The experience drawn from the second cycle of the USAP showed that a “one size fits all” approach to auditing is not always the most effective or appropriate means of evaluating a State’s aviation security situation. The USAP‑CMA will be incorporating a variety of audit and monitoring activities tailored to each Member State’s aviation security situation. Accordingly, the USAP-CMA will include a range of activities including, but not limited to:
Documentation-based audits are used for those States with the most developed aviation security and oversight systems. They primarily measure a State’s capability to provide effective oversight over its aviation security system. It is important to note that States identified for documentation-based audits will still receive on-site audits from time to time, as appropriate.
Oversight-focused audits are conducted by means of on-site audits and are used for those States with oversight and quality control systems already in place, but not sufficiently developed to effectively and sustainably address aviation security risks in compliance with relevant Annex provisions. The scope of such audits can be full, covering all audit areas, or partial, covering one or more audit areas.
Compliance-focused audits are conducted by means of on-site audits and focus on States with no or very limited quality control activities. In these cases, the audits include more observations of the implementation of security measures to assess compliance with relevant Standards.
Other audit and monitoring activities:
USAP-CMA cost-recovery audits may be conducted at the request of a Member State. The methodology for USAP-CMA cost-recovery audits is the same as for compliance-focused audits or oversight-focused audits. However, ICAO identifies the need for compliance-focused or oversight-focused audits and determines their scope, whereas the type, scope and scheduling of any USAP‑CMA cost-recovery audit will require agreement between ICAO and the State, and will be assessed by ICAO on a case-by-case basis. The results of USAP-CMA cost-recovery audits will be treated in the same manner as the results from regularly-scheduled USAP-CMA activities, including the possibility of invoking the Significant Security Concern (SSeC) mechanism.
It is recognized that a number of States are not in a position to derive full benefit from an audit. These States would instead be considered for
aviation security assistance and referred to the Organization’s assistance programmes offered through the Implementation Support and Development - Security (ISD-SEC) Section and the Technical Cooperation Programme, for the determination and provision of appropriate and timely assistance. These States will be identified in the USAP-CMA secure website. Once assistance is provided to a State, ICAO will determine the appropriate timing for a USAP-CMA audit-related activity to be conducted for such State.
