This is the accessible text file for GAO report number GAO-05-930 entitled 'Aviation Safety: Oversight of Foreign Code-Share Safety Program Should Be Strengthened' which was released on September 9, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Ranking Democratic Member, Committee on Transportation and Infrastructure, House of Representatives: August 2005: Aviation Safety: Oversight of Foreign Code-Share Safety Program Should Be Strengthened: GAO-05-930: GAO Highlights: Highlights of GAO-05-930, a report to the Ranking Democratic Member, Committee on Transportation and Infrastructure, House of Representatives: Why GAO Did This Study: U.S. airlines are increasingly relying on code-share partnerships with foreign carriers to provide additional sources of revenue. Code-sharing is a marketing arrangement in which an airline places its designator code on a flight operated by another airline and sells and issues tickets for that flight. To determine whether the foreign code-share partners of U.S. airlines meet an acceptable level of safety, in 2000, the Department of Transportation (DOT) established the Code-Share Safety Program, which requires U.S. airlines to conduct safety audits of their foreign code-share partners as a condition of code-share authorization. GAO's objective was to assess the federal government’s efforts to provide reasonable assurance of safety and security on foreign code- share flights. GAO reviewed (1) the extent to which DOT's code-share authorization process is designed to consider safety and security, (2) the Federal Aviation Administration’s (FAA) management of the Code- Share Safety Program, and (3) the implementation of the program by airlines and the results. What GAO Found: In considering U.S. airlines’ requests to establish code-share arrangements with foreign carriers, DOT’s Office of International Aviation reviews, among other things, any safety and security objections from FAA and TSA. FAA assesses the safety of foreign civil aviation authorities and reviews reports of the safety audits that U.S. carriers have conducted of their foreign airline partners. From fiscal years 2000 through 2004, DOT (1) authorized U.S. airlines to establish or maintain code-share arrangements with foreign carriers 270 times and (2) did not suspend any arrangements because of known safety concerns. According to FAA, however, U.S. airlines occasionally have decided not to pursue code-share arrangements with foreign carriers because they expected FAA would object, and FAA sometimes puts its reviews of proposed code-share arrangements on hold if the agency has safety concerns. FAA and TSA did not object to any of the authorizations during that period for safety or security reasons. Although not involved in the code-share authorization process, the Department of Defense (DOD) reviews the safety of foreign airlines that transport DOD personnel. For their separate programs, FAA and DOD are reviewing many of the same safety audit reports on foreign carriers. The Code-Share Safety Program, which calls for U.S. airlines to conduct periodic safety audits of their foreign code-share partners, incorporates selected government auditing standards involving independence, professional judgment, and competence. However, FAA’s reviews of the safety audit reports lacked management controls for reviewers’ qualifications, documenting the closure of safety audit findings, verifying corrective actions taken in response to findings, and documenting reviews. Eight U.S. airlines with foreign code-share partners have implemented the DOT program by conducting safety audits of their foreign partners. According to our review of a random sample of audit reports that FAA reviewed from fiscal years 2000 through 2004, the largest numbers of safety findings identified were in the categories of (1) flight operations and (2) maintenance and engineering. GAO estimates that for 68 percent of the findings, the documentation was insufficient to demonstrate that the findings were closed or were resolved. Airlines are beginning to adopt a new safety audit program that requires the documentation of findings and corrective actions. Aircraft Safety Inspection: [See PDF for image] [End of figure] What GAO Recommends: GAO recommends that DOT clarify procedures for airlines to follow in documenting corrective actions and improve management controls over FAA’s reviews of safety audit reports. DOT agreed to consider the recommendations. www.gao.gov/cgi-bin/getrpt?GAO-05-930. To view the full product, including the scope and methodology, click on the link above. For more information, contact Gerald Dillingham at (202) 512-2834 or dillinghamg@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DOT's Office of International Aviation Relies on FAA for Safety Assessments and TSA for Security Assessments to Authorize Code-Share Arrangements: Code-Share Safety Program Incorporates Auditing Standards, but FAA's Oversight of the Program Lacks Certain Management Controls: U.S. Airlines Are Auditing Foreign Partners' Safety, and Partners Are Taking Corrective Action, but Documentation of Corrective Actions Is Often Lacking: Conclusions: Recommendations: Agency Comments: Appendixes: Appendix I: Objectives, Scope, and Methodology: Appendix II: U.S. Carriers and Their Foreign Code-Share Partners: Appendix III: Comments from DHS: Appendix IV: GAO Contacts and Staff Acknowledgments: GAO Contacts: Staff Acknowledgments: Table: Table 1: Selected Government Auditing Standards Incorporated in the Code-Share Safety Program: Figures: Figure 1: Percentage of U.S. Carriers' Active Code-Share Partnerships, by World Region, as of May 2005: Figure 2: Aviation Accident Rates by World Region during 2004: Figure 3: Code-Share Authorization Process: Figure 4: FAA's Process for Responding to DOT's Office of International Aviation: Figure 5: Percentage of Findings by Audit Category: Abbreviations: DHS: Department of Homeland Security: DOD: Department of Defense:: DOJ: Department of Justice:: DOT: Department of Transportation:: FAA: Federal Aviation Administration:: GSA: General Services Administration:: IASA: International Aviation Safety Assessment: IATA: International Air Transport Association:: ICAO: International Civil Aviation Organization:: IOSA: IATA Operational Safety Audit:: SARS: Severe Acute Respiratory Syndrome:: TSA: Transportation Security Administration: Letter August 5, 2005: The Honorable James L. Oberstar: Ranking Democratic Member: Committee on Transportation and Infrastructure: House of Representatives: Dear Mr. Oberstar: As the U.S. airline industry strives to improve its financial condition, many carriers are increasing their focus on international service to provide needed sources of revenue. To help expand their global market reach, U.S. airlines have established an increasing number of code-share arrangements with foreign airlines, and, as of May 2005, eight U.S. airlines had established foreign code-share partnerships. Code-sharing is a marketing arrangement in which an airline places its designator code[Footnote 1] on a flight operated by another airline and sells and issues tickets for that flight. U.S. carriers must obtain authorization for foreign code-share operations from the Department of Transportation (DOT). In 2000, DOT's Office of the Secretary and Federal Aviation Administration (FAA) established the Code-Share Safety Program to ensure that the foreign code-share partners of U.S. airlines meet an acceptable level of safety. The program was established in response to safety concerns that arose after SwissAir Flight 111 crashed off the shores of Nova Scotia in 1998, killing 229 passengers and crewmembers, including 53 Americans. At that time, SwissAir was a foreign partner of U.S.-based Delta Air Lines. Before the Code-Share Safety Program was established, DOT reviewed the potential competitive and economic impact of U.S. airlines' code-share arrangements with foreign airlines, but regarding safety considerations, relied on the oversight by the home country. Now, under the Code-Share Safety Program, U.S. airlines must conduct periodic safety audits of their foreign code-share partners as a condition of code-share authorization. DOT designed the Code-Share Safety Program to rely on U.S. airlines to audit the safety of their foreign code-share partners because FAA does not have the authority to inspect foreign aircraft that do not enter the United States. The DOT program is similar to a safety audit program that the Department of Defense (DOD) created in 1999 for foreign carriers that transport DOD personnel. You asked that we review the measures that the federal government is taking to provide reasonable assurance of safety and security when passengers travel on flights operated by foreign code-share partners of U.S. airlines. To do so, we addressed the following questions: * To what extent is DOT's authorization of U.S. airlines' code-share arrangements with foreign airlines designed to consider safety and security? * How well has FAA managed the Code-Share Safety Program? * To what extent have U.S. airlines implemented the Code-Share Safety Program, and what have been the results of their efforts? To determine how safety and security are considered in DOT's authorization of U.S. airlines' code-share arrangements with foreign airlines,[Footnote 2] we reviewed the process that DOT follows in authorizing code-share arrangements, Code-Share Safety Program guidelines, applicable aviation safety standards, and related legal authorities. Our review covered safety audit reports on foreign carriers that FAA reviewed and U.S. airlines' code-share partnerships with foreign carriers that DOT has authorized since February 2000, when the Code-Share Safety Program was established, through the end of fiscal year 2004. We also examined how FAA's assessments of foreign civil aviation authorities are used in the code-share approval process. During our review of the Code-Share Safety Program, we found that DOD had a similar program designed to ensure the safety of foreign airlines that transport DOD personnel. Because our objective was to determine how the federal government is providing safety oversight of foreign airlines, we included DOD in our review. However, because DOD does not play a direct role in the authorization of foreign code-share arrangements, this report focuses on the DOT Code-Share Safety Program. Moreover, because security is a component of assessing airline safety, we determined what the Transportation Security Administration (TSA), the Department of Homeland Security agency responsible for aviation security, has done to provide security information to FAA and DOD for their safety reviews of foreign airlines. Because the Code-Share Safety Program establishes an audit program, to assess how well FAA has managed the program, we reviewed whether the program's design conformed with selected standards identified in Government Auditing Standards.[Footnote 3] In addition, because we were evaluating the management of a government program, we examined how FAA applied certain management controls in its reviews of the safety audit reports for the Code-Share Safety Program using Standards for Internal Control in the Federal Government.[Footnote 4] We discussed with FAA officials how they conducted the assessments of foreign civil aviation authorities and with TSA officials how they assessed the security of certain foreign carriers and airports. Finally, to determine the extent to which U.S. airlines have implemented the Code-Share Safety Program and the results, we interviewed safety officials at the eight U.S. airlines that were participating in the Code-Share Safety Program[Footnote 5] and reviewed a random sample of reports of safety audits the airlines had conducted of their foreign code-share partners. We did not determine whether the airlines complied with international aviation safety standards but reviewed the safety audit reports to determine what types of findings were identified and whether corrective actions were documented. We also interviewed officials from the International Air Transport Association (IATA), the trade association that represents air carriers worldwide, to determine how IATA's recent introduction of a new safety audit program for its members may affect the Code-Share Safety Program. We conducted our review in Arlington, Virginia; Atlanta; Denver; Eagan, Minnesota; Ft. Worth; Houston; Phoenix; Pittsburgh; Seattle; Washington, D.C; and Montreal, Canada; from August 2004 through August 2005 in accordance with generally accepted government auditing standards. Appendix I provides additional information on our methodology. Results in Brief: In considering U.S. airlines' requests to establish code-share arrangements with foreign carriers, DOT's Office of International Aviation reviews, among other things, any safety and security objections from FAA and TSA. FAA assesses the safety of foreign civil aviation authorities and reviews reports of the safety audits that U.S. carriers have conducted of their foreign airline partners. According to DOT officials, on 270 occasions from February 2000--when the Code-Share Safety Program was established--through the end of fiscal year 2004, DOT authorized or reauthorized U.S. airlines to establish or maintain code-share arrangements with foreign carriers and did not suspend any arrangements because of known safety concerns. However, according to FAA, U.S. airlines occasionally have decided not to pursue code-share arrangements with foreign carriers because they expected FAA would object, and on four occasions during that period, U.S. airlines suspended their code-share arrangements with foreign carriers because FAA was questioning the capabilities of the civil aviation authorities under which the foreign carriers were operating. In addition, FAA sometimes puts its reviews of proposed code-share arrangements on hold if the agency has safety concerns. Code-share arrangements may be periodically reauthorized, based on the terms of the initial authorization. To maintain code-share authorization, U.S. airlines are to conduct safety audits of their foreign code-share partners every 2 years. FAA provided DOT's Office of International Aviation with memorandums indicating that it did not object to any of the proposed arrangements from February 2000 through the end of fiscal year 2004. DOT's Office of International Aviation also receives security information from TSA, which assesses the security of foreign airlines that provide direct service to the United States and its territories and certain foreign airports. TSA provided security clearances for all proposed code-share arrangements from fiscal years 2000 through 2004 for which it had information on the foreign carriers. TSA does not assess the security of foreign carriers that do not provide direct service to the United States and its territories because it lacks that authority. Twenty-nine of U.S. airlines' foreign code-share partners, or about one-third, do not provide direct service to the United States and its territories and therefore have not been assessed for security by TSA. DOD does not authorize code-share arrangements, but like FAA, it reviews the U.S. airlines' safety audit reports of their foreign code-share partners. We found that DOD and FAA are reviewing many of the same audit reports and that TSA was not providing its foreign airport security assessments to DOD. The Code-Share Safety Program incorporates selected government auditing standards involving auditors' independence, professional judgment, and competence. However, FAA's management of the program did not incorporate certain controls relating to establishing reviewers' qualifications, documenting the closure of safety audit findings, verifying corrective actions taken in response to the findings, and documenting its reviews. For example, FAA has not established the qualifications needed for agency staff who review the safety audit reports. In addition, FAA has not provided its reviewers or the airlines with definitions of "safety-critical" findings that the airlines must resolve immediately or "nonsafety-critical findings" that can be resolved after the audit is closed. Some airline officials told us they would like FAA to provide a definition of "safety-critical" findings that must be resolved immediately. Furthermore, in reviewing the safety audit reports, FAA frequently is not documenting its reviews. As a result, it cannot be determined which corrective actions that FAA verified were implemented by the foreign carriers. FAA's lack of documentation