RBA Assessment Program

The Responsible Business Alliance (RBA) offers flagship audit programs designed to uphold and verify compliance with social, environmental, and ethical standards within supply chains.

Program Overview

Validated Assessment Program (VAP)

The VAP is the RBA's leading standard for onsite compliance verification. Conducted by independent, third-party firms, it evaluates against the RBA Code of Conduct, which encompasses labor practices, health and safety, environmental impact, ethics and management systems. The RBA itself does not conduct assessments but sets the standards and relies on approved firms to execute the VAP protocol.

Specialty Validated Assessment Program (SVAP)

The RBA Specialty Validated Assessment Program (SVAP) addresses specific compliance areas within supply chains. These targeted assessments provide companies with in-depth evaluations of critical issues, enabling more effective risk management and compliance.

SVAP on Forced Labor

This program focuses exclusively on identifying risks of forced labor at employment sites, such as factories, and labor providers, including labor agents or recruitment agencies. Developed in response to increasing regulatory and market demands for advanced due diligence, the SVAP on Forced Labor helps companies detect and address conditions that may contribute to forced labor within their supply chains.

SVAP on Chemical Management

This program aims to evaluate and enhance factories' chemical safety practices, ensuring alignment with industry standards. The SVAP focuses on RBA Code of Conduct provisions related to chemical management, providing a detailed assessment of facilities' practices. This program assists companies in identifying and mitigating chemical safety risks, including hazardous occupational exposures and chemical emergencies.

Program Benefits

• Enhanced Credibility: Independent, third-party assessments demonstrate a commitment to high standards, building trust with customers, stakeholders, and regulators. RBA also uses triangulation and quality management to ensure the highest standards are met.

• Risk Mitigation: Identify and address potential risks before they escalate into costly disruptions or reputational damage.

• Global Alignment: Compliance with international standards, including ISO and industry-specific regulations.

• Efficiency: Streamlined processes reduce the need for multiple audits.

• Capacity Building: Detailed corrective action plans empower facilities to make sustainable improvements.

• Comprehensive Scope: VAP covers direct and indirect spend.

---

VAP Recognition

A Focus on Closing Audit Findings

The elements of the RBA VAP audit are challenging. We recognize the effort that goes into closing findings. The RBA VAP Recognition Program looks to a factory's commitment to social and environmental responsibility. Excel in our unique program and distinguish your factory.†††

Recognition Tiers

Platinum

• Must be VAP (no CMA/AMA)
• Must close all findings† and submit a CAP in RBA Online
• Must have VAP closure Audit
• Must have a score of 200

Gold

• Must be VAP (no CMA/AMA)
• Must close Priority and Major findings† and submit a CAP in RBA Online
• Must have VAP closure Audit
• Must have a minimum score of 180††

Silver

• Must be VAP (no CMA/AMA)
• Must close Priority findings† and submit a CAP in RBA Online
• Must have VAP Priority Closure Audit
• Must have a minimum score of 160††

---

† If there are Priority Findings in forced labor/child labor, the site is subject to an unannounced audit over the next 12 months.

†† Auditees are still expected to close the remaining findings according to the VAP audit guidelines.

††† Audits establish a baseline based on a certain snapshot in time. An audit is not a guarantee that a site is without issues; the site is responsible for being and remaining in conformance.

---

Auditor Guidebook

Version 8.0 – Feb 2024

Introduction

Objective

The Auditor Guidebook details the standards, conduct, and qualification requirements that Audit Firms and auditors are expected to maintain, in order to meet the standards set for RBA VAP suite of programs.

The RBA audit program provides highly professional audits conducted by third-party auditors and managed by the RBA. In order to ensure an excellent level of quality, RBA approves all participating audit firms and auditors.

RBA approves three types of auditors at three distinct levels, which are associated with the requirements of the RBA Code of Conduct and associated audit program.

