Auditing Business Continuity Management

Conducting A BCM Audit

Written by Moh Heng Goh | Sep 19, 2020 1:20:11 PM

Conduct the Audit

Once the opening meeting is completed and it is time to start the first meeting with the Auditee, arrive and meet the executive Auditee. This internal representative will be assigned to the assigned business unit manager.

Expectation of Auditor During Conduct of Audit

As an Auditor, you are expected to:

  • Explain what you want to see/do
  • Investigate to a necessary depth
  • Satisfy the sample requirement
    • Do not over-sample
    • Do not assume wrong exists
  • Move on to the next business unit.

While conducting the audit the Auditor may want to observe the following

Learning Useful Audit Tips

  • Use your audit checklist as your guide
  • Document audit trails as it begins to appear
  • You will make many observations.
  • Make the following decisions:
    • Disregard
    • Note for later follow-up
    • Follow-up now
    • Call in a team
    • Request for the technical expert
    • Seek assistance from related parties

These are additional guidance to Auditors on:

  • Asking questions
  • Phrasing questions
  • Taking notes
  • Practising good audit behaviour

Asking Questions

These are some of the questioning techniques that are used during a typical interview:

  • Clear: This question is usually simple and unambiguous.
  • Closed-ended: These usually result in a “Yes” or “No” answer.
  • Open-ended: This questioning approach will result in a long answer being provided.
  • Probing: These specific questions are used for finding details

Phrasing of Questions

The techniques for the phrasing of each question usually start with the 4 “Ws”: Who, What, When and Where. However, questions phrased with “Why”, “How” and “Elaborate” tend to provide better answers.

Taking Notes

It is important to take notes constantly throughout the audit as they make a good reference. The notes can be used for investigation for both the present and at a later stage of the audit. These notes can also be shared with the other Auditors and be referred to in future audits.

Auditors are strongly encouraged not to rely on or trust their memory when documenting evidence. Taking notes requires the writer to have the content recorded legibly, retrievable from the system, and be as specific as possible, with citation of examples.

The notes should be a copious and must-have reference or document numbers, dates, and serial numbers. For the notes to be used as objective evidence, they should have the following:

  • Statements that should be admissible
  • Dates
  • Document numbers
  • Item Identifiers
  • Locations and Places
  • Revision information
  • Names
  • Designations of Auditees

Practising Good Audit Behavior

Here are some good and bad auditing practices and behaviours that Auditors should constantly be aware of.

Summary of Good and Bad Audit Practices

Good Auditing Practices

Undesirable Auditing Behaviour

Talk to the right people

Give subjective opinions

Speak clearly and simply

Ask too many unnecessary questions

Learn to use local terminology and language

Ask leading questions

Look at the person in the eyes when interviewing

Appear to understand when you do not know

Do not talk down to anyone

Taking sides during the audit

Show the Auditees that you are their friends

Provide Auditees with insufficient time to answer

Be unemotional and impartial.

Provoke an argument

Do not get excited or fix the blame

Criticize individuals

Avoid interrupting an Auditee.

Do not thank the Auditee

Find the facts and present them

Attempt to answer your questions

Rephrase your question if the Auditee does not seem to know what you are asking.

Hide non-conformance until the report is presented

The Auditors should also avoid known pitfalls and difficulties such as expectation gaps arising from the local environment, cultural divergence, or the lack of specialist expertise.

 

Resource

Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 5-9: Conduct the Audit"

 

 

Singapore Government Funding for BCM-8530 Course

The next section applied to Singaporean and Singapore permanent residents.  Click the button "Government Funding Available" to find out more about the funding that is available from the Singapore government.  This includes the CITREP+, SkillsFuture Credit and UTAP.

 

Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org
View full post