5 Common Mistakes During the RISQS Audit and How to Avoid Them
Introduction
RISQS (Railway Industry Supplier Qualification Scheme) audits are a mandatory part of working in the UK rail industry. They assess your company’s safety, quality, and compliance systems, ensuring you meet the industry’s high standards. But even well-prepared companies can stumble when it comes to audit execution.
Understanding the most common RISQS audit mistakes is essential if you want to stay compliant, win more work, and maintain your reputation. In this article, we break down the five most frequent missteps—as identified by RISQS auditors, consultants, and compliance experts—and give you clear, actionable tips to avoid them.
1. Failing to Monitor and Close Out Non-Conformances
The Mistake: One of the most reported non-conformances during RISQS audits is the failure to track and resolve issues raised in previous audits. Businesses either ignore minor findings or delay their corrective actions until just before their next audit, which can result in more serious consequences.
Why It Matters: Open non-conformances suggest that your company doesn’t take compliance seriously. It may also indicate a wider failure in your internal audit or management systems.
How to Avoid It:
- Create a Non-Conformance Register and update it regularly.
- Assign ownership for each finding, with deadlines and review checkpoints.
- Review progress during management meetings.
- Record all evidence of corrective action—auditors want to see the full cycle from identification to resolution.
2. Inadequate Management of Legal and Regulatory Requirements
The Mistake: Many businesses do not maintain a system to monitor legal and regulatory changes relevant to the rail sector. This leads to outdated procedures, missed requirements, and audit findings related to legal non-compliance.
Why It Matters: Rail is a safety-critical industry. Not keeping up to date with laws, standards, or Network Rail protocols can lead to real-world consequences and compromise your supplier status.
How to Avoid It:
- Maintain a Legal and Other Requirements Register.
- Subscribe to industry updates from bodies like Network Rail, TFL, RSSB, RISQS, ORR, and HSE.
- Nominate a compliance lead to monitor and cascade updates.
- Document when and how legal changes are reviewed and implemented in your policies.
Pro Tip: Incorporate this legal review into your regular management system audits or internal reviews.
3. Inconsistent or Insufficient Drug & Alcohol Testing
The Mistake: Many companies are caught out by failing to test the required percentage of safety-critical staff or by not keeping adequate records. Some assume one-off tests are enough, or they apply inconsistent testing across teams.
Why It Matters: RISQS mandates drug and alcohol testing for all safety-critical workers. As of recent updates, the expected minimum is random testing of 20% of staff annually under current Network Rail standards.
How to Avoid It:
- Develop a documented D&A testing programme, clearly stating the frequency, provider, and sample size.
- Use accredited labs and maintain full records.
- Provide training to staff so they understand the process and implications.
- Include random testing schedules and maintain confidentiality procedures.
Bonus Tip: Review your D&A policy annually to ensure it aligns with the latest industry expectations.
4. Missing or Outdated Sentinel Sponsorship Documentation
The Mistake: The Sentinel system is used to manage rail worker competency and sponsorship. One of the most common major non-conformances relates to missing contracts of sponsorship and the failure to conduct mandatory annual reviews.
Why It Matters: Without accurate records, your employees may not legally be able to work on Network Rail infrastructure, risking both safety breaches and contract loss.
How to Avoid It:
- Ensure every sponsored worker has a valid, signed contract.
- Schedule automatic reminders for annual reviews and document them.
- Use the Sentinel portal to check expiry dates and maintain up-to-date contact information.
- Train your admin team or HR on Sentinel compliance requirements.
Helpful Tool: Keep a master spreadsheet that lists all sponsorship contracts, dates signed, and review due dates.
5. Using Generic or Outdated Safe Work Packs (SWPs)
The Mistake: Safe Work Packs that are copied and pasted from previous projects or not updated for current risks are a frequent audit failure point. Auditors and site inspectors often find mismatches between site conditions and what’s documented.
Why It Matters: Poor planning can endanger workers and reduce your credibility with buyers. It also indicates a weak understanding of CDM regulations and site risk management.
How to Avoid It:
- Tailor each SWP to the specific task, location, and date.
- Include accurate site diagrams, emergency contacts, and real-time hazard assessments.
- Get your team to sign off that they’ve read and understood the SWP.
- Archive all SWPs after project completion for audit evidence.
Bonus Mistake: Poor Documentation Control
Even when companies follow good procedures, they often fall short on document control. Examples include:
- Missing revision dates on procedures
- Uncontrolled copies of old policies in circulation
- Poor version management of training records or inspection reports
Avoid it by:
- Using a cloud-based or centralised document management system
- Assigning a document controller or compliance officer
- Training staff on how to identify current versions
Conclusion
The RISQS audit process is rigorous, but most audit failures stem from a handful of repeat issues: open non-conformances, outdated legal awareness, inconsistent drug and alcohol testing, poor Sentinel documentation, and generic Safe Work Packs.
These mistakes are all avoidable with proactive management systems, regular internal reviews, and team-wide training. Investing the time now to fix these areas can save your business time, money, and reputation.
Need help preparing for your next RISQS audit? At Simpson Consultancy, we offer pre-audit support, training, and documentation reviews to help you stay compliant and confident.
Explore our RISQS Audit Support here: https://simpsonconsultancy.co.uk/risqs/
Need Support?
Ready to get started? Contact us today for a no-obligation consultation and let us help you achieve RISQS certification with confidence.
