Internal Audit

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to: navigation, search
1. Internal Audit is an ongoing internal independent and objective appraisal of the organization’s operational activity in accordance to the BCMS requirement.


Notes: During an internal audit, internal auditors will evaluate and monitor a organization’s risk management, reporting, and control practices and make suggestions for improvement.

BCMBoK Competency Level
BCMBoK 7: Program Management CL 2A: Intermediate (Audit)



A Manager's Guide to Auditing and Reviewing Your Business Continuity Management Program (2009) BUY!


Courses: ISO 22301 BCMS Audit

Courses: BCM Certification

(Source: Business Continuity Management Institute - BCM Institute)

2. Information required to be controlled and maintained by an organization and the medium on which it is contained.

Note : In many cases, particularly in smaller organizations, independence can be demonstrate by the freedom from responsibility for the activity being audited.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.22

3. Audit conducted by, or on behalf of, the organization itself for management review and other internal purpose, and which might form the basis for an organization’s self declaration on conformity.

(Source: AE/HSC/NCEMA 7000:2012)

4. Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

(Source: AS/NZS 5050.3 Australian and New Zealand Standards for business continuity management.

Part 3: Business continuity management audit and assurance standard)


5. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

(Source: http://www.theiia.org Institute of Internal Auditors)


6. Internal Audit is a systematic investigation of the intent, implementation and effectiveness of selected aspects of the systems of an organization or one or more of its departments.

(Source: hhtp://elsmar.com)