Disciplines:

• Labor and Ethics (LE)
• Environment, Health, and Safety (EHS)
• Specialty audits (SVAP) (e.g., Forced Labor, Chemical management)

Type of Auditor:

• Provisional auditor
• Auditor
• Lead auditor

Types of Audits:

• Validated Assessment Process Audit (VAP)
• Customer Managed Audit (CMA)
• Auditee Managed Audit (AMA)
• Specialty audits (SVAP) (e.g., Forced Labor, Chemical management)

The term "auditor" throughout this document refers to VAP, CMA, AMA and SVAP auditors. Internal auditors of RBA member companies shall also follow the qualification criteria listed in this guidebook if they wish to seek registration as RBA-approved auditors to conduct CMA/AMA audits for their own company or supplier.

---

Confidentiality

Between RBA and auditors

The RBA consider all information, correspondence, and documentation submitted by the auditor in support of the auditor's certification activities strictly private and confidential.

The RBA reserves the right to share the names of the approved auditing firms and the approved auditors (Lead Auditor, Auditor and Provisional), in accordance with legal requirements. These names may be published so that member companies know which auditors have been approved to conduct RBA audits.

The RBA reserves the right to communicate to RBA Member Companies about auditors and/or auditing companies who have had their approval terminated. In addition, the RBA reserves the right to provide information to RBA Member Companies, the RBA, and the RBA Board of Directors, about the performance of auditors and audit firms.

Between auditors and auditees

Auditors are expected to keep strict confidentiality following the agreements signed with the Audit Firms. This includes but is not limited to:

• Not disclosing information about auditees to parties outside of relative agreements
• Adhering to auditee policies about IP, photographs, and removing sensitive information from auditee site
• Ensuring reports are void of sensitive or proprietary information

Breaches of confidentiality may result in suspension or termination of an auditor or audit firm (refer to section on suspension and termination for more information).

Firms may be asked to sign additional Non-disclosure agreements with individual auditees and may do so at their own discretion.

CMAs, AMAs, and training

Only RBA-approved audit firms and auditors may conduct CMAs, AMAs that are based on the RBA Code of Conduct. Details about the latter are outlined in the Audit firm Non-Technical Services Agreement (NTSA).

Currently, there is no CMA or AMA equivalent for Specialty Audits (SVAP), and these can only be conducted through the RBA.

For CMA audits, audit firms have the responsibility to ensure that the auditors appointed are RBA-approved auditors and qualified with VAP registration details.

For AMA audits, RBA members have the responsibility to ensure that the auditors appointed are RBA-approved auditors and qualified with VAP registration details.

Audit firms conducting AMA's or CMA's without using the current or qualified VAP or SVAP registration for the auditors involved with that audit, may be suspended, or removed from the RBA Audit firm roster.

---

Audit Firm Requirements

RBA conducts approvals on both a firm and individual auditor basis. Audit firm approval is reviewed on an annual basis. New audit firms are subject to a one-year probationary period.

RBA controls the number of firms to ensure that audit volume is sufficient for all firms to meet capacity requirements. RBA occasionally asks for new firm participation.

Audit firm approval

To be considered an approved RBA audit firm, an audit firm must complete an approval application and prove (through documentation) the following:

• Have the required indemnity, public, and private insurances
• Firm accreditation by another accreditation body (ISO accreditation from various accreditation councils; government accreditation; APSCA; other as reviewed by RBA)
• Provide a dedicated account manager for RBA
• Internal policies and processes:
  • Pledge to confidentiality
  • Requiring and enforcing ethical behavior with auditors
  • Internal quality control
  • Handling customer complaints

In addition, firms will be asked to provide information regarding:

• Information on how auditors are screened / hired
• Working with smaller programs

Firms must also periodically sign the RBA Agreement for Exchange of Confidential Information (AECI) and Non-Technical Services Agreement (NTSA).

Capacity requirements

Audit firms are expected to maintain a roster of auditors in good standing and in various geographies. Audit firms must also conduct a minimum number of audits per year to maintain approval. The capacity requirements are:

Year 1:

• Number of auditors: 10
• Number of countries: 5
• Number of RBA audits: 15

Year 2+:

• Number of auditors: minimum of 15
• Number of countries: 5
• Number of RBA audits: 25

Capacity in a given country is dependent on having a full audit team available for that geography.

