Auditing Business Continuity Management

What Exactly is BCM Audit?

Written by Moh Heng Goh | Jul 9, 2021 7:56:18 AM

An example is a Business Continuity Management (BCM) audit, it is seen as a method by which procedures and documentation are measured against pre-agreed (BCM) standards.

There are three types of audits: First Party Audits are internal audits. Second Party Audits and Third Party Audits are external audits.

Often, as part of the discussion on business continuity management (BCM), there is a difference in the way the terms are defined.  To ensure consistency in our training of BCM - which includes Crisis Management (CM), Crisis Communication (CC) and IT Disaster recovery Planning (DRP) professionals, the "BCM Umbrella" is one of the several diagrams used to integrate and better explain the holistic view

Business Continuity Management or BCM is a holistic management process for identifying potential impacts from threats, and for developing response plans.  The key objective is to increase an organization's resilience to business disruptions and to minimize the impact of such disruptions.

BCM Planning Methodology

Potential threats can endanger the continuity of not only business processes, but also, Information Technology (IT) infrastructures, as well as the continuity supply chain processes.  The result of applying the BCM Planning Methodology is a response and recovery plan that will minimize the debilitating impact of threats to allow the continuity of the various business processes.

From the "BCM Umbrella" shown above, explanation of the disaster recovery for IT, business continuity, supply chain, and crisis.

Disruption to IT: Disaster Recovery Planning

Disaster Recovery Planning or DRP is a process of developing advanced arrangements and procedures that enable an organization to respond to a disaster and resume the critical business and IT applications within a predetermined period of time, minimize the amount of loss, and repair or replace the damaged facilities as soon as possible.

Often, it is spelled out as IT Disaster Recovery because this term "disaster recovery" is often confused or used synonymous with "disaster management".

Disruption to Continuity of Business: Business Continuity

Business Continuity Planning or BCP is the process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption.  The end result of BCP is the BC Plan.

Disruption to Suppliers: Supply Chain Continuity

Supply Chain Continuity Management refers to the capability of ensuring uninterrupted flow of products and services from suppliers to customers within an acceptable level and time frame so as to safeguard the prioritized activities of the organization and interested parties. 

Disruption to Organization Due to Crisis

Crisis Management or CM is the overall coordination of an organization's response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability, reputation, or ability to operate. 

The terms incidents, emergency and events will be explain in another blog.

Reflection

It is important to note that definition is meaningful when everyone involved in the project or program have this common understanding.  Often, I hear argument amongst the team members and even senior management on the objectives of the plan.  The bottom line is that they have not even establish the common understanding of the terms.

I often had comment that the current definition is wrong and I replied that the key is that plans that is developed is consistent within that particular organization and most important, the team will work together with the objective of the "specific" plan being clear and concise to each member executing the plans.

Lastly, if you would like to continue to know more about BCM Audit please click the button down below.         

 

Resource

Goh, M. H. (2016). A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Extracted from "*Updated*What Exactly is Audit?"

 

Singapore Government Funding for BCM-8530 Course

The next section applied to Singaporean and Singapore permanent residents.  Click button "Government Funding Available" to find out more about the funding that is available from the Singapore government.  This include the CITREP+, SkillsFuture Credit and UTAP.

 

Find out more about Blended Learning BCM-8530 [BL-A-5] & BCM-8030 [BL-A-3]

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org