about its reviews of the audit reports could impede trend analyses and comparisons of findings and prevents determining whether FAA reviewed those findings. The eight U.S. airlines have implemented the Code-Share Safety Program by conducting safety audits of their foreign code-share partners to determine whether the partners comply with international aviation safety standards. According to our review of a random sample of 149 audit reports, the largest numbers of safety findings that the U.S. airlines identified in auditing their foreign partners during fiscal years 2000 through 2004 were in the categories of (1) flight operations, which govern the activities of the pilots, including training, and (2) maintenance and engineering, which involves the oversight of activities to maintain, repair, and overhaul aircraft, aircraft engines, and parts. The U.S. airlines followed the program's guidelines by submitting written statements from their safety directors to FAA affirming that their foreign airline partners had complied with international aviation safety standards. However, we estimate that 68 percent of the audit findings lacked complete documentation that corrective action had been taken. Without such documentation, FAA lacks evidence that the identified safety issues have been corrected. Furthermore, because FAA has not developed a definition of "safety- critical" findings, which FAA requires the airlines to resolve immediately, we could not identify those findings and, thus, were not able to determine if corrective action was documented. Increasingly, the airlines are adopting a new international audit program, which requires the documentation of identified findings and associated corrective actions. FAA accepted this new international audit program as a methodology that would meet the Code-Share Safety Program guidelines. To the extent that the airlines substitute the new international audit program for their previous audit methodologies, they may improve their documentation of resolved findings and associated corrective actions because this audit program requires such documentation. Most U.S. airline officials said they believe the Code- Share Safety Program provides reasonable assurance of safety or is effective. One airline official, for example, said that the program has been effective because some foreign airlines, seeking to become code- share partners of U.S. airlines, have restructured programs, rewritten manuals, and instituted new management techniques. We are making three recommendations to DOT and one to TSA. To improve the effectiveness of the program, we are recommending that DOT revise the Code-Share Safety Program guidelines to define "safety-critical" and "nonsafety-critical" audit findings, so that FAA reviewers and the airlines know which types of findings must be corrected immediately and which ones can be resolved later. In addition, we are recommending that FAA implement controls for reviewers' qualifications, corrective action verification, and review documentation. Furthermore, because DOD and FAA are reviewing many of the same audit reports, we recommend that FAA explore with DOD potential opportunities to reduce duplication of efforts. Finally, because security is an important component of assessing airline safety, to improve DOD's oversight of foreign carriers that transport DOD personnel, we are recommending that TSA develop a process for routinely coordinating with DOD regarding information on the security of foreign airports. In commenting on a draft of this report, overall, DOT generally concurred with our findings and agreed to consider our recommendations. DHS agreed with our recommendation regarding TSA. DOD and DOT provided some technical clarifications, which we incorporated into this report as appropriate. In addition, FAA provided general comments on the Code- Share Safety Program. Background: Each year, several million passengers travel on foreign airlines that have established code-share arrangements with U.S. air carriers.[Footnote 6] Code-sharing is a marketing arrangement in which an airline places its designator code on a flight operated by another airline and sells and issues tickets for that flight. On foreign code- share routes, U.S. airlines and their foreign partners each place their respective designator code on flights operated by the other airline. Passengers can purchase one ticket from a U.S. airline that can include flight segments covered by one or more foreign partner airlines.[Footnote 7] Air carriers throughout the world form code-share alliances to strengthen or expand their market presence or ability to compete. Through code-sharing, U.S. airlines can offer seamless service to additional international destinations without incurring the expense of establishing their own operations to those locations. Moreover, airline officials said that code-share arrangements with foreign airlines have become important sources of revenue.[Footnote 8] According to FAA, international markets are viewed as more attractive growth markets by mainline carriers because of more limited competition from low-cost carriers and greater profitability. In recent years, U.S. airlines have established an increasing number of code-share arrangements with foreign carriers to expand their service markets.[Footnote 9] As of May 2005, eight U.S. airlines had established 108 arrangements to place their designator codes on 85 different foreign carriers, up from six U.S. airlines that had established 39 arrangements to place their designator codes on 38 different foreign carriers in fiscal year 2000.[Footnote 10] As shown in figure 1, the majority of U.S. airlines' code-share arrangements are with European airlines, representing over half, followed by airlines from Asia and the Pacific, accounting for nearly a quarter of the arrangements. Appendix II lists the U.S. carriers and their foreign code-share partners. Figure 1: Percentage of U.S. Carriers' Active Code-Share Partnerships, by World Region, as of May 2005: [See PDF for image] Note: Percentages do not total to 100 because of rounding. [End of figure] In 1998, SwissAir Flight 111, which was a code-share flight with U.S.- based Delta Air Lines, crashed off the shores of Nova Scotia, killing 229 passengers, including 53 Americans. Following that accident, the DOT Inspector General reviewed aviation safety under international code- share agreements and issued a report in 1999 recommending, among other things, that DOT develop and implement procedures requiring U.S. airlines to conduct safety audits of foreign carriers as a condition of authorization of code-share passenger services.[Footnote 11] Also in 1999, legislation was introduced in the House of Representatives that would have statutorily required U.S. airlines to audit the safety of their foreign code-share partners.[Footnote 12] Although that legislation was not enacted, in 2000, DOT's Office of the Secretary and FAA established the Code-Share Safety Program, which included the development of guidelines for U.S. carriers to follow in auditing the safety of their foreign code-share partners as a condition of DOT's authorization of code-share passenger services. DOD's safety audit program, called the Commercial Air Transportation Quality and Safety Review Program, expanded another program that DOD established in 1986 to check the safety of charter aircraft transporting its personnel, after an Arrow Air charter airplane transporting U.S. military personnel crashed in 1985, killing 256 passengers and crew. In 1986, Congress passed Public Law 99-661, which created a Commercial Airlift Review Board and prohibits DOD from contracting with an air carrier unless it meets certain safety standards and submits to a technical safety evaluation. A 1999 memorandum of understanding between DOD and the Air Transport Association, a U.S. airline industry association, allows DOD to review the safety audits that U.S. airlines have conducted of their foreign airline partners. DOD is a major customer of airlines that have established code-share arrangements through its participation in the General Services Administration's (GSA) city-pairs program, under which the government negotiates service contracts for all federal government employees, including military personnel, to save the government money on air travel. The program requires federal employees and military personnel to fly with carriers under such contracts when they travel on government business. DOD is required to review the safety of all airlines that provide scheduled service to its personnel under the GSA city-pairs program, which include U.S. airlines' foreign code-share partners. DOD's program also has the effect of having the airlines comply with DOD requirements if they want to maintain the GSA contracts. The safety of foreign carriers is also a concern because aviation accident rates vary considerably from one region of the world to another. According to data compiled by IATA, an international airline association, during 2004, the North American region had the lowest aviation accident rate (0.29 hull losses[Footnote 13] per million flight segments), while the Middle East had the highest (5.32 hull losses per million flight segments).[Footnote 14] Africa had the second highest rate, followed by South America, the Asia-Pacific region, and Europe. These accident rates are shown in figure 2. Figure 2: Aviation Accident Rates by World Region during 2004: [See PDF for image] [End of figure] DOT's Office of International Aviation Relies on FAA for Safety Assessments and TSA for Security Assessments to Authorize Code-Share Arrangements: DOT's Office of International Aviation within the Office of the Secretary of Transportation authorizes U.S. airlines' code-share arrangements with foreign airlines after considering, among other things, safety and security information from FAA and TSA. FAA provides DOT's Office of International Aviation with a memorandum recording its "objection" or "no objection" to the foreign code-share partners of U.S. airlines. This memorandum is based on FAA's assessments of foreign civil aviation authorities and reviews of safety audits conducted by U.S. airlines of foreign carriers. TSA assesses the security of foreign airlines that provide service to the United States and its territories and certain foreign airports. DOT also considers the competitive and antitrust implications of code-share arrangements. For its program, DOD reviews many of the same safety audit reports on foreign airlines that FAA reviews for the Code-Share Safety Program. DOT Considers Information from Several Sources to Authorize Code-Share Arrangements: To authorize a code-share arrangement between a U.S. and a foreign airline, DOT must find that the arrangement is in the public interest.[Footnote 15] Under the DOT guidelines, this public interest finding includes a determination of the foreign carrier's level of safety and the economic impact of the arrangement. Before authorizing a code-share arrangement, DOT's Office of International Aviation obtains (1) a memorandum of "no objection" from FAA, based on its review of the safety audits and other safety information available to FAA; (2) a clearance from DOT's Office of Policy on aspects of security involving the foreign carrier, including information from TSA; and (3) a clearance from DOT's Office of Aviation Analysis and Office of the General Counsel concerning the code-share arrangement's competitive impact on the airline industry.[Footnote 16] The Office of International Aviation also obtains advice from the Department of Justice on potential antitrust issues.[Footnote 17] According to DOT officials, on 270 occasions, from February 2000 through the end of fiscal year 2004, DOT authorized or reauthorized U.S. airlines to establish or maintain code-share arrangements with foreign carriers and did not suspend any arrangements during that time.[Footnote 18] However, FAA officials also said that U.S. airlines have occasionally decided not to pursue code-share arrangements with foreign airlines because they expected FAA would object. Code-share arrangements may be periodically reauthorized based on the terms of the initial authorization. Figure 3 shows the DOT code- share authorization process. Figure 3: Code-Share Authorization Process: [See PDF for image] [End of figure] FAA Response Reflects Assessments of Foreign Civil Aviation Authorities and Safety Audit Reviews: DOT's Office of International Aviation solicits the views of FAA on the safety aspect of its code-share authorization decision because of FAA's technical expertise in that area. FAA reviews reports of the safety audits that U.S. carriers have conducted on the foreign carriers and other safety information available to FAA, including its assessments of the capabilities of the relevant foreign civil aviation authorities. FAA provided DOT's Office of International Aviation with memorandums of "no objection" on all foreign airlines being considered for code-share authorization during fiscal years 2000 through 2004. According to FAA officials, if FAA has safety concerns, it puts a hold on its review of the proposed code-share arrangement, allowing time for the safety issues to be resolved; and on four occasions, from February 2000 through September 2004, U.S. airlines suspended their code-share arrangements with foreign carriers because FAA was questioning the capabilities of the civil aviation authorities under which the foreign carriers were operating. Figure 4 shows FAA's process for providing information to DOT's Office of International Aviation on U.S. airlines' applications to establish code-share arrangements with foreign carriers. Figure 4: FAA's Process for Responding to DOT's Office of International Aviation: [See PDF for image] [End of figure] Under the Code-Share Safety Program guidelines, DOT authorizes a U.S. airline's code-share arrangement with a foreign carrier only if the foreign airline is from a country that is compliant with applicable international aviation safety standards under FAA's International Aviation Safety Assessment (IASA) program.[Footnote 19] Under IASA, FAA reviews the capabilities of foreign civil aviation authorities by checking their compliance with standards established by the International Civil Aviation Organization (ICAO), a United Nations aviation organization.[Footnote 20] Under IASA, FAA assigns countries' civil aviation authorities either a category 1 rating--meets ICAO standards--or a category 2 rating--does not meet ICAO standards.[Footnote 21] During the IASA process, FAA personnel, typically from various international field offices, conduct on-site assessments of civil aviation authorities for compliance with ICAO standards in eight areas: (1) primary aviation legislation, (2) aviation regulations, (3) organization of the civil aviation authority, (4) adequacy of the technical personnel, (5) technical guidance, (6) licensing and certification, (7) records of continuing inspection and surveillance, and (8) resolution of safety issues. Each country with carriers serving, or wishing to serve, the United States in their own right or as part of a code-share arrangement with a U.S. airline must first have an assessment under the IASA program. Although FAA's plan is to reassess the category for each foreign civil aviation authority every 2 years, FAA officials said that this activity occurred less frequently because of a larger-than-anticipated number of reassessments and constraints on the agency's resources. FAA data indicate that 67 of the 100 foreign civil aviation authorities in the IASA program, or about two-thirds, have not been assessed within the last 4 years. According to FAA, some countries were not assessed within the last 4 years because available data indicated that their rating categorization remained valid. FAA data also show that from January 1, 2000, through May 1, 2005, FAA assessed or reassessed--because of safety oversight concerns--the capabilities of 33 foreign civil aviation authorities, 6 of which were assessed more than once.