Note that Chinese Taipei is considered an independent geography.

---

Roles and Responsibilities

Audit firm responsibilities

Audit firms are expected to adhere to the agreements signed with the RBA as well as to implement policies and practices as portrayed to the RBA. In addition, audit firms must:

• Oversee the implementation of RBA policies, procedures, and requirements among individual auditors within the firm.
• Understand the RBA, Code of Conduct, and program requirements.
• Monitor auditor approval and training statuses.
• Immediately notify the RBA Audit Program Manager (APM) when auditors leave or resign from the firm.
• Conduct internal training to auditors on basic auditing and RBA Code of Conduct requirements and skills as appropriate.
• Manage internal audit and auditor quality.
• Track audit and report progress.
• Notify the RBA of late reports before they are late.
• Notify the RBA of issues or concerns arising from the audit or code interpretation.
• Facilitate (through a dedicated account manager) communication with individual auditors.

Auditor roles and responsibilities

The audit must be conducted following the expectations outlined in the relevant RBA Operations Manual.

Auditor responsibilities include, but are not limited to:

• Acting in an honest and ethical manner
• Adhering to all RBA policies, procedures, and requirements
• Executing the audit:
  • Audit preparation
  • Arrange and conduct the audit preparation meeting
  • Conducting the audit
  • Finalizing the report through the RBA Quality Control process
• Supplying the proper documentation as required by RBA audit procedures
• Conducting the audit by the contents of the relevant RBA Operations Manual and following RBA Audit Protocols
• Understanding applicable national, regional, and local regulatory requirements
• Applying RBA standards and code interpretations
• Participating in the opening, closing and other necessary meetings
• Deploy RBA remote worker survey and non-retaliation mechanism to in scope workers
• Escalating all "Priority" Non-Conformances as required by the RBA
• Preparing findings documentation, including complete descriptions of supporting evidence, for all assigned audit criteria questions, as required by the RBA Audit Protocol
• Gathering field notes and copies of evidence (documents, photos) upon completion of the audit report, and providing to the Audit Program Manager (APM) as needed

Audit team composition

The RBA VAP audit team must always consist of at least one Lead Auditor for EHS and LE. For example, there may be a lead auditor who is approved in both EHS and LE accompanied by a team auditor, OR there must be a Lead Auditor approved for LE AND a Lead Auditor approved for EHS.

Exception: only one Lead Auditor is needed for a closure audit where review is only on either EHS or LE issues.

At least 51 percent of the audit team must be a lead auditor or auditor. Provisional auditors may make up less than 50 percent of the audit team (therefore, if there are two auditors, neither may be provisional; if there are three auditors, one may be provisional; if there are four auditors, one may be provisional; if there are five auditors, two may be provisional).

Non-approved auditors may attend and observe the audit.

Non-approved auditors attending audits must follow the same RBA auditor standards about professionalism and ethical behavior and must follow the audit process.

---

Auditor Approval

All auditors must show the proper professionalism, and competencies to conduct RBA audits. While all auditors must display certain competencies, Lead auditors must hold added competencies to ensure they can properly lead audits. Additionally, there are differences between competencies needed for EHS, LE, and SVAP auditors. Auditors can be approved for all disciplines but must meet the requirements for each designation.

Approval is valid for two years from issuance, unless otherwise noted by the RBA.

No other certifications, training or qualifications can exempt an auditor from these requirements.

Only auditors associated with an approved firm, or an RBA member company may apply.

