What is the objective of this book?
The objective of this book is to provide the fundamental audit concepts and principles and the most important phases in the audit of a BCMS in compliance with ISO 19011 and ISO/IEC 17021-1. It aims to enable readers to understand the role of an auditor in planning, leading, and following up on a BCMS audit. This book can be used as a tool when conducting a BCMS audit. This book does not by any means replace the PECB ISO 22301 Lead Auditor training course. The best and most efficient way to audit a BCMS in compliance with ISO 19011 and the certification process according to ISO/IEC 17021-1 is to attend the PECB ISO 22301 Lead Auditor training course, which can be found:
About the book
This book contains nine chapters. The first chapter provides basic information about business continuity, management system standards, business continuity management system standards and its benefits, the structure of ISO 22301, and the fundamental principles of business continuity.
Chapter 2 covers the main audit concepts and principles. It explains the audit as a process, audit types, and the parties involved during an audit. In addition, this chapter provides information on audit objectives and audit criteria.
Chapter 3 addresses the evidence-based auditing. It lists the types of audit evidence that can be collected during an audit. It also provides information on the quality and reliability of the types of audit evidence. Moreover, this chapter covers the audit approach based on risk, where the concept of materiality during the audit of a management system is explained.
Chapter 4 discusses the initiation of the audit process. It outlines the steps to demonstrate how an audit process is initiated. The steps discussed in this chapter include receiving an audit offer, appointing the audit team leader and other audit team members, determining the audit feasibility, accepting the audit, establishing contact with the auditee, and defining the audit schedule.
Chapter 5 presents the stage 1 audit, including its objectives and steps. Furthermore, it provides information on how to prepare for and conduct on-site activities and, among other things, reviewing documented information and their types.
Chapter 6 explains the stage 2 audit, including the planning of the stage 2 audit, assigning the work to the audit team, preparing the audit test plans, and preparing the documented information for the stage 2 audit.
Chapter 7 addresses audit communication and audit conclusions. Moreover, it provides details on the methods of collecting and analyzing information, such as interviews, documented information review, observation, analysis, sampling, technical verification, corroboration, and evaluation.
Chapter 8 describes the closing of the audit. It provides information on determining and drafting the audit conclusions, and the importance of conducting the closing meeting. In addition, it addresses the preparation and distribution of the audit report, and the completion of the audit once the certification decision is made, including the submission and evaluation of action plans.
Chapter 9 discusses conducting the audit follow-up and the surveillance activities, and conducting and planning the recertification audit.