Auditing Business Continuity Management

What are the Types of BCM Audit?

Written by Kalaivani | Jul 10, 2021 5:27:22 AM

Types of Audits


It is important when reading this book, to remember that it aims to serve as a guide to the reader who is:

  • An Internal Auditor of an organization.
  • An External Auditor from a professional audit firm
  • A third party such as a BCMS Auditor.

 

The major differences are that if an audit is conducted internally, familiarity with the information and knowledge about the Auditees reduces the introductory formality, and certain formalities are minimized.


Internal Audit (First Party Audit)


First Party Audit is for organizations auditing themselves for internal purposes. This audit need not only be conducted in-house as it can also be carried out by an external organization.

External Audit (Second Party Audit)


Second Party Audit is an external audit that is usually performed by the customers or by any other party on the organization’s behalf. It can also be done by any external party that has an interest in the "Auditee" organization.

External Audit (Third Party Audit)


Third-Party Audit is performed by independent external organizations to determine whether or not an organization complies with the standard. Third-Party Auditors are commonly referred to as registrars or certification bodies.

 


In this book, this type of audit, called Certification Audit, will be introduced. It entails auditing an organization before the organization embarks on a BCM certification audit. The Auditors, led by a Lead Auditor, will inspect and certify the organization against a BCM standard.

The content of this book also provides and show the application of the principles and methodologies for reviewing and auditing a BC Plan. Based on my practical experience as both as an Auditor (public accounting firm) and Reviewer (internal and external BCM Consultant within organizations) of BC Plans and BCM programs,

I  have prepared and included a series of easy-to-use BCM Questionnaires which can be easily tailored to be used as Standardized Audit Programs. This is to assist persons without prior audit experience in BCM to perform audits of specific business units’ and corporate-wide BC Plans or BCM programs.

 

 

Resource

Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 2.3: What are the Types of BCM Audit?"

Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org