Overall competencies

Auditors are expected to have the following basic competencies:

• Knowledge of general auditing principles that qualify the auditor to conduct audits in an exact and systematic manner
• Ability to understand reference documents that enable the auditor to apply audit criteria
• Knowledge and/or experience that empowers the auditor to understand an organization's operational and industry context
• Knowledge of applicable laws, regulations, and other requirements relevant to the auditee's situation
• Ability to communicate clearly, orally and in writing, with personnel at all levels of an organization, including workers, the APM and RBA staff
• Ability to determine the conformance of a system designed to meet the RBA requirements
• Ability to generate correct, proper, and responsible audit findings and conclusions
• Experience upholding the principles of proper ethical conduct, fair presentation, and due professional care

In addition, auditors are expected to have specific competencies for each discipline:

• Knowledge of internationally accepted norms, laws and regulations relating to their discipline
• Knowledge of relevant industry codes of practice, legal requirements, guidelines, and standards related to their discipline
• Knowledge of relevant international, national, and local judicial systems and legislative frameworks
• Knowledge of relevant social responsibility and labor culture, trade unions, NGOs (Non-Governmental Organizations) and other interested parties within the country or area of operation

Approval for more than one geography

In order for an auditor to be approved to conduct audits in a country outside of that in which they live, the auditor must prove the following in the application for each country for which they are seeking approval:

• Fluency in the local language (to be verified by the audit firm)
• Demonstrated understanding of the local laws (to be verified by the audit firm)
• Legally eligible to work in that country (e.g., via work permit or visa)

Initial applicants

Initial applicants must meet the requirements for experience, auditor certification, and RBA training for each level. The requirements are related to the discipline for which the auditor is applying. Evidence such as certificates, CVs, audit logs, audit reports, etc. must be sent with the application.

All applicants may use relevant types of audits to support their applications, i.e., ISO 14001 and ISO45001, RBA VAP/CMA/AMA; SA8000.

---

Experience and Education

Lead auditor

It is mandatory that lead auditors meet the requirements for the labor and ethics scope. They may also meet the requirements for the environmental, health and safety scope.

Auditor can apply based on one of the following two pathways:

Pathway 1: Work Experience Only

• At least 5 years of work experience as an auditor or auditing work, managing auditors, or other involvement in an auditing process
• At least 2 years of work experience conducting audits in the relevant discipline
• 35 person days of audit experience in the relevant discipline over the previous 24 months

Pathway 2: Combination of Work Experience and Education

• A combination of 6 years of experience and relevant education (one must be true):
  • 4-year university/college degree plus two years auditing experience
  • 3-year university/college degree plus three years auditing experience
  • 2-year university/college degree plus four years auditing experience
• At least 2 years of work experience conducting audits in the relevant discipline
• 35 person days of audit experience in the relevant discipline over the previous 24 months

CV / supporting documents must clearly prove that education was in a relevant field.

A valid CSCA APSCA certification may substitute required number of person days of audit experience in the relevant discipline over the previous 24 months.

Auditor

An auditor must meet the requirements for at least one of these: labor and ethics scope and/or health and safety scope.

Auditor can apply based on one of the following two pathways:

Pathway 1: Work experience only

• At least 3 years of work experience as an auditor or auditing work, managing auditors, or other involvement in an auditing process
• At least 2 years of work experience conducting audits in the relevant discipline
• 25 person days of audit experience in the relevant discipline over the previous 24 months

Pathway 2: Combination of Work Experience and Education

• A combination of 4 years of experience and relevant education (one must be true):
  • 3-year university/college degree plus one year of auditing experience
  • 2-year university/college degree plus two years of auditing experience
• At least 1 year of work experience conducting audits in the relevant discipline
• 25 person days of audit experience in the relevant discipline over the previous 24 months

CV / supporting documents must clearly prove that education was in a relevant field.

A valid CSCA APSCA certification may substitute required number of person days of audit experience in the relevant discipline over the previous 24 months.

Provisional Auditor

A provisional auditor must meet the requirements for at least one of these: labor and ethics scope and/or environmental, health and safety scope.

Auditor can apply if they meet the following criteria:

• At least 3 years of work experience as an auditor or auditing work, managing auditors, or other involvement in an auditing process
• At least one of those years must be spent conducting audits in the relevant discipline

Either:

• (i) 12 person days of audit experience in the relevant discipline in the previous 24 months, or
• (ii) Observe a minimum of three RBA VAP/CMA/AMA audits and be observed in two RBA VAP/CMA/AMA audits in the previous 24 months.

