SlideShare ist ein Scribd-Unternehmen logo

Standardised Audit Program Risk Analysis Review

Als XLSX, PDF herunterladen
BCM Institute
BCM Institute
1 von 16
Standardised Audit Program Risk Analysis and Review Clause Component Yes No Are internal and external risk events and impacts Policies / 1 identified and reviewed by all business units and 5.1 Processes their operational processes? How is this done and are records available for 2 5.1 / 5.2.2 Policies audit ? Are both qualitative and quantitative impacts 3 5.1 Policies evaluated ? Records available ? Is procedure for identification of external and 4 5.2 Policies operational risks established and available ? Has the BCM committee reviewed the findings and 5 recommendations of risk analysis efforts? Selected 5.2.1 Policies appropriate cost effective treatment? How are identified risks treated and are they 6 5.2.3 Policies documented ? Is list of potential disasters established and what is 7 5.2.4 Policies selected as the most probable disaster ? Is risk analysis carried out consistently across all 8 business units ? Are records of analysis available 5.2.5 Policies for all business units ? Are people involved or responsible for risk analysis 9 competence ? Are training records available for 5.2.6 Policies / People these training conducted ? Are roles and skills of essential staff and external 10 parties needed identified, established and 5.4.2 People documented ? Has risk review and anaysis been performed on 11 critical equipment and facilities? Are there 5.5 Infrastructure available risk treatments for all identified risks? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 1 2/23/2011
Standardised Audit Program Risk Analysis and Review Clause Component Yes No copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 2 2/23/2011
Standardised Audit Program Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 3 2/23/2011
Standardised Audit Program Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 4 2/23/2011
Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 Was the BIA process completed ? 6 Was the BIA conducted on a periodic 2 and systematic basis ? i.e. pre- 6.1 determined frequency? Are there any business or technology 3 changes that require a review of the 6.1 BIA ? Are there policies to govern assessment of losses due to 4 6.2 Policies interruptions to business operations or processes ? Is the MBCO of the organization 5 clearly stated and documented by the 6.2.1 Policies Exe Mgt? How is the MBCO clearly defined and 6 6.2.1 Policies approved by the Exe Mgt ? Are there any significant internal or external changes especially for legal or 7 6.2.1 Policies contractual requirement that requires a review of the MBCO ? 8 Is there a BCM Steering committee ? 6.2.2 Policies Is there a list for review of potential 9 threats and risks for each business 6.2.2 Policies unit for the BCM Steering committee ? Is the list reviewed by the BCM 10 6.2.2 Policies Steering committee ? Is the list of CBF produced and 11 6.2.2 Policies priortised by the Committee? Is the list of CBF the decision of the 12 6.2.2 Policies Committee ? Are there any discrepancies of the 13 CBF between the Business Unit Head 6.2.2 Policies and the BC team ? 14 Has the CBF been prioritized ? 6.2.2 Policies copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 5 2/23/2011
Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is the prioritized list reviewed and 15 approved by the BCM Steering 6.2.2 Policies committee ? Has the recovery prioritization of CBF 16 been done in conjunction with 6.2.2 Policies allocation of resources ? Are there policies to ensure that the 17 MBCO comply with legal and 6.2.3 Policies regulatory requirements ? What is the expertise level of 18 6.2.4 Policies personnel undertaking the BIA ? 19 Does the CBFs support the MBCO ? 6.2.4 Policies What considerations are the priority for 20 analyzing the impact of risk on CBFs ? 6.2.5 Policies Establish and approve the recovery 21 6.2.5 Policies priority with the allocation of resource Is workplace safety and health 22 considerations considered in the 6.2.5 Policies prioritization of the CBFs Are legal and regulatory requirements 23 considered in the prioritization of CBFs 6.2.5 Policies Are quantitative or qualitative impacts 24 considered for the CBF's impact of 6.2.5 Policies risk? Are there processes established to 25 identify different disruptions to the 6.3 Processes business operations and functions ? 26 Are all the individual BU identified by: 6.3.1 Processes Name and description? Processes employed? Supporting systems? Special skills and expertise required? Resource requirements? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 6 2/23/2011
Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Are the operational constraints of each 28 6.3.1.1 Processes Business Unit CBFs provided ? Has each BU identify the minimum level of services that must be provided 29 6.3.1.2 Processes to support the organisation 's MCBO Has an assessment of CBFs been 30 6.3.2 Processes done ? Has inter-dependencies been 31 identified for internal and external 6.3.2.1 Processes parties ? Has alternate process been examined 32 6.3.2.2 Processes and documented? Has the documentation done for all the 33 CBF and processes? I.e. SOP, 6.3.2.3 Processes flowcharts, manuals. Have each CBF RTO and RPO been 34 6.3.3 Processes determined ? Are the following areas considered in establishment the CBF priorities? Potential loss impact? Parallels and interdependencies? RTO/RPO? Have the processes for the identification, categorisation and 35 6.3.5 Processes prioritisation of vital records been established for each CBF process? Are the processes for data collection 36 6.3.6 Processes for the BIA phase kept ? Have key personnel been identified for 37 the participation in the Business 6.4 People impact analysis? Are the probable impacts on existing 38 infrastructure identified and assessed? 6.5 Infrastructure copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 7 2/23/2011
Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Are the facilities required for each CBF identified? Have the Key personnel participated 39 6.5 Infrastructure and consulted on the BIA? Has an IT inventory for the CBFs 40 6.5.1 Infrastructure completed ? Is the available BC IT inventory able to 41 6.5.1 Infrastructure support the MBCO ? Are the facilities required to support 42 6.5.2 Infrastructure each CBF identified? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 8 2/23/2011
Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 What is the scope for Recovery Strategy? 7.1 Scope What are the policies guiding the evaluation of 2 7.2 Policies recovery strategies? Does the BCM Steering committee review and BCM Steering 3 7.2.1 approve recommended BCM strategies? Committee Does the BCM Steering committee formulate the BCM Steering 4 organisational recovery strategy based on probable 7.2.1 Committee disasters and CBFs? Was the strategy formulated based on risks faced by CBFs from one or a combination of the following: a. Revert to alternate processing capability; b. Arrange reciprocal arrangements, e.g. with another organization in the same industry; c. Establish alternate site or business facility; Strategy 5 7.2.2 d. Arrange for alternate source of supply, e.g. of Formulation raw materials; e. Outsource to external vendor(s); f. Transfer of operation(s) to subsidiary business units; g. Rebuild from scratch after disaster; h. Do not take any action. Is a set of guidelines established to guide the Strategy 6 7.2.2 decision making process for the above strategy? Formulation copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 9 2/23/2011
Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Does the BCM steering committee undertake the following set of activities based on the feedback from business units with CBFs? a. deliberate on the recovery strategies for various 7 7.3 Processes CBFs and formulate an organisational recovery strategy in conjuction with probable disasters; and b. consolidate recovery requirements based on the organisational recovery strategy into contract specifications Are there processes for a given recovery strategy to determine the following requirements: a. Skill set required by supporting staff; Recovery 8 b. Technology and equipment; 7.3.1 Strategy c. Facilities; Requirements d. Off-site storage and alternate site(s); and e. Alternate processing capabilities. Recovery Were the non-tecnology continuity issues for each 9 7.3.1 Strategy support service of CBFs reviewed? Requirements Recovery Does a set of criteria have been established to Strategy 10 guide the evaluation of the appropriate recovery 7.3.2 Evaluation strategy for each CBF? Criteria copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 10 2/23/2011
Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Does the organisation have adequate number of 11 staff with relevant skill set to support the 7.4 People organisational recovery strategy? Does the alternate infrastructure have been 12 examined if the existing infrastructure is indaquate 7.4 People to support the recovery strategy? Does the organisation capable of providing the 13 necessary infrastructure to support the 7.5 Infrastructure organisational recovery strategy? Is there a review of existing technology and Technology and 14 7.5.1 equipment? equipment Does a list of technical specifications for the Technology and 15 7.5.1 technology and equipment have been specified? equipment 16 Have the existing facilities been reviewed? 7.5.2 Facilities Does deliberation on the facilities used to support alternate processing include the following considerations: Alternate 17 a. Acquisitions; 7.5.2.1 Processing b. Mutual agreement; c. Outsource to external vendors; and d. Manual workarounds Does the criteria to guide the selection process of Alternate 18 alternate processing vendors have been 7.5.2.2 facilities established? outsourcing 19 20 21 22 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 11 2/23/2011
Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 23 24 25 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 12 2/23/2011
Standardised Audit Program BC Plan Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is policy and process established and documented 1 8.2 Policies to govern the development of BC plans ? Is the BC Plan, and subsequent changes, reviewed 2 8.2.1 Policies and approved by the BCM Steering Committee? Is an Emergency Operations Centre set up and 3 associated conditions for operation and closure 8.2.2 Policies established and the head appointed ? Is policy governing emergency response and the 8.2.5 / 4 priority for actions to be carried out established Policies 8.2.6 and documented ? Are formal processes established for each component of the BC plan to determine their requirements? 5 1) Pre-incident preparation 8.3 Processes 2) Initial damage assessment … 13) BC plan distribution and control Who are the people in the BCM Steering Committee? Are roles and responsibilities established and documented including : 6 8.4.2 ) BCM Coordinator 8.4 People .. .. 8.4.8) Damage assessment team (DAT ) Is procedure established to manage appropriate 8.4.9 / 7 medical attention, assembly area and personnel People 8.4.10 safety ? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 13 2/23/2011
Standardised Audit Program BC Plan Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is contact list for key personnel drawn up and 8 8.4.11 People maintained ? Does the BC plan address the requirements needed to operate and maintain all the 9 infrastructure componenets to ensure that CBFs 8.5 Infrastructure can continue within the planned levels of disruption? Are critical and general equipment / supplies as 10 well as communication requirements established 8.5.1 Infrastructure and documented ? Are EOC as well as alternate site requirements 11 8.5.2 Infrastructure identified and documented ? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 14 2/23/2011
Standardised Audit Program Testing and Exercising Clause Component Yes No Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 15 2/23/2011
Standardised Audit Program Progamme Management Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 16 2/23/2011

