Preparing for a Guarding Services audit

David Daulby, NSI Services Auditor shares his expertise on how best to prepare for a security services audit.

About David Daulby:

 With over two decades of experience in private security, David joined NSI in November 2022 following a career that included operations, training, HR and compliance, both as a consultant and as a direct employee.

Having served as a member of the SIA Strategy and Standards Group and the security services BSI Standards Committees, David has co-authored BS 7858:2019 and BS 7499:2020. His extensive experience, including external audits, has fuelled his commitment to sharing insights gained over the years and to helping promote excellence in the security sector.

David - Copy

Different approaches

Preparing for audits became part of my normal working week when I started working as an auditor and came across various perspectives on the amount of effort owners or directors felt they should put into their audit.

When liaising with companies about their impending audits I can often detect how the audit will go by how easy it is to communicate with the company and the quality of information provided. Processes embedded within the company make the audit feel like just another day at the office, as opposed to being the exception and a challenge to produce evidence of compliance.  Some companies adopt an attitude of “let’s not prepare and the auditor can let us know where we are”.  A risky approach and one that could lead to a revisit at an extra charge. When records need to be completed they should be completed at the time as there is a risk of inaccuracy as time passes and an auditor is likely to identify this and raise a finding.

Instead, I would advocate an inclusive, continuous approach to preparation, extended over time, aimed at ongoing checks for sustained effectiveness.

Security (7)

Business people looking at screen during video conference in office. Multi-ethnic business team attending a video conference call in new office.

It's a team effort

Audits can make people nervous or defensive and they may lose the ability to think or act as they would normally. To put an external audit into context, you need to understand that the auditor wants the audit to add value and that any findings raised will improve the business. The role of the auditee is to demonstrate compliance and having open conversations is the best option, helping the auditor to provide an assessment that will add value to the outcomes.

Treat the audit as a learning curve. You also need to understand that, unless you are the sole manager or director, you need to engage with others to share the workload.  Typically, they will be the leads in HR, finance, and operations. The larger companies will also have training and other leads.

 

Look for clues

There is an abundance of helpful material in the individual clauses and often within the commentary within the “standards” to which your business is aiming to be certificated. For example, ISO 9001:2015 the Quality Management standard provides a list of topics which can be included as part of  management meetings and BS 7499:2020 gives a list of the topics to be included within assignment instructions, whilst BS 7858:2019 provides several template documents that can be adopted and used for screening of individuals.   The “compliance lead” should allocate tasks to the group of key personnel and then work through the requirements with everyone.

The emphasis of the audit may vary, with some requiring that the emphasis is on documentary evidence, or it may be more of a holistic approach when compliance can be demonstrated in other ways. Ensure that everybody is aware of what is required and how they will present to the auditor, dependent on the type of audit and the standard. Make sure you know the dates when your key personnel need to be available, and ensure they can attend follow up meetings.

Security (1)

Just a normal day

At some stage, the audit will include a visit to a remote site where the service is being provided, this also needs to be seen as part of the normal working day and subject to compliance checks throughout the year, not just before an audit. Is the customer available? Are all staff aware of the visit and what it entails?  Remind them that the assessment is directed towards the company rather than the staff.

If this is your first audit, then all the preparation needs to be completed in advance with evidence in place.  Not all the evidence required by the auditor will need to be in hardcopy, but you need to decide if that will help you to remember initially.  

If the audit is not your first, then the planning stage starts immediately after the results are available from the previous audit and looking at any findings raised and investigating the reasons why and what the solutions are.  Finally, take steps to ensure there is no repetition. Regular compliance checks throughout the year will provide management and site-based personnel with confidence and help on the actual day, as verifying compliance is part of the norm.  

Ongoing checks

I worked with a National Operations Director previously and he would often comment that his Regional Managers never failed to submit their monthly expenses on time and understood that was because they all had “reminders' in their diaries.  He wanted them to put a similar reminder relating to compliance checks!  Spending one hour per week to ensure all the tasks you think are happening have taken place and been recorded will put you in a good position for any external audit and improve your business.

Most of the findings I have raised during the last year can be overcome by going through the relevant standards criteria and understanding what makes the full answer.

 

Outcomes?

Take the positives from any external audit, even if there are findings.  Potential “wins” could be:

You and your team have gained new knowledge which will help the business to improve, and as a result confidence has grown.

You have a new system with checklists to prepare for external audits.

The business has independent confirmation that it has reached or surpassed the benchmark and is working to the relevant standard.

NSI Gold and Silver Medals - Signifying a companies approval with NSI

Look out for the NSI hallmark

It’s the most widely recognised mark of approval in security and
fire safety. NSI approval tells you the company is:

 

Technically Competent

Working to International and British Standards and NSI Codes of Practice, teams have relevant technical experience

Professional

Gold approval - operating a Quality Management System to ISO 9001 and NSI Quality Schedules

Trusted

Reputable Directors & leaders with relevant business experience and effective employee security screening

Find an NSI approved company

Learn more about NSI

Why choose NSI as your certification body

About us

Our Schemes

Training

About NSI approved companies

Sign up to receive NSI Bulletins