A valid ASCA APSCA certification may substitute required number of person days of audit experience in the relevant discipline over the previous 24 months.

---

RBA Training and Qualification Exam

All applicants must complete RBA training courses and pass the relevant training and qualification exam. All auditors must re-validate their training every 24 months.

RBA training Courses:

• RBA Audit Preparation Course: Needed for all initial auditors
• The RBA Code of Conduct (CoC) Course: needed for all initial auditors
• Investigatory Skills Training: needed for all third-party initial auditors
• RBA SVAP Course: only needed for SVAP auditors

An in-house course conducted by an RBA approved Audit Firm and pre-approved by the RBA may substitute for this requirement.

The fee for the review of audit firm's internal RBA CoC course is USD $2500 per course and it is non-refundable.

In addition to the course, auditors must pass the corresponding qualification exam for each discipline by scoring a minimum of 80 points in each exam.

Auditors that fail the exam must re-take the full course before they can sit for the exam again.

---

Auditor Certification

Basic Auditor Certification

In addition to the required RBA training, auditors must prove during the application process that they have completed internal audit firm training process for (team/lead auditor), and other relevant external training and certifications, by providing supporting documentation such as current CVs, audit logs, shadow audit logs, auditor training and certification / accreditation certificates.

Auditors must prove one of the following:

• Existing management system training and accreditations, such as: ISO 19011, ISO 9001, ISO 14001, SA8000, ISO45001, or equivalent
• Current member of Association of Professional Social Compliance Auditors (APSCA) or can prove conformance with APSCA membership requirements (www.theapsca.org)
• Current member of International Register of Certificated Auditors (IRCA), or can prove conformance with IRCA membership requirements (www.quality.org)

Renewal applicants

Approved auditors who apply for renewal must meet the following criteria:

• Auditors must complete a minimum of 8 person days of audit experience on their relevant discipline within the previous 24 months to be renewed.
• RBA Audits include VAP or SVAP only.
• For SVAP auditor renewal, only SVAP audits are accepted.

All auditors must take a renewal auditor training course as well as pass the corresponding qualification exam within 24 months of their initial, or latest qualification.

Continuing professional development

It is strongly recommended that auditors continue their professional development, they must attend the following:

• Training / webinar on the revision and/or up-date of RBA Code of Conduct, audit tools (mandatory)
• Attendance at the RBA Auditor summit (technical content only)
• RBA-related training courses organized by RBA Learning Academy

In addition, they are encouraged to attend:

• Local legal and other regulatory requirement training courses, workshops, and conferences
• Other EHS, LE, Forced Labor-related training courses, workshops, and conferences
• Internal auditor calibration workshop

Re-application by lapsed or expired auditors

Auditors who have had their approval lapsed or expired may be able to reapply for approval.

Any re-approval includes going through the approval process and meeting the qualifications, including attendance at the RBA Code training course, and passing the RBA Qualification Test.

Auditors who have had approvals expired due to not completing the required actions (RBA audit experience) in the required time may reapply at any time.

Re-classification of auditors

The auditor can apply for reclassification of approval status (move from "Provisional" to "Auditor," or "Auditor" to "Lead Auditor") at any time. If/when an auditor or auditing company or RBA member company wants to reclassify the auditor, they must complete the required application and pay the associated processing fee. If the auditor is in good standing, and if they meet the requirements of the newly requested classification, they will be approved in their new classification.

Their approval is valid from their last successful RBA Code - related training course or RBA qualification test.

Freelance auditors

Freelance auditors may be used provided they are subject to the audit firm's policies and procedures and agreements with the RBA. Freelance auditor performance contributes to individual firm approval, suspension, or termination.

Specialty audits (SVAP) Auditors

SVAP auditors have added requirements:

• Attend an RBA SVAP auditor Training Course
• Be an approved LE Lead / Auditor / Provisional Auditor respectively
• 12 person days of audit experience at equivalent audit type for which the auditor is applying

SVAP auditor classification will follow VAP guidelines in the Experience and Education section.

