Business continuity management systems internal auditor

(ISO 22301, ISO 19011)

This online course allows you to gain the knowledge and skills necessary to carry out an internal audit of business continuity management systems (BCMS) based on the ISO 22301:2019, ISO 19011:2018 standards.

Training participants will gain knowledge about various components of the BCMS, including the following: leadership, risk management, necessary procedures, documentation, performance measurement, review by management and continuous development, as well as tasks and roles of internal auditors in the process of planning and carrying out audits, reporting, planning and monitoring activities and actions based on the results of audits.

View Our Work

Duration

36 hours

Language

English/Ukrainian/Russian

Format

100% online

Objectives

• Understand the BCMS implementation principles in accordance with the requirements of ISO 22301

• Get a complete understanding of the concepts, approaches, methods and techniques necessary for the effective management of the BCMS

• Gain knowledge in identifying risks and opportunities associated with the BCMS

• Understand the relationship between the BCMS and compliance with the requirements of various stakeholders of the organization

• Develop the knowledge and skills necessary to advise organizations on the best management and internal audit practices

• Get familiar with all stages of preparing and carrying out an internal audit

• Get the knowledge necessary to manage the BCMS audit team

• Understand the operation of the BCMS in accordance with ISO 22301

• Improve the ability to analyze the internal and external environments of the organization and decision-making in the context of the BCMS

Target audience

• Internal auditors

• Project managers and consultants who wish to become familiar with the BCMS audit process

• Members of the BCMS Implementation Team

• Professionals who wish to gain in-depth knowledge of the BCMS

• Professionals involved in daily maintenance of the BCMS processes

• Students of specialized faculties

Document on completion

BCMS Internal Auditor Certificate, listed in the SIC international register

Evaluation scale

60.0-100.0

0.0-59.9

Complies

Does not comply

Thematic plan

The course program includes 2 modules:

1 Business continuity management systems (ISO 22301)

2 Internal audit (ISO 19011)

The program is designed for 21 hours, including time for studying theoretical material and taking tests.

Objectives

Module 1 Business continuity management systems (ISO 22301)

Number of hours

1.1	Introduction	1,5
1.2	General provisions of the standard	2
1.3	Organization context	2
1.4	Leadership	2
1.5	Planning	2
1.6	Support	1,5
1.7	Functioning	5
1.8	Performance evaluation	2,5
1.9	Improvement	1
	Testing	1

Module 2 Internal audit (ISO 19011)

Number of hours

1.1	Introduction	1,5
1.2	General provisions of the standard	2
1.3	Organization context	2
1.4	Leadership	2
1.5	Planning	2
1.6	Provision (resources)	1,5
1.7	Functioning	5
1.8	Performance evaluation	2,5
1.9	Improvement	1
	Testing	1

Module 1. Detailed content

1.1

Introduction:

– Preface

– Benefits of the BCMS implementation

– ISO 22301 structure in PDCA format

1.2

General provisions of the standard:

– Structure of the standard

– Scope of the standard

– Terminology

1.3

Organization context:

– Understanding the organization and its context, examples

– Understanding the needs and expectations of stakeholders, Form of Stakeholder Expectation Assessment Protocol (Example)

– Determining the scope of the BCMS, registration of the BCMS scope (example)

– BCMS and its processes

1.4

Leadership:

– Leadership and obligations

– BC policy

– Functions, responsibilities and authorities

1.5

Planning:

– Actions on risk treatment and identification of opportunities, examples

– Business continuity objectives

1.6

Provision (resources):

– Resources

– Competence

– Awareness

– Communications

– Documented information

1.7

Functioning:

– Operational planning and management

– Business impact analysis and risk assessment

– Strategies and solutions for ensuring business continuity

– Plans and procedures for ensuring business continuity

– Training program

– Assessment of documentation and opportunities for ensuring business continuity

1.8

Performance evaluation:

– Monitoring, measurement, review and evaluation

– Internal audit

– Review by management

1.9

Improvement:

– Nonconformities and corrective actions

– Continuous improvement

Module 2. Detailed content

2.1

Introduction:

– Audit definition

– Classification of audits

– Audit criteria

– History of the standard

2.2

General provisions of the standard:

– Structure of the standard

– Scope of the standard

– Terminology

– Principles

– Auditor code of ethics

2.3

Audit program management (AP):

– PDCA

– General provisions

– AP management process diagram

– AP planning

– Identification and evaluation of risks and opportunities

– Person in charge of the AP

– Determining the volume of the AP

– AP resources

– Carrying out AP

– Determining the objectives, scope and criteria for a specific audit

– Selecting and determining audit methods

– Selecting audit team members

– AP records management

– AP monitoring

– Reviewing and improving the audit program

– Unscheduled audits

2.4

Performing an audit:

– Audit initiation

– Preparation for an audit, example of an Audit Plan.

– Distribution of tasks in an audit team

– Preparation of working documents, example of a Checklist

– Opening meeting

– Exchange of information during audit

– Collecting and verifying information: examples of questions, spot check

– Preparation of an Audit Report

– Preparation of audit conclusions, example of a Statement of Nonconformities

– Final meeting

– Preparation and distribution of an Audit Report

2.5

Competence of auditors:

– Competence evaluation stages

– Personal qualities

– General knowledge and skills

– General competence of an Audit Team leader

– Maintaining and improving the competence of an auditor