Operational Resilience Audit

Operational Resilience Audit Planning Step

Audit Planning

Preparation for Audit When conducting audit planning during an operational resilience audit, it is essential to ensure thorough preparation to achieve the audit objectives effectively. The following are detailed steps for the conduct of audit planning: Define Audit Objectives Determine Audit Scope Identify the Audit Team and Assign Roles Conduct Preliminary Research Develop an Audit Plan Conduct Risk Assessment Plan Data Collection Methods Establish Communication Channels Develop an Audit Schedule Conduct Entrance Meeting Prepare Audit Documentation Obtain Necessary Permissions and Access Finalise Audit Plan Define Audit Objectives Establish the specific objectives of the operational resilience audit. Outline what the audit aims to achieve. This includes identifying the key areas to be assessed, such as: The effectiveness of operational resilience measures Identify vulnerabilities Ensure compliance with established standards Preparedness, response and recovery plans Prepare testing mechanisms Provide governance and monitoring/reporting Determine Audit Scope Define the boundaries and extent of the audit. Identify the departments, processes, systems, or locations included in the audit. Consider any regulatory requirements, industry standards, or internal policies that should be considered. Identify the Audit Team and Assign Roles Assemble an audit team comprising individuals with relevant expertise and knowledge in operational resilience. Assign specific roles and responsibilities to team members, including an audit lead, subject matter experts, and support staff. Conduct Preliminary Research Gather background information about the organisation's operational resilience framework, previous audits, incident reports, and relevant policies and procedures. This research will provide a foundation for understanding the organisation's context and identify potential focus areas. Develop an Audit Plan Create a comprehensive audit plan that outlines the approach, timelines, and resources required. The plan should include specific audit procedures, sampling methodologies, data collection methods, and analysis techniques. Ensure that the plan aligns with the audit objectives and scope. Conduct Risk Assessment Perform a risk assessment to identify and prioritise areas of potential concern within the operational resilience framework. This assessment helps determine which areas require more in-depth scrutiny and guides the allocation of audit resources accordingly. Plan Data Collection Methods Determine the appropriate methods for collecting relevant data during the audit. This may involve document reviews, interviews with key personnel, observation of processes, or analysis of incident records. Develop data collection templates or checklists to guide the audit team. Establish Communication Channels Set up communication channels with key stakeholders, including senior management, process owners, and relevant staff members. Communicate the purpose and scope of the audit, expected timelines, and the level of cooperation required from stakeholders. Develop an Audit Schedule Create a detailed schedule that outlines the timing and duration of audit activities. Consider the availability of key personnel and any potential disruptions to operations. Allow sufficient time for on-site visits, interviews, and data analysis. Conduct Entrance Meeting Arrange an entrance meeting with key stakeholders to: Introduce the audit team formally Discuss the audit objectives, scope, and expectations and address any questions or concerns. This meeting helps establish a collaborative and transparent approach to the audit. Prepare Audit Documentation Develop standardised templates or tools to consistently document audit procedures, findings, and recommendations. Ensure the documentation aligns with regulatory requirements, industry standards, and internal audit protocols. Obtain Necessary Permissions and Access Ensure that the audit team has the required permissions, access rights, and security clearances to perform the audit effectively. Coordinate with relevant departments or IT personnel to obtain necessary access to systems, databases, and facilities. Finalise Audit Plan Review and finalise the audit plan based on any additional insights or feedback received during the preliminary stages of audit planning. Obtain approval from relevant stakeholders before proceeding with the execution of the audit.   Following these detailed steps for audit planning, the operational resilience audit can be conducted systematically and efficiently, setting the stage for a comprehensive assessment of the organisation's resilience capabilities.   Operational Resilience Audit Planning Steps     Find out more about Blended Learning ORA-5000 [BL-ORA-5] & ORA-300 [BL-ORA-3]

	Please feel free to send us a note if you have any of these questions.

Overview of ORA-5000 Operational Resilience Expert Auditor [ORA-5] Course

While professionals generally still prefer to attend an onsite classroom-based course with a facilitator or instructor being present, (electronic) online video face-to-face workshop practices are fast gaining momentum as a participant prefer to acquire the learning over some time.  The other preference is reducing travelling as remote work or attending courses in the office is becoming the norm.

The roadmap above is a snapshot of what you can expect from the programme. It is divided into the respective modules 1 to 4.  Find each module's syllabus by clicking the four [Course Content] buttons.  The content has been carefully crafted to ensure that your participation and outcome match each day of the ORA-5000 OR Audit Expert competency level. 

Click any of the four buttons [Course Requirement] to learn more about your participation and involvement in this course.

The course fee is SGD 3,850 for 100% online and SGD 4,150 for online + onsite, payable before the class starts. 

