Operational Resilience Audit Series
Bg Bann_OR_Audit and Review Questionnaires

OR [Sustain] Questionnaires: Conduct Independent Quality Reviews

This section is the "Sustain" phase of the Operational Resilience Planning Methodology.  These questionnaires serve as an initial audit checklist to review the final stage of the Sustain phase: Conduct Independent Quality Reviews.

Caution from Author: Remember that each blog or set of questionnaires and checklists should be used independently.  The reason is that there is overlapping content for all three phases and its 15 stages.  As a reviewer or auditor, you will never use all 15 sets of blogs concurrently.

Moh Heng Goh
Operational Resilience Audit-Specialist-Expert

New call-to-action

Conduct Independent Quality Reviews

New call-to-action

What is an Independent Quality Review?

A significant part of independent quality review revolves around audit and assurance.  It significantly contributes to achieving organisational objectives and value creation for shareholders and stakeholders, especially when implementing operational resilience.

New call-to-actionOR Sustain Phase Questionnaires: Conduct Independent Quality ReviewsThis section is the "Sustain" phase of the Operational Resilience Planning Methodology.  The fifth and final stage of the Sustain phase is to "Conduct Independent Quality Reviews."

Audit Checklist for Conduct Independent Quality Reviews

 

1. Documentation and Policy Review

  • Are operational resilience policies and procedures well-documented and up to date?
  • Is there evidence of a comprehensive operational resilience framework?
  • Are the policies and procedures aligned with industry best practices and regulatory requirements?
  • Are there clear guidelines and standards for operational resilience practices?
  • Is there evidence of senior management endorsement and approval of operational resilience policies?
Checklist
  • Review operational resilience policies and procedures documentation.
  • Assess the comprehensiveness and currency of the operational resilience framework.
  • Evaluate the alignment of policies and procedures with industry best practices and regulations.
  • Verify the presence of clear guidelines and standards for operational resilience practices.
  • Determine if senior management has endorsed and approved the operational resilience policies.

2. Training and Awareness

  • Has training on operational resilience been provided to employees at all levels?
  • Is there evidence of awareness campaigns and communication initiatives related to operational resilience?
  • Are training materials comprehensive and effectively communicated to employees?
  • Is there a mechanism to track and monitor employee completion of operational resilience training?
  • Are training programs periodically updated to reflect changes in operational resilience requirements?
Checklist
  • Verify the provision of operational resilience training to employees at all levels.
  • Assess the effectiveness of awareness campaigns and communication initiatives.
  • Evaluate the comprehensiveness and clarity of training materials.
  • Determine if there is a mechanism to track and monitor employee completion of training.
  • Review the process for updating training programs based on changes in requirements.

3. Testing and Exercise Evaluation

  • Have operational resilience plans and procedures been tested through exercises and simulations?
  • Is there a documented schedule for testing and exercising operational resilience capabilities?
  • Are different scenarios and levels of disruptions considered during testing?
  • Are testing results analyzed to identify areas for improvement and corrective actions?
  • Are there mechanisms to track and follow up on implementing corrective actions identified during testing?
Checklist
  • Review documentation of operational resilience testing and exercise plans.
  • Evaluate the adequacy of the testing schedule and the consideration of various scenarios.
  • Assess the analysis of testing results to identify areas for improvement.
  • Verify the existence of mechanisms to track and follow up on corrective actions.
  • Determine if lessons learned from testing and exercises are documented and incorporated into improvements.

4. Incident Response Evaluation

  • Is there an incident response plan in place for operational resilience incidents?
  • Has the incident response plan been tested and validated?
  • Are roles, responsibilities, and communication channels clearly defined within the incident response plan?
  • Is there a designated incident response team and a straightforward escalation process?
  • Is there a process for post-incident analysis and continuous improvement of the incident response capabilities?
Checklist
  • Review the incident response plan documentation for operational resilience incidents.
  • Evaluate the testing and validation activities conducted on the incident response plan.
  • Assess the clarity and accuracy of roles, responsibilities, and communication channels.
  • Verify the incident response team's existence and composition and escalation process.
  • Determine if there is a process for post-incident analysis and continuous improvement.

5. Compliance and Regulatory Requirements

  • Are there mechanisms to monitor and ensure compliance with operational resilience regulations?
  • Is there evidence of regular assessments and audits to evaluate compliance?
  • Are compliance gaps and deficiencies promptly addressed and remediated?
  • Are there documented processes to stay updated with evolving regulatory requirements?
  • Are there precise mechanisms for reporting and escalating non-compliance issues?
Checklist
  • Evaluate the mechanisms to monitor and ensure compliance with operational resilience regulations.
  • Review evidence of regular assessments and audits to evaluate compliance.
  • Assess the effectiveness of processes for addressing compliance gaps and deficiencies.
  • Verify the existence of processes to stay updated with evolving regulatory requirements.
  • Determine the clarity and effectiveness of mechanisms for reporting and escalating non-compliance issues.

Do note that some steps may overlap or appear similar in the other stages of the OR planning phases.  If this occurs, the questionnaires and checklists must be contextualised to the topic under review.

New call-to-action

Questionnaires and Checklist "Sustain" Phase

Introduce Cultural Change Develop Communication Strategy

Implement Training and Awareness

Provide Self-assessment

Conduct Independent Quality Review

New call-to-action New call-to-action OR Sustain Phase Questionnaires: Develop  Communication Strategy OR [Sustain] Questionnaires:  Implement Training and Awareness OR Sustain Phase Questionnaires: Provide Self-assessments OR Sustain Phase Questionnaires: Conduct Independent Quality Reviews

More Information About Blended Learning Operational Resilience Audit (ORA) Courses

BCM Institute offers two levels of OR auditing courses: ORA-3 Blended Learning ORA-300 Operational Resilience Audit Specialist and the ORA-5 Blended Learning ORA-5000 Operational Resilience Audit Expert.

New call-to-action New call-to-action New call-to-action
New call-to-action Tell Me More About BCM- 8030 New Call-to-action
New call-to-action Email to Sales Team [BCM Institute] Operational Resilience Audit Specialist (ORAS) Certification
New call-to-action Please feel free to send us a note if you have any questions. New call-to-action
 
 

For Your Comments:

 

More Posts

New Call-to-action