Empfohlen

Sexton_Jay_MPM357_IP5
Sexton_Jay_MPM357_IP5Sexton_Jay_MPM357_IP5
Sexton_Jay_MPM357_IP5Jay T Sexton
 
D081073[1]
D081073[1]D081073[1]
D081073[1]John Ortiz, MSM, CISSP
 
Question Summary Of Responses
Question Summary Of ResponsesQuestion Summary Of Responses
Question Summary Of Responseslegal5
 
Road map to cmm
Road map to cmmRoad map to cmm
Road map to cmmNaveed Khan
 
Question Summary Of Responses 1
Question Summary Of Responses 1Question Summary Of Responses 1
Question Summary Of Responses 1legal5
 
Software measures and the capability maturity model 1992, john h. baumert (...
Software measures and the capability maturity model 1992, john h. baumert (...Software measures and the capability maturity model 1992, john h. baumert (...
Software measures and the capability maturity model 1992, john h. baumert (...Ngoc Han Truong
 
Best Practices in Medical Device Auditing
Best Practices in Medical Device AuditingBest Practices in Medical Device Auditing
Best Practices in Medical Device AuditingJoe Hage
 
Iso 9001 understanding rev3
Iso 9001 understanding rev3Iso 9001 understanding rev3
Iso 9001 understanding rev3jlcadarian
 

Empfohlen

Sexton_Jay_MPM357_IP5
Sexton_Jay_MPM357_IP5Sexton_Jay_MPM357_IP5
Sexton_Jay_MPM357_IP5Jay T Sexton
 
D081073[1]
D081073[1]D081073[1]
D081073[1]John Ortiz, MSM, CISSP
 
Question Summary Of Responses
Question Summary Of ResponsesQuestion Summary Of Responses
Question Summary Of Responseslegal5
 
Road map to cmm
Road map to cmmRoad map to cmm
Road map to cmmNaveed Khan
 
Question Summary Of Responses 1
Question Summary Of Responses 1Question Summary Of Responses 1
Question Summary Of Responses 1legal5
 
Software measures and the capability maturity model 1992, john h. baumert (...
Software measures and the capability maturity model 1992, john h. baumert (...Software measures and the capability maturity model 1992, john h. baumert (...
Software measures and the capability maturity model 1992, john h. baumert (...Ngoc Han Truong
 
Best Practices in Medical Device Auditing
Best Practices in Medical Device AuditingBest Practices in Medical Device Auditing
Best Practices in Medical Device AuditingJoe Hage
 
Iso 9001 understanding rev3
Iso 9001 understanding rev3Iso 9001 understanding rev3
Iso 9001 understanding rev3jlcadarian
 
Babok Requirement Life Cycle Management
Babok Requirement Life Cycle ManagementBabok Requirement Life Cycle Management
Babok Requirement Life Cycle ManagementMayur Nanotkar
 
IIE Call For Paper
IIE Call For PaperIIE Call For Paper
IIE Call For Papermdmilward
 
Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1William Garvey and Associates
 
57086 08 closing_a_project
57086 08 closing_a_project57086 08 closing_a_project
57086 08 closing_a_projectEngineering Department
 
Process Certification Implementation Presentation
Process Certification Implementation PresentationProcess Certification Implementation Presentation
Process Certification Implementation Presentationmdmilward
 
Pmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questionsPmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questionsOlgaZelenina2
 
Project Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project ManagerProject Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project ManagerTerry Hall, PMP
 
Project Change Management-Pankaj K Sinha
Project Change Management-Pankaj K SinhaProject Change Management-Pankaj K Sinha
Project Change Management-Pankaj K SinhaPankaj K Sinha
 
PMP - Process 42 Chart Matrix
PMP - Process 42 Chart MatrixPMP - Process 42 Chart Matrix
PMP - Process 42 Chart Matrixgijoeusa
 