[Footnote 22] Of the 42 countries' civil aviation authorities under which the foreign code-share partners of U.S. airlines are operating, 16 have required an IASA assessment or reassessment since 2000 and 26 have not. IASA results, along with the safety audits that U.S. airlines conduct of their foreign code-share partners, are FAA's principle measures of the level of safety of the foreign carriers. According to the guidelines, the level of oversight and regulation that an airline receives from its regulatory authority is an important factor in assessing its safety. For this reason, DOT authorizes U.S. airlines' code-share arrangements only with foreign airlines that are from IASA category 1 countries. As of May 2005, FAA had assigned IASA category 1 ratings to 71 countries' civil aviation authorities and IASA category 2 ratings to 28; 94 other countries had not yet been categorized, generally because no carriers from those countries had applied to provide direct service to the United States. DOT's Office of International Aviation will not authorize a code-share application, and FAA will not review the safety audit report if flights that are intended to carry a U.S. carrier's designator code would be operated by a foreign carrier from a country with an IASA category 2 rating. If a U.S. airline is seeking to establish a code-share arrangement with a foreign carrier that is from a country that does not have an IASA rating, FAA normally conducts the assessment before DOT's Office of International Aviation considers the application. When FAA lowers a country's IASA rating from category 1 to category 2, DOT's Office of International Aviation contacts any U.S. airline that has a code-share partnership with an airline from that country to advise the U.S. airline of the lowered IASA rating so that the U.S. carrier can promptly remove its code from any passenger flights operated by that airline, according to agency officials. While DOT indicated that it could, at its option, order the removal of U.S. airlines' designator codes under these circumstances, in practice, DOT has not needed to pursue that option because, when the airlines have learned about an IASA category change affecting their service, they have removed their operating codes from the foreign carrier. On four occasions since 2000, U.S. airlines have suspended their code-share arrangements with foreign airlines because FAA was questioning the capabilities of the civil aviation authorities under which the foreign airlines were operating.[Footnote 23] The program guidelines allow DOT to consider, on a case-by-case basis, continuing to authorize a U.S. airline's code- share arrangement with a foreign carrier that is from a country with an IASA rating that has been lowered from category 1 to category 2. According to FAA, this case-by-case language was included to enable DOT's Office of International Aviation to accord U.S. airlines a limited degree of flexibility needed to effectuate an orderly shutdown of their code-share services. However, DOT officials told us that they will not authorize the continuation of a code-share arrangement beyond the needs of such an orderly shutdown. FAA Reviews U.S. Airlines' Methodologies for Auditing Their Foreign Code-Share Partners: FAA will not review a U.S. airline's safety audit report on a foreign carrier until FAA has reviewed and accepted the airline's audit methodology. According to the program guidelines, the U.S. airlines' safety audit methodologies should incorporate ICAO standards on personnel licensing, aircraft operations, aircraft airworthiness, and security.[Footnote 24] The guidelines also describe how the U.S. airlines should conduct their safety audits, including what qualifications the auditors should possess, how the system for reporting and correcting findings should be devised, what audit results are satisfactory, how a safety monitoring system should be established, and how frequently audits should be conducted. At the same time, FAA officials said they provide the airlines with some flexibility in designing their audit programs, as long as the programs address all of the relevant ICAO standards. FAA reviewed and accepted an audit program for each of the eight U.S. airlines to participate in the Code-Share Safety Program. In designing their audit methodologies, some U.S. airlines include other standards and best practices, such as ones developed by DOD, in addition to the ICAO standards and recommended practices in the DOT program guidelines. Moreover, to audit the safety of their foreign code-share partners, six U.S. airlines have begun using standards from a new international safety audit program developed by IATA called the IATA Operational Safety Audit (IOSA), which incorporates the ICAO standards, plus many additional industry best practices. IOSA was developed by IATA to improve global airline safety and promote audit efficiency by reducing redundant audits. In 2004, FAA accepted the IOSA program as a methodology that would meet the Code- Share Safety Program guidelines. Under the Code-Share Safety Program guidelines, after the U.S. airlines have completed the audits and the foreign airlines have taken all corrective actions, the U.S. airlines' safety directors (or similar officials) should provide written statements to FAA, known as compliance statements, affirming that the audits were conducted in accordance with the guidelines and that the foreign carriers meet the applicable ICAO standards. According to an FAA official, U.S. airlines filed compliance statements for all of the audit reports that FAA reviewed on foreign carriers.[Footnote 25] The guidelines also indicate that to maintain their continued code-share authorizations, U.S. airlines should audit the safety of their foreign code-share partners and submit compliance statements to FAA every 2 years. We found that, for 12 out of 256 audit reports that FAA reviewed from February 2000 through the end of fiscal year 2004, FAA granted the U.S. airlines extensions of time to submit compliance statements because delays had resulted from the outbreak of Severe Acute Respiratory Syndrome (SARS), the U.S. airline planned to cancel the code-share arrangement, or the foreign carrier needed more time to implement corrective actions. FAA generally granted the extensions for between 1 and 3 months, during which time the code-share arrangements continued. TSA Clearances Reflect Security Assessments of Foreign Airlines That Provide Direct Service to the United States, Its Territories, and Certain Foreign Airports: Since 2000, DOT's Office of Intelligence and Security and Office of Policy[Footnote 26] have provided security clearances to DOT's Office of International Aviation for all U.S. airlines' proposed code-share arrangements with foreign airlines. DOT's Office of Policy receives security information on certain foreign carriers and foreign airports from TSA,[Footnote 27] which assesses the security of foreign airlines that provide direct service to the United States and its territories, as well as to certain foreign airports. TSA provided security clearances for all proposed code-share arrangements, from fiscal years 2000 through 2004, for which it had information on the foreign carriers. Because it lacks the authority,[Footnote 28] TSA does not assess the security of other foreign carriers that do not provide direct service to the United States and its territories. Twenty-nine, or about one-third, of the 85 foreign code-share partners of U.S. airlines do not provide service to the United States and its territories and therefore have not been assessed for security by TSA. DOT has also authorized U.S. airlines' code-share arrangements with foreign airlines that serve many foreign airports that TSA has not assessed for security. As a result, passengers traveling on foreign code-share partners of U.S. airlines may be traveling to certain foreign airports that could have security risks. TSA has the authority to assess the security of a foreign airport (1) served by U.S. airlines, (2) from which a foreign carrier serves the United States and its territories, or (3) that "poses a high risk of introducing danger to international air travel." Also, TSA can assess "other foreign airports the Secretary of Homeland Security considers appropriate." TSA has assessed the security of the foreign airports from which domestic and foreign airlines provide direct service to the United States and its territories. However, in addition to the foreign airports that provide direct service to the United States and its territories, the foreign code-share partners of U.S. airlines serve other foreign airports. TSA officials indicated they have begun to assess the security of other foreign airports. DOT has not always had comprehensive data on which foreign airports are being served by the foreign code-share partners, so we were unable to determine how many foreign airports have not undergone TSA security assessments.[Footnote 29] For one U.S. airline for which we had complete foreign code-share route information,[Footnote 30] we determined that the foreign partners served 128 foreign airports that did not provide direct service to the United States and its territories, and some of these 128 had yet to undergo TSA security assessments. In assessing the security of foreign airports,[Footnote 31] TSA rates them in categories and assesses airports in those categories as appropriate. DOT's Office of International Aviation, which receives TSA's security ratings through DOT's Office of Policy, authorizes code- share arrangements for U.S. airlines with foreign carriers that serve foreign airports. According to DOT security officials, it is not a problem to authorize code-share arrangements with foreign airlines regardless of category because all airports must meet ICAO security standards[Footnote 32] and are assessed appropriately.[Footnote 33] Moreover, officials from TSA and DOT noted that both U.S. and foreign airlines can be required to implement additional security measures at those airports. For example, the TSA officials described an instance in which a bombing in a Middle Eastern country resulted in the implementation of additional security measures at an airport in that country. TSA officials said that because that airport met ICAO security standards, TSA had to rely on increased security measures voluntarily implemented by the carriers to help mitigate the threat in that area. DOD Provides Additional Safety Oversight of Foreign Airlines: While not involved in DOT's code-share authorization process, DOD reviews the safety of certain foreign airlines, thereby providing an additional layer of federal oversight. The DOD Commercial Air Transportation Quality and Safety Review Program is focused on ensuring that the airlines DOD contracts with--to transport DOD personnel--meet applicable safety standards. DOD requires U.S. airlines to audit the safety of their foreign code-share partners every 2 years, on the basis of ICAO standards, and monitor the safety of their foreign partners between safety audits. In addition, DOD considers FAA's IASA ratings of foreign civil aviation authorities in determining whether to allow foreign carriers to fly on GSA city-pair routes. DOD requires that foreign airlines be assessed on the basis of standards that DOD developed called Quality and Safety Requirements, which are focused on system safety processes.[Footnote 34] According to a DOD official, these DOD standards include safety processes that are not ICAO requirements, which form the basis of the DOT program. A DOD official said, for example, that DOD requires airlines to have a safety audit program that analyzes and assesses trends of safety information, including feedback from crew members, for the purpose of enhancing safety, which is not an ICAO standard. Although DOT can suspend code- share authorizations for safety reasons, DOD can cancel, at any time, contracts with airlines that transport DOD personnel if it determines that they are not sufficiently safe. Between audits, DOD takes certain steps to monitor the safety of foreign carriers that FAA does not take, such as conducting semi-annual evaluations that include requiring foreign carriers that DOD contracts with to complete questionnaires about their safety. DOD does not consider TSA's security assessments of foreign airports in its review. DOD officials said that they were unaware of TSA's foreign airport assessments and would like TSA to provide the information for DOD to consider as part of its reviews. We found that DOD and FAA review many of the same safety audit reports on foreign airlines. During fiscal years 2001 through 2004,[Footnote 35] DOD and FAA reviewed 203 of the same reports of safety audits that U.S. airlines had conducted of their foreign code-share partners. In reviewing these same reports, DOD and FAA reached the same conclusions about the safety of the foreign carriers involved. Because DOD and FAA are reviewing many of the same audit reports, the DOT and DOD safety programs are duplicating some efforts. In its 1999 report, the DOT Inspector General recommended that, in establishing a safety program on foreign code-share partners of U.S. airlines, FAA and DOT's Office of the Secretary work closely with DOD to maximize the use of limited resources, avoid duplication, and establish protocols for exchanging information about the carriers' safety assessments. A DOD official said that he communicates frequently with FAA Code-Share Safety Program officials, and that DOD has a full-time liaison in FAA's Flight Standards Service, who meets weekly with FAA officials.[Footnote 36] However, FAA officials said that although DOD requests IASA reports on certain countries, FAA does not routinely communicate with DOD on its safety audit reviews of foreign carriers, and no set criteria spell out the circumstances under which FAA and DOD should communicate information on the safety of U.S. airlines' foreign code-share partners. When we discussed the possibility of reducing duplicative safety reviews with FAA and DOD officials, an FAA official said he did not consider their reviews to be duplicative because FAA and DOD have different objectives. The FAA official said that FAA is reviewing the reports from the perspective of a regulator, focusing on the carriers' compliance with ICAO standards. Furthermore, the FAA official questioned whether FAA or DOD could assume each others' responsibilities and report to different departments. A DOD official also said the potential for duplication should be considered from the perspective of DOD's and FAA's different objectives in conducting their reviews. The DOD official said that DOD's objective is to ensure that its requirements for transporting DOD personnel are being met. Another DOD official said that FAA and DOD are not duplicating their efforts because neither agency has the expertise to conduct its reviews from the other agency's perspective. Code-Share Safety Program Incorporates Auditing Standards, but FAA's Oversight of the Program Lacks Certain Management Controls: The Code-Share Safety Program incorporates selected government auditing standards involving independence, professional judgment, and competence. According to FAA officials, FAA and DOT's Office of the Secretary worked with the airline industry to recommend that the Code- Share Safety Program guidelines incorporate these standards. Government auditing standards provide an overall framework for ensuring that auditors be independent and exercise judgment, competence, and quality control and assurance in planning, conducting, and reporting on their work.[Footnote 37] However, FAA's management of the program did not incorporate certain internal controls,[Footnote 38] which the Office of Management and Budget requires federal managers to use in assessing the effectiveness and efficiency of operations.