COURSE OBJECTIVES FOR ISO22301-2019 Internal_Audit
Incidents can disrupt an organization at any time and applying BCM Strategies will ensure that organizations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-related accidents and environmental incidents. However, most incidents are small but can have a significant impact and that makes business continuity management relevant at all times. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and disruptive incidents.
This course gives a brief introduction and overview to the requirements of ISO 22301:2019 BCM and its related business control processes. This would involve the Internal Audit process using the risk based auditing methodology. To enable this, participants shall be exposed to the ISO 31000 and ISO 9001:2015 requirements of risk management and a risk based Quality Management System. The main emphasis of this course is to provide the knowledge and skills for participants, so they can appreciate and embrace the implementation and internal auditing skills of this Management System in their Organization.
HOW WILL I BENEFITS
- Protect your organization before, during and after disruptions
- Have confidence that your business continuity management system is effective
- Employee and customer confidence in achieving ISO 22301 certification
- Improved reputation with compliance / certification to an international standard
WHAT WILL I LEARN
- Understand business continuity management best practice
- Understand the requirements of an effective internal audit system and plan.
- Understand the importance of risk based auditing as opposed to the conventional auditing methodology.
- Design, plan and implement your own business continuity management system
- Create business continuity polices, objectives and processes
- Understand how to meet ISO 22301 requirements and prepare for compliance / certification.
COURSE CONTENT
- Introduction and background to Business Continuity Management
- The fundamentals of Societal Security – Business Continuity Management System, and overview of the ISO 22301:2012 requirements
- Scope of Business Continuity Management Systems (BCMS)
- Compliance Framework to Manage Assets (People & Property)
- Legal
- Standard
- Best Practise
- Management Model
- Leadership
- Competency
- Communication
- Awareness
- Reviewing the Plan-Do-Check-Act (PDCA) Model
- Overview of Operations
- Business Continuity Strategy
- Business Continuity Procedures
- Exercising and Testing
- Internal Audit and Business Impact Analysis
- How to conduct risk assessment and its impact on business (ISO 31000 & ISO 9001:2015)
- Internal Audit guidelines
- Internal audit implementation: fieldwork guidelines
- Information gathered by internal auditors
- 4 qualities of information
- Sources and nature of information
- Assessing the degree of persuasiveness
- Information gathered by internal auditors
-
- Types of engagement procedures
- Internal audit test tools
- Observation
- Interviewing: a disliked technique
- Interviewing skills: how to run a successful interview
- Role play: internal auditor in action
- Examining records
- Verification and confirmations
- Vouching and tracing
- Re-performing
- Types of engagement procedures
-
-
- Internal audit working papers
- Best practices for managing working papers
- Retention policies
- Internal audit working papers
-
-
-
- Communicating fieldwork results and recommendations
- Legal considerations for communicating results
- 4 attributes of an observation or recommendation
- Disseminating results and exit meetings
- Communicating fieldwork results and recommendations
-
- The fieldwork: risk-based auditing
- Defining management assertions
- Risk assessment process
- Reason for risk based audit planning
- Evaluating risks
- Techniques to identify the auditable units
- Criteria for selecting auditable units
- Scoring and weighing risks
- Prioritizing risk and developing audit plan
- Methods to generate list of risks
- Identifying entity level controls to mitigate risks
- Broad definition for types of controls
- Essential components of effective internal control system: ‘COSO’ model
- Criteria for unsatisfactory rating for control components
- Methods to generate list of controls
- Insights on flowcharting for understanding cycles and controls
- Testing of internal controls
- Design and implementation of an internal control
- Operating effectiveness of an internal control
-
- Audit results communication
-
-
- Executive Summary with severity and explanation
- Action Plan Priority
- Presentation Skills
- Communication Skills
- Critical Communication
-