Trusted, Independent Assurance That Drives Governance.
ASPIS delivers structured, objective audit and assurance services that give leadership teams the independent insight they need to strengthen governance, manage risk effectively, and maintain regulatory compliance, across every level of the organisation.Independent Insight to Strengthen Every Line of Defence
Our audit and assurance services provide organisations with the independent insight they need to strengthen governance, manage risk effectively, and maintain regulatory compliance. Whether supporting a specific investigation, delivering routine assurance as part of an annual programme, or embedding best practice through the IIA Three Lines Model, ASPIS helps organisations build justified confidence in their systems, processes, and controls.
Strong governance depends on clear visibility of risk, evidence that controls are operating effectively, and the willingness to challenge where they are not. Our assurance services provide structured, objective assessments that help leadership teams understand the true performance of their systems, not the picture that those systems present of themselves.
Our approach is collaborative and practical. We focus not only on identifying issues but on providing clear, achievable recommendations that strengthen controls, improve compliance, and support better operational performance over time. We do not write reports and walk away, we work with organisations to understand findings, prioritise remediation, and build the internal capability to sustain improvement.
"Assurance should do more than confirm what an organisation already suspects. It should surface the risks that are hidden, challenge the assumptions that have calcified into accepted wisdom, and give leadership the genuine confidence, or the early warning, that they need."
Independence: Objective assessment free from the influence of the function or system being reviewed
Evidence-Based: Findings grounded in documented evidence, observation, and structured interview
Proportionality: Audit scope and depth calibrated to the actual risk profile of the area under review
Actionability: Recommendations that are clear, achievable, and directly linked to identified root causes
Confidentiality: Findings shared appropriately with governing bodies, with discretion at all stages
The IIA Three Lines Model - Where ASPIS Fits
Construction remains one of the UK’s highest-risk industries. The human and financial consequences of inadequate health and safety management are significant, and the regulatory implications of failing to comply with the Construction (Design and Management) regulations have never been more serious.
Operations & Management
Owned by: Operational Teams & Line Management
Risk, Compliance & Oversight
Owned by: Safety, Risk & Compliance Functions
Independent Assurance
Owned by: Independent Assurance Function
The first line owns and manages risk day-to-day. Operational teams and line managers are responsible for implementing controls, maintaining safe systems of work, and ensuring compliance within their areas of responsibility.
Identifying and assessing operational risks
Implementing and maintaining risk controls
Conducting routine inspections and checks
Reporting incidents, near misses, and hazards
Maintaining compliance with procedures and standards
The second line provides the frameworks, policies, and specialist oversight that support first-line performance. Safety, risk, and compliance teams set standards, monitor performance, and challenge the first line where controls are inadequate.
Setting health, safety, and risk management policy
Developing standards, procedures, and guidance
Monitoring first-line compliance and performance
Providing specialist advice and subject-matter expertise
Escalating systemic issues to senior leadership
The third line provides objective, independent assurance directly to the governing body and senior leadership — free from the influence of the functions being reviewed. This is the line that confirms whether the first two lines are genuinely working.
Independent audit of management systems and controls
Objective assessment of regulatory compliance
Evidence-based findings reported to governing bodies
Challenge to assumptions embedded across lines 1 and 2
Assurance programme design and internal auditor capabilityance
How ASPIS Transforms Operational Health & Safety
A comprehensive suite of audit, assurance, and compliance services, designed to give organisations at every level of maturity the independent insight, structured challenge, and practical guidance they need to continuously improve.
Health & Safety Audits
Structured, independent audits of your health and safety management system, examining policy, leadership, risk assessment, control effectiveness, incident management, and monitoring arrangements against applicable legal requirements and recognised standards such as ISO 45001. We produce clear, evidence-based audit reports with prioritised findings and actionable recommendations.
Regulatory Compliance Assurance
Independent assessment of your compliance with applicable health, safety, and environmental legislation — including the Health and Safety at Work Act, Management of Health and Safety at Work Regulations, CDM 2015, COSHH, PUWER, LOLER, DSEAR, and sector-specific regulations. We identify gaps, assess legal risk exposure, and provide a prioritised compliance improvement plan.
Contractor & Construction Safety Audits
Independent audit and assurance of contractor health and safety management — covering prequalification arrangements, bridging documents, site safety systems, permit-to-work compliance, induction and training records, and performance monitoring. Our construction safety audits provide clients and principal contractors with objective assurance that contractor standards meet expectations and legal obligations.
Gap Analysis & Benchmarking
A structured gap analysis assesses your current health and safety management arrangements against a defined standard, regulatory requirement, or best-practice framework — producing a clear picture of where you are, where you need to be, and the prioritised steps required to close the gap. We also provide benchmarking against sector peers to give organisations a broader performance perspective.