Cmmi svc july 2011
Cmmi svc july 2011Cmmi svc july 2011
Cmmi svc july 2011Jorge Boria
 
0569 project management-beenish
0569 project management-beenish0569 project management-beenish
0569 project management-beenishdfhf hfghf
 
Audit plan and program
Audit plan and programAudit plan and program
Audit plan and programcasahiljain1992
 
External audit plan
External audit planExternal audit plan
External audit planaleja234
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Audit Planning
Audit PlanningAudit Planning
Audit PlanningRam Kumar Maharjan
 
Audit planning
Audit planningAudit planning
Audit planningRichard Clarke Academy
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
Project-Review-Checklist.docx
Project-Review-Checklist.docxProject-Review-Checklist.docx
Project-Review-Checklist.docxAddisu15
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNA Putra
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
27ian2011 silensec
27ian2011 silensec27ian2011 silensec
27ian2011 silensecAgora Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

Babok Requirement Life Cycle Management
Babok Requirement Life Cycle ManagementBabok Requirement Life Cycle Management
Babok Requirement Life Cycle ManagementMayur Nanotkar
 
IIE Call For Paper
IIE Call For PaperIIE Call For Paper
IIE Call For Papermdmilward
 
Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1William Garvey and Associates
 
Process Certification Implementation Presentation
Process Certification Implementation PresentationProcess Certification Implementation Presentation
Process Certification Implementation Presentationmdmilward
 
Pmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questionsPmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questionsOlgaZelenina2
 
Project Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project ManagerProject Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project ManagerTerry Hall, PMP
 
Project Change Management-Pankaj K Sinha
Project Change Management-Pankaj K SinhaProject Change Management-Pankaj K Sinha
Project Change Management-Pankaj K SinhaPankaj K Sinha
 
PMP - Process 42 Chart Matrix
PMP - Process 42 Chart MatrixPMP - Process 42 Chart Matrix
PMP - Process 42 Chart Matrixgijoeusa
 
Cmmi svc july 2011
Cmmi svc july 2011Cmmi svc july 2011
Cmmi svc july 2011Jorge Boria
 
0569 project management-beenish
0569 project management-beenish0569 project management-beenish
0569 project management-beenishdfhf hfghf
 

Was ist angesagt? (11)

Babok Requirement Life Cycle Management
Babok Requirement Life Cycle ManagementBabok Requirement Life Cycle Management
Babok Requirement Life Cycle Management
 
IIE Call For Paper
IIE Call For PaperIIE Call For Paper
IIE Call For Paper
 
Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1Essentials of Validation Project Management - Part 1
Essentials of Validation Project Management - Part 1
 
57086 08 closing_a_project
57086 08 closing_a_project57086 08 closing_a_project
57086 08 closing_a_project
 
Process Certification Implementation Presentation
Process Certification Implementation PresentationProcess Certification Implementation Presentation
Process Certification Implementation Presentation
 
Pmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questionsPmbok 6th edition_practice_questions
Pmbok 6th edition_practice_questions
 
Project Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project ManagerProject Management Case Studies Terry Hall, Project Manager
Project Management Case Studies Terry Hall, Project Manager
 
Project Change Management-Pankaj K Sinha
Project Change Management-Pankaj K SinhaProject Change Management-Pankaj K Sinha
Project Change Management-Pankaj K Sinha
 
PMP - Process 42 Chart Matrix
PMP - Process 42 Chart MatrixPMP - Process 42 Chart Matrix
PMP - Process 42 Chart Matrix
 
Cmmi svc july 2011
Cmmi svc july 2011Cmmi svc july 2011
Cmmi svc july 2011
 
0569 project management-beenish
0569 project management-beenish0569 project management-beenish
0569 project management-beenish
 

Andere mochten auch

External audit plan
External audit planExternal audit plan
External audit planaleja234
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 

Andere mochten auch (7)

Audit plan and program
Audit plan and programAudit plan and program
Audit plan and program
 
External audit plan
External audit planExternal audit plan
External audit plan
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
 
Audit Planning
Audit PlanningAudit Planning
Audit Planning
 
Audit planning
Audit planningAudit planning
Audit planning
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks Procedures
 

Ähnlich wie Standardised Audit Program Risk Analysis Review

Project-Review-Checklist.docx
Project-Review-Checklist.docxProject-Review-Checklist.docx
Project-Review-Checklist.docxAddisu15
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNA Putra
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
27ian2011 silensec
27ian2011 silensec27ian2011 silensec
27ian2011 silensecAgora Group
 
Addendum 1 to iso presentation
Addendum 1 to iso presentationAddendum 1 to iso presentation
Addendum 1 to iso presentationC P Chandrasekaran
 
