ISO22301 Auditor/ Lead Auditor
Example BCCLA/ BCCA #3
1. What was performed?
- As an Audit Section Head, I was tasked to take charge of the Group BCM review since 20x8. In my last BCM review, I formulated/ developed the annual audit plan and detailed audit procedure/ checklist on BCM based on the risk assessment, Central Bank Guidelines and the Banking Group’s BCM Framework.
2. When was it done?
- April 20X8 to Oct 20X2
3. How was it carried out?
- Prior to finalizing the documents, I worked closely with the BCM personnel and business users with an aim to understand the business needs and operating environment for effective review. The said Audit Plan also outlined the audit control objectives, scope and auditable area, and audit resources/ schedule necessary for the review.
- Apart from the planning and preparation, I have supervised my junior staff and carried out the review based on the established audit procedure/ checklist. Our audit fieldwork also covered the outsourced vendor facilities, formal agreements and also to determine whether they have their own BCM arrangements.
- The results of our audit review were discussed first with line managers to seek their explanation as well as the root causes and remedial actions of the issues noted.
- Thereafter, a formal Audit exit discussion will be called for Internal Audit to present and discuss the shortcomings noted with the BCM management team. This was followed by a written Audit report addressed to the Management Audit Committee and Group Audit Committee. Management responses, corrective measures and a timeline for completion of rectification actions are incorporated in the Audit report.
- All the corrective measures and their timeline together with any instructions/ comments from the BCM Steering Committee will be tracked, followed-up and monitored closely by me and tabled to the Management Audit Committee. For all closed issues, I will validate the actions taken by the BCM management team/ relevant business users before confirming issues are closed and removing them from the tracking list.
- Currently, I am conducting benchmarking studies against global best practices to identify short and longer-term opportunities for improvement for the upcoming audit review on BCM.
- I have also put in place a continuous review system to ensure every BCM related case lodged in our XYZ system is timely attended to for satisfactory resolution and duly factored into the risk profile and continuous enhancement of BCM of the Banking Group.