurrent Training
From April 28 – April 29 2025