BCMS Audit Report【My Continuous Learning】
BCMS Audit Report【My Continuous Learning】BCMS Audit Report【My Continuous Learning】
BCMS Audit Report【My Continuous Learning】Jerimi Soma
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditingPECB
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Aviva Spectrum™
 
Meeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanMeeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanPlanet Technologies
 
IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008Antonello Dessanti
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
F 3 audit & gap analysis checklist
F 3 audit & gap analysis checklistF 3 audit & gap analysis checklist
F 3 audit & gap analysis checklistTRUNG HUYNH
 
How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?Abdul Naseer
 
_Audit_Questionnaire_ISO9001_EN_.docx
_Audit_Questionnaire_ISO9001_EN_.docx_Audit_Questionnaire_ISO9001_EN_.docx
_Audit_Questionnaire_ISO9001_EN_.docxAhmedMogawer1
 
How to implement an effective fmea process
How to implement an effective fmea processHow to implement an effective fmea process
How to implement an effective fmea processASQ Reliability Division
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
 
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdf
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdfIFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdf
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdfDeparted Moon
 
ISO 45001 audit checklist .pdf
ISO 45001 audit checklist .pdfISO 45001 audit checklist .pdf
ISO 45001 audit checklist .pdfraj kumar singh
 

Ähnlich wie Standardised Audit Program Risk Analysis Review (20)

Project-Review-Checklist.docx
Project-Review-Checklist.docxProject-Review-Checklist.docx
Project-Review-Checklist.docx
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap Guide
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap Guide
 
27ian2011 silensec
27ian2011 silensec27ian2011 silensec
27ian2011 silensec
 
Addendum 1 to iso presentation
Addendum 1 to iso presentationAddendum 1 to iso presentation
Addendum 1 to iso presentation
 
Checklist ISO 15378
Checklist ISO 15378Checklist ISO 15378
Checklist ISO 15378
 
BCMS Audit Report【My Continuous Learning】
BCMS Audit Report【My Continuous Learning】BCMS Audit Report【My Continuous Learning】
BCMS Audit Report【My Continuous Learning】
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditing
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
 
Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013Top 5 Pitfalls to Avoid Implemeting COSO 2013
Top 5 Pitfalls to Avoid Implemeting COSO 2013
 
Meeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point PlanMeeting the Challenge of Vivek Kundra's 25 Point Plan
Meeting the Challenge of Vivek Kundra's 25 Point Plan
 
IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
F 3 audit & gap analysis checklist
F 3 audit & gap analysis checklistF 3 audit & gap analysis checklist
F 3 audit & gap analysis checklist
 
How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?
 
_Audit_Questionnaire_ISO9001_EN_.docx
_Audit_Questionnaire_ISO9001_EN_.docx_Audit_Questionnaire_ISO9001_EN_.docx
_Audit_Questionnaire_ISO9001_EN_.docx
 
How to implement an effective fmea process
How to implement an effective fmea processHow to implement an effective fmea process
How to implement an effective fmea process
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdf
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdfIFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdf
IFC+Guidelines+for+Coaching+on+Food+Safety_ENG.pdf
 
ISO 45001 audit checklist .pdf
ISO 45001 audit checklist .pdfISO 45001 audit checklist .pdf
ISO 45001 audit checklist .pdf
 

Mehr von BCM Institute

Business Continuity and Resilience: What Lies in the Future and What Steps Ca...
Business Continuity and Resilience: What Lies in the Future and What Steps Ca...Business Continuity and Resilience: What Lies in the Future and What Steps Ca...
Business Continuity and Resilience: What Lies in the Future and What Steps Ca...BCM Institute
 
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...Enterprise Risk Management and Business Continuity: How Can They Work Togethe...
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...BCM Institute
 
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...BCM Institute
 
Operational and Business Continuity Management Strategy for Multi-type Nation...
Operational and Business Continuity Management Strategy for Multi-type Nation...Operational and Business Continuity Management Strategy for Multi-type Nation...
Operational and Business Continuity Management Strategy for Multi-type Nation...BCM Institute
 
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...BCM Institute
 
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...BCM Institute
 
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...BCM Institute
 
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...Experience Sharing - Risk Management, Crisis Management & BCM In An Education...
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...BCM Institute
 
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...BCM Institute
 
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...BCM Institute
 
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...BCM Institute
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...BCM Institute
 
BCM Institute Course Schedule 2016
BCM Institute Course Schedule 2016BCM Institute Course Schedule 2016
BCM Institute Course Schedule 2016BCM Institute
 
Deploying A Crisis Management and Business Continuity Approach to Product Tam...
Deploying A Crisis Management and Business Continuity Approach to Product Tam...Deploying A Crisis Management and Business Continuity Approach to Product Tam...
Deploying A Crisis Management and Business Continuity Approach to Product Tam...BCM Institute
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...BCM Institute
 
