Photo by SMKN 1 Gantar on Unsplash
Audits and health checks
Self-audits and independent audits: where each one fits
Internal checks and external audits do different jobs. How to use both, and why the routine self-audit is what keeps a building honest between visits.
Two kinds of audit get talked about as if they compete. The self-audit, run by the people who manage the building, and the independent audit, run by someone with no stake in the result. In practice they do not compete at all. They answer different questions, and a building managed well uses both. The self-audit asks "are we keeping on top of this day to day", a question only the people on the ground can answer often enough to matter. The independent audit asks "would this stand up to someone who is not us", a question the people on the ground cannot answer honestly about their own work. Confusing the two, or relying on only one, leaves a predictable gap.
What each one is for
A self-audit is frequent, internal and operational. It is the building's own people checking that escape routes are clear, that doors close, that the monthly checks are happening, that the records are current. Its value is in frequency and proximity: it catches drift early, because the people running it are in the building all the time. Its weakness is also its proximity. It is hard to see the problems you have stopped noticing, and harder still to fail your own work.
An independent audit is occasional, external and assurance-focused. Its value is the fresh eye and the absence of stake. An outsider notices the propped door you have walked past for months and is willing to record the finding plainly because their reputation depends on rigour, not on the building looking good. Its weakness is frequency and cost. You cannot afford to bring an independent auditor in every month, and a once-a-year external view, on its own, leaves long stretches unobserved.
They are complements, not alternatives
The right model uses each for what it does best:
- Self-audits keep the building honest between independent visits. Frequent internal checks mean the building does not drift unobserved for a year and then surprise everyone when the external auditor arrives.
- Independent audits validate the self-audits. A fresh eye confirms that the internal checks are catching what they should and not quietly normalising problems.
- Together they cover both frequency and objectivity. Neither does both. Self-audits are frequent but partial; independent audits are objective but rare.
A building that relies only on self-audits risks blind spots and an assurance gap, because no one outside has confirmed the internal view. A building that relies only on independent audits drifts badly between visits, because nothing internal is watching. The combination is what holds.
Where statute pushes toward independence
For some assessments, the question of who carries them out is not just good governance but a matter of competence. The Fire Safety Act 2021 confirmed that the fire risk assessment, required of the responsible person under the Regulatory Reform (Fire Safety) Order 2005, must address the structure, external walls including cladding and balconies, and flat entrance doors. Judging the external wall construction of a tall building is specialist work, often calling for a PAS 9980 external wall fire review by a suitably qualified assessor, not something a routine internal walk-round can settle. Similarly, for higher-risk buildings under the Building Safety Act 2022, the safety case report the Accountable Person must produce for the Building Safety Regulator is not a self-certification exercise; it has to satisfy an external regulator. Knowing where your competence ends and an independent assessor's must begin is part of running the building properly.
Keep self-audits honest
The chief risk of a self-audit is that it becomes a comfortable ritual that confirms what you already believe. A few habits keep it honest. Use a defined checklist rather than a freeform look, so the same things get examined each time and a problem cannot hide simply by not being thought of. Rotate who carries it out where you can, so the same blind spots do not persist. Record findings plainly, including the awkward ones, because a self-audit that never finds anything is not reassuring; it is suspicious. And feed the findings into the same tracked, owned action list a failed independent audit would generate, so the two streams of work converge rather than running separately. The mindset here is close to the one in turning a failed audit into a plan, not a panic: a finding is information, wherever it comes from.
Make the independent audit easy to run
The better your self-audits and running records, the cheaper and more useful the independent audit becomes. An external auditor who arrives to find current records, a clear history and tracked actions can spend their time on judgement rather than archaeology. An auditor who has to reconstruct the building's recent past from fragments spends the visit, and your fee, assembling what should already have been there. Good internal record-keeping does not replace the independent audit; it raises its return. The same point applies to anything you might call a self-assessment of compliance status across a portfolio, where consistency between buildings matters as much as depth within any one.
Decide the split deliberately
The practical step is to decide, for each building, what is self-audited and how often, and what requires an independent eye and at what interval, and to write the reasoning down. A higher-risk residential building with a complex façade sits very differently from a small, stable low-rise block, and the split between internal and external assurance should reflect that rather than defaulting to a single pattern for everything.
This is the shape SAMRISK supports: routine internal checks and formal audits living in the same record, with findings from either becoming owned, dated, tracked actions, and a clear history that makes the independent audit quicker when it comes. You can see how that fits on the audits and compliance calendar pages. The self-audit and the independent audit are not rivals. One keeps the building honest day to day, the other proves it to someone who is not you, and a well-run building wants both.