Exceptions

Exceptions to the qualification process can be granted by RBA in a case-by-case basis.

---

Application Process

Application materials

Applicants must provide through the audit firm account manager the following:

• Application form completed with relevant information and signed by the applicant and the applicant's supervisor
• Supporting materials including CV, audit log, audit reports (for non-VAP / SVAP audits)
• Training and test certificates

Application costs

All associated costs, including costs for training and processing of application, are borne by the audit firms or auditors or RBA Member Company for internal auditors. Fees are non-refundable except in extreme circumstances approved by RBA.

• Refer to the RBA website (http://www.responsiblebusiness.org/training-events/) for cost details on RBA Code Training
• Exam: $100 per discipline
• Application cost (USD):
  • Lead auditor: $100
  • Auditor: $75
  • Provisional auditor: $50

---

Auditor Suspension or Termination

Method of review

RBA collects data on each auditor and audit firm about quality, report turn-around-time, and professionalism. RBA asks for feedback from relevant stakeholders in addition to normal metrics.

RBA may, at any time, send an RBA employee or Appointed Agent to shadow an auditor. The information obtained in this shadow audit will be used for training purposes and to continuously improve the quality and credibility of the RBA Audit program.

Both the auditor and the Audit Firm may have their approval to conduct RBA audits suspended or ended.

The auditor may no longer be approved to conduct RBA audits, temporarily or permanently, for the following reasons:

Confirmed ethical breach

Acceptance of bribery, accepting gifts, unethical or dishonest audit scores, are examples of ethical breach.

• Ethical breaches apply not only to ethical issues within the RBA program, but any ethical issues with any audit or auditee, or within any auditing scheme.
• This decision is at the sole discretion of the RBA with support from the Appointed Agent.
• Approved auditor status removal is effective immediately upon confirmation of ethics violation.

Suspected, but not confirmed, ethical breach

Auditors that have a suspected, but not confirmed, ethical breach (acceptance of bribery, accepting gifts, unethical or dishonest audit scores, etc.) will be:

• Ethical breaches apply not only to the RBA program, but any ethical issues with any audit or auditee, or within any auditing scheme.
• Suspended from conducting audits during the investigation, unless otherwise allowed to do audits by the RBA, with support from the Appointed Agent.
• Suspended from conducting RBA audits for up to 12 months (to protect the RBA and RBA audit process) – Auditor must be re-approved as a new Auditor prior to conducting RBA audits.
• Placed on probation for up to 24 months (probation means any other ethical breach, or suspected ethical breach, during this time may result in removal from the approved auditor list).
• The decision to consider any auditor in "Suspected, But Not Confirmed, Ethical Breach" and the application of any or all of the above is at the sole discretion of the RBA, with support from the Appointed Agent.

Egregious errors

Large errors in the audit process, including, but not limited to, not completing portions of an audit, late audit submittal without communication, extremely unprofessional quality, breach of confidentiality, etc.

• First offense – warning to the auditor
• Second offense – Auditor on probation for between 6-24 months (probation time applied at the discretion of the RBA, with support from the Appointed Agent, based on factors related to the offenses)
• Third offense – if the third offense occurs while on probation, auditor is removed from approved auditor list
• As a result, the auditor is no longer approved to conduct RBA audits, but may request re-approval as a new auditor after 12 months.

Continual errors

Late reporting, unprofessionalism, or other issues that are not addressed or corrected.

The RBA reserves the right to suspend auditors who continually make similar mistakes or otherwise do not implement corrections to the process as suggested by the Appointed Agent or the RBA.

Detrimental actions

The RBA have the sole discretion to terminate any auditor for any reason at any time for actions, comments, attitudes or any other actions or factors that may be detrimental to the RBA audit program. Protection of the RBA's reputation and confidence in the program by member companies, auditors, auditees, external stakeholders, and others is the top priority in determining termination of any auditor's approval to work within the RBA system.

Re-application for qualification

Auditors may become re-approved to conduct RBA audits but must be approved through the same process as an initial application.