[Footnote 39] These controls are related to establishing reviewers' qualifications, documenting the closure of safety audit findings, verifying corrective actions taken in response to the findings, and documenting reviews. Code-Share Safety Program Incorporates Selected Government Auditing Standards: The Code-Share Safety Program guidelines recommend that the airlines incorporate certain government auditing standards in their safety audit reviews. FAA has reviewed the methodologies that the U.S. airlines follow in auditing the safety of their foreign code-share partners, which incorporate these auditing standards. Ensuring independence is critical, for example, because the U.S. airlines generally audit the safety of their foreign code-share partners themselves. Although we did not assess the airlines' compliance with the independence standard, U.S. airline officials told us that they ensure independence by separating their safety and marketing departments organizationally to prevent any possible influence from the marketing staff on the safety audit results. In addition, safety officials at the U.S. airlines participating in the Code-Share Safety Program indicated that other airline departments do not have any input into their safety audit results. Moreover, some airline safety officials said they were not aware of the specific financial arrangements involved in their airlines' code-share partnerships. The program guidelines allow the U.S. airlines to employ personnel or hire outside experts as consultants (contractors) to conduct the safety audits. FAA officials said they are not concerned about allowing the U.S. airlines to use their own employees to conduct the safety audits because of the importance to the airlines of conducting sound safety audits to limit the liability associated with establishing code-share arrangements with foreign airlines. Table 1 lists the program guidelines that incorporate the auditing standards. Table 1: Selected Government Auditing Standards Incorporated in the Code-Share Safety Program: Auditing standard: Independence: The audit organization and auditor should be free from personal, external, and organizational impairments to independence; Program guidelines: The guidelines indicate that the U.S. airlines' safety auditors should have organizational independence to perform the audits and be free to objectively report to the airlines' senior management; The guidelines indicate that U.S. airline safety directors (or similar officials) should submit compliance statements to FAA affirming that their foreign code-share partners meet international aviation safety standards; The guidelines indicate that the safety auditors should have no financial interest in or family affiliation with the foreign code-share partner airlines. Auditing standard: Professional judgment: Professional judgment should be used in planning and performing audits and in reporting the results, including exercising reasonable diligence to maintain the highest degree of integrity, objectivity, and independence; Program guidelines: The guidelines indicate that the safety audit report's content should be independent, objective, fair and constructive, free of vagueness or ambiguity, and supported by competent and relevant audit evidence. Auditing standard: Competence: Auditors should have the knowledge, skills, and experience necessary for their work, and these elements should be addressed in the hiring process and through continuous development; Program guidelines: The guidelines indicate that the safety auditors should have the qualifications needed to conduct the safety audits and analyze the findings, including relevant training, experience in conducting safety audits, and knowledge of international aviation safety standards. Source: Government Auditing Standards and Code-Share Safety Program guidelines. [End of table] FAA's Reviews of the Safety Audit Reports Lacked Certain Management Controls: We found that FAA's reviews of the safety audit reports lacked certain management controls--including establishing reviewers' qualifications, verifying corrective actions, and documenting the reviews--but did employ some management controls for monitoring and measuring performance. Management controls are the continuous processes and sanctions that federal agencies are required to use to provide reasonable assurance that their goals, objectives, and missions are being met. These controls should be an integral part of an agency's operations and include a continuous commitment to identifying and analyzing risks associated with achieving the agency's objectives, establishing program goals and evaluating outcomes, and creating and maintaining related records. Effective management controls require that personnel possess and maintain a level of competence that allows them to accomplish their assigned duties. In addition, management must identify the knowledge and skills needed for various jobs, provide needed training, and obtain a workforce that has the skills that match those necessary to achieve organizational goals. However, we found that FAA has not established competence criteria and qualifications for the personnel who review the airlines' safety audit reports. As a result, the FAA staff who are reviewing the audit reports have different backgrounds and training, which may lead to differing interpretations of the standards. The FAA headquarters official who has reviewed a large number of the safety audit reports has aviation experience as a military pilot and is trained as an ISO 9000 auditor[Footnote 40] but is not trained as an FAA inspector and was hired in an administrative capacity. Two other FAA headquarters staff who review the audit reports have been trained as aviation safety inspectors. Furthermore, five FAA field inspectors who are conducting many of the reviews[Footnote 41] have not had training in IOSA, which six U.S. airlines in the Code-Share Safety Program are now using as standards to audit the safety of their foreign code-share partners. As a result of inspectors not having this training, this could impede FAA's review of the safety audits based on those standards. Moreover, the Code-Share Safety Program manager was transferred to a new position in February 2005, leaving the position vacant since that time. As of June 2005, FAA had not authorized this position to be filled and has denied a request for another full-time staff position dedicated to the program. Since the program manager's departure, other staff in FAA's International Programs and Policy Office, which administers the Code-Share Safety Program, have reviewed the safety audit reports in addition to performing their regular duties. FAA program officials said that since the program manager was transferred to another position, U.S. airlines must wait 3 to 4 weeks for FAA to review their safety audits of foreign carriers, compared with waiting 1 day to 2 weeks before his transfer, and that U.S. airlines now must bring all of their safety audit reports to FAA in Washington, D.C., for review--a change that could hinder FAA's review of documentation, such as safety monitoring systems, that may be located at the airlines' facilities.[Footnote 42] An FAA management official said that because FAA's Flight Standards Service,[Footnote 43] of which the Code-Share Safety Program is a part, imposed a hiring freeze in January 2005 for budgetary reasons, only critical positions are being replaced. The official said that because the vacant position for the Code-Share Safety Program was not considered to be critical, it was not filled. Effective management controls also require the establishment of policies and procedures to verify that corrective actions have been taken in response to identified problems. According to FAA and airline officials, FAA staff review each audit report for about 2 to 4 hours, identifying any areas that need further clarification or resolution. Although FAA staff review the reports of all audits that U.S. airlines have conducted of their foreign code-share partners, normally they only spot check whether findings that were identified during the audit were resolved. According to an FAA safety official, FAA relies on the U.S. airlines' compliance statements, signed by the airlines' safety directors, which affirm that the audits were conducted in accordance with the guidelines and that the foreign carriers met the applicable ICAO standards, as proof that all findings have been resolved. However, FAA's reliance on the compliance statements may not provide an effective management control to ensure that corrective actions have been taken in response to audit findings. For example, we found that FAA provided a memorandum of no objection to DOT's Office of International Aviation about a foreign code-share partner that, according to an official from its U.S. partner, had not implemented all of the corrective actions needed to resolve the findings. The safety audit identified dozens of findings, many of which were also found in a second audit 2 years later and, according to the airline, subsequently corrected. Furthermore, because FAA has not provided its reviewers or the airlines with a standard definition of "safety-critical" findings that must be corrected before the audit can be closed, it is unknown whether these open findings were safety critical. Moreover, the reasonableness of leaving open dozens of safety audit findings is questionable, as is FAA's reliance on the airlines' compliance statements as proof that all corrective actions have been made. Although the U.S. carrier temporarily suspended the code-share arrangement with this foreign carrier, FAA officials said the suspension occurred because of FAA's concern about the safety oversight of that foreign airline's civil aviation authority, not because of the number of audit findings or their lack of closure. FAA uses compliance statements, which are based on the safety audit results, as reasonable assurance that the foreign airlines meet ICAO safety standards. However, FAA's reliance on compliance statements may not provide such assurance because FAA has accepted compliance statements as proof that the carriers met ICAO safety standards, even in situations when it questioned the audit results. For example, FAA provided memorandums of no objection to DOT's Office of International Aviation that were based on safety audits conducted by one airline contractor over a 4-year period, many of which did not identify any findings,[Footnote 44] even though an FAA official told us that he had discussed with the airline FAA's concern about the number of audits that did not identify any findings.[Footnote 45] According to the Code-Share Safety Program guidelines, U.S. airlines should not submit compliance statements to FAA until all corrective actions have been completed; the statements should not be predicated on future actions that are planned to be completed. However, FAA officials said that they allow "nonsafety-critical" findings identified during the audit, such as deficiencies in personnel training and omissions in manuals, to be addressed later. Because FAA has not provided the airlines with a standard definition of "safety-critical" findings that must be corrected before the audit can be closed, airlines could interpret the term inconsistently in documenting and resolving corrective actions. An FAA official indicated that developing a definition of safety critical would be difficult and time consuming. An aviation safety expert we consulted said that a definition of safety critical would require considerable study and criteria development because situations can be critical to safety in many ways. He added that a well-trained and experienced aviation safety inspector could identify a safety-critical situation. However, this same expert suggested that, as a quality assurance measure, FAA select several audits each year and check the underlying documentation in depth. Similarly, the DOT Inspector General recommended in 1999 that FAA conduct comprehensive audits of a sample of safety audits to confirm that carriers have applied agreed-upon standards and procedures in conducting the audits.[Footnote 46] However, even if FAA were to conduct such comprehensive audits, without a definition of safety- critical findings, the agency would still lack assurance that safety- critical findings were identified and resolved. FAA indicated that from August 2003 through July 2004,[Footnote 47] 18 of the 50 audit reports on foreign airlines it reviewed were returned to U.S. carriers for further action and 4 were placed on hold pending the outcome of IASA reviews; the other 31 foreign carriers received memorandums of no objection. Furthermore, FAA officials said that, according to anecdotal information from some U.S. carriers, too many safety concerns were identified during some safety audits for the carriers to proceed with applications for code-share authorization. However, FAA officials said they do not know how many times the safety audits have prevented airlines that pose safety concerns from becoming code-share partners with U.S. airlines. In addition, effective management controls require that documentation be created and maintained to provide evidence of executing approvals, authorizations, verifications, and performance reviews. FAA devised a checklist for agency staff to complete while reviewing safety audit reports to check for compliance with the program guidelines, record information about findings, or report irregularities. FAA officials said that the checklist was developed to establish and maintain consistency in reviewing the audit reports. However, we found that the checklist did not consistently document what actions FAA took when reviewing the airlines' audit reports, which findings it reviewed, and which corrective actions it verified were implemented. For example, in some cases, the checklist provided information about the closure of findings, but in other cases, no information was recorded about closure. FAA officials said that portions of the checklist may be left blank until the FAA reviewer has completed discussions with the airline and answered all of the concerns to his or her satisfaction, at which time the FAA reviewer will note that no irregularities were found. Officials said that in such cases, the checklist would not capture this process. However, not completing this information could hinder future reviews of the same airline by impeding comparisons between audits. Furthermore, because FAA often lacked documentation that it had verified the closure of findings, we were unable to determine how frequently FAA may have provided memorandums of no objection on foreign carriers that had not implemented all corrective actions in response to the findings, as occurred in the example discussed earlier. Effective management controls also include monitoring to assess the quality of performance over time. Management controls generally should be designed to ensure ongoing monitoring during normal operations and include regular management and supervisory activities, comparisons, reconciliations, and other actions people take in performing their duties. FAA officials said that the manager of the International Programs and Policy Division, which is responsible for administering the Code-Share Safety Program and is part of FAA's Flight Standards Service, is briefed by the Code-Share Safety Program staff on the results of their safety audit reviews before a recommendation is made to the Director of Flight Standards to sign the memorandums of no objection that are sent to DOT's Office of International Aviation. This procedure allows the International Programs and Policy Division manager to monitor the results and the decision-making processes involved. In addition to reviewing the audit reports, FAA monitors the safety of foreign carriers through other sources of information. FAA officials said they also review any accident and incident information from aviation safety databases, company financial histories, ICAO reports on the countries' civil aviation authorities,[Footnote 48] media reports, ramp inspection results,[Footnote 49] and information from FAA international field offices about their inspections of foreign aircraft when these aircraft enter the United States.[Footnote 50] According to the Code-Share Safety Program guidelines, the U.S. airlines participating in the program should have a process to monitor the safety of their foreign code-share partners on an ongoing basis, and FAA should review this monitoring process. FAA officials said they have reviewed the monitoring systems at seven of the eight U.S. airlines participating in the program.[Footnote 51] However, FAA had not documented its reviews of the monitoring systems, so we were unable to verify that activity. Furthermore, safety officials at three of the eight U.S. airlines said FAA had not reviewed their monitoring systems.