Blog 23.07.18

Quality and compliance: An interview with Nikki Samme, Managing Director at Alcumus ISOQAR.

This month we sat down with Nikki Samme, Managing Director at Alcumus ISOQAR, to get an understanding of what goes into the process of auditing and why it’s important for companies to be UKAS accredited. 

Tell us about Alcumus ISOQAR and your role as Managing Director? 

Alcumus ISOQAR is a UKAS accredited Certification Body, based out of Manchester and we’ve been in business for 25 years. Since being acquired by Alcumus in 2010 we have risen into the top 5 of the UK market and we continue to grow year on year. We have a team of 70 auditors and 30 subcontractors who carry out 12,000 audits a year and on top of that we work with a network of partners internationally who carry out around 4,000 audits a year. 

As a Managing Director I’m responsible for the overall day to day running of the business.  I have worked for 20 years in the TIC (Testing, Inspecting and Certification) and GRC (Governance, Risk Management and Compliance)  arena across various compliance organisations and accreditation bodies. During my time at Alcumus I’ve had an involvement in many of the growth initiatives and I’ve really enjoyed seeing how the business has grown through that time. 

Can you tell us more about the general process of auditing and what that entails?

For us to be able to certify an organisation, we must be satisfied that the organisation follows processes and systems which are compliant with relevant management system standards. We start by reading through the documents the organisation send over, which helps us understand the company, their risks and opportunities, and their processes. This therefore informs and determines which kind of audit is needed. In summary, we plan the audit before we start, so we are not working blind. 

The itinerary for an audit varies based on the size and complexity of a business and the specific standards we are auditing, but essentially there are three key components of an audit:  

1. An opening meeting takes place in which the auditor will sit down with key stakeholders who are involved in the management system to reconfirm the scope of the audit to check nothing has fundamentally changed since the audit was planned. For example, any changes to senior members of staff or the services and products that the organisation provides need to be considered. 
2. The main audit will then take place. The length of this depends on the size and nature of the company and how many different processes and functions there are within the company. In this part we talk to everyone from key stakeholders and team leader, to supervisors and general workers. This gives us an understanding as to whether all staff members know the organisations procedures and processes. If we use Vigilance as an example, this could be one of our auditors going on site and meeting the security guards to check how they do their work.  Our auditors then check whether or not the guards do their job the way Vigilance instructs them, such as how they patrol, report incidents, operate safely and manage their time sheets. It’s not about policing the security guards, but rather checking if they have an up-to-date understanding of the processes. Essentially, we’re checking that the company is meeting customer requirements and working within their own management system
3. At the end of the audit there is a closing meeting, in which we hand over the findings and provide practical insights that we feel will help the business to continually improve. Many organisations feel that this guidance is one of the most valuable parts of the audit. We aren’t just checking what businesses are doing but also giving them an opportunity to improve and grow as companies.

How do you remain impartial? A key raison d’être for Vigilance is ‘Security With Integrity’ how do you feel the auditing process relates to this aim?

The security industry is an industry where trust levels are key to winning new and keeping existing business. The customers are trusting a third party to look after their security related risks, there are sensitivities and legalities; it’s a risky business. It’s assuring robustness, independence and integrity when we carry out the audit for a security company like Vigilance. For us to carry out an audit with credibility and integrity, we ourselves need to be audited. Alcumus meets a standard called ISO 17021 and is itself UKAS accredited. As an impartial auditor, we can’t go into a business tell them what they can improve and then improve it for them. Instead we have to be objective, tell them which parts of the company needs to improve and give them guidance and examples of how the business could do things in a different way. It’s all about helping the company under audit operate in the best way.

How do you support Vigilance’s compliance regime? Is it full service offering via TIC and GRC or mainly one offering? 

We work with Vigilance to make their business fitter, stronger and more secure by certifying them to ISO 9001:2015 for Quality Management. We also certify them as a supplier of licensed security services to the Security Industry Authority’s (SIA) Approved Contractor Scheme (ACS). The ACS is a voluntary accreditation that distinguishes UK security companies that submit to this additional standard as quality suppliers of security services. Vigilance’s Health and Safety management system is Safe Contractor accredited. 

How do customers benefit from organisations seeking ISO accreditation? 

For customers there are several benefits, the main overall benefit is the transparency of how the business is working and is operating to best practice. This gives customers reassurance that they will constantly be delivered a high-quality service. The ISO 9001:2015 Quality Management System is the key for customers, it’s the world’s most recognised quality management standard. This accreditation provides a management framework which improves business practices which equates to company stability and professionalism. For a security business like Vigilance, applying this standard means checks are carried out on manned guarding, background checks of all workers and customers are conducted and ensuring its surveillance software is robust to identify the risks and make sure the company works to good codes of best practice and conduct.     

Do you see firms with the highest audit scores actually working to a higher standard? And if so, with industry schemes like the ACS for security do you think customers are made aware of that higher performance at audit, or could this benchmark of quality be more visible?

All ACS clients are given a score as part of the report following the audit. The audit report is also screened by the SIA. Follow up audits either demonstrate improvements in scores or not. This helps to ensure that SIA companies continually improve, and our auditors work with companies to maintain improvements. We work on behalf of the SIA and the reports and scores we produce are confidentially shared with the SIA and the customer. These can vary considerably from customer to customer against the standard. Visibility of reports and scores would be something that the SIA could consider. 

We would like to thank Nikki for her time and insight. To view more information on Alcumus Group and their services, visit www.alcumusgroup.com