• Auditors who have had approvals lapse due to confirmed ethical breaches will not be re-approved.
• Auditors who have had approvals lapse due to suspected, but not confirmed, Ethical Breach(s) may re-apply after 12 months. Approval, at that time, is at the sole discretion of the RBA.
• Auditors who have had approvals lapse due to three or more egregious errors may re-apply after 12 months. Approval, at that time, is at the sole discretion of the RBA.
• Auditors who have had approvals lapse due to three or more complaints from the auditee may re-apply after 12 months. Approval, at that time, is at the sole discretion of the RBA.

---

Audit Firm Suspension or Termination

The audit firm's ability and approval to conduct an RBA audit may be ended or suspended for the following reasons:

Confirmed ethical breach(es) within the firm

Acceptance of bribery, accepting gifts, unethical or dishonest audit scores, etc.

• For each ethical breach, or suspected ethical breach, the Audit Firm must prove to the RBA the measures taken to prevent future breaches, which may include increased or additional training, monitoring, oversight, or other such activities. This should be included in a Corrective Action Plan sent to the Appointed Agent or the RBA for review.
• If the audit firm does not prove proper actions, their approval will be terminated.
• During the investigation and demonstration phases, the audit firm may be suspended from conducting RBA audits.

NOTES:

• These decisions are at the sole discretion of the RBA, with support from the Appointed Agent
• These breaches are not only restricted to RBA audits, but they also include any ethical issues with any audit type, or within any auditing scheme

Egregious errors

Systemic issues within the audit firm with egregious errors in the audit reports or audit process, or if the audit firm uses non-approved auditors (or has too many Provisional auditors) to conduct an RBA audit:

• The Audit Firm must prove to the RBA, with support from the Appointed Agent, the measures taken to prevent future egregious errors, which may include increased or additional training, monitoring, oversight, or other such activities.
• If the Audit Firm does not prove proper actions, their approval will be terminated.
• During the demonstration phases, the Audit Firm may be suspended from conducting RBA audits.

NOTES:

• These decisions are at the sole discretion of the RBA, with support from the Appointed Agent
• These breaches are not only restricted to RBA audits, but they also include any ethical issues with any audit type, or within any auditing scheme

Continual errors

Late reporting, unprofessionalism, or other issues that are not addressed or corrected – systemic issues with continual errors in the audit report in process:

• The Audit Firm must prove to the RBA, with support from the Appointed Agent, the measures taken to prevent future errors, which may include increased or additional training, monitoring, oversight, or other such activities.
• If the Audit Firm does not prove proper actions, their approval will be terminated.
• During the demonstration phases, the audit firm may be suspended from conducting RBA audits.

NOTES:

• These decisions and actions are at the sole discretion of the RBA, with support from the Appointed Agent.

Detrimental actions

The RBA, with support from the Appointed Agent, has the sole discretion to terminate any Audit Firm for any reason at any time for actions, comments, attitudes, or any other factor that may be detrimental to the RBA audit program. Protection of the RBA's reputation and confidence in the program by member companies, auditors, auditees, external stakeholders, and others is the top priority in deciding termination of an Audit Firm's approval to work within the RBA system.

Audit firms that conduct AMA's or CMA's without using the current or qualified VAP or SVAP registration for the auditors involved with that audit, are included in this section.

---

Document Control

Field	Value
Document Title	RBA Auditor guidebook
Responsible	Juan Carlos Martinez
Executive Owner	Deborah Albers

Review History

Rev. Number	Date	Summary of changes
7.1	01/01/2022	1) Format changes to align with VAP Operations Manual V7.1 2) Requirements for number of audits are replaced by audit person days 3) Numeric reference included in the document 4) Modification for auditor renewal, only VAP or SVAP audits are valid for qualification renewal. CMA and AMA are removed 5) Section rearrangement from previous version
8.0	02/05/2024	1) Updated to V8.0 2) Added APSCA certification as an option to demonstrate audit experience 3) Remote worker survey deployment added to auditor responsibilities

---

For more information, contact VAP@ResponsibleBusiness.org

www.responsiblebusiness.org