[Footnote 52] Without an FAA review, deficiencies in these monitoring systems might not be identified. FAA does not maintain information on the types and frequencies of audit findings to provide a means of comparing the findings from initial and recurrent audits of the same airline, or perform trend analysis that could help identify problems across airlines or fleets. Trend analyses would be useful for monitoring, on an ongoing basis, the effectiveness of FAA's internal quality control system. FAA officials said the checklists are not used for tracking or trend analysis and that FAA does not formally examine either the safety problems occurring most often or the geographic areas where problems are occurring most frequently. However, the officials said that the FAA program manager does want to have a general idea of the types of problems being found, and the checklist provides this information informally. According to one FAA official, the purpose of the checklist is to ensure that the DOT guidelines are met, rather than to create a database of findings. In our view, not maintaining such documentation could impede analyses of trends and comparisons of findings, as well as limit opportunities for assessing risks and prevents determining whether FAA reviewed those findings. Establishing performance measures is another component of effective management controls. The Government Performance and Results Act of 1993 requires agencies to, among other things, set strategic and annual performance goals, and measure and report on performance toward these goals. Management controls play a significant role in helping managers achieve those goals. FAA has established certain performance goals for the Code-Share Safety Program, including reviewing at least 40 safety audit reports during fiscal year 2004. FAA exceeded this goal by completing 57 reviews. In addition, FAA set a performance goal of meeting with major U.S. air carriers to request feedback on the Code- Share Safety Program. FAA met this goal in 2004. U.S. Airlines Are Auditing Foreign Partners' Safety, and Partners Are Taking Corrective Action, but Documentation of Corrective Actions Is Often Lacking: The eight U.S. airlines participating in the Code-Share Safety Program have conducted the safety audits of their foreign code-share partners and have monitored the safety of their code-share partners between audits, as specified under the guidelines. Through those audits, the U.S. airlines have identified numerous safety issues associated with their foreign partners' operations. After completing the audits, the U.S. airlines have submitted written statements to FAA affirming their foreign code-share partners' compliance with ICAO standards, as specified under the guidelines. However, the U.S. airlines have not always documented the implementation of actions taken in response to the findings. Many airlines are now moving to adopt the international safety audit program, IOSA, which contains procedures that would help to ensure that corrective actions implemented in response to audit findings are documented. Most U.S. airline officials said they believe the Code-Share Safety Program provides reasonable assurance of safety or is effective, but some officials also suggested various changes in its administration. U.S. Airlines' Safety Audits Primarily Identified Findings in Foreign Partners' Flight Operations and Maintenance and Engineering: The U.S. airlines participating in the Code-Share Safety Program have been assessing the safety of their foreign code-share partners at least every 2 years, as the guidelines specify.[Footnote 53] We estimate, based on the results of our sample of 149 randomly selected safety audit reports, that there are 2,047 findings among the audits that the eight U.S. airlines conducted of foreign carriers, which FAA reviewed from February 2000 through September 2004.[Footnote 54] The program guidelines define a finding as an instance in which "the performance of the standard does not meet the established criteria" under ICAO standards. We estimate that 75 percent of the audits of foreign carriers that the eight U.S. airlines conducted of foreign carriers and that FAA reviewed from February 2000 through September 2004 contained at least one finding. Airline officials told us that most findings related to a lack of documentation. Documentation is important to ensure the implementation of management controls, which should appear, for example, in management directives and operating manuals. However, we found that many of the safety audit findings were broader in scope than a lack of documentation and extended to a lack of underlying policies and procedures. We further estimate that findings related to deficiencies in policies and procedures accounted for 23 percent[Footnote 55] of all findings. The audits reviewed the carriers' compliance in eight major categories (organization, flight operations, flight dispatch, maintenance and engineering, cabin operations, cargo and dangerous goods, ground handling, and security).[Footnote 56] As shown in figure 5, the findings spanned all eight categories, but the largest numbers were in two categories: (1) flight operations, which govern the activities of the pilots, including training, and (2) maintenance and engineering, which involves the oversight of activities to maintain, repair, and overhaul aircraft, aircraft engines, and parts. In the flight operations category, the findings included a lack of drug and alcohol testing policies and a lack of documentation on flight time and rest requirements for flight personnel. In the maintenance and engineering category, one common type of finding related to the maintenance and calibration of tools and supplies, which could affect safety. Figure 5: Percentage of Findings by Audit Category: [See PDF for image] Note: Percentages do not total to 100 because of rounding. [End of figure] Airlines Submitted Compliance Statements to FAA but Did Not Always Document the Closure of Findings: After U.S. airlines completed their audits, their safety directors submitted statements to FAA affirming their foreign code-share partners' compliance with ICAO standards. FAA officials said they rely on these compliance statements as the primary evidence that the foreign code-share partners of U.S. airlines have resolved all safety-critical findings. However, on the basis of our review of a sample of the audit reports, we estimate that, for 68 percent of the identified findings,[Footnote 57] the documentation was insufficient to demonstrate that the findings had been closed or were resolved. Specifically, the documentation either failed to indicate at least one of the following three elements:[Footnote 58] (1) what corrective action was taken, (2) who accepted the corrective action, and (3) when the corrective action was accepted or the documentation was insufficient to determine whether the findings were closed. An estimated 28 percent[Footnote 59] of the audit reports that contained findings had at least one finding that lacked all three elements documenting corrective actions.[Footnote 60] The Code-Share Safety Program guidelines do not indicate that U.S. airlines should have documentation available for FAA's review to provide evidence of what corrective action was taken, who accepted the action, and when the action occurred in response to the findings identified in audits of their foreign code-share partners.[Footnote 61] We asked the eight U.S. airlines participating in the Code-Share Safety Program what types of systems they were using to track any findings that were not resolved when the safety audit was complete. We found that three of the U.S. airlines were using computer systems to track the closure of such open findings; three other airlines had computer systems that could track the closure of findings, but their foreign partners had no open findings; and two airlines indicated that they did not have systems to track open findings because their foreign partners did not have any open findings. At one U.S. airline that was using a computer system to track open findings, officials said that a computer malfunction resulted in the loss of 6 months of data.[Footnote 62] An official from this airline said that before 2004, the airline coordinated closure of any findings directly with the contractor. When asked to produce this information, the airline did not have finding closure documentation available for audits conducted before 2004. This contractor said that although his firm was asked a few times by the U.S. carrier to check on the closure of audit findings by its foreign partner, the U.S. airline was responsible for tracking the closure of findings. Airlines also lacked documentation on the closure of findings in part because an unknown number of findings were closed on-site during the audits and not documented. The FAA program manager said he discouraged closing out findings on-site without documentation during the audits because it does not leave an audit trail about what findings were identified. Documentation provides a record of the execution of management controls which, in this situation, relate to the implementation of corrective actions. We estimate that 25 percent of the audits were closed with no findings identified. According to an FAA official, audits that identify no findings are questionable because the airlines must comply with so many requirements under either ICAO or IOSA standards. One U.S. airline used a contractor to conduct 31 of the audits of foreign airlines in our sample from 1999 through 2003, over half of which identified no findings.[Footnote 63] As described earlier, an FAA official told us that he had discussed with the airline FAA's concern about the number of audits conducted by the contractor that did not identify any findings. The FAA official also said that he helped the airline revise its approach to conducting the audits as a part of its internal evaluation program. The contractor told us that it is common for the safety audits not to identify findings because the airlines have prepared for the audit, and the audit findings are sometimes resolved on the spot. The contractor also said that his firm often recommended best practices that the foreign carriers could implement, but these recommendations did not relate to violations of ICAO standards and, thus, were not considered to be findings. Furthermore, this contractor said that a representative from the U.S. airline, who accompanied the contractor's auditors on the audits, kept the U.S. airline informed. U.S. Airlines Also Monitor the Safety of Their Foreign Partners between Audits: The eight U.S. airlines participating in the Code-Share Safety Program have processes to monitor the safety of their foreign code-share partners on an ongoing basis, including their accident and incident rates, financial condition, equipment age, labor issues, and other issues, as called for in the program guidelines. Safety officials from the eight U.S. airlines said that, to their knowledge, no fatal accidents had occurred on their foreign code-share routes since the Code-Share Safety Program began in 2000. We observed the systems and information sources that each U.S. airline used for monitoring. Airline officials showed us, for example, safety questionnaires that they sent to their code-share partners between formal safety audits, news subscription services, and aviation safety Web sites. Some airline officials also said they occasionally made on-site visits to monitor their partners' safety. The airlines also indicated that they monitor any accident and incident data for their code-share partners. According to a safety official at one U.S. airline, a carrier's past accident and incident record does not conclusively prove that a safety problem exists, but it can be an indicator of other deficiencies, such as gaps in training. Some officials from airlines that are part of global alliances also said that they share safety information about their mutual foreign code-share partners. Four U.S. airlines had created computer databases to maintain this monitoring information while the other four maintained paper files. Use of International Safety Audit Program May Address Some Weaknesses in the U.S. Safety Audit Program: As U.S. airlines and their foreign code-share partners begin to use IOSA--a new safety audit program developed by IATA--some of the weaknesses that we observed in the Code-Share Safety Program may be addressed, and U.S. airlines may receive other benefits. Increased use of IOSAs may help to ensure that audit findings are resolved and corrective actions implemented. IOSA requires that findings that are identified during the audit be documented, excluding those that are corrected immediately on-site during an audit.[Footnote 64] In addition, IOSA requires documentation of closure for findings, including the three elements we identified--(1) a description of the corrective actions taken, (2) who accepted the corrective actions, and (3) when the corrective action was accepted--as well as the reasoning used by the auditing organization to clear the findings. As noted, documentation of one or more of these elements was missing, or it could not be determined if elements were missing for an estimated 68 percent of the audit findings. Six of the eight U.S. airlines use IOSA standards to audit the safety of their foreign code-share partners, one may do so in the future, and one does not plan to use the standards to audit the safety of its foreign code-share partner.[Footnote 65] Moreover, according to some airline officials, U.S. airlines have a financial incentive to encourage their foreign code-share partners to undergo IOSAs because the auditing costs[Footnote 66] are shifted from the U.S. airline to its foreign partner. However, not all U.S. airlines plan to require IOSAs of their foreign code-share partners.[Footnote 67] For example, officials from one U.S. airline said that IOSAs may be too expensive for some small foreign carriers. Similarly, officials at another U.S. airline said that IOSAs are applicable to airlines with large fleets and major processes but may not be practical for smaller airlines. Officials at a third U.S. airline said they preferred to continue conducting the safety audits themselves, rather than using an auditing organization selected by IATA, because they wanted the assurance of examining their partners' operations in person, rather than relying on an external organization. Finally, increased use of IOSAs may help standardize aviation safety auditing and streamline FAA's review of audit reports. Under the IOSA program, the airlines can obtain the audit results of their mutual code- share partners. Of the eight U.S. airlines with foreign code-share partners, six share 18 of the same foreign code-share partners. FAA recently allowed U.S. airlines to submit for review audit reports that other U.S. airlines had conducted on a shared foreign code-share partner.[Footnote 68] Some U.S. airlines, as members of global airline alliances, plan to share their audit reports of foreign partners and reduce duplicative audits.[Footnote 69] The IOSA program should make it easier for airlines that are not in such alliances to share audit reports.