BCM Audit Series
Blog_Jan_Ban.jpg

Conduct the Audit

Once the opening meeting is completed and it is time to start the first meeting with the Auditee, arrive and meet the executive Auditee. This internal representative will be assigned to the assigned business unit manager.
Moh Heng Goh
BCMS Audit Certified Planner-Specialist-Expert

Conduct the AuditIC_Morepost_Conduct the Audit

Once the opening meeting is completed and it is time to start the first meeting with the Auditee, arrive and meet the executive Auditee. This internal representative will be assigned to the assigned business unit manager.

Expectation of Auditor During Conduct of Audit

As an Auditor, you are expected to:

  • Explain what you want to see/do
  • Investigate to a necessary depth
  • Satisfy the sample requirement
    • Do not over-sample
    • Do not assume wrong exists
  • Move on to the next business unit.

While conducting the audit the Auditor may want to observe the following

Learning Useful Audit Tips

  • Use your audit checklist as your guide
  • Document audit trails as it begins to appear
  • You will make many observations.
  • Make the following decisions:
    • Disregard
    • Note for later follow-up
    • Follow-up now
    • Call in a team
    • Request for a technical expert
    • Seek assistance from related parties

These are additional guidance to Auditors on:

  • Asking questions
  • Phrasing questions
  • Taking notes
  • Practising good audit behaviour

Asking Questions

These are some of the questioning techniques that are used during a typical interview:

  • Clear: This question is usually simple and unambiguous.
  • Closed-ended: These usually result in a “Yes” or “No” answer.
  • Open-ended: This questioning approach will result in a long answer being provided.
  • Probing: These specific questions are used for finding details

Phrasing of Questions

The techniques for the phrasing of each question usually start with the 4 “Ws”: Who, What, When and Where. However, questions phrased with “Why”, “How” and “Elaborate” tend to provide better answers. .

Taking Notes

It is important to take notes constantly throughout the audit as they make a good reference. The notes can be used for investigation for both the present and at a later stage of the audit. These notes can also be shared with the other Auditors and be referred to in future audits.

Auditors are strongly encouraged not to rely on or trust their memory when documenting evidence. Taking notes requires the writer to have the content recorded legibly, retrievable from the system, and be as specific as possible, with citation of examples.

The notes should be copious and must-have reference or document numbers, dates, and serial numbers. For the notes to be used as objective evidence, they should have the following:

  • Statements that should be admissible
  • Dates
  • Document numbers
  • Item Identifiers
  • Locations and Places
  • Revision information
  • Names
  • Designations of Auditees

Practising Good Audit Behavior

Here are some good and bad auditing practices and behaviors that Auditors should constantly be aware of.2Phase BL-A-5 Certification Logo_v2

Summary of Good and Bad Audit Practices

 

Good Auditing Practices

Undesirable Auditing Behaviour

Talk to the right people

Give subjective opinions

Speak clearly and simply

Ask too many unnecessary questions

Learn to use local terminology and language

Ask leading questions

Look at the person in the eyes when interviewing

Appear to understand when you do not know

Do not talk down to anyone

Taking sides during an audit

Show the Auditees that you are their friends

Provide Auditees with insufficient time to answer

Be unemotional and impartial.

Provoke an argument

Do not get excited or fix the blame

Criticize individuals

Avoid interrupting an Auditee.

Do not thank the Auditee

Find the facts and present them

Attempt to answer your questions

Rephrase your question if the Auditee does not seem to know what you are asking.

Hide non-conformance until the report is presented

Figure 5-1: Summary of Good and Bad Audit Practices

The Auditors should also avoid known pitfalls and difficulties such as expectation gaps arising from the local environment, cultural divergence, or the lack of specialist expertise.

Document Audit Activities and Findings

Working Papers are documentary evidence obtained from the Auditees. The content of the papers is analyzed so as to achieve an audit conclusion. Audit working papers provide the basis for the findings and audit recommendations to be reported. Audit working papers are a key part of the evidence used by Auditors in arriving at the BCM Audit conclusions and recommendations.

Workpaper Reference

This is the content of a typical set of working papers, or sometimes referred to in short as wallpaper.

