[Audit] eBook Chapter 8: Resources and References

Chapter 8: Resources and References

This chapter provides a list of valuable resources and references to further enhance your understanding of Business Continuity Management (BCM) auditing. It includes industry publications, best practice guidelines, and relevant standards to support your BCM audit endeavors.

Industry Organizations and Standards

• British Standards Institution (BSI): https://www.bsigroup.com/
• Offers resources and information on BS 25999 - Business continuity management - Code of practice (withdrawn but still a reference for some organizations)
• International Organization for Standardization (ISO): https://www.iso.org/
• Provides access to ISO 22301:2019 - Security and resilience - Business continuity management systems - Requirements

Regulatory Bodies (Examples):

• Monetary Authority of Singapore (MAS): https://www.mas.gov.sg/
• Provides guidelines on BCM for financial institutions in Singapore. (Link specific to BCM guidelines can be found in Chapter 2)
• Bank Negara Malaysia (BNM): https://www.bnm.gov.my/
• Provides policy documents and guidelines on BCM for financial institutions in Malaysia. (Link specific to BCM guidelines can be found in Chapter 2)

Publications and Best Practices:

• "Business Continuity Management Auditing: A Guide for Businesses" by Andrew Nichols: This book provides a comprehensive guide to BCM auditing, covering the entire audit lifecycle from planning to reporting.
• "The BCM Standard: A Business Continuity Management Implementation Guide" by David Nathanson: This book offers practical guidance on implementing a BCM program, including considerations for auditing.
• National Institute of Standards and Technology (NIST) Special Publication 800-34 - "Guide for Conducting Risk Assessments" https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf?%3Futm_source=IDG
• While not specifically focused on BCM, this publication provides valuable insights on conducting risk assessments, a crucial element of BCM and BCM audits.

Disclaimer: The resources listed are for informational purposes only and do not constitute an exhaustive list. It is recommended to consult with relevant industry organizations and regulatory bodies for the latest standards and best practices in your specific jurisdiction.

More Information About Blended Learning Auditing BCMS Courses

BCM Institute offers two levels of BCM auditing courses: A-3 BCM-8030 ISO22301 BCMS Auditor [A-3] and the ISO22301 BCMS Lead Auditor [A-5].

Please feel free to send us a note if you have any questions.