One of the critical steps for the BCM review and audit journey, should you be an external auditor or an internal auditor, is to “speak the same lingo.” In our context, the alignment and correct understanding of each BCM terminology are essential to the successful maintenance of the BCM plan.
What is an Audit?
Audit is the examination of the financial report of an organisation as presented in the annual report by someone independent of that organisation. The purpose of an audit is to form a view on whether the information presented in the financial report, taken as a whole, reflects the financial position of the organisation at a given date.
In the case of a BCM audit, it focuses on compliance with the corporate BCM policy and its implementation of the component. In some cases, the adherence to the ISO22301 BC management system standard for the certification audit.
What is a Management System?
Management system help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives. It is usually aligned to a published ISO - International Organization for Standardization standard. In the context of BCM, it is the ISO22301 business continuity management system or BCMS.
Based on past observations, a major weakness in auditing BCM is due to the lack of a good understanding of the BCM fundamentals by the auditor. Hence, you may find these questions useful to better understand the BCM concepts.
- What Are the Key Terminology You Need to Know for Business Continuity Management (BCM)? Starting with "Six Key Terms Synonymous to "Disruption" You Need to Know for BCM?"
- What Exactly is Business Continuity Management?
- What Are the Key Terminology You Need to Know for Business Continuity Management (BCM)?
- Find out what is "BCMPedia: Business Continuity Management Audit Wikipedia"?
As a good practice, the appointed auditor should start by gathering information from articles, case studies and analyzes of recent development on auditing and reviewing organizations' BCM program and ISO management system, both inside and outside of your industry. The key is to identify best-practice recommendations and any common pitfalls.
Read some of the BCM audit articles that are available on our LinkedIn Showcase (BCMS Audit).
Globally at your home location, there are related courses specific to business continuity management. If you find it useful, you may want to take a look at the BCM Institute's series of specialized BCM courses. The quick question is: "Do I have the necessary skillset and know-how to do this job?" "What do I "not know"?" and "How Do I Start My BCM Learning Journey?"
The institute has competency-based training leading to professional certification. You may want to review the following BCM courses to determine the relevancy to your roles and prior knowledge?
[Course Code: BCM-8530] Do you need to fast track the learning process? Have the highest level of credentials to audit and certify a company for its ISO 22301 BCMS? You may want to Attend Advanced Level BCM-8530 Course: ISO 22301 Business Continuity Management System Lead Auditor. Read more about Becoming An Expert Level Business Continuity Auditor or ISO 22301 Management System Lead Auditor.
[Course Code: BCM-8030] Meanwhile, if you have decided to increase your BCM Audit knowledge and skill set, completing your BCM-8030 course without a day of actual auditing practice may be sufficient, you will be asking yourself how you are just "Becoming A Competent Business Continuity Management Auditor."
Interestingly, one common question you are about to ask is "What Are The Differences Between An Auditor and A Lead Auditor Course?"
For those who are experienced and are seeking to progress in your career, it is timely that you review and develop your learning road map that will accelerate both your knowledge, skill set and most important, your career.
Here are some of the related courses to be considered. Take stock by reviewing "What is My BCM Competency Level?". It is essential for you to know where you are in the "Know-Do-Manage" and where you aspire to reach or is required by the current BCM role.
So What Exactly Is Your BCM Role?
However, if you are already the BCM Manager, what are the other roles within the BCM organisation? So find our the respective roles in "Business Continuity Management: What is My Role?"
Here are some of the four key and related roles to be considered:
BCM Manager: 
Business Unit BCM Coordinator: What Does My Business Unit BCM Coordinator Need to Improve Their BCM Competency and Skill?
Recovery Team and Staff Members: How Do I Prepare and Train The Rest of My Organisation Staff Members on BCM?
Senior Management: What BCM Competency and Skill Should My Senior Management Have?
Business Continuity Management Certification provides you with the necessary verification that you have the knowledge and also the necessary experience to implement or manage the audit program.
The types of audit certification includes: BCCA and BCCLA.
To elaborate on the requirement to attain your certification, you can find more information at "How to Obtain Your BCM Certification?"
The institute has published a specialized BCM book called "A Manager’s Guide to Auditing and Reviewing Your Business Continuity Management Program". You may want to get a copy of this book from the BCM Institute's store.
This book will provide an overview on how a BCM framework is developed. The content is to advise the reader on the approach to implement the ISO 22301:2012 framework, principles and methodologies. Using the PDCA component as spell out in the ISO Standard, this book provides a clear explanation of the standard and details on the “How-to” aspect in implementing your BCM program, plans and procedures. It also guides BCM professionals new to ISO to implement and achieve its Business Continuity Management System or BCMS. ISBN: 978-981-07-2512-9
Other Useful References
A list of the other references can be found in "What Are BCM References That Is Useful?"
There is no funding from the Singapore government.