Safety Culture Assessment
An evidence-based assessment of your organisation's safety culture — examining leadership behaviours, workforce engagement, reporting culture, learning from incidents, and the alignment between stated values and operational reality. Our safety culture assessments draw on validated diagnostic frameworks and provide a structured improvement roadmap grounded in what we actually observe, not what the organisation believes about itself.
Assurance Programme Design
We help organisations build and operate structured, risk-based assurance programmes — designing audit schedules, developing audit criteria and methodology, training internal auditors, and establishing governance arrangements that ensure assurance findings are acted upon at the right level. For organisations seeking third-line independence, we can provide an outsourced or co-sourced assurance function aligned to the IIA Three Lines Model.
Why Independent Audit and Assurance Matters
3x
More Effective Risk Controls
Research consistently demonstrates that organisations with active third-line assurance programmes identify and remediate critical control failures significantly faster than those without independent oversight.wer incident rates compared to those relying on reactive, lagging indicator reporting.
£3.7B
Annual Cost of Non-Compliance
The estimated annual economic cost of regulatory non-compliance in UK workplaces, including enforcement action, civil liability, reputational damage, and operational disruption.
60%
of Incidents Have Systemic Causes
The majority of workplace incidents have root causes in management system failures, inadequate risk assessment, ineffective controls, or poor contractor oversight, that independent audit is specifically designed to surface.
How an ASPIS Audit Is Delivered
Scope & Planning
Structured, independent audits of your health and safety management system, examining policy, leadership, risk assessment, control effectiveness, incident management, and monitoring arrangements against applicable legal requirements and recognised standards such as ISO 45001. We produce clear, evidence-based audit reports with prioritised findings and actionable recommendations.
Regulatory Compliance Assurance
Independent assessment of your compliance with applicable health, safety, and environmental legislation — including the Health and Safety at Work Act, Management of Health and Safety at Work Regulations, CDM 2015, COSHH, PUWER, LOLER, DSEAR, and sector-specific regulations. We identify gaps, assess legal risk exposure, and provide a prioritised compliance improvement plan.
Contractor & Construction Safety Audits
Independent audit and assurance of contractor health and safety management — covering prequalification arrangements, bridging documents, site safety systems, permit-to-work compliance, induction and training records, and performance monitoring. Our construction safety audits provide clients and principal contractors with objective assurance that contractor standards meet expectations and legal obligations.
Gap Analysis & Benchmarking
A structured gap analysis assesses your current health and safety management arrangements against a defined standard, regulatory requirement, or best-practice framework — producing a clear picture of where you are, where you need to be, and the prioritised steps required to close the gap. We also provide benchmarking against sector peers to give organisations a broader performance perspective.
Safety Culture Assessment
An evidence-based assessment of your organisation's safety culture — examining leadership behaviours, workforce engagement, reporting culture, learning from incidents, and the alignment between stated values and operational reality. Our safety culture assessments draw on validated diagnostic frameworks and provide a structured improvement roadmap grounded in what we actually observe, not what the organisation believes about itself.
1
Scope & Planning
We work with you to define the audit scope, identify applicable standards and requirements, and develop a structured audit plan. We agree the methodology, interview programme, and documentation review upfront so there are no surprises.
2
Evidence Gathering
Our auditors conduct structured interviews, review management system documentation, inspect physical controls, and observe operational activities — triangulating evidence from multiple sources to build an objective picture of actual performance.
3
Analysis & Findings
We analyse findings against audit criteria, identify root causes, and assess the significance and risk implications of each gap. Findings are graded by priority to help you focus resources where they will have the greatest impact.
4
Reporting
We produce a clear, professionally written audit report with an executive summary, graded findings, root cause analysis, and specific, achievable recommendations. Reports are written to be useful to both senior leadership and the operational teams responsible for action.
5
Follow-Through
We present findings to your leadership team, support the development of an action plan, and — where required — provide follow-up review to verify that critical recommendations have been effectively implemented and closed out.
Why Choose ASPIS for Assurance
Independent Expertise You Can Rely On
Our auditors bring genuine sector experience and technical depth — not generic checklists. We understand what good looks like across complex, high-hazard operating environments, and we bring that knowledge to every engagement.
Auditors with hands-on operational and regulatory experience in your sector
Full independence — no conflict of interest with the functions we review
Findings grounded in evidence, not assumption or received wisdom
Proportionate, risk-based scope — we focus effort where it matters most
Practical recommendations your team can actually implement
Support from scoping through to close-out, not just report delivery
Experience across ISO 45001, ISO 14001, ISO 9001, COMAH, CDM, and sector standards
Latest Assurance news from ASPIS
Interviews, tips, guides, industry best practices, and news.
:quality(80):format(webp))
:quality(80):format(webp))
:quality(80):format(webp))
:quality(80):format(webp))