Table of Content for Workpaper

 

Section

Description of Workpaper

A

Audit Program

B

Survey Planning Memorandum

C

Audit Assignment and Independence Statement

D

Engagement Letter and Notification

E

Opening Meeting

F

Interviews (planning/survey phase only)

G

Flowcharts

H

Internal Control Questionnaire

I

Relevant Standardized Audit Program (with observations notes and comments)

J

Risk Assessment Internal Control Evaluation

K

Finding Development Sheets

L

Background Information

M

Fieldwork Standardized Audit Program

N

Introduction Purpose and Scope (Draft)

Figure 5.2: Table of Content for Workpaper

Review and Analyze Audit Findings

This chapter outlines the methods of analysis that an Auditor can use to arrive at a well-founded audit opinion. As an Auditor, the understanding and review of this chapter will allow one to evaluate the audit findings and to avoid time-consuming details when reviewing the BCM Planning Methodology. The steps to be taken are to:

  • Visualize the Auditee’s narrative.
  • Group the interviewee's narrative by BCM area (The seven-phase within the BCM Planning Methodology).
  • Identify gaps in the audit plan that have not been addressed in interviews.
  • Request clarification as appropriate to complete the data gathering process

Auditors can find a list of commonly overlooked areas (Appendix 8) as a reference guide. The Auditor is strongly recommended to categorize the findings using the phases within the BCM Planning Methodology.

Keep Auditees Informed

In addition to practices and behaviours, managing the Client or Auditees is a constant demonstration of openness and trust. These are some of the approaches to achieve that goal:

  • Review findings regularly with Auditees.
  • Inform Auditee before any rumours about your observations reach them.
  • Keep the findings and recommendations constructive.
  • Demonstrate professionalism throughout the audit.
  • Locate and talk to all the right people and include the appropriate personnel.
  • Be precise, attentive and responsive.
  • Create rapport with Clients
BCM Planning Methodology

BCM Audit Areas

One approach for identifying areas to audit is to use the BCM Planning Methodology and divide each phase according to individual BCM audit areas.

In a typical BCM audit, each phase of the BCM Planning Methodology can be used as a BCM area for audit. The detailed information for each phase can be found in the BCM book series. Please refer to pages 125 to 128 for a brief summary of each book. The cross-referencing table is as shown in Figure 5-4.

 

No/Bok 10

BCM Planning Methodology

Reference to BCM Book Series

1

Project Management

Managing Your Business Continuity Planning Project (2nd Ed)

2

Risk Analysis and Review

Analyzing and Reviewing the Risks for Business Continuity Planning

3

Business Impact Analysis

Conducting Your Impact Analysis for Business Continuity Planning (2nd Ed)

4

Business Continuity Strategy

Developing Business Continuity Strategy for Your Business Continuity Plan

5

Plan Development

Implementing Your Business Continuity Plan

6

Testing and Exercising

Testing and Exercising Your Business Continuity Plan (2nd Ed)

7

Program Management

Managing and Sustaining Your Business Continuity Management Program

Figure 5-4: Cross Referencing of Content of BCM Planning Methodology with BCM Book Series.

Manage Administrative Overheads

Having highlighted the audit fieldwork process, one challenge commonly faced by the Auditor is the failure to take into account the administrative overhead, logistics overhead and additional time buffers for clarification of information gathered. The latter is often under-estimated as a significant percentage of audit time will have to be allotted to "housekeeping" tasks such as status meetings or interim reporting to stakeholders.

Summary

The effective and efficient execution of a BCM Audit Fieldwork is the result of the adoption of the audit plan during the execution of the BCM Audit. The careful evaluation of findings and clear formulation of recommendations must be strictly adhered to at this stage.

A Manager’s Guide to Auditing & Reviewing Your Business Continuity Management Program

Resource

Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Extracted from "Conduct the Audit"

 

 

New call-to-action

Singapore singapore_flagGovernment Funding for BCM-8530 Course

The next section applied to Singaporean and Singapore permanent residents.  Click the button "Government Funding Available" to find out more about the funding that is available from the Singapore government.  This includes the CITREP+, SkillsFuture Credit and UTAP.

 

Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]

New call-to-action Tell Me More About BCM- 8030 New Call-to-action
New call-to-action TMM [BL-A-5] Register [BL-A-5]
FAQ for BL-A-3 Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org New call-to-action

For Your Comments

More Posts

New Call-to-action