Business Continuity Management
shutterstock_FC00036-1.jpg

PgM 20: What is BCM Audit?

BC planning is similar to any other business activity that is critical to the success and continuation of an organization. BCP is an activity which is subject to audit.

“ Reviewing has one advantage over suicide: in suicide you take it out on yourself; in reviewing you take it out on other people”
George Bernard Shaw


Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert
Why Audit?

 

IC_Morepost_Chapter 1_Program Management

BC planning is similar to any other business activity that is critical to the success and continuation of an organization. BCP is an activity which is subject to audit.
 
Auditors consider BCP to be as sensitive as security in terms of critical business risk areas. When the Auditors audit the BC activity, they hope to find that the activity is being properly carried out and that the BC Plan is comprehensive, current and appropriately tested. Knowing what the Auditors are looking for will not only make for a smoother audit, it will help to improve the overall BC Plan.

The process of building a business case for implementing a BC Plan is critical to the success of the plan. This is where the Auditor’s report on the lack of BC Plan will help to support the justification for BC initiative.

What is BCM Audit?


This stage gives an overview of the entire BCM audit process. It includes the objectives with the detailed tasks and expected deliverables.

Objectives


Formulate a mechanism to audit the Business Continuity Plan:
  • Plan and prepare audit
  • Conduct audit fieldwork
  • Review and discuss audit findings
  • Provide audit reporting

Tasks


The tasks to be completed in the Audit component of the Program Management phase include:
  • Conduct preliminary assessment and fact-finding
  • Formulate audit plan
  • Review the BC Plan process for compliance with methodology
  • Evaluate the BIA and Recovery Strategy
  • Check for compliance with policies and procedures
  • Review and discuss audit observations with Management
  • Issue of audit report

Expected Deliverables


The expected deliverables in a typical audit phase are:
  • Audit plan
  • Audit methodology
  • Audit observations
  • Audit report

Benefits of BCP Auditing


The auditing of the BC Plans:
  • Provide justification and motivation to the Executive Management on the inadequacies of BC planning process within an organization
  • Provide assurance with an independent and new perspective of the adequacy of the BC Plan
  • Provide fresh ideas and approaches that may not been considered by the BC development team
  • Eliminate the false sense of security that is derived from unaudited and potentially faulty planning assumptions
  • Provide the Executive Management and all responsible parties with those areas that need enhancement, correction and areas previously omitted
  • Motivate those responsible to carry out a more thorough job in anticipation of the BC Plan being audited subsequently
  • Determine that the process for managing the BC program is adequately put in place

In addition, it also offers a good opportunity to:
  • Evaluate the interactions among the preventive internal controls (or operational risk) program
  • Include the testing of the various components of the BC Plan
  • Observe the working relationships and interactions among various BC development groups that would be responsible for implementing the BC Plan
  • Bring out deficiencies in the organizational and personnel areas for timely correction

What Does Audit Process Entail?


The entire BC audit process involves the following phases:
 
Stage 1: Audit Planning and Preparation Stage 2: Audit Fieldwork [BL-A-WSQ] Stage 3: Audit Review and Reporting [BL-A-WSQ] Stage 4: Audit Follow-up

Phase 1: Audit Planning & Preparation

  • Conduct preliminary assessment
  • Conduct fact-finding
  • Formulate audit plan
Phase 2: Audit Fieldwork
  • Review the BCP process for compliance with methodology
  • Evaluate the BIA and Recovery Strategy
  • Check for compliance with policies and procedures, for example, frequency of exercise and maintenance of BC Plan
Phase 3: Audit Review & Discussion
  • Review and discuss audit observations with the Executive Management
Phase 4: Audit Reporting
  • Issue of audit report
A Manager’s Guide to Auditing & Reviewing Your Business Continuity Management Program

Conclusion


The detailed explanation for auditing and reviewing of BC Plan is further elaborated in the book, “Auditing and Reviewing of Business Continuity Plan” ISBN: 981-05-4300-X

 

Reference

Managing & Sustaining Your BCM ProgramGoh, M. H. (2021). Managing & Sustaining Your Business Continuity Management Program. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 20: What is Audit?"

More Information About Blended Learning BCM-5000 [BL-B-5]

To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org.  They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.

New call-to-action New call-to-action New call-to-action
New call-to-action New call-to-action New call-to-action
  FAQ [BL-B-3]

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org

 FAQ BL-B-5 BCM-5000  
 

  

Your Comments Here :

More Posts

New Call-to-action