Module
Course Content
Course Requirement

Breakdown of the Time Spent

Module	Mode of Study	Flexible (Hours)	Mandatory & Fixed Timing (Hours)
	Online Self-pace eLearning (Eight 1-Hour Self Pace eLearning Classes)	1	8 (1-hour self-pace eLearning sessions)
	Facilitated Online Workshop (1 Hour Self-Reading + 6 Hours Scheduled Online Classes)	1	6 (3-hour x 2 separate sessions)
	Online Training and Discussion Workshop (2 Hours Reading/ Assignment + 3-Hour Schedule Online Classes)	2	6 (3-hour x 2 separate sessions)
	Online Training and Discussion Workshop (2 Hours Self Reading/ Assignment + 3 Hours Schedule Online Classes)	2	6 (3-hour x 2 separate sessions)
	Total Hours	6	24
	Attempt Qualifying Examination	Question	Duration
	Operational Resilience Audit Expert (ORAE) after ORA-5 course	100	2 and 1/2 hours
	Operational Resilience Audit Specialist (ORAS) after ORA-3 course	100	Completed during the Module 1 eLearning Module
	Operational Resilience Certified Planner (ORCP) after ORA-2 course	50	1 and 1/2 hours

Operational Resilience Audit for Financial Institutions

Post-COVID-19, various regulatory developments have impacted the financial services industry, such as refining the management of disruptions, increasing interconnectedness and third-party/ outsourcing dependencies and dependencies on IT.  This emphasises that operational resilience will remain a significant concern for the board, regulators, policymakers, investors and customers.

The challenge is organizations' approaches to dealing with differing regulations globally. In terms of resilience structure, organizations have looked at their governance frameworks and ensured they are fit for purpose. They utilise stress and scenario testing to assess their capabilities, which is more than their existing business continuity and crisis management programs.

What are the Differences and Concerns?

Click the icon on the right to learn more about the difference between Blended Learning and Hybrid Learning offered by BCM Institute.

The entire process is redesigned with pre-reading (at your own time and pace) and preparatory work (rather than one hour doing the work in class) supported by proprietary guidance notes. In fact, after several cohorts, the content from those who had attended our other advanced-level courses highlights a better way to provide the same outcome.

Instructors: Note that instructors delivering the modules will remain the same as those providing the onsite training.  At BCM Institute, most instructors still practise BCM and risk management professionals (in this case, operational resilience and operational risk) with a minimum of 12 years of direct BCM experience as they hold regional or global resilience responsibilities.

International Participation: Another significant change will be the participation of more international delegates compared to the traditional majority of Asian participants.  Be expected to discuss and work as teams from around the world.

Be expected to have more pre-readings as the objective is to ensure that knowledge that could be acquired via reading should be done outside the training session.  More time is allocated to sharing experiences between the participants and facilitators.

Schedule for Courses: This is the schedule and dates for the start of the next course.  Click "ORA-5000 Course Calendar" to learn more about the "RUNs" for the year.

Find out more about ORA-5000 [ORA-5] & ORA-300 [ORA-3]

 

	Please feel free to send us a note if you have any of these questions.

 

Overview of ORA-5000 Blended [BL] or Hybrid Learning [HL] Course [ORA-5]

The Operational Resilience (OR) Audit blended learning is the most advanced level of OR audit training for certification, financial, IT internal and external auditors.

This comprehensive course is equivalent to the international certification of an  Operational Resilience (OR) Auditor. Its combination of online interaction allows busy and interested auditors to study with minimal schedule disruption.

This course is NOT a four-day, hour-by-hour direct conversion course from its brick-and-mortar version but revamped with several guiding principles.

• Complete the course by developing the relevant toolkits for the entire auditing process.
• Built with OR knowledge, followed by the integration of OR auditing concepts.
• Provide participants with downloadable handbooks and the latest OR audit program based on the latest global regulatory update.
• Access to additional audit readings for those who are already experienced
• Facilitated by experienced IT/Financial and also OR implementer/auditors
• Able to conduct the audit via an electronic platform without travelling to another country or state.

Here is a quick overview of the course, divided into modules 1 to 4. Module 1 to 4 and their relationship to the ORA-300-400-5000 level courses are explained.

The conduct of each module is described with the corresponding on-site learning outcome.

Below is a snapshot of what you can expect from the program. Each module's syllabus has been carefully crafted to ensure that the outcome matches each day of the ORA-5000 OR Auditor competency level.  

Click the "Course Content" icon to learn more about each module's content (syllabus).  Click the "Course Requirement" icon to determine what you can expect as participants for each module.

Module (Day)	Course Content	Course Requirement

Breakdown of the Time Spent

Module	Mode of Study	Flexible (Hours)	Mandatory & Fixed Timing (Hours)
	E-learning/ Self Study	8	-
	Facilitated Online Workshop (3 Hours Self Study = Assignment + 6 Hours Schedule Online Classes)	3	6 (3-hour x 2 separate sessions)
Total Hours Blended Learning [BL]	Module 1 and 2 Note that participants attending Hybrid Learning [HL] will attend the same BL Module 1 and Module 2	11	6

Breakdown of the Time Spent Blended Learning (BL) Module 3 & 4
	Online Web Training and Discussion Workshop (2 Hours Self Study + 3-Hour Schedule Online Classes)	Two sessions	6 (3-hour x 2 separate sessions)
	Online Web Training and Discussion Workshop (2 Hours Self Study + 2 Hours Schedule Online Classes)	Two sessions	6 (3-hour x 2 separate sessions)
Total  Hours	Blended Learning [BL] Online Modules 3 and 4	Four 3-hour sessions	18
Breakdown of the Time Spent Hybrid Learning (HL) Module 3 & 4
	Hybrid Learning [HL] Onsite Face-to-face Workshop	1-day onsite	8
	Hybrid Learning [HL] Onsite Face-to-face Workshop	1-day onsite	8
Total Hours Hybrid Learning [HL]	Onsite Day 3 and Day 4	2-day onsite	16
Qualifying Examination for OR Audit Specialist/ Expert
	ORAE Qualifying Examination for OR Audit Expert  (after BL-HL-ORA-5 course)	100 Multiple-choice Questions	2 and 1/2 hour
	ORAS Qualifying Examination for OR Audit Specialist (after BL-HL-ORA-3 course)	100 Multiple-choice Questions	2 and 1/2 hour

What are the Differences and Concerns?

The primary concern with blended learning is that it will be another E-Learning training over a video channel.

The entire process is designed such that the content will provide the same outcome with pre-readings provided before the class, preparation of assignments supported by detailed guidance notes, eLearning for learning of fundamentals, and the online "face-to-face" is for sharing and elaboration by experienced facilitators.

Instructors: Note that instructors delivering the modules remain the same as the onsite training.  They have at least 5 to 30 years of OR and audit-related experience.

International Participation: Another significant change will be the participation of more international delegates compared to the traditional majority of Asian participants.  Be expected to discuss and work as teams from around the world.

Readings: Be expected to have more pre-readings as the objective is to ensure that knowledge that could be acquired via reading should be done outside the training session.  More time is allocated to sharing experiences with the participants and facilitators.

Live Audit: Despite being virtual, there is a balance between knowledge-based acquisition activities, presentations, discussions, exercises and case studies. About two-thirds of the time is spent on activity-based learning. A live audit will be conducted. 

This is the course schedule.  Click the "ORA-5000 Course Schedule" icon to learn more about the "RUNs" for the year. 

Blended Learning is entirely online, Hybrid Learning is Module 1 and 2 online, and Module 3 and 4 onsite.

More Information About Blended Learning Operational Resilience Audit (ORA) Courses

BCM Institute offers two levels of OR auditing courses: ORA-3 Blended Learning ORA-300 Operational Resilience Audit Specialist and the ORA-5 Blended Learning ORA-5000 Operational Resilience Audit Expert.

	Please feel free to send us a note if you have any questions.

ORA-5000 Operational Resilience Audit Expert (ORAE) Training Roadmap

Module 1 

You can attend Module 1, which leads to the Operational Resilience (OR) Certified Planner course, which has the course code BL-OR-2. This course provides you with the knowledge or KNOW competency. 

If you are assigned to audit or review your organisation's OR program, it is highly recommended that you attend both Module 1 and 2, the OR Audit Specialist course, or ORA-3.  Module 2 allows you to have practicums on operationalising the OR framework. 

It gives you an in-depth understanding of the critical OR deliverables required. This course provides you with KNOW-DO competency. 

Description of Module [Day] 1 Course 

You will be introduced to Operational Resilience (OR) Audit Requirements. 

Note that this course is also Module 1 of the Operational Resilience Implementer OR-300 course.

Module 1 defines operational resilience (OR) and provides the participants with a contextual overview of its scope in different operating environments. Key concepts are explained with examples to illustrate. The value of OR in today’s organizations and critical success factors for building resilient organizations are highlighted.

Session Breakdown: What Lies Ahead

As we progress through this course, it's essential to understand the structure and content of each session. Let's break it down to sessions one and 2 of the ORA-300/5000 Module 1.

Module 1 Session 1: We will provide a foundational understanding of operational resilience. You will learn about its nuances and the critical role of regulators in shaping your approach. We'll clarify the distinction between key concepts such as operational risk management, organisational resilience, business continuity management and crisis management.

Module 1 Session 2: Building upon the first session, we'll explore regulatory requirements and how to align your organization with a planning methodology. We'll also explore practical tools and strategies to assist you in this operational resilience endeavour.

Detailed Course Content

Deliverables

• Be competent with the knowledge of operational resilience
• Have a strong understanding of the respective building blocks and methodology to implement your OR program

Course Content for BL-ORA-5

More Information About Blended Learning Operational Resilience Audit (ORA) Courses

BCM Institute offers two levels of OR auditing courses: ORA-3 Blended Learning ORA-300 Operational Resilience Audit Specialist and the ORA-5 Blended Learning ORA-5000 Operational Resilience Audit Expert.

Please feel free to send us a note if you have any questions.

This page aims to assist you in clarifying further doubts you have about attending the ORA-5000 Operational Resilience Audit Expert [ORA-5] Course.

What is included in the course fee?

When you are attending the course, the fee of Singapore Dollar (SGD)

• 3,850 [Blended Learning] or
• 4,150 [Hybrid Learning]

During the course:

• Access to the complete set of soft copy handbooks and templates.
• Note that hard copies of the handbook/ templates are only provided for a classroom-based course.

After the course:

• The award of an ORCP e-certificate (upon completion of module 4 and passing the examination conducted at the end of the course)
• Review of assessments

Not Included (Unless specified to be included in the quotation/ invoice)

• ORAE application processing fees  of Singapore Dollars (SGD) 150

However, note that the ORAE application must be completed within three months from the notification of passing the ORA-5000 course.

An application processing fee of SGD 150 will be payable for the application for ORAE certification.  Please opt for processing fees included in the invoice if you apply for the certification.

Do I have to complete Module 1 first before joining the rest of the Modules?

• 2:00 (pm) Singapore (SG) Time is 11:30 (am) as Mumbai is GMT+5.5 Hours
• 2:00 (pm) Singapore (SG) Time is 10:00 (1m) as Dubai is GMT-4 Hours

• 9:00 (pm) Singapore (SG) Time is 1 pm as London is GMT+0 Hours
• 9:00 (pm) Singapore (SG) Time is 9 am as New York is GMT-12 Hours

What is so special about this course?

What Certificates will I be Receiving Upon Competing in the course?

As the blended learning course ORA-5000 is conducted over eight weeks (elapsed), you will be expected to receive a certificate of completion (COC) and an initial "Operational Resilience Certified Planner" certification on completion of the course.

Learn more by reading about What Certificates I will receive After Completing ORA-5000 (Blended Learning).  After completing the course, You will apply for your specialist or expert-level certification subject to your prior related experience.

Let us know if you need further clarification; we'll gladly help.

Can I attend more than one blended learning course at any given time?

Yes, you can, provided you ensure that the blended learning courses you signed up for do not have clashing schedules.

Pre-Requisites and Certifications

What do I need to do to attend the course?

You would need to make an upfront payment of SGD 3,850. Payment can be made via Paypal, Credit Card, Cheque and Bank/Telegraphic Transfers.

What do I need, in terms of technical specifications, to attend the course?

You need a stable internet connection for the Facilitated Online Workshop and Web Training and Discussion Workshops.

What is the pre-requisite for the course?

There is no pre-requisite for the course. Anyone who has an interest in Operational Resilience Audit is welcome to join.

What certification do I get when I finish the course, and is the certificate awarded the same as the one from a "brick and mortar" course?

You would be awarded the Operational Resilience Certified Planner (ORCP) certificate, the same internationally recognised certificate you would get if you have attended, completed and passed the Qualifying Operational Resilience Certified Audit Expert (ORAE) certificate.

Blended Learning Regulations

Can I only attend the modules I like, or must I complete all components?

No, this is not possible as each modules are linked, and failure to complete each module would not allow you to obtain the internationally recognised Operational Resilience Certified Planner and, eventually, the Operational Resilience Audit Expert (ORAE)*

*See Operational Resilience Audit Expert certification (click icon) prerequisites for details.

What happens if I attend half of the learning and fail to complete the other half within the three weeks given? Do I still get a certificate, or must I re-register and pay to attend the whole course again from Day 1?

Where you stop in your blended learning journey will determine whether you will get a certificate.

For re-registration queries, do contact our friendly course consultants at sales.ap@bcm-institute.org, who would be able to guide you based on your situation.

Can I opt out of blended learning halfway and rejoin a brick-and-mortar class later?

The course is not structured to allow such changes. The only option is if you choose Hybrid Learning, where you can attend Modules 3 and 4 onsite, provided you have completed Modules 1 and 2 online. The course fee is marginally different.

If I already earned and am an ORCP certificate holder, can I do part of the course?

You can only join from Module 2 as the pre-requisite to attend Module 3 and 4 is the completion of Module 2.

More Information About Blended Learning ORA-5000 [BL-ORA-5] or ORA-300 [BL-ORA-3]

Contact our friendly course consultant colleagues to know more about our blended learning program and when the next course is scheduled.

	If you have any questions, click to contact us.