Auditor-General's overview

The Civil Aviation Authority's progress with improving certification and surveillance.

The Civil Aviation Authority (the CAA) is the regulatory agency that safeguards civil aviation in New Zealand. The CAA controls which operators enter the civil aviation system (certification) and monitors operators' ongoing adherence to safety standards (surveillance).

More than 96% of air travel in New Zealand occurs on aircraft carrying 10 or more passengers and operated by large airlines. The safety performance of these operators is good and comparable with that of large airline operators internationally.1 Accidents involving smaller airlines carrying fewer passengers are more common, but still relatively infrequent.

Since 1997, my Office has carried out four audits of the CAA's certification and surveillance functions for civil aviation operators. Our audits looked at large airline operators and the operators of smaller airlines. This report sets out the findings of our fourth audit, carried out to establish whether the CAA had addressed the 10 recommendations in our 2005 report.

The CAA had accepted our 2005 recommendations and had worked on improvements to its certification and surveillance policies, processes, and tools. The CAA had also reported publicly that it was making good progress in strengthening its certification and surveillance functions. However, in my view, the CAA has not made adequate progress in addressing our 2005 recommendations.

Overall, the CAA has yet to make the changes necessary to better use its current resources to improve the effectiveness and efficiency of certification and surveillance. Some of the CAA's new policies, processes, and tools have been delayed or have been only very recently introduced, and they are not yet fully implemented or consistently applied. For example, the unit managers in the Airlines Group and the General Aviation Group are not tailoring Civil Aviation Rule checklists to reflect the size and risk of each operator's organisation as originally intended. Not tailoring the checklists in this way means that the scope and depth of surveillance is not adjusted and the operator's whole operation is subjected to the same level of audit – irrespective of the operator's overall level of risk.

Of the 10 recommendations made in 2005, I consider that only one – the introduction of a new risk assessment tool – has been fully addressed. This new risk assessment tool is improving the identification of an operator's risk, and the CAA is beginning to adjust the frequency of surveillance in response to that risk. However, eight of our 2005 recommendations have been only partly addressed, and one recommendation has not been addressed.

The environment in which the CAA operates has not changed significantly in the last five years, and our 2005 recommendations remain relevant. The CAA's weaknesses that we have previously identified remain. These weaknesses affect the rigour, consistency, and transparency of regulation. They include:

  • Decisions to certify some operators, despite their non-compliance with the Civil Aviation Rules, are not supported by enough evidence to verify the discretion exercised. For example, the CAA told an operator that it "did not meet the requirements for recertification, and to qualify for recertification a major overhaul of the company was needed". However, a week after the operator prepared a plan to address the CAA's main concerns, the CAA issued a six-and-a-half month certificate to the operator. My staff were not able to find evidence on file of the CAA's reasoning and judgement that the operator had the resources and capability to comply with the Civil Aviation Rules at the time that the certificate was issued. In my view, there had not been enough time for the operator to overhaul its organisation and it is doubtful that the operator met the requirements for certification.
  • The depth of work completed before certifying operators is not adequately documented.
  • Surveillance is not always targeted at higher-risk operators. My staff found that the General Aviation Group had increased the frequency of audits in response to the operator's higher risk profile for only half of the highest-risk operators that we reviewed. Some operators remained on an annual audit cycle despite their high risk profiles.
  • Instances of non-compliance found by CAA auditors are not consistently reported and followed up. For example, a general aviation operator had used the main rotor blade of a helicopter for more than 20 hours beyond its airworthiness limit. The CAA auditor did not issue a finding for this non-compliance with the Civil Aviation Rules. In addition, my staff were also concerned to note that only one of 13 critical findings identified during 2008/09 was addressed by the relevant operator and accepted as addressed by the CAA by the due date.

In my view, the CAA has failed to understand and effectively address the underlying causes of the weaknesses in its certification and surveillance work. I consider that the following factors have contributed to the CAA's inadequate response:

  • Governance of, and accountability for, the CAA's certification and surveillance functions are ineffective.
  • The strength of the CAA's regulatory focus is unclear, and there is insufficient guidance to ensure that regulatory responses are appropriately and consistently applied.
  • The CAA's management practices are not focused on improving staff performance, and it has not been receptive to change.
  • The CAA's management oversight of implementing and using the new certification and surveillance processes is inadequate.
  • The CAA has not given enough attention to improving its organisational proficiency in auditing.

Our latest recommendations flow from these observations and should enable the CAA to make the necessary improvements to strengthen its certification and surveillance work.

I am pleased that the Chairman of the CAA's Board has accepted the recommendations in this report, and is committed to ensuring that the CAA addresses them. The CAA has also provided us with a description of the actions that it is taking in response to our recommendations (see Appendix 7) and a project overview that sets out the time frame for carrying out those actions (see Appendix 8). The Chairman has arranged monitoring of, and reporting on, the CAA's implementation of our recommendations and those resulting from recent internal reviews conducted by the CAA (see Appendix 9).

I note that, in the past, the CAA has given my predecessors similar commitments and that the necessary improvements have still not been carried out. I therefore consider that the responsibility for ensuring that the CAA takes the appropriate action will require closer monitoring and follow-up than my Office can provide.

I recommend that the Ministry of Transport, as part of its ongoing monitoring of the CAA, focus specifically on the CAA's progress in addressing the changes that we recommend. I am looking to the Board and the Ministry of Transport to provide assurance that real change has taken place.

I thank the Director and staff of the CAA for their co-operation and assistance during our audit.

Lyn Provost
Controller and Auditor-General

21 June 2010

1: The CAA's implementation of its safety obligations under the Chicago Convention (see paragraph 2.3) were audited by the International Civil Aviation Organisation in 2006. The audit included an assessment of the CAA's surveillance of airline operators, and its performance compared favourably with that of aviation safety regulators in other developed countries.

page top