Auditing

Introduction

This is a short guide to help you understand what an OISC audit involves and help you prepare when the time comes.

Why am I being audited?

When you register to give immigration advice, you agree to be regulated by the OISC. The audit is the opportunity for the OISC to check that you are giving advice and running your organisation in a way with which they are satisfied. In particular, they are checking to see whether your organisation complies with the OISC Code of Standards. On that basis, the OISC try to check as many organisations as possible on a regular basis.

What actually happens?

Step One: The OISC will contact you, usually by email, to inform you that you are going to be audited on a particular date. Typically, this will be 3-6 weeks in advance of the audit.

Step Two: You will be required to provide a case list to your auditor so that they can select some files at random to review. This could be around 10 days in advance of the audit itself.

Step Three: Next, you need to share the selected files with the auditor. We recommend doing this in advance of the audit itself in order to ensure no tech-related delays. Try to share the files in one go and in a secure manner, such as an encrypted zip folder.

Step Four: There is then the audit itself. The OISC representative will hold a kick-off call, where they will discuss your organisation generally with you. They will then review your case files, Continuing Professional Development (CPD) and other documents, before calling you at the end of the day (or perhaps the next morning) to give oral feedback.

Step Five: Finally, you will receive a written report at some point after the audit.

Do I need to prepare?

The audit is designed to assess your organisation at a given moment in time, so should not require too much preparation. However, there are a few small things you can do to ensure you put your best foot forward:

• Ask all your advisers to update their CPD records.
• Do a quick check of some files yourself to identify any issues in advance. Your list of cases only needs to include OISC-regulated files, it does not need to include other cases (e.g. benefits advice or asylum support). Your records / list does need to include the following: start date, closure date, caseworker, type of case, outcome going back approx. 2 years.
• Ensure you have copies of your organisation's business plan, funding documents and insurance documents for audit day.
• Send any files requested to the auditor well in advance of audit day.
• Communicate any issues you may have, particularly with meeting deadlines, to your auditor well in advance.
• Be open and honest – your auditor is there to help you run your organisation better, and you will not be able to hide issues from them.

What happens after the audit?

There are various things that may happen as a result of your audit:

• The auditor may feel that everything is in good shape and no follow-up action is required. If this is you, then great!
• The auditor may decide to organise a follow-up audit, perhaps for the following year. This is not an extreme measure in any sense – the idea is that the auditor can come back and see that you have taken their suggestions on board. Provided you do that, there is nothing to worry about.
• The auditor does also have the power to cancel your organisation's registration. However, this is very rare, and is reserved for when an organisation is repeatedly not responding to issues that have been flagged at multiple audits, or very serious integrity issues that would make your organisation unfit to give advice.