About AEO

The AEO Framework is a hierarchical set of documented system components that together provide Transport for NSW (TfNSW) with a sufficient level of assurance that outsourced engineering services are being delivered by capable and competent organisations.

The Authorised Engineering Organisations (AEOs) program supports the participation of the private sector to add more value and innovation to the Transport network by outsourcing of the engineering assurance function to the supply chain.

Authorisation will be provided to an organisation based on the types of engineering services it performs according to engineering disciplines and asset life cycle stages.

The scope of authorisation will be based on engineering disciplines as they are employed within the various stages of the asset life cycle – from concept and feasibility, through design, construction, testing, commissioning, maintenance, and decommissioning to disposal.

About the new AEO Framework v3

What has changed?

The key areas of change in the AEO Framework are:

T MU MD 00009 ST AEO Authorisation Requirements (v3.0):

  • Similar AEO requirements have been merged, so that 65 AEO requirements grouped in five areas has now been consolidated into 33 requirements;
  • The requirements have been arranged to reflect the new Engineering Management Capability Areas (EMCA);
  • Guiding notes have been updated to provide greater clarity and examples of typical expected evidence.

T MU MD 00009 F1 AEO Engineering Services Matrix (v3.0):

  • TfNSW asset lifecycle phases have been updated;
  • Asset lifecycle activities have been updated;
  • Specialist engineering disciplines have been updated. 'Managing Building Works' discipline is merged with the 'Engineering Management' discipline entry in the matrix that is now used to scope ALL engineering management service offerings;
  • The section for engineering services to be provided as standalone services has been re-aligned in four groups. Options for each group have been provided in the T MU MD 00009 SP AEO Authorisation Model (v1.0) document;
  • "A" and "P/A" options has been replaced with one single 'X' options with Notes section to be used for details;
  • Definitions for all listed disciplines and lifecycle activities have been enhanced and moved into the separate document.

T MU MD 00008 GU AEO Guide to Authorisation (v2.0) and T MU MD 00007 ST AEO Authorisation Governance Framework (v2.0) have been merged into the T MU MD 00009 SP AEO Authorisation Model (v1.0) as follows:

  • The authorisation process description has been updated;
  • The authorisation assessment process has been changed to focus more on applicant's self-assessment;
  • Asset lifecycle and engineering discipline definitions have been enhanced with more details and typical activities undertaken in them.

Published AEO authorisation toolkits:

The published AEO authorisation toolkits have been updated to align with the AEO Framework v3.0.

We are already an AEO - does the new framework affect us?

The current AEO services matrices will be re-published using the new template. This has no impact on the scope of authorisation. Your Authorisation Facilitator will work with you to ensure the updated version is correct before it is published.

Surveillance audits will be done using the updated set of AEO requirements to transition you. Mapping of the current AEO requirements to the new ones has been done to minimise impacts and to make the transition as seamless as possible.

AEOs currently undergoing scope expansion are not impacted.

There is no impact on works currently being delivered or contracts currently being fulfilled. The AEO can continue work as normal.

We are being assessed at the moment - will the new framework affect us?

AEO applicants currently being assessed and existing AEOs that are undergoing scope expansions are not impacted and will continue using the existing tools and templates. Their final services matrices will be mapped to the new template at the assessment completion.

We want to apply for accreditation - does the new framework affect us?

New applicants inquiring about the AEO authorisation process will be introduced to version 3. The changes will be part of our standard briefing and preparation processes.

We are preparing for assessment at the moment - does the new framework affect us?

You will receive the ASA standard communication email with details that are relevant to your situation and your Authorisation Facilitator will help you to get the most from the new AEO framework guides and tools to help you prepare for assessment.

Will the new framework have any impact on tendering for work?

There will be no changes to the need for AEO compliance in the procurement process. The ASA is working with procurement groups across the Transport cluster to help transition to the new AEO matrix.

When did the AEO Framework v3 become effective?

On 18 July 2017, Transport for NSW (TfNSW) held an industry briefing to launch version 3 of the Authorised Engineering Organisation (AEO) Framework. Over 180 people attended the event which included the recognition of significant milestones in the AEO journey - our 100th AEO and our first Maritime AEO.

Who can I contact for advice on the new framework?

Contact your Authorisation Facilitator, who will be able to take you through the new framework and answer any of your questions.

Transport for NSW Authorisation

Transport for NSW (TfNSW) Authorisation is conducted by assessing and rating the maturity of an organisation's own systems and their deployment against the AEO requirements. These are divided amongst the 11 Engineering Management Capability Areas (EMCA), representing the core capabilities necessary to enable an organisation to effectively deliver asset lifecycle services. The authorisation process seeks to understand how an organisation business model delivers them and how it continues to conform to them through their engagements with TfNSW.

