Part 1: Introduction

The Civil Aviation Authority's progress with improving certification and surveillance.

In this Part, we explain:

The purpose of our audit

The purpose of our audit was to establish whether the Civil Aviation Authority (the CAA) had addressed the 10 recommendations in our 2005 report, Civil Aviation Authority: Certification and surveillance functions.2

As a result of our audit work, we also decided to consider why the CAA had not fully addressed our previous recommendations. In doing this, we drew on our audit work, our wider knowledge of the CAA from our work in recent years, and reviews of the CAA by others.


This is the fourth time that we have audited the certification and surveillance functions of the CAA in relation to operators in the airline sector and the general aviation sector.3

Our audits in 19974 and 20005 identified problems with the CAA's surveillance function. We found that the CAA had problems identifying and targeting high-risk operators, and that there were inconsistencies between CAA auditors in their approach to routine audits. We recommended that the CAA develop systems to identify and target high-risk operators, and build staff capability.

Our 2005 audit report of the CAA's certification and surveillance functions noted that the CAA had taken little action to address the recommendations in our 1997 and 2000 reports. We found that, although the certification processes used by the CAA's Airlines Group were generally sound, the General Aviation Group auditors needed to be more rigorous in their assessment of operator capability to comply with the Civil Aviation Act 1990 (the Act) and the Civil Aviation Rules (the Rules).

We also continued to have significant concerns about the surveillance function. We were particularly concerned about:

  • the effectiveness of the CAA's risk analysis and risk assessment processes;
  • how the CAA ensures that the risk analysis "feeds through" to the surveillance process; and
  • how the CAA ensures that operators (or groups of operators) who are assessed as "high-risk" are appropriately targeted, in relation to both depth and frequency of the surveillance carried out.

During our audit fieldwork for our 2005 audit report, we discussed our concerns with the CAA. We were pleased to note that the CAA had identified actions that it intended to take in response to our recommendations and had begun a review of its surveillance function before our report was presented to Parliament.

The CAA told us that it was going to integrate its risk assessment, certification, and surveillance processes to create an integrated audit supported by an electronic system and tools that provided for effective and efficient regulation of the civil aviation system.

At the request of the then Minister of Transport, in May 2008 we also reported on the CAA's responses to the Coroner's recommendations on the June 2003 Air Adventures crash. We had intended to follow up on our 2005 recommendations as part of that audit. However, the CAA had not implemented its redeveloped surveillance tool until the beginning of May 2007. The final version of the system software for operating the tool was not introduced until February 2008. The CAA's auditors had consequently not carried out enough audits and follow-up actions using the new tool and process for us to test a representative sample, and therefore we decided to postpone this follow-up audit.

How we carried out our audit

To assess whether our 2005 audit report recommendations had been addressed, we interviewed:

  • a range of staff at the CAA, including the Director of the CAA, the general managers, the unit managers, and the CAA auditors (who carry out certification and surveillance audits and inspections);
  • the Chairman of the Board (see paragraph 2.4); and
  • staff at the Ministry of Transport and the Transport Accident Investigation Commission.

We also selected a sample of airline and general aviation operators to assess how effectively the CAA was performing the certification and surveillance of these operators. Our sample selection was based on the CAA's risk profiles of the operators. We selected some of the highest-risk operators within each sector, as well as some operators that had been assessed as medium and low risk. This allowed us to look at how effectively the CAA was responding to risk. Our sample included:

  • three airline sector operators (16% of airline operators), which included the flight operation and maintenance organisations associated with these airlines – two of these three were assessed as high risk; and
  • 26 general aviation sector operators (16% of general aviation operators), which comprised 13 fixed wing and 13 rotary wing and agricultural operators – 10 of these 26 were assessed as high risk.

We also:

  • reviewed the certification and surveillance work carried out by the CAA's Aviation Security Unit6 on two operators;
  • surveyed by telephone 24 general aviation operators to get their views on the effectiveness of the CAA's certification and surveillance work;
  • observed three routine audits carried out by the CAA's Airlines Group (two by the Flight Operations Unit and one by the Airline Maintenance Unit), and two routine audits carried out by the General Aviation Group (both included flight operations and maintenance aspects); and
  • attended two training seminars run by the CAA for CAA staff.

The structure of this report

The remainder of this report is structured into three parts and nine appendices:

  • Part 2 provides background information on the CAA and its functions;
  • Part 3 summarises how well the CAA has responded to the 10 recommendations that we made in 2005;
  • Part 4 considers why the CAA has been slow to improve certification and surveillance and what we consider needs to be done now; and
  • the first six appendices provide the supporting evidence and analysis that underpins our overall assessment of the progress that the CAA has made with our 2005 recommendations. The last three appendices relate to the actions the CAA now intends to take.

2: This report is available on our website,

3: On 6 June 2003, an aircraft crashed on approach to Christchurch International Airport, killing the pilot and seven passengers, and seriously injuring two other passengers. At the Minister of Transport's request, we looked at how the CAA and the Ministry of Transport considered, responded to, and reported on each of the Coroner's recommendations. We reported on this in May 2008 in our report, Responses to the Coroner's recommendations on the June 2003 Air Adventures crash. This report is available on our website, We have not counted this performance audit among the audits we have conducted on the CAA's certification and surveillance functions since 1997.

4: Controller and Auditor-General (1997), Fourth Report for 1997, pages 77-121.

5: Controller and Auditor-General (2000), Civil Aviation Authority Safety Audits – Follow-up Audit.

6: The Aviation Security Unit is responsible for certification and surveillance of airline security programmes, regulating air cargo agents, and security aspects of aerodromes, airports, and Airways New Zealand Limited.

page top