Preparedness, LLC
info@preparednessllc.com
781.784.0672
Program Reviews & Management System Auditing
Achieving resilience is a never-ending journey. Without adequate navigation and course correction, it could be far off course.
Auditing is like a navigation system. When properly done, it is a value-adding consulting activity. It can identify gaps that, if not addressed, could compromise effectiveness. It may also identify opportunities to enhance efficiency. Auditing is essential to continuous improvement and may be required for compliance.
Every organization can benefit from conducting a standards-based audit of its preparedness programs. With many teams operating at multiple levels and even within the same level of an organization, there is a need to assess the coordination and effectiveness of plans and capabilities.
Program review, assessment, evaluation, or audit. NFPA 1600 and NFPA 1660 call for program reviews: “The entity shall maintain and improve the program by evaluating its policies, program, procedures, and capabilities using performance objectives.” ISO 22301 prescribes: “The organization shall conduct internal audits at planned intervals to determine … whether the BCMS [business continuity management system] conforms to the organization’s own requirements … and [ISO 22301] … and is effectively implemented and maintained.”
Terminology varies by standard or practice. The Insitute of Internal Auditors defines an audit as “independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” ISO defines an audit as “a systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”
There are important questions to be answered when planning an audit:
- What are the objectives?
- What is the scope?
- What criteria will be used to evaluate evidence?
Assessing compliance with regulations, corporate standards, and contractual requirements is common. The scope of these audits would include those facilities or operations subject to the requirements. Applicable regulations and contracts would be the criteria to assess compliance.
Organizations seeking to enhance resilience or gain an in-depth understanding the effectiveness of preparedness programs (e.g., incident management, business continuity, and crisis management) have much to consider. Protection of life, property, operations, relationships with stakeholders, and the reputation and financial standing of the organization are objectives.
The potential scope of this audit is wide and deep. Priorities may be those operations that generate the highest revenue, profitability, or growth. Other priorities may include those facilities with the highest employee population, most valuable physical assets, or most significant exposure to hazard or operational risk. The audit team must have expertise in auditing—especially audit planning and management, knowledge of the programs within scope, applicable regulations, standards, and practices, and the industry.
Criteria for these audits should be a combination of international standards, company standards, professional practices, and regulations that cover the audit scope.
Our Services
Preparedness, LLC has decades of experience auditing in most major industries. We've helped write the two leading preparedness standards used as audit criteria. We are professionally certified as a business continuity lead auditor, and we teach auditing of preparedness programs for professionals seeking certification.
We can assess the adequacy and implementation of corporate policies, standards, and procedures for risk assessment, business impact analysis, prevention/deterrence, mitigation, incident management, communications, continuity, and recovery.
We conduct audits for organizations preparing for certification to one of the recognized international standards and surveillance audits required of organizations that have been certified. We also conduct audits to prepare organizations for second-party audits conducted by their customers.
We use international standards NFPA 1600/1660, ISO 22301, and DRI's Professional Practices, and other applicable standards and practices as criteria. We follow the auditing practices of the Institute of Internal Auditors and ISO 17021-6.
Our audits bring decades of experience to deliver in-depth assessments of preparedness programs and provide detailed guidance for improvement. Our reports provide a clear picture of program strengths and weaknesses along with findings and recommendations.
We welcome engaging in a dialog to help you determine the scope of an audit to accomplish your objectives. We can discuss the components of the program that will be audited (e.g., emergency operations, business continuity, crisis management, etc.); facilities to survey (e.g., a critical, or high-hazard facility); the persons with responsibility for aspects of the program to interview; and program documentation to review. Together we can design an audit that best meets your objectives.
Free Resources
Click an image below to view and download the resource to assess your capabilities. Be sure to check out our Preparedness Bulletins, review of standards, and compilation of links to internet resources.
Chek out our
Preparedness Bulletins, they offer in-depth guidance into the development, implementation, and evaluation of emergency management, business continuity, and crisis management programs.