Designing a Safeguarding Audit Programme That Commissioners and CQC Trust
A safeguarding audit programme is one of the clearest ways a provider can demonstrate that safeguarding is not left to chance. It shows how leaders test practice, identify risk early, learn from issues, and ensure actions are followed through. The difference between a “paper” audit programme and a trusted one is operational detail: what is audited, how samples are chosen, who validates findings, and how improvement is tracked.
This article forms part of Safeguarding Audit, Assurance & Board Oversight and should be read alongside Understanding Types of Abuse, because audit priorities should reflect real risk patterns and the types of harm most likely in each service model.
What a safeguarding audit programme needs to prove
A credible programme helps governance answer four practical questions:
- Coverage: Are we auditing the right safeguarding risks across all services and localities?
- Method: Are we sampling in a way that would stand up to scrutiny?
- Learning: Are we identifying themes and acting on them?
- Impact: Can we show evidence that changes improved safety?
If a programme cannot evidence these points, it risks becoming a compliance exercise rather than a safety mechanism.
Risk-based planning: choosing audit topics that matter
Safeguarding audits should be planned using multiple inputs, including:
- Safeguarding alerts and enquiry outcomes
- Incidents (including near misses) and trends
- Complaints, compliments and informal feedback
- Whistleblowing and “speaking up” themes
- Workforce risks (agency use, turnover, supervision gaps)
Risk-based does not mean “only after something goes wrong”. It means planning routine checks where the consequences of failure are high (for example, medication support, personal care, finance handling, restrictive practice, or night-time staffing).
Defensible scope and sampling
Audit scopes must be specific enough to test practice, not just policy awareness. Good safeguarding audit tools typically include:
- Document review (care plans, risk assessments, incident reports, safeguarding logs)
- Staff interviews (understanding of recognition, reporting, escalation, and MSP)
- Observation (how support is delivered in real time)
- Outcome checks (what changed for the person after actions were taken)
Sampling should be documented: why those people, those shifts, those staff, and that time period. Where possible, include “high-risk” sampling such as new starters, agency staff, lone working visits, night shifts, and people with complex communication needs.
Operational example 1: supported living audit programme built around real risk
Context: A supported living provider had multiple services with very different safeguarding profiles. One service had frequent financial exploitation concerns, another had repeated incidents linked to night-time staffing, and another had safeguarding enquiries linked to neglect allegations.
Support approach: The provider moved from a single generic audit tool to a programme with three core audits (recognition/reporting, care delivery and risk management, and management oversight) plus themed quarterly audits linked to current risk.
Day-to-day delivery detail: Audits included: spot-checking safeguarding logs against incident reporting to confirm nothing had been “held” locally; interviewing staff about escalation triggers; observing shift handovers; and testing whether risk assessments were updated after incidents. Audit visits rotated across weekdays, weekends and late/evening shifts to reflect the real operating pattern.
How effectiveness is evidenced: The programme identified repeated delays in recording and escalation during weekend cover. The provider introduced an on-call escalation checklist, retrained team leaders, and re-audited within eight weeks. Escalation timeliness improved and repeated issues reduced, demonstrated through safeguarding log trend data and management review minutes.
Triangulation: audits must connect with other intelligence
High-trust audit programmes triangulate findings with other data. For example, if an audit finds “good knowledge of safeguarding reporting” but whistleblowing themes suggest staff fear repercussions, the headline audit rating is misleading. Triangulation asks whether the system is working in reality, not just on paper.
Practical triangulation steps include:
- Cross-checking audit findings with complaints and safeguarding themes
- Comparing services against each other to spot variance
- Testing whether prior actions were completed and embedded
Operational example 2: domiciliary care auditing of neglect risk and time-and-task pressures
Context: A domiciliary care service saw an increase in neglect-related concerns, often linked to missed calls, rushed personal care, and incomplete documentation.
Support approach: The audit programme added a themed safeguarding audit focused on neglect risk drivers: scheduling, call monitoring, contingency cover, and supervisor oversight.
Day-to-day delivery detail: Auditors sampled a week of calls for people at highest risk (double-handed care, continence support, pressure area care) and cross-checked electronic call records against daily notes, MAR charts and spot-check findings. They also reviewed how missed or late calls were escalated and whether families were informed where appropriate.
How effectiveness is evidenced: The audit identified inconsistent escalation of missed calls and limited management scrutiny of repeat late visits. The service introduced a daily exception report reviewed by the duty manager, with a clear threshold for escalation to on-call and family communication. A follow-up audit showed improved response times and fewer repeat concerns, evidenced through exception reporting and reduced safeguarding alerts linked to missed calls.
Action tracking and governance: the “so what” of auditing
Audit programmes fail when findings do not translate into action. Strong providers use a simple but disciplined model:
- Each finding has a named owner and deadline
- Actions are tracked centrally and reviewed routinely
- Evidence of completion is recorded (not just “completed” as a status)
- Re-audit or validation is scheduled where risk is higher
Actions should be proportionate: some issues require immediate escalation (for example, unsafe staffing or suspected abuse), while others require improvement planning over time (for example, strengthening supervision quality).
Operational example 3: care home governance strengthened through “close the loop” auditing
Context: A care home had repeated audit findings around record quality and inconsistent safeguarding documentation, but issues reappeared each quarter.
Support approach: The provider introduced “close the loop” rules: no action could be signed off without evidence review and a validation check by a manager not directly responsible for the area.
Day-to-day delivery detail: For safeguarding documentation, the validation check included reviewing a fresh sample of incident reports, safeguarding referral records and resident notes, and speaking to staff about what had changed in practice. The Registered Manager also added a monthly governance session where safeguarding and quality audits were reviewed together, focusing on recurring themes rather than isolated findings.
How effectiveness is evidenced: Repeat findings reduced, and internal ratings improved. The home could show a clear line from audit issue → action → validation → sustained improvement, supported by audit logs and governance meeting records.
Commissioner expectation
Commissioner expectation: Commissioners expect a safeguarding audit programme that is risk-based, routinely delivered, and able to evidence improvement through tracked actions and re-audit where needed.
Regulator / Inspector expectation (CQC)
CQC expectation: CQC expects governance systems that identify and respond to safeguarding risks, demonstrate learning, and provide clear evidence that leaders know where practice varies and how they address it.
Practical takeaway
A safeguarding audit programme that commissioners and CQC trust is not complicated, but it is disciplined. It focuses on real risks, uses defensible sampling, triangulates findings with wider intelligence, and closes the loop through action tracking and validation.