“Sshh ... the auditors coming!!”
Author: Andrew Protheroe
“Sshh ... the auditors coming!!”
This, alongside ‘We’re preparing for an audit!’, or ‘Just answer the question, don’t offer other information!’, always makes me chuckle when said in jest - surely no one would really mean it?!
For me, a robust, risk based internal audit program is one of, if not thee, most important component of risk management - whether it be security, H&S, environment, quality or HR.
From experience, some of the biggest ball-drops I’ve witnessed could never have happened if an audit program was in place. Whilst it could never uncover every problem - if done competently & focussed on critical functions or processes, then there’s far more chance of identifying issues that are often ‘hiding in plain site’.
This week I’ve audited in Somalia for MSS Global which includes ISO18788, a standard that provides a framework for a security operations management system (SOMS).
If you don’t have a robust internal audit program, don’t be surprised if something you think you’ve got covered goes wrong - sometimes spectacularly.
“Don’t trust it, TEST IT”
- Audit -
A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled’
