Audit Services of DRBCM Associates Pte Ltd
The BCM System that had been implemented needs to be audited for conformity against the international BCM standards – “ISO22301: 2012 Societal Security – Business Continuity Management Systems – Requirements” – and against any other regulatory or internal requirements set by the headquarters. This audit process is to be carried out on a regular basis (usually once a year) and any non-conformities need to be addressed and signed off by the management of the organization and in some situations, depending on the corporate compliance framework in the country the organization is domiciled in, reported to the annual general meeting in the form of a risk undertaking.
Audits may also be required to be carried out whenever there are any major changes to the BCM System so as to ensure that the system is still able to address the business continuity needs of the “new” organization; examples of these – after a major reshuffle of the staffs, a restructuring of the organization, a merger or acquisition had taken place and the new management is looking to introduce a new vision, policies, directions, etc.
Generally the audit findings will be categorised into three groups: (1) Major NC (Non-Conformity); (2) Minor NC ; (3) Areas for Improvement (AFI) (also termed Opportunities For Improvement (OFI)). Major NC points could lead to an immediate failure in the audit while a minor NC may warrant remedial actions to be taken over an agreed period of time.
The person performing the audit of the BCMS need to be well versed with the BCM processes and preferably be trained as an auditor. However, there may be organisations that, due to the nature of business and the limited resources available, may not have readily available audit resources internally to carry out the audit; for such clients, we would love to have a chat with you to offer you our BCM audit services as a first-party auditor.