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...BCM Institute
 
Certified Crisis Management Professional Programme Brochure
Certified Crisis Management Professional Programme Brochure Certified Crisis Management Professional Programme Brochure
Certified Crisis Management Professional Programme Brochure BCM Institute
 
BCM Institute Malaysia Course Schedule 2015
BCM Institute Malaysia Course Schedule 2015 BCM Institute Malaysia Course Schedule 2015
BCM Institute Malaysia Course Schedule 2015 BCM Institute
 
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...BCM Institute
 

Mehr von BCM Institute (20)

Business Continuity and Resilience: What Lies in the Future and What Steps Ca...
Business Continuity and Resilience: What Lies in the Future and What Steps Ca...Business Continuity and Resilience: What Lies in the Future and What Steps Ca...
Business Continuity and Resilience: What Lies in the Future and What Steps Ca...
 
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...Enterprise Risk Management and Business Continuity: How Can They Work Togethe...
Enterprise Risk Management and Business Continuity: How Can They Work Togethe...
 
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...
Winning Over The Challenges of Implementing BCM in a BPO by Jeremias Astrero,...
 
Operational and Business Continuity Management Strategy for Multi-type Nation...
Operational and Business Continuity Management Strategy for Multi-type Nation...Operational and Business Continuity Management Strategy for Multi-type Nation...
Operational and Business Continuity Management Strategy for Multi-type Nation...
 
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...
Business Continuity Management in Healthcare by Dexter Chia, Director, GCOO's...
 
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...
Does Your BCP Need A BCP - Outsourcing Business Continuity by Irene Lye, Ente...
 
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...
The Evolving Role of BCM and its Importance in Any Industries by Dr Goh Moh H...
 
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...Experience Sharing - Risk Management, Crisis Management & BCM In An Education...
Experience Sharing - Risk Management, Crisis Management & BCM In An Education...
 
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...
Planning For The Haze by Jeremy Wong, , Senior Vice President of GMH Continui...
 
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
Challenges, Opportunities and Trends for BCM Profession by Dr Goh Moh Heng, P...
 
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...
DR Plan Implementation Experience: A Government Agency's Perspective by Inthr...
 
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
Navigating The Path To BCM Excellence by Dr Suhazimah Dzazali, Deputy Directo...
 
BCM Institute Course Schedule 2016
BCM Institute Course Schedule 2016BCM Institute Course Schedule 2016
BCM Institute Course Schedule 2016
 
Deploying A Crisis Management and Business Continuity Approach to Product Tam...
Deploying A Crisis Management and Business Continuity Approach to Product Tam...Deploying A Crisis Management and Business Continuity Approach to Product Tam...
Deploying A Crisis Management and Business Continuity Approach to Product Tam...
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...
Considerations for Developing Your Organisation’s Pandemic Plan by Jeremy Won...
 
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...
Pandemics & Infectious Diseases: Stepping Up Your Business Continuity Prepare...
 
Certified Crisis Management Professional Programme Brochure
Certified Crisis Management Professional Programme Brochure Certified Crisis Management Professional Programme Brochure
Certified Crisis Management Professional Programme Brochure
 
BCM Institute Malaysia Course Schedule 2015
BCM Institute Malaysia Course Schedule 2015 BCM Institute Malaysia Course Schedule 2015
BCM Institute Malaysia Course Schedule 2015
 
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...
 

