Compliance management system internal auditor (ISO 37301, ISO 19011)
This online course provides the knowledge and skills necessary for conducting an audit of the compliance management systems (CMS) in accordance with the requirements of ISO 37301:2021, ISO 19011:2018.
Training participants will acquire knowledge about the CMS components, learn how to mitigate the risks of interaction with sanctioned persons, what documents are required for the implementation of the CMS and how to continually improve the CMS and its effectiveness, as well as the tasks and roles of internal auditors in the process of planning and conducting audits, reporting, planning and monitoring activities and actions based on the results of audits.
Duration
40 hours
Language
English/Ukrainian
Format
100% online
Objectives
• Understand the principles of the CMS implementation in accordance with the requirements of ISO 37301
• Get a complete understanding of the concepts, approaches, methods and techniques necessary for the effective and efficient management of the CMS
• Acquire knowledge about the identification of risks and opportunities related to the CMS
• Understand the relationship between the CMS and compliance with the requirements of the organization’s interested parties
• Develop the knowledge and skills necessary for advising organizations on best practices for compliance management and internal audit
• Understand the operation of the CMS in accordance with ISO 37301
• Improve the ability to analyze the internal and external environment of the organization and decision-making in the context of the CMS
• Get familiar with all stages of preparing and conducting an internal audit
• Acquire the knowledge necessary for managing the CMS audit team
Target audience
• Internal auditors
• Project managers and consultants who wish to master the CMS audit process
• Members of the CMS implementation team at the enterprise
• Professionals who wish to gain in-depth knowledge of the CMS
• Specialists involved in daily support of the CMS processes
• Students of specialized faculties
Document on completion
CMS internal auditor certificate, listed in the SIC international registry
Evaluation scale
60.0-100.0
0.0-59.9
Complies
Does not comply
Thematic plan
The course program includes 2 modules:
1 Compliance management systems (ISO 37301)
2 Internal audit (ISO 19011)
The program is designed for 40 hours, including time for studying theoretical material and taking tests.
Objectives
Module 1 Compliance management systems (ISO 37301)
Number of hours
|
1.1 |
Foreword. Framework of the standard |
1,5 |
|
1.2 |
Context of the organization |
2,5 |
|
1.3 |
Leadership |
2,5 |
|
1.4 |
Planning |
2,5 |
|
1.5 |
Support |
3 |
|
1.6 |
Operation |
3,5 |
|
1.7 |
Performance evaluation |
2,5 |
|
1.8 |
Improvement |
1 |
|
1.9 |
Examples of documents |
4 |
|
|
Testing |
1 |
Module 2 Internal audit (ISO 19011)
Number of hours
|
2.1 |
Introduction |
1 |
|
2.2 |
General provisions of the standard |
1,5 |
|
2.3 |
Audit program management (AP) |
5 |
|
2.4 |
Performing the audit |
5 |
|
2.5 |
Competence of auditors |
2 |
|
|
Testing |
1 |
Module 1. Detailed content
| 1.1 | Foreword. Framework of the standard |
|
– Introduction – Scope – Terms and definitions |
|
| 1.2 |
Context of the organization – Understanding the organization and its context – Understanding the needs and expectations of interested parties – Determining the scope – Compliance management system – Compliance obligations – Compliance risk assessment |
| 1.3 |
Leadership – Leadership and commitment: • Governing body and top management • Compliance culture and compliance governance – Compliance policy – Roles, responsibilities and authorities: governing body, top management, compliance function, management, personnel |
|
1.4
|
Planning: – Actions to address risks and opportunities – Compliance objectives and planning to achieve them – Planning changes |
| 1.5 |
Support – Resources – Competence: hiring, training – Awareness – Communication – Documented information |
| 1.6 |
Operation: – Operational planning and control – Establishing controls and procedures – Raising concerns – Investigation processes |
| 1.7 |
Performance evaluation – Monitoring, measurement, analysis and evaluation · Sources of feedback on compliance performance · Development of indicators · Compliance reporting and record-keeping – Internal audit – Management review |
| 1.8 |
Improvement – Continual improvement – Nonconformity and corrective action |
| 1.9 |
Examples of documents: – Code of conduct – Compliance policy – Compliance program |
Module 2. Detailed content
| 2.1 |
Introduction: – Audit definition – Classification of audits – Audit criteria – History of the standard |
| 2.2 |
General provisions of the standard: – Structure of the standard – Scope of the standard – Terminology – Principles – Auditor code of ethics |
| 2.3 |
Audit program management (AP): – PDCA – General provisions – AP management process diagram – AP planning – Identification and evaluation of risks and opportunities – Person in charge of the AP – Determining the volume of the AP – AP resources – Carrying out AP – Determining the objectives, scope and criteria for a specific audit – Selecting and determining audit methods – Selecting audit team members – AP records management – AP monitoring – Reviewing and improving the audit program – Unscheduled audits |
|
2.4 |
Performing an audit: – Audit initiation – Preparation for an audit, example of an Audit Plan. – Preparation for an audit, example of an Audit Plan. – Distribution of tasks in an audit team – Preparation of working documents, example of a Checklist – Opening meeting – Exchange of information during audit – Collecting and verifying information: examples of questions, spot check – Preparation of an Audit Report – Preparation of audit conclusions, example of a Statement of Nonconformities – Final meeting – Preparation and distribution of an Audit Report |
| 2.5 |
Competence of auditors: – Competence evaluation stages – Personal qualities – General knowledge and skills – General competence of an Audit Team leader – Maintaining and improving the competence of an auditor |