Skip to main content icon/video/no-internet

Auditing may be defined as the systematic evaluation of a system, function, task, or organization according to established and measurable standards and criteria. Accepted industry practices for business continuity have long included auditing of the areas of safety, security, and emergency preparedness for compliance with requirements both internal and external. Crisis management, as a subset of safety, security, and emergency preparedness, can reap many benefits from a rigorous and regular auditing program to establish the state of preparedness and the effectiveness of procedures, policies, programs, and processes and to provide corrective action where noncompliances or deficiencies are noted so that remedial measures may be put into place prior to failure in implementation.

Purpose of Audits

Auditing is part of preparedness. Clearly, prevention is the highest form of crisis management, and auditing to ensure that preventive measures are in place, as well as responsive measures, is a primary concern in assuring that any organization, jurisdiction, or agency is as well prepared for crisis as possible.

Audits can be performed to meet external requirements for assessment, or they can be an internal process designed to measure an agency's ability to meet its own requirements for preparedness and recovery. Sometimes both external and internal audits are mutually required, with the external audit assessing the efficacy of the internal audit as a measure of quality assurance.

Management Audits

There are several different approaches that may be adopted for the purpose of auditing plans, programs, and procedures for crisis management. Compliance audits measure the implementation of written manuals, procedures, and work instructions, and this is most certainly an effective method of measuring preparedness and response in crisis management. However, management audits make additional analyses of the agency's documents, processes, and activities to focus on results. This is a process that evaluates not just the existence of procedures, programs, and processes but also the effectiveness and suitability of these controls (in this case, to address adverse events that will result in crises that can reasonably be foreseen to occur for the agency, organization, or jurisdiction). It may include reviews and evaluation of methodology and approach. Management audits are compliance audits that additionally employ cause-and-effect analysis. Their evaluation methodology provides the opportunity to identify hazards or failures that occur in chains of events, not simply in one step of the process. For this reason, it is a more effective approach to auditing for critical processes, including crisis management.

The outcome to be considered is the ability to manage adverse events and to recover in an effective and efficient manner. The auditor(s) should ensure that careful review of processes and protocols is performed to ensure that the interrelationships can be adequately explored through the audit process.

Systems Approach

It is well established that effective management of crises is an interdependent process; many agencies, departments, and organizations work together to maximize response and recovery, and in essence, the discrete organizations become a system during crisis management. Auditing of preparedness for crises must take into account and evaluate the interactions between these critical partners. Interdepartmental and interagency communications protocols are critical elements of preparedness and should be well documented and exercised as well as included in the audit process.

...

  • Loading...
locked icon

Sign in to access this content

Get a 30 day FREE TRIAL

  • Watch videos from a variety of sources bringing classroom topics to life
  • Read modern, diverse business cases
  • Explore hundreds of books and reference titles

Sage Recommends

We found other relevant content for you on other Sage platforms.

Loading