• 020 7060 6228
  • support@tpmg-group.com
  • Cardinal Point, Park Road, Rickmansworth, WD3 1RE

Get In Touch With Us!

Tell us what you’re dealing with an audit requirement, tender, compliance gap, operational risk, policies, training, or assurance. We’ll route you to the right specialist and come back with clear next steps that move you forward.

Your information will only be used by us in line with our Privacy Notice.

Edit Template

Get In Touch With Us!

Tell us what you’re dealing with an audit requirement, tender, compliance gap, operational risk, policies, training, or assurance. We’ll route you to the right specialist and come back with clear next steps that move you forward.

Your information will only be used by us in line with our Privacy Notice.

Edit Template

Internal Audit & Risk Assurance

Internal Audit and Risk Assurance

Independent Assurance That Stands Up to Scrutiny

Most organisations do not struggle because they lack policies. They struggle because ownership is unclear, evidence is inconsistent, and internal audits do not test what is really happening.

TPMG provides independent internal audit and risk assurance across management systems, operations, suppliers and governance so control becomes visible, actions become clear, and evidence stands up to clients, insurers, procurement and regulators.

Support can be delivered across UK | EMEA | APAC | NAM | LATAM.

Book A Consultation

What TPMG Audits

A practical route to stronger control

Choose the area you need now. Audits can be delivered as a focused review, a multi-standard programme, or an ongoing assurance cycle.

Core ISO Management Systems

ISO 9001, ISO 14001, ISO 45001

Core ISO Management Systems

 

 

Learn More

Cyber, Privacy & Information Assurance

ISO/IEC 27001, ISO/IEC 27701, Cyber Essentials readiness

Cyber, Privacy & Information Assurance

 

 

Learn More

Business Continuity & Resilience

ISO 22301 and continuity governance

Business Continuity & Resilience

 

 

Learn More

Anti-Bribery & Compliance Systems

ISO 37001 and ISO 37301

Anti-Bribery & Compliance Systems

 

 

Learn More

AI Governance & Digital Risk

ISO/IEC 42001 and AI management oversight

AI Governance & Digital Risk

 

 

Learn More

Energy, Carbon & ESG Controls

ISO 50001 and related evidence controls

Energy, Carbon & ESG Controls

 

 

Learn More

Supply Chain Security & FM Assurance

ISO 28000 and ISO 41001

Supply Chain Security & FM Assurance

 

 

Learn More

Food Safety & Quality Assurance

ISO 22000, ISO 22002-1 and FSSC 22000 support

Food Safety & Quality Assurance

 

 

Learn More

ISO 9001, ISO 14001, ISO 45001

Core ISO Management Systems

What usually goes wrong: Audits happen because “they have to”, but they do not test reality, actions drift, and leadership still lacks confidence.

How TPMG fixes it:

  • Internal audits are planned around risk, not routine alone.
  • Sampling focuses on what actually matters across sites, functions and suppliers.
  • Sampling focuses on what actually matters across sites, functions and suppliers.

Why it matters: ISO guidance makes clear that internal audits are a key feedback mechanism for management, and ISO 9001 requires audits at planned intervals.

Book A Consultation

ISO/IEC 27001, ISO/IEC 27701, Cyber Essentials readiness

Cyber, Privacy & Information Assurance

What usually goes wrong: Security controls look fine in policy, but access, supplier risk, incident readiness and privacy evidence do not hold up under questioning.

How TPMG fixes it:

  • Information security and privacy controls are tested in practice, not just reviewed on paper.
  • Governance, access, incident response and evidence quality are checked together.
  • The result is clearer assurance for audits, clients, insurers and procurement.

Why it matters: The average data breach now costs £4.88m globally, so evidence led security governance is no longer optional.

Book A Consultation

ISO 22301 and continuity governance

Business Continuity & Resilience

What usually goes wrong: Plans exist, but no one is sure whether they are realistic, current or owned properly.

How TPMG fixes it:

  • Business continuity arrangements are tested against how the organisation actually operates.
  • Roles, dependencies, escalation and restoration priorities are reviewed clearly.
  • Leadership gets a cleaner view of resilience gaps before disruption exposes them.
Book A Consultation

ISO 37001 and ISO 37301

Anti-Bribery & Compliance Systems

What usually goes wrong: Policies exist, but due diligence, approvals, escalation and evidence are inconsistent.

How TPMG fixes it

  • Compliance and anti-bribery controls are tested where decisions and transactions actually happen.
  • The audit checks ownership, records, approvals and reporting routes.
  • Risk becomes easier to evidence and harder to ignore.
Book A Consultation

ISO/IEC 42001 and AI management oversight

AI Governance & Digital Risk

What usually goes wrong: AI is being used in workflows, decisions or supplier tools, but ownership, controls and oversight are unclear.

How TPMG fixes it:

  • AI use cases, governance and risk controls are reviewed through an assurance lens.
  • Responsibilities, escalation paths and supplier dependencies are checked.
  • Leadership receives a clearer picture of what is being used, how it is governed, and where the real exposure sits.

Why it matters: ISO guidance makes clear that internal audits are a key feedback mechanism for management, and ISO 9001 requires audits at planned intervals.