Standardised Audit Program Risk Analysis Review

  • 1. Standardised Audit Program Risk Analysis and Review Clause Component Yes No Are internal and external risk events and impacts Policies / 1 identified and reviewed by all business units and 5.1 Processes their operational processes? How is this done and are records available for 2 5.1 / 5.2.2 Policies audit ? Are both qualitative and quantitative impacts 3 5.1 Policies evaluated ? Records available ? Is procedure for identification of external and 4 5.2 Policies operational risks established and available ? Has the BCM committee reviewed the findings and 5 recommendations of risk analysis efforts? Selected 5.2.1 Policies appropriate cost effective treatment? How are identified risks treated and are they 6 5.2.3 Policies documented ? Is list of potential disasters established and what is 7 5.2.4 Policies selected as the most probable disaster ? Is risk analysis carried out consistently across all 8 business units ? Are records of analysis available 5.2.5 Policies for all business units ? Are people involved or responsible for risk analysis 9 competence ? Are training records available for 5.2.6 Policies / People these training conducted ? Are roles and skills of essential staff and external 10 parties needed identified, established and 5.4.2 People documented ? Has risk review and anaysis been performed on 11 critical equipment and facilities? Are there 5.5 Infrastructure available risk treatments for all identified risks? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 1 2/23/2011
  • 2. Standardised Audit Program Risk Analysis and Review Clause Component Yes No copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 2 2/23/2011
  • 3. Standardised Audit Program Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 3 2/23/2011
  • 4. Standardised Audit Program Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 4 2/23/2011
  • 5. Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 Was the BIA process completed ? 6 Was the BIA conducted on a periodic 2 and systematic basis ? i.e. pre- 6.1 determined frequency? Are there any business or technology 3 changes that require a review of the 6.1 BIA ? Are there policies to govern assessment of losses due to 4 6.2 Policies interruptions to business operations or processes ? Is the MBCO of the organization 5 clearly stated and documented by the 6.2.1 Policies Exe Mgt? How is the MBCO clearly defined and 6 6.2.1 Policies approved by the Exe Mgt ? Are there any significant internal or external changes especially for legal or 7 6.2.1 Policies contractual requirement that requires a review of the MBCO ? 8 Is there a BCM Steering committee ? 6.2.2 Policies Is there a list for review of potential 9 threats and risks for each business 6.2.2 Policies unit for the BCM Steering committee ? Is the list reviewed by the BCM 10 6.2.2 Policies Steering committee ? Is the list of CBF produced and 11 6.2.2 Policies priortised by the Committee? Is the list of CBF the decision of the 12 6.2.2 Policies Committee ? Are there any discrepancies of the 13 CBF between the Business Unit Head 6.2.2 Policies and the BC team ? 14 Has the CBF been prioritized ? 6.2.2 Policies copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 5 2/23/2011
  • 6. Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is the prioritized list reviewed and 15 approved by the BCM Steering 6.2.2 Policies committee ? Has the recovery prioritization of CBF 16 been done in conjunction with 6.2.2 Policies allocation of resources ? Are there policies to ensure that the 17 MBCO comply with legal and 6.2.3 Policies regulatory requirements ? What is the expertise level of 18 6.2.4 Policies personnel undertaking the BIA ? 19 Does the CBFs support the MBCO ? 6.2.4 Policies What considerations are the priority for 20 analyzing the impact of risk on CBFs ? 6.2.5 Policies Establish and approve the recovery 21 6.2.5 Policies priority with the allocation of resource Is workplace safety and health 22 considerations considered in the 6.2.5 Policies prioritization of the CBFs Are legal and regulatory requirements 23 considered in the prioritization of CBFs 6.2.5 Policies Are quantitative or qualitative impacts 24 considered for the CBF's impact of 6.2.5 Policies risk? Are there processes established to 25 identify different disruptions to the 6.3 Processes business operations and functions ? 26 Are all the individual BU identified by: 6.3.1 Processes Name and description? Processes employed? Supporting systems? Special skills and expertise required? Resource requirements? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 6 2/23/2011
  • 7. Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Are the operational constraints of each 28 6.3.1.1 Processes Business Unit CBFs provided ? Has each BU identify the minimum level of services that must be provided 29 6.3.1.2 Processes to support the organisation 's MCBO Has an assessment of CBFs been 30 6.3.2 Processes done ? Has inter-dependencies been 31 identified for internal and external 6.3.2.1 Processes parties ? Has alternate process been examined 32 6.3.2.2 Processes and documented? Has the documentation done for all the 33 CBF and processes? I.e. SOP, 6.3.2.3 Processes flowcharts, manuals. Have each CBF RTO and RPO been 34 6.3.3 Processes determined ? Are the following areas considered in establishment the CBF priorities? Potential loss impact? Parallels and interdependencies? RTO/RPO? Have the processes for the identification, categorisation and 35 6.3.5 Processes prioritisation of vital records been established for each CBF process? Are the processes for data collection 36 6.3.6 Processes for the BIA phase kept ? Have key personnel been identified for 37 the participation in the Business 6.4 People impact analysis? Are the probable impacts on existing 38 infrastructure identified and assessed? 6.5 Infrastructure copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 7 2/23/2011
  • 8. Standardised Audit Program Business Impact Analysis Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Are the facilities required for each CBF identified? Have the Key personnel participated 39 6.5 Infrastructure and consulted on the BIA? Has an IT inventory for the CBFs 40 6.5.1 Infrastructure completed ? Is the available BC IT inventory able to 41 6.5.1 Infrastructure support the MBCO ? Are the facilities required to support 42 6.5.2 Infrastructure each CBF identified? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 8 2/23/2011
