Stage 4: Audit Follow-up

Stage 4: Audit Follow-up

These are the major activities to be executed during the Audit Follow-up Stage:

1. Follow-up Audit
2. Follow-up Review
3. Follow-up Report
4. Surveillance Audit

[1] Follow-up Audit

Follow-up Audit is an audit which verifies that corrective actions have been accomplished as scheduled. It determines that the actions are effective in preventing or minimizing future recurrence. Usually, a Follow-up Audit includes a Follow-up Review and a Follow-up Report. These are the additional activities:

• Monitoring follow-up of the initial response to the audit.
• Reviewing and evaluating the corrective action response of the Client.
  •  Refer to “Execute Corrective Actions “ and “Corrective Action Procedures”
• Confirming the content on the “when, who, where, and how” to the response.
• Monitoring and reviewing the Client‟s actions to address the deficiencies and recommendations.
• Conducting a follow-up audit, or re-audit if necessary.
• Ensuring the corrective action are taken and a satisfactory conclusion is achieved
• Reviewing and filing of the documentation and records.
• Identifying actions for verification during the next audit.

[2] Follow-up Review

The Follow-up Review is a review of the Client's response letter to the audit report findings. The actions taken by the Client to resolve the audit report findings may be tested to ensure that desired results were achieved. All unresolved findings will be discussed in the Follow-up Report

[3] Follow-up Report

The Follow-up Report is a document generated after the Follow-up Review. This report lists the actions taken by the Client to resolve the original report findings.

Unresolved Findings

Any unresolved findings will appear in this Follow-up Report. It should include:

• A brief description of the findings
• The original audit recommendation
• The Client’s response
• The current condition
• The continued exposure to the Client

A discussion draft of each report with unresolved findings is circulated to the Client before the report is issued. The follow-up review results will be circulated to the original report recipients and the Client’s Executive Management as deemed appropriate.

The auditor would recommend the auditees to "Execute Corrective Procedures and Actions"

[4] Surveillance Audit (BCM Certification)

The Surveillance Audit is a periodic audit performed by an external Auditor to ensure that an organization still meets BCM or ISO standard requirements. The objectives of a typical surveillance audit are to:

• Conduct periodic audits to ensure that an organization still meets BCM standard requirements.
• Make Continual Assessment Visits (CAVs)
  •  On-going surveillance visits
• Have a Re-certification
  •  Once in every three years
  •  Option One is to re-certify by full system audit
  •  Option Two is to re-certify by a strategic review

Go to other Stages of the BCM Audit Process

Resource

Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Singapore Government Funding for BCM-8530 Course

The next section applied to Singaporean and Singapore permanent residents.  Click the button "Government Funding Available" to find out more about the funding that is available from the Singapore government.  This includes the CITREP+, SkillsFuture Credit and UTAP.

Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]