The underpinning philosophy of the approach to authorisation is for the organisation to provide justified confidence, through documented argument, that its own capability meets the AEO requirements. Although it is expected that there will be some tailoring to TfNSW needs, organisations are not expected, or encouraged, to develop bespoke systems for TfNSW. Tailoring should be limited to providing context around the organisation's own systems and processes for Australia and NSW.

The EMCA are:

11 Engineering Management Capability Areas (EMCA)



EMCA 1Planning, managing and closing out engineering work
EMCA 2Managing the work requirements
EMCA 3Managing service or solution engineering
EMCA 4Managing assurance, verification and validation
EMCA 5Managing configuration
EMCA 6Managing competence (including contractor and subcontractor competence)
EMCA 7Managing stakeholders
EMCA 8Managing resources
EMCA 9Managing supplier quality
EMCA 10Managing performance of the engineering systems
EMCA 11Continuous improvement of the engineering systems

AEO Surveillance Audit

What is a surveillance audit?

Audits are a systematic, independent and documented verification process of objectively obtaining and evaluating audit evidence to determine whether specified criteria are met (AS/NZS ISO 19011:2014).  The ASA undertakes risk-based surveillance audits of AEOs to measure the level of compliance with authorisation requirements including demonstrated evidence of active deployment of an AEO's systems in an organisational and/or project environment.

Underpinning the surveillance process are:

  • a competent systems auditor performing the role of team leader;
  • engaging competent SMEs, as required, as part of the audit team;
  • adopting a consultative risk-based approach to developing targeted audit scope – utilising information from previous assessments, audits or other sources;
  • undertaking the audit in line with the agreed audit plan;
  • completing the audit report in the agreed timeframe;
  • following up with the AEO to ensure that agreed actions are addressed and closed.

When does an AEO undergo the first surveillance audit?

The first surveillance audit is scheduled around 12 months after being granted AEO status and establishes a critical baseline of performance against that during the assessment phase. It establishes how the organisation's systems and processes are measured and rated at a deployment level.

How frequently will an AEO need to undergo a surveillance audit?

The Manager Audit & Compliance, ASA, develops a program of surveillance audits on all AEOs that is updated regularly.

After the first surveillance audit, a risk-based approach is adopted by ASA with all AEOs to ensure areas which present higher risks to TfNSW are identified and targeted as a priority during ongoing surveillance activities, including outstanding action items.

The frequency of surveillance is based on a range of risk considerations, which also contribute to scope development:

  • maturity levels and findings from the initial authorisation assessment;
  • any outstanding actions from the initial assessment;
  • previous surveillance audits findings and any outstanding actions;
  • scope of services and disciplines offered by the AEO;
  • TfNSW contracts awarded to the AEO;
  • risks associated with the particular AEO services, especially safety risks.

The output of ongoing surveillance is used to adjust maturity classification levels, if required, and the frequency, depth and focus of subsequent surveillance audits.

When and how will an AEO be advised of a surveillance audit?

Each ASA systems auditor is assigned a number of AEOs to manage for surveillance purposes.  They will forward notification to the AEO about 3 months in advance of the proposed audit date.

The notice of intent to audit will include a questionnaire for the AEO to complete and return to the ASA. The responses in the questionnaire both confirm and assist the ASA in developing targeted risk-based audit scope.

The ASA is aware that AEOs typically experience a range of third party activities that may impact on their business. Therefore we engage with the AEO during the planning phase to enable the most effective and efficient arrangements to accommodate the surveillance audit and reduce the impact on business activities.

What is a Special Audit?

A Special Audit is initiated at short notice on an AEO where a prompt investigative response is required to an identified risk. A serious incident or systemic issue involving an AEO may trigger a Special Audit which is conducted outside of the regular surveillance audit program.  The decision to proceed with a Special Audit is made after review of information or evidence made available to the ASA and discussions with the AEO.

The ASA may also be engaged to conduct a Special Audit on an operator maintainer AEO against specific rail services contract requirements, including asset integrity.

A competent auditor is assigned the role of audit team leader and necessary SMEs are engaged to be part of the audit team.  The defined terms of reference or scope will set out the parameters of the Special Audit, the timeframe in which it needs to be completed and any special conditions.

What is an Action Management Plan?

It is a condition of being granted AEO status that each organisation addresses agreed actions appropriately within agreed timeframes and that they comply with any conditions imposed by the ASA as part of their authorisation. These details are set out in the letter of authorisation issued by the ASA.

An Action Management Plan is generated after the final audit report is released, using an approved ASA template. The Action Management Plan provides for inclusion of actions, controls and due dates proposed by the AEO in response to audit findings.

It is incumbent upon the AEO to address, as a priority, higher level action items which present the greatest risk (i.e. serious/major non-conformances) and proposed action responses must meet the intent of report findings.

The ASA systems auditor will liaise regularly with the AEO until actions are progressively closed-out based on evidence provided.

Framework and governance documentation

Frameworks and governance documentation for Authorised Engineering Organisations is available on the ASA standards page.