Book A Consultation

ISO 50001 and related evidence controls

Energy, Carbon & ESG Controls

What usually goes wrong: Carbon and ESG evidence is rebuilt every time it is requested, and energy or emissions controls are not consistently owned.

How TPMG fixes it:

  • Controls, evidence standards and owners are defined clearly.
  • Reporting becomes more repeatable, auditable and commercially useful.
  • Gaps are prioritised so effort goes where scrutiny is highest.
Book A Consultation

ISO 28000 and ISO 41001

Supply Chain Security & FM Assurance

What usually goes wrong: Supplier and FM controls are assumed to be working, but contractor governance, evidence and site-level assurance are weak.

How TPMG fixes it:

  • Supplier controls, approvals, renewals and operational evidence are tested.
  • FM and security arrangements are reviewed against delivery reality, not just contract wording.
  • Oversight becomes clearer across sites, suppliers and service lines.
Book A Consultation

ISO 22000, ISO 22002-1 and FSSC 22000 support

Oversight becomes clearer across sites, suppliers and service lines.

What usually goes wrong: Food safety systems are documented, but PRPs, HACCP-related controls and evidence quality are not consistently maintained.

How TPMG fixes it:

  • Core food safety controls and supporting evidence are checked systematically.
  • Operational gaps are identified before they become certification or buyer issues.
  • Actions are prioritised so compliance becomes easier to maintain.
Book A Consultation

Insights

Guidance That Helps

Short, clear articles on safety, compliance, ESG and supply-chain control

Why “All-In-One” Compliance Platforms Fail After Go-Live

The Fastest Way to Make Your Compliance Platform Work

Platform Go-Live Rescue: Fix Adoption & Onboarding

Client Feedback

Why Organisations Choose TPMG

Commercial Director, Multinational FM

“Our ESG responses were inconsistent and we kept scrambling for evidence during tenders. TPMG helped us implement the right ESG reporting tool, but the real value was the structure they wrapped around it. We stopped guessing and have become far more credible with buyers.”

Head of Supply Chain, UK Security Services

“We were trying to manage supplier compliance across emails, spreadsheets and different standards. It was messy and risky. TPMG mapped what ‘good’ looked like, and helped us implement a single all-in-one system so everything finally sat in one place. The result was a smoother supplier onboarding process with clearer accountability, and far fewer delays.”

Procurement Lead, Major Projects

“We needed two things fast: access to quality suppliers and a better way to control risk. TPMG connected us to a network of 30,000+ vetted suppliers and helped us put the right risk management platform in place so we could track everything properly including TRIR and LTIFR. It changed how we operated, we are now more confident and in control”

QHSE Manager, Multi-Site Business

“We had certifications and good people, but our internal audits weren’t giving leadership real confidence. TPMG ran structured internal audits across ISO 9001, 14001, 45001 and 27001, and helped us extend into AI management governance. It was the first time our audit process felt genuinely useful.”

7 Days Ago

How We Work

Structure first. Then action. Then proof.

Book a Consultation

Step 1 - Submit Your Request

Share a few essentials so we can prepare properly and keep the call focused.

Step 3 - Consultation Call

We confirm what’s happening, what matters most, and the quickest route to control and proof.

Step 2 - Book Your Time

Choose a 10 to 15 minute slot that fits your urgency and schedule.

Step 4 - Clear Next Steps

You receive a short follow up with agreed actions and options, then you decide whether you’d like TPMG to support delivery.

Your information will only be used by us in line with our Privacy Notice.

Contact Us

Let us help you strengthen control quickly.

No. ISO standards are a major part of the service, but assurance can also cover supplier controls, governance, operational risk and readiness requirements.

Yes. The focus is on evidence led assurance so outputs are credible under external scrutiny.

The audit approach is planned to minimise disruption by using targeted sampling, structured interviews and focused site time.

Yes. Integrated audit programmes can cover multiple standards and functions where that is the most efficient route.

Yes. Internal audit can cover cyber, privacy, resilience, AI governance and supplier controls as well as the more traditional ISO areas.

Yes. Delivery can be aligned across UK, EMEA, APAC, NAM and LATAM requirements and operating models.

A clear report, prioritised findings, ownership, deadlines and evidence requirements for closure.

Because internal audits are one of the main ways leadership can verify whether controls are genuinely working not just assumed to be.

Compliance. Contractors.

ESG. Digital Systems. 

Done right.

Linkedin Youtube

Main Services

Internal Audit

ESG Readiness

Digital System Setup

Fire Risk Assessment

Incident Recovery

TPMG Consortium

Other Services

Client Advisory

Contractor Advisory

Public Sector

Policy Shop

e-Learning

Resourses

Insights (Blog)

Help Centre

Trust & Legal

Privacy Notice

Cookies & Preferences

Book a Consultation

© 2026 TPMG. All rights reserved. TPMG is a trading style of TPMG Group Ltd. Registered office: Cardinal Point, Park Road, Rickmansworth, Hertfordshire, WD3 1RE, United Kingdom.
Company No.14618789 ICO registration: ZC081136. Website content is provided for general information only. It is not legal, regulatory, financial or certification advice, and should not be relied on as a substitute for professional advice tailored to your organisation.