[Footnote 70] Increased sharing of the reports could reduce the number of safety audits that the U.S. airlines would need to conduct of their foreign partners and could thus reduce the number of reports that FAA would need to review. Most U.S. Airline Officials Believe the Code-Share Safety Program Provides a Reasonable Assurance of Safety: Officials at most U.S. airlines participating in the Code-Share Safety Program told us they believe that the program provides reasonable assurance of safety concerning their foreign code-share partners or is effective. One airline official described the program as an "ingenious technique" that has had the effect of raising aviation safety standards worldwide by ensuring that safety issues will be resolved. This airline official said that some foreign airlines, seeking to become code-share partners of U.S. airlines, have restructured programs, rewritten manuals, and instituted new management techniques--evidence, he said, of the program's effectiveness. Another U.S. airline official said that, without the Code-Share Safety Program, U.S. airlines might not conduct safety audits of their foreign code-share partners. An official at another U.S. airline said the Code-Share Safety Program is a means to ensure that a carrier meets minimum ICAO-based international aviation safety standards and that the IOSA program creates a baseline of auditing standards to be followed worldwide. However, the official said that a safety audit, whether conducted by an auditing organization selected by IOSA or a U.S. airline, is only a snapshot of the carrier for the period in which the audit is conducted. The airline official said that the carrier's actions before the audit or after the audit may differ and cannot be adequately evaluated until additional safety information is collected from the carrier between safety audits or until the next safety audit. An official at another U.S. airline participating in the Code-Share Safety Program said that although a safety audit provides a very good assessment of an airline's compliance with aviation safety standards, it does not guarantee the safety of the carrier's operations. This official added that even if a safety audit were conducted on a carrier monthly, it would not guarantee that the carrier would never have an accident. Furthermore, an official at another U.S. airline said that the Code-Share Safety Program is not necessarily required to provide reasonable assurance of safety concerning the foreign code-share partners of U.S. airlines and that the airline does not necessarily believe that formal, FAA-approved safety audits are the only way to gain such assurance. This airline official said that U.S. airlines should not be required to conduct safety audits of foreign airlines that are operating out of countries that FAA rated as IASA category 1 and that U.S. airlines should be able to choose whether to conduct safety audits in countries that FAA has rated as IASA category 2 or has not rated. This airline official added that while the U.S. airline may continue to audit its partners on its own, it does not believe that FAA should oversee this process. However, an FAA IASA program official told us that the IASA program focuses on the capabilities of the foreign civil aviation authorities and does not ensure the safety of any carriers operating in IASA category 1 countries. This FAA official also said that inconsistencies in aviation safety oversight can exist throughout the world, even in countries with "higher" standards, and that some countries exceed ICAO standards, while others do not. A safety official at one U.S. airline said he believed that the Code- Share Safety Program guidelines should be made regulations. Although officials from DOT's Office of International Aviation and FAA said that making the program regulatory is not needed because it is working well, this airline safety official said that making the program regulatory would allow requirements to be applied more evenly to all airlines participating in the program. This airline official added that DOT is requiring the guidelines to be followed and therefore they are regulations in practice. A safety official at another U.S. airline questioned why DOT requires "guidelines" to be followed. He said that if DOT wants "rigid compliance" with the guidelines, it should make the program regulatory. A safety official at a third U.S. airline said the program's requirements should be standardized, noting that, for example, FAA was inconsistent about its requirements for reviewing auditors' qualifications. An aviation safety expert we consulted also said that the program should be made regulatory, observing that both the Code-Share Safety Program and IASA suffer from a "lack of regulatory teeth" and that making them regulatory would provide clarity to the DOT requirements, which he said are "mere policies." At the same time, this expert said that although the program is not regulatory, the Code-Share Safety Program guidelines clearly lay out what is expected of the airlines and set the standards that must be met. He added that under the guidelines, U.S. airlines are held accountable for the safety of their foreign code-share partners. Finally, officials at two airlines said that they would like FAA to provide a definition of safety critical or to define when an audit is considered to be closed so that it would be clear which findings must be resolved before closing an audit and submitting a compliance statement. As noted, FAA officials said that they allow nonsafety- critical findings identified during the audits to be addressed after the code-share arrangement is authorized. Conclusions: The safety of foreign code-share partners of U.S. airlines is important because several million people fly on those foreign carriers using tickets purchased from U.S. airlines each year. Under the Code-Share Safety Program, the U.S. airlines are auditing the safety of their foreign code-share partners and identifying safety concerns, which the foreign carriers are addressing. However, FAA's reviews of the safety audit reports lack management controls for establishing reviewers' qualifications, verifying corrective actions, and documenting the reviews. FAA, for example, has not established the qualifications needed to review safety audit reports, and FAA field inspectors, who are reviewing many of the safety audit reports, have not been trained in the IOSA program--potentially impeding FAA's review of audits that were conducted using those standards. In addition, the program guidelines do not provide clear direction to the U.S. airlines and FAA reviewers on which concerns are critical to safety and must be addressed before DOT's Office of International Aviation will authorize or reauthorize a code-share arrangement. Without a definition of safety- critical concerns and complete documentation of the closure of findings, FAA lacks clear criteria for responding to requests from DOT's Office of International Aviation about the safety of foreign carriers and lacks assurance that safety-critical concerns have been addressed. Furthermore, FAA is not using effective management controls when it fails to document its reviews of the airlines' safety audit reports. Without complete documentation, a determination cannot be made of what actions FAA took when reviewing the reports, which findings it reviewed, and which corrective actions it verified were implemented. Because documentation on FAA's verification of the closure of findings was often lacking, we were unable to determine how frequently FAA may have failed to object to the authorization of code-share arrangements with foreign carriers that had not implemented all corrective actions in response to the findings. FAA also has not implemented a DOT Inspector General's recommendation that it conduct a comprehensive examination of a sample of audit reports to verify the underlying documentation. Furthermore, FAA's not collecting and tracking safety audit findings is an obstacle to conducting trend analysis or spotting anomalies. The airlines' increasing adoption of the IOSA program as a worldwide safety auditing standard is likely to change how FAA conducts its safety reviews of foreign code-share partners of U.S. airlines. Moreover, IOSA requires that actions to correct all findings, except those that are corrected during an audit, be documented--a requirement that is lacking in FAA's program. However, the adoption of the IOSA program is likely to be gradual, given that, as of June 2005, 66 of IATA's 265 members had completed the program. Finally, although DOD and FAA officials said they have different program objectives, the two federal agencies are nevertheless duplicating efforts by reviewing many of the same audit reports. In addition, DOD is not receiving the foreign airport security assessment information from TSA that DOT is receiving. TSA's information would provide DOD with more complete data for its safety reviews. Recommendations: To improve the safety oversight of foreign code-share operations, we recommend that the Secretary of Transportation direct the FAA Administrator to implement the following three recommendations: 1. Revise the Code-Share Safety Program guidelines to improve the effectiveness of the program and the clarity of the procedures that the airlines should follow in documenting and closing out safety audit findings. Because the audit guidelines indicate that the airlines should not submit compliance statements until all corrective actions have been completed, but FAA is allowing the airlines to resolve "nonsafety-critical" findings later, FAA should consider either following that guideline or defining "safety-critical" audit findings, so that the airlines and FAA reviewers know which types of findings must be corrected before submitting the compliance statements. 2. Develop mechanisms to enhance FAA's management controls over its reviews of the safety audit reports. In developing the mechanisms, FAA should consider standardizing the qualifications and training needed for agency staff to review the airlines' safety audit reports; identifying ways to document its reviews of the airlines' safety audit reports; increasing the scrutiny of audit reports that have an unusually high or low number of findings, periodically selecting a sample of safety audits to conduct a comprehensive review of the underlying documentation collected; and collecting and analyzing information on the audit findings for the foreign code-share partners of U.S. airlines so that the data can be more easily quantified and analyzed to spot possible trends and anomalies, should FAA decide such analyses are needed. 3. Finally, explore with DOD potential opportunities to reduce duplication of efforts in reviewing the same safety audit reports. Because security is an important component of assessing airline safety, to improve DOD's oversight of foreign carriers that transport DOD personnel, we also recommend that the Secretary of Homeland Security direct the Assistant Secretary of Homeland Security for TSA to develop a process of routinely coordinating with DOD regarding information on the security of foreign airports for DOD to consider in reviewing the safety of foreign airlines. Such a process could be documented in a memorandum of understanding or other written procedures to ensure such coordination. Agency Comments: We provided drafts of this report to the Department of Homeland Security, (DHS), DOD, and DOT. DHS provided written comments, agreeing with our recommendation regarding TSA. DHS's comments are reprinted in appendix III. DOD provided no comments on our findings or recommendations. DOD and DOT provided some technical clarifications, which we incorporated into this report as appropriate. We received comments from DOT officials, including FAA's Deputy Associate Administrator for Aviation Safety. FAA generally agreed with the report and agreed to consider our recommendations. In addition, FAA provided comments on the Code-Share Safety Program, emphasizing that it is a collaborative effort between DOT's Office of the Secretary, FAA, and the air carriers. FAA officials also said that the program established guidelines for approving international code-share operations, with the intent of encouraging the highest possible levels of safety for international code-share operations. According to FAA, the program outlines the necessary steps that U.S. air carriers must follow in seeking approval from DOT to conduct code-share operations with foreign air carriers. The officials added that the Code-Share Safety Program charges U.S. air carriers with the primary responsibility for ensuring that their foreign code-share partners comply with applicable international aviation standards. As agreed with your office, unless you announce the contents of this report earlier, we plan no further distribution until 30 days from the date of this letter. At that time, we will send copies of this report to interested congressional committees; the Secretary of Transportation; the Administrator of FAA; the Secretary of Defense; the Secretary of Homeland Security; and the Assistant Secretary of Homeland Security for the Transportation Security Administration. Copies will also be available to others upon request and at no cost on GAO's Web site at [Hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please call me at (202) 512-2834 or [Hyperlink, dillinghamg@gao.gov]. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix IV. Sincerely yours, Signed by: Gerald L. Dillingham, Ph.D. Director, Physical Infrastructure Issues: [End of section] Appendixes: Appendix I: Objectives, Scope, and Methodology: Our objective was to review the measures that the federal government is taking to provide reasonable assurance of safety and security when passengers travel on flights operated by the foreign code-share partners of U.S. airlines. To accomplish this, we reviewed (1) the extent to which the Department of Transportation's (DOT) authorization of U.S. airlines' code-share arrangements with foreign airlines is designed to consider safety and security, (2) how well FAA has managed the Code-Share Safety Program, and (3) the extent to which U.S. airlines have implemented the Code-Share Safety Program, and the results of their efforts. To determine how safety and security are considered in DOT's authorization of U.S. airlines' code-share arrangements with foreign airlines, we interviewed officials at DOT's Office of International Aviation, Federal Aviation Administration (FAA), Transportation Security Administration (TSA), and the Department of Justice (DOJ) and reviewed the Code-Share Safety Program guidelines and related program documentation, applicable international aviation safety standards, and relevant legal authorities. Our review covered the U.S. airlines' code- share partnerships with foreign carriers that DOT authorized from February 2000, when the Code-Share Safety Program began, through fiscal year 2004.[Footnote 71] At DOT, we interviewed the officials who decide whether to authorize such partnerships about the authorization process, their sources of information, and how often they authorize the partnerships. To gain a better understanding of the authorization process and the information considered, we also reviewed a sample of code-share applications that U.S. airlines had filed to establish code- share partnerships with foreign carriers. Our sample consisted of one randomly selected application filed by each of the eight U.S. airlines participating in the Code-Share Safety Program. We also interviewed DOT security officials about how they provide security clearances for foreign carriers and how often they have provided those clearances for code-share authorization. Because TSA was the source of aviation security information for DOT, we interviewed TSA officials about how they assess the security of foreign airlines and airports. We also reviewed data from TSA about the results and frequency of its security assessments of foreign airports and related legal authorities. Based on our understanding of the data through interviews with TSA officials, we determined that the data were sufficiently reliable for our purposes. In addition, we interviewed DOT officials who review the competitive aspects of the code-share arrangements about how they conduct their reviews and how often they have provided those clearances for code-share authorization. Because these DOT officials received advice from DOJ on potential antitrust issues involving the code-share partnerships, we also interviewed DOJ officials who provided that advice about their process and sources of information. At FAA, we interviewed officials about how they assess the capabilities of foreign civil aviation authorities through the International Aviation Safety Assessment (IASA) program and how those assessments relate to the Code-Share Safety Program. We also analyzed data on the results and frequency of IASA reviews since the Code-Share Safety Program was initiated. Based on our understanding of the data through interviews with FAA officials, we determined that the data were sufficiently reliable for our purposes. We reviewed documentation that FAA staff had prepared when they reviewed the airlines' safety audit reports to determine how they documented their reviews. We also discussed with FAA officials how often FAA provided memorandums of no objection to DOT's Office of International Aviation to support U.S. airlines' applications for code-share arrangements with foreign carriers. Because the Code-Share Safety Program was designed to assess foreign airlines' compliance with aviation safety standards established by International Civil Aviation Organization (ICAO), we interviewed ICAO officials about the standards, related international aviation safety issues, and the ICAO Universal Safety Oversight Audit Program, which assesses the capabilities of countries' civil aviation authorities. In addition, because many airlines are planning to use a new international safety audit program--the International Air Transport Association's (IATA) Operational Safety Assessment (IOSA) program--to assess the safety of their foreign partners, we interviewed IATA officials about how the program was developed, how airlines plan to implement it, and how it could affect the Code-Share Safety Program. For background information on how aviation safety varies internationally, we obtained data from IATA on aviation accident rates for different world regions. We did not review the reliability of IATA's aviation accident data because we used this information only for background purposes. We also interviewed officials from the Air Transport Association--a U.S. airline association--about its involvement in establishing the DOD safety audit program and its views on the Code-Share Safety Program and FAA's IASA program. Finally, because we found during our review that DOD had also established a program for reviewing the safety of foreign carriers, we interviewed DOD officials about the design and implementation of its program. In addition, we obtained information about the safety audit reports that DOD had reviewed from fiscal year 2001 through fiscal year 2004 and the results, which we compared with the results of those that FAA reviewed. We also discussed with FAA and DOD officials the extent to which they have coordinated their efforts. To determine how well FAA has managed the Code-Share Safety Program, we evaluated whether DOT's Office of the Secretary and FAA incorporated selected government auditing standards in the program's design and whether FAA effectively used management controls in reviewing the safety audit reports. Because the Code-Share Safety Program establishes an audit program, we reviewed whether the program's design, as reflected in the program guidelines, conforms to certain standards identified in Government Auditing Standards.[Footnote 72] We reviewed selected general standards[Footnote 73] that are contained in Government Auditing Standards (independence, professional judgment, and competence) to assess the program's design. Although we examined the audit methodologies that the U.S. airlines had developed and submitted to FAA for review, we did not review them for conformance with government auditing standards because FAA had already conducted this review as a condition of accepting the U.S. airlines' participation in the program. In addition, because we were evaluating the management of a government program, we examined FAA's application of management controls, which is synonymous with the term "internal controls," in its reviews of the safety audit reports using Standards for Internal Control in the Federal Government.[Footnote 74] We selected the management controls that were applicable to FAA's review of the audit reports for establishing reviewers' qualifications, verifying corrective actions, documenting the reviews, and monitoring and measuring performance. We also reviewed the recommendations contained in a 1999 DOT Office of the Inspector General report on aviation safety under international code-share agreements to determine whether and to what extent the report's recommendations--about how a code-share safety audit program should be designed--were implemented. To determine the extent to which U.S. airlines have implemented the Code-Share Safety Program and the results, we interviewed officials at the eight U.S. airlines that were participating in the program about how they were assessing the safety of their foreign partners and reviewed a sample of the reports. We drew a stratified random probability sample of 153 reports of audits conducted by U.S. airlines of their foreign code-share partners. This sample was drawn from a population of documentation maintained by FAA for the 242 audit reports that the agency had reviewed from February 2000 through September 2004. Of these 153 sampled audits, 2 were out of scope because the airlines withdrew them from consideration and 2 were in scope, but we did not complete our reviews of these reports. We ultimately collected information for 149 in-scope audits. With this probability sample, each audit report in the study population had a positive probability of being selected, and that probability could be computed for any audit. We stratified the population into nine groups on the basis of the U.S. airline conducting the audit, and further, for some of those airlines, whether the foreign airlines being audited were code-share partners with more than one U.S. airline or whether FAA's records of its reviews of the audit reports contained comments about the findings. Each sampled audit was subsequently weighted in the analysis to statistically account for all of the audits in the study population, including those that were not selected. During our audit work, three airlines provided information about a total of 14 additional audit reports that, according to the airlines, FAA had reviewed. These 14 audits were not included in the population from which we drew our sample because FAA's files did not contain information about them. Estimates generated in this report pertain only to the 242 audit reports that, according to FAA's files, the agency reviewed. Because we followed a probability procedure based on random selections, our sample is only one of a large number of samples that we might have drawn. Since each sample could have provided different estimates, we express our confidence in the precision of our particular sample's results in 95-percent confidence intervals. These are intervals that would contain the actual population values for 95 percent of the samples we could have drawn. As a result, we are 95-percent confident that each of the confidence intervals in this report will contain the true values in the study population. All percentage estimates from the sample of audits have sampling margins of error of plus or minus 10 percentage points or less unless otherwise noted. All numerical estimates other than percentages have margins of error of plus or minus 10 percent of the value of those estimates or less unless otherwise noted. We did not determine whether the airlines complied with international aviation safety standards. However, we performed a content analysis of the audit reports in our sample to determine what types of safety findings were identified regarding the foreign carriers. We recorded the findings and grouped them into eight categories: (1) organization, (2) flight operations, (3) flight dispatch, (4) maintenance and engineering, (5) cabin operations, (6) cargo and dangerous goods, (7) ground handling, and (8) security--because the reports were generally organized into those categories. We then further divided those eight categories into at least six issue subcategories. Two coders independently categorized each finding, and any coding disagreements were resolved between the coders or by a third reviewer. During our review of the audit reports, we also attempted to determine whether corrective actions taken in response to the findings were documented. To accomplish this, we looked for evidence of (1) what corrective action was taken, (2) who accepted the corrective action, and (3) when the corrective action was accepted. We considered these three elements to be sufficient evidence of documentation after observing how some airlines had documented the closure of findings and by reviewing Government Auditing Standards, which indicate that auditors should examine whether recommendations from previous audits have been implemented, and from Standards for Internal Control in the Federal Government, which require management to determine whether proper actions have been taken in response to findings and audit recommendations. In addition to reviewing the audit reports at the airlines, we interviewed safety officials (typically the safety directors) at all eight U.S. airlines participating in the Code-Share Safety Program about how they assess the safety of their foreign code-share partners, including how they plan, carry out, and close the audits, as well as monitor the safety of their foreign partners between audits.[Footnote 75] We also observed the monitoring systems that they had implemented, as the program guidelines require, and sources of information that they used to monitor the safety of their foreign code-share partners. In addition, we asked the U.S. airline safety officials about their program-related interactions with FAA and DOT's Office of International Aviation, whether and how they believe the program could be improved, and what they thought about the implications of the airlines' increased adoption of IOSA by as an international aviation safety audit program. We also obtained the views of an aviation safety expert about the Code- Share Safety Program. We selected this expert because of his experience in aviation safety, which included helping to design FAA's IASA program. Because some airlines had used contractors to conduct safety audits of their foreign code-share partners, we interviewed one contractor who said that he had conducted or helped to conduct safety audits for five of the eight U.S. airlines in the Code-Share Safety Program about how his firm conducted the audits and the qualifications of his staff. Finally, for background information on the extent to which passengers are traveling on foreign code-share partners of U.S. airlines, we asked the eight U.S. airlines to provide such data from 2000 through 2004[Footnote 76] using the same methodology, which was based on the number of tickets that the U.S. airlines sold for travel on their foreign code-share partners. For example, if a U.S. airline sold a single ticket for travel that included one or more foreign code-share partner flight segments, this ticket was counted once. If a U.S. airline sold separate tickets for travel that included more than one foreign code-share partner flight segment, each flight segment was counted as a separate ticket. Some airlines could not provide data for all 4 years, but all eight U.S. airlines were able to provide data for 2004, which we reported. We did not independently verify this information provided by the airlines because it was used only for background purposes. [End of section] Appendix II: U.S. Carriers and Their Foreign Code-Share Partners: U.S. carrier: Alaska (1 partner); Foreign code-share partner: Helijet. U.S. carrier: America West (1 partner); Foreign code-share partner: Royal Jordanian Airlines. U.S. carrier: American (24 partners); Foreign code-share partner: Aer Lingus; Aero Caribe; Air Pacific; BA CitiExpress; British Airways; Cathay Pacific; China Eastern; EVA Airways; Finnair; Gulf Air; Iberia; JAL; JALways; JetConnect Limited; LACSA; LAN Chile; Lan Express; Mexicana Airlines; Qantas; SN Brussels; Swiss International Air Lines; TACA; TAM - Linhas Aereas; Turkish Airlines. U.S. carrier: Contintental (18 partners); Foreign code-share partner: AeroLitoral; Aeromexico; Air Europa; Air France; Alitalia; Brit Air; COPA; CSA Czech; Emirates; EVA Airways; flybe.British European; KLM Cityhopper; KLM Exel Airlines; KLM Royal Dutch Airlines; Korean Airlines; Maersk Air; TAP Air Portugal; Virgin Atlantic. U.S. carrier: Delta (21 partners); Foreign code-share partner: AeroLitoral; Aeromexico; Air France; Air Jamaica; Alitalia Express; Alitalia Team; Avianca; Brit Air; China Airlines; China Southern; CityJet; CSA Czech; El Al; Emirates; flybe.British European; KLM Royal Dutch Airlines; Korean Airlines; Malev Hungarian Airlines; Regional; Royal Air Maroc; South African Airways. U.S. carrier: Northwest (11 partners); Foreign code-share partner: Aeromexico; Air Alps; Air France; Alitalia; CSA Czech; KLM Cityhopper; KLM Exel; KLM Royal Dutch Airlines; Korean Airlines; Malev Express; Malev Hungarian Airlines. U.S. carrier: United (23 partners); Foreign code-share partner: AC Jazz; Air Canada; Air China; Air Dolomiti; Air Japan; Air New Zealand; Air Nippon; All Nippon Airways (ANA); Asiana; Austrian; British Midland (BMI); LOT Polish; Lufthansa; Lufthansa Cityline; Nakanihon Airlines; PrivatAir (Switzerland); PrivatAir (Germany); SAS; Thai Airways; The Fair, Inc; Tyrolean; Varig; Virgin Blue. U.S. carrier: US Airways (9 partners); Foreign code-share partner: AeBal (Aerolineas de Baleares); Air Dolomiti; BahamasAir; British Midland (BMI); Eurowings; Lufthansa; Lufthansa CityLine; Spanair; Winward Island Airways. Source: FAA. Note: Data as of May 2005. [End of table] [End of section] Appendix III: Comments from DHS: U.S. Department of Homeland Security: Washington, DC 20528: July 14, 2005: Dr. Gerald L. Dillingham: Director, Physical Infrastructure Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Dr. Dillingham: RE: Draft Report GAO-05-930, Aviation Safety: Oversight of Foreign Code- Share Safety Program Should be Strengthened (GAO Job Code 540108): The Department of Homeland Security (DHS) appreciates the opportunity to review and comment on the Government Accountability Office's draft report as it relates to the Transportation Security Administration (TSA). The draft report includes three recommendations to the Department of Transportation and one to DHS' Transportation Security Administration. We agree with your proposed revised recommendation: "that the Secretary of Homeland Security direct the Assistant Secretary of Homeland Security for TSA to develop a process of routinely coordinating with DOD regarding information on the security of foreign airports for DOD to consider in reviewing the safety of foreign airlines. Such a process could be documented in a memorandum of understanding or other written procedures to ensure such coordination." Sincerely, Signed by: Steven Pecinovsky: Director: Departmental GAO/OIG Liaison Office: [End of section] Appendix IV: GAO Contacts and Staff Acknowledgments: GAO Contacts: Gerald Dillingham (202) 512-2834 Teresa Spisak (202) 512-2834: Staff Acknowledgments: In addition to the above individuals, Elizabeth Eisenstadt, Jessica A. Evans, Brandon Haller, Bob Homan, David Hooper, Casey Keplinger, Elizabeth A. Marchak, Sara Ann Moessbauer, Mark Ramage, and Sidney Schwartz made key contributions to this report. (540108): FOOTNOTES [1] Designator codes are two-letter codes assigned by the International Air Transport Association, the international airline association, to the world's airlines. [2] This report pertains only to U.S. airlines' code-share arrangements with foreign airlines for scheduled air service and not for charter or cargo air service. [3] GAO, Government Auditing Standards, GAO-03-673G (Washington, D.C.: June 2003). [4] GAO, Standards for Internal Control in the Federal Government, GAO/ AIMD-00-21.3.1 (Washington, D.C.: November 1999) and GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001). [5] Those airlines are Alaska Airlines, America West Airlines, American Airlines, Continental Airlines, Delta Air Lines, Northwest Airlines, United Airlines, and US Airways. [6] According to information provided by the eight U.S. airlines participating in the Code-Share Safety Program, about 6.5 million tickets were purchased from them in 2004 for travel on flights operated by their foreign code-share partners. (See app. I for more information on how this information was compiled.) [7] U.S. and foreign airlines have established three main types of code- share arrangements: (1) the U.S. airline places its designator code on the foreign carrier's flight, (2) the foreign airline places its designator code on the U.S. carrier's flight, and (3) the U.S. and the foreign airline each place their designator code on the other's flights. [8] U.S. airline officials said that their reimbursement agreements with foreign carriers were based on route mileage, fare class, and selling commissions. [9] Some U.S. airlines code-share with foreign airlines on selected routes only, while others code-share with foreign airlines on all of their routes. [10] DOT provided information on the number of U.S. airlines that had placed their designator codes on foreign carriers' flights in fiscal year 2000 but indicated that the information was compiled informally and was not official. [11] DOT Office of the Inspector General, Aviation Safety Under International Code-Share Agreements, Report No. AV-1999-138 (Washington, D.C.: Sept. 30, 1999). [12] Aviation Codeshare Safety Act, H.R. 2024, 106TH Congress (1999), introduced by Representative James Oberstar. [13] According to Aviation Safety Network, a database devoted to aviation accident and safety information and used by FAA in monitoring accident histories, a hull loss occurs when airplane damage is beyond economic repair and may include events in which (1) the airplane is missing, (2) the search for the wreckage has been terminated without success, or (3) the airplane is substantially damaged and inaccessible. IATA's data on hull losses are for western-built jet aircraft. The 2004 world aggregate aviation accident rate compiled by IATA was 0.78 hull losses per million flight segments. [14] IATA's regional boundaries for this information are not necessarily geographic. For example, Mexico is included in the South American region. [15] DOT is required to consider the public interest in authorizing code-share arrangements under 49 U.S.C. 41309. Although the law does not provide a specific definition of public interest in this regard, leaving the determination to the discretion of the Secretary of Transportation, the determination is guided by the public interest standards of 49 U.S.C. 40101 as well as by the department's precedents in this area. [16] According to DOT's Office of Aviation Analysis, since 2000, it has cleared the competitive aspects of all U.S. airlines' code-share arrangements with foreign airlines. Before providing a clearance, this office reviews code-share applications for the degree of competition involved, the terms of the financial agreements between the U.S. airlines and their foreign partners, and the competitive impact on the carriers involved and the region affected. [17] According to the Justice Department's Antitrust Division, since 2000, it has not advised DOT against approving any U.S. airlines' unimmunized code-share arrangements with foreign carriers because of antitrust concerns (unimmunized code-share arrangements are those for which the Department of Justice has not provided immunity from antitrust actions). [18] According to a DOT official, in some cases, the same code-share partners requested and received multiple approvals during this period (adding routings, for example), so the total number of authorizations granted by the Office of International Aviation exceeds the total number of safety audit reports that FAA reviewed. [19] FAA's authority to conduct the IASA program is facilitated through the requirements of 14 C.F.R. part 129.11 (a), which require in part that operations within the United States be in compliance with International Civil Aviation Organization (ICAO) annex 6 part 1 (aircraft operations). [20] The 1944 Chicago Convention on aviation safety led to the establishment of ICAO, the United Nations organization that develops standards and recommended practices for aviation safety and security, and outlined the rights and responsibilities of civil aviation authorities. ICAO's 18 annexes delineate internationally agreed-upon standards that signatories to the Convention (i.e., civil aviation authorities) must meet. Annex 1 (personnel licensing), annex 6 (aircraft operations), and annex 8 (aircraft airworthiness) serve as primary sources of international aviation safety standards. [21] The IASA program and the Code-Share Safety Program use the same ICAO standards (annexes 1, 6, and 8) as evaluation criteria. [22] Five of the six countries were ones that FAA had first given an IASA category 2 rating and later upgraded to category 1. [23] In three cases, the U.S. airlines suspended their code-share arrangements before FAA had lowered the respective IASA ratings from category 1 to category 2. In another case, a U.S. airline temporarily suspended its code-share arrangement with a foreign airline after FAA questioned the capabilities of that airline's civil aviation authority, but FAA did not lower that country's IASA rating. After FAA resolved its questions, the U.S. airline resumed its code-share arrangement with that foreign carrier. [24] The Chicago Convention provides that signatories to the Convention (countries), and thus the airlines under their oversight, must meet all the ICAO annexes containing international aviation safety standards. Including the United States, 188 countries are signatories to the Convention. [25] We reviewed FAA's files and did not find compliance statements that U.S. airlines had filed for 25 of the 256 safety audit reports that FAA reviewed from February 2000 through September 2004. [26] DOT's Office of Policy now includes security policy staff, formerly housed within DOT's Office of Intelligence and Security, which provided the security clearance information for foreign airlines. [27] Before fiscal year 2002, when TSA was created and began conducting the security assessments, FAA's Office of Civil Aviation Security was responsible for conducting them. [28] TSA has authority under 49 U.S.C. 44906 to regulate security aspects of foreign air carriers that provide service to the United States. TSA indicated that it does not have any special regulatory authority or requirements for the code-share partners of U.S. airlines. TSA requires foreign carriers in their operations to and from airports in the United States to adhere to security measures that are similar to those TSA requires of the U.S. carriers serving the same airports. [29] In some cases, DOT's documentation on foreign code-share routes refers to "destinations" or "points" within a foreign country without specifying which ones. [30] We chose this U.S. airline because it has established code-share arrangements with one of its foreign partners for nearly all its flights. [31] Under 49 U.S.C. 44907, TSA is required to assess the effectiveness of the security measures maintained at foreign airports from which a foreign carrier serves the United States. [32] ICAO's annex 17 covers security standards. [33] TSA also indicated that regardless of category, airlines from ICAO signatory countries meet ICAO security standards and are assessed as appropriate. [34] DOD looks at system safety as a means of reducing risk through early identification, analysis, elimination, and control of hazards. [35] DOD had data on the reports that it reviewed from fiscal years 2001 through 2004, so we were unable to compare which reports FAA and DOD reviewed during fiscal year 2000. [36] In a 2002 report on FAA and DOD responses to aviation safety concerns, we found that FAA and DOD had gaps in their formal communication process, which caused delays in bringing critical safety information to the attention of key officials. GAO, Aviation Safety: FAA and DOD Response to Similar Safety Concerns, GAO-02-77 (Washington, D.C.: Jan. 22, 2002). In that report, we recommended that FAA and DOD develop a memorandum of agreement for exchanging aviation safety- related information and research. In January 2004, FAA and DOD signed a memorandum of agreement for exchanging aviation safety-related information and research. [37] GAO, Government Auditing Standards, GAO-03-673G (Washington, D.C.: June 2003). [38] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999) and GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001). [39] Office of Management and Budget, OMB Circular A-123, Management's Responsibility for Internal Control, (Washington, D.C.: 1995). [40] ISO 9000 is a certification process developed by the International Organization for Standardization, which develops standards for business, government, and technology based on quality management principles. An FAA official said that the agency uses the ISO 9000 standards for the Code-Share Safety Program for data collection and retention, continuous improvement efforts, customer satisfaction, and performance measurement. This official said that, for example, the ISO 9000 standards are used to ensure consistency in how code-share applications are processed, that the needed information is collected and provided to management to review the applications, and that performance goals are achieved. [41] Although FAA program staff based in Washington, D.C., review the majority of the audit reports, FAA field safety inspectors review some of them, because staffing is limited for this program. FAA provided information indicating that one full-time-equivalent (FTE) position was dedicated for the Code-Share Safety Program during fiscal years 2000, 2002, 2003, and 2004, and two FTEs were dedicated during fiscal year 2001. In addition, FAA indicated that five inspectors helped conduct safety audit reviews during those years on a part-time basis. FAA estimated that the time these five inspectors spent reviewing audit reports represented about 4 percent of an FTE's time per year. FAA also indicated that about 2.3 FTEs were used on the IASA program per year during fiscal years 2000 through 2004, including the time spent by field office staff. [42] FAA officials said that before the Code-Share Safety Program manager was transferred to a new position, U.S. airlines brought the safety audit reports of their foreign code-share partners to FAA in Washington, D.C., for review 90 percent of the time. [43] FAA's Flight Standards Service is part of the Office of Aviation Safety. [44] We found that over half of the contractor's audit reports had no findings. By comparison, we estimate that 25 percent of all audits were closed with no findings. [45] The airline stopped using this contractor in 2003, after which the airline conducted the safety audits itself. The airline indicated that its decision to begin conducting the audits using its own resources was based on the opportunity to lower costs while expanding its auditing checklists to include elements from the IOSA program. In addition, the airline indicated that using its resources provided an improved opportunity to communicate with its counterparts at the code-share airline and exchange recommended safety practices. An official from the airline said that the airline shared FAA's concern about the relatively low number of findings contained in the contractor's audit reports, but explained that the airline had no basis for comparison since it was not conducting the audits itself. The official said that now that the airline has conducted several safety audits itself, there have been only a few instances when findings impacting the safety of flight have been discovered. In addition, the official said that many times findings are identified and resolved before the audit team concludes the audit and that most of the recent findings involve lack of documentation for established practices. [46] DOT Office of the Inspector General, Aviation Safety Under International Code-Share Agreements, Report No. AV-1999-138 (Washington, D.C.: Sept. 30, 1999). [47] FAA did not maintain data on the number of audit reports that it reviewed and placed on hold for other years. [48] ICAO's Universal Safety Oversight Audit Program regularly audits countries that have signed the Chicago Convention of 1944, called ICAO Contracting States, to determine the status of the states' implementation of safety oversight and relevant ICAO standards and recommended practices, associated procedures, guidance material, and safety-related practices. [49] FAA conducts annual ramp inspections of foreign carriers entering the United States or monthly inspections (called the special emphasis list) when the results of inspections are repeatedly poor or the airline's country of operation is placed in IASA category 2. [50] Under 14 C.F.R. 129, FAA may inspect foreign airlines when they enter the United States, but FAA does not inspect foreign aircraft outside the United States. The Chicago Convention limits FAA and other civil aviation authorities to regulating or auditing foreign airlines within their own country's airspace. [51] An FAA official said that FAA had not observed the eighth U.S. airline's monitoring system because it was a new participant in the Code-Share Safety Program. [52] An official at another U.S. airline said that FAA had observed its system to track open safety audit findings but not its entire monitoring system. [53] As discussed earlier, for 12 of the 256 audit reports that FAA reviewed from February 2000 through September 2004, FAA granted the U.S. airlines extensions of time to submit compliance statements. In some cases, U.S. airlines conducted safety audits of their foreign partners more frequently than every 2 years. [54] We are 95 percent confident that the actual number of findings lies between 1,450 and 2,643. All percentage estimates from the sample of audits have sampling margins of error of plus or minus 10 percentage points or less unless otherwise noted. All numerical estimates other than percentages have margins of error of plus or minus 10 percent of the value of those estimates unless otherwise noted. See appendix I for additional information on our sampling methodology. [55] The 95 percent confidence interval surrounding this estimate ranges from 15 to 36 percent. [56] Most of the audit reports that we reviewed were organized into these eight categories. [57] These findings were not categorized as being either safety critical or nonsafety critical. Furthermore, because FAA had not developed a definition of safety-critical findings, which FAA requires airlines to resolve immediately, we could not determine how many safety- critical findings lacked complete documentation of corrective action. [58] We identified these three elements as sufficient evidence that the finding was resolved. [59] The 95 percent confidence interval surrounding this estimate ranges from 16 percent to 44 percent. [60] An estimated 64 percent of the audit reports that contained findings had at least one finding that lacked at least one element documenting corrective actions. [61] The program guidelines indicate that the U.S. carriers should ensure that their foreign partners have processes in place that identify "types of problems that may occur from common or special circumstances" and that corrective action takes into account, among other things, "the existence of documentation of the changes made to analyze the effectiveness of the corrective action." [62] An official from this airline said that although the electronic data were lost, the airline still had the paper documentation of the information that was contained in the computer system. This official also said that the airline had implemented a new tracking system, which he said was an improvement over the previous system. [63] From 2000 to 2004, six of the eight U.S. airlines used contractors to audit the safety of their foreign code-share partners, although three used them for only one audit. U.S. airline officials said they sometimes used contractors because of convenience (e.g., when contractors were located near the foreign airlines' operations). [64] According to IATA, when an airline being audited implements immediate corrective action while the audit team is still on site, the audit team is permitted to exclude the recording of a finding only if it is able to verify full implementation of comprehensive and permanent corrective action. [65] One U.S. airline was using an auditing organization accredited by IATA, which is an independent business unit of that U.S. airline. [66] An IATA official said the average cost of conducting a safety audit of a foreign airline was between $50,000 and $70,000. [67] IATA originally set a goal of having all 265 of its members undergo IOSAs by January 2006, but it later revised that to having 140 airlines undergo IOSAs by the end of 2005. As of June 2005, 88 IOSA audits had been completed worldwide, including 66 IATA members. In May 2005, IATA's Board of Governors decided in principle that all IATA members will have to undergo IOSA. [68] FAA requires that the audit be conducted using an FAA-accepted methodology and that the airline that is relying on the audit report submit a compliance statement to FAA. [69] Five of the eight U.S. airlines participating in the Code-Share Safety Program belong to global airline alliances with other U.S. airlines in the program. Continental, Delta, and Northwest belong to the Sky Team Alliance, and United Airlines and US Airways belong to the Star Alliance. [70] According to IATA, any interested party, such as an airline or regulator, may make a request through IATA to view the audit report of an airline that is on the IOSA registry, which lists the airlines that have undergone IOSA. After a requester "qualification and verification process," which includes the signing of a nondisclosure agreement and specific approval for release by the audited airline, the report is made available to the requesting party. The use of IOSA audit data by regulatory authorities was encouraged in November 2004, according to IATA. [71] Our review pertained only to U.S. airlines' code-share arrangements with foreign carriers for scheduled air service, and not for charter or cargo air service. [72] GAO, Government Auditing Standards, GAO-03-673G (Washington, D.C.: June 2003). [73] We did not include the quality control and assurance general standard because it mainly relates to the process of peer review. [74] GAO, Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999) and GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001). [75] An independent business unit of one of the eight U.S. airlines participating in the Code-Share Safety Program is an auditing organization selected by IATA to conduct IOSAs. We had also interviewed staff from that organization about how the audits were conducted and their qualifications. [76] Annual data are in calendar years unless noted otherwise. GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: