Audit

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to: navigation, search
1. (BCM) Audit is an independent examination of an organization's BCM plans, procedures, documentation so as to assess compliance with specifications, standards, contractual agreements, or other criteria.

Notes (1): An example is a Business Continuity Management (BCM) audit, it is seen as a method by which procedures and documentation are measured against pre-agreed (BCM) standards.

Notes (2): There are three types of audits: First Party Audits are internal audits. Second Party Audits and Third Party Audits are external audits.

Final Audit Report - Business Continuity Planning
BCM Institute.jpg


BCMBoK Competency Level
BCMBoK 7: Program Management CL 2A: Intermediate (Audit)





 
A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program (2009)

Courses: ISO 22301 BCMS Audit

Courses: BCM Certification

(Source: Business Continuity Management Institute - BCM Institute)

2. Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

Notes (1): An audit may be an internal audit (first party) or an external audit (second party or third party), and it may be a combined audit (combining two or more disciplines).

Notes (2): "Audit evidence” and “audit criteria” are defined in ISO 19011.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.2

3. Systematic examination to determine whether activities and related results conform to planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organization’s policy and objectives.

(Source: AE/HSC/NCEMA 7000:2012)

4. Audit is a systematic examination to determine whether activities and related results conform to planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organization's policy and objectives

(Source: ISO19011: 2002 Guidelines for quality and/or environmental management systems auditing, clause 3.1)

5. Audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled

(Source: ISO19011: 2002 Guidelines for quality and/or environmental management systems auditing, clause 3.1)

6. The process by which procedures and/or documentation are measured against pre-agreed standards.

(Source: Business Continuity Institute - BCI)

7. The process by which procedures and/or documentation are measured against pre-agreed standards.

(Source: Australia. A Practitioner's Guide to Business Continuity Management HB292 - 2006 )

 

Related Links