We know for many railway suppliers and contractors that audit day can be a tense affair for employees. Hours of preparation go into ensuring the day runs smoothly, but there can be a sense of trepidation about what conclusions the auditor will deliver once the day is done.

As a reminder, the role of an auditor in RISQS is to ensure that railway suppliers and contractors meet the necessary safety, quality, and competence criteria to work within the rail industry.

Auditors will verify the evidence provided by suppliers and contractors to demonstrate their compliance with RISQS requirements. This evidence could include documentation, records, and procedures.

At the conclusion of the audit, suppliers may receive recommendations and/or guidance on areas where they can improve their processes, or they may be required to address non-compliances to meet RISQS standards.

For those who pass with a clean bill of health, there is a natural relief that their business practices are fit for purpose (for now), while for those suppliers who receive major non-conformances, this can lead to much disruption and consternation.

Therefore, in this blog, we wanted to delve a little deeper into the role of an auditor by asking for their observations about the role they undertake and how the supplier/auditor relationship can best flourish to keep the railway safe for everyone.

How do auditors view their role?

We asked our auditors what they saw felt their purpose was, and this sentiment was unanimously agreed by all:

It’s quite simple really, we just want to make sure you’re compliant to the RISQS protocols and standards, and you’re keeping your employees safe.’

Keeping the railway safe means every worker can go home at their end of the shift without injury and not to fear about their safety the following day. This includes fatigue, which if not managed correctly, means that risks to both the employee and others are increased, whether they are onsite or driving home, for example. 

So, when it comes to arriving at the supplier, we wanted to hear from the auditors themselves about how they approach the audit.

“Metaphorically speaking, we can see the fingers are crossed and you’re hoping everything goes well. Our team of auditors will always be hopeful for a positive outcome against the RISQS protocol too, but irrespective of the outcome, we believe the audit findings provide an opportunity for businesses to learn and improve their practices, so we reduce the risks being imported into the railway infrastructure.”

It’s important to note that the auditor isn’t there to assess a supplier’s business practice against anything other than the RISQS protocols. It’s therefore imperative that preparation for an audit is measured against the protocol and not against any other standards or qualifications the business may already hold. 

How is feedback received?

It was quite surprising for us to hear the difference in reaction between an ‘observation’ and a ‘minor non-conformance’.

Our auditors agreed that stating there was an observation made to improve a business process was received more favourably than a minor non-conformance.

“We find suppliers are happy with an observation because it’s an improvement. But if it’s a minor non-conformance, then they try to understand what the rationale behind it is.” 

We understand this could be because a minor can be viewed in a negative context and that, if corrective action isn’t taken, it could lead to a major non-conformance.

Indeed, our team were at pains to point out they understood how suppliers may feel apprehensive due to the disruption a minor or major non-conformance could have on their business.
In these situations, it’s important for the auditor to be given the time to fully explain the potential risk the non-conformance represents. This provides context for the supplier that can be used to adjust their business practices to ensure compliance.

“Our job is to explain the rationale for our decision. For example, we will say based on X protocol, this is what we need, and you have provided this evidence, so therefore this is marked as observation/minor non-conformance/major non-conformance as required.

What we find is the overall business culture, which stems from the top, determines how the feedback is initially received and then to what extent follow-up actions are taken.”

It’s important for readers to note that auditors are following a specific criterion which doesn’t lend itself to subjective decision-making. They can only go by the evidence they have been provided with. As much as our auditors were at pains to state they wanted to work with the supplier, it is very much the supplier’s responsibility to ensure they take on board feedback from the auditor’s report.

What happens the following year?

Our July 2023 webinar, ‘Staying compliant in a changing world’—part of our RISQS Webinar Series—discussed what it means to be compliant all year round, rather than just when it comes to the audit itself.

The auditing team are aware that most companies will try to close out minor non-conformances in time for the next audit. However, we know that change occurs within businesses too, whether it’s organisational changes or employee turnover, and that could mean those observations or minors aren’t acted upon.

That said, businesses may not have the same auditor from a previous year. This means suppliers need to go through the same process again, which is to provide evidence as required by the auditor to ensure they are meeting the required protocol or standard. Therefore, if those actions weren’t closed from a previous audit, they have the potential to turn into major non-conformances.

If you have any questions about your upcoming audit, please email the RISQS team at info@risqs.org