  • 9. Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 What is the scope for Recovery Strategy? 7.1 Scope What are the policies guiding the evaluation of 2 7.2 Policies recovery strategies? Does the BCM Steering committee review and BCM Steering 3 7.2.1 approve recommended BCM strategies? Committee Does the BCM Steering committee formulate the BCM Steering 4 organisational recovery strategy based on probable 7.2.1 Committee disasters and CBFs? Was the strategy formulated based on risks faced by CBFs from one or a combination of the following: a. Revert to alternate processing capability; b. Arrange reciprocal arrangements, e.g. with another organization in the same industry; c. Establish alternate site or business facility; Strategy 5 7.2.2 d. Arrange for alternate source of supply, e.g. of Formulation raw materials; e. Outsource to external vendor(s); f. Transfer of operation(s) to subsidiary business units; g. Rebuild from scratch after disaster; h. Do not take any action. Is a set of guidelines established to guide the Strategy 6 7.2.2 decision making process for the above strategy? Formulation copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 9 2/23/2011
  • 10. Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Does the BCM steering committee undertake the following set of activities based on the feedback from business units with CBFs? a. deliberate on the recovery strategies for various 7 7.3 Processes CBFs and formulate an organisational recovery strategy in conjuction with probable disasters; and b. consolidate recovery requirements based on the organisational recovery strategy into contract specifications Are there processes for a given recovery strategy to determine the following requirements: a. Skill set required by supporting staff; Recovery 8 b. Technology and equipment; 7.3.1 Strategy c. Facilities; Requirements d. Off-site storage and alternate site(s); and e. Alternate processing capabilities. Recovery Were the non-tecnology continuity issues for each 9 7.3.1 Strategy support service of CBFs reviewed? Requirements Recovery Does a set of criteria have been established to Strategy 10 guide the evaluation of the appropriate recovery 7.3.2 Evaluation strategy for each CBF? Criteria copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 10 2/23/2011
  • 11. Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Does the organisation have adequate number of 11 staff with relevant skill set to support the 7.4 People organisational recovery strategy? Does the alternate infrastructure have been 12 examined if the existing infrastructure is indaquate 7.4 People to support the recovery strategy? Does the organisation capable of providing the 13 necessary infrastructure to support the 7.5 Infrastructure organisational recovery strategy? Is there a review of existing technology and Technology and 14 7.5.1 equipment? equipment Does a list of technical specifications for the Technology and 15 7.5.1 technology and equipment have been specified? equipment 16 Have the existing facilities been reviewed? 7.5.2 Facilities Does deliberation on the facilities used to support alternate processing include the following considerations: Alternate 17 a. Acquisitions; 7.5.2.1 Processing b. Mutual agreement; c. Outsource to external vendors; and d. Manual workarounds Does the criteria to guide the selection process of Alternate 18 alternate processing vendors have been 7.5.2.2 facilities established? outsourcing 19 20 21 22 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 11 2/23/2011
  • 12. Standardised Audit Program Strategy Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 23 24 25 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 12 2/23/2011
  • 13. Standardised Audit Program BC Plan Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is policy and process established and documented 1 8.2 Policies to govern the development of BC plans ? Is the BC Plan, and subsequent changes, reviewed 2 8.2.1 Policies and approved by the BCM Steering Committee? Is an Emergency Operations Centre set up and 3 associated conditions for operation and closure 8.2.2 Policies established and the head appointed ? Is policy governing emergency response and the 8.2.5 / 4 priority for actions to be carried out established Policies 8.2.6 and documented ? Are formal processes established for each component of the BC plan to determine their requirements? 5 1) Pre-incident preparation 8.3 Processes 2) Initial damage assessment … 13) BC plan distribution and control Who are the people in the BCM Steering Committee? Are roles and responsibilities established and documented including : 6 8.4.2 ) BCM Coordinator 8.4 People .. .. 8.4.8) Damage assessment team (DAT ) Is procedure established to manage appropriate 8.4.9 / 7 medical attention, assembly area and personnel People 8.4.10 safety ? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 13 2/23/2011
  • 14. Standardised Audit Program BC Plan Clause Component Yes No Specific comments regarding deficiencies/ effectiveness Is contact list for key personnel drawn up and 8 8.4.11 People maintained ? Does the BC plan address the requirements needed to operate and maintain all the 9 infrastructure componenets to ensure that CBFs 8.5 Infrastructure can continue within the planned levels of disruption? Are critical and general equipment / supplies as 10 well as communication requirements established 8.5.1 Infrastructure and documented ? Are EOC as well as alternate site requirements 11 8.5.2 Infrastructure identified and documented ? copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 14 2/23/2011
  • 15. Standardised Audit Program Testing and Exercising Clause Component Yes No Specific comments regarding deficiencies/ effectiveness copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 15 2/23/2011
  • 16. Standardised Audit Program Progamme Management Clause Component Yes No Specific comments regarding deficiencies/ effectiveness 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 copy1ss540auditguide201214rarbiarsplan-110224004807-phpapp01.xlsx 16 2/23/2011