A quality manager at a UK civils firm spent thirty hours over four days last year pulling eighteen months of evidence into shape for an ISO 9001 surveillance audit. The work was done. The evidence existed. It was scattered across inboxes, shared drives, an old version of SharePoint and one person’s head.
That is £4,500 of one person’s time on a single audit. It does not include the corrective actions raised that would not have been raised against a properly organised evidence stack. It does not include the stress that arrives in week three of audit prep and stays until the closing meeting. It does not include the next surveillance visit twelve months later, when the same scramble starts again.
Multiply the cost by the number of UK SMEs holding ISO 9001, 45001 or 14001 and audit-week scrambling is a multi-million-pound problem that nobody chose.
The pattern is not the exception
We hear the same shape of story from businesses across UK engineering and construction. A 25-person fabrication firm with two ISOs. A 60-person M&E contractor with all three. A 200-person highways civils business preparing for triennial recertification. The job titles change, the project values change, the materials change. The audit-week pattern does not.
The work was done on site. The evidence existed somewhere. The week before the auditor arrives is spent finding it.
Why nobody fixes it
This persists because it is a structural problem, not a tooling problem. Evidence is generated by site staff: a method statement before the lift, a near-miss form filled in during the morning shift, a training record after the IPAF day. It gets filed wherever it ends up: a project folder, an email, a photograph on a phone, occasionally a formal document management system. It gets reviewed by office staff months later, when audit prep starts. It gets audited by external auditors, who only see the final pack.
No single person owns the flow end to end. The site team does not file with audit prep in mind because audits happen far away in time. The office team cannot enforce filing standards across every site without becoming the bottleneck. The auditor sees the output but has no view of the process that produced it.
Most SMEs in this market do not have a dedicated compliance person. The HSQE manager wears five hats: site safety, supplier reviews, training records, environmental aspects, internal audits, and an actual operational role on top. ISO evidence organisation gets the hours left at the end of the day, which on most days is none.
Software does not fix a structural problem on its own. The tools available historically were document management systems built for enterprises with dedicated compliance teams, and they assumed someone would configure the structure, train the team, and maintain the discipline. For an SME with no spare hours, that is the same problem in different packaging.
The costs people forget to count
The £4,500 of one person’s time is the visible cost. The hidden costs add up to more.
Corrective actions raised that would not exist with proper organisation. An auditor who cannot find evidence of a specific control writes a finding. The finding requires a closure plan, follow-up evidence, management attention. Even minor non-conformities consume hours. Major non-conformities consume days. Most are not “we did not do the work”; they are “we cannot demonstrate we did the work in the way the standard requires.” The work was done. The proof was not where it needed to be.
Lost tenders. Tier-one contractors and public-sector buyers filter on accreditation before they read the rest. The Procurement Act 2023, in force since February 2025, was specifically designed to open the door to SMEs in public procurement. The price of walking through that door is a clean ISO accreditation. A weak audit history, a string of non-conformities, a recent surveillance failure: any of those filters you out before your bid is opened.
Deadweight on recruitment. A new HSQE manager joining a business with a disorganised evidence base spends their first six months getting it in order before they can do the strategic work they were hired for. The cost is not just the salary during that ramp-up. It is the opportunity cost of what a good HSQE hire could have been doing instead.
Stress as a retention risk. Audit weeks are well-known burn-out events. Quality managers who carry the audit prep alone, year after year, are the ones who leave when something better comes along. Replacing them is expensive. Recruiting in this market is hard. Retaining the practitioners you have is the cheaper play.
The annual cost is not just audit week. It is also the surveillance audit prep three months out, the internal audit cycle, the management review, the recertification cycle that arrives every three years and sucks weeks out of the calendar. None of these is voluntary. All of them are made harder by evidence that is not where it needs to be.
The macro backdrop has changed
Three things matter here that did not matter five years ago.
The 10 Year Infrastructure Strategy commits £725 billion of public funding. The National Infrastructure Pipeline lists 734 projects worth £718 billion. UK engineering and construction SMEs are explicitly being invited into this pipeline, both as primary contractors on smaller works and as supply chain partners on the major schemes.
The Procurement Act 2023 is the biggest reform of UK public procurement in a generation. It rewrites the rules around social value, supply chain assessment, and SME access. It also formalises the requirement for accreditation in a way that was previously customary rather than codified.
ISO 9001, 45001 and 14001 are the price of entry for almost all of this. They are also the standards that tier-one contractors filter their supply chain on. An SME with shaky accreditation hygiene is a supply chain liability, and tier-ones know it.
Put differently: the businesses that get their evidence management right in 2026 will compete for projects that businesses with shaky accreditation cannot. The cost of audit-week scrambling stops being a productivity issue and becomes a commercial one.
What changes when evidence management is continuous
Evidence flows in as it is generated. A method statement uploaded by a site supervisor on Monday is mapped against ISO 45001 Clause 8.1 by Monday afternoon. A toolbox talk record from the same week is mapped against ISO 9001 Clause 7.2. A training matrix update reaches the right clauses without anyone manually filing it.
Audit prep becomes audit review. Instead of reconstructing eighteen months of activity in three weeks, you spend an hour reviewing what is already there. Gaps are visible months in advance, when there is still time to do the work and capture the evidence properly, rather than days in advance, when the only option is a rushed search.
The dashboard shows real-time clause coverage. Leadership sees how the business is tracking without waiting for the auditor’s verdict. Tender responses can include current accreditation strength as a known quantity, not a hopeful one.
New hires inherit an organised system rather than a mess. An HSQE manager joining a business that runs on continuous evidence management starts contributing strategy in week one, not month six.
Audit week loses its character as a crisis event. The auditor walks in, the structured pack walks out, the closing meeting is short. The next surveillance visit twelve months later does not start a new scramble; the work has been continuous all along.
What auditors actually ask
An ISO audit is not a check against the standard directly. It is a check against the management system you wrote to satisfy the standard. The auditor reads your policies, your plans, your procedures and your schedules; then asks whether you are actually doing what you said you would do. The questions sound like:
- “Your quality plan commits to quarterly internal audits. Show me you did them.”
- “Your training matrix says IPAF is required before MEWP work. Show me records for the people on site this month.”
- “Your toolbox talk schedule says weekly. Show me last quarter’s.”
- “Your supplier policy says annual review. Show me the most recent one.”
The standard provides the structure. Your management system documents provide the specific commitments. Your artefact evidence proves whether those commitments are being met. All three layers matter.
Most evidence software treats every document the same. A method statement, a quality policy, a training record, a supplier review: all just files in folders. That misses how audits actually work. The quality policy is a commitment. The supplier review is an artefact proving the commitment about supplier review is being met. They are different things, and the system that holds them should know the difference.
Where Slab fits
Slab is software built for this specific problem at SME pricing. ISO 9001, 45001 and 14001 are mapped clause by clause. The evidence engine reads documents as you upload them, recognises commitments in your plans, policies and procedures, recognises artefacts in your records, classifies each against the right clause with a confidence score and page reference, and links artefacts to the commitments they prove. The audit pack is one click away when the auditor arrives.
V1 is live and accepting Foundation client applications. The first 20 paying customers pay £74.50 per month in year one (50% off the standard £149/mo rate) and have a direct line to the founders. We ask for one monthly feedback call in return.
If audit week has cost you what it costs most UK construction SMEs, you already know whether continuous evidence management would change the calculation. The Foundation offer is open to the first twenty businesses